summaryrefslogtreecommitdiff
path: root/test/transport/kex/test_ecdh_sha2_nistp256.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/transport/kex/test_ecdh_sha2_nistp256.rb')
-rw-r--r--test/transport/kex/test_ecdh_sha2_nistp256.rb63
1 files changed, 32 insertions, 31 deletions
diff --git a/test/transport/kex/test_ecdh_sha2_nistp256.rb b/test/transport/kex/test_ecdh_sha2_nistp256.rb
index 4105556..5d0a6b1 100644
--- a/test/transport/kex/test_ecdh_sha2_nistp256.rb
+++ b/test/transport/kex/test_ecdh_sha2_nistp256.rb
@@ -8,17 +8,17 @@ else
require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
require 'ostruct'
- module Transport
+ module Transport
module Kex
class TestEcdhSHA2NistP256 < NetSSHTest
include Net::SSH::Transport::Constants
-
+
def setup
- @ecdh = @algorithms = @connection = @server_key =
+ @ecdh = @algorithms = @connection = @server_key =
@packet_data = @shared_secret = nil
end
-
+
def test_exchange_keys_should_return_expected_results_when_successful
result = exchange!
assert_equal session_id, result[:session_id]
@@ -26,64 +26,64 @@ else
assert_equal shared_secret, result[:shared_secret]
assert_equal digester, result[:hashing_algorithm]
end
-
+
def test_exchange_keys_with_unverifiable_host_should_raise_exception
connection.verifier { false }
assert_raises(Net::SSH::Exception) { exchange! }
end
-
+
def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
assert_raises(Net::SSH::Exception) { exchange! key_type: "ssh-dss" }
end
-
+
def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
algorithms host_key: "ssh-dss"
assert_raises(Net::SSH::Exception) { exchange! key_type: "ssh-dss" }
end
-
+
def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
@signature = "1234567890"
assert_raises(Net::SSH::Exception) { exchange! }
end
-
+
def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
verified = false
connection.verifier do |data|
verified = true
assert_equal server_host_key.to_blob, data[:key].to_blob
-
+
blob = b(:key, data[:key]).to_s
fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
-
+
assert_equal blob, data[:key_blob]
assert_equal fingerprint, data[:fingerprint]
assert_equal connection, data[:session]
-
+
true
end
-
+
assert_nothing_raised { exchange! }
assert verified
end
-
+
private
-
+
def digester
OpenSSL::Digest::SHA256
end
-
+
def subject
Net::SSH::Transport::Kex::EcdhSHA2NistP256
end
-
+
def ecparam
"prime256v1"
end
-
+
def key_type
"ecdsa-sha2-nistp256"
end
-
+
def exchange!(options={})
connection.expect do |t, buffer|
assert_equal KEXECDH_INIT, buffer.type
@@ -100,42 +100,42 @@ else
end
ecdh.exchange_keys
end
-
+
def ecdh
@ecdh ||= subject.new(algorithms, connection, packet_data)
end
-
+
def algorithms(options={})
@algorithms ||= OpenStruct.new(host_key: options[:server_host_key] || "ecdsa-sha2-nistp256")
end
-
+
def connection
@connection ||= MockTransport.new
end
-
+
def server_key
@server_key ||= OpenSSL::PKey::EC.new(ecparam).generate_key
end
-
+
def server_host_key
@server_host_key ||= OpenSSL::PKey::EC.new("prime256v1").generate_key
end
-
+
def packet_data
@packet_data ||= { client_version_string: "client version string",
server_version_string: "server version string",
server_algorithm_packet: "server algorithm packet",
client_algorithm_packet: "client algorithm packet" }
end
-
+
def server_ecdh_pubkey
@server_ecdh_pubkey ||= server_key.public_key
end
-
+
def shared_secret
@shared_secret ||= OpenSSL::BN.new(ecdh.ecdh.dh_compute_key(server_ecdh_pubkey), 2)
end
-
+
def session_id
@session_id ||= begin
buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
@@ -149,14 +149,15 @@ else
digester.digest(buffer.to_s)
end
end
-
+
def signature
@signature ||= server_host_key.ssh_do_sign(session_id)
end
-
+
def b(*args)
Net::SSH::Buffer.from(*args)
end
end
- end; end;
+ end
+ end
end
View Lorry Controller Status