diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2023-09-05 19:47:13 +0200 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-09-20 18:10:32 +0000 |
| commit | a1aeb9b34eb6b8f469bbd66b9cd1c9d905cb3714 (patch) | |
| tree | 44ef3c41d608ab4d22e72a27d62ff9226e86ea77 | |
| parent | 28c53ff63c09fc7df7793600caa30989bc69e194 (diff) | |
| download | go-x-crypto-a1aeb9b34eb6b8f469bbd66b9cd1c9d905cb3714.tar.xz | |
ssh: add test cases for compatibility with old (buggy) clients
Improved test cases for CL 506835.
Change-Id: If4a98ae4a7b39d2e59b203d10080b71283e1a80e
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525735
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
| -rw-r--r-- | ssh/client_auth_test.go | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/ssh/client_auth_test.go b/ssh/client_auth_test.go index 16d4113..bf0aa1f 100644 --- a/ssh/client_auth_test.go +++ b/ssh/client_auth_test.go @@ -1234,3 +1234,51 @@ func TestPublicKeyAndAlgoCompatibility(t *testing.T) { t.Error("cert login passed with incompatible public key type and algorithm") } } + +func TestClientAuthGPGAgentCompat(t *testing.T) { + clientConfig := &ClientConfig{ + User: "testuser", + HostKeyCallback: InsecureIgnoreHostKey(), + Auth: []AuthMethod{ + // algorithm rsa-sha2-512 and signature format ssh-rsa. + configurablePublicKeyCallback{ + signer: testSigners["rsa"].(AlgorithmSigner), + signatureAlgo: KeyAlgoRSASHA512, + signatureFormat: KeyAlgoRSA, + }, + }, + } + if err := tryAuth(t, clientConfig); err != nil { + t.Fatalf("unable to dial remote side: %s", err) + } +} + +func TestCertAuthOpenSSHCompat(t *testing.T) { + cert := &Certificate{ + Key: testPublicKeys["rsa"], + ValidBefore: CertTimeInfinity, + CertType: UserCert, + } + cert.SignCert(rand.Reader, testSigners["ecdsa"]) + certSigner, err := NewCertSigner(cert, testSigners["rsa"]) + if err != nil { + t.Fatalf("NewCertSigner: %v", err) + } + + clientConfig := &ClientConfig{ + User: "user", + HostKeyCallback: InsecureIgnoreHostKey(), + Auth: []AuthMethod{ + // algorithm ssh-rsa-cert-v01@openssh.com and signature format + // rsa-sha2-256. + configurablePublicKeyCallback{ + signer: certSigner.(AlgorithmSigner), + signatureAlgo: CertAlgoRSAv01, + signatureFormat: KeyAlgoRSASHA256, + }, + }, + } + if err := tryAuth(t, clientConfig); err != nil { + t.Fatalf("unable to dial remote side: %s", err) + } +} |