summaryrefslogtreecommitdiff
path: root/test/transport/kex/test_diffie_hellman_group1_sha1.rb
blob: 8b5abd6b11bcb201ce2697a1d6ad6c461d9e3887 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

require 'common'
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
require 'ostruct'

module Transport 
  module Kex

    class TestDiffieHellmanGroup1SHA1 < NetSSHTest
      include Net::SSH::Transport::Constants
  
      def setup
        @dh_options = @dh = @algorithms = @connection = @server_key = 
          @packet_data = @shared_secret = nil
      end
  
      def digest_type
        OpenSSL::Digest::SHA1
      end
  
      def test_exchange_keys_should_return_expected_results_when_successful
        result = exchange!
        assert_equal session_id, result[:session_id]
        assert_equal server_key.to_blob, result[:server_key].to_blob
        assert_equal shared_secret, result[:shared_secret]
        assert_equal digest_type, result[:hashing_algorithm]
      end
  
      def test_exchange_keys_with_unverifiable_host_should_raise_exception
        connection.verifier { false }
        assert_raises(Net::SSH::Exception) { exchange! }
      end
  
      def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
        assert_raises(Net::SSH::Exception) { exchange! key_type: "ssh-dss" }
      end
  
      def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
        algorithms host_key: "ssh-dss"
        assert_raises(Net::SSH::Exception) { exchange! key_type: "ssh-dss" }
      end
  
      def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
        @signature = "1234567890"
        assert_raises(Net::SSH::Exception) { exchange! }
      end
  
      def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
        verified = false
        connection.verifier do |data|
          verified = true
          assert_equal server_key.to_blob, data[:key].to_blob
  
          blob = b(:key, data[:key]).to_s
          fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
  
          assert_equal blob, data[:key_blob]
          assert_equal fingerprint, data[:fingerprint]
          assert_equal connection, data[:session]
  
          true
        end
  
        assert_nothing_raised { exchange! }
        assert verified
      end
  
      private
  
      def exchange!(options={})
        connection.expect do |t, buffer|
          assert_equal KEXDH_INIT, buffer.type
          assert_equal dh.dh.pub_key, buffer.read_bignum
          t.return(KEXDH_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
          connection.expect do |t2, buffer2|
            assert_equal NEWKEYS, buffer2.type
            t2.return(NEWKEYS)
          end
        end
  
        dh.exchange_keys
      end
  
      def dh_options(options={})
        @dh_options = options
      end
  
      def dh
        @dh ||= subject.new(algorithms, connection, packet_data.merge(need_bytes: 20).merge(@dh_options || {}))
      end
  
      def algorithms(options={})
        @algorithms ||= OpenStruct.new(host_key: options[:host_key] || "ssh-rsa")
      end
  
      def connection
        @connection ||= MockTransport.new
      end
  
      def subject
        Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1
      end
  
      # 512 bits is the smallest possible key that will work with this, so
      # we use it for speed reasons
      def server_key(bits=512)
        @server_key ||= OpenSSL::PKey::RSA.new(bits)
      end
  
      def packet_data
        @packet_data ||= { client_version_string: "client version string",
                           server_version_string: "server version string",
                           server_algorithm_packet: "server algorithm packet",
                           client_algorithm_packet: "client algorithm packet" }
      end
  
      def server_dh_pubkey
        @server_dh_pubkey ||= bn(1234567890)
      end
  
      def shared_secret
        @shared_secret ||= OpenSSL::BN.new(dh.dh.compute_key(server_dh_pubkey), 2)
      end
  
      def session_id
        @session_id ||= begin
          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
            :string, packet_data[:server_version_string],
            :string, packet_data[:client_algorithm_packet],
            :string, packet_data[:server_algorithm_packet],
            :string, Net::SSH::Buffer.from(:key, server_key),
            :bignum, dh.dh.pub_key,
            :bignum, server_dh_pubkey,
            :bignum, shared_secret)
          OpenSSL::Digest::SHA1.digest(buffer.to_s)
        end
      end
  
      def signature
        @signature ||= server_key.ssh_do_sign(session_id)
      end
  
      def bn(number, base=10)
        OpenSSL::BN.new(number.to_s, base)
      end
  
      def b(*args)
        Net::SSH::Buffer.from(*args)
      end
    end

end; end
View Lorry Controller Status