| // Copyright 2023 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package ssh |
| |
| import ( |
| "testing" |
| ) |
| |
| func TestClientAuthRestrictedPublicKeyAlgos(t *testing.T) { |
| for _, tt := range []struct { |
| name string |
| key Signer |
| wantError bool |
| }{ |
| {"rsa", testSigners["rsa"], false}, |
| {"dsa", testSigners["dsa"], true}, |
| {"ed25519", testSigners["ed25519"], true}, |
| } { |
| c1, c2, err := netPipe() |
| if err != nil { |
| t.Fatalf("netPipe: %v", err) |
| } |
| defer c1.Close() |
| defer c2.Close() |
| serverConf := &ServerConfig{ |
| PublicKeyAuthAlgorithms: []string{KeyAlgoRSASHA256, KeyAlgoRSASHA512}, |
| PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) { |
| return nil, nil |
| }, |
| } |
| serverConf.AddHostKey(testSigners["ecdsap256"]) |
| |
| done := make(chan struct{}) |
| go func() { |
| defer close(done) |
| NewServerConn(c1, serverConf) |
| }() |
| |
| clientConf := ClientConfig{ |
| User: "user", |
| Auth: []AuthMethod{ |
| PublicKeys(tt.key), |
| }, |
| HostKeyCallback: InsecureIgnoreHostKey(), |
| } |
| |
| _, _, _, err = NewClientConn(c2, "", &clientConf) |
| if err != nil { |
| if !tt.wantError { |
| t.Errorf("%s: got unexpected error %q", tt.name, err.Error()) |
| } |
| } else if tt.wantError { |
| t.Errorf("%s: succeeded, but want error", tt.name) |
| } |
| <-done |
| } |
| } |
| |
| func TestNewServerConnValidationErrors(t *testing.T) { |
| c1, c2, err := netPipe() |
| if err != nil { |
| t.Fatalf("netPipe: %v", err) |
| } |
| defer c1.Close() |
| defer c2.Close() |
| |
| serverConf := &ServerConfig{ |
| PublicKeyAuthAlgorithms: []string{CertAlgoRSAv01}, |
| } |
| _, _, _, err = NewServerConn(c1, serverConf) |
| if err == nil { |
| t.Fatal("NewServerConn with invalid public key auth algorithms succeeded") |
| } |
| serverConf = &ServerConfig{ |
| Config: Config{ |
| KeyExchanges: []string{kexAlgoDHGEXSHA256}, |
| }, |
| } |
| _, _, _, err = NewServerConn(c1, serverConf) |
| if err == nil { |
| t.Fatal("NewServerConn with unsupported key exchange succeeded") |
| } |
| } |