2016-01-08 15:30:08 +00:00
|
|
|
import io
|
2016-01-09 14:06:47 +00:00
|
|
|
|
2015-08-18 13:46:56 +00:00
|
|
|
import mock
|
|
|
|
|
2016-02-15 18:53:14 +00:00
|
|
|
from .. import client, factory, formats, util
|
2015-08-18 13:46:56 +00:00
|
|
|
|
|
|
|
ADDR = [2147483661, 2810943954, 3938368396, 3454558782, 3848009040]
|
|
|
|
CURVE = 'nist256p1'
|
|
|
|
|
|
|
|
PUBKEY = (b'\x03\xd8(\xb5\xa6`\xbet0\x95\xac:[;]\xdc,\xbd\xdc?\xd7\xc0\xec'
|
|
|
|
b'\xdd\xbc+\xfar~\x9dAis')
|
|
|
|
PUBKEY_TEXT = ('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzd'
|
|
|
|
'HAyNTYAAABBBNgotaZgvnQwlaw6Wztd3Cy93D/XwOzdvCv6cn6dQWlzNMEQeW'
|
|
|
|
'VUfhvrGljR2Z/CMRONY6ejB+9PnpUOPuzYqi8= ssh://localhost:22\n')
|
|
|
|
|
|
|
|
|
2016-01-22 10:04:24 +00:00
|
|
|
class FakeConnection(object):
|
2015-08-18 13:46:56 +00:00
|
|
|
|
2016-01-15 11:07:01 +00:00
|
|
|
def __init__(self):
|
2015-08-18 13:46:56 +00:00
|
|
|
self.closed = False
|
|
|
|
|
|
|
|
def close(self):
|
|
|
|
self.closed = True
|
|
|
|
|
2015-08-18 14:05:27 +00:00
|
|
|
def clear_session(self):
|
|
|
|
self.closed = True
|
|
|
|
|
2015-10-23 09:45:32 +00:00
|
|
|
def get_public_node(self, n, ecdsa_curve_name=b'secp256k1'):
|
2015-08-18 13:46:56 +00:00
|
|
|
assert not self.closed
|
2015-08-18 14:05:27 +00:00
|
|
|
assert n == ADDR
|
2015-10-23 09:45:32 +00:00
|
|
|
assert ecdsa_curve_name in {b'secp256k1', b'nist256p1'}
|
2015-08-18 13:46:56 +00:00
|
|
|
result = mock.Mock(spec=[])
|
|
|
|
result.node = mock.Mock(spec=[])
|
|
|
|
result.node.public_key = PUBKEY
|
|
|
|
return result
|
|
|
|
|
2015-08-18 18:30:58 +00:00
|
|
|
def ping(self, msg):
|
|
|
|
assert not self.closed
|
|
|
|
return msg
|
|
|
|
|
2015-08-18 13:46:56 +00:00
|
|
|
|
2016-01-15 11:07:01 +00:00
|
|
|
def identity_type(**kwargs):
|
|
|
|
result = mock.Mock(spec=[])
|
|
|
|
result.index = 0
|
|
|
|
result.proto = result.user = result.host = result.port = None
|
|
|
|
result.path = None
|
|
|
|
for k, v in kwargs.items():
|
|
|
|
setattr(result, k, v)
|
|
|
|
return result
|
2015-08-18 13:46:56 +00:00
|
|
|
|
|
|
|
|
2016-01-15 11:07:01 +00:00
|
|
|
def load_client():
|
2016-01-22 10:04:24 +00:00
|
|
|
return factory.ClientWrapper(connection=FakeConnection(),
|
2016-01-15 11:07:01 +00:00
|
|
|
identity_type=identity_type,
|
|
|
|
device_name='DEVICE_NAME')
|
2015-08-18 13:46:56 +00:00
|
|
|
|
|
|
|
|
2015-08-18 14:52:07 +00:00
|
|
|
BLOB = (b'\x00\x00\x00 \xce\xe0\xc9\xd5\xceu/\xe8\xc5\xf2\xbfR+x\xa1\xcf\xb0'
|
|
|
|
b'\x8e;R\xd3)m\x96\x1b\xb4\xd8s\xf1\x99\x16\xaa2\x00\x00\x00\x05roman'
|
|
|
|
b'\x00\x00\x00\x0essh-connection\x00\x00\x00\tpublickey'
|
|
|
|
b'\x01\x00\x00\x00\x13ecdsa-sha2-nistp256\x00\x00\x00h\x00\x00\x00'
|
|
|
|
b'\x13ecdsa-sha2-nistp256\x00\x00\x00\x08nistp256\x00\x00\x00A'
|
|
|
|
b'\x04\xd8(\xb5\xa6`\xbet0\x95\xac:[;]\xdc,\xbd\xdc?\xd7\xc0\xec'
|
|
|
|
b'\xdd\xbc+\xfar~\x9dAis4\xc1\x10yeT~\x1b\xeb\x1aX\xd1\xd9\x9f\xc21'
|
|
|
|
b'\x13\x8dc\xa7\xa3\x07\xefO\x9e\x95\x0e>\xec\xd8\xaa/')
|
|
|
|
|
|
|
|
SIG = (b'\x00R\x19T\xf2\x84$\xef#\x0e\xee\x04X\xc6\xc3\x99T`\xd1\xd8\xf7!'
|
|
|
|
b'\x862@cx\xb8\xb9i@1\x1b3#\x938\x86]\x97*Y\xb2\x02Xa\xdf@\xecK'
|
|
|
|
b'\xdc\xf0H\xab\xa8\xac\xa7? \x8f=C\x88N\xe2')
|
|
|
|
|
|
|
|
|
2015-08-18 15:52:29 +00:00
|
|
|
def test_ssh_agent():
|
2015-10-23 09:45:32 +00:00
|
|
|
label = 'localhost:22'
|
2016-01-15 11:07:01 +00:00
|
|
|
c = client.Client(loader=load_client)
|
2015-10-23 09:45:32 +00:00
|
|
|
ident = c.get_identity(label=label)
|
2015-08-18 13:46:56 +00:00
|
|
|
assert ident.host == 'localhost'
|
|
|
|
assert ident.proto == 'ssh'
|
|
|
|
assert ident.port == '22'
|
|
|
|
assert ident.user is None
|
|
|
|
assert ident.path is None
|
2016-02-06 15:50:23 +00:00
|
|
|
assert ident.index == 0
|
2015-08-18 13:46:56 +00:00
|
|
|
|
|
|
|
with c:
|
2015-10-23 09:45:32 +00:00
|
|
|
assert c.get_public_key(label) == PUBKEY_TEXT
|
2015-08-18 14:52:07 +00:00
|
|
|
|
2015-08-18 15:52:29 +00:00
|
|
|
def ssh_sign_identity(identity, challenge_hidden,
|
|
|
|
challenge_visual, ecdsa_curve_name):
|
2016-02-17 13:04:10 +00:00
|
|
|
assert (client.identity_to_string(identity) ==
|
|
|
|
client.identity_to_string(ident))
|
2015-08-18 14:52:07 +00:00
|
|
|
assert challenge_hidden == BLOB
|
2016-02-17 13:04:10 +00:00
|
|
|
assert challenge_visual == 'VISUAL'
|
2015-10-23 09:45:32 +00:00
|
|
|
assert ecdsa_curve_name == b'nist256p1'
|
2015-08-18 14:52:07 +00:00
|
|
|
|
|
|
|
result = mock.Mock(spec=[])
|
|
|
|
result.public_key = PUBKEY
|
|
|
|
result.signature = SIG
|
|
|
|
return result
|
|
|
|
|
2015-08-18 15:52:29 +00:00
|
|
|
c.client.sign_identity = ssh_sign_identity
|
2016-02-17 13:04:10 +00:00
|
|
|
signature = c.sign_ssh_challenge(label=label, blob=BLOB,
|
|
|
|
visual='VISUAL')
|
2015-08-18 14:52:07 +00:00
|
|
|
|
|
|
|
key = formats.import_public_key(PUBKEY_TEXT)
|
2016-01-08 15:30:08 +00:00
|
|
|
serialized_sig = key['verifier'](sig=signature, msg=BLOB)
|
|
|
|
|
|
|
|
stream = io.BytesIO(serialized_sig)
|
|
|
|
r = util.read_frame(stream)
|
|
|
|
s = util.read_frame(stream)
|
|
|
|
assert not stream.read()
|
|
|
|
assert r[:1] == b'\x00'
|
|
|
|
assert s[:1] == b'\x00'
|
|
|
|
assert r[1:] + s[1:] == SIG[1:]
|
2015-08-18 15:52:29 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_utils():
|
|
|
|
identity = mock.Mock(spec=[])
|
|
|
|
identity.proto = 'https'
|
|
|
|
identity.user = 'user'
|
|
|
|
identity.host = 'host'
|
|
|
|
identity.port = '443'
|
|
|
|
identity.path = '/path'
|
|
|
|
|
|
|
|
url = 'https://user@host:443/path'
|
|
|
|
assert client.identity_to_string(identity) == url
|