Skip to content

Commit 367dd5a

Browse files
yosuke-wolfsslyosuke-wolfssl
committed
Add regress test for DoKexDhReply
1 parent c9b8d19 commit 367dd5a

1 file changed

Lines changed: 39 additions & 3 deletions

File tree

tests/regress.c

Lines changed: 39 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -749,8 +749,8 @@ static void FreeKexReplyHarness(KexReplyHarness* harness)
749749
}
750750
}
751751

752-
static void InitKexReplyHarness(KexReplyHarness* harness,
753-
const char* keyAlgo, byte mutateReply)
752+
static void InitKexReplyHarnessEx(KexReplyHarness* harness,
753+
const char* keyAlgo, byte mutateReply, byte skipPublicKeyCheck)
754754
{
755755
byte keyBuf[2048];
756756
word32 keySz;
@@ -781,7 +781,9 @@ static void InitKexReplyHarness(KexReplyHarness* harness,
781781

782782
wolfSSH_SetUserAuth(harness->clientCtx, RegressionClientUserAuth);
783783
wolfSSH_SetUserAuth(harness->serverCtx, RegressionServerUserAuth);
784-
wolfSSH_CTX_SetPublicKeyCheck(harness->clientCtx, AcceptAnyServerHostKey);
784+
if (!skipPublicKeyCheck) {
785+
wolfSSH_CTX_SetPublicKeyCheck(harness->clientCtx, AcceptAnyServerHostKey);
786+
}
785787

786788
keySz = LoadFileBuffer(REGRESS_SERVER_KEY_PATH, keyBuf, sizeof(keyBuf));
787789
AssertTrue(keySz > 0);
@@ -802,6 +804,12 @@ static void InitKexReplyHarness(KexReplyHarness* harness,
802804
WS_SUCCESS);
803805
}
804806

807+
static void InitKexReplyHarness(KexReplyHarness* harness,
808+
const char* keyAlgo, byte mutateReply)
809+
{
810+
InitKexReplyHarnessEx(harness, keyAlgo, mutateReply, 0);
811+
}
812+
805813
static int IsHandshakeRetryable(int err)
806814
{
807815
return err == WS_WANT_READ || err == WS_WANT_WRITE ||
@@ -903,6 +911,33 @@ static void TestKexDhReplyRejectsRsaSha2_512SigNameDowngrade(void)
903911
}
904912
#endif
905913

914+
static void AssertHandshakeRejectsWithNoPublicKeyCheck(const char* keyAlgo)
915+
{
916+
KexReplyHarness harness;
917+
KexReplyRunResult result;
918+
919+
InitKexReplyHarnessEx(&harness, keyAlgo, 0, 1 /* skipPublicKeyCheck */);
920+
RunKexReplyHandshake(&harness, &result);
921+
922+
AssertFalse(result.clientSuccess);
923+
AssertTrue(result.clientRet == WS_FATAL_ERROR);
924+
AssertTrue(result.clientErr != WS_WANT_READ && result.clientErr != WS_WANT_WRITE);
925+
AssertIntEQ(result.clientErr, WS_PUBKEY_REJECTED_E);
926+
AssertFalse(harness.client->connectState >= CONNECT_KEYED);
927+
928+
FreeKexReplyHarness(&harness);
929+
}
930+
931+
static void TestKexDhReplyRejectsNoPublicKeyCheck(void)
932+
{
933+
#ifndef WOLFSSH_NO_RSA_SHA2_256
934+
AssertHandshakeRejectsWithNoPublicKeyCheck("rsa-sha2-256");
935+
#endif
936+
#ifndef WOLFSSH_NO_RSA_SHA2_512
937+
AssertHandshakeRejectsWithNoPublicKeyCheck("rsa-sha2-512");
938+
#endif
939+
}
940+
906941
#endif /* KEXDH_REPLY_REGRESS_KEX_ALGO */
907942

908943
static void AssertChannelOpenFailResponse(const ChannelOpenHarness* harness,
@@ -1667,6 +1702,7 @@ int main(int argc, char** argv)
16671702
#ifndef WOLFSSH_NO_RSA_SHA2_512
16681703
TestKexDhReplyRejectsRsaSha2_512SigNameDowngrade();
16691704
#endif
1705+
TestKexDhReplyRejectsNoPublicKeyCheck();
16701706
#endif
16711707

16721708
#ifdef WOLFSSH_SFTP

0 commit comments

Comments
 (0)