U sÍ@g$oã@s¼dZddlmZmZddlZddlZddlZddlZddlm Z e dƒZ e dƒZ e dk r®e dk r®dZ ddl mZmZmZmZddlmZdd lmZdd lmZdd lmZnDe dkr¼d Z n e dkrÈd Z Gdd„dƒZGdd„dƒZGdd„dƒZddlmZmZmZmZmZddl m!Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z0ddl m1Z1m2Z2m3Z3ddl4m5Z5ddl6m7Z7Gdd „d ej8ƒZ9Gd!d"„d"e:ƒZ;Gd#d$„d$ƒZGd'd(„d(ej?ƒZ@Gd)d*„d*e@ƒZAGd+d,„d,e@ƒZBGd-d.„d.e$jCƒZDGd/d0„d0ƒZEGd1d2„d2ƒZFGd3d4„d4ƒZGGd5d6„d6ƒZHGd7d8„d8eHeDƒZIGd9d:„d:eHƒZJGd;d<„d„d>eJeFeDƒZLGd?d@„d@eJeGeDƒZMGdAdB„dBƒZNGdCdD„dDeNƒZOGdEdF„dFeOeDƒZPGdGdH„dHeOƒZQGdIdJ„dJeQeEeDƒZRGdKdL„dLeQeFeDƒZSGdMdN„dNeNƒZTGdOdP„dPeTeDƒZUGdQdR„dReTƒZVGdSdT„dTeVeEeDƒZWGdUdV„dVeVeFeDƒZXGdWdX„dXe$jCƒZYGdYdZ„dZe$jCƒZZGd[d\„d\e$jCƒZ[Gd]d^„d^e$jCƒZ\dS)_z5 Tests for ssh/transport.py and the classes therein. é)Úabsolute_importÚdivisionN)Ú requireModuleÚpyasn1Ú cryptography)ÚcommonÚ transportÚkeysÚfactory)Úkeydata)Údefault_backend)Úec)ÚUnsupportedAlgorithmzCannot run without PyASN1zcan't run without cryptographyc@s6eZdZGdd„dƒZGdd„dƒZGdd„dƒZdS)rc@s eZdZdS)ztransport.SSHTransportBaseN©Ú__name__Ú __module__Ú __qualname__©rrúC/usr/lib/python3/dist-packages/twisted/conch/test/test_transport.pyÚSSHTransportBase#src@s eZdZdS)ztransport.SSHServerTransportNrrrrrÚSSHServerTransport$src@s eZdZdS)ztransport.SSHClientTransportNrrrrrÚSSHClientTransport%srN)rrrrrrrrrrr"src@seZdZGdd„dƒZdS)r c@s eZdZdS)zfactory.SSHFactoryNrrrrrÚ SSHFactory)srN)rrrrrrrrr (sr c@seZdZedd„ƒZdS)rcCsdS)Nór)ÚselfÚargrrrÚNS-sz common.NSN)rrrÚ classmethodrrrrrr,sr)Úmd5Úsha1Úsha256Úsha384Úsha512)Ú __version__)Úunittest)Údefer)Úloopback)Ú randbytes©ÚinsecureRandom)Ú iterbytesÚ _bytesChr)ÚaddressÚserviceÚ_kex)Ú proto_helpers)Ú ConchErrorc@s@eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dS)ÚMockTransportBasean A base class for the client and server protocols. Stores the messages it receives instead of ignoring them. @ivar errors: a list of tuples: (reasonCode, description) @ivar unimplementeds: a list of integers: sequence number @ivar debugs: a list of tuples: (alwaysDisplay, message, lang) @ivar ignoreds: a list of strings: ignored data cCs.tj |¡g|_g|_g|_g|_d|_dS)z, Set up instance variables. N)rrÚconnectionMadeÚerrorsÚunimplementedsÚdebugsÚignoredsÚgotUnsupportedVersion©rrrrr2Is  z MockTransportBase.connectionMadecCs||_tj ||¡S)zZ Intercept unsupported version call. @type remoteVersion: L{str} )r7rrÚ_unsupportedVersionReceived)rZ remoteVersionrrrr9Us ÿz-MockTransportBase._unsupportedVersionReceivedcCs|j ||f¡dS)zp Store any errors received. @type reasonCode: L{int} @type description: L{str} N©r3Úappend)rZ reasonCodeZ descriptionrrrÚ receiveError`szMockTransportBase.receiveErrorcCs|j |¡dS)zX Store any unimplemented packet messages. @type seqnum: L{int} N)r4r;)rÚseqnumrrrÚreceiveUnimplementedjsz&MockTransportBase.receiveUnimplementedcCs|j |||f¡dS)zŠ Store any debug messages. @type alwaysDisplay: L{bool} @type message: L{str} @type lang: L{str} N)r5r;)rZ alwaysDisplayÚmessageZlangrrrÚ receiveDebugsszMockTransportBase.receiveDebugcCs|j |¡dS)zG Store any ignored data. @type packet: L{str} N)r6r;©rÚpacketrrrÚ ssh_IGNORE~szMockTransportBase.ssh_IGNOREN) rrrÚ__doc__r2r9r<r>r@rCrrrrr1>s      r1c@sheZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdd „Zd d „Zd d „Zdd„Zdd„ZdS)Ú MockCipherzH A mocked-up version of twisted.conch.ssh.transport.SSHCiphers. ótestééF)NrrrHrcCs>d|_t|ƒ|jdkr:tdt|ƒ|jt|ƒ|jfƒ‚|S)z~ Called to encrypt the packet. Simply record that encryption was used and return the data unchanged. Trú*length %i modulo blocksize %i is not 0: %i)Ú usedEncryptÚlenÚ encBlockSizeÚ RuntimeError©rÚxrrrÚencryptšs ÿzMockCipher.encryptcCs>d|_t|ƒ|jdkr:tdt|ƒ|jt|ƒ|jfƒ‚|S)z~ Called to decrypt the packet. Simply record that decryption was used and return the data unchanged. TrrI)Ú usedDecryptrKrLrMÚ decBlockSizerNrrrÚdecrypt¦s ÿzMockCipher.decryptcCst|ƒS)zs Make a Message Authentication Code by sending the character value of the outgoing packet. ©Úchr)rÚoutgoingPacketSequenceÚpayloadrrrÚmakeMAC²szMockCipher.makeMACcCs t|ƒ|kS)zy Verify the Message Authentication Code by checking that the packet sequence number is the same. rT)rÚincomingPacketSequencerBZmacDatarrrÚverifyºszMockCipher.verifycCs||||||f|_dS)z" Record the keys. N)r )rZivOutZkeyOutZivInZkeyInZmacInZmacOutrrrÚsetKeysÂszMockCipher.setKeysN)rrrrDÚ outCipTyperLÚ inCipTyperRÚ inMACTypeÚ outMACTypeÚverifyDigestSizerJrQÚoutMACZinMACr rPrSrXrZr[rrrrrEˆs$  rEc@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚMockCompressionz’ A mocked-up compression, based on the zlib interface. Instead of compressing, it reverses the data and adds a 0x66 byte to the end. cCs|ddd…S©Néÿÿÿÿr©rrWrrrÚcompressÐszMockCompression.compresscCs|dd…ddd…SrcrrerrrÚ decompressÔszMockCompression.decompresscCsdS)Nófr©rÚkindrrrÚflushØszMockCompression.flushN)rrrrDrfrgrkrrrrrbÊsrbc@sFeZdZdZdZdZdZdddœZdd„Zd d „Z d d „Z d d„Z dS)Ú MockServicez A mocked-up service, based on twisted.conch.ssh.service.SSHService. @ivar started: True if this service has been started. @ivar stopped: True if this service has been stopped. ó MockServiceFZMSG_TESTZ MSG_fiction)éÿéGcCsdS)Nrlrr8rrrÚ logPrefixêszMockService.logPrefixcCs d|_dS)z6 Record that the service was started. TN)Ústartedr8rrrÚserviceStartedîszMockService.serviceStartedcCs d|_dS)z6 Record that the service was stopped. TN)Ústoppedr8rrrÚserviceStoppedõszMockService.serviceStoppedcCs|j d|¡dS)z: A message that this service responds to. rnN)rÚ sendPacketrArrrÚssh_TESTüszMockService.ssh_TESTN) rrrrDÚnamerqrsZprotocolMessagesrprrrtrvrrrrrlÝs rlc@s0eZdZdZdeiZdd„Zdd„Zdd„Zd S) Ú MockFactoryzL A mocked-up factory based on twisted.conch.ssh.factory.SSHFactory. ó ssh-userauthcCstj tj¡tj tj¡dœS)zG Return the public keys that authenticate this server. ©óssh-rsasssh-dsa)r ÚKeyÚ fromStringr ÚpublicRSA_opensshZpublicDSA_opensshr8rrrÚ getPublicKeys s  þzMockFactory.getPublicKeyscCstj tj¡tj tj¡dœS)zH Return the private keys that authenticate this server. rz)r r|r}r ÚprivateRSA_opensshZprivateDSA_opensshr8rrrÚgetPrivateKeyss  þzMockFactory.getPrivateKeyscCsdt d¡dffddœS)a/ Diffie-Hellman primes that can be used for key exchange algorithms that use group exchange to establish a prime / generator group. @return: The primes and generators. @rtype: L{dict} mapping the key size to a C{list} of C{(generator, prime)} tuple. éódiffie-hellman-group14-sha1rH))éé)éi)r.ÚgetDHGeneratorAndPrimer8rrrÚ getPrimessÿÿýzMockFactory.getPrimesN) rrrrDrlÚservicesrrrˆrrrrrxsÿ  rxc@seZdZdZdd„ZdS)ÚMockOldFactoryPublicKeysz… The old SSHFactory returned mappings from key names to strings from getPublicKeys(). We return those here for testing. cCs4t |¡}| ¡dd…D]\}}| ¡||<q|S)zJ We used to map key types to public key blobs as strings. N)rxrÚitemsÚblob©rr rwÚkeyrrrr8s z&MockOldFactoryPublicKeys.getPublicKeysN)rrrrDrrrrrrŠ2srŠc@seZdZdZdd„ZdS)ÚMockOldFactoryPrivateKeysz— The old SSHFactory returned mappings from key names to cryptography key objects from getPrivateKeys(). We return those here for testing. cCs2t |¡}| ¡dd…D]\}}|j||<q|S)zG We used to map key types to cryptography key objects. N)rxrr‹Z keyObjectrrrrrIs  z(MockOldFactoryPrivateKeys.getPrivateKeysN)rrrrDrrrrrrCsrc@s4eZdZdZdZereZdd„Zdd„Zdd„Z dS) ÚTransportTestCasez. Base class for transport test cases. NcsVt ¡ˆ_ˆ ¡ˆ_gˆ_dd„}ˆ td|¡‡fdd„}ˆj ˆj¡|ˆj_ dS)NcSsd|S)z; Return a consistent entropy value ó™r)rKrrrÚ secureRandombsz-TransportTestCase.setUp..secureRandomr’csˆj ||f¡dS©N)Úpacketsr;)Ú messageTyperWr8rrÚstubSendPackethsz/TransportTestCase.setUp..stubSendPacket) r/ÚStringTransportrÚklassÚprotor”Zpatchr'ÚmakeConnectionru)rr’r–rr8rÚsetUp^s   zTransportTestCase.setUpcCs2| d¡| tj|j¡| dd¡|j|_dS)zâ Deliver enough additional messages to C{proto} so that the key exchange which is started in L{SSHTransportBase.connectionMade} completes and non-key exchange messages can be sent and received. sSSH-2.0-BogoClient-1.2i ófoosbarN)Ú dataReceivedÚdispatchMessagerÚ MSG_KEXINITÚ_A_KEXINIT_MESSAGEÚ _keySetupZ_KEY_EXCHANGE_NONEÚ_keyExchangeState©rr™rrrÚfinishKeyExchangeos ÿ z#TransportTestCase.finishKeyExchangecCs&|jj|j_g|j_|j ||¡dS)zã Finish a key exchange by calling C{_keySetup} with the given arguments. Also do extra whitebox stuff to satisfy that method's assumption that some kind of key exchange has actually taken place. N)r™Z_KEY_EXCHANGE_REQUESTEDr¢Z_blockedByKeyExchanger¡)rÚ sharedSecretÚ exchangeHashrrrÚsimulateKeyExchange‚s z%TransportTestCase.simulateKeyExchange) rrrrDr˜ÚdependencySkipÚskipr›r¤r§rrrrrTsrc@seZdZdZdZeZdS)ÚDHGroupExchangeSHA1Mixinz= Mixin for diffie-hellman-group-exchange-sha1 tests. ó"diffie-hellman-group-exchange-sha1N)rrrrDÚ kexAlgorithmrÚ hashProcessorrrrrrªŽsrªc@seZdZdZdZeZdS)ÚDHGroupExchangeSHA256Mixinz? Mixin for diffie-hellman-group-exchange-sha256 tests. ó$diffie-hellman-group-exchange-sha256N©rrrrDr¬r r­rrrrr®˜sr®c@seZdZdZdZeZdS)Ú ECDHMixinz8 Mixin for elliptic curve diffie-hellman tests. óecdh-sha2-nistp256Nr°rrrrr±¢sr±c@seZdZdZeZdS)ÚBaseSSHTransportBaseCasez, Base case for TransportBase tests. N)rrrrDr1r˜rrrrr³¬sr³c@sÈeZdZdZereZde d¡e d¡e d¡e d¡e d¡e d¡e d¡e d¡e d¡e d¡d d Zd d „Z d d„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Z d;d<„Z!d=d>„Z"d?d@„Z#dAdB„Z$dCdD„Z%dEdF„Z&dGdH„Z'dIdJ„Z(dKdL„Z)dMdN„Z*dOdP„Z+dQdR„Z,dSdT„Z-dUdV„Z.dWdX„Z/dYdZ„Z0d[S)\ÚBaseSSHTransportTestszs Test TransportBase. It implements the non-server/client specific parts of the SSH transport protocol. 󪪪ªªªªªªªªªªªªªrƒr{ó aes256-ctró hmac-sha1ónoneróócCsp|j ¡ dd¡d}| |dt d¡¡| d¡tdƒd…}dd  d d „t j Dƒ¡d }|  ||¡dS) a Test that the first thing sent over the connection is the version string. The 'softwareversion' part must consist of printable US-ASCII characters, with the exception of whitespace characters and the minus sign. RFC 4253, section 4.2. ó rHrsSSH-2.0-Twisted_ÚasciizSSH-2.0-Nz^(ú|css(|] }|dkr| ¡st |¡VqdS)ú-N)ÚisspaceÚreÚescape©Ú.0ÚcrrrÚ Üsÿz9BaseSSHTransportTests.test_sendVersion..z)*$) rÚvalueÚsplitÚ assertEqualÚtwisted_versionÚencodeÚdecoderKÚjoinÚstringZ printableZ assertRegex)rÚversionZsoftwareVersionZsoftwareVersionRegexrrrÚtest_sendVersionËs  ÿ ÿÿüÿz&BaseSSHTransportTests.test_sendVersioncCsltƒ}| |j¡| d¡| d¡| d¡| |jj¡| d¡| |jj¡| d|j ¡¡dS)zÈ When the peer is not sending its SSH version but keeps sending data, the connection is disconnected after 4KB to prevent buffering too much and running our of memory. sSSH-2-Server-IdentifiersÜ1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890s1235678s1234567s%Preventing a denial of service attackN) r1ršrrÚ assertFalseZ disconnectingÚ assertTrueZassertInrÆ©rZsutrrrÚ'test_dataReceiveVersionNotSentMemoryDOSãs     z=BaseSSHTransportTests.test_dataReceiveVersionNotSentMemoryDOScCsXtƒ}| |j¡| |¡|j ¡tdƒ}d}| ||¡|j ¡}| |d¡dS)a@ Test that plain (unencrypted, uncompressed) packets are sent correctly. The format is:: uint32 length (including type and padding length) byte padding length byte type bytes[length-padding length-2] data bytes[padding length] padding ÚAóBCDEFGs ABCDEFG™™™™N) r1ršrr¤ÚclearÚordrurÆrÈ)rr™r?rWrÆrrrÚtest_sendPacketPlainùs      z*BaseSSHTransportTests.test_sendPacketPlaincCsptƒ}| |j¡| |¡tƒ|_}tdƒ}d}|j ¡| ||¡|  |j ¡|j  ¡}|  |d¡dS)z‡ Test that packets sent while encryption is enabled are sent correctly. The whole packet should be encrypted. rÔóBCs ABC™™™™N) r1ršrr¤rEÚcurrentEncryptionsr×rÖrurÑrJrÆrÈ©rr™Ú testCipherr?rWrÆrrrÚtest_sendPacketEncrypteds       ýz.BaseSSHTransportTests.test_sendPacketEncryptedcCsXtƒ}| |j¡| |¡tƒ|_|j ¡| tdƒd¡|j  ¡}|  |d¡dS)z Test that packets sent while compression is enabled are sent correctly. The packet type and data should be encrypted. rÔóBs BAf™™™™™™™™N) r1ršrr¤rbÚoutgoingCompressionrÖrur×rÆrÈ)rr™rÆrrrÚtest_sendPacketCompressed+s    þz/BaseSSHTransportTests.test_sendPacketCompressedcCsxtƒ}| |j¡| |¡tƒ|_}tƒ|_tdƒ}d}|j  ¡|  ||¡|  |j ¡|j  ¡}| |d¡dS)z× Test that packets sent while compression and encryption are enabled are sent correctly. The packet type and data should be compressed and then the whole packet should be encrypted. rÔrÙs CBAf™™™™™™™™™N)r1ršrr¤rErÚrbrßr×rÖrurÑrJrÆrÈrÛrrrÚtest_sendPacketBoth<s       ýz)BaseSSHTransportTests.test_sendPacketBothcCshtƒ}| |j¡| |¡|j ¡| tdƒd¡|j ¡d|_|  |  ¡d¡|  |jd¡dS)zt Test that packets are retrieved correctly out of the buffer when no encryption is enabled. rÔrÙsextrasABCN) r1ršrr¤rÖrur×rÆÚbufrÈÚ getPacketr£rrrÚtest_getPacketPlain[s   z)BaseSSHTransportTests.test_getPacketPlaincCs¾tƒ}dd„|_| |j¡|j ¡tƒ|_}| tdƒd¡|j  ¡}|dtj …|_ |  |  ¡¡| |j¡| |jd¡|j |tj d…7_ | |  ¡d¡| |j d¡dS) zl Test that encrypted packets are retrieved correctly. See test_sendPacketEncrypted. cSsdSr“rrrrrÚprz?BaseSSHTransportTests.test_getPacketEncrypted..rÔóBCDNs AóABCDr)r1Ú sendKexInitršrrÖrErÚrur×rÆrRrâÚ assertIsNonerãrÑrQrÈÚfirst)rr™rÜrÆrrrÚtest_getPacketEncryptedjs      z-BaseSSHTransportTests.test_getPacketEncryptedcCsftƒ}| |j¡| |¡|j ¡tƒ|_|j|_| t dƒd¡|j  ¡|_ |  |  ¡d¡dS)zo Test that compressed packets are retrieved correctly. See test_sendPacketCompressed. rÔrærçN)r1ršrr¤rÖrbrßÚincomingCompressionrur×rÆrârÈrãr£rrrÚtest_getPacketCompresseds    z.BaseSSHTransportTests.test_getPacketCompressedcCsntƒ}dd„|_| |j¡|j ¡tƒ|_tƒ|_|j|_ |  t dƒd¡|j  ¡|_ | | ¡d¡dS)zv Test that compressed and encrypted packets are retrieved correctly. See test_sendPacketBoth. cSsdSr“rrrrrrå•rz:BaseSSHTransportTests.test_getPacketBoth..rÔrÕsABCDEFGN)r1rèršrrÖrErÚrbrßrìrur×rÆrârÈrãr£rrrÚtest_getPacketBoths    z(BaseSSHTransportTests.test_getPacketBothcCs>t dddd¡}d}}|jjD]}| | |||¡¡q dS)z? Test that all the supportedCiphers are valid. óArÞóCóDóN)rÚ SSHCiphersr™ÚsupportedCiphersrÑÚ _getCipher)rÚciphersÚivrŽÚcipNamerrrÚtest_ciphersAreValid s z*BaseSSHTransportTests.test_ciphersAreValidc Csl|j ¡ dd¡d}||j_|j ¡}| |dd…ttjƒ¡| |dd…d¡t   |dd…d¡\ }}}}}}} } } } } | |d  |jj ¡¡| |d  |jj ¡¡| |d  |jj¡¡| |d  |jj¡¡| |d  |jj¡¡| |d  |jj¡¡| | d  |jj¡¡| | d  |jj¡¡| | d  |jj¡¡| | d  |jj¡¡| | d ¡dS) a÷ Test that the KEXINIT (key exchange initiation) message is sent correctly. Payload:: bytes[16] cookie string key exchange algorithms string public key algorithms string outgoing ciphers string incoming ciphers string outgoing MACs string incoming MACs string outgoing compressions string incoming compressions bool first packet follows uint32 0 r»rHrés™™™™™™™™™™™™™™™™Né ó,s)rrÆrÇr™rârãrÈrUrŸrZgetNSrÌÚsupportedKeyExchangesÚsupportedPublicKeysrôÚ supportedMACsÚsupportedCompressionsÚsupportedLanguages)rrÆrBZ keyExchangesZpubkeysZciphers1Zciphers2Zmacs1Zmacs2Z compressions1Z compressions2Z languages1Z languages2rârrrÚtest_sendKexInitªs< þ ÿ ÿ ÿz&BaseSSHTransportTests.test_sendKexInitcCs.|j ¡|j tj|j¡| |jg¡dS)zy Immediately after connecting, the transport expects a KEXINIT message and does not reply to it. N)rrÖr™ržrŸr rÈr”r8rrrÚtest_receiveKEXINITReplyÓs  ÿz.BaseSSHTransportTests.test_receiveKEXINITReplycCsX| |j¡|jdd…=|j tj|j¡| t|jƒd¡| |jddtj¡dS)z˜ When a KEXINIT message is received which is not a reply to an earlier KEXINIT message which was sent, a KEXINIT reply is sent. NrHr) r¤r™r”ržrrŸr rÈrKr8rrrÚtest_sendKEXINITReplyÞs  ÿz+BaseSSHTransportTests.test_sendKEXINITReplycCs| t|jj¡dS)a( A new key exchange cannot be started while a key exchange is already in progress. If an attempt is made to send a I{KEXINIT} message using L{SSHTransportBase.sendKexInit} while a key exchange is in progress causes that method to raise a L{RuntimeError}. N)Ú assertRaisesrMr™rèr8rrrÚtest_sendKexInitTwiceFailsìsz0BaseSSHTransportTests.test_sendKexInitTwiceFailscCs‚tjtjg}|j ¡|j`|D]$}|j |d¡| |j ¡d¡q | |j¡t ƒ|j_ |j  ¡| |j ¡  d¡d¡dS)zù After L{SSHTransportBase.sendKexInit} has been called, messages types other than the following are queued and not sent until after I{NEWKEYS} is sent by L{SSHTransportBase._keySetup}. RFC 4253, section 7.1. rœréN) rÚMSG_SERVICE_REQUESTrŸrÖr™rurÈrÆr¤rEÚnextEncryptionsZ_newKeysÚcount)rZdisallowedMessageTypesr•rrrÚtest_sendKexInitBlocksOthersös þ    z2BaseSSHTransportTests.test_sendKexInitBlocksOtherscCs*|j ddd¡| |jtjdfg¡dS)z¦ Test that debug messages are sent correctly. Payload:: bool always display string debug message string language rFTóenótestenN)r™Z sendDebugrÈr”rÚ MSG_DEBUGr8rrrÚtest_sendDebugsÿþz$BaseSSHTransportTests.test_sendDebugcCs8|j tjd¡|j tjd¡| |jjddg¡dS)zW Test that debug messages are received correctly. See test_sendDebug. r ssilenten)TrFr )Fssilentr N)r™ržrrrÈr5r8rrrÚtest_receiveDebug)sþþþz'BaseSSHTransportTests.test_receiveDebugcCs&|j d¡| |jtjdfg¡dS)zk Test that ignored messages are sent correctly. Payload:: string ignored data rFstestN)r™Ú sendIgnorerÈr”rÚ MSG_IGNOREr8rrrÚtest_sendIgnore8s ÿÿz%BaseSSHTransportTests.test_sendIgnorecCs&|j tjd¡| |jjdg¡dS)zb Test that ignored messages are received correctly. See test_sendIgnore. rFN)r™ržrrrÈr6r8rrrÚtest_receiveIgnoreCsz(BaseSSHTransportTests.test_receiveIgnorecCs$|j ¡| |jtjdfg¡dS)zt Test that unimplemented messages are sent correctly. Payload:: uint32 sequence number rºN)r™ZsendUnimplementedrÈr”rÚMSG_UNIMPLEMENTEDr8rrrÚtest_sendUnimplementedLs ÿÿz,BaseSSHTransportTests.test_sendUnimplementedcCs&|j tjd¡| |jjdg¡dS)zo Test that unimplemented messages are received correctly. See test_sendUnimplemented. sÿrnN)r™ržrrrÈr4r8rrrÚtest_receiveUnimplementedWs ÿz/BaseSSHTransportTests.test_receiveUnimplementedcsPdg‰‡fdd„}||j_|j dd¡| |jtjdfg¡| ˆd¡dS) z² Test that disconnection messages are sent correctly. Payload:: uint32 reason code string reason description string language Fcs dˆd<dS©NTrrr©Z disconnectedrrÚstubLoseConnectioniszEBaseSSHTransportTests.test_sendDisconnect..stubLoseConnectionrnrFsÿtestrN)rÚloseConnectionr™ZsendDisconnectrÈr”ÚMSG_DISCONNECTrÑ©rrrrrÚtest_sendDisconnectas ÿþz)BaseSSHTransportTests.test_sendDisconnectcsNdg‰‡fdd„}||j_|j tjd¡| |jjdg¡| ˆd¡dS)zl Test that disconnection messages are received correctly. See test_sendDisconnect. Fcs dˆd<dSrrrrrrrzszHBaseSSHTransportTests.test_receiveDisconnect..stubLoseConnections ÿtest©rnrFrN)rrr™ržrrÈr3rÑrrrrÚtest_receiveDisconnectts  ÿz,BaseSSHTransportTests.test_receiveDisconnectcs`dg‰‡fdd„}||j_|j |j ¡¡| |jj¡| |jj|jj ¡| ˆd¡dS)ze Test that dataReceived parses packets and dispatches them to ssh_* methods. Fcs dˆd<dSrr)rB©ZkexInitrrÚ stubKEXINIT‰sz.stubKEXINITrN) r™Ú ssh_KEXINITrrrÆrÑÚ gotVersionrÈÚourVersionStringÚotherVersionString)rr"rr!rÚtest_dataReceivedƒs  ÿz'BaseSSHTransportTests.test_dataReceivedcCs’tƒ}|j |¡| |jj|¡| |j¡|j dd¡| |jdg¡tƒ}|j |¡| |j¡| |j ¡|j  d¡| |j ¡dS)zŒ Test that the transport can set the running service and dispatches packets to the service's packetReceived method. rnrFrN) rlr™Ú setServicerÈr-rÑrqržr”rsÚconnectionLost)rr-Zservice2rrrÚ test_service“s      z"BaseSSHTransportTests.test_servicecs@dg‰‡fdd„}||j_d|j_|j d¡| ˆd¡dS)zP Test that the transport notifies the avatar of disconnections. Fcs dˆd<dSrrrrrrÚlogout­sz1BaseSSHTransportTests.test_avatar..logoutTNr)r™ZlogoutFunctionZavatarr)rÑ)rr+rrrÚ test_avatar¨s   z!BaseSSHTransportTests.test_avatarcCsÖ| |j d¡¡| |j d¡¡| |j d¡¡tƒ|j_| |j d¡¡| |j d¡¡| |j d¡¡t dddd¡|j_| |j d¡¡| |j d¡¡| |j d¡¡| t |jjd¡dS)zS Test that the transport accurately reflects its encrypted status. ÚinÚoutÚbothr¸ÚbadN) rÐr™Ú isEncryptedrErÚrÑrrórÚ TypeErrorr8rrrÚtest_isEncrypted¶s ÿz&BaseSSHTransportTests.test_isEncryptedcCsÖ| |j d¡¡| |j d¡¡| |j d¡¡tƒ|j_| |j d¡¡| |j d¡¡| |j d¡¡t dddd¡|j_| |j d¡¡| |j d¡¡| |j d¡¡| t |jjd¡dS)zR Test that the transport accurately reflects its verified status. r-r.r/r¸r0N) rÐr™Ú isVerifiedrErÚrÑrrórr2r8rrrÚtest_isVerifiedÊs ÿz%BaseSSHTransportTests.test_isVerifiedcsddg‰‡fdd„}||j_|j ¡| |jddtj¡| |jdddd…ttjƒ¡dS) zh Test that loseConnection sends a disconnect message and closes the connection. Fcs dˆd<dSrrrrrrräszEBaseSSHTransportTests.test_loseConnection..stubLoseConnectionrrHr‚éN)rrr™rÈr”rrUÚDISCONNECT_CONNECTION_LOSTrrrrÚtest_loseConnectionÞs  ÿz)BaseSSHTransportTests.test_loseConnectioncs(‡fdd„}|dƒ|dƒ|dƒdS)zU Test that the transport disconnects when it receives a bad version. cs”gˆ_dˆj_dg‰‡fdd„}|ˆj_t|dƒD]}ˆj |¡q4ˆ ˆd¡ˆ ˆjddtj ¡ˆ ˆjdddd…t tj ƒ¡dS) NFcs dˆd<dSrrrrrrrõszRBaseSSHTransportTests.test_badVersion..testBad..stubLoseConnectionr»rrHr‚r6) r”r™r$rrr*rrÑrÈrrUZ)DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED)rÎrrÄr8rrÚtestBadñs þz6BaseSSHTransportTests.test_badVersion..testBadsSSH-1.5-OpenSSHsSSH-3.0-TwistedsGET / HTTP/1.1Nr)rr9rr8rÚtest_badVersionís z%BaseSSHTransportTests.test_badVersioncsXtƒ‰ˆ t ¡¡dˆjd}‡fdd„t|ƒDƒ| ˆj¡| ˆj ˆj¡dS)zV Test that the transport ignores data sent before the version string. s5here's some stuff beforehand here's some other stuff r»csg|]}ˆ |¡‘qSr)rr©r™rrÚ sz@BaseSSHTransportTests.test_dataBeforeVersion..N) r1ršr/r—r%r*rÑr$rÈr&©rÚdatarr;rÚtest_dataBeforeVersionsþþ z,BaseSSHTransportTests.test_dataBeforeVersioncCs<tƒ}| t ¡¡| d¡| |j¡| |jd¡dS)zw Test that the transport treats the compatibility version (1.99) as equivalent to version 2.0. sSSH-1.99-OpenSSH sSSH-1.99-OpenSSHN© r1ršr/r—rrÑr$rÈr&r£rrrÚtest_compatabilityVersions   z/BaseSSHTransportTests.test_compatabilityVersioncCs<tƒ}| t ¡¡| d¡| |j¡| |jd¡dS)zµ It can parse the SSH version string even when it ends only in Unix newlines (CR) and does not follows the RFC 4253 to use network newlines (CR LF). s,SSH-2.0-PoorSSHD Some-comment here more-datas"SSH-2.0-PoorSSHD Some-comment hereNr@rÒrrrÚ&test_dataReceivedSSHVersionUnixNewlinesÿ þzSSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) more-datas3SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) Nr@rÒrrrÚ)test_dataReceivedSSHVersionTrailingSpaces2s ÿ þz?BaseSSHTransportTests.test_dataReceivedSSHVersionTrailingSpacescCs4tƒ}d|_| t ¡¡| d¡| |j¡dS)z• If an unusual SSH version is received and is included in C{supportedVersions}, an unsupported version error is not emitted. )ó9.99óSSH-9.99-OpenSSH N)r1ÚsupportedVersionsršr/r—rrÐr7r£rrrÚ test_supportedVersionsAreAllowedJs  z6BaseSSHTransportTests.test_supportedVersionsAreAllowedcCs6tƒ}d|_| t ¡¡| d¡| d|j¡dS)z• If an unusual SSH version is received and is not included in C{supportedVersions}, an unsupported version error is emitted. )s2.0rErDN)r1rFršr/r—rrÈr7r£rrrÚ6test_unsupportedVersionsCallUnsupportedVersionReceivedVs  zLBaseSSHTransportTests.test_unsupportedVersionsCallUnsupportedVersionReceivedcs’tjf‡fdd„ }|dƒ|dƒˆjj}tƒˆj_|dtjƒdd„ˆjj_|dƒ|ˆj_tƒˆj_d d „}|ˆjj_ |d tj ƒˆ  ¡d S) zi Test that the transport disconnects with an error when it receives bad packets. csngˆ_|ˆj_ˆ ˆj ¡¡ˆ tˆjƒd¡ˆ ˆjddtj¡ˆ ˆjdddd…t |ƒ¡dS)NrHrr‚r6) r”r™rârérãrÈrKrrrU)rBÚerrorr8rrr9gs z6BaseSSHTransportTests.test_badPackets..testBadsÿÿÿÿÿÿÿÿs BCDEs AB123456cSs |dd…Srcr)rOrrrråurz7BaseSSHTransportTests.test_badPackets..sBCDEFGHIJKcSs tdƒ‚dS)Nzbad compression)Ú Exception)rWrrrÚstubDecompressysz=BaseSSHTransportTests.test_badPackets..stubDecompresss BCDEN) rÚDISCONNECT_PROTOCOL_ERRORr™rÚrEZDISCONNECT_MAC_ERRORrSrbrìrgZDISCONNECT_COMPRESSION_ERRORZflushLoggedErrors)rr9ZoldEncryptionsrKrr8rÚtest_badPacketsbs$ ÿ  ÿz%BaseSSHTransportTests.test_badPacketscs˜ˆjj}|f‡fdd„ }ˆj dd¡|ƒdtjd<ˆj dd¡|ƒˆj dd¡|ƒˆj tƒ¡ˆj dd¡|ƒˆj d d¡|ƒd S) zj Test that unimplemented packet types cause MSG_UNIMPLEMENTED packets to be sent. csNˆ ˆjddtj¡ˆ ˆjdddd…t|ƒ¡gˆj_|d7}dS)NrrHr‚r6)rÈr”rrrUr™)r=r8rrÚcheckUnimplemented‡s ÿ"zKBaseSSHTransportTests.test_unimplementedPackets..checkUnimplementedé(rs MSG_fictioné)é<éFroN)r™rYržrZmessagesr(rl)rr=rNrr8rÚtest_unimplementedPacketss z/BaseSSHTransportTests.test_unimplementedPacketscCs¼|j}| |j ¡¡tƒ|_tƒ|_tƒ|_|  t ƒ¡t ƒ}|  t  ¡¡| d¡| |j|j¡| |j|j¡| |j|j¡| |j|j¡| |j|j¡| |j|j¡dS)zD Test that multiple instances have distinct states. rN)r™rrrÆrErÚrbrßrìr(rlr1ršr/r—rZassertNotEqualr$rVrYr-)rr™Úproto2rrrÚtest_multipleClassesœs*  ÿÿÿz*BaseSSHTransportTests.test_multipleClassesN)1rrrrDr¨r©rrr rÏrÓrØrÝràrárärërírîrùrrrrr rrrrrrrr r'r*r,r3r5r8r:r?rArBrCrGrHrMrSrUrrrrr´µsŠÿþýüûúùø ÷ ö õ õÿ )  %       r´c@seZdZdZdd„ZdS)Ú'BaseSSHTransportDHGroupExchangeBaseCasez@ Diffie-Hellman group exchange tests for TransportBase. cCsZ|j|j_d|j_| d|jj¡ ¡}| d|¡ ¡}| |j ddd¡||¡dS)z? Test that _getKey generates the correct keys. óEFsABCDKrçóKóABóCDN)r¬r™ÚkexAlgÚ sessionIDr­ÚdigestrÈÚ_getKey)rZk1Zk2rrrÚ test_getKeyºs  ÿz3BaseSSHTransportDHGroupExchangeBaseCase.test_getKeyN)rrrrDr_rrrrrVµsrVc@seZdZdZdS)Ú(BaseSSHTransportDHGroupExchangeSHA1TestszE diffie-hellman-group-exchange-sha1 tests for TransportBase. N©rrrrDrrrrr`Èsr`c@seZdZdZdS)Ú*BaseSSHTransportDHGroupExchangeSHA256TestszG diffie-hellman-group-exchange-sha256 tests for TransportBase. NrarrrrrbÑsrbc@seZdZdZdS)Ú"BaseSSHTransportEllipticCurveTestsz4 ecdh-sha2-nistp256 tests for TransportBase NrarrrrrcÚsrcc@s\eZdZdZddd„Zddd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dS)Ú#ServerAndClientSSHTransportBaseCasezF Tests that need to be run on both the server and the client. NcCsL|dkrtj}| |jddtj¡| |jdddd…t|ƒ¡dS)zI Helper function to check if the transport disconnected. NrdrrHr‚r6)rrLrÈr”rrUrirrrÚcheckDisconnectedèsz5ServerAndClientSSHTransportBaseCase.checkDisconnectedcCsP|dkrtj}| ¡}||ƒ| t ¡¡|j |j ¡¡|rL|  |¡|S)zy Helper function to connect a modified protocol to the test protocol and test for disconnection. N) rÚDISCONNECT_KEY_EXCHANGE_FAILEDr˜ršr/r—r™rrÆre)rZprotoModificationrjrTrrrÚconnectModifiedProtocolòs z;ServerAndClientSSHTransportBaseCase.connectModifiedProtocolcCsdd„}| |¡dS)z` Test that the transport disconnects if it can't match the key exchange cSs g|_dSr“©rý©rTrrrÚblankKeyExchangessz\ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex..blankKeyExchangesN©rg)rrjrrrÚtest_disconnectIfCantMatchKexszAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKexcCsdd„}| |¡dS)zP Like test_disconnectIfCantMatchKex, but for the key algorithm. cSs g|_dSr“)rþrirrrÚblankPublicKeyssz]ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlg..blankPublicKeysNrk)rrmrrrÚ test_disconnectIfCantMatchKeyAlg szDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlgcCsdd„}| |¡dS)zN Like test_disconnectIfCantMatchKex, but for the compression. cSs g|_dSr“©rrirrrÚblankCompressionsszdServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompression..blankCompressionsNrk)rrprrrÚ%test_disconnectIfCantMatchCompressionszIServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompressioncCsdd„}| |¡dS)zM Like test_disconnectIfCantMatchKex, but for the encryption. cSs g|_dSr“©rôrirrrÚ blankCiphers#szZServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipher..blankCiphersNrk)rrsrrrÚ test_disconnectIfCantMatchCipherszDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCiphercCsdd„}| |¡dS)zF Like test_disconnectIfCantMatchKex, but for the MAC. cSs g|_dSr“©rÿrirrrÚ blankMACs,szTServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMAC..blankMACsNrk)rrvrrrÚtest_disconnectIfCantMatchMAC(szAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMACcCs$| |j ¡t |jj ¡¡¡dS)z‰ Test that the transport's L{getPeer} method returns an L{SSHTransportAddress} with the L{IAddress} of the peer. N)rÈr™ZgetPeerr,ÚSSHTransportAddressrr8rrrÚ test_getPeer1s   ÿÿz0ServerAndClientSSHTransportBaseCase.test_getPeercCs$| |j ¡t |jj ¡¡¡dS)z‰ Test that the transport's L{getHost} method returns an L{SSHTransportAddress} with the L{IAddress} of the host. N)rÈr™ZgetHostr,rxrr8rrrÚ test_getHost;s   ÿÿz0ServerAndClientSSHTransportBaseCase.test_getHost)N)N) rrrrDrergrlrnrqrtrwryrzrrrrrdãs ÿ       rdc@s&eZdZdZejZdd„Zdd„ZdS)ÚServerSSHTransportBaseCasez1 Base case for SSHServerTransport tests. cCs$t |¡tƒ|j_|jj ¡dSr“)rr›rxr™r Ú startFactoryr8rrrr›Ns  z ServerSSHTransportBaseCase.setUpcCs t |¡|jj ¡|j`dSr“)rÚtearDownr™r Z stopFactoryr8rrrr}Ts  z#ServerSSHTransportBaseCase.tearDownN) rrrrDrrr˜r›r}rrrrr{Fsr{c@sxeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„ZdS)ÚServerSSHTransportTestsz' Tests for SSHServerTransport. cCs|j d¡| |jjd¡| |jjd¡| |jjd¡| |jjd¡|jj}| |jd¡| |j d¡| |j d¡| |j d¡dS)z° Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm found in the client's preference list. s SSH-2.0-Twisted ô™™™™™™™™™™™™™™™™bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256ssh-dss,ssh-rsa…aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc…aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbchmac-md5,hmac-sha1hmac-md5,hmac-sha1 none,zlib none,zlib™™™™r«sssh-dssr¸s aes128-ctróhmac-md5N© r™rrÈr[ÚkeyAlgÚoutgoingCompressionTypeÚincomingCompressionTyper r\r]r_r^©rÚnerrrÚtest_KEXINITMultipleAlgorithms`s(ÿ ÿ ÿ ÿ ÿz6ServerSSHTransportTests.test_KEXINITMultipleAlgorithmscCsüdd dd„dd„|jjddd…|jj|jj|jj|jj|jj|jj|jj|jj|jjf DƒDƒ¡d}|j |¡|  |jj ¡|j  d ¡|  |jj ¡|j  d ¡|  |jj ¡| |jg¡d |j_ |j d ¡|  |jj ¡| |jg¡dS) a< The client is allowed to send a guessed key exchange packet after it sends the KEXINIT packet. However, if the key exchanges do not match, that guess packet must be ignored. This tests that the packet is ignored in the case of the key exchange method not matching. ròrcSsg|]}t |¡‘qSr©rr©rÃrOrrrr<szEServerSSHTransportTests.test_ignoreGuessPacketKex..cSsg|]}d |¡‘qS©rü©rÌ©rÃÚyrrrr<sNrdóÿó testóTó ©rÌr™rýrþrôrÿrrr#rÑZignoreNextPacketZ ssh_DEBUGÚssh_KEX_DH_GEX_REQUEST_OLDrÐrÈr”Ússh_KEX_DH_GEX_REQUEST©rZ kexInitPacketrrrÚtest_ignoreGuessPacketKex†s< ÷ÿÿÿ ó    z1ServerSSHTransportTests.test_ignoreGuessPacketKexcCsüdd dd„dd„|jj|jjddd…|jj|jj|jj|jj|jj|jj|jj|jjf DƒDƒ¡d}|j |¡|  |jj ¡|j  d ¡|  |jj ¡|j  d ¡|  |jj ¡| |jg¡d |j_ |j d ¡|  |jj ¡| |jg¡dS) zk Like test_ignoreGuessPacketKex, but for an incorrectly guessed public key format. ròrcSsg|]}t |¡‘qSrr‡rˆrrrr<±szEServerSSHTransportTests.test_ignoreGuessPacketKey..cSsg|]}d |¡‘qSr‰rŠr‹rrrr<²sNrdrrŽrTrr‘r”rrrÚtest_ignoreGuessPacketKey«s< ÷ÿÿÿ ó    z1ServerSSHTransportTests.test_ignoreGuessPacketKeyc Cs`|g|j_dg|j_|j |j ¡¡t |¡\}}t|d|ƒ}|j  t   |¡¡t   d¡d}t   |jj||jj¡}t   |||jj¡}tƒ}| t  |jj¡d¡| t  |jj¡d¡| t  |jjjd ¡¡¡| t   |¡¡| |¡| |¡| ¡} |jjjd | ¡} | |jtjt  |jjjd ¡¡|t  | ¡ftjdfg¡dS)zó Test that the KEXDH_INIT packet causes the server to send a KEXDH_REPLY with the server's public key and a signature. @param kexAlgorithm: The key exchange algorithm to use. @type kexAlgorithm: L{str} r{iˆsD@™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™rrrN)r™rýrþrrrÆr.r‡Úpowr’rÚMPÚgetMPÚ_MPpowÚgÚprÚupdaterr%ÚourKexInitPayloadr Ú publicKeysrŒr]Ú privateKeysÚsignrÈr”ZMSG_KEXDH_REPLYÚ MSG_NEWKEYS) rr¬r›rœÚerŒÚfr¥Úhr¦Ú signaturerrrÚassertKexDHInitResponseÍs@     ÿÿÿÿýþz/ServerSSHTransportTests.assertKexDHInitResponsecCs,d|j_d|j_| t|jjt d¡¡dS)ú Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message and the key exchange algorithm is not set, we raise a ConchError. s bad-curver{s unused-keyN)r™r[rrrZ_ssh_KEX_ECDH_INITrrr8rrrÚ%test_checkBad_KEX_ECDH_INIT_CurveNameõs þz=ServerSSHTransportTests.test_checkBad_KEX_ECDH_INIT_CurveNamecCs”dt d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡dd }|j |¡| t¡| t¡d S) zy Test that if the server received a bad name for a curve we raise an UnsupportedAlgorithm error. rµr²r{r¶r·r¸rr¹rºN)rrr™r#rÚAttributeErrorr)rÚkexmsgrrrÚ test_checkBad_KEX_INIT_CurveNames:ÿþýüûúùø ÷ ö õ õÿ  z8ServerSSHTransportTests.test_checkBad_KEX_INIT_CurveNamecCs| d¡dS)z… KEXDH_INIT messages are processed when the diffie-hellman-group14-sha1 key exchange algorithm is requested. rƒN)r§r8rrrÚtest_KEXDH_INIT_GROUP14sz/ServerSSHTransportTests.test_KEXDH_INIT_GROUP14c s²dˆj_tƒˆj_ˆ dd¡ˆ ˆjjd¡ˆ dd¡ˆ ˆjjd¡ˆ ˆjdtj df¡‡fdd„t d ƒDƒ}ˆ ˆjjj |d |d |d |d |d|df¡dS)úG Test that _keySetup sets up the next encryption keys. rƒrYrZrWrdrcsg|]}ˆj |dd¡‘qS©rYrW©r™r^rÂr8rrr<,sÿz9ServerSSHTransportTests.test_keySetup..óABCDEFrHr‚rrr„r6N© r™r[rEr r§rÈr\r”rr¢r*r ©rZnewKeysrr8rÚ test_keySetup!s     ÿÿþz%ServerSSHTransportTests.test_keySetupc s²dˆj_tƒˆj_ˆ dd¡ˆ ˆjjd¡ˆ dd¡ˆ ˆjjd¡ˆ ˆjdtj df¡‡fdd„t d ƒDƒ}ˆ ˆjjj |d |d |d |d |d|df¡dS)r®r²rYrZrWrdrcsg|]}ˆj |dd¡‘qSr¯r°rÂr8rrr<?sÿz>ServerSSHTransportTests.test_ECDH_keySetup..r±rHr‚rrr„r6Nr²r³rr8rÚtest_ECDH_keySetup4s     ÿÿþz*ServerSSHTransportTests.test_ECDH_keySetupcCs¸| ¡t dddd¡|j_|j d¡| |jj|jj¡| |jj ¡| |jj ¡d|j_ |  dd¡|j d¡|  |jj ¡d|j_|  dd¡|j d¡|  |jj ¡dS)zj Test that NEWKEYS transitions the keys in nextEncryptions to currentEncryptions. r¸rózlibrYrZrWN)r†rrór™r Ú ssh_NEWKEYSÚassertIsrÚrérßrìr‚r§ÚassertIsNotNonerƒr8rrrÚ test_NEWKEYSGs&ÿ  ÿ    z$ServerSSHTransportTests.test_NEWKEYScCsD|j t d¡¡| |jtjt d¡fg¡| |jjj d¡dS)z^ Test that the SERVICE_REQUEST message requests and starts a service. ryrmN) r™Ússh_SERVICE_REQUESTrrrÈr”rZMSG_SERVICE_ACCEPTr-rwr8rrrÚtest_SERVICE_REQUEST_s  ÿz,ServerSSHTransportTests.test_SERVICE_REQUESTcCs|j d¡| ¡dS©zD Test that NEWKEYS disconnects if it receives data. s bad packetN©r™r·rer8rrrÚtest_disconnectNEWKEYSDatajs z2ServerSSHTransportTests.test_disconnectNEWKEYSDatacCs"|j t d¡¡| tj¡dS)zd Test that SERVICE_REQUESTS disconnects if an unknown service is requested. s no serviceN)r™r»rrrerZ DISCONNECT_SERVICE_NOT_AVAILABLEr8rrrÚ(test_disconnectSERVICE_REQUESTBadServicersz@ServerSSHTransportTests.test_disconnectSERVICE_REQUESTBadServiceN)rrrrDr†r•r–r§r©r¬r­r´rµrºr¼r¿rÀrrrrr~[s&%"(  r~c@s8eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd S) Ú)ServerSSHTransportDHGroupExchangeBaseCasezE Diffie-Hellman group exchange tests for SSHServerTransport. cCs’|jg|j_dg|j_|j |j ¡¡|j d¡|jj  ¡  d¡d\}}|  |j tj t |¡dfg¡|  |jjd¡|  |jj|¡dS)z° Test that the KEX_DH_GEX_REQUEST_OLD message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. r{ór†rór‚N)r¬r™rýrþrrrÆr’r rˆÚgetrÈr”ÚMSG_KEX_DH_GEX_GROUPrr˜r›rœ©rZ dhGeneratorZdhPrimerrrÚtest_KEX_DH_GEX_REQUEST_OLDs    ÿþzEServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLDcCsd|j_| t|jjd¡dS)r¨N)r™r[rr0r’r8rrrÚ%test_KEX_DH_GEX_REQUEST_OLD_badKexAlg”s ÿzOServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLD_badKexAlgcCs’|jg|j_dg|j_|j |j ¡¡|j d¡|jj  ¡  d¡d\}}|  |j tj t |¡dfg¡|  |jjd¡|  |jj|¡dS)z¬ Test that the KEX_DH_GEX_REQUEST message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group. r{ó  r†rrÃr‚N)r¬r™rýrþrrrÆr“r rˆrÄrÈr”rÅrr˜r›rœrÆrrrÚtest_KEX_DH_GEX_REQUESTžs    ÿþzAServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUESTc Cst| ¡t|jjd|jjƒ}t d¡d}t |jj||jj¡}t |||jj¡}| ¡}|  t  |jj ¡d¡|  t  |jj ¡d¡|  t  |jj jd ¡¡¡|  d¡|  t |jj¡¡|  t |jj¡¡|  t |¡¡|  |¡|  |¡| ¡}|j t |¡¡| |jdd…tjt  |jj jd ¡¡|t  |jj jd |¡¡ftjd fg¡dS) zÊ Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST_OLD causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. r‚ó™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™rrr{rÂrHNr)rÇr—r™r›rœrr™ršr­rrr%ržr rŸrŒr˜r]Ússh_KEX_DH_GEX_INITrÈr”rÚMSG_KEX_DH_GEX_REPLYr r¡r¢©rr£rŒr¤r¥r¥r¦rrrÚ&test_KEX_DH_GEX_INIT_after_REQUEST_OLD²s>    ÿÿÿÿüþzPServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_OLDc Csf| ¡t|jjd|jjƒ}t d¡d}t |jj||jj¡}t |||jj¡}| ¡}|  t  |jj ¡d¡|  t  |jj ¡d¡|  t  |jj jd ¡¡¡|  d¡|  t |jj¡¡|  t |jj¡¡|  t |¡¡|  |¡|  |¡| ¡}|j t |¡¡| |jdtjt  |jj jd ¡¡|t  |jj jd |¡¡f¡dS) zÆ Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. r‚rËrrr{rÉrHN)rÊr—r™r›rœrr™ršr­rrr%ržr rŸrŒr˜r]rÌrÈr”rrÍr r¡rÎrrrÚ"test_KEX_DH_GEX_INIT_after_REQUESTÒs:   ÿÿÿÿþzLServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUESTN) rrrrDrÇrÈrÊrÏrÐrrrrrÁ|s   rÁc@seZdZdZdS)Ú*ServerSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHServerTransport. NrarrrrrÑôsrÑc@seZdZdZdS)Ú,ServerSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHServerTransport. NrarrrrrÒýsrÒc@s&eZdZdZejZdd„Zdd„ZdS)ÚClientSSHTransportBaseCasez1 Base case for SSHClientTransport tests. cCs@d|_| ||j¡| | dd¡t t|ƒ ¡¡¡t  d¡S)zC Mock version of SSHClientTransport.verifyHostKey. Tó:r) ÚcalledVerifyHostKeyrÈrŒÚreplaceÚbinasciiÚhexlifyrr]r%Úsucceed)rZpubKeyZ fingerprintrrrÚ verifyHostKeys ÿz(ClientSSHTransportBaseCase.verifyHostKeycCsBt |¡tj tj¡ ¡|_tj tj¡|_ d|_ |j |j _ dS)NF) rr›r r|r}r r~rŒr€ÚprivObjrÕrÚr™r8rrrr›s  z ClientSSHTransportBaseCase.setUpN) rrrrDrrr˜rÚr›rrrrrÓs rÓc@sˆeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zd S)!ÚClientSSHTransportTestsz' Tests for SSHClientTransport. cCs|j d¡| |jjd¡| |jjd¡| |jjd¡| |jjd¡|jj}| |jd¡| |j d¡| |j d¡| |j d¡dS)z¨ Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm, ordered after our preference. s SSH-2.0-Twisted ô™™™™™™™™™™™™™™™™bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256ssh-dss,ssh-rsa…aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc…aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbchmac-md5,hmac-sha1hmac-md5,hmac-sha1 zlib,none zlib,none™™™™r¯r{r¸r¶r·Nr€r„rrrr†'s(ÿ ÿ ÿ ÿ ÿz6ClientSSHTransportTests.test_KEXINITMultipleAlgorithmscCs<| t| ¡j¡dd„}| ¡ dd¡}| |j¡ |¡S)z´ verifyHostKey() should return a Deferred which fails with a NotImplementedError exception. connectionSecure() should raise NotImplementedError(). cSs| t¡dSr“)ZtrapÚNotImplementedError)r¤rrrÚ _checkRaisesTszNClientSSHTransportTests.test_notImplementedClientMethods.._checkRaisesN)rrÝr˜ÚconnectionSecurerÚÚ addCallbackZfailZ addErrback)rrÞÚdrrrÚ test_notImplementedClientMethodsMsz8ClientSSHTransportTests.test_notImplementedClientMethodscCsX|g|j_|j |j ¡¡| t |jj¡dd…d¡| |j tj |jj fg¡dS)zç Test that a KEXINIT packet with a group1 or group14 key exchange results in a correct KEXDH_INIT response. @param kexAlgorithm: The key exchange algorithm to use @type kexAlgorithm: L{str} r„Ns@™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™) r™rýrrrÆrÈrr˜rOr”ZMSG_KEXDH_INITr£)rr¬rrrÚassertKexInitResponseForDHZs ÿz2ClientSSHTransportTests.assertKexInitResponseForDHcCs| d¡dS)zq KEXINIT messages requesting diffie-hellman-group14-sha1 result in KEXDH_INIT responses. rƒN)rãr8rrrÚtest_KEXINIT_group14psz,ClientSSHTransportTests.test_KEXINIT_group14cCs2dg|j_|j ¡ dd¡}| t|jj|¡dS)z© Test that the client raises a ConchError if it receives a KEXINIT message but doesn't have a key exchange algorithm that we understand. sdiffie-hellman-group24-sha1sgroup14sgroup24N)r™rýrrÆrÖrr0rr=rrrÚtest_KEXINIT_badKexAlgxs z.ClientSSHTransportTests.test_KEXINIT_badKexAlgcsÞˆ ¡t ˆjjˆjjˆjj¡}tƒ}| t  ˆjj ¡d¡| t  ˆjj ¡d¡| t  ˆj ¡¡| ˆjj ¡| d¡| |¡| ¡‰‡‡fdd„}ˆj ˆ¡}ˆj t  ˆj ¡dt  |¡¡}| |¡|S)zH Test that the KEXDH_REPLY message verifies the server. rscs*ˆ |¡ˆ ˆj¡ˆ ˆjjˆ¡dSr“©rérÑrÕrÈr™r\©rÆ©r¦rrrÚ_cbTestKEXDH_REPLY”s  zDClientSSHTransportTests.test_KEXDH_REPLY.._cbTestKEXDH_REPLY)rärršr™r›rOrœrrrr%ržrŒr£r]rÛr¡Ússh_KEX_DH_GEX_GROUPrà)rr¥r¥rér¦rárrèrÚtest_KEXDH_REPLYƒs*ÿ   ÿÿ z(ClientSSHTransportTests.test_KEXDH_REPLYc s²dˆj_tƒˆj_ˆ dd¡ˆ ˆjjd¡ˆ dd¡ˆ ˆjjd¡ˆ ˆjdtj df¡‡fdd„t d ƒDƒ}ˆ ˆjjj |d |d |d |d |d|df¡dS)r®rƒrYrZrWrdrcsg|]}ˆj |dd¡‘qSr¯r°rÂr8rrr<®sÿz9ClientSSHTransportTests.test_keySetup..r±rrrHr‚r6r„Nr²r³rr8rr´£s     ÿ ÿÿz%ClientSSHTransportTests.test_keySetupcs | ¡dg‰‡fdd„}||j_t dddd¡|j_| dd¡| |jj|jj¡t ƒ|j_|j  d¡|  |jj ¡|  |jj ¡| |jj|jj¡| ˆd¡d |j_| dd ¡|j  d¡| |jj ¡d |j_| dd ¡|j  d¡| |jj ¡d S) zl Test that NEWKEYS transitions the keys from nextEncryptions to currentEncryptions. Fcs dˆd<dSrrr©ZsecurerrÚstubConnectionSecure¼szBClientSSHTransportTests.test_NEWKEYS..stubConnectionSecurer¸rYrZrrr¶sGHsIJN)r†r™rßrrór r§Z assertIsNotrÚrEr·rérßrìr¸rÑr‚r¹rƒ)rrírrìrrºµs< ÿ  ÿ   ÿ    z$ClientSSHTransportTests.test_NEWKEYScCs*tƒ|j_|j d¡| |jjj¡dS)zS Test that the SERVICE_ACCEPT packet starts the requested service. ó MockServiceN)rlr™ÚinstanceÚssh_SERVICE_ACCEPTrÑrqr8rrrÚtest_SERVICE_ACCEPT×s  z+ClientSSHTransportTests.test_SERVICE_ACCEPTcCs(|j tƒ¡| |jtjdfg¡dS)zP Test that requesting a service sends a SERVICE_REQUEST packet. rîN)r™ZrequestServicerlrÈr”rrr8rrrÚtest_requestServiceàs ÿz+ClientSSHTransportTests.test_requestServicecCs,| ¡|j d|jdd¡| tj¡dS)zL Test that KEXDH_REPLY disconnects if the signature is bad. Nr‚ó bad signature)rër™Z_continueKEXDH_REPLYrŒrerrfr8rrrÚ&test_disconnectKEXDH_REPLYBadSignatureész>ClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignaturecCs,dt d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡dd }|j |¡|j d ¡t t ¡tƒ¡|j_ |jj   ¡|j_ t t ¡tƒ¡}|  ¡}|  ¡  ¡}t ¡|j_d|j_|j t tƒ ¡d ¡¡t |¡t d ¡¡| tj¡d S© zO Test that KEX_ECDH_REPLY disconnects if the signature is bad. rµr²r{r¶r·r¸rr¹rºsSSH-2.0-OpenSSH s bad-signatureN©rrr™r#rr Zgenerate_private_keyZ SECP256R1r ZecPrivZ public_keyZecPubZpublic_numbersZ encode_pointZcurver[Z_ssh_KEX_ECDH_REPLYrxrrŒrerrf©rr«ZthisPrivZthisPubZencPubrrrÚ)test_disconnectKEX_ECDH_REPLYBadSignatureòsZÿþýüûúùø ÷ ö õ õÿ   ÿ  ÿÿÿzAClientSSHTransportTests.test_disconnectKEX_ECDH_REPLYBadSignaturecCs|j d¡| ¡dSr½r¾r8rrrr¿s z2ClientSSHTransportTests.test_disconnectNEWKEYSDatacCs"tƒ|j_|j d¡| ¡dS)z€ Test that SERVICE_ACCEPT disconnects if the accepted protocol is differet from the asked-for protocol. sbadN)rlr™rïrðrer8rrrÚtest_disconnectSERVICE_ACCEPT$s  z5ClientSSHTransportTests.test_disconnectSERVICE_ACCEPTcCs<tƒ|j_|j d¡| |jjj¡| t|jƒd¡dS)z° Some commercial SSH servers don't send a payload with the SERVICE_ACCEPT message. Conch pretends that it got the correct name of the service. rrN) rlr™rïrðrÑrqrÈrKr”r8rrrÚtest_noPayloadSERVICE_ACCEPT.s  z4ClientSSHTransportTests.test_noPayloadSERVICE_ACCEPTN)rrrrDr†rârãrärårër´rºrñròrôrør¿rùrúrrrrrÜ"s &   "   * rÜc@s8eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd S) Ú)ClientSSHTransportDHGroupExchangeBaseCasezE Diffie-Hellman group exchange tests for SSHClientTransport. cCs8|jg|j_|j |j ¡¡| |jtjdfg¡dS)zt KEXINIT packet with a group-exchange key exchange results in a KEX_DH_GEX_REQUEST message. ó  N) r¬r™rýrrrÆrÈr”ZMSG_KEX_DH_GEX_REQUESTr8rrrÚtest_KEXINIT_groupexchange@s  þzDClientSSHTransportDHGroupExchangeBaseCase.test_KEXINIT_groupexchangec Csš| ¡|j d¡| |jjd¡| |jjd¡| t |jj¡dd…d¡| |jj t t d|jjdƒ¡¡| |j dd…t j |jj fg¡dS)z’ Test that the KEX_DH_GEX_GROUP message results in a KEX_DH_GEX_INIT message with the client's Diffie-Hellman public key. ó érr„Ns(™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™™rH)rýr™rêrÈrœr›rr˜rOr£r—r”rZMSG_KEX_DH_GEX_INITr8rrrÚtest_KEX_DH_GEX_GROUPMsÿ ÿÿz?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_GROUPcsðˆ ¡t dˆjjˆjj¡}ˆ ¡}| t ˆjj ¡d¡| t ˆjj ¡d¡| t ˆj ¡¡| d¡| d¡| ˆjj ¡| d¡| |¡|  ¡‰‡‡fdd„}ˆj ˆ¡}ˆj t ˆj ¡dt |¡¡}| |¡|S)z^ Test that the KEX_DH_GEX_REPLY message results in a verified server. r‚rrürþrÃcs*ˆ |¡ˆ ˆj¡ˆ ˆjjˆ¡dSr“rærçrèrrÚ_cbTestKEX_DH_GEX_REPLYqs  z`ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY.._cbTestKEX_DH_GEX_REPLY)rrršr™rOrœr­rrr%ržrŒr£r]rÛr¡Zssh_KEX_DH_GEX_REPLYrà)rr¥r¥rr¦rárrèrÚtest_KEX_DH_GEX_REPLY^s.      ÿþÿ z?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLYcCs,| ¡|j d|jdd¡| tj¡dS)zQ Test that KEX_DH_GEX_REPLY disconnects if the signature is bad. Nr‚ró)rr™Z_continueGEX_REPLYrŒrerrfr8rrrÚ$test_disconnectGEX_REPLYBadSignature€szNClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignaturecCs,dt d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡t d¡dd }|j |¡|j d ¡t t ¡tƒ¡|j_ |jj   ¡|j_ t t ¡tƒ¡}|  ¡}|  ¡  ¡}t ¡|j_d|j_|j t tƒ ¡d ¡¡t |¡t d ¡¡| tj¡d Srõrör÷rrrrø‰sZÿþýüûúùø ÷ ö õ õÿ   ÿ  ÿÿÿzSClientSSHTransportDHGroupExchangeBaseCase.test_disconnectKEX_ECDH_REPLYBadSignatureN) rrrrDrýrrrrørrrrrû;s  " rûc@seZdZdZdS)Ú*ClientSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHClientTransport. Nrarrrrr´src@seZdZdZdS)Ú,ClientSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHClientTransport. Nrarrrrr½src@s`eZdZdZereZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dd„Z dd„ZdS)Ú GetMACTestsz* Tests for L{SSHCiphers._getMAC}. cCst dddd¡|_dS)NrïrÞrðrñ)rrórör8rrrr›ÎszGetMACTests.setUpcCstdƒS)z‚ Generate a new shared secret to be used with the tests. @return: A new secret. @rtype: L{bytes} é@r(r8rrrÚgetSharedSecretÒszGetMACTests.getSharedSecretc Cs€| ¡}|j ||¡}|d|…d|}d dd„t|ƒDƒ¡}d dd„t|ƒDƒ¡} | ||| |f|¡| ||j¡dS)a¸ Check that when L{SSHCiphers._getMAC} is called with a supportd HMAC algorithm name it returns a tuple of (digest object, inner pad, outer pad, digest size) with a C{key} attribute set to the value of the key supplied. @param hmacName: Identifier of HMAC algorithm. @type hmacName: L{bytes} @param hashProcessor: Callable for the hash algorithm. @type hashProcessor: C{callable} @param digestSize: Size of the digest for algorithm. @type digestSize: L{int} @param blockPadSize: Size of padding applied to the shared secret to match the block size. @type blockPadSize: L{int} Nr¹rcss|]}tt|ƒdAƒVqdS)é6N©rUrשrÃÚbrrrrÅõsz+GetMACTests.assertGetMAC..css|]}tt|ƒdAƒVqdS)é\Nr r rrrrÅös)rröÚ_getMACrÌr*rÈrŽ) rZhmacNamer­Ú digestSizeÚ blockPadSizeZsecretÚparamsrŽZinnerPadZouterPadrrrÚ assertGetMACÜs ÿzGetMACTests.assertGetMACcCs|jdtddddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-512"} MAC algorithm name it returns a tuple of (sha512 digest object, inner pad, outer pad, sha512 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-512r©rrN)rr"r8rrrÚtest_hmacsha2512üs ÿzGetMACTests.test_hmacsha2512cCs|jdtddddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-384"} MAC algorithm name it returns a tuple of (sha384 digest object, inner pad, outer pad, sha384 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-384é0éPrN)rr!r8rrrÚtest_hmacsha2384 s ÿzGetMACTests.test_hmacsha2384cCs|jdtddddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-256"} MAC algorithm name it returns a tuple of (sha256 digest object, inner pad, outer pad, sha256 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-256é rN)rr r8rrrÚtest_hmacsha2256 s ÿzGetMACTests.test_hmacsha2256cCs|jdtddddS)a  When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha1"} MAC algorithm name it returns a tuple of (sha1 digest object, inner pad, outer pad, sha1 digest size) with a C{key} attribute set to the value of the key supplied. r·éé,rN)rrr8rrrÚ test_hmacsha1 szGetMACTests.test_hmacsha1cCs|jdtddddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-md5"} MAC algorithm name it returns a tuple of (md5 digest object, inner pad, outer pad, md5 digest size) with a C{key} attribute set to the value of the key supplied. rérrN)rrr8rrrÚ test_hmacmd5' szGetMACTests.test_hmacmd5cCs&| ¡}|j d|¡}| d|¡dS)zŽ When L{SSHCiphers._getMAC} is called with the C{b"none"} MAC algorithm name it returns a tuple of (None, "", "", 0). r¸)NrrrN)rrörrÈ)rrŽrrrrÚ test_none1 szGetMACTests.test_noneN)rrrrDr¨r©r›rrrrrrrrrrrrrÆs       rc@s@eZdZdZereZdd„Zdd„Zdd„Zdd „Z d d „Z d S) ÚSSHCiphersTestsz0 Tests for the SSHCiphers helper class. cCsLt dddd¡}| |jd¡| |jd¡| |jd¡| |jd¡dS)zJ Test that the initializer sets up the SSHCiphers object. rïrÞrðrñN)rrórÈr\r]r_r^)rrörrrÚ test_initF s zSSHCiphersTests.test_initc Csjt dddd¡}d}}|j ¡D]B\}\}}}| |||¡}|dkrV| |tj¡q"| |j|¡q"dS)zM Test that the _getCipher method returns the correct cipher. rïrÞrðrñròr¸N)rróÚ cipherMapr‹rõZassertIsInstanceZ _DummyCipherÚ algorithm) rrör÷rŽrøZalgClassÚkeySizeÚcounterÚciprrrÚtest_getCipherQ szSSHCiphersTests.test_getCipherc Cs<d}tjjD](}tjj|\}}}t |ddd¡}t d|dd¡}| |||¡}|jjd} | ||dddd¡| dd||dd¡|  |j | ¡|  |j | ¡|  ¡} |   |d| …¡} |   |d| …¡} |  | |d| …¡| ¡|  | |d| …¡| ¡|  | | ¡|d| …¡|  | | ¡|d| …¡q dS)z8 Test that setKeys sets up the ciphers. ó@r¸érN)rrrôrór"rõr#Z block_sizer[rÈrLrRÚ encryptorrrPrS) rrŽrøZmodNamer$r%Z encCipherZ decCipherr&Zbsr*ÚencZenc2rrrÚtest_setKeysCiphers_ s, ÿ ÿ z#SSHCiphersTests.test_setKeysCiphersc Csüd}tjj ¡D]æ\}}t dd|d¡}t ddd|¡}| dddd|d¡| ddddd|¡|rn|ƒj}nd}| |j|¡|r˜| ||¡\}}}}d} |} d|} |rÊ||||| ƒ  ¡ƒ  ¡} nd} | |  | | ¡| ¡|  |  | | | ¡¡qdS)z5 Test that setKeys sets up the MACs. r(r¸rrrºN) rróZmacMapr‹r[Z digest_sizerÈr`rr]rXrÑrZ) rrŽZmacNameÚmodZoutMacZinMacZdsÚiÚoÚseqidr>rBÚmacrrrÚtest_setKeysMACsy s( z SSHCiphersTests.test_setKeysMACsc Cs‚dddg}|D]n\}}}t dddd¡}| d|¡|_t d|dd…¡\}|dd…}| |t |  ||¡¡d ||f¡qdS) zŒ L{SSHCiphers.makeMAC} computes the HMAC of an outgoing SSH message with a particular sequence id and content data. )s sHi Theres 9294727a3638bb1c13f48ef8158bfc9d)sJefeswhat do ya want for nothing?s 750c783e6ab0b503eaa86e310a5db738)rµs2ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝs 56be34521d144c88dbb8c733f0e8b3f6r¸rz>LNr6z'Failed HMAC test vector; key=%r data=%r) rrórraÚstructZunpackrÈr×rØrX)rZvectorsrŽr>r1rar0Z shortenedrrrÚ test_makeMAC• s û  ÿ  þzSSHCiphersTests.test_makeMACN) rrrrDr¨r©r!r'r,r2r4rrrrr > s r c@s@eZdZdZereZdd„Zdd„Zdd„Zdd „Z d d „Z d S) ÚTransportLoopbackTestszL Test the server transport and client transport against each other, cs²tƒ}t ¡‰|ˆ_| ¡gˆ_‡fdd„ˆ_t ¡‰dd„ˆ_gˆ_‡fdd„ˆ_‡fdd„ˆ_ t ˆj  ¡  ¡ƒˆ_ |ˆƒ‰|ˆƒ‰‡fdd„}t ˆˆ¡}| |ˆˆ¡|S)zö Run an async client and server, modifying each using the mod function provided. Returns a Deferred called back when both Protocols have disconnected. @type mod: C{func} @rtype: C{defer.Deferred} csˆj ||f¡Sr“r:©ÚcodeZdesc)ÚserverrrråÆ sÿz9TransportLoopbackTests._runClientServer..cSs t d¡Sr“)r%rÙ)rOrŒrrrråÉ rcsˆj ||f¡Sr“r:r6©ÚclientrrråË sÿcsˆ ¡Sr“)rrr9rrråÍ rcsðt|jd|jd|jd|jdgƒ}ˆ |jg¡ˆ |jtjdfg¡|jddkr|ˆ  |  ¡|¡ˆ  |  ¡|¡n ˆ  |  ¡|¡ˆ  |  ¡|¡|jddkr̈  |  ¡|¡ˆ  |  ¡|¡n ˆ  |  ¡|¡ˆ  |  ¡|¡dS)Nrsuser closed connectionr¸) ÚreprrôrÿrýrrÈr3rr7rÐr1rÑr4)Zignoredr8r:rwr8rrÚcheckÒ s( ýþz6TransportLoopbackTests._runClientServer..check)rxrrr r|r3r<rrÚrßÚlistrr rþr&Z loopbackAsyncrà)rr-r r<rár)r:rr8rÚ_runClientServer¸ s(   ÿ  z'TransportLoopbackTests._runClientServercsBg}tjjdgD] ‰‡fdd„}| | |¡¡qtj|ddS)z{ Test that the client and server play nicely together, in all the various combinations of ciphers. r¸cs ˆg|_|Sr“rrr;©ZcipherrrÚ setCipherô sz6TransportLoopbackTests.test_ciphers..setCipherT©ZfireOnOneErrback)rrrôr;r>r%Ú DeferredList)rÚ deferredsr@rr?rÚ test_ciphersí s  z#TransportLoopbackTests.test_cipherscsBg}tjjdgD] ‰‡fdd„}| | |¡¡qtj|ddS)z> Like test_ciphers, but for the various MACs. r¸cs ˆg|_|Sr“rur;©r1rrÚsetMAC sz0TransportLoopbackTests.test_macs..setMACTrA)rrrÿr;r>r%rB)rrCrFrrErÚ test_macsû s  z TransportLoopbackTests.test_macscs<g}tjjD] ‰‡fdd„}| | |¡¡q tj|ddS)zG Like test_ciphers, but for the various key exchanges. cs ˆg|_|Sr“rhr;©r¬rrÚsetKeyExchange sz@TransportLoopbackTests.test_keyexchanges..setKeyExchangeTrA)rrrýr;r>r%rB)rrCrIrrHrÚtest_keyexchanges s   z(TransportLoopbackTests.test_keyexchangescs<g}tjjD] ‰‡fdd„}| | |¡¡q tj|ddS)zF Like test_ciphers, but for the various compressions. cs ˆg|_|Sr“ror;©Z compressionrrÚsetCompression sz@TransportLoopbackTests.test_compressions..setCompressionTrA)rrrr;r>r%rB)rrCrLrrKrÚtest_compressions s   z(TransportLoopbackTests.test_compressionsN) rrrrDr¨r©r>rDrGrJrMrrrrr5° s5  r5c@s8eZdZdZereZdd„Zdd„Zdd„Zdd „Z d S) ÚRandomNumberTestszp Tests for the random number generator L{_getRandomNumber} and private key generator L{_generateX}. cCs dd„}| t |d¡d¡dS)z˜ L{_getRandomNumber} returns an integer constructed directly from the bytes returned by the random byte generator passed to it. cSs t|ƒ|Sr“rT©r>rrrÚrandom1 szARandomNumberTests.test_usesSuppliedRandomFunction..randomriN)rÈrÚ_getRandomNumber©rrPrrrÚtest_usesSuppliedRandomFunction, s  þz1RandomNumberTests.test_usesSuppliedRandomFunctioncCs| ttjdd¡dS)zŽ L{_getRandomNumber} raises L{ValueError} if the number of bits passed to L{_getRandomNumber} is not a multiple of 8. Né )rÚ ValueErrorrrQr8rrrÚtest_rejectsNonByteMultiples: s þz.RandomNumberTests.test_rejectsNonByteMultiplescs:tdƒtdƒtdƒg‰‡fdd„}| t |d¡d¡dS)zã If the random byte generator passed to L{_generateX} produces bytes which would result in 0 or 1 being returned, these bytes are discarded and another attempt is made to produce a larger value. rrHécsˆ d¡|S©Nr©ÚpoprO©ZresultsrrrPK sz4RandomNumberTests.test_excludesSmall..randomr)N©rUrÈrZ _generateXrRrr[rÚtest_excludesSmallD s   þz$RandomNumberTests.test_excludesSmallcs4tdƒtdƒg‰‡fdd„}| t |d¡d¡dS)zø If the random byte generator passed to L{_generateX} produces bytes which would result in C{(2 ** bits) - 1} being returned, these bytes are discarded and another attempt is made to produce a smaller value. rnrcsˆ d¡|SrXrYrOr[rrrPZ sz4RandomNumberTests.test_excludesLarge..randomr)Nr\rRrr[rÚtest_excludesLargeR s   þz$RandomNumberTests.test_excludesLargeN) rrrrDr¨r©rSrVr]r^rrrrrN# s rN)]rDZ __future__rrr×rÀrÍr3Ztwisted.python.reflectrrrr¨Ztwisted.conch.sshrrr r Ztwisted.conch.testr Zcryptography.hazmat.backendsr Z)cryptography.hazmat.primitives.asymmetricr Zcryptography.exceptionsrZhashlibrrr r!r"Ztwistedr#rÉZ twisted.trialr$Ztwisted.internetr%Ztwisted.protocolsr&Ztwisted.pythonr'Ztwisted.python.randbytesr)Ztwisted.python.compatr*r+rUr,r-r.Z twisted.testr/Ztwisted.conch.errorr0rr1ÚobjectrErbZ SSHServicerlrrxrŠrZTestCaserrªr®r±r³r´rVr`rbrcrdr{r~rÁrÑrÒrÓrÜrûrrrr r5rNrrrrÚsÎ            JB'.:     þ þ þ c#x þ þ y þ þ xrs