diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2023-12-09 14:25:29 +0100 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-05-15 10:47:05 -0700 |
| commit | ebc8e463153182e44695bfc4e4ae8cfdc00aa86d (patch) | |
| tree | fe78f8cdaf06749d0c05819a9c118a37ec309e4c /ssh/test | |
| parent | e944286e33103542b8b53277b95c38394976493f (diff) | |
| download | go-x-crypto-ebc8e463153182e44695bfc4e4ae8cfdc00aa86d.tar.xz | |
ssh: add server side support for Diffie Hellman Group Exchange
We add this support for the following reasons:
- We are planning to expose recommended (secure) vs. supported (works,
not necessarily recommended) algorithms. The DHGEX kex is currently
only exposed as a client-side kex. To simplify the calling convention
for this follow-on, we expose the server side too.
- Some clients are quite inflexible with reference to kex algorithms
choice, for example they offer:
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
therefore DHGEX helps interoperability.
We do not recommend the DHGEX kex as a whole:
- the negotiation requires an extra round trip
- the server must generate parameters (slow) or hardcode them, which
defeats the security benefit over traditional DH.
In this implementation we hardcode sending Oakley Group 14, Oakley
Group 15 or Oakley Group 16 based on the requested max size.
Users that are concerned with security of classical DH kex should
migrate to kex based on EC or Ed25519.
Fixes golang/go#54743
Change-Id: I127822e90efc36821af4aca679931f40a2023021
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/532415
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'ssh/test')
| -rw-r--r-- | ssh/test/sshcli_test.go | 77 |
1 files changed, 66 insertions, 11 deletions
diff --git a/ssh/test/sshcli_test.go b/ssh/test/sshcli_test.go index ac2f7c1..6648067 100644 --- a/ssh/test/sshcli_test.go +++ b/ssh/test/sshcli_test.go @@ -34,23 +34,29 @@ func sshClient(t *testing.T) string { return sshCLI } +// setupSSHCLIKeys writes the provided key files to a temporary directory and +// returns the path to the private key. +func setupSSHCLIKeys(t *testing.T, keyFiles map[string][]byte, privKeyName string) string { + tmpDir := t.TempDir() + for fn, content := range keyFiles { + if err := os.WriteFile(filepath.Join(tmpDir, fn), content, 0600); err != nil { + t.Fatalf("WriteFile(%q): %v", fn, err) + } + } + return filepath.Join(tmpDir, privKeyName) +} + func TestSSHCLIAuth(t *testing.T) { if runtime.GOOS == "windows" { t.Skipf("always fails on Windows, see #64403") } sshCLI := sshClient(t) - dir := t.TempDir() - keyPrivPath := filepath.Join(dir, "rsa") - - for fn, content := range map[string][]byte{ - keyPrivPath: testdata.PEMBytes["rsa"], - keyPrivPath + ".pub": ssh.MarshalAuthorizedKey(testPublicKeys["rsa"]), - filepath.Join(dir, "rsa-cert.pub"): testdata.SSHCertificates["rsa-user-testcertificate"], - } { - if err := os.WriteFile(fn, content, 0600); err != nil { - t.Fatalf("WriteFile(%q): %v", fn, err) - } + keyFiles := map[string][]byte{ + "rsa": testdata.PEMBytes["rsa"], + "rsa.pub": ssh.MarshalAuthorizedKey(testPublicKeys["rsa"]), + "rsa-cert.pub": testdata.SSHCertificates["rsa-user-testcertificate"], } + keyPrivPath := setupSSHCLIKeys(t, keyFiles, "rsa") certChecker := ssh.CertChecker{ IsUserAuthority: func(k ssh.PublicKey) bool { @@ -98,3 +104,52 @@ func TestSSHCLIAuth(t *testing.T) { t.Fatalf("user certificate authentication failed, error: %v, command output %q", err, string(out)) } } + +func TestSSHCLIKeyExchanges(t *testing.T) { + if runtime.GOOS == "windows" { + t.Skipf("always fails on Windows, see #64403") + } + sshCLI := sshClient(t) + keyFiles := map[string][]byte{ + "rsa": testdata.PEMBytes["rsa"], + "rsa.pub": ssh.MarshalAuthorizedKey(testPublicKeys["rsa"]), + } + keyPrivPath := setupSSHCLIKeys(t, keyFiles, "rsa") + + keyExchanges := append(ssh.SupportedAlgorithms().KeyExchanges, ssh.InsecureAlgorithms().KeyExchanges...) + for _, kex := range keyExchanges { + t.Run(kex, func(t *testing.T) { + config := &ssh.ServerConfig{ + Config: ssh.Config{ + KeyExchanges: []string{kex}, + }, + PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { + if conn.User() == "testpubkey" && bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) { + return nil, nil + } + + return nil, fmt.Errorf("pubkey for %q not acceptable", conn.User()) + }, + } + config.AddHostKey(testSigners["rsa"]) + + server, err := newTestServer(config) + if err != nil { + t.Fatalf("unable to start test server: %v", err) + } + defer server.Close() + + port, err := server.port() + if err != nil { + t.Fatalf("unable to get server port: %v", err) + } + + cmd := testenv.Command(t, sshCLI, "-vvv", "-i", keyPrivPath, "-o", "StrictHostKeyChecking=no", + "-o", fmt.Sprintf("KexAlgorithms=%s", kex), "-p", port, "testpubkey@127.0.0.1", "true") + out, err := cmd.CombinedOutput() + if err != nil { + t.Fatalf("%s failed, error: %v, command output %q", kex, err, string(out)) + } + }) + } +} |