net-ssh 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. data/CHANGELOG.rdoc +21 -0
  2. data/Manifest +11 -0
  3. data/lib/net/ssh/authentication/key_manager.rb +1 -1
  4. data/lib/net/ssh/authentication/session.rb +12 -4
  5. data/lib/net/ssh/buffer.rb +12 -2
  6. data/lib/net/ssh/key_factory.rb +7 -2
  7. data/lib/net/ssh/known_hosts.rb +12 -2
  8. data/lib/net/ssh/ruby_compat.rb +8 -0
  9. data/lib/net/ssh/transport/algorithms.rb +22 -1
  10. data/lib/net/ssh/transport/cipher_factory.rb +32 -5
  11. data/lib/net/ssh/transport/constants.rb +3 -1
  12. data/lib/net/ssh/transport/ctr.rb +95 -0
  13. data/lib/net/ssh/transport/hmac.rb +8 -5
  14. data/lib/net/ssh/transport/hmac/ripemd160.rb +13 -0
  15. data/lib/net/ssh/transport/kex.rb +11 -0
  16. data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +44 -0
  17. data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +11 -3
  18. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +93 -0
  19. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +13 -0
  20. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +13 -0
  21. data/lib/net/ssh/transport/openssl.rb +111 -1
  22. data/lib/net/ssh/version.rb +1 -1
  23. data/net-ssh.gemspec +12 -4
  24. data/test/authentication/test_key_manager.rb +48 -1
  25. data/test/test_buffer.rb +92 -2
  26. data/test/test_key_factory.rb +42 -0
  27. data/test/transport/hmac/test_ripemd160.rb +34 -0
  28. data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +13 -0
  29. data/test/transport/kex/test_ecdh_sha2_nistp256.rb +161 -0
  30. data/test/transport/kex/test_ecdh_sha2_nistp384.rb +37 -0
  31. data/test/transport/kex/test_ecdh_sha2_nistp521.rb +37 -0
  32. data/test/transport/test_algorithms.rb +41 -19
  33. data/test/transport/test_cipher_factory.rb +255 -27
  34. data/test/transport/test_packet_stream.rb +1009 -0
  35. metadata +13 -4
  36. data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
  37. data/lib/net/ssh/authentication/agent/socket.rb +0 -170
@@ -17,13 +17,18 @@ module Transport
17
17
  end
18
18
 
19
19
  def test_constructor_should_build_default_list_of_preferred_algorithms
20
- assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key]
21
- assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex]
22
- assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms[:encryption]
20
+ if defined?(OpenSSL::PKey::EC)
21
+ assert_equal %w(ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key]
22
+ assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms[:kex]
23
+ else
24
+ assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key]
25
+ assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex]
26
+ end
27
+ assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms[:encryption]
23
28
  if defined?(OpenSSL::Digest::SHA256)
24
- assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac]
29
+ assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac]
25
30
  else
26
- assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 none), algorithms[:hmac]
31
+ assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com none), algorithms[:hmac]
27
32
  end
28
33
  assert_equal %w(none zlib@openssh.com zlib), algorithms[:compression]
29
34
  assert_equal %w(), algorithms[:language]
@@ -37,12 +42,20 @@ module Transport
37
42
  end
38
43
 
39
44
  def test_constructor_with_preferred_host_key_type_should_put_preferred_host_key_type_first
40
- assert_equal %w(ssh-dss ssh-rsa), algorithms(:host_key => "ssh-dss")[:host_key]
45
+ if defined?(OpenSSL::PKey::EC)
46
+ assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms(:host_key => "ssh-dss")[:host_key]
47
+ else
48
+ assert_equal %w(ssh-dss ssh-rsa), algorithms(:host_key => "ssh-dss")[:host_key]
49
+ end
41
50
  end
42
51
 
43
52
  def test_constructor_with_known_hosts_reporting_known_host_key_should_use_that_host_key_type
44
53
  Net::SSH::KnownHosts.expects(:search_for).with("net.ssh.test,127.0.0.1", {}).returns([stub("key", :ssh_type => "ssh-dss")])
45
- assert_equal %w(ssh-dss ssh-rsa), algorithms[:host_key]
54
+ if defined?(OpenSSL::PKey::EC)
55
+ assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key]
56
+ else
57
+ assert_equal %w(ssh-dss ssh-rsa), algorithms[:host_key]
58
+ end
46
59
  end
47
60
 
48
61
  def test_constructor_with_unrecognized_host_key_type_should_raise_exception
@@ -50,7 +63,11 @@ module Transport
50
63
  end
51
64
 
52
65
  def test_constructor_with_preferred_kex_should_put_preferred_kex_first
53
- assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
66
+ if defined?(OpenSSL::PKey::EC)
67
+ assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
68
+ else
69
+ assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
70
+ end
54
71
  end
55
72
 
56
73
  def test_constructor_with_unrecognized_kex_should_raise_exception
@@ -58,11 +75,11 @@ module Transport
58
75
  end
59
76
 
60
77
  def test_constructor_with_preferred_encryption_should_put_preferred_encryption_first
61
- assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms(:encryption => "aes256-cbc")[:encryption]
78
+ assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => "aes256-cbc")[:encryption]
62
79
  end
63
80
 
64
81
  def test_constructor_with_multiple_preferred_encryption_should_put_all_preferred_encryption_first
65
- assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption]
82
+ assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption]
66
83
  end
67
84
 
68
85
  def test_constructor_with_unrecognized_encryption_should_raise_exception
@@ -70,11 +87,11 @@ module Transport
70
87
  end
71
88
 
72
89
  def test_constructor_with_preferred_hmac_should_put_preferred_hmac_first
73
- assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => "hmac-md5-96")[:hmac]
90
+ assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => "hmac-md5-96")[:hmac]
74
91
  end
75
92
 
76
93
  def test_constructor_with_multiple_preferred_hmac_should_put_all_preferred_hmac_first
77
- assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac]
94
+ assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac]
78
95
  end
79
96
 
80
97
  def test_constructor_with_unrecognized_hmac_should_raise_exception
@@ -256,7 +273,7 @@ module Transport
256
273
  def kexinit(options={})
257
274
  @kexinit ||= P(:byte, KEXINIT,
258
275
  :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF),
259
- :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256",
276
+ :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256",
260
277
  :string, options[:host_key] || "ssh-rsa,ssh-dss",
261
278
  :string, options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
262
279
  :string, options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
@@ -272,12 +289,17 @@ module Transport
272
289
  def assert_kexinit(buffer, options={})
273
290
  assert_equal KEXINIT, buffer.type
274
291
  assert_equal 16, buffer.read(16).length
275
- assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string
276
- assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string
277
- assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string
278
- assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string
279
- assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
280
- assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
292
+ if defined?(OpenSSL::PKey::EC)
293
+ assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521", buffer.read_string
294
+ assert_equal options[:host_key] || "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521", buffer.read_string
295
+ else
296
+ assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string
297
+ assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string
298
+ end
299
+ assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string
300
+ assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string
301
+ assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
302
+ assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string
281
303
  assert_equal options[:compression_client] || "none,zlib@openssh.com,zlib", buffer.read_string
282
304
  assert_equal options[:compression_server] || "none,zlib@openssh.com,zlib", buffer.read_string
283
305
  assert_equal options[:language_client] || "", buffer.read_string
@@ -35,18 +35,22 @@ module Transport
35
35
  assert_equal [24,8], factory.get_lengths("3des-cbc")
36
36
  end
37
37
 
38
- def test_lengths_for_aes192_cbc
39
- assert_equal [24,16], factory.get_lengths("aes192-cbc")
40
- end
41
-
42
38
  def test_lengths_for_aes128_cbc
43
39
  assert_equal [16,16], factory.get_lengths("aes128-cbc")
44
40
  end
45
41
 
42
+ def test_lengths_for_aes192_cbc
43
+ assert_equal [24,16], factory.get_lengths("aes192-cbc")
44
+ end
45
+
46
46
  def test_lengths_for_aes256_cbc
47
47
  assert_equal [32,16], factory.get_lengths("aes256-cbc")
48
48
  end
49
49
 
50
+ def test_lengths_for_arcfour
51
+ assert_equal [16,8], factory.get_lengths("arcfour")
52
+ end
53
+
50
54
  def test_lengths_for_arcfour128
51
55
  assert_equal [16,8], factory.get_lengths("arcfour128")
52
56
  end
@@ -58,26 +62,86 @@ module Transport
58
62
  def test_lengths_for_arcfour512
59
63
  assert_equal [64,8], factory.get_lengths("arcfour512")
60
64
  end
61
-
62
- BLOWFISH = "\210\021\200\315\240_\026$\352\204g\233\244\242x\332e\370\001\327\224Nv@9_\323\037\252kb\037\036\237\375]\343/y\037\237\312Q\f7]\347Y\005\275%\377\0010$G\272\250B\265Nd\375\342\372\025r6}+Y\213y\n\237\267\\\374^\346BdJ$\353\220Ik\023<\236&H\277=\225"
65
+
66
+ if_supported?("camellia128-cbc@openssh.org") do
67
+ def test_lengths_for_camellia128_cbc_openssh_org
68
+ assert_equal [16,16], factory.get_lengths("camellia128-cbc@openssh.org")
69
+ end
70
+ end
71
+
72
+ if_supported?("camellia192-cbc@openssh.org") do
73
+ def test_lengths_for_camellia192_cbc_openssh_org
74
+ assert_equal [24,16], factory.get_lengths("camellia192-cbc@openssh.org")
75
+ end
76
+ end
77
+
78
+ if_supported?("camellia256-cbc@openssh.org") do
79
+ def test_lengths_for_camellia256_cbc_openssh_org
80
+ assert_equal [32,16], factory.get_lengths("camellia256-cbc@openssh.org")
81
+ end
82
+ end
83
+
84
+ def test_lengths_for_3des_ctr
85
+ assert_equal [24,8], factory.get_lengths("3des-ctr")
86
+ end
87
+
88
+ def test_lengths_for_aes128_ctr
89
+ assert_equal [16,16], factory.get_lengths("aes128-ctr")
90
+ end
91
+
92
+ def test_lengths_for_aes192_ctr
93
+ assert_equal [24,16], factory.get_lengths("aes192-ctr")
94
+ end
95
+
96
+ def test_lengths_for_aes256_ctr
97
+ assert_equal [32,16], factory.get_lengths("aes256-ctr")
98
+ end
99
+
100
+ def test_lengths_for_blowfish_ctr
101
+ assert_equal [16,8], factory.get_lengths("blowfish-ctr")
102
+ end
103
+
104
+ def test_lengths_for_cast128_ctr
105
+ assert_equal [16,8], factory.get_lengths("cast128-ctr")
106
+ end
107
+
108
+ if_supported?("camellia128-ctr@openssh.org") do
109
+ def test_lengths_for_camellia128_ctr_openssh_org
110
+ assert_equal [16,16], factory.get_lengths("camellia128-ctr@openssh.org")
111
+ end
112
+ end
113
+
114
+ if_supported?("camellia192-ctr@openssh.org") do
115
+ def test_lengths_for_camellia192_ctr_openssh_org
116
+ assert_equal [24,16], factory.get_lengths("camellia192-ctr@openssh.org")
117
+ end
118
+ end
119
+
120
+ if_supported?("camellia256-ctr@openssh.org") do
121
+ def test_lengths_for_camellia256_ctr_openssh_org
122
+ assert_equal [32,16], factory.get_lengths("camellia256-ctr@openssh.org")
123
+ end
124
+ end
125
+
126
+ BLOWFISH_CBC = "\210\021\200\315\240_\026$\352\204g\233\244\242x\332e\370\001\327\224Nv@9_\323\037\252kb\037\036\237\375]\343/y\037\237\312Q\f7]\347Y\005\275%\377\0010$G\272\250B\265Nd\375\342\372\025r6}+Y\213y\n\237\267\\\374^\346BdJ$\353\220Ik\023<\236&H\277=\225"
63
127
 
64
128
  def test_blowfish_cbc_for_encryption
65
- assert_equal BLOWFISH, encrypt("blowfish-cbc")
129
+ assert_equal BLOWFISH_CBC, encrypt("blowfish-cbc")
66
130
  end
67
131
 
68
132
  def test_blowfish_cbc_for_decryption
69
- assert_equal TEXT, decrypt("blowfish-cbc", BLOWFISH)
133
+ assert_equal TEXT, decrypt("blowfish-cbc", BLOWFISH_CBC)
70
134
  end
71
135
 
72
136
  if_supported?("idea-cbc") do
73
- IDEA = "W\234\017G\231\b\357\370H\b\256U]\343M\031k\233]~\023C\363\263\177\262-\261\341$\022\376mv\217\322\b\2763\270H\306\035\343z\313\312\3531\351\t\201\302U\022\360\300\354ul7$z\320O]\360g\024\305\005`V\005\335A\351\312\270c\320D\232\eQH1\340\265\2118\031g*\303v"
137
+ IDEA_CBC = "W\234\017G\231\b\357\370H\b\256U]\343M\031k\233]~\023C\363\263\177\262-\261\341$\022\376mv\217\322\b\2763\270H\306\035\343z\313\312\3531\351\t\201\302U\022\360\300\354ul7$z\320O]\360g\024\305\005`V\005\335A\351\312\270c\320D\232\eQH1\340\265\2118\031g*\303v"
74
138
 
75
139
  def test_idea_cbc_for_encryption
76
- assert_equal IDEA, encrypt("idea-cbc")
140
+ assert_equal IDEA_CBC, encrypt("idea-cbc")
77
141
  end
78
142
 
79
143
  def test_idea_cbc_for_decryption
80
- assert_equal TEXT, decrypt("idea-cbc", IDEA)
144
+ assert_equal TEXT, decrypt("idea-cbc", IDEA_CBC)
81
145
  end
82
146
  end
83
147
 
@@ -91,54 +155,64 @@ module Transport
91
155
  assert_equal TEXT, decrypt("rijndael-cbc@lysator.liu.se", RIJNDAEL)
92
156
  end
93
157
 
94
- CAST128 = "qW\302\331\333P\223t[9 ~(sg\322\271\227\272\022I\223\373p\255>k\326\314\260\2003\236C_W\211\227\373\205>\351\334\322\227\223\e\236\202Ii\032!P\214\035:\017\360h7D\371v\210\264\317\236a\262w1\2772\023\036\331\227\240:\f/X\351\324I\t[x\350\323E\2301\016m"
158
+ CAST128_CBC = "qW\302\331\333P\223t[9 ~(sg\322\271\227\272\022I\223\373p\255>k\326\314\260\2003\236C_W\211\227\373\205>\351\334\322\227\223\e\236\202Ii\032!P\214\035:\017\360h7D\371v\210\264\317\236a\262w1\2772\023\036\331\227\240:\f/X\351\324I\t[x\350\323E\2301\016m"
95
159
 
96
160
  def test_cast128_cbc_for_encryption
97
- assert_equal CAST128, encrypt("cast128-cbc")
161
+ assert_equal CAST128_CBC, encrypt("cast128-cbc")
98
162
  end
99
163
 
100
164
  def test_cast128_cbc_for_decryption
101
- assert_equal TEXT, decrypt("cast128-cbc", CAST128)
165
+ assert_equal TEXT, decrypt("cast128-cbc", CAST128_CBC)
102
166
  end
103
167
 
104
- TRIPLE_DES = "\322\252\216D\303Q\375gg\367A{\177\313\3436\272\353%\223K?\257\206|\r&\353/%\340\336 \203E8rY\206\234\004\274\267\031\233T/{\"\227/B!i?[qGaw\306T\206\223\213n \212\032\244%]@\355\250\334\312\265E\251\017\361\270\357\230\274KP&^\031r+r%\370"
168
+ TRIPLE_DES_CBC = "\322\252\216D\303Q\375gg\367A{\177\313\3436\272\353%\223K?\257\206|\r&\353/%\340\336 \203E8rY\206\234\004\274\267\031\233T/{\"\227/B!i?[qGaw\306T\206\223\213n \212\032\244%]@\355\250\334\312\265E\251\017\361\270\357\230\274KP&^\031r+r%\370"
105
169
 
106
170
  def test_3des_cbc_for_encryption
107
- assert_equal TRIPLE_DES, encrypt("3des-cbc")
171
+ assert_equal TRIPLE_DES_CBC, encrypt("3des-cbc")
108
172
  end
109
173
 
110
174
  def test_3des_cbc_for_decryption
111
- assert_equal TEXT, decrypt("3des-cbc", TRIPLE_DES)
175
+ assert_equal TEXT, decrypt("3des-cbc", TRIPLE_DES_CBC)
112
176
  end
113
177
 
114
- AES128 = "k\026\350B\366-k\224\313\3277}B\035\004\200\035\r\233\024$\205\261\231Q\2214r\245\250\360\315\237\266hg\262C&+\321\346Pf\267v\376I\215P\327\345-\232&HK\375\326_\030<\a\276\212\303g\342C\242O\233\260\006\001a&V\345`\\T\e\236.\207\223l\233ri^\v\252\363\245"
178
+ AES128_CBC = "k\026\350B\366-k\224\313\3277}B\035\004\200\035\r\233\024$\205\261\231Q\2214r\245\250\360\315\237\266hg\262C&+\321\346Pf\267v\376I\215P\327\345-\232&HK\375\326_\030<\a\276\212\303g\342C\242O\233\260\006\001a&V\345`\\T\e\236.\207\223l\233ri^\v\252\363\245"
115
179
 
116
180
  def test_aes128_cbc_for_encryption
117
- assert_equal AES128, encrypt("aes128-cbc")
181
+ assert_equal AES128_CBC, encrypt("aes128-cbc")
118
182
  end
119
183
 
120
184
  def test_aes128_cbc_for_decryption
121
- assert_equal TEXT, decrypt("aes128-cbc", AES128)
185
+ assert_equal TEXT, decrypt("aes128-cbc", AES128_CBC)
122
186
  end
123
187
 
124
- AES192 = "\256\017)x\270\213\336\303L\003f\235'jQ\3231k9\225\267\242\364C4\370\224\201\302~\217I\202\374\2167='\272\037\225\223\177Y\r\212\376(\275\n\3553\377\177\252C\254\236\016MA\274Z@H\331<\rL\317\205\323[\305X8\376\237=\374\352bH9\244\0231\353\204\352p\226\326~J\242"
188
+ AES192_CBC = "\256\017)x\270\213\336\303L\003f\235'jQ\3231k9\225\267\242\364C4\370\224\201\302~\217I\202\374\2167='\272\037\225\223\177Y\r\212\376(\275\n\3553\377\177\252C\254\236\016MA\274Z@H\331<\rL\317\205\323[\305X8\376\237=\374\352bH9\244\0231\353\204\352p\226\326~J\242"
125
189
 
126
190
  def test_aes192_cbc_for_encryption
127
- assert_equal AES192, encrypt("aes192-cbc")
191
+ assert_equal AES192_CBC, encrypt("aes192-cbc")
128
192
  end
129
193
 
130
194
  def test_aes192_cbc_for_decryption
131
- assert_equal TEXT, decrypt("aes192-cbc", AES192)
195
+ assert_equal TEXT, decrypt("aes192-cbc", AES192_CBC)
132
196
  end
133
197
 
134
- AES256 = "$\253\271\255\005Z\354\336&\312\324\221\233\307Mj\315\360\310Fk\241EfN\037\231\213\361{'\310\204\347I\343\271\005\240`\325;\034\346uM>#\241\231C`\374\261\vo\226;Z\302:\b\250\366T\330\\#V\330\340\226\363\374!\bm\266\232\207!\232\347\340\t\307\370\356z\236\343=v\210\206y"
198
+ AES256_CBC = "$\253\271\255\005Z\354\336&\312\324\221\233\307Mj\315\360\310Fk\241EfN\037\231\213\361{'\310\204\347I\343\271\005\240`\325;\034\346uM>#\241\231C`\374\261\vo\226;Z\302:\b\250\366T\330\\#V\330\340\226\363\374!\bm\266\232\207!\232\347\340\t\307\370\356z\236\343=v\210\206y"
135
199
 
136
200
  def test_aes256_cbc_for_encryption
137
- assert_equal AES256, encrypt("aes256-cbc")
201
+ assert_equal AES256_CBC, encrypt("aes256-cbc")
138
202
  end
139
203
 
140
204
  def test_aes256_cbc_for_decryption
141
- assert_equal TEXT, decrypt("aes256-cbc", AES256)
205
+ assert_equal TEXT, decrypt("aes256-cbc", AES256_CBC)
206
+ end
207
+
208
+ ARCFOUR = "\xC1.\x1AdH\xD0+%\xF1CrG\x1C\xCC\xF6\xACho\xB0\x95\\\xBC\x02P\xF9\xAF\n\xBB<\x13\xF3\xCF\xEB\n\b(iO\xFB'\t^?\xA6\xE5a\xE2\x17\f\x97\xCAs\x9E\xFC\xF2\x88\xC93\v\x84\xCA\x82\x0E\x1D\x11\xEA\xE1\x82\x8E\xB3*\xC5\xFB\x8Cmgs\xB0\xFA\xF5\x9C\\\xE2\xB0\x95\x1F>LT"
209
+
210
+ def test_arcfour_for_encryption
211
+ assert_equal ARCFOUR, encrypt("arcfour")
212
+ end
213
+
214
+ def test_arcfour_for_decryption
215
+ assert_equal TEXT, decrypt("arcfour", ARCFOUR)
142
216
  end
143
217
 
144
218
  ARCFOUR128 = "\n\x90\xED*\xD4\xBE\xCBg5\xA5\a\xEC]\x97\xB7L\x06)6\x12FL\x90@\xF4Sqxqh\r\x11\x1Aq \xC8\xE6v\xC6\x12\xD9<A\xDAZ\xFE\x7F\x88\x19f.\x06\xA7\xFE:\xFF\x93\x9B\x8D\xA0\\\x9E\xCA\x03\x15\xE1\xE2\f\xC0\b\xA2C\xE1\xBD\xB6\x13D\xD1\xB4'g\x89\xDC\xEB\f\x19Z)U"
@@ -170,7 +244,161 @@ module Transport
170
244
  def test_arcfour512_for_decryption
171
245
  assert_equal TEXT, decrypt("arcfour512", ARCFOUR512)
172
246
  end
173
-
247
+
248
+ if_supported?("camellia128-cbc@openssh.org") do
249
+ CAMELLIA128_CBC = "\a\b\x83+\xF1\xC5m\a\xE1\xD3\x06\xD2NA\xC3l@\\*M\xFD\x96\xAE\xA8\xB4\xA9\xACm\"8\x8E\xEE<\xC3O[\rK\xFAgu}\xCD\xAC\xF4\x04o\xDB\x94-\xB8\"\xDC\xE7{y\xA9 \x8F=y\x85\x82v\xC8\xCA\x8A\xE9\xE3:\xC4,u=a/\xC0\x05\xDA\xDAk8g\xCB\xD9\xA8\xE6\xFE\xCE_\x8E\x97\xF0\xAC\xB6\xCE"
250
+ def test_camellia128_cbc_for_encryption
251
+ assert_equal CAMELLIA128_CBC, encrypt("camellia128-cbc@openssh.org")
252
+ end
253
+ def test_camellia128_cbc_for_decryption
254
+ assert_equal TEXT, decrypt("camellia128-cbc@openssh.org", CAMELLIA128_CBC)
255
+ end
256
+ end
257
+
258
+ if_supported?("camellia192-cbc@openssh.org") do
259
+ CAMELLIA192_CBC = "\x82\xB2\x03\x90\xFA\f2\xA0\xE3\xFA\xF2B\xAB\xDBX\xD5\x04z\xD4G\x19\xB8\xAB\v\x85\x84\xCD:.\xBA\x9Dd\xD5(\xEB.\n\xAA]\xCB\xF3\x0F4\x8Bd\xF8m\xC9!\xE2\xA1=\xEBY\xA6\x83\x86\n\x13\e6\v\x06\xBBNJg\xF2-\x14',[\xC1\xB1.\x85\xF3\xC6\xBF\x1Ff\xCE\x87'\x9C\xB2\xC8!\xF3|\xE2\xD2\x9E\x96\xA1"
260
+ def test_camellia192_cbc_for_encryption
261
+ assert_equal CAMELLIA192_CBC, encrypt("camellia192-cbc@openssh.org")
262
+ end
263
+ def test_camellia192_cbc_for_decryption
264
+ assert_equal TEXT, decrypt("camellia192-cbc@openssh.org", CAMELLIA192_CBC)
265
+ end
266
+ end
267
+
268
+ if_supported?("camellia256-cbc@openssh.org") do
269
+ CAMELLIA256_CBC = ",\x80J/\xF5\x8F\xFE4\xF0@\n[2\xFF4\xB6\xA4\xD0\xF8\xF5*\x17I\xF3\xA2\x1F$L\xC6\xA1\x06\xDC\x84f\x1C\x10&\x1C\xC4/R\x859|i\x85ZP\xC8\x94\xED\xE8-\n@ w\x92\xF7\xD4\xAB\xF0\x85c\xC1\x0F\x1E#\xEB\xE5W\x87N!\xC7'/\xE3E8$\x1D\x9B:\xC9\xAF_\x05\xAC%\xD7\x945\xBBDK"
270
+ def test_camellia256_cbc_for_encryption
271
+ assert_equal CAMELLIA256_CBC, encrypt("camellia256-cbc@openssh.org")
272
+ end
273
+ def test_camellia256_cbc_for_decryption
274
+ assert_equal TEXT, decrypt("camellia256-cbc@openssh.org", CAMELLIA256_CBC)
275
+ end
276
+ end
277
+
278
+ BLOWFISH_CTR = "\xF5\xA6\x1E{\x8F(\x85G\xFAh\xDB\x19\xDC\xDF\xA2\x9A\x99\xDD5\xFF\xEE\x8BE\xE6\xB5\x92\x82\xE80\x91\x11`\xEF\x10\xED\xE9\xD3\vG\x0E\xAF\xB2K\t\xA4\xA6\x05\xD1\x17\x0Fl\r@E\x8DJ\e\xE63\x04\xB5\x05\x99Y\xCC\xFBb\x8FK+\x8C1v\xE4N\b?B\x06Rz\xA6\xB6N/b\xCE}\x83\x8DY\xD7\x92qU\x0F"
279
+
280
+ def test_blowfish_ctr_for_encryption
281
+ assert_equal BLOWFISH_CTR, encrypt("blowfish-ctr")
282
+ end
283
+
284
+ def test_blowfish_ctr_for_decryption
285
+ assert_equal TEXT, decrypt("blowfish-ctr", BLOWFISH_CTR)
286
+ end
287
+
288
+ CAST128_CTR = "\xB5\xBB\xC3h\x80\x90`{\xD7I\x03\xE9\x80\xC4\xC4U\xE3@\xF1\xE9\xEFX\xDB6\xEE,\x8E\xC2\xE8\x89\x17\xBArf\x81\r\x96\xDC\xB1_'\x83hs\t7\xB8@\x17\xAA\xD9;\xE8\x8E\x94\xBD\xFF\xA4K\xA4\xFA\x8F-\xCD\bO\xD9I`\xE5\xC9H\x99\x14\xC5K\xC8\xEF\xEA#\x1D\xE5\x13O\xE1^P\xDC\x1C^qm\v|c@"
289
+
290
+ def test_cast128_ctr_for_encryption
291
+ assert_equal CAST128_CTR, encrypt("cast128-ctr")
292
+ end
293
+
294
+ def test_cast128_ctr_for_decryption
295
+ assert_equal TEXT, decrypt("cast128-ctr", CAST128_CTR)
296
+ end
297
+
298
+ TRIPLE_DES_CTR = "\x90\xCD\b\xD2\xF1\x15:\x98\xF4sJ\xF0\xC9\xAA\xC5\xE3\xB4\xCFq\x93\xBAB\xF9v\xE1\xE7\x8B<\xBC\x97R\xDF?kK~Nw\xF3\x92`\x90]\xD9\xEF\x16\xC85V\x03C\xE9\x14\xF0\x86\xEB\x19\x85\x82\xF6\x16gz\x9B`\xB1\xCE\x80&?\xC8\xBD\xBC+\x91/)\xA5x\xBB\xCF\x06\x15#\e\xB3\xBD\x9B\x1F\xA7\xE2\xC7\xA3\xFC\x06\xC8"
299
+
300
+ def test_3des_ctr_for_encryption
301
+ if defined?(JRUBY_VERSION)
302
+ # on JRuby, this test fails due to JRUBY-6558
303
+ puts "Skipping 3des-ctr tests for JRuby"
304
+ else
305
+ assert_equal TRIPLE_DES_CTR, encrypt("3des-ctr")
306
+ end
307
+ end
308
+
309
+ def test_3des_ctr_for_decryption
310
+ if defined?(JRUBY_VERSION)
311
+ # on JRuby, this test fails due to JRUBY-6558
312
+ puts "Skipping 3des-ctr tests for JRuby"
313
+ else
314
+ assert_equal TEXT, decrypt("3des-ctr", TRIPLE_DES_CTR)
315
+ end
316
+ end
317
+
318
+ AES128_CTR = "\x9D\xC7]R\x89\x01\xC4\x14\x00\xE7\xCEc`\x80\v\xC7\xF7\xBD\xD5#d\f\xC9\xB0\xDE\xA6\x8Aq\x10p\x8F\xBC\xFF\x8B\xB4\xC5\xB3\xF7,\xF7eO\x06Q]\x0F\x05\x86\xEC\xA6\xC8\x12\xE9\xC4\x9D0\xD3\x9AL\x192\xAA\xDFu\x0E\xECz\x7F~g\xCA\xEA\xBA\x80,\x83V\x10\xF6/\x04\xD2\x8A\x94\x94\xA9T>~\xD2\r\xE6\x0E\xA0q\xEF"
319
+
320
+ def test_aes128_ctr_for_encryption
321
+ assert_equal AES128_CTR, encrypt("aes128-ctr")
322
+ end
323
+
324
+ def test_aes128_ctr_for_decryption
325
+ assert_equal TEXT, decrypt("aes128-ctr", AES128_CTR)
326
+ end
327
+
328
+ AES192_CTR = "\xE2\xE7\x1FJ\xE5\xB09\xE1\xB7/\xB3\x95\xF2S\xCE\x8C\x93\x14mFY\x88*\xCE\b\xA6\x87W\xD7\xEC/\xC9\xB6\x9Ba\a\x8E\x89-\xD7\xB2j\a\xB3\a\x92f\"\x96\x8D\xBF\x01\t\xB8Y\xF3\x92\x01\xCC7\xB6w\xF9\"=u:\xA1\xD5*\n\x9E\xC7p\xDC\x11\a\x1C\x88y\xE8\x87`\xA6[fF\x9B\xACv\xA6\xDA1|#F"
329
+
330
+ def test_aes192_ctr_for_encryption
331
+ assert_equal AES192_CTR, encrypt("aes192-ctr")
332
+ end
333
+
334
+ def test_aes192_ctr_for_decryption
335
+ assert_equal TEXT, decrypt("aes192-ctr", AES192_CTR)
336
+ end
337
+
338
+ AES256_CTR = "2\xB8\xE6\xC9\x95\xB4\x05\xD2\xC7+\x7F\x88\xEB\xD4\xA0\b\"\xBF\x9E\x85t\x19,\e\x90\x11\x04b\xC7\xEE$\xDE\xE6\xC5@G\xFEm\xE1u\x9B\au\xAF\xB5\xB8\x857\x87\x139u\xAC\x1A\xAB\fh\x8FiW~\xB8:\xA4\xA0#~\xC4\x89\xBA5#:\xFC\xC8\xE3\x9B\xF0A2\x87\x980\xD1\xE3\xBC'\xBE\x1E\n\x1A*B\x06\xF3\xCC"
339
+
340
+ def test_aes256_ctr_for_encryption
341
+ assert_equal AES256_CTR, encrypt("aes256-ctr")
342
+ end
343
+
344
+ def test_aes256_ctr_for_decryption
345
+ assert_equal TEXT, decrypt("aes256-ctr", AES256_CTR)
346
+ end
347
+
348
+ CAMELLIA128_CTR = "$\xCDQ\x86\xFD;Eq\x04\xFD\xEF\xC9\x18\xBA\\ZA\xD1\xA6Z\xC7V\xDE\xCDT\xBB\xC9\xB0BW\x9BOb}O\xCANy\xEA\xBB\xC5\x126\xE3\xDF\xB8]|j\x1D\xAE\"i\x8A\xCB\xE06\x01\xC4\xDA\xF6:\xA7\xB2v\xB0\xAE\xA5m\x16\xDB\xEBR\xCC\xB4\xA3\x93\x11;\xF1\x00\xDFS6\xF8\xD0_\b\nl\xA2\x95\x8E\xF2\xB0\xC1"
349
+ if_supported?("camellia128-ctr@openssh.org") do
350
+ def test_camellia128_ctr_openssh_org_for_encryption
351
+ assert_equal CAMELLIA128_CTR, encrypt("camellia128-ctr@openssh.org")
352
+ end
353
+ def test_camellia128_ctr_openssh_org_for_decryption
354
+ assert_equal TEXT, decrypt("camellia128-ctr@openssh.org", CAMELLIA128_CTR)
355
+ end
356
+ end
357
+ if_supported?("camellia128-ctr") do
358
+ def test_camellia128_ctr_for_encryption
359
+ assert_equal CAMELLIA128_CTR, encrypt("camellia128-ctr")
360
+ end
361
+ def test_camellia128_ctr_for_decryption
362
+ assert_equal TEXT, decrypt("camellia128-ctr", CAMELLIA128_CTR)
363
+ end
364
+ end
365
+
366
+ CAMELLIA192_CTR = "\xB1O;\xA5\xB9 \xD6\x7Fw\ajz\xAF12\x1C\xF0^\xB2\x13\xA7s\xCB\x1A(3Yw\x8B\"7\xD7}\xC4\xAA\xF7\xDB\xF2\xEEi\x02\xD0\x94BK\xD9l\xBC\xBEbrk\x87\x14h\xE1'\xD2\xE4\x8C\x8D\x87\xCE\xBF\x89\xA9\x9E\xC4\f\xB8\x87(\xFE?\xD9\xEF\xBA5\xD8\xA1\rI\xD6s9\x10\xA9l\xB8S\x93}*\x9A\xB0="
367
+ if_supported?("camellia192-ctr@openssh.org") do
368
+ def test_camellia192_ctr_openssh_org_for_encryption
369
+ assert_equal CAMELLIA192_CTR, encrypt("camellia192-ctr@openssh.org")
370
+ end
371
+ def test_camellia192_ctr_openssh_org_for_decryption
372
+ assert_equal TEXT, decrypt("camellia192-ctr@openssh.org", CAMELLIA192_CTR)
373
+ end
374
+ end
375
+ if_supported?("camellia192-ctr") do
376
+ def test_camellia192_ctr_for_encryption
377
+ assert_equal CAMELLIA192_CTR, encrypt("camellia192-ctr")
378
+ end
379
+ def test_camellia192_ctr_for_decryption
380
+ assert_equal TEXT, decrypt("camellia192-ctr", CAMELLIA192_CTR)
381
+ end
382
+ end
383
+
384
+ CAMELLIA256_CTR = "`\x8F#Nqr^m\xB2/i\xF9}\x1E\xD1\xE7X\x99\xAF\x1E\xBA\v\xF3\x8E\xCA\xECZ\xCB\x8A\xC96FW\xB3\x84 bwzRM,P\xC1r\xEFHNr%\xB9\a\xD6\xE6\xE7O\b\xC8?\x98d\x9F\xD3v\x10#\xA6\x87\xB2\x85\x059\xF0-\xF9\xBC\x00V\xB2?\xAE\x1E{\e\xF1\xA9zJ\xC9=1\xB3t73\xEB"
385
+ if_supported?("camellia256-ctr@openssh.org") do
386
+ def test_camellia256_ctr_openssh_org_for_encryption
387
+ assert_equal CAMELLIA256_CTR, encrypt("camellia256-ctr@openssh.org")
388
+ end
389
+ def test_camellia256_ctr_openssh_org_for_decryption
390
+ assert_equal TEXT, decrypt("camellia256-ctr@openssh.org", CAMELLIA256_CTR)
391
+ end
392
+ end
393
+ if_supported?("camellia256-ctr") do
394
+ def test_camellia256_ctr_for_encryption
395
+ assert_equal CAMELLIA256_CTR, encrypt("camellia256-ctr")
396
+ end
397
+ def test_camellia256_ctr_for_decryption
398
+ assert_equal TEXT, decrypt("camellia256-ctr", CAMELLIA256_CTR)
399
+ end
400
+ end
401
+
174
402
  def test_none_for_encryption
175
403
  assert_equal TEXT, encrypt("none").strip
176
404
  end