File: test_diffie_hellman_group1_sha1.rb

package info (click to toggle)
ruby-net-ssh 1%3A2.9.1-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 1,484 kB
  • ctags: 1,862
  • sloc: ruby: 12,621; makefile: 2
file content (146 lines) | stat: -rw-r--r-- 4,611 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
require 'common'
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
require 'ostruct'

module Transport; module Kex

  class TestDiffieHellmanGroup1SHA1 < Test::Unit::TestCase
    include Net::SSH::Transport::Constants

    def setup
      @dh_options = @dh = @algorithms = @connection = @server_key = 
        @packet_data = @shared_secret = nil
    end

    def test_exchange_keys_should_return_expected_results_when_successful
      result = exchange!
      assert_equal session_id, result[:session_id]
      assert_equal server_key.to_blob, result[:server_key].to_blob
      assert_equal shared_secret, result[:shared_secret]
      assert_equal OpenSSL::Digest::SHA1, result[:hashing_algorithm]
    end

    def test_exchange_keys_with_unverifiable_host_should_raise_exception
      connection.verifier { false }
      assert_raises(Net::SSH::Exception) { exchange! }
    end

    def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
    end

    def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
      algorithms :host_key => "ssh-dss"
      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
    end

    def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
      @signature = "1234567890"
      assert_raises(Net::SSH::Exception) { exchange! }
    end

    def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
      verified = false
      connection.verifier do |data|
        verified = true
        assert_equal server_key.to_blob, data[:key].to_blob

        blob = b(:key, data[:key]).to_s
        fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")

        assert_equal blob, data[:key_blob]
        assert_equal fingerprint, data[:fingerprint]
        assert_equal connection, data[:session]

        true
      end

      assert_nothing_raised { exchange! }
      assert verified
    end

    private

      def exchange!(options={})
        connection.expect do |t, buffer|
          assert_equal KEXDH_INIT, buffer.type
          assert_equal dh.dh.pub_key, buffer.read_bignum
          t.return(KEXDH_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
          connection.expect do |t2, buffer2|
            assert_equal NEWKEYS, buffer2.type
            t2.return(NEWKEYS)
          end
        end

        dh.exchange_keys
      end

      def dh_options(options={})
        @dh_options = options
      end

      def dh
        @dh ||= subject.new(algorithms, connection, packet_data.merge(:need_bytes => 20).merge(@dh_options || {}))
      end

      def algorithms(options={})
        @algorithms ||= OpenStruct.new(:host_key => options[:host_key] || "ssh-rsa")
      end

      def connection
        @connection ||= MockTransport.new
      end

      def subject
        Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1
      end

      # 512 bits is the smallest possible key that will work with this, so
      # we use it for speed reasons
      def server_key(bits=512)
        @server_key ||= OpenSSL::PKey::RSA.new(bits)
      end

      def packet_data
        @packet_data ||= { :client_version_string => "client version string",
          :server_version_string => "server version string",
          :server_algorithm_packet => "server algorithm packet",
          :client_algorithm_packet => "client algorithm packet" }
      end

      def server_dh_pubkey
        @server_dh_pubkey ||= bn(1234567890)
      end

      def shared_secret
        @shared_secret ||= OpenSSL::BN.new(dh.dh.compute_key(server_dh_pubkey), 2)
      end

      def session_id
        @session_id ||= begin
          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
            :string, packet_data[:server_version_string],
            :string, packet_data[:client_algorithm_packet],
            :string, packet_data[:server_algorithm_packet],
            :string, Net::SSH::Buffer.from(:key, server_key),
            :bignum, dh.dh.pub_key,
            :bignum, server_dh_pubkey,
            :bignum, shared_secret)
          OpenSSL::Digest::SHA1.digest(buffer.to_s)
        end
      end

      def signature
        @signature ||= server_key.ssh_do_sign(session_id)
      end

      def bn(number, base=10)
        OpenSSL::BN.new(number.to_s, base)
      end

      def b(*args)
        Net::SSH::Buffer.from(*args)
      end
  end

end; end