From cbf61203185255a5851c7f949f43965ce474102f Mon Sep 17 00:00:00 2001
From: Markus Friedl <mfriedl@gmail.com>
Date: Tue, 21 Feb 2012 02:45:37 +0100
Subject: [PATCH] add a kex unit test

---
 unittests/Makefile       |   2 +-
 unittests/kex/Makefile   |   8 ++
 unittests/kex/test_kex.c | 171 +++++++++++++++++++++++++++++++++++++++
 unittests/kex/tests.c    |  14 ++++
 4 files changed, 194 insertions(+), 1 deletion(-)
 create mode 100644 unittests/kex/Makefile
 create mode 100644 unittests/kex/test_kex.c
 create mode 100644 unittests/kex/tests.c

diff --git a/unittests/Makefile b/unittests/Makefile
index f0bb4e0..c560a8d 100644
--- a/unittests/Makefile
+++ b/unittests/Makefile
@@ -1,5 +1,5 @@
 #	$OpenBSD$
 
-SUBDIR=	test_helper sshbuf sshkey
+SUBDIR=	test_helper sshbuf sshkey kex
 
 .include <bsd.subdir.mk>
diff --git a/unittests/kex/Makefile b/unittests/kex/Makefile
new file mode 100644
index 0000000..918c7f0
--- /dev/null
+++ b/unittests/kex/Makefile
@@ -0,0 +1,8 @@
+#	$OpenBSD$
+
+PROG=test_kex
+SRCS=tests.c test_kex.c
+LDADD=-lz
+
+.include <bsd.regress.mk>
+
diff --git a/unittests/kex/test_kex.c b/unittests/kex/test_kex.c
new file mode 100644
index 0000000..8ff1f3b
--- /dev/null
+++ b/unittests/kex/test_kex.c
@@ -0,0 +1,171 @@
+/* 	$OpenBSD$ */
+/*
+ * Regress test KEX
+ *
+ * Placed in the public domain
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_helper.h"
+
+#include "err.h"
+#include "ssh_api.h"
+#include "packet.h"
+#include "myproposal.h"
+
+void kex_tests(void);
+static int do_debug = 0;
+
+static int
+do_send_and_receive(struct ssh *from, struct ssh *to)
+{
+	u_char type;
+	u_int len;
+	char *buf;
+	int r;
+
+	for (;;) {
+		if ((r = ssh_packet_next(from, &type)) != 0) {
+			fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r));
+			return r;
+		}
+		if (type != 0)
+			return 0;
+		buf = ssh_output_ptr(from, (u_int *)&len);
+		if (do_debug)
+			printf("%u", len);
+		if (len == 0)
+			return 0;
+		if ((r = ssh_output_consume(from, len)) != 0 ||
+		    (r = ssh_input_append(to, buf, len)) != 0)
+			return r;
+	}
+}
+
+static void
+run_kex(struct ssh *client, struct ssh *server)
+{
+	int r = 0;
+
+	while (!server->kex->done || !client->kex->done) {
+		if (do_debug)
+			printf(" S:");
+		if ((r = do_send_and_receive(server, client)))
+			break;
+		if (do_debug)
+			printf(" C:");
+		if ((r = do_send_and_receive(client, server)))
+			break;
+	}
+	if (do_debug)
+		printf("done: %s\n", ssh_err(r));
+	ASSERT_INT_EQ(r, 0);
+	ASSERT_INT_EQ(server->kex->done, 1);
+	ASSERT_INT_EQ(client->kex->done, 1);
+}
+
+static void
+do_kex_with_key(char *kex, int key_type, int bits)
+{
+	struct ssh *client = NULL, *server = NULL, *server2 = NULL;
+	struct sshkey *private, *public;
+	struct sshbuf *state;
+	struct kex_params kex_params;
+
+	TEST_START("sshkey_generate");
+	ASSERT_INT_EQ(sshkey_generate(key_type, bits, &private), 0);
+	TEST_DONE();
+
+	TEST_START("sshkey_from_private");
+	ASSERT_INT_EQ(sshkey_from_private(private, &public), 0);
+	TEST_DONE();
+
+	TEST_START("ssh_init");
+	memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
+	if (kex != NULL)
+		kex_params.proposal[PROPOSAL_KEX_ALGS] = kex;
+	ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
+	ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
+	ASSERT_PTR_NE(client, NULL);
+	ASSERT_PTR_NE(server, NULL);
+	TEST_DONE();
+
+	TEST_START("ssh_add_hostkey");
+	ASSERT_INT_EQ(ssh_add_hostkey(server, private), 0);
+	ASSERT_INT_EQ(ssh_add_hostkey(client, public), 0);
+	TEST_DONE();
+
+	TEST_START(kex);
+	run_kex(client, server);
+	TEST_DONE();
+
+	TEST_START("rekeying client");
+	ASSERT_INT_EQ(kex_send_kexinit(client), 0);
+	run_kex(client, server);
+	TEST_DONE();
+
+	TEST_START("rekeying server");
+	ASSERT_INT_EQ(kex_send_kexinit(server), 0);
+	run_kex(client, server);
+	TEST_DONE();
+
+	TEST_START("ssh_packet_get_state");
+	state = sshbuf_new();
+	ASSERT_PTR_NE(state, NULL);
+	ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
+	ASSERT_INT_GE(sshbuf_len(state), 1);
+	TEST_DONE();
+
+	TEST_START("ssh_packet_set_state");
+	server2 = NULL;
+	ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
+	ASSERT_PTR_NE(server2, NULL);
+	ASSERT_INT_EQ(ssh_add_hostkey(server2, private), 0);
+	ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
+	ASSERT_INT_EQ(sshbuf_len(state), 0);
+	sshbuf_free(state);
+	ASSERT_PTR_NE(server->kex, NULL);
+	ASSERT_PTR_NE(server2->kex, NULL);
+	/* XXX we need to set the callbacks */
+	server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+	server2->kex->load_host_public_key= server->kex->load_host_public_key;
+	server2->kex->load_host_private_key= server->kex->load_host_private_key;
+	TEST_DONE();
+
+	TEST_START("rekeying server2");
+	ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
+	run_kex(client, server2);
+	ASSERT_INT_EQ(kex_send_kexinit(client), 0);
+	run_kex(client, server2);
+	TEST_DONE();
+}
+
+static void
+do_kex(char *kex)
+{
+	do_kex_with_key(kex, KEY_RSA, 2048);
+	do_kex_with_key(kex, KEY_DSA, 1024);
+	do_kex_with_key(kex, KEY_ECDSA, 256);
+}
+
+void
+kex_tests(void)
+{
+	do_kex("ecdh-sha2-nistp256");
+	do_kex("ecdh-sha2-nistp384");
+	do_kex("ecdh-sha2-nistp521");
+	do_kex("diffie-hellman-group-exchange-sha256");
+	do_kex("diffie-hellman-group-exchange-sha1");
+	do_kex("diffie-hellman-group14-sha1");
+	do_kex("diffie-hellman-group1-sha1");
+}
diff --git a/unittests/kex/tests.c b/unittests/kex/tests.c
new file mode 100644
index 0000000..3fad51e
--- /dev/null
+++ b/unittests/kex/tests.c
@@ -0,0 +1,14 @@
+/* 	$OpenBSD$ */
+/*
+ * Placed in the public domain
+ */
+
+#include "test_helper.h"
+
+void kex_tests(void);
+
+void
+tests(void)
+{
+	kex_tests();
+}