sonixlabs-net-ssh 2.3.0

data/test/test_key_factory.rb

@@ -0,0 +1,79 @@
+require 'common'
+require 'net/ssh/key_factory'
+
+class TestKeyFactory < Test::Unit::TestCase
+  def setup
+    @key_file = File.expand_path("/key-file")
+  end
+  
+  def test_load_unencrypted_private_RSA_key_should_return_key
+    File.expects(:read).with(@key_file).returns(rsa_key.export)
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_unencrypted_private_DSA_key_should_return_key
+    File.expects(:read).with(@key_file).returns(dsa_key.export)
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_RSA_key_should_prompt_for_password_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for #{@key_file}:", false).returns("password")
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_RSA_key_with_password_should_not_prompt_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file, "password").to_der
+  end
+
+  def test_load_encrypted_private_DSA_key_should_prompt_for_password_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(dsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for #{@key_file}:", false).returns("password")
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_DSA_key_with_password_should_not_prompt_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(dsa_key, "password"))
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file, "password").to_der
+  end
+
+  def test_load_encrypted_private_key_should_give_three_tries_for_the_password_and_then_raise_exception
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).times(3).with("Enter passphrase for #{@key_file}:", false).returns("passwod","passphrase","passwd")
+    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file) }
+  end
+
+  def test_load_encrypted_private_key_should_raise_exception_without_asking_passphrase
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).never
+    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file, nil, false) }
+  end
+
+  def test_load_public_rsa_key_should_return_key
+    File.expects(:read).with(@key_file).returns(public(rsa_key))
+    assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
+  end
+
+  private
+
+    def rsa_key
+      # 512 bits
+      @rsa_key ||= OpenSSL::PKey::RSA.new("0\202\001;\002\001\000\002A\000\235\236\374N\e@2E\321\3757\003\354c\276N\f\003\3479Ko\005\317\0027\a\255=\345!\306\220\340\211;\027u\331\260\362\2063x\332\301y4\353\v%\032\214v\312\304\212\271GJ\353\2701\031\002\003\001\000\001\002@\022Y\306*\031\306\031\224Cde\231QV3{\306\256U\2477\377\017\000\020\323\363R\332\027\351\034\224OU\020\227H|pUS\n\263+%\304\341\321\273/\271\e\004L\250\273\020&,\t\304By\002!\000\311c\246%a\002\305\277\262R\266\244\250\025V_\351]\264\016\265\341\355\305\223\347Z$8\205#\023\002!\000\310\\\367|\243I\363\350\020\307\246\302\365\ed\212L\273\2158M\223w\a\367 C\t\224A4\243\002!\000\262]+}\327\231\331\002\2331^\312\036\204'g\363\f&\271\020\245\365-\024}\306\374e\202\2459\002 }\231\341\276\3551\277\307{5\\\361\233\353G\024wS\237\fk}\004\302&\205\277\340rb\211\327\002!\000\223\307\025I:\215_\260\370\252\3757\256Y&X\364\354\342\215\350\203E8\227|\f\237M\375D|")
+    end
+
+    def dsa_key
+      # 512 bits
+      @dsa_key ||= OpenSSL::PKey::DSA.new("0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002")
+    end
+
+    def encrypted(key, password)
+      key.export(OpenSSL::Cipher::Cipher.new("des-ede3-cbc"), password)
+    end
+
+    def public(key)
+      result = "#{key.ssh_type} "
+      result << [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").strip.tr("\n\r\t ", "")
+      result << " joe@host.test"
+    end
+end

data/test/transport/hmac/test_md5.rb

@@ -0,0 +1,39 @@
+require 'common'
+require 'net/ssh/transport/hmac/md5'
+
+module Transport; module HMAC
+
+  class TestMD5 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::MD5, subject.digest_class
+      assert_equal OpenSSL::Digest::MD5, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 16, subject.key_length
+      assert_equal 16, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 16, subject.mac_length
+      assert_equal 16, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\275\345\006\307y~Oi\035<.\341\031\250<\257", hmac.digest("hello world")
+    end
+
+    def test_key_should_be_truncated_to_required_length
+      hmac = subject.new("12345678901234567890")
+      assert_equal "1234567890123456", hmac.key
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::MD5
+      end
+  end
+
+end; end

data/test/transport/hmac/test_md5_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_md5'
+require 'net/ssh/transport/hmac/md5_96'
+
+module Transport; module HMAC
+
+  class TestMD5_96 < TestMD5
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\275\345\006\307y~Oi\035<.\341", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::MD5_96
+      end
+  end
+
+end; end

data/test/transport/hmac/test_none.rb

@@ -0,0 +1,34 @@
+require 'common'
+require 'net/ssh/transport/hmac/none'
+
+module Transport; module HMAC
+
+  class TestNone < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal nil, subject.digest_class
+      assert_equal nil, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 0, subject.key_length
+      assert_equal 0, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 0, subject.mac_length
+      assert_equal 0, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::None
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha1.rb

@@ -0,0 +1,34 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha1'
+
+module Transport; module HMAC
+
+  class TestSHA1 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA1, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA1, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 20, subject.key_length
+      assert_equal 20, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 20, subject.mac_length
+      assert_equal 20, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\000\004W\202\204+&\335\311\251P\266\250\214\276\206;\022U\365", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA1
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha1_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha1'
+require 'net/ssh/transport/hmac/sha1_96'
+
+module Transport; module HMAC
+
+  class TestSHA1_96 < TestSHA1
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\000\004W\202\204+&\335\311\251P\266", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA1_96
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha2_256.rb

@@ -0,0 +1,35 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha2_256'
+
+module Transport; module HMAC
+
+  class TestSHA2_256 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA256, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA256, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 32, subject.key_length
+      assert_equal 32, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 32, subject.mac_length
+      assert_equal 32, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\x16^>\x9FhO}\xB1>(\xBAF\xFBW\xB8\xF2\xFA\x824+\xC0\x94\x95\xC2\r\xE6\x88/\xEF\t\xF5%", hmac.digest("hello world")
+
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_256
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha2_256_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha2_256'
+require 'net/ssh/transport/hmac/sha2_256_96'
+
+module Transport; module HMAC
+
+  class TestSHA2_256_96 < TestSHA2_256
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\x16^>\x9FhO}\xB1>(\xBAF", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_256_96
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha2_512.rb

@@ -0,0 +1,35 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha2_512'
+
+module Transport; module HMAC
+
+  class TestSHA2_512 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA512, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA512, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 64, subject.key_length
+      assert_equal 64, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 64, subject.mac_length
+      assert_equal 64, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18\xA0<\xF4\xB5\x01Efz\xA80i\xFC\x18\xC1\x9A+\xDD\xFE<\xA2\xFDE1Ac\xF4\xADU\r\xFB^0\x90= \x837z\xCC\xD5p4a4\x83\xC6\x04m\xAA\xC1\xC0m", hmac.digest("hello world")
+
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_512
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha2_512_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha2_512'
+require 'net/ssh/transport/hmac/sha2_512_96'
+
+module Transport; module HMAC
+
+  class TestSHA2_512_96 < TestSHA2_512
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_512_96
+      end
+  end
+
+end; end

data/test/transport/kex/test_diffie_hellman_group1_sha1.rb

@@ -0,0 +1,146 @@
+require 'common'
+require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
+require 'ostruct'
+
+module Transport; module Kex
+
+  class TestDiffieHellmanGroup1SHA1 < Test::Unit::TestCase
+    include Net::SSH::Transport::Constants
+
+    def setup
+      @dh_options = @dh = @algorithms = @connection = @server_key = 
+        @packet_data = @shared_secret = nil
+    end
+
+    def test_exchange_keys_should_return_expected_results_when_successful
+      result = exchange!
+      assert_equal session_id, result[:session_id]
+      assert_equal server_key.to_blob, result[:server_key].to_blob
+      assert_equal shared_secret, result[:shared_secret]
+      assert_equal OpenSSL::Digest::SHA1, result[:hashing_algorithm]
+    end
+
+    def test_exchange_keys_with_unverifiable_host_should_raise_exception
+      connection.verifier { false }
+      assert_raises(Net::SSH::Exception) { exchange! }
+    end
+
+    def test_exchange_keys_with_signature_key_type_mismatch_should_raise_exception
+      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
+    end
+
+    def test_exchange_keys_with_host_key_type_mismatch_should_raise_exception
+      algorithms :host_key => "ssh-dss"
+      assert_raises(Net::SSH::Exception) { exchange! :key_type => "ssh-dss" }
+    end
+
+    def test_exchange_keys_when_server_signature_could_not_be_verified_should_raise_exception
+      @signature = "1234567890"
+      assert_raises(Net::SSH::Exception) { exchange! }
+    end
+
+    def test_exchange_keys_should_pass_expected_parameters_to_host_key_verifier
+      verified = false
+      connection.verifier do |data|
+        verified = true
+        assert_equal server_key.to_blob, data[:key].to_blob
+
+        blob = b(:key, data[:key]).to_s
+        fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
+
+        assert_equal blob, data[:key_blob]
+        assert_equal fingerprint, data[:fingerprint]
+        assert_equal connection, data[:session]
+
+        true
+      end
+
+      assert_nothing_raised { exchange! }
+      assert verified
+    end
+
+    private
+
+      def exchange!(options={})
+        connection.expect do |t, buffer|
+          assert_equal KEXDH_INIT, buffer.type
+          assert_equal dh.dh.pub_key, buffer.read_bignum
+          t.return(KEXDH_REPLY, :string, b(:key, server_key), :bignum, server_dh_pubkey, :string, b(:string, options[:key_type] || "ssh-rsa", :string, signature))
+          connection.expect do |t2, buffer2|
+            assert_equal NEWKEYS, buffer2.type
+            t2.return(NEWKEYS)
+          end
+        end
+
+        dh.exchange_keys
+      end
+
+      def dh_options(options={})
+        @dh_options = options
+      end
+
+      def dh
+        @dh ||= subject.new(algorithms, connection, packet_data.merge(:need_bytes => 20).merge(@dh_options || {}))
+      end
+
+      def algorithms(options={})
+        @algorithms ||= OpenStruct.new(:host_key => options[:host_key] || "ssh-rsa")
+      end
+
+      def connection
+        @connection ||= MockTransport.new
+      end
+
+      def subject
+        Net::SSH::Transport::Kex::DiffieHellmanGroup1SHA1
+      end
+
+      # 512 bits is the smallest possible key that will work with this, so
+      # we use it for speed reasons
+      def server_key(bits=512)
+        @server_key ||= OpenSSL::PKey::RSA.new(bits)
+      end
+
+      def packet_data
+        @packet_data ||= { :client_version_string => "client version string",
+          :server_version_string => "server version string",
+          :server_algorithm_packet => "server algorithm packet",
+          :client_algorithm_packet => "client algorithm packet" }
+      end
+
+      def server_dh_pubkey
+        @server_dh_pubkey ||= bn(1234567890)
+      end
+
+      def shared_secret
+        @shared_secret ||= OpenSSL::BN.new(dh.dh.compute_key(server_dh_pubkey), 2)
+      end
+
+      def session_id
+        @session_id ||= begin
+          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
+            :string, packet_data[:server_version_string],
+            :string, packet_data[:client_algorithm_packet],
+            :string, packet_data[:server_algorithm_packet],
+            :string, Net::SSH::Buffer.from(:key, server_key),
+            :bignum, dh.dh.pub_key,
+            :bignum, server_dh_pubkey,
+            :bignum, shared_secret)
+          OpenSSL::Digest::SHA1.digest(buffer.to_s)
+        end
+      end
+
+      def signature
+        @signature ||= server_key.ssh_do_sign(session_id)
+      end
+
+      def bn(number, base=10)
+        OpenSSL::BN.new(number.to_s, base)
+      end
+
+      def b(*args)
+        Net::SSH::Buffer.from(*args)
+      end
+  end
+
+end; end