ssh: unit tests for rsa-sha2-256 and rsa-sha2-512 signatures

samiponkanen · samiponkanenssh · commit ab4f6d849458 · 2021-06-04T17:41:57.000+03:00
diff --git a/ssh/client_auth_test.go b/ssh/client_auth_test.go
@@ -105,15 +105,17 @@ func tryAuthBothSides(t *testing.T, config *ClientConfig, gssAPIWithMICConfig *G
 }
 
 func TestClientAuthPublicKey(t *testing.T) {
-	config := &ClientConfig{
-		User: "testuser",
-		Auth: []AuthMethod{
-			PublicKeys(testSigners["rsa"]),
-		},
-		HostKeyCallback: InsecureIgnoreHostKey(),
-	}
-	if err := tryAuth(t, config); err != nil {
-		t.Fatalf("unable to dial remote side: %s", err)
+	for _, s := range []string{"rsa", "rsa-sha2-256", "rsa-sha2-512"} {
+		config := &ClientConfig{
+			User: "testuser",
+			Auth: []AuthMethod{
+				PublicKeys(testSigners[s]),
+			},
+			HostKeyCallback: InsecureIgnoreHostKey(),
+		}
+		if err := tryAuth(t, config); err != nil {
+			t.Fatalf("unable to dial remote side: %s", err)
+		}
 	}
 }
 
diff --git a/ssh/testdata_test.go b/ssh/testdata_test.go
@@ -10,7 +10,9 @@ package ssh
 
 import (
 	"crypto/rand"
+	"errors"
 	"fmt"
+	"io"
 
 	"golang.org/x/crypto/ssh/testdata"
 )
@@ -21,6 +23,32 @@ var (
 	testPublicKeys  map[string]PublicKey
 )
 
+type testAlgoSigner struct {
+	signer Signer
+	algo   string
+}
+
+func (tas *testAlgoSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	if as, ok := tas.signer.(AlgorithmSigner); ok {
+		if algorithm == "" {
+			algorithm = tas.algo
+		}
+		return as.SignWithAlgorithm(rand, data, algorithm)
+	}
+	return nil, errors.New("not an AlgorithmSigner")
+}
+
+func (tas *testAlgoSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	if as, ok := tas.signer.(AlgorithmSigner); ok {
+		return as.SignWithAlgorithm(rand, data, tas.algo)
+	}
+	return nil, errors.New("not an AlgorithmSigner")
+}
+
+func (tas *testAlgoSigner) PublicKey() PublicKey {
+	return tas.signer.PublicKey()
+}
+
 func init() {
 	var err error
 
@@ -40,6 +68,13 @@ func init() {
 		testPublicKeys[t] = testSigners[t].PublicKey()
 	}
 
+	// Create rsa-sha2-256 and rsa-sha2-512 signers
+	for _, t := range []string{"rsa-sha2-256", "rsa-sha2-512"} {
+		testPrivateKeys[t] = testPrivateKeys["rsa"]
+		testSigners[t] = &testAlgoSigner{signer: testSigners["rsa"], algo: t}
+		testPublicKeys[t] = testSigners[t].PublicKey()
+	}
+
 	// Create a cert and sign it for use in tests.
 	testCert := &Certificate{
 		Nonce:           []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
