summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2019-06-21 20:16:58 -0400
committerJeff Forcier <jeff@bitprophet.org>2019-06-21 20:37:53 -0400
commit4aecbe2f9bb150a25e564cc47a556da8849305c6 (patch)
tree2b935dc293bd4a1e6f88943a1318853d4ad77c6d
parent538caf59df45c3a8b798ea82d3236faad34163a2 (diff)
Spot check use of new algorithm properties
-rw-r--r--tests/test_transport.py35
1 files changed, 33 insertions, 2 deletions
diff --git a/tests/test_transport.py b/tests/test_transport.py
index 9612ada7..28f30d63 100644
--- a/tests/test_transport.py
+++ b/tests/test_transport.py
@@ -1131,5 +1131,36 @@ class AlgorithmDisablingTests(unittest.TestCase):
assert "diffie-hellman-group14-sha256" in t._preferred_kex
assert "diffie-hellman-group14-sha256" not in t.preferred_kex
- # TODO: a bunch of busywork proving all prior uses of ._preferred_x are now
- # using .preferred_x :(
+ def test_implementation_refers_to_public_algo_lists(self):
+ t = Transport(
+ sock=Mock(),
+ disabled_algorithms={
+ "ciphers": ["aes128-cbc"],
+ "macs": ["hmac-md5"],
+ "keys": ["ssh-dss"],
+ "kex": ["diffie-hellman-group14-sha256"],
+ },
+ )
+ # Effectively a random spot check, but kex init touches most/all of the
+ # algorithm lists so it's a good spot.
+ t._send_message = Mock()
+ t._send_kex_init()
+ # Cribbed from Transport._parse_kex_init, which didn't feel worth
+ # refactoring given all the vars involved :(
+ m = t._send_message.call_args[0][0]
+ m.rewind()
+ m.get_byte() # the msg type
+ m.get_bytes(16) # cookie, discarded
+ kexen = m.get_list()
+ server_keys = m.get_list()
+ ciphers = m.get_list()
+ m.get_list()
+ macs = m.get_list()
+ m.get_list()
+ compressions = m.get_list()
+ # OK, now we can actually check that our disabled algos were not
+ # included (as this message includes the full lists)
+ assert "aes128-cbc" not in ciphers
+ assert "hmac-md5" not in macs
+ assert "ssh-dss" not in server_keys
+ assert "diffie-hellman-group14-sha256" not in kexen