net-ssh 1.1.4 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +37 -0
- data/Manifest +101 -0
- data/README.rdoc +110 -0
- data/Rakefile +26 -0
- data/{THANKS → THANKS.rdoc} +2 -5
- data/lib/net/ssh.rb +189 -57
- data/lib/net/ssh/authentication/agent.rb +175 -0
- data/lib/net/ssh/authentication/constants.rb +18 -0
- data/lib/net/ssh/authentication/key_manager.rb +166 -0
- data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
- data/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
- data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
- data/lib/net/ssh/authentication/methods/password.rb +39 -0
- data/lib/net/ssh/authentication/methods/publickey.rb +92 -0
- data/lib/net/ssh/authentication/pageant.rb +176 -0
- data/lib/net/ssh/authentication/session.rb +116 -0
- data/lib/net/ssh/buffer.rb +339 -0
- data/lib/net/ssh/buffered_io.rb +149 -0
- data/lib/net/ssh/config.rb +173 -0
- data/lib/net/ssh/connection/channel.rb +575 -454
- data/lib/net/ssh/connection/constants.rb +31 -45
- data/lib/net/ssh/connection/session.rb +569 -0
- data/lib/net/ssh/connection/term.rb +176 -88
- data/lib/net/ssh/errors.rb +83 -61
- data/lib/net/ssh/key_factory.rb +85 -0
- data/lib/net/ssh/known_hosts.rb +129 -0
- data/lib/net/ssh/loggable.rb +61 -0
- data/lib/net/ssh/packet.rb +102 -0
- data/lib/net/ssh/prompt.rb +93 -0
- data/lib/net/ssh/proxy/errors.rb +8 -28
- data/lib/net/ssh/proxy/http.rb +75 -107
- data/lib/net/ssh/proxy/socks4.rb +35 -48
- data/lib/net/ssh/proxy/socks5.rb +76 -108
- data/lib/net/ssh/service/forward.rb +267 -0
- data/lib/net/ssh/test.rb +89 -0
- data/lib/net/ssh/test/channel.rb +129 -0
- data/lib/net/ssh/test/extensions.rb +152 -0
- data/lib/net/ssh/test/kex.rb +44 -0
- data/lib/net/ssh/test/local_packet.rb +51 -0
- data/lib/net/ssh/test/packet.rb +81 -0
- data/lib/net/ssh/test/remote_packet.rb +38 -0
- data/lib/net/ssh/test/script.rb +157 -0
- data/lib/net/ssh/test/socket.rb +59 -0
- data/lib/net/ssh/transport/algorithms.rb +384 -0
- data/lib/net/ssh/transport/cipher_factory.rb +72 -0
- data/lib/net/ssh/transport/constants.rb +22 -58
- data/lib/net/ssh/transport/hmac.rb +31 -0
- data/lib/net/ssh/transport/hmac/abstract.rb +48 -0
- data/lib/net/ssh/transport/hmac/md5.rb +12 -0
- data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
- data/lib/net/ssh/transport/hmac/none.rb +15 -0
- data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
- data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
- data/lib/net/ssh/transport/identity_cipher.rb +40 -0
- data/lib/net/ssh/transport/kex.rb +13 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
- data/lib/net/ssh/{util → transport}/openssl.rb +22 -40
- data/lib/net/ssh/transport/packet_stream.rb +230 -0
- data/lib/net/ssh/transport/server_version.rb +61 -0
- data/lib/net/ssh/transport/session.rb +225 -303
- data/lib/net/ssh/transport/state.rb +170 -0
- data/lib/net/ssh/verifiers/lenient.rb +30 -0
- data/lib/net/ssh/verifiers/null.rb +12 -0
- data/lib/net/ssh/verifiers/strict.rb +53 -0
- data/lib/net/ssh/version.rb +57 -26
- data/net-ssh.gemspec +54 -0
- data/setup.rb +1585 -0
- data/test/authentication/methods/common.rb +28 -0
- data/test/authentication/methods/test_abstract.rb +51 -0
- data/test/authentication/methods/test_hostbased.rb +108 -0
- data/test/authentication/methods/test_keyboard_interactive.rb +98 -0
- data/test/authentication/methods/test_password.rb +50 -0
- data/test/authentication/methods/test_publickey.rb +123 -0
- data/test/authentication/test_agent.rb +205 -0
- data/test/authentication/test_key_manager.rb +100 -0
- data/test/authentication/test_session.rb +93 -0
- data/test/common.rb +106 -0
- data/test/configs/exact_match +8 -0
- data/test/configs/wild_cards +14 -0
- data/test/connection/test_channel.rb +452 -0
- data/test/connection/test_session.rb +483 -0
- data/test/test_all.rb +6 -0
- data/test/test_buffer.rb +336 -0
- data/test/test_buffered_io.rb +63 -0
- data/test/test_config.rb +78 -0
- data/test/test_key_factory.rb +67 -0
- data/test/transport/hmac/test_md5.rb +34 -0
- data/test/transport/hmac/test_md5_96.rb +25 -0
- data/test/transport/hmac/test_none.rb +34 -0
- data/test/transport/hmac/test_sha1.rb +34 -0
- data/test/transport/hmac/test_sha1_96.rb +25 -0
- data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
- data/test/transport/test_algorithms.rb +302 -0
- data/test/transport/test_cipher_factory.rb +163 -0
- data/test/transport/test_hmac.rb +34 -0
- data/test/transport/test_identity_cipher.rb +40 -0
- data/test/transport/test_packet_stream.rb +433 -0
- data/test/transport/test_server_version.rb +55 -0
- data/test/transport/test_session.rb +312 -0
- data/test/transport/test_state.rb +173 -0
- metadata +102 -253
- data/ChangeLog +0 -560
- data/LICENSE +0 -7
- data/NEWS +0 -152
- data/README +0 -14
- data/bin/rb-keygen +0 -210
- data/doc/LICENSE-BSD +0 -27
- data/doc/LICENSE-GPL +0 -280
- data/doc/LICENSE-RUBY +0 -56
- data/doc/manual-html/chapter-1.html +0 -388
- data/doc/manual-html/chapter-2.html +0 -552
- data/doc/manual-html/chapter-3.html +0 -470
- data/doc/manual-html/chapter-4.html +0 -413
- data/doc/manual-html/chapter-5.html +0 -525
- data/doc/manual-html/chapter-6.html +0 -456
- data/doc/manual-html/chapter-7.html +0 -343
- data/doc/manual-html/index.html +0 -235
- data/doc/manual-html/stylesheets/manual.css +0 -270
- data/doc/manual-html/stylesheets/ruby.css +0 -17
- data/doc/manual/chapter.erb +0 -38
- data/doc/manual/example.erb +0 -18
- data/doc/manual/index.erb +0 -29
- data/doc/manual/manual.rb +0 -311
- data/doc/manual/manual.yml +0 -73
- data/doc/manual/page.erb +0 -87
- data/doc/manual/parts/0000.txt +0 -5
- data/doc/manual/parts/0001.txt +0 -3
- data/doc/manual/parts/0002.txt +0 -40
- data/doc/manual/parts/0003.txt +0 -6
- data/doc/manual/parts/0004.txt +0 -7
- data/doc/manual/parts/0005.txt +0 -1
- data/doc/manual/parts/0006.txt +0 -49
- data/doc/manual/parts/0007.txt +0 -67
- data/doc/manual/parts/0008.txt +0 -43
- data/doc/manual/parts/0009.txt +0 -14
- data/doc/manual/parts/0010.txt +0 -7
- data/doc/manual/parts/0011.txt +0 -14
- data/doc/manual/parts/0012.txt +0 -3
- data/doc/manual/parts/0013.txt +0 -20
- data/doc/manual/parts/0014.txt +0 -32
- data/doc/manual/parts/0015.txt +0 -14
- data/doc/manual/parts/0016.txt +0 -28
- data/doc/manual/parts/0017.txt +0 -50
- data/doc/manual/parts/0018.txt +0 -35
- data/doc/manual/parts/0019.txt +0 -7
- data/doc/manual/parts/0020.txt +0 -72
- data/doc/manual/parts/0021.txt +0 -50
- data/doc/manual/parts/0022.txt +0 -42
- data/doc/manual/parts/0023.txt +0 -51
- data/doc/manual/parts/0024.txt +0 -18
- data/doc/manual/parts/0025.txt +0 -18
- data/doc/manual/parts/0026.txt +0 -15
- data/doc/manual/parts/0027.txt +0 -37
- data/doc/manual/parts/0028.txt +0 -16
- data/doc/manual/parts/0029.txt +0 -1
- data/doc/manual/parts/0030.txt +0 -52
- data/doc/manual/parts/0031.txt +0 -25
- data/doc/manual/stylesheets/manual.css +0 -270
- data/doc/manual/stylesheets/ruby.css +0 -17
- data/doc/manual/tutorial.erb +0 -30
- data/examples/auth-forward.rb +0 -41
- data/examples/channel-demo.rb +0 -81
- data/examples/port-forward.rb +0 -51
- data/examples/process-demo.rb +0 -91
- data/examples/remote-net-port-forward.rb +0 -45
- data/examples/remote-port-forward.rb +0 -80
- data/examples/shell-demo.rb +0 -46
- data/examples/ssh-client.rb +0 -67
- data/examples/sync-shell-demo.rb +0 -69
- data/examples/tail-demo.rb +0 -49
- data/lib/net/ssh/connection/driver.rb +0 -446
- data/lib/net/ssh/connection/services.rb +0 -72
- data/lib/net/ssh/host-key-verifier.rb +0 -52
- data/lib/net/ssh/known-hosts.rb +0 -96
- data/lib/net/ssh/lenient-host-key-verifier.rb +0 -25
- data/lib/net/ssh/null-host-key-verifier.rb +0 -14
- data/lib/net/ssh/service/agentforward/driver.rb +0 -78
- data/lib/net/ssh/service/agentforward/services.rb +0 -41
- data/lib/net/ssh/service/forward/driver.rb +0 -319
- data/lib/net/ssh/service/forward/local-network-handler.rb +0 -71
- data/lib/net/ssh/service/forward/remote-network-handler.rb +0 -83
- data/lib/net/ssh/service/forward/services.rb +0 -76
- data/lib/net/ssh/service/process/driver.rb +0 -153
- data/lib/net/ssh/service/process/open.rb +0 -193
- data/lib/net/ssh/service/process/popen3.rb +0 -178
- data/lib/net/ssh/service/process/services.rb +0 -66
- data/lib/net/ssh/service/services.rb +0 -60
- data/lib/net/ssh/service/shell/driver.rb +0 -86
- data/lib/net/ssh/service/shell/services.rb +0 -54
- data/lib/net/ssh/service/shell/shell.rb +0 -222
- data/lib/net/ssh/service/shell/sync.rb +0 -114
- data/lib/net/ssh/session.rb +0 -305
- data/lib/net/ssh/transport/algorithm-negotiator.rb +0 -275
- data/lib/net/ssh/transport/compress/compressor.rb +0 -53
- data/lib/net/ssh/transport/compress/decompressor.rb +0 -53
- data/lib/net/ssh/transport/compress/none-compressor.rb +0 -39
- data/lib/net/ssh/transport/compress/none-decompressor.rb +0 -39
- data/lib/net/ssh/transport/compress/services.rb +0 -68
- data/lib/net/ssh/transport/compress/zlib-compressor.rb +0 -60
- data/lib/net/ssh/transport/compress/zlib-decompressor.rb +0 -52
- data/lib/net/ssh/transport/errors.rb +0 -47
- data/lib/net/ssh/transport/identity-cipher.rb +0 -61
- data/lib/net/ssh/transport/kex/dh-gex.rb +0 -106
- data/lib/net/ssh/transport/kex/dh.rb +0 -249
- data/lib/net/ssh/transport/kex/services.rb +0 -62
- data/lib/net/ssh/transport/ossl/buffer-factory.rb +0 -52
- data/lib/net/ssh/transport/ossl/buffer.rb +0 -87
- data/lib/net/ssh/transport/ossl/cipher-factory.rb +0 -98
- data/lib/net/ssh/transport/ossl/digest-factory.rb +0 -51
- data/lib/net/ssh/transport/ossl/hmac-factory.rb +0 -71
- data/lib/net/ssh/transport/ossl/hmac/hmac.rb +0 -62
- data/lib/net/ssh/transport/ossl/hmac/md5-96.rb +0 -44
- data/lib/net/ssh/transport/ossl/hmac/md5.rb +0 -46
- data/lib/net/ssh/transport/ossl/hmac/none.rb +0 -46
- data/lib/net/ssh/transport/ossl/hmac/services.rb +0 -68
- data/lib/net/ssh/transport/ossl/hmac/sha1-96.rb +0 -44
- data/lib/net/ssh/transport/ossl/hmac/sha1.rb +0 -45
- data/lib/net/ssh/transport/ossl/key-factory.rb +0 -116
- data/lib/net/ssh/transport/ossl/services.rb +0 -149
- data/lib/net/ssh/transport/packet-stream.rb +0 -236
- data/lib/net/ssh/transport/services.rb +0 -146
- data/lib/net/ssh/transport/version-negotiator.rb +0 -73
- data/lib/net/ssh/userauth/agent.rb +0 -222
- data/lib/net/ssh/userauth/constants.rb +0 -35
- data/lib/net/ssh/userauth/driver.rb +0 -183
- data/lib/net/ssh/userauth/methods/hostbased.rb +0 -119
- data/lib/net/ssh/userauth/methods/keyboard-interactive.rb +0 -104
- data/lib/net/ssh/userauth/methods/password.rb +0 -70
- data/lib/net/ssh/userauth/methods/publickey.rb +0 -137
- data/lib/net/ssh/userauth/methods/services.rb +0 -90
- data/lib/net/ssh/userauth/pageant.rb +0 -197
- data/lib/net/ssh/userauth/services.rb +0 -141
- data/lib/net/ssh/userauth/userkeys.rb +0 -258
- data/lib/net/ssh/util/buffer.rb +0 -274
- data/lib/net/ssh/util/prompter.rb +0 -73
- data/test/ALL-TESTS.rb +0 -18
- data/test/connection/tc_channel.rb +0 -136
- data/test/connection/tc_driver.rb +0 -287
- data/test/connection/tc_integration.rb +0 -87
- data/test/proxy/tc_http.rb +0 -209
- data/test/proxy/tc_socks4.rb +0 -148
- data/test/proxy/tc_socks5.rb +0 -214
- data/test/service/agentforward/tc_driver.rb +0 -138
- data/test/service/forward/tc_driver.rb +0 -289
- data/test/service/forward/tc_local_network_handler.rb +0 -123
- data/test/service/forward/tc_remote_network_handler.rb +0 -111
- data/test/service/process/tc_driver.rb +0 -79
- data/test/service/process/tc_integration.rb +0 -119
- data/test/service/process/tc_open.rb +0 -179
- data/test/service/process/tc_popen3.rb +0 -164
- data/test/tc_integration.rb +0 -80
- data/test/transport/compress/tc_none_compress.rb +0 -41
- data/test/transport/compress/tc_none_decompress.rb +0 -45
- data/test/transport/compress/tc_zlib_compress.rb +0 -61
- data/test/transport/compress/tc_zlib_decompress.rb +0 -48
- data/test/transport/kex/tc_dh.rb +0 -312
- data/test/transport/kex/tc_dh_gex.rb +0 -71
- data/test/transport/ossl/fixtures/dsa-encrypted +0 -15
- data/test/transport/ossl/fixtures/dsa-encrypted-bad +0 -15
- data/test/transport/ossl/fixtures/dsa-unencrypted +0 -12
- data/test/transport/ossl/fixtures/dsa-unencrypted-bad +0 -12
- data/test/transport/ossl/fixtures/dsa-unencrypted.pub +0 -1
- data/test/transport/ossl/fixtures/not-a-private-key +0 -4
- data/test/transport/ossl/fixtures/not-supported +0 -2
- data/test/transport/ossl/fixtures/rsa-encrypted +0 -18
- data/test/transport/ossl/fixtures/rsa-encrypted-bad +0 -18
- data/test/transport/ossl/fixtures/rsa-unencrypted +0 -15
- data/test/transport/ossl/fixtures/rsa-unencrypted-bad +0 -15
- data/test/transport/ossl/fixtures/rsa-unencrypted.pub +0 -1
- data/test/transport/ossl/hmac/tc_hmac.rb +0 -58
- data/test/transport/ossl/hmac/tc_md5.rb +0 -50
- data/test/transport/ossl/hmac/tc_md5_96.rb +0 -50
- data/test/transport/ossl/hmac/tc_none.rb +0 -50
- data/test/transport/ossl/hmac/tc_sha1.rb +0 -50
- data/test/transport/ossl/hmac/tc_sha1_96.rb +0 -50
- data/test/transport/ossl/tc_buffer.rb +0 -97
- data/test/transport/ossl/tc_buffer_factory.rb +0 -67
- data/test/transport/ossl/tc_cipher_factory.rb +0 -84
- data/test/transport/ossl/tc_digest_factory.rb +0 -39
- data/test/transport/ossl/tc_hmac_factory.rb +0 -72
- data/test/transport/ossl/tc_key_factory.rb +0 -199
- data/test/transport/tc_algorithm_negotiator.rb +0 -170
- data/test/transport/tc_identity_cipher.rb +0 -52
- data/test/transport/tc_integration.rb +0 -115
- data/test/transport/tc_packet_stream.rb +0 -184
- data/test/transport/tc_session.rb +0 -296
- data/test/transport/tc_version_negotiator.rb +0 -86
- data/test/userauth/methods/tc_hostbased.rb +0 -136
- data/test/userauth/methods/tc_password.rb +0 -89
- data/test/userauth/methods/tc_publickey.rb +0 -167
- data/test/userauth/tc_agent.rb +0 -223
- data/test/userauth/tc_driver.rb +0 -190
- data/test/userauth/tc_integration.rb +0 -97
- data/test/userauth/tc_userkeys.rb +0 -265
- data/test/util/tc_buffer.rb +0 -217
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'net/ssh/key_factory'
|
3
|
+
|
4
|
+
class TestKeyFactory < Test::Unit::TestCase
|
5
|
+
def test_load_unencrypted_private_RSA_key_should_return_key
|
6
|
+
File.expects(:read).with("/key-file").returns(rsa_key.export)
|
7
|
+
assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
|
8
|
+
end
|
9
|
+
|
10
|
+
def test_load_unencrypted_private_DSA_key_should_return_key
|
11
|
+
File.expects(:read).with("/key-file").returns(dsa_key.export)
|
12
|
+
assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_load_encrypted_private_RSA_key_should_prompt_for_password_and_return_key
|
16
|
+
File.expects(:read).with("/key-file").returns(encrypted(rsa_key, "password"))
|
17
|
+
Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for /key-file:", false).returns("password")
|
18
|
+
assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_load_encrypted_private_RSA_key_with_password_should_not_prompt_and_return_key
|
22
|
+
File.expects(:read).with("/key-file").returns(encrypted(rsa_key, "password"))
|
23
|
+
assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file", "password").to_der
|
24
|
+
end
|
25
|
+
|
26
|
+
def test_load_encrypted_private_DSA_key_should_prompt_for_password_and_return_key
|
27
|
+
File.expects(:read).with("/key-file").returns(encrypted(dsa_key, "password"))
|
28
|
+
Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for /key-file:", false).returns("password")
|
29
|
+
assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_load_encrypted_private_DSA_key_with_password_should_not_prompt_and_return_key
|
33
|
+
File.expects(:read).with("/key-file").returns(encrypted(dsa_key, "password"))
|
34
|
+
assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file", "password").to_der
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_load_encrypted_private_key_should_give_three_tries_for_the_password_and_then_raise_exception
|
38
|
+
File.expects(:read).with("/key-file").returns(encrypted(rsa_key, "password"))
|
39
|
+
Net::SSH::KeyFactory.expects(:prompt).times(3).with("Enter passphrase for /key-file:", false).returns("passwod","passphrase","passwd")
|
40
|
+
assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key("/key-file") }
|
41
|
+
end
|
42
|
+
|
43
|
+
def test_load_public_rsa_key_should_return_key
|
44
|
+
File.expects(:read).with("/key-file").returns(public(rsa_key))
|
45
|
+
assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key("/key-file").to_blob
|
46
|
+
end
|
47
|
+
|
48
|
+
private
|
49
|
+
|
50
|
+
def rsa_key
|
51
|
+
@rsa_key ||= OpenSSL::PKey::RSA.new("0@\002\001\000\002\t\000\300\030\317\2132\340 \267\002\003\001\000\001\002\t\000\236~\232\025\350Y=\341\002\005\000\352D\217\a\002\005\000\321\352\304\321\002\005\000\242\350\206%\002\005\000\270\021\217\361\002\004~\253\214j")
|
52
|
+
end
|
53
|
+
|
54
|
+
def dsa_key
|
55
|
+
@dsa_key ||= OpenSSL::PKey::DSA.new("0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002")
|
56
|
+
end
|
57
|
+
|
58
|
+
def encrypted(key, password)
|
59
|
+
key.export(OpenSSL::Cipher::Cipher.new("des-ede3-cbc"), password)
|
60
|
+
end
|
61
|
+
|
62
|
+
def public(key)
|
63
|
+
result = "#{key.ssh_type} "
|
64
|
+
result << [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").strip.tr("\n\r\t ", "")
|
65
|
+
result << " joe@host.test"
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'net/ssh/transport/hmac/md5'
|
3
|
+
|
4
|
+
module Transport; module HMAC
|
5
|
+
|
6
|
+
class TestMD5 < Test::Unit::TestCase
|
7
|
+
def test_expected_digest_class
|
8
|
+
assert_equal OpenSSL::Digest::MD5, subject.digest_class
|
9
|
+
assert_equal OpenSSL::Digest::MD5, subject.new.digest_class
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_expected_key_length
|
13
|
+
assert_equal 16, subject.key_length
|
14
|
+
assert_equal 16, subject.new.key_length
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_expected_mac_length
|
18
|
+
assert_equal 16, subject.mac_length
|
19
|
+
assert_equal 16, subject.new.mac_length
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_expected_digest
|
23
|
+
hmac = subject.new("1234567890123456")
|
24
|
+
assert_equal "\275\345\006\307y~Oi\035<.\341\031\250<\257", hmac.digest("hello world")
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def subject
|
30
|
+
Net::SSH::Transport::HMAC::MD5
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end; end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'transport/hmac/test_md5'
|
3
|
+
require 'net/ssh/transport/hmac/md5_96'
|
4
|
+
|
5
|
+
module Transport; module HMAC
|
6
|
+
|
7
|
+
class TestMD5_96 < TestMD5
|
8
|
+
def test_expected_mac_length
|
9
|
+
assert_equal 12, subject.mac_length
|
10
|
+
assert_equal 12, subject.new.mac_length
|
11
|
+
end
|
12
|
+
|
13
|
+
def test_expected_digest
|
14
|
+
hmac = subject.new("1234567890123456")
|
15
|
+
assert_equal "\275\345\006\307y~Oi\035<.\341", hmac.digest("hello world")
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def subject
|
21
|
+
Net::SSH::Transport::HMAC::MD5_96
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end; end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'net/ssh/transport/hmac/none'
|
3
|
+
|
4
|
+
module Transport; module HMAC
|
5
|
+
|
6
|
+
class TestNone < Test::Unit::TestCase
|
7
|
+
def test_expected_digest_class
|
8
|
+
assert_equal nil, subject.digest_class
|
9
|
+
assert_equal nil, subject.new.digest_class
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_expected_key_length
|
13
|
+
assert_equal 0, subject.key_length
|
14
|
+
assert_equal 0, subject.new.key_length
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_expected_mac_length
|
18
|
+
assert_equal 0, subject.mac_length
|
19
|
+
assert_equal 0, subject.new.mac_length
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_expected_digest
|
23
|
+
hmac = subject.new("1234567890123456")
|
24
|
+
assert_equal "", hmac.digest("hello world")
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def subject
|
30
|
+
Net::SSH::Transport::HMAC::None
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end; end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'net/ssh/transport/hmac/sha1'
|
3
|
+
|
4
|
+
module Transport; module HMAC
|
5
|
+
|
6
|
+
class TestSHA1 < Test::Unit::TestCase
|
7
|
+
def test_expected_digest_class
|
8
|
+
assert_equal OpenSSL::Digest::SHA1, subject.digest_class
|
9
|
+
assert_equal OpenSSL::Digest::SHA1, subject.new.digest_class
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_expected_key_length
|
13
|
+
assert_equal 20, subject.key_length
|
14
|
+
assert_equal 20, subject.new.key_length
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_expected_mac_length
|
18
|
+
assert_equal 20, subject.mac_length
|
19
|
+
assert_equal 20, subject.new.mac_length
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_expected_digest
|
23
|
+
hmac = subject.new("1234567890123456")
|
24
|
+
assert_equal "\000\004W\202\204+&\335\311\251P\266\250\214\276\206;\022U\365", hmac.digest("hello world")
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def subject
|
30
|
+
Net::SSH::Transport::HMAC::SHA1
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end; end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'transport/hmac/test_sha1'
|
3
|
+
require 'net/ssh/transport/hmac/sha1_96'
|
4
|
+
|
5
|
+
module Transport; module HMAC
|
6
|
+
|
7
|
+
class TestSHA1_96 < TestSHA1
|
8
|
+
def test_expected_mac_length
|
9
|
+
assert_equal 12, subject.mac_length
|
10
|
+
assert_equal 12, subject.new.mac_length
|
11
|
+
end
|
12
|
+
|
13
|
+
def test_expected_digest
|
14
|
+
hmac = subject.new("1234567890123456")
|
15
|
+
assert_equal "\000\004W\202\204+&\335\311\251P\266", hmac.digest("hello world")
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def subject
|
21
|
+
Net::SSH::Transport::HMAC::SHA1_96
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end; end
|
@@ -0,0 +1,146 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
|
3
|
+
require 'ostruct'
|
4
|
+
|
5
|
+
module Transport; module Kex
|
6
|
+
|
7
|
+
class TestDiffieHellmanGroup1SHA1 < Test::Unit::TestCase
|
8
|
+
include Net::SSH::Transport::Constants
|
9
|
+
|
10
|
+
def setup
|
11
|
+
@dh_options = @dh = @algorithms = @connection = @server_key =
|
12
|
+
@packet_data = @shared_secret = nil
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_exchange_keys_should_return_expected_results_when_successful
|
16
|
+
result = exchange!
|
17
|
+
assert_equal session_id, result[:session_id]
|
18
|
+
assert_equal server_key.to_blob, result[:server_key].to_blob
|
19
|
+
assert_equal shared_secret, result[:shared_secret]
|
20
|
+
assert_equal OpenSSL::Digest::SHA1, result[:hashing_algorithm]
|
21
|
+
end
|
22
|
+
|
23
|
+
def test_exchange_keys_with_unverifiable_host_should_raise_exception
|
24
|
+
connection.verifier { false }
|
25
|
+
assert_raises(Net::SSH::Exception) { exchange! }
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
|
29
|
+
assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
|
33
|
+
algorithms :host_key => "ssh-dss"
|
34
|
+
assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
|
38
|
+
@signature = "1234567890"
|
39
|
+
assert_raises(Net::SSH::Exception) { exchange! }
|
40
|
+
end
|
41
|
+
|
42
|
+
def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
|
43
|
+
verified = false
|
44
|
+
connection.verifier do |data|
|
45
|
+
verified = true
|
46
|
+
assert_equal server_key.to_blob, data[:key].to_blob
|
47
|
+
|
48
|
+
blob = b(:key, data[:key]).to_s
|
49
|
+
fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
|
50
|
+
|
51
|
+
assert_equal blob, data[:key_blob]
|
52
|
+
assert_equal fingerprint, data[:fingerprint]
|
53
|
+
assert_equal connection, data[:session]
|
54
|
+
|
55
|
+
true
|
56
|
+
end
|
57
|
+
|
58
|
+
assert_nothing_raised { exchange! }
|
59
|
+
assert verified
|
60
|
+
end
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
def exchange!(options={})
|
65
|
+
connection.expect do |t, buffer|
|
66
|
+
assert_equal KEXDH_INIT, buffer.type
|
67
|
+
assert_equal dh.dh.pub_key, buffer.read_bignum
|
68
|
+
t.return(KEXDH_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
|
69
|
+
connection.expect do |t, buffer|
|
70
|
+
assert_equal NEWKEYS, buffer.type
|
71
|
+
t.return(NEWKEYS)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
dh.exchange_keys
|
76
|
+
end
|
77
|
+
|
78
|
+
def dh_options(options={})
|
79
|
+
@dh_options = options
|
80
|
+
end
|
81
|
+
|
82
|
+
def dh
|
83
|
+
@dh ||= subject.new(algorithms, connection, packet_data.merge(:need_bytes => 20).merge(@dh_options || {}))
|
84
|
+
end
|
85
|
+
|
86
|
+
def algorithms(options={})
|
87
|
+
@algorithms ||= OpenStruct.new(:host_key => options[:host_key] || "ssh-rsa")
|
88
|
+
end
|
89
|
+
|
90
|
+
def connection
|
91
|
+
@connection ||= MockTransport.new
|
92
|
+
end
|
93
|
+
|
94
|
+
def subject
|
95
|
+
Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1
|
96
|
+
end
|
97
|
+
|
98
|
+
# 368 bits is the smallest possible key that will work with this, so
|
99
|
+
# we use it for speed reasons
|
100
|
+
def server_key(bits=368)
|
101
|
+
@server_key ||= OpenSSL::PKey::RSA.new(bits)
|
102
|
+
end
|
103
|
+
|
104
|
+
def packet_data
|
105
|
+
@packet_data ||= { :client_version_string => "client version string",
|
106
|
+
:server_version_string => "server version string",
|
107
|
+
:server_algorithm_packet => "server algorithm packet",
|
108
|
+
:client_algorithm_packet => "client algorithm packet" }
|
109
|
+
end
|
110
|
+
|
111
|
+
def server_dh_pubkey
|
112
|
+
@server_dh_pubkey ||= bn(1234567890)
|
113
|
+
end
|
114
|
+
|
115
|
+
def shared_secret
|
116
|
+
@shared_secret ||= OpenSSL::BN.new(dh.dh.compute_key(server_dh_pubkey), 2)
|
117
|
+
end
|
118
|
+
|
119
|
+
def session_id
|
120
|
+
@session_id ||= begin
|
121
|
+
buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
|
122
|
+
:string, packet_data[:server_version_string],
|
123
|
+
:string, packet_data[:client_algorithm_packet],
|
124
|
+
:string, packet_data[:server_algorithm_packet],
|
125
|
+
:string, Net::SSH::Buffer.from(:key, server_key),
|
126
|
+
:bignum, dh.dh.pub_key,
|
127
|
+
:bignum, server_dh_pubkey,
|
128
|
+
:bignum, shared_secret)
|
129
|
+
OpenSSL::Digest::SHA1.digest(buffer.to_s)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def signature
|
134
|
+
@signature ||= server_key.ssh_do_sign(session_id)
|
135
|
+
end
|
136
|
+
|
137
|
+
def bn(number, base=10)
|
138
|
+
OpenSSL::BN.new(number.to_s, base)
|
139
|
+
end
|
140
|
+
|
141
|
+
def b(*args)
|
142
|
+
Net::SSH::Buffer.from(*args)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
end; end
|
@@ -0,0 +1,92 @@
|
|
1
|
+
require 'common'
|
2
|
+
require 'transport/kex/test_diffie_hellman_group1_sha1'
|
3
|
+
require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
|
4
|
+
|
5
|
+
module Transport; module Kex
|
6
|
+
|
7
|
+
class TestDiffieHellmanGroupExchangeSHA1 < TestDiffieHellmanGroup1SHA1
|
8
|
+
KEXDH_GEX_GROUP = 31
|
9
|
+
KEXDH_GEX_INIT = 32
|
10
|
+
KEXDH_GEX_REPLY = 33
|
11
|
+
KEXDH_GEX_REQUEST = 34
|
12
|
+
|
13
|
+
def test_exchange_with_fewer_than_minimum_bits_uses_minimum_bits
|
14
|
+
dh_options :need_bytes => 20
|
15
|
+
assert_equal 1024, need_bits
|
16
|
+
assert_nothing_raised { exchange! }
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_exchange_with_fewer_than_maximum_bits_uses_need_bits
|
20
|
+
dh_options :need_bytes => 500
|
21
|
+
need_bits(4000)
|
22
|
+
assert_nothing_raised { exchange! }
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_exchange_with_more_than_maximum_bits_uses_maximum_bits
|
26
|
+
dh_options :need_bytes => 2000
|
27
|
+
need_bits(8192)
|
28
|
+
assert_nothing_raised { exchange! }
|
29
|
+
end
|
30
|
+
|
31
|
+
def test_that_p_and_g_are_provided_by_the_server
|
32
|
+
assert_nothing_raised { exchange! :p => default_p+2, :g => 3 }
|
33
|
+
assert_equal default_p+2, dh.dh.p
|
34
|
+
assert_equal 3, dh.dh.g
|
35
|
+
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def need_bits(bits=1024)
|
40
|
+
@need_bits ||= bits
|
41
|
+
end
|
42
|
+
|
43
|
+
def default_p
|
44
|
+
142326151570335518660743995281621698377057354949884468943021767573608899048361360422513557553514790045512299468953431585300812548859419857171094366358158903433167915517332113861059747425408670144201099811846875730766487278261498262568348338476437200556998366087779709990807518291581860338635288400119315130179
|
45
|
+
end
|
46
|
+
|
47
|
+
def exchange!(options={})
|
48
|
+
connection.expect do |t, buffer|
|
49
|
+
assert_equal KEXDH_GEX_REQUEST, buffer.type
|
50
|
+
assert_equal 1024, buffer.read_long
|
51
|
+
assert_equal need_bits, buffer.read_long
|
52
|
+
assert_equal 8192, buffer.read_long
|
53
|
+
t.return(KEXDH_GEX_GROUP, :bignum, bn(options[:p] || default_p), :bignum, bn(options[:g] || 2))
|
54
|
+
t.expect do |t, buffer|
|
55
|
+
assert_equal KEXDH_GEX_INIT, buffer.type
|
56
|
+
assert_equal dh.dh.pub_key, buffer.read_bignum
|
57
|
+
t.return(KEXDH_GEX_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
|
58
|
+
t.expect do |t, buffer|
|
59
|
+
assert_equal NEWKEYS, buffer.type
|
60
|
+
t.return(NEWKEYS)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
dh.exchange_keys
|
66
|
+
end
|
67
|
+
|
68
|
+
def subject
|
69
|
+
Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA1
|
70
|
+
end
|
71
|
+
|
72
|
+
def session_id
|
73
|
+
@session_id ||= begin
|
74
|
+
buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
|
75
|
+
:string, packet_data[:server_version_string],
|
76
|
+
:string, packet_data[:client_algorithm_packet],
|
77
|
+
:string, packet_data[:server_algorithm_packet],
|
78
|
+
:string, Net::SSH::Buffer.from(:key, server_key),
|
79
|
+
:long, 1024,
|
80
|
+
:long, need_bits, # need bits, figure this part out,
|
81
|
+
:long, 8192,
|
82
|
+
:bignum, dh.dh.p,
|
83
|
+
:bignum, dh.dh.g,
|
84
|
+
:bignum, dh.dh.pub_key,
|
85
|
+
:bignum, server_dh_pubkey,
|
86
|
+
:bignum, shared_secret)
|
87
|
+
OpenSSL::Digest::SHA1.digest(buffer.to_s)
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
end; end
|