net-ssh 2.9.2 → 4.0.0

data/test/transport/hmac/test_sha2_256_96.rb

@@ -1,27 +0,0 @@
-# encoding: ASCII-8BIT
-
-require 'common'
-require 'transport/hmac/test_sha2_256'
-require 'net/ssh/transport/hmac/sha2_256_96'
-
-module Transport; module HMAC
-
-  class TestSHA2_256_96 < TestSHA2_256
-    def test_expected_mac_length
-      assert_equal 12, subject.mac_length
-      assert_equal 12, subject.new.mac_length
-    end
-
-    def test_expected_digest
-      hmac = subject.new("1234567890123456")
-      assert_equal "\x16^>\x9FhO}\xB1>(\xBAF", hmac.digest("hello world")
-    end
-
-    private
-
-      def subject
-        Net::SSH::Transport::HMAC::SHA2_256_96
-      end
-  end
-
-end; end

data/test/transport/hmac/test_sha2_512.rb

@@ -1,37 +0,0 @@
-# encoding: ASCII-8BIT
-
-require 'common'
-require 'net/ssh/transport/hmac/sha2_512'
-
-module Transport; module HMAC
-
-  class TestSHA2_512 < Test::Unit::TestCase
-    def test_expected_digest_class
-      assert_equal OpenSSL::Digest::SHA512, subject.digest_class
-      assert_equal OpenSSL::Digest::SHA512, subject.new.digest_class
-    end
-
-    def test_expected_key_length
-      assert_equal 64, subject.key_length
-      assert_equal 64, subject.new.key_length
-    end
-
-    def test_expected_mac_length
-      assert_equal 64, subject.mac_length
-      assert_equal 64, subject.new.mac_length
-    end
-
-    def test_expected_digest
-      hmac = subject.new("1234567890123456")
-      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18\xA0<\xF4\xB5\x01Efz\xA80i\xFC\x18\xC1\x9A+\xDD\xFE<\xA2\xFDE1Ac\xF4\xADU\r\xFB^0\x90= \x837z\xCC\xD5p4a4\x83\xC6\x04m\xAA\xC1\xC0m", hmac.digest("hello world")
-
-    end
-
-    private
-
-      def subject
-        Net::SSH::Transport::HMAC::SHA2_512
-      end
-  end
-
-end; end

data/test/transport/hmac/test_sha2_512_96.rb

@@ -1,27 +0,0 @@
-# encoding: ASCII-8BIT
-
-require 'common'
-require 'transport/hmac/test_sha2_512'
-require 'net/ssh/transport/hmac/sha2_512_96'
-
-module Transport; module HMAC
-
-  class TestSHA2_512_96 < TestSHA2_512
-    def test_expected_mac_length
-      assert_equal 12, subject.mac_length
-      assert_equal 12, subject.new.mac_length
-    end
-
-    def test_expected_digest
-      hmac = subject.new("1234567890123456")
-      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18", hmac.digest("hello world")
-    end
-
-    private
-
-      def subject
-        Net::SSH::Transport::HMAC::SHA2_512_96
-      end
-  end
-
-end; end

data/test/transport/kex/test_diffie_hellman_group14_sha1.rb

@@ -1,13 +0,0 @@
-require 'common'
-require 'net/ssh/transport/kex/diffie_hellman_group14_sha1'
-require 'transport/kex/test_diffie_hellman_group1_sha1'
-require 'ostruct'
-
-module Transport; module Kex
-
-  class TestDiffieHellmanGroup14SHA1 < TestDiffieHellmanGroup1SHA1
-      def subject
-        Net::SSH::Transport::Kex::DiffieHellmanGroup14SHA1
-      end
-  end
-end; end

data/test/transport/kex/test_diffie_hellman_group1_sha1.rb

@@ -1,146 +0,0 @@
-require 'common'
-require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
-require 'ostruct'
-
-module Transport; module Kex
-
-  class TestDiffieHellmanGroup1SHA1 < Test::Unit::TestCase
-    include Net::SSH::Transport::Constants
-
-    def setup
-      @dh_options = @dh = @algorithms = @connection = @server_key = 
-        @packet_data = @shared_secret = nil
-    end
-
-    def test_exchange_keys_should_return_expected_results_when_successful
-      result = exchange!
-      assert_equal session_id, result[:session_id]
-      assert_equal server_key.to_blob, result[:server_key].to_blob
-      assert_equal shared_secret, result[:shared_secret]
-      assert_equal OpenSSL::Digest::SHA1, result[:hashing_algorithm]
-    end
-
-    def test_exchange_keys_with_unverifiable_host_should_raise_exception
-      connection.verifier { false }
-      assert_raises(Net::SSH::Exception) { exchange! }
-    end
-
-    def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
-      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
-    end
-
-    def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
-      algorithms :host_key => "ssh-dss"
-      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
-    end
-
-    def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
-      @signature = "1234567890"
-      assert_raises(Net::SSH::Exception) { exchange! }
-    end
-
-    def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
-      verified = false
-      connection.verifier do |data|
-        verified = true
-        assert_equal server_key.to_blob, data[:key].to_blob
-
-        blob = b(:key, data[:key]).to_s
-        fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
-
-        assert_equal blob, data[:key_blob]
-        assert_equal fingerprint, data[:fingerprint]
-        assert_equal connection, data[:session]
-
-        true
-      end
-
-      assert_nothing_raised { exchange! }
-      assert verified
-    end
-
-    private
-
-      def exchange!(options={})
-        connection.expect do |t, buffer|
-          assert_equal KEXDH_INIT, buffer.type
-          assert_equal dh.dh.pub_key, buffer.read_bignum
-          t.return(KEXDH_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
-          connection.expect do |t2, buffer2|
-            assert_equal NEWKEYS, buffer2.type
-            t2.return(NEWKEYS)
-          end
-        end
-
-        dh.exchange_keys
-      end
-
-      def dh_options(options={})
-        @dh_options = options
-      end
-
-      def dh
-        @dh ||= subject.new(algorithms, connection, packet_data.merge(:need_bytes => 20).merge(@dh_options || {}))
-      end
-
-      def algorithms(options={})
-        @algorithms ||= OpenStruct.new(:host_key => options[:host_key] || "ssh-rsa")
-      end
-
-      def connection
-        @connection ||= MockTransport.new
-      end
-
-      def subject
-        Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1
-      end
-
-      # 512 bits is the smallest possible key that will work with this, so
-      # we use it for speed reasons
-      def server_key(bits=512)
-        @server_key ||= OpenSSL::PKey::RSA.new(bits)
-      end
-
-      def packet_data
-        @packet_data ||= { :client_version_string => "client version string",
-          :server_version_string => "server version string",
-          :server_algorithm_packet => "server algorithm packet",
-          :client_algorithm_packet => "client algorithm packet" }
-      end
-
-      def server_dh_pubkey
-        @server_dh_pubkey ||= bn(1234567890)
-      end
-
-      def shared_secret
-        @shared_secret ||= OpenSSL::BN.new(dh.dh.compute_key(server_dh_pubkey), 2)
-      end
-
-      def session_id
-        @session_id ||= begin
-          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
-            :string, packet_data[:server_version_string],
-            :string, packet_data[:client_algorithm_packet],
-            :string, packet_data[:server_algorithm_packet],
-            :string, Net::SSH::Buffer.from(:key, server_key),
-            :bignum, dh.dh.pub_key,
-            :bignum, server_dh_pubkey,
-            :bignum, shared_secret)
-          OpenSSL::Digest::SHA1.digest(buffer.to_s)
-        end
-      end
-
-      def signature
-        @signature ||= server_key.ssh_do_sign(session_id)
-      end
-
-      def bn(number, base=10)
-        OpenSSL::BN.new(number.to_s, base)
-      end
-
-      def b(*args)
-        Net::SSH::Buffer.from(*args)
-      end
-  end
-
-end; end

data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb

@@ -1,92 +0,0 @@
-require 'common'
-require 'transport/kex/test_diffie_hellman_group1_sha1'
-require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
-
-module Transport; module Kex
-
-  class TestDiffieHellmanGroupExchangeSHA1 < TestDiffieHellmanGroup1SHA1
-    KEXDH_GEX_GROUP   = 31
-    KEXDH_GEX_INIT    = 32
-    KEXDH_GEX_REPLY   = 33
-    KEXDH_GEX_REQUEST = 34
-
-    def test_exchange_with_fewer_than_minimum_bits_uses_minimum_bits
-      dh_options :need_bytes => 20
-      assert_equal 1024, need_bits
-      assert_nothing_raised { exchange! }
-    end
-
-    def test_exchange_with_fewer_than_maximum_bits_uses_need_bits
-      dh_options :need_bytes => 500
-      need_bits(8001)
-      assert_nothing_raised { exchange! }
-    end
-
-    def test_exchange_with_more_than_maximum_bits_uses_maximum_bits
-      dh_options :need_bytes => 2000
-      need_bits(8192)
-      assert_nothing_raised { exchange! }
-    end
-
-    def test_that_p_and_g_are_provided_by_the_server
-      assert_nothing_raised { exchange! :p => default_p+2, :g => 3 }
-      assert_equal default_p+2, dh.dh.p
-      assert_equal 3, dh.dh.g
-    end
-
-    private
-
-      def need_bits(bits=1024)
-        @need_bits ||= bits
-      end
-
-      def default_p
-        142326151570335518660743995281621698377057354949884468943021767573608899048361360422513557553514790045512299468953431585300812548859419857171094366358158903433167915517332113861059747425408670144201099811846875730766487278261498262568348338476437200556998366087779709990807518291581860338635288400119315130179
-      end
-
-      def exchange!(options={})
-        connection.expect do |t, buffer|
-          assert_equal KEXDH_GEX_REQUEST, buffer.type
-          assert_equal 1024, buffer.read_long
-          assert_equal need_bits, buffer.read_long
-          assert_equal 8192, buffer.read_long
-          t.return(KEXDH_GEX_GROUP, :bignum, bn(options[:p] || default_p), :bignum, bn(options[:g] || 2))
-          t.expect do |t2, buffer2|
-            assert_equal KEXDH_GEX_INIT, buffer2.type
-            assert_equal dh.dh.pub_key, buffer2.read_bignum
-            t2.return(KEXDH_GEX_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
-            t2.expect do |t3, buffer3|
-              assert_equal NEWKEYS, buffer3.type
-              t3.return(NEWKEYS)
-            end
-          end
-        end
-
-        dh.exchange_keys
-      end
-
-      def subject
-        Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA1
-      end
-
-      def session_id
-        @session_id ||= begin
-          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
-            :string, packet_data[:server_version_string],
-            :string, packet_data[:client_algorithm_packet],
-            :string, packet_data[:server_algorithm_packet],
-            :string, Net::SSH::Buffer.from(:key, server_key),
-            :long,   1024,
-            :long,   need_bits, # need bits, figure this part out,
-            :long,   8192,
-            :bignum, dh.dh.p,
-            :bignum, dh.dh.g,
-            :bignum, dh.dh.pub_key,
-            :bignum, server_dh_pubkey,
-            :bignum, shared_secret)
-          OpenSSL::Digest::SHA1.digest(buffer.to_s)
-        end
-      end
-  end
-
-end; end

data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb

@@ -1,34 +0,0 @@
-require 'common'
-require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
-require 'transport/kex/test_diffie_hellman_group_exchange_sha1'
-
-module Transport; module Kex
-
-  class TestDiffieHellmanGroupExchangeSHA256 < TestDiffieHellmanGroupExchangeSHA1
-    private
-
-      def subject
-        Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA256
-      end
-
-      def session_id
-        @session_id ||= begin
-          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
-            :string, packet_data[:server_version_string],
-            :string, packet_data[:client_algorithm_packet],
-            :string, packet_data[:server_algorithm_packet],
-            :string, Net::SSH::Buffer.from(:key, server_key),
-            :long,   1024,
-            :long,   1024,
-            :long,   8192,
-            :bignum, dh.dh.p,
-            :bignum, dh.dh.g,
-            :bignum, dh.dh.pub_key,
-            :bignum, server_dh_pubkey,
-            :bignum, shared_secret)
-          OpenSSL::Digest::SHA256.digest(buffer.to_s)
-        end
-      end
-  end
-
-end; end

data/test/transport/kex/test_ecdh_sha2_nistp256.rb

@@ -1,161 +0,0 @@
-require 'openssl'
-
-unless defined?(OpenSSL::PKey::EC)
-  puts "Skipping tests for ecdh-sha2-nistp256 key exchange"
-else
-  require 'common'
-  require 'transport/kex/test_diffie_hellman_group1_sha1'
-  require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
-  require 'ostruct'
-
-  module Transport; module Kex
-
-    class TestEcdhSHA2NistP256 < Test::Unit::TestCase
-      include Net::SSH::Transport::Constants
-
-      def setup
-        @ecdh = @algorithms = @connection = @server_key = 
-          @packet_data = @shared_secret = nil
-      end
-
-      def test_exchange_keys_should_return_expected_results_when_successful
-        result = exchange!
-        assert_equal session_id, result[:session_id]
-        assert_equal server_host_key.to_blob, result[:server_key].to_blob
-        assert_equal shared_secret, result[:shared_secret]
-        assert_equal digester, result[:hashing_algorithm]
-      end
-
-      def test_exchange_keys_with_unverifiable_host_should_raise_exception
-        connection.verifier { false }
-        assert_raises(Net::SSH::Exception) { exchange! }
-      end
-
-      def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
-        assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
-      end
-
-      def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
-        algorithms :host_key => "ssh-dss"
-        assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
-      end
-
-      def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
-        @signature = "1234567890"
-        assert_raises(Net::SSH::Exception) { exchange! }
-      end
-
-      def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
-        verified = false
-        connection.verifier do |data|
-          verified = true
-          assert_equal server_host_key.to_blob, data[:key].to_blob
-
-          blob = b(:key, data[:key]).to_s
-          fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
-
-          assert_equal blob, data[:key_blob]
-          assert_equal fingerprint, data[:fingerprint]
-          assert_equal connection, data[:session]
-
-          true
-        end
-
-        assert_nothing_raised { exchange! }
-        assert verified
-      end
-
-      private
-
-      def digester
-        OpenSSL::Digest::SHA256
-      end
-
-      def subject
-        Net::SSH::Transport::Kex::EcdhSHA2NistP256
-      end
-
-      def ecparam
-        "prime256v1"
-      end
-
-      def key_type
-        "ecdsa-sha2-nistp256"
-      end
-
-      def exchange!(options={})
-        connection.expect do |t, buffer|
-          assert_equal KEXECDH_INIT, buffer.type
-          assert_equal ecdh.ecdh.public_key.to_bn.to_s(2), buffer.read_string
-          t.return(KEXECDH_REPLY,
-                   :string, b(:key, server_host_key),
-                   :string, server_ecdh_pubkey.to_bn.to_s(2),
-                   :string, b(:string, options[:key_type] || key_type,
-                              :string, signature))
-          connection.expect do |t2, buffer2|
-            assert_equal NEWKEYS, buffer2.type
-            t2.return(NEWKEYS)
-          end
-        end
-        ecdh.exchange_keys
-      end
-
-      def ecdh
-        @ecdh ||= subject.new(algorithms, connection, packet_data)
-      end
-
-      def algorithms(options={})
-        @algorithms ||= OpenStruct.new(:host_key => options[:server_host_key] || "ecdsa-sha2-nistp256")
-      end
-
-      def connection
-        @connection ||= MockTransport.new
-      end
-
-      def server_key
-        @server_key ||= OpenSSL::PKey::EC.new(ecparam).generate_key
-      end
-
-      def server_host_key
-        @server_host_key ||= OpenSSL::PKey::EC.new("prime256v1").generate_key
-      end
-
-      def packet_data
-        @packet_data ||= { :client_version_string => "client version string",
-          :server_version_string => "server version string",
-          :server_algorithm_packet => "server algorithm packet",
-          :client_algorithm_packet => "client algorithm packet" }
-      end
-
-      def server_ecdh_pubkey
-        @server_ecdh_pubkey ||= server_key.public_key
-      end
-
-      def shared_secret
-        @shared_secret ||= OpenSSL::BN.new(ecdh.ecdh.dh_compute_key(server_ecdh_pubkey), 2)
-      end
-
-      def session_id
-        @session_id ||= begin
-          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
-                                         :string, packet_data[:server_version_string],
-                                         :string, packet_data[:client_algorithm_packet],
-                                         :string, packet_data[:server_algorithm_packet],
-                                         :string, Net::SSH::Buffer.from(:key, server_host_key),
-                                         :string, ecdh.ecdh.public_key.to_bn.to_s(2),
-                                         :string, server_ecdh_pubkey.to_bn.to_s(2),
-                                         :bignum, shared_secret)
-          digester.digest(buffer.to_s)
-        end
-      end
-
-      def signature
-        @signature ||= server_host_key.ssh_do_sign(session_id)
-      end
-
-      def b(*args)
-        Net::SSH::Buffer.from(*args)
-      end
-    end
-  end; end;
-end

data/test/transport/kex/test_ecdh_sha2_nistp384.rb

@@ -1,38 +0,0 @@
-require 'openssl'
-
-unless defined?(OpenSSL::PKey::EC)
-  puts "Skipping tests for ecdh-sha2-nistp384 key exchange"
-else
-  require 'transport/kex/test_ecdh_sha2_nistp256'
-  module Transport; module Kex
-    class TestEcdhSHA2NistP384 < TestEcdhSHA2NistP256
-
-      def setup
-        @ecdh = @algorithms = @connection = @server_key = 
-          @packet_data = @shared_secret = nil
-      end
-
-      def test_exchange_keys_should_return_expected_results_when_successful
-        result = exchange!
-        assert_equal session_id, result[:session_id]
-        assert_equal server_host_key.to_blob, result[:server_key].to_blob
-        assert_equal shared_secret, result[:shared_secret]
-        assert_equal digester, result[:hashing_algorithm]
-      end
-
-      private
-
-      def digester
-        OpenSSL::Digest::SHA384
-      end
-
-      def subject
-        Net::SSH::Transport::Kex::EcdhSHA2NistP384
-      end
-
-      def ecparam
-        "secp384r1"
-      end
-    end
-  end; end
-  end

data/test/transport/kex/test_ecdh_sha2_nistp521.rb

@@ -1,38 +0,0 @@
-require 'openssl'
-
-unless defined?(OpenSSL::PKey::EC)
-  puts "Skipping tests for ecdh-sha2-nistp521 key exchange"
-else
-  require 'transport/kex/test_ecdh_sha2_nistp256'
-  module Transport; module Kex
-    class TestEcdhSHA2NistP521 < TestEcdhSHA2NistP256
-
-      def setup
-        @ecdh = @algorithms = @connection = @server_key = 
-          @packet_data = @shared_secret = nil
-      end
-
-      def test_exchange_keys_should_return_expected_results_when_successful
-        result = exchange!
-        assert_equal session_id, result[:session_id]
-        assert_equal server_host_key.to_blob, result[:server_key].to_blob
-        assert_equal shared_secret, result[:shared_secret]
-        assert_equal digester, result[:hashing_algorithm]
-      end
-
-      private
-
-      def digester
-        OpenSSL::Digest::SHA512
-      end
-
-      def subject
-        Net::SSH::Transport::Kex::EcdhSHA2NistP521
-      end
-
-      def ecparam
-        "secp521r1"
-      end
-    end
-  end; end
-end