net-ssh 2.4.0 → 2.5.0

data/test/transport/test_algorithms.rb

@@ -17,13 +17,18 @@ module Transport
     end
 
     def test_constructor_should_build_default_list_of_preferred_algorithms
-      assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key]
-      assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex]
-      assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms[:encryption]
+      if defined?(OpenSSL::PKey::EC)
+        assert_equal %w(ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key]
+        assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms[:kex]
+      else
+        assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key]
+        assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex]
+      end
+      assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms[:encryption]
       if defined?(OpenSSL::Digest::SHA256)
-        assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac]
+        assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac]
       else
-        assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 none), algorithms[:hmac]
+        assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com none), algorithms[:hmac]
       end
       assert_equal %w(none zlib@openssh.com zlib), algorithms[:compression]
       assert_equal %w(), algorithms[:language]
@@ -37,12 +42,20 @@ module Transport
     end
 
     def test_constructor_with_preferred_host_key_type_should_put_preferred_host_key_type_first
-      assert_equal %w(ssh-dss ssh-rsa), algorithms(:host_key => "ssh-dss")[:host_key]
+      if defined?(OpenSSL::PKey::EC)
+        assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521),  algorithms(:host_key => "ssh-dss")[:host_key]
+      else
+        assert_equal %w(ssh-dss ssh-rsa), algorithms(:host_key => "ssh-dss")[:host_key]
+      end
     end
 
     def test_constructor_with_known_hosts_reporting_known_host_key_should_use_that_host_key_type
       Net::SSH::KnownHosts.expects(:search_for).with("net.ssh.test,127.0.0.1", {}).returns([stub("key", :ssh_type => "ssh-dss")])
-      assert_equal %w(ssh-dss ssh-rsa), algorithms[:host_key]
+      if defined?(OpenSSL::PKey::EC)
+        assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key]
+      else
+        assert_equal %w(ssh-dss ssh-rsa), algorithms[:host_key]
+      end
     end
 
     def test_constructor_with_unrecognized_host_key_type_should_raise_exception
@@ -50,7 +63,11 @@ module Transport
     end
 
     def test_constructor_with_preferred_kex_should_put_preferred_kex_first
-      assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
+      if defined?(OpenSSL::PKey::EC)
+        assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
+      else
+        assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
+      end
     end
 
     def test_constructor_with_unrecognized_kex_should_raise_exception
@@ -58,11 +75,11 @@ module Transport
     end
 
     def test_constructor_with_preferred_encryption_should_put_preferred_encryption_first
-      assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms(:encryption => "aes256-cbc")[:encryption]
+      assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => "aes256-cbc")[:encryption]
     end
 
     def test_constructor_with_multiple_preferred_encryption_should_put_all_preferred_encryption_first
-      assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption]
+      assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption]
     end
 
     def test_constructor_with_unrecognized_encryption_should_raise_exception
@@ -70,11 +87,11 @@ module Transport
     end
 
     def test_constructor_with_preferred_hmac_should_put_preferred_hmac_first
-      assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => "hmac-md5-96")[:hmac]
+      assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => "hmac-md5-96")[:hmac]
     end
 
     def test_constructor_with_multiple_preferred_hmac_should_put_all_preferred_hmac_first
-      assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac]
+      assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5  hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac]
     end
 
     def test_constructor_with_unrecognized_hmac_should_raise_exception
@@ -256,7 +273,7 @@ module Transport
       def kexinit(options={})
         @kexinit ||= P(:byte, KEXINIT,
           :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF),
-          :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256",
+          :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256",
           :string, options[:host_key] || "ssh-rsa,ssh-dss",
           :string, options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
           :string, options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
@@ -272,12 +289,17 @@ module Transport
       def assert_kexinit(buffer, options={})
         assert_equal KEXINIT, buffer.type
         assert_equal 16, buffer.read(16).length
-        assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string
-        assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string
-        assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string
-        assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string
-        assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
-        assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
+        if defined?(OpenSSL::PKey::EC)
+          assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521", buffer.read_string
+          assert_equal options[:host_key] || "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521", buffer.read_string
+        else
+          assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string
+          assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string
+        end
+        assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string
+        assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string
+        assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
+        assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
         assert_equal options[:compression_client] || "none,zlib@openssh.com,zlib", buffer.read_string
         assert_equal options[:compression_server] || "none,zlib@openssh.com,zlib", buffer.read_string
         assert_equal options[:language_client] || "", buffer.read_string

data/test/transport/test_cipher_factory.rb

@@ -35,18 +35,22 @@ module Transport
       assert_equal [24,8], factory.get_lengths("3des-cbc")
     end
 
-    def test_lengths_for_aes192_cbc
-      assert_equal [24,16], factory.get_lengths("aes192-cbc")
-    end
-
     def test_lengths_for_aes128_cbc
       assert_equal [16,16], factory.get_lengths("aes128-cbc")
     end
 
+    def test_lengths_for_aes192_cbc
+      assert_equal [24,16], factory.get_lengths("aes192-cbc")
+    end
+
     def test_lengths_for_aes256_cbc
       assert_equal [32,16], factory.get_lengths("aes256-cbc")
     end
 
+    def test_lengths_for_arcfour
+      assert_equal [16,8], factory.get_lengths("arcfour")
+    end
+
     def test_lengths_for_arcfour128
       assert_equal [16,8], factory.get_lengths("arcfour128")
     end
@@ -58,26 +62,86 @@ module Transport
     def test_lengths_for_arcfour512
       assert_equal [64,8], factory.get_lengths("arcfour512")
     end
-    
-    BLOWFISH = "\210\021\200\315\240_\026$\352\204g\233\244\242x\332e\370\001\327\224Nv@9_\323\037\252kb\037\036\237\375]\343/y\037\237\312Q\f7]\347Y\005\275%\377\0010$G\272\250B\265Nd\375\342\372\025r6}+Y\213y\n\237\267\\\374^\346BdJ$\353\220Ik\023<\236&H\277=\225"
+
+    if_supported?("camellia128-cbc@openssh.org") do
+      def test_lengths_for_camellia128_cbc_openssh_org
+        assert_equal [16,16], factory.get_lengths("camellia128-cbc@openssh.org")
+      end
+    end
+
+    if_supported?("camellia192-cbc@openssh.org") do
+      def test_lengths_for_camellia192_cbc_openssh_org
+        assert_equal [24,16], factory.get_lengths("camellia192-cbc@openssh.org")
+      end
+    end
+
+    if_supported?("camellia256-cbc@openssh.org") do
+      def test_lengths_for_camellia256_cbc_openssh_org
+        assert_equal [32,16], factory.get_lengths("camellia256-cbc@openssh.org")
+      end
+    end
+
+    def test_lengths_for_3des_ctr
+      assert_equal [24,8], factory.get_lengths("3des-ctr")
+    end
+
+    def test_lengths_for_aes128_ctr
+      assert_equal [16,16], factory.get_lengths("aes128-ctr")
+    end
+
+    def test_lengths_for_aes192_ctr
+      assert_equal [24,16], factory.get_lengths("aes192-ctr")
+    end
+
+    def test_lengths_for_aes256_ctr
+      assert_equal [32,16], factory.get_lengths("aes256-ctr")
+    end
+
+    def test_lengths_for_blowfish_ctr
+      assert_equal [16,8], factory.get_lengths("blowfish-ctr")
+    end
+
+    def test_lengths_for_cast128_ctr
+      assert_equal [16,8], factory.get_lengths("cast128-ctr")
+    end
+
+    if_supported?("camellia128-ctr@openssh.org") do
+      def test_lengths_for_camellia128_ctr_openssh_org
+        assert_equal [16,16], factory.get_lengths("camellia128-ctr@openssh.org")
+      end
+    end
+
+    if_supported?("camellia192-ctr@openssh.org") do
+      def test_lengths_for_camellia192_ctr_openssh_org
+        assert_equal [24,16], factory.get_lengths("camellia192-ctr@openssh.org")
+      end
+    end
+
+    if_supported?("camellia256-ctr@openssh.org") do
+      def test_lengths_for_camellia256_ctr_openssh_org
+        assert_equal [32,16], factory.get_lengths("camellia256-ctr@openssh.org")
+      end
+    end
+
+    BLOWFISH_CBC = "\210\021\200\315\240_\026$\352\204g\233\244\242x\332e\370\001\327\224Nv@9_\323\037\252kb\037\036\237\375]\343/y\037\237\312Q\f7]\347Y\005\275%\377\0010$G\272\250B\265Nd\375\342\372\025r6}+Y\213y\n\237\267\\\374^\346BdJ$\353\220Ik\023<\236&H\277=\225"
 
     def test_blowfish_cbc_for_encryption
-      assert_equal BLOWFISH, encrypt("blowfish-cbc")
+      assert_equal BLOWFISH_CBC, encrypt("blowfish-cbc")
     end
 
     def test_blowfish_cbc_for_decryption
-      assert_equal TEXT, decrypt("blowfish-cbc", BLOWFISH)
+      assert_equal TEXT, decrypt("blowfish-cbc", BLOWFISH_CBC)
     end
 
     if_supported?("idea-cbc") do
-      IDEA = "W\234\017G\231\b\357\370H\b\256U]\343M\031k\233]~\023C\363\263\177\262-\261\341$\022\376mv\217\322\b\2763\270H\306\035\343z\313\312\3531\351\t\201\302U\022\360\300\354ul7$z\320O]\360g\024\305\005`V\005\335A\351\312\270c\320D\232\eQH1\340\265\2118\031g*\303v"
+      IDEA_CBC = "W\234\017G\231\b\357\370H\b\256U]\343M\031k\233]~\023C\363\263\177\262-\261\341$\022\376mv\217\322\b\2763\270H\306\035\343z\313\312\3531\351\t\201\302U\022\360\300\354ul7$z\320O]\360g\024\305\005`V\005\335A\351\312\270c\320D\232\eQH1\340\265\2118\031g*\303v"
 
       def test_idea_cbc_for_encryption
-        assert_equal IDEA, encrypt("idea-cbc")
+        assert_equal IDEA_CBC, encrypt("idea-cbc")
       end
 
       def test_idea_cbc_for_decryption
-        assert_equal TEXT, decrypt("idea-cbc", IDEA)
+        assert_equal TEXT, decrypt("idea-cbc", IDEA_CBC)
       end
     end
 
@@ -91,54 +155,64 @@ module Transport
       assert_equal TEXT, decrypt("rijndael-cbc@lysator.liu.se", RIJNDAEL)
     end
 
-    CAST128 = "qW\302\331\333P\223t[9 ~(sg\322\271\227\272\022I\223\373p\255>k\326\314\260\2003\236C_W\211\227\373\205>\351\334\322\227\223\e\236\202Ii\032!P\214\035:\017\360h7D\371v\210\264\317\236a\262w1\2772\023\036\331\227\240:\f/X\351\324I\t[x\350\323E\2301\016m"
+    CAST128_CBC = "qW\302\331\333P\223t[9 ~(sg\322\271\227\272\022I\223\373p\255>k\326\314\260\2003\236C_W\211\227\373\205>\351\334\322\227\223\e\236\202Ii\032!P\214\035:\017\360h7D\371v\210\264\317\236a\262w1\2772\023\036\331\227\240:\f/X\351\324I\t[x\350\323E\2301\016m"
 
     def test_cast128_cbc_for_encryption
-      assert_equal CAST128, encrypt("cast128-cbc")
+      assert_equal CAST128_CBC, encrypt("cast128-cbc")
     end
 
     def test_cast128_cbc_for_decryption
-      assert_equal TEXT, decrypt("cast128-cbc", CAST128)
+      assert_equal TEXT, decrypt("cast128-cbc", CAST128_CBC)
     end
 
-    TRIPLE_DES = "\322\252\216D\303Q\375gg\367A{\177\313\3436\272\353%\223K?\257\206|\r&\353/%\340\336 \203E8rY\206\234\004\274\267\031\233T/{\"\227/B!i?[qGaw\306T\206\223\213n \212\032\244%]@\355\250\334\312\265E\251\017\361\270\357\230\274KP&^\031r+r%\370"
+    TRIPLE_DES_CBC = "\322\252\216D\303Q\375gg\367A{\177\313\3436\272\353%\223K?\257\206|\r&\353/%\340\336 \203E8rY\206\234\004\274\267\031\233T/{\"\227/B!i?[qGaw\306T\206\223\213n \212\032\244%]@\355\250\334\312\265E\251\017\361\270\357\230\274KP&^\031r+r%\370"
 
     def test_3des_cbc_for_encryption
-      assert_equal TRIPLE_DES, encrypt("3des-cbc")
+      assert_equal TRIPLE_DES_CBC, encrypt("3des-cbc")
     end
 
     def test_3des_cbc_for_decryption
-      assert_equal TEXT, decrypt("3des-cbc", TRIPLE_DES)
+      assert_equal TEXT, decrypt("3des-cbc", TRIPLE_DES_CBC)
     end
 
-    AES128 = "k\026\350B\366-k\224\313\3277}B\035\004\200\035\r\233\024$\205\261\231Q\2214r\245\250\360\315\237\266hg\262C&+\321\346Pf\267v\376I\215P\327\345-\232&HK\375\326_\030<\a\276\212\303g\342C\242O\233\260\006\001a&V\345`\\T\e\236.\207\223l\233ri^\v\252\363\245"
+    AES128_CBC = "k\026\350B\366-k\224\313\3277}B\035\004\200\035\r\233\024$\205\261\231Q\2214r\245\250\360\315\237\266hg\262C&+\321\346Pf\267v\376I\215P\327\345-\232&HK\375\326_\030<\a\276\212\303g\342C\242O\233\260\006\001a&V\345`\\T\e\236.\207\223l\233ri^\v\252\363\245"
 
     def test_aes128_cbc_for_encryption
-      assert_equal AES128, encrypt("aes128-cbc")
+      assert_equal AES128_CBC, encrypt("aes128-cbc")
     end
 
     def test_aes128_cbc_for_decryption
-      assert_equal TEXT, decrypt("aes128-cbc", AES128)
+      assert_equal TEXT, decrypt("aes128-cbc", AES128_CBC)
     end
 
-    AES192 = "\256\017)x\270\213\336\303L\003f\235'jQ\3231k9\225\267\242\364C4\370\224\201\302~\217I\202\374\2167='\272\037\225\223\177Y\r\212\376(\275\n\3553\377\177\252C\254\236\016MA\274Z@H\331<\rL\317\205\323[\305X8\376\237=\374\352bH9\244\0231\353\204\352p\226\326~J\242"
+    AES192_CBC = "\256\017)x\270\213\336\303L\003f\235'jQ\3231k9\225\267\242\364C4\370\224\201\302~\217I\202\374\2167='\272\037\225\223\177Y\r\212\376(\275\n\3553\377\177\252C\254\236\016MA\274Z@H\331<\rL\317\205\323[\305X8\376\237=\374\352bH9\244\0231\353\204\352p\226\326~J\242"
 
     def test_aes192_cbc_for_encryption
-      assert_equal AES192, encrypt("aes192-cbc")
+      assert_equal AES192_CBC, encrypt("aes192-cbc")
     end
 
     def test_aes192_cbc_for_decryption
-      assert_equal TEXT, decrypt("aes192-cbc", AES192)
+      assert_equal TEXT, decrypt("aes192-cbc", AES192_CBC)
     end
 
-    AES256 = "$\253\271\255\005Z\354\336&\312\324\221\233\307Mj\315\360\310Fk\241EfN\037\231\213\361{'\310\204\347I\343\271\005\240`\325;\034\346uM>#\241\231C`\374\261\vo\226;Z\302:\b\250\366T\330\\#V\330\340\226\363\374!\bm\266\232\207!\232\347\340\t\307\370\356z\236\343=v\210\206y"
+    AES256_CBC = "$\253\271\255\005Z\354\336&\312\324\221\233\307Mj\315\360\310Fk\241EfN\037\231\213\361{'\310\204\347I\343\271\005\240`\325;\034\346uM>#\241\231C`\374\261\vo\226;Z\302:\b\250\366T\330\\#V\330\340\226\363\374!\bm\266\232\207!\232\347\340\t\307\370\356z\236\343=v\210\206y"
 
     def test_aes256_cbc_for_encryption
-      assert_equal AES256, encrypt("aes256-cbc")
+      assert_equal AES256_CBC, encrypt("aes256-cbc")
     end
 
     def test_aes256_cbc_for_decryption
-      assert_equal TEXT, decrypt("aes256-cbc", AES256)
+      assert_equal TEXT, decrypt("aes256-cbc", AES256_CBC)
+    end
+
+    ARCFOUR = "\xC1.\x1AdH\xD0+%\xF1CrG\x1C\xCC\xF6\xACho\xB0\x95\\\xBC\x02P\xF9\xAF\n\xBB<\x13\xF3\xCF\xEB\n\b(iO\xFB'\t^?\xA6\xE5a\xE2\x17\f\x97\xCAs\x9E\xFC\xF2\x88\xC93\v\x84\xCA\x82\x0E\x1D\x11\xEA\xE1\x82\x8E\xB3*\xC5\xFB\x8Cmgs\xB0\xFA\xF5\x9C\\\xE2\xB0\x95\x1F>LT"
+
+    def test_arcfour_for_encryption
+      assert_equal ARCFOUR, encrypt("arcfour")
+    end
+
+    def test_arcfour_for_decryption
+      assert_equal TEXT, decrypt("arcfour", ARCFOUR)
     end
     
     ARCFOUR128 = "\n\x90\xED*\xD4\xBE\xCBg5\xA5\a\xEC]\x97\xB7L\x06)6\x12FL\x90@\xF4Sqxqh\r\x11\x1Aq \xC8\xE6v\xC6\x12\xD9<A\xDAZ\xFE\x7F\x88\x19f.\x06\xA7\xFE:\xFF\x93\x9B\x8D\xA0\\\x9E\xCA\x03\x15\xE1\xE2\f\xC0\b\xA2C\xE1\xBD\xB6\x13D\xD1\xB4'g\x89\xDC\xEB\f\x19Z)U"
@@ -170,7 +244,161 @@ module Transport
     def test_arcfour512_for_decryption
       assert_equal TEXT, decrypt("arcfour512", ARCFOUR512)
     end
-    
+
+    if_supported?("camellia128-cbc@openssh.org") do
+      CAMELLIA128_CBC = "\a\b\x83+\xF1\xC5m\a\xE1\xD3\x06\xD2NA\xC3l@\\*M\xFD\x96\xAE\xA8\xB4\xA9\xACm\"8\x8E\xEE<\xC3O[\rK\xFAgu}\xCD\xAC\xF4\x04o\xDB\x94-\xB8\"\xDC\xE7{y\xA9 \x8F=y\x85\x82v\xC8\xCA\x8A\xE9\xE3:\xC4,u=a/\xC0\x05\xDA\xDAk8g\xCB\xD9\xA8\xE6\xFE\xCE_\x8E\x97\xF0\xAC\xB6\xCE"
+      def test_camellia128_cbc_for_encryption
+        assert_equal CAMELLIA128_CBC, encrypt("camellia128-cbc@openssh.org")
+      end
+      def test_camellia128_cbc_for_decryption
+        assert_equal TEXT, decrypt("camellia128-cbc@openssh.org", CAMELLIA128_CBC)
+      end
+    end
+
+    if_supported?("camellia192-cbc@openssh.org") do
+      CAMELLIA192_CBC = "\x82\xB2\x03\x90\xFA\f2\xA0\xE3\xFA\xF2B\xAB\xDBX\xD5\x04z\xD4G\x19\xB8\xAB\v\x85\x84\xCD:.\xBA\x9Dd\xD5(\xEB.\n\xAA]\xCB\xF3\x0F4\x8Bd\xF8m\xC9!\xE2\xA1=\xEBY\xA6\x83\x86\n\x13\e6\v\x06\xBBNJg\xF2-\x14',[\xC1\xB1.\x85\xF3\xC6\xBF\x1Ff\xCE\x87'\x9C\xB2\xC8!\xF3|\xE2\xD2\x9E\x96\xA1"
+      def test_camellia192_cbc_for_encryption
+        assert_equal CAMELLIA192_CBC, encrypt("camellia192-cbc@openssh.org")
+      end
+      def test_camellia192_cbc_for_decryption
+        assert_equal TEXT, decrypt("camellia192-cbc@openssh.org", CAMELLIA192_CBC)
+      end
+    end
+
+    if_supported?("camellia256-cbc@openssh.org") do
+      CAMELLIA256_CBC = ",\x80J/\xF5\x8F\xFE4\xF0@\n[2\xFF4\xB6\xA4\xD0\xF8\xF5*\x17I\xF3\xA2\x1F$L\xC6\xA1\x06\xDC\x84f\x1C\x10&\x1C\xC4/R\x859|i\x85ZP\xC8\x94\xED\xE8-\n@ w\x92\xF7\xD4\xAB\xF0\x85c\xC1\x0F\x1E#\xEB\xE5W\x87N!\xC7'/\xE3E8$\x1D\x9B:\xC9\xAF_\x05\xAC%\xD7\x945\xBBDK"
+      def test_camellia256_cbc_for_encryption
+        assert_equal CAMELLIA256_CBC, encrypt("camellia256-cbc@openssh.org")
+      end
+      def test_camellia256_cbc_for_decryption
+        assert_equal TEXT, decrypt("camellia256-cbc@openssh.org", CAMELLIA256_CBC)
+      end
+    end
+
+    BLOWFISH_CTR = "\xF5\xA6\x1E{\x8F(\x85G\xFAh\xDB\x19\xDC\xDF\xA2\x9A\x99\xDD5\xFF\xEE\x8BE\xE6\xB5\x92\x82\xE80\x91\x11`\xEF\x10\xED\xE9\xD3\vG\x0E\xAF\xB2K\t\xA4\xA6\x05\xD1\x17\x0Fl\r@E\x8DJ\e\xE63\x04\xB5\x05\x99Y\xCC\xFBb\x8FK+\x8C1v\xE4N\b?B\x06Rz\xA6\xB6N/b\xCE}\x83\x8DY\xD7\x92qU\x0F"
+
+    def test_blowfish_ctr_for_encryption
+      assert_equal BLOWFISH_CTR, encrypt("blowfish-ctr")
+    end
+
+    def test_blowfish_ctr_for_decryption
+      assert_equal TEXT, decrypt("blowfish-ctr", BLOWFISH_CTR)
+    end
+
+    CAST128_CTR = "\xB5\xBB\xC3h\x80\x90`{\xD7I\x03\xE9\x80\xC4\xC4U\xE3@\xF1\xE9\xEFX\xDB6\xEE,\x8E\xC2\xE8\x89\x17\xBArf\x81\r\x96\xDC\xB1_'\x83hs\t7\xB8@\x17\xAA\xD9;\xE8\x8E\x94\xBD\xFF\xA4K\xA4\xFA\x8F-\xCD\bO\xD9I`\xE5\xC9H\x99\x14\xC5K\xC8\xEF\xEA#\x1D\xE5\x13O\xE1^P\xDC\x1C^qm\v|c@"
+
+    def test_cast128_ctr_for_encryption
+      assert_equal CAST128_CTR, encrypt("cast128-ctr")
+    end
+
+    def test_cast128_ctr_for_decryption
+      assert_equal TEXT, decrypt("cast128-ctr", CAST128_CTR)
+    end
+
+    TRIPLE_DES_CTR = "\x90\xCD\b\xD2\xF1\x15:\x98\xF4sJ\xF0\xC9\xAA\xC5\xE3\xB4\xCFq\x93\xBAB\xF9v\xE1\xE7\x8B<\xBC\x97R\xDF?kK~Nw\xF3\x92`\x90]\xD9\xEF\x16\xC85V\x03C\xE9\x14\xF0\x86\xEB\x19\x85\x82\xF6\x16gz\x9B`\xB1\xCE\x80&?\xC8\xBD\xBC+\x91/)\xA5x\xBB\xCF\x06\x15#\e\xB3\xBD\x9B\x1F\xA7\xE2\xC7\xA3\xFC\x06\xC8"
+
+    def test_3des_ctr_for_encryption
+      if defined?(JRUBY_VERSION)
+        # on JRuby, this test fails due to JRUBY-6558
+        puts "Skipping 3des-ctr tests for JRuby"
+      else
+        assert_equal TRIPLE_DES_CTR, encrypt("3des-ctr")
+      end
+    end
+
+    def test_3des_ctr_for_decryption
+      if defined?(JRUBY_VERSION)
+        # on JRuby, this test fails due to JRUBY-6558
+        puts "Skipping 3des-ctr tests for JRuby"
+      else
+        assert_equal TEXT, decrypt("3des-ctr", TRIPLE_DES_CTR)
+      end
+    end
+
+    AES128_CTR = "\x9D\xC7]R\x89\x01\xC4\x14\x00\xE7\xCEc`\x80\v\xC7\xF7\xBD\xD5#d\f\xC9\xB0\xDE\xA6\x8Aq\x10p\x8F\xBC\xFF\x8B\xB4\xC5\xB3\xF7,\xF7eO\x06Q]\x0F\x05\x86\xEC\xA6\xC8\x12\xE9\xC4\x9D0\xD3\x9AL\x192\xAA\xDFu\x0E\xECz\x7F~g\xCA\xEA\xBA\x80,\x83V\x10\xF6/\x04\xD2\x8A\x94\x94\xA9T>~\xD2\r\xE6\x0E\xA0q\xEF"
+
+    def test_aes128_ctr_for_encryption
+      assert_equal AES128_CTR, encrypt("aes128-ctr")
+    end
+
+    def test_aes128_ctr_for_decryption
+      assert_equal TEXT, decrypt("aes128-ctr", AES128_CTR)
+    end
+
+    AES192_CTR = "\xE2\xE7\x1FJ\xE5\xB09\xE1\xB7/\xB3\x95\xF2S\xCE\x8C\x93\x14mFY\x88*\xCE\b\xA6\x87W\xD7\xEC/\xC9\xB6\x9Ba\a\x8E\x89-\xD7\xB2j\a\xB3\a\x92f\"\x96\x8D\xBF\x01\t\xB8Y\xF3\x92\x01\xCC7\xB6w\xF9\"=u:\xA1\xD5*\n\x9E\xC7p\xDC\x11\a\x1C\x88y\xE8\x87`\xA6[fF\x9B\xACv\xA6\xDA1|#F"
+
+    def test_aes192_ctr_for_encryption
+      assert_equal AES192_CTR, encrypt("aes192-ctr")
+    end
+
+    def test_aes192_ctr_for_decryption
+      assert_equal TEXT, decrypt("aes192-ctr", AES192_CTR)
+    end
+
+    AES256_CTR = "2\xB8\xE6\xC9\x95\xB4\x05\xD2\xC7+\x7F\x88\xEB\xD4\xA0\b\"\xBF\x9E\x85t\x19,\e\x90\x11\x04b\xC7\xEE$\xDE\xE6\xC5@G\xFEm\xE1u\x9B\au\xAF\xB5\xB8\x857\x87\x139u\xAC\x1A\xAB\fh\x8FiW~\xB8:\xA4\xA0#~\xC4\x89\xBA5#:\xFC\xC8\xE3\x9B\xF0A2\x87\x980\xD1\xE3\xBC'\xBE\x1E\n\x1A*B\x06\xF3\xCC"
+
+    def test_aes256_ctr_for_encryption
+      assert_equal AES256_CTR, encrypt("aes256-ctr")
+    end
+
+    def test_aes256_ctr_for_decryption
+      assert_equal TEXT, decrypt("aes256-ctr", AES256_CTR)
+    end
+
+    CAMELLIA128_CTR = "$\xCDQ\x86\xFD;Eq\x04\xFD\xEF\xC9\x18\xBA\\ZA\xD1\xA6Z\xC7V\xDE\xCDT\xBB\xC9\xB0BW\x9BOb}O\xCANy\xEA\xBB\xC5\x126\xE3\xDF\xB8]|j\x1D\xAE\"i\x8A\xCB\xE06\x01\xC4\xDA\xF6:\xA7\xB2v\xB0\xAE\xA5m\x16\xDB\xEBR\xCC\xB4\xA3\x93\x11;\xF1\x00\xDFS6\xF8\xD0_\b\nl\xA2\x95\x8E\xF2\xB0\xC1"
+    if_supported?("camellia128-ctr@openssh.org") do
+      def test_camellia128_ctr_openssh_org_for_encryption
+        assert_equal CAMELLIA128_CTR, encrypt("camellia128-ctr@openssh.org")
+      end
+      def test_camellia128_ctr_openssh_org_for_decryption
+        assert_equal TEXT, decrypt("camellia128-ctr@openssh.org", CAMELLIA128_CTR)
+      end
+    end
+    if_supported?("camellia128-ctr") do
+      def test_camellia128_ctr_for_encryption
+        assert_equal CAMELLIA128_CTR, encrypt("camellia128-ctr")
+      end
+      def test_camellia128_ctr_for_decryption
+        assert_equal TEXT, decrypt("camellia128-ctr", CAMELLIA128_CTR)
+      end
+    end
+
+    CAMELLIA192_CTR = "\xB1O;\xA5\xB9 \xD6\x7Fw\ajz\xAF12\x1C\xF0^\xB2\x13\xA7s\xCB\x1A(3Yw\x8B\"7\xD7}\xC4\xAA\xF7\xDB\xF2\xEEi\x02\xD0\x94BK\xD9l\xBC\xBEbrk\x87\x14h\xE1'\xD2\xE4\x8C\x8D\x87\xCE\xBF\x89\xA9\x9E\xC4\f\xB8\x87(\xFE?\xD9\xEF\xBA5\xD8\xA1\rI\xD6s9\x10\xA9l\xB8S\x93}*\x9A\xB0="
+    if_supported?("camellia192-ctr@openssh.org") do
+      def test_camellia192_ctr_openssh_org_for_encryption
+        assert_equal CAMELLIA192_CTR, encrypt("camellia192-ctr@openssh.org")
+      end
+      def test_camellia192_ctr_openssh_org_for_decryption
+        assert_equal TEXT, decrypt("camellia192-ctr@openssh.org", CAMELLIA192_CTR)
+      end
+    end
+    if_supported?("camellia192-ctr") do
+      def test_camellia192_ctr_for_encryption
+        assert_equal CAMELLIA192_CTR, encrypt("camellia192-ctr")
+      end
+      def test_camellia192_ctr_for_decryption
+        assert_equal TEXT, decrypt("camellia192-ctr", CAMELLIA192_CTR)
+      end
+    end
+
+    CAMELLIA256_CTR = "`\x8F#Nqr^m\xB2/i\xF9}\x1E\xD1\xE7X\x99\xAF\x1E\xBA\v\xF3\x8E\xCA\xECZ\xCB\x8A\xC96FW\xB3\x84 bwzRM,P\xC1r\xEFHNr%\xB9\a\xD6\xE6\xE7O\b\xC8?\x98d\x9F\xD3v\x10#\xA6\x87\xB2\x85\x059\xF0-\xF9\xBC\x00V\xB2?\xAE\x1E{\e\xF1\xA9zJ\xC9=1\xB3t73\xEB"
+    if_supported?("camellia256-ctr@openssh.org") do
+      def test_camellia256_ctr_openssh_org_for_encryption
+        assert_equal CAMELLIA256_CTR, encrypt("camellia256-ctr@openssh.org")
+      end
+      def test_camellia256_ctr_openssh_org_for_decryption
+        assert_equal TEXT, decrypt("camellia256-ctr@openssh.org", CAMELLIA256_CTR)
+      end
+    end
+    if_supported?("camellia256-ctr") do
+      def test_camellia256_ctr_for_encryption
+        assert_equal CAMELLIA256_CTR, encrypt("camellia256-ctr")
+      end
+      def test_camellia256_ctr_for_decryption
+        assert_equal TEXT, decrypt("camellia256-ctr", CAMELLIA256_CTR)
+      end
+    end
+
     def test_none_for_encryption
       assert_equal TEXT, encrypt("none").strip
     end