tfUdZddlZddlZddlZddlZddlZddlmZmZm Z m Z m Z ddl m Z mZmZmZmZddlmZddlmZddlmZmZmZddlmZdd lmZdd lm Z dd l!m"Z"dd l#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*e&dZ+ee,e-d<e+rKdZ.ddl/m0Z0ddl1m2Z2ddl3m4Z4ddl5m6Z6m7Z7ddlm8Z8m9Z9m:Z:m;Z;ddlZ?n-e+sdZ.dZ?GddZ;GddZ9GddZ8d Z@d!ZAGd"d#e;jBZCGd$d%ZDGd&d'ZEGd(d)ejFZGGd*d+e9jHZIGd,d-eIZJGd.d/eIZKd0ZLGd1d2e*ZMGd3d4ZNGd5d6ZOGd7d8ZPGd9d:ZQGd;d<ZRGd=d>eReMZSGd?d@eRZTGdAdBeTeNeMZUGdCdDeTeOeMZVGdEdFeTePeMZWe@GdGdHeTeQeMZXGdIdJZYGdKdLeYZZGdMdNeZeMZ[GdOdPeZZ\GdQdRe\eNeMZ]GdSdTe\eOeMZ^GdUdVeZZ_GdWdXe_ePeMZ`e@GdYdZe_eQeMZaGd[d\eYZbGd]d^ebeMZcGd_d`ebZdGdadbedeNeMZeGdcddedeOeMZfGdedfebZgGdgdhegePeMZhe@GdidjegeQeMZiGdkdle*ZjGdmdne*ZkGdodpe*ZldS)qz5 Tests for ssh/transport.py and the classes therein. N)md5sha1sha256sha384sha512)DictListOptionalTupleType) __version__) ConchError)_kexaddressservice)defer)loopback) randbytes) iterbytesinsecureRandom) requireModule) proto_helpers)TestCase cryptographydependencySkip)UnsupportedAlgorithm)default_backend) serialization)dhec)commonfactorykeys transport)keydatazcan't run without cryptographyFc\eZdZGddZGddZGddZdS)r%ceZdZdS)transport.SSHTransportBaseN__name__ __module__ __qualname__`/var/www/surfInsights/venv3-11/lib/python3.11/site-packages/twisted/conch/test/test_transport.pySSHTransportBaser)2 Dr/r1ceZdZdS)transport.SSHServerTransportNr*r.r/r0SSHServerTransportr45r2r/r5ceZdZdS)transport.SSHClientTransportNr*r.r/r0SSHClientTransportr78r2r/r8N)r+r,r-r1r5r8r.r/r0r%r%1s                          r/r%c(eZdZGddZdS)r#ceZdZdS)factory.SSHFactoryNr*r.r/r0 SSHFactoryr;<r2r/r<N)r+r,r-r<r.r/r0r#r#;s<          r/r#c$eZdZedZdS)r"cdS)Nr/r.)selfargs r0NSz common.NS@s3r/N)r+r,r- classmethodrAr.r/r0r"r"?s-       r/r"c"tsd|_|S)Nz#x25519 not supported on this system)X25519_SUPPORTEDskipfs r0skipWithoutX25519rHEs 76 Hr/cHtjt|||S)z3 Return the MP version of C{(x ** y) % z}. )r"MPpow)xyzs r0_MPpowrOKs 9SAq\\ " ""r/c6eZdZdZdZdZdZdZdZdZ dS) MockTransportBasean A base class for the client and server protocols. Stores the messages it receives instead of ignoring them. @ivar errors: a list of tuples: (reasonCode, description) @ivar unimplementeds: a list of integers: sequence number @ivar debugs: a list of tuples: (alwaysDisplay, message, lang) @ivar ignoreds: a list of strings: ignored data ctj|g|_g|_g|_g|_d|_dS)z, Set up instance variables. N)r%r1connectionMadeerrorsunimplementedsdebugsignoredsgotUnsupportedVersionr?s r0rSz MockTransportBase.connectionMade]sF "11$777    %)"""r/cP||_tj||S)zZ Intercept unsupported version call. @type remoteVersion: L{str} )rXr%r1_unsupportedVersionReceived)r? remoteVersions r0r[z-MockTransportBase._unsupportedVersionReceivedhs, &3")EE -   r/c>|j||fdS)zp Store any errors received. @type reasonCode: L{int} @type description: L{str} NrTappend)r? reasonCode descriptions r0 receiveErrorzMockTransportBase.receiveErrorss% J 455555r/c:|j|dS)zX Store any unimplemented packet messages. @type seqnum: L{int} N)rUr_)r?seqnums r0receiveUnimplementedz&MockTransportBase.receiveUnimplemented|s! ""6*****r/c@|j|||fdS)z Store any debug messages. @type alwaysDisplay: L{bool} @type message: L{str} @type lang: L{str} N)rVr_)r? alwaysDisplaymessagelangs r0 receiveDebugzMockTransportBase.receiveDebugs' M7D9:::::r/c:|j|dS)zG Store any ignored data. @type packet: L{str} N)rWr_r?packets r0 ssh_IGNOREzMockTransportBase.ssh_IGNOREs V$$$$$r/N) r+r,r-__doc__rSr[rbrerjrnr.r/r0rQrQRsx * * *    666+++;;;%%%%%r/rQc`eZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdZd Zd Zd Zd Zd S) MockCipherzH A mocked-up version of twisted.conch.ssh.transport.SSHCiphers. testF)Nr/r/rtr.cd|_t||jzdkrz)generatePredictableKey..Zs& 4 4C1H 4 4 4 4 4 4r/rz p=z g=z x= )pg bit_lengthsumrangerKr DHPrivateNumbersDHPublicNumbersDHParameterNumbers private_keyr dhSecretKey ValueErrorprintr"rJ public_keypublic_numbersrMdhSecretKeyPublicMP)r%rrbitsrLrMs r0generatePredictableKeyrVs3 A A <<>>D 4 4eAtax33 4 4 444A Aq! A " 3 r!!R%:1a%@%@AA! ! +o'' ( (   (Q((A((1((())) %+I((**99;;=%%I!!!s AC%C%c^eZdZUdZdZeeeje d<e re Z dZ dZ dZdS)TransportTestCasez. Base class for transport test cases. Nklasschtj__g_d}td|tj tjj_ fd}j j|j_ dS)Nc d|zS)z; Return a consistent entropy value r.)rxs r0 secureRandomz-TransportTestCase.setUp..secureRandomysS= r/rc@j||fdSN)packetsr_) messageTyperr?s r0stubSendPacketz/TransportTestCase.setUp..stubSendPackets$ L  g 6 7 7 7 7 7r/)rStringTransportr%rprotorpatchrtypes MethodTyper_startEphemeralDHmakeConnectionr)r?rr s` r0setUpzTransportTestCase.setUpts&688ZZ\\   ! ! ! 9nl;;;','7 "DJ( (  $ 8 8 8 8 8 !!$.111 . r/c|d|tj|j|dd|j|_dS)z Deliver enough additional messages to C{proto} so that the key exchange which is started in L{SSHTransportBase.connectionMade} completes and non-key exchange messages can be sent and received. sSSH-2.0-BogoClient-1.2i foosbarN) dataReceiveddispatchMessager% MSG_KEXINIT_A_KEXINIT_MESSAGE _keySetup_KEY_EXCHANGE_NONE_keyExchangeStater?r s r0finishKeyExchangez#TransportTestCase.finishKeyExchanges\ 9::: i3T5LMMM '''#(":r/c|jj|j_g|j_|j||dS)z Finish a key exchange by calling C{_keySetup} with the given arguments. Also do extra whitebox stuff to satisfy that method's assumption that some kind of key exchange has actually taken place. N)r _KEY_EXCHANGE_REQUESTEDr_blockedByKeyExchanger)r? sharedSecret exchangeHashs r0simulateKeyExchangez%TransportTestCase.simulateKeyExchanges; (,z'I $+- ( \<88888r/)r+r,r-rorr r r%r1__annotations__rrErrr"r.r/r0rrjsy9=E8D34 5<<<///.;;;"99999r/rceZdZdZdZeZdS)DHGroupExchangeSHA1Mixinz= Mixin for diffie-hellman-group-exchange-sha1 tests. "diffie-hellman-group-exchange-sha1N)r+r,r-ro kexAlgorithmr hashProcessorr.r/r0r%r%s$9LMMMr/r%ceZdZdZdZeZdS)DHGroupExchangeSHA256Mixinz? Mixin for diffie-hellman-group-exchange-sha256 tests. $diffie-hellman-group-exchange-sha256Nr+r,r-ror'rr(r.r/r0r*r*s$;LMMMr/r*ceZdZdZdZeZdS) ECDHMixinz8 Mixin for elliptic curve diffie-hellman tests. ecdh-sha2-nistp256Nr,r.r/r0r.r.s$)LMMMr/r.ceZdZdZdZeZdS)Curve25519SHA256Mixinz, Mixin for curve25519-sha256 tests. scurve25519-sha256Nr,r.r/r0r1r1s$(LMMMr/r1cDeZdZUdZeZeeej e d<dS)BaseSSHTransportBaseCasez, Base case for TransportBase tests. rN) r+r,r-rorQrr r r%r1r#r.r/r0r3r3s<9JE8D34 5IIIIIr/r3ceZdZdZereZdejdzejdzejdzejdzejdzejdzejdzejdzejdzejdzd zd zZd Z d Z d Z dZ dZ dZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZd Zd!Zd"Z d#Z!d$Z"d%Z#d&Z$d'Z%d(Z&d)Z'd*Z(d+Z)d,Z*d-Z+d.Z,d/Z-d0Z.d1Z/d2Z0d3Z1d4Z2d5Z3d6S)7BaseSSHTransportTestszs Test TransportBase. It implements the non-server/client specific parts of the SSH transport protocol. rr aes256-ctr hmac-sha1noner/c|jddd}||dt jdz|dtdd}dd d tj Dzd z}| ||dS) a Test that the first thing sent over the connection is the version string. The 'softwareversion' part must consist of printable US-ASCII characters, with the exception of whitespace characters and the minus sign. RFC 4253, section 4.2.  rtrsSSH-2.0-Twisted_asciizSSH-2.0-Nz^(|c3rK|]2}|dk|tj|V3dS)-N)isspacereescape)rcs r0rz9BaseSSHTransportTests.test_sendVersion..sC!"!s((199;;( ! ((((r/z)*$) r%valuesplit assertEqualtwisted_versionencodedecoderxjoinstring printable assertRegex)r?versionsoftwareVersionsoftwareVersionRegexs r0test_sendVersionz&BaseSSHTransportTests.test_sendVersions.&&((..w::1= "58Nw8W8W"WXXX!..11#j//2C2CD hh&,&6     *>?????r/ct}||j|d|d|d||jj|d||jj|d|jdS)z When the peer is not sending its SSH version but keeps sending data, the connection is disconnected after 4KB to prevent buffering too much and running our of memory. sSSH-2-Server-Identifiers1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890s1235678s1234567s%Preventing a denial of service attackN) rQrr%r assertFalse disconnecting assertTrueassertInrFr?suts r0'test_dataReceiveVersionNotSentMemoryDOSz=BaseSSHTransportTests.test_dataReceiveVersionNotSentMemoryDOSs  !! 4>*** 3444 ,--- $$$ 5666 $$$ 4555 >@T@T@V@VWWWWWr/c^t}||j|||jt d}d}||||j}||ddS)a@ Test that plain (unencrypted, uncompressed) packets are sent correctly. The format is:: uint32 length (including type and padding length) byte padding length byte type bytes[length-padding length-2] data bytes[padding length] padding ABCDEFGs ABCDEFGN) rQrr%rclearordrrFrH)r?r rhrrFs r0test_sendPacketPlainz*BaseSSHTransportTests.test_sendPacketPlains"## T^,,, u%%% c(( '***$$&&  NOOOOOr/ct}||j||t x|_}t d}d}|j|||| |j |j }| |ddS)z Test that packets sent while encryption is enabled are sent correctly. The whole packet should be encrypted. r]BCs ABCN) rQrr%rrqcurrentEncryptionsr`r_rrWrwrFrHr?r  testCipherrhrrFs r0test_sendPacketEncryptedz.BaseSSHTransportTests.test_sendPacketEncrypted-s "## T^,,, u%%%0: < :c((  '***  .///$$&&    r/c|t}||j||t |_|j|tdd|j }| |ddS)z Test that packets sent while compression is enabled are sent correctly. The packet type and data should be encrypted. r]Bs BAfN) rQrr%rroutgoingCompressionr_rr`rFrH)r?r rFs r0test_sendPacketCompressedz/BaseSSHTransportTests.test_sendPacketCompressedJs "## T^,,, u%%%$3$5$5!  S4((($$&&  P     r/ct}||j||t x|_}t |_td}d}|j | ||| |j |j }||ddS)z Test that packets sent while compression and encryption are enabled are sent correctly. The packet type and data should be compressed and then the whole packet should be encrypted. r]rcs CBAfN)rQrr%rrqrdrrjr`r_rrWrwrFrHres r0test_sendPacketBothz)BaseSSHTransportTests.test_sendPacketBothZs "## T^,,, u%%%0: < :$3$5$5!c((  '***  .///$$&&    r/ct}||j|||j|t dd|jdz|_| | d| |jddS)zt Test that packets are retrieved correctly out of the buffer when no encryption is enabled. r]rcsextrasABCN) rQrr%rr_rr`rFbufrH getPacketrs r0test_getPacketPlainz)BaseSSHTransportTests.test_getPacketPlainys "## T^,,, u%%%  S5)))N((**X5  **F333 H-----r/ct}d|_||j|jt x|_}|tdd|j }|dt j |_ | | ||j||jd|xj |t j dz c_ || d||j ddS)zl Test that encrypted packets are retrieved correctly. See test_sendPacketEncrypted. cdSrr.r.r/r0z?BaseSSHTransportTests.test_getPacketEncrypted..Dr/r]BCDNs AABCDr/)rQ sendKexInitrr%r_rqrdrr`rFrro assertIsNonerprWrrHfirst)r?r rfrFs r0test_getPacketEncryptedz-BaseSSHTransportTests.test_getPacketEncrypteds@ "##(L T^,,, 0: < : S6***$$&&3J334  %//++,,,  ./// &>??? U:24455  **G444 C(((((r/ct}||j|||jt |_|j|_|tdd|j |_ | | ddS)zo Test that compressed packets are retrieved correctly. See test_sendPacketCompressed. r]rvrwN)rQrr%rr_rrjincomingCompressionrr`rFrorHrprs r0test_getPacketCompressedz.BaseSSHTransportTests.test_getPacketCompresseds "## T^,,, u%%% $3$5$5!$)$=! S6***N((**  **G44444r/ct}d|_||j|jt |_t|_|j|_ | tdd|j |_ ||ddS)zv Test that compressed and encrypted packets are retrieved correctly. See test_sendPacketBoth. cdSrr.r.r/r0rtz:BaseSSHTransportTests.test_getPacketBoth..rur/r]r^sABCDEFGN)rQrxrr%r_rqrdrrjr}rr`rFrorHrprs r0test_getPacketBothz(BaseSSHTransportTests.test_getPacketBoths "##(L T^,,, #-<< $3$5$5!$)$=! S9---N((**  **J77777r/ctjdddd}dx}}|jjD],}|||||-dS)z? Test that all the supportedCiphers are valid. AriCDN)r% SSHCiphersr supportedCiphersrW _getCipher)r?ciphersivrcipNames r0test_ciphersAreValidz*BaseSSHTransportTests.test_ciphersAreValidsm&tT4>>Sz2 B BG OOG..wC@@ A A A A B Br/c |jddd}||j_|j}||ddttjf||dddtj |ddd\ }}}}}}} } } } } ||d |jj d gz||d |jj ||d |jj||d |jj||d |jj||d |jj|| d |jj|| d |jj|| d |jj|| d |jj|| d dS) a Test that the KEXINIT (key exchange initiation) message is sent correctly. Payload:: bytes[16] cookie string key exchange algorithms string public key algorithms string outgoing ciphers string incoming ciphers string outgoing MACs string incoming MACs string outgoing compressions string incoming compressions bool first packet follows uint32 0 r=rtrsN ,s ext-info-ss)r%rFrGr rorprHrrr"getNSrLsupportedKeyExchangessupportedPublicKeysr supportedMACssupportedCompressionssupportedLanguages)r?rFrm keyExchangespubkeysciphers1ciphers2macs1macs2 compressions1 compressions2 languages1 languages2ros r0test_sendKexInitz&BaseSSHTransportTests.test_sendKexInits $$&&,,Wa88; %%'' !eY-B,D&E&EFFF "|444 Lb ) )             $))DJ$D $VWW    $))DJ,J"K"KLLL 499TZ-H#I#IJJJ 499TZ-H#I#IJJJ  $**B C CDDD  $**B C CDDD  $*2R(S(STTT  $*2R(S(STTT TYYtz/L%M%MNNN TYYtz/L%M%MNNN k*****r/c|j|jtj|j||jgdS)zy Immediately after connecting, the transport expects a KEXINIT message and does not reply to it. N)r%r_r rrrrHrrYs r0test_receiveKEXINITReplyz.BaseSSHTransportTests.test_receiveKEXINITReplysT  ""9#8$:QRRR r*****r/cT||j|jdd=|jtj|j|t|jd||jddtjdS)z When a KEXINIT message is received which is not a reply to an earlier KEXINIT message which was sent, a KEXINIT reply is sent. Nrtr) rr rrr%rrrHrxrYs r0test_sendKEXINITReplyz+BaseSSHTransportTests.test_sendKEXINITReplys tz*** LO ""9#8$:QRRR T\**A... a+Y-BCCCCCr/cP|t|jjdS)a( A new key exchange cannot be started while a key exchange is already in progress. If an attempt is made to send a I{KEXINIT} message using L{SSHTransportBase.sendKexInit} while a key exchange is in progress causes that method to raise a L{RuntimeError}. N) assertRaisesrzr rxrYs r0test_sendKexInitTwiceFailsz0BaseSSHTransportTests.test_sendKexInitTwiceFails s% , (>?????r/c&tjtjg}|j|j`|D]J}|j|d||jdK||jt|j_ |j ||j dddS)z After L{SSHTransportBase.sendKexInit} has been called, messages types other than the following are queued and not sent until after I{NEWKEYS} is sent by L{SSHTransportBase._keySetup}. RFC 4253, section 7.1. rr/N) r%MSG_SERVICE_REQUESTrr_r rrHrFrrqnextEncryptions_newKeyscount)r?disallowedMessageTypesrs r0test_sendKexInitBlocksOthersz2BaseSSHTransportTests.test_sendKexInitBlocksOtherss  )  !"   J !1 : :K J ! !+v 6 6 6   T^1133S 9 9 9 9 tz***&0\\ "  --//55f==qAAAAAr/cNd|j_|jddg||jt jdtjdztjdztjdztjdzfgd S) ze Test that EXT_INFO messages are sent correctly. See RFC 8308, section 2.3. Tserver-sig-algsssh-rsa,rsa-sha2-256) elevationdrrrrN) r _peerSupportsExtensions sendExtInforHrr% MSG_EXT_INFOr"rArYs r0test_sendExtInfoz&BaseSSHTransportTests.test_sendExtInfo6s .2 * =$     L*'i 2334i 7889i --.ioo &  r/cr|jdg||jgdS)z If the peer has not advertised support for extension negotiation, no EXT_INFO message is sent, since RFC 8308 only guarantees that the peer will be prepared to accept it if it has advertised support. rN)r rrHrrYs r0test_sendExtInfoUnsupportedz1BaseSSHTransportTests.test_sendExtInfoUnsupportedPs<  MNOOO r*****r/c>|jtjdt jdzt jdzt jdzt jdz||jjddddS)z When an EXT_INFO message is received, the transport stores a mapping of the peer's advertised extensions. See RFC 8308, section 2.3. rr!ssh-rsa,rsa-sha2-256,rsa-sha2-512no-flow-controls)rrN)r rr%rr"rArHpeerExtensionsrYs r0 test_EXT_INFOz#BaseSSHTransportTests.test_EXT_INFOYs ""  " i*++ ,i<== >i*++ ,ioo       J %$H$(       r/c|jddd||jtjdfgdS)z Test that debug messages are sent correctly. Payload:: bool always display string debug message string language rrTentestenN)r  sendDebugrHrr% MSG_DEBUGrYs r0test_sendDebugz$BaseSSHTransportTests.test_sendDebugnsT WdE222  L!#P Q R     r/c|jtjd|jtjd||jjddgdS)zW Test that debug messages are received correctly. See test_sendDebug. rssilenten)Trrr)FssilentrN)r rr%rrHrVrYs r0test_receiveDebugz'BaseSSHTransportTests.test_receiveDebug{s ""  !N    ""  !P     J  68QR     r/c|jd||jtjdfgdS)zk Test that ignored messages are sent correctly. Payload:: string ignored data rrstestN)r  sendIgnorerHrr% MSG_IGNORErYs r0test_sendIgnorez%BaseSSHTransportTests.test_sendIgnoresO g&&&  LI02IJK     r/c|jtjd||jjdgdS)zb Test that ignored messages are received correctly. See test_sendIgnore. rrN)r rr%rrHrWrYs r0test_receiveIgnorez(BaseSSHTransportTests.test_receiveIgnoresB ""9#7AAA ,wi88888r/c|j||jtjdfgdS)zt Test that unimplemented messages are sent correctly. Payload:: uint32 sequence number r;N)r sendUnimplementedrHrr%MSG_UNIMPLEMENTEDrYs r0test_sendUnimplementedz,BaseSSHTransportTests.test_sendUnimplementedsM $$&&&  LI79LMN     r/c|jtjd||jjdgdS)zo Test that unimplemented messages are received correctly. See test_sendUnimplemented. srN)r rr%rrHrUrYs r0test_receiveUnimplementedz/BaseSSHTransportTests.test_receiveUnimplementedsC ""9#>@STTT 2SE:::::r/cdgfd}||j_|jdd||jtjdfg|ddS)z Test that disconnection messages are sent correctly. Payload:: uint32 reason code string reason description string language Fcdd<dSNTrr. disconnectedsr0stubLoseConnectionzEBaseSSHTransportTests.test_sendDisconnect..stubLoseConnection"LOOOr/rrrstestrN)r%loseConnectionr sendDisconnectrHrMSG_DISCONNECTrWr?rrs @r0test_sendDisconnectz)BaseSSHTransportTests.test_sendDisconnectsw  # # # # #);% !!$000  L,K      Q(((((r/cdgfd}||j_|jtjd||jjdg|ddS)zl Test that disconnection messages are received correctly. See test_sendDisconnect. Fcdd<dSrr.rsr0rzHBaseSSHTransportTests.test_receiveDisconnect..stubLoseConnectionrr/s testrrrrN)r%rr rrrHrTrWrs @r0test_receiveDisconnectz,BaseSSHTransportTests.test_receiveDisconnects w  # # # # #);% ""  $&M    *^,<===  Q(((((r/cZdgfd}||j_|j|j||jj||jj|jj |ddS)ze Test that dataReceived parses packets and dispatches them to ssh_* methods. Fcdd<dSrr.)rmkexInits r0 stubKEXINITz.stubKEXINITsGAJJJr/rN) r  ssh_KEXINITrr%rFrW gotVersionrHourVersionStringotherVersionString)r?rrs @r0test_dataReceivedz'BaseSSHTransportTests.test_dataReceiveds '     "-   4 4 6 6777  -... 4dj6STTT  #####r/cXt}|j|||jj|||j|jdd||jdgt}|j|||j||j |j d||j dS)z Test that the transport can set the running service and dispatches packets to the service's packetReceived method. rrrrN) rr  setServicerHrrWrrrrconnectionLost)r?rservice2s r0 test_servicez"BaseSSHTransportTests.test_services -- g&&& +W555 ((( ""4111 '8999== h''' ())) ((( !!$''' ()))))r/cdgfd}||j_d|j_|jd|ddS)zP Test that the transport notifies the avatar of disconnections. Fcdd<dSrr.rsr0logoutz1BaseSSHTransportTests.test_avatar..logoutrr/TNr)r logoutFunctionavatarrrW)r?rrs @r0 test_avatarz!BaseSSHTransportTests.test_avatarsmw  # # # # #%+ !   !!$'''  Q(((((r/c||jd||jd||jdt|j_||jd||jd||jdt jdddd|j_||jd||jd||jd|t|jjddS)zS Test that the transport accurately reflects its encrypted status. inoutbothr9badN) rUr  isEncryptedrqrdrWr%rr TypeErrorrYs r0test_isEncryptedz&BaseSSHTransportTests.test_isEncrypted s //55666 //66777 //77888(2  %  ..t44555  ..u55666  ..v66777(1(< Wgw) )  % //55666 //66777 //77888 )TZ%;UCCCCCr/c||jd||jd||jdt|j_||jd||jd||jdt jdddd|j_||jd||jd||jd|t|jjddS)zR Test that the transport accurately reflects its verified status. rrrr9rN) rUr  isVerifiedrqrdrWr%rrrrYs r0test_isVerifiedz%BaseSSHTransportTests.test_isVerifieds ..t44555 ..u55666 ..v66777(2  %  --d33444  --e44555  --f55666(1(< Wgw) )  % ..t44555 ..u55666 ..v66777 )TZ%:EBBBBBr/cRdgfd}||j_|j||jddtj||jddddt tjfdS)zh Test that loseConnection sends a disconnect message and closes the connection. Fcdd<dSrr.rsr0rzEBaseSSHTransportTests.test_loseConnection..stubLoseConnection9rr/rrtrrN)r%rr rHrrrDISCONNECT_CONNECTION_LOSTrs @r0test_loseConnectionz)BaseSSHTransportTests.test_loseConnection2s w  # # # # #);% !!### a+Y-EFFF  LOA qs #UI,P+R%S%S     r/cTfd}|d|d|ddS)zU Test that the transport disconnects when it receives a bad version. cg_dj_dgfd}|j_t |dzD]}j|djddtj jddddttj fdS)NFcdd<dSrr.rsr0rzRBaseSSHTransportTests.test_badVersion..testBad..stubLoseConnectionMs"& Qr/r=rrtrr) rr rr%rrrrWrHrr)DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED)rPrrErr?s @r0testBadz6BaseSSHTransportTests.test_badVersion..testBadHsDL$)DJ !!7L ' ' ' ' '-?DN )w011 + + ''**** OOLO , , ,   T\!_Q/1I J J J    Q"1Q3'yJLMM     r/sSSH-1.5-OpenSSHsSSH-3.0-TwistedsGET / HTTP/1.1Nr.)r?rs` r0test_badVersionz%BaseSSHTransportTests.test_badVersionCsW      $ "###"###!"""""r/c4ttjdjzdz}fdt |D|j|j jdS)zV Test that the transport ignores data sent before the version string. s5here's some stuff beforehand here's some other stuff r=c:g|]}|Sr.)r)rrEr s r0 z@BaseSSHTransportTests.test_dataBeforeVersion..ks'8881  A  888r/N) rQrrr rrrWrrHr)r?datar s @r0test_dataBeforeVersionz,BaseSSHTransportTests.test_dataBeforeVersion^s"## ]:<<=== $ %    9888 $8888 ())) 153IJJJJJr/ct}|tj|d||j||jddS)zw Test that the transport treats the compatibility version (1.99) as equivalent to version 2.0. sSSH-1.99-OpenSSH sSSH-1.99-OpenSSHN rQrrr rrWrrHrrs r0test_compatabilityVersionz/BaseSSHTransportTests.test_compatabilityVersionosv "## ]:<<=== 0111 ())) 13FGGGGGr/ct}|tj|d||j||jddS)z It can parse the SSH version string even when it ends only in Unix newlines (CR) and does not follows the RFC 4253 to use network newlines (CR LF). s,SSH-2.0-PoorSSHD Some-comment here more-datas"SSH-2.0-PoorSSHD Some-comment hereNrrYs r0&test_dataReceivedSSHVersionUnixNewlinezSSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) more-datas3SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) NrrYs r0)test_dataReceivedSSHVersionTrailingSpacesz?BaseSSHTransportTests.test_dataReceivedSSHVersionTrailingSpacess !! =8::;;;  S    '''   " B     r/ct}d|_|tj|d||jdS)z If an unusual SSH version is received and is included in C{supportedVersions}, an unsupported version error is not emitted. )9.99SSH-9.99-OpenSSH N)rQsupportedVersionsrrr rrUrXrs r0 test_supportedVersionsAreAllowedz6BaseSSHTransportTests.test_supportedVersionsAreAllowedsf "##", ]:<<=== 0111 455555r/ct}d|_|tj|d|d|jdS)z If an unusual SSH version is received and is not included in C{supportedVersions}, an unsupported version error is emitted. )s2.0r rN)rQr!rrr rrHrXrs r06test_unsupportedVersionsCallUnsupportedVersionReceivedzLBaseSSHTransportTests.test_unsupportedVersionsCallUnsupportedVersionReceivedsh "##"+ ]:<<=== 0111 %"=>>>>>r/ctjffd }|d|djj}t j_|dtjdjj_|d|j_tj_d}|jj_ |dtj  d S) zi Test that the transport disconnects with an error when it receives bad packets. cg_|j_jt jdjddtjjddddt|fdS)Nrtrrr) rr roryrprHrxr%rr)rmerrorr?s r0rz6BaseSSHTransportTests.test_badPackets..testBadsDL#DJN   dj2244 5 5 5   S.. 2 2 2   T\!_Q/1I J J J   T\!_Q/!4eUHoo F F F F Fr/ss BCDEs AB123456c|ddSrr.)rLs r0rtz7BaseSSHTransportTests.test_badPackets..s!CRC&r/sBCDEFGHIJKc td)Nzbad compression) Exception)rs r0stubDecompressz=BaseSSHTransportTests.test_badPackets..stubDecompresss-.. .r/s BCDEN) r%DISCONNECT_PROTOCOL_ERRORr rdrqDISCONNECT_MAC_ERRORrrr}rDISCONNECT_COMPRESSION_ERRORflushLoggedErrors)r?roldEncryptionsr+s` r0test_badPacketsz%BaseSSHTransportTests.test_badPacketss #,"E G G G G G G  +,,,6(2  % +Y-K   1A0@ %-1222(6 %)8):): & / / /5C &1 '  2         r/c jj}|ffd }jdd|dtjd<jdd|jdd|jt jdd|jdd|d S) zj Test that unimplemented packet types cause MSG_UNIMPLEMENTED packets to be sent. cjddtjjddddt |fgj_|dz }dS)Nrrtrr)rHrr%rrr )rdr?s r0checkUnimplementedzKBaseSSHTransportTests.test_unimplementedPackets..checkUnimplementedsr   T\!_Q/1L M M M   T\!_Q/!4eVI6F6F G G G!#DJ  aKFFFr/(r/s MSG_fiction)<FrN)r rrr%messagesrr)r?rdr4s` r0test_unimplementedPacketsz/BaseSSHTransportTests.test_unimplementedPacketss" 2&,       ""2s+++!/ 2 ""2s+++ ""2s+++ kmm,,, ""2s+++ ""2s+++r/c2|j}||jt |_t |_t |_| tt}| tj|d||j|j||j|j||j|j||j|j||j|j||j|jdS)zD Test that multiple instances have distinct states. r/N)r rr%rFrqrdrrjr}rrrQrrr rassertNotEqualrrrr)r?r proto2s r0test_multipleClassesz*BaseSSHTransportTests.test_multipleClassessT  4>//11222#-<< $3$5$5!$3$5$5! '''"$$m;==>>># E,f.?@@@ EOV-=>>> E8&:WXXX E8&:WXXX E4f6OPPP EM6>:::::r/N)4r+r,r-rorrEr"rArrSr[rargrkrmrqr{r~rrrrrrrrrrrrrrrrrrrrrrrr rrrrrr"r$r1r:r>r.r/r0r5r5s   &)2 3 3 4 &)J    &)M " " # &)M " "  # &)L ! !  " &)L ! !  " &)G    &)G    &)C..  &)C..      @@@.XXX,PPP(   :      > . . .)))( 5 5 5888 BBB/+/+/+b+++ D D D@@@"B"B"BH   4+++   *           999   ;;;)))2)))"$$$ ***( ) ) )DDD(CCC(   "###6KKK" H H H X X X   . 6 6 6 ? ? ?"!"!"!H4;;;;;r/r5ceZdZdZdZdS)'BaseSSHTransportDHGroupExchangeBaseCasez@ Diffie-Hellman group exchange tests for TransportBase. c(|j|j_d|j_|d|jjz}|d|z}|d|z|z}|d|z|z|z}||jddd||z|z|zdS)z? Test that _getKey generates the correct keys. EFsABCDKrwKABCDN)r'r kexAlg sessionIDr(digestrH_getKey)r?k1k2k3k4s r0 test_getKeyz3BaseSSHTransportDHGroupExchangeBaseCase.test_getKey s!- $     4tz7K K L L S S U U   " - - 4 4 6 6   " r 1 2 2 9 9 ; ;   " r 1B 6 7 7 > > @ @ ++D%??b2PRARSSSSSr/N)r+r,r-rorNr.r/r0r@r@s2 T T T T Tr/r@ceZdZdZdS)(BaseSSHTransportDHGroupExchangeSHA1TestszE diffie-hellman-group-exchange-sha1 tests for TransportBase. Nr+r,r-ror.r/r0rPrPr/rPceZdZdZdS)*BaseSSHTransportDHGroupExchangeSHA256TestszG diffie-hellman-group-exchange-sha256 tests for TransportBase. NrQr.r/r0rTrT# r/rTceZdZdZdS)"BaseSSHTransportEllipticCurveTestsz4 ecdh-sha2-nistp256 tests for TransportBase NrQr.r/r0rWrW-rRr/rWceZdZdZdS)%BaseSSHTransportCurve25519SHA256Testsz3 curve25519-sha256 tests for TransportBase NrQr.r/r0rYrY5r/rYcLeZdZdZd dZd dZdZdZdZdZ d Z d Z d Z dS) #ServerAndClientSSHTransportBaseCasezF Tests that need to be run on both the server and the client. Nc| tj}||jddtj||jddddt |fdS)zI Helper function to check if the transport disconnected. Nrrrtrr)r%r,rHrrrrs r0checkDisconnectedz5ServerAndClientSSHTransportBaseCase.checkDisconnectedCso <6D b)!,i.FGGG b)!,QqS15$>>BBBBBr/c<| tj}|}|||t j|j|j|r| ||S)zy Helper function to connect a modified protocol to the test protocol and test for disconnection. ) r%DISCONNECT_KEY_EXCHANGE_FAILEDrrrr r rrFr^)r?protoModificationrr=s r0connectModifiedProtocolz;ServerAndClientSSHTransportBaseCase.connectModifiedProtocolLs <;D&!!!m;==>>>  0 6 6 8 8999  )  " "4 ( ( ( r/c6d}||dS)z` Test that the transport disconnects if it can't match the key exchange cg|_dSrrr=s r0blankKeyExchangesz\ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex..blankKeyExchangesa+-F ( ( (r/Nrb)r?rgs r0test_disconnectIfCantMatchKexzAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex[s.  . . . $$%677777r/c6d}||dS)zP Like test_disconnectIfCantMatchKex, but for the key algorithm. cg|_dSr)rrfs r0blankPublicKeysz]ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlg..blankPublicKeysks)+F & & &r/Nri)r?rms r0 test_disconnectIfCantMatchKeyAlgzDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlgfs-  , , , $$_55555r/c6d}||dS)zN Like test_disconnectIfCantMatchKex, but for the compression. cg|_dSrrrfs r0blankCompressionszdServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompression..blankCompressionsurhr/Nri)r?rrs r0%test_disconnectIfCantMatchCompressionzIServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompressionps.  . . . $$%677777r/c6d}||dS)zM Like test_disconnectIfCantMatchKex, but for the encryption. cg|_dSrrrfs r0 blankCipherszZServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipher..blankCipherss&(F # # #r/Nri)r?rws r0 test_disconnectIfCantMatchCipherzDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipherzs-  ) ) ) $$\22222r/c6d}||dS)zF Like test_disconnectIfCantMatchKex, but for the MAC. cg|_dSrrrfs r0 blankMACszTServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMAC..blankMACss#%F r/Nri)r?r|s r0test_disconnectIfCantMatchMACzAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMACs-  & & & $$Y/////r/c||jtj|jjdS)z Test that the transport's L{getPeer} method returns an L{SSHTransportAddress} with the L{IAddress} of the peer. N)rHr getPeerrSSHTransportAddressr%rYs r0 test_getPeerz0ServerAndClientSSHTransportBaseCase.test_getPeerV  J    ' (<(D(D(F(F G G     r/c||jtj|jjdS)z Test that the transport's L{getHost} method returns an L{SSHTransportAddress} with the L{IAddress} of the host. N)rHr getHostrrr%rYs r0 test_getHostz0ServerAndClientSSHTransportBaseCase.test_getHostrr/r) r+r,r-ror^rbrjrnrsrxr}rrr.r/r0r\r\>sCCCC     8 8 8666888333000        r/r\cZeZdZUdZejZeeej e d<dZ dZ dS)ServerSSHTransportBaseCasez1 Base case for SSHServerTransport tests. rct|t|j_|jjdSr)rrrr r# startFactoryrYs r0rz ServerSSHTransportBaseCase.setUpsA%%%(]]  '')))))r/ct||jj|j`dSr)rtearDownr r# stopFactoryrYs r0rz#ServerSSHTransportBaseCase.tearDowns;""4((( &&((( J   r/N) r+r,r-ror%r5rr r r1r#rrr.r/r0rrsa9B8TE8D34 5TTT*** r/rc~eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdS)ServerSSHTransportTestsz' Tests for SSHServerTransport. cRtjtjtjtjtjtjtjtjd|jj _ tjtj tjtj tjtj tjtjd|jj _||jd|jj j d|jj jdf||jd|jj j d|jj jdf||jd|jj j d|jj jdf||jd|jj j d|jj jdf||jd|jj j d|jj jdf||jd|jj j d|jj jdf|t&|jjdd S) z L{transport.SSHServerTransport._getHostKeys} returns host keys from the factory, looked up by public key signature algorithm. )rssh-dssecdsa-sha2-nistp256 ssh-ed25519r rsa-sha2-256 rsa-sha2-512rrrsecdsa-sha2-nistp384N)r$rrr&rrpublicECDSA_opensshpublicEd25519_opensshr r# publicKeysrrprivateECDSA_opensshprivateEd25519_openssh_new privateKeysrH _getHostKeysrKeyErrorrYs r0test__getHostKeysz)ServerSSHTransportTests.test__getHostKeyss ++G,EFF++G,EFF$(H$7$78S$T$T H//0MNN ) )  %++G,FGG++G,FGG$(H$7$78T$U$U H//0RSS * *  &  J # #J / / "-j9 ".z:      J # #O 4 4 "-j9 ".z:      J # #O 4 4 "-j9 ".z:      J # #J / / "-j9 ".z:      J # #$: ; ; "-.DE "./EF      J # #N 3 3 "-n= ".~>     (DJ$;=STTTTTr/ch|jd||jjd||jjd||jjd||jjd||jj|jj }||j d||j d||j d||j ddS)z Receiving a KEXINIT packet listing multiple supported algorithms will set up the first common algorithm found in the client's preference list. s SSH-2.0-Twisted bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256ssh-dss,ssh-rsaaes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbcaes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbchmac-md5,hmac-sha1hmac-md5,hmac-sha1 none,zlib none,zlibr&rr9s aes128-ctrhmac-md5N)r rrHrFkeyAlgoutgoingCompressionTypeincomingCompressionTyperUrrrrrrr?nes r0test_KEXINITMultipleAlgorithmsz6ServerSSHTransportTests.test_KEXINITMultipleAlgorithmss  (   $ *,QRRR *J777 ;WEEE ;WEEE ;<<< Z '  666 }555  444 {33333r/cldtjdztjdztjdztjdztjdztjdztjdztjdztjdztjdzdzd z}|j|||jjd ||jjd S) z If the client sends "ext-info-c" in its key exchange algorithms, then the server notes that the client supports extension negotiation. See RFC 8308, section 2.1. rs/diffie-hellman-group-exchange-sha256,ext-info-crr7r8r9r/r:r;r+N)r"rAr rrHrFrWrr? kexInitPackets r0 test_KEXINITExtensionNegotiationz8ServerSSHTransportTests.test_KEXINITExtensionNegotiations3 iJKK Li ## $i && 'i &&  ' i %%  & i %%  &i   !i   !inn inn  " "  }--- *,STTT  :;;;;;r/cdddd|jjddd|jj|jj|jj|jj|jj|jj|jj|jj|jjf DDzdz}|j|| |jj |j d| |jj |j d | |jj ||jgd |j_ |jd | |jj ||jgdS) a< The client is allowed to send a guessed key exchange packet after it sends the KEXINIT packet. However, if the key exchanges do not match, that guess packet must be ignored. This tests that the packet is ignored in the case of the key exchange method not matching. rr/c6g|]}tj|Sr.r"rArs r0rzEServerSSHTransportTests.test_ignoreGuessPacketKex..?0 ! r/c8g|]}d|SrrLrrMs r0rzEServerSSHTransportTests.test_ignoreGuessPacketKex..A2""" !!IIaLL"""r/Nr testT rLr rrrrrrrrWignoreNextPacket ssh_DEBUGssh_KEX_DH_GEX_REQUEST_OLDrUrHrssh_KEX_DH_GEX_REQUESTrs r0test_ignoreGuessPacketKexz1ServerSSHTransportTests.test_ignoreGuessPacketKex3s ""!% @2 F $ > $ ; $ ; $ 8 $ 8 $ @ $ @ $ = $ = &""" .'/ ( 4 }---  3444 HIII  3444 --.ABBB 4555 r***&* # ))*ABBB 4555 r*****r/cdddd|jj|jjddd|jj|jj|jj|jj|jj|jj|jj|jjf DDzdz}|j|| |jj |j d| |jj |j d | |jj ||jgd |j_ |jd | |jj ||jgdS) zk Like test_ignoreGuessPacketKex, but for an incorrectly guessed public key format. rr/c6g|]}tj|Sr.rrs r0rzEServerSSHTransportTests.test_ignoreGuessPacketKey..lrr/c8g|]}d|Srrrs r0rzEServerSSHTransportTests.test_ignoreGuessPacketKey..nrr/NrrrrTrrrs r0test_ignoreGuessPacketKeyz1ServerSSHTransportTests.test_ignoreGuessPacketKeycs ""!% @ $ >ttt D $ ; $ ; $ 8 $ 8 $ @ $ @ $ = $ = &""" .'/ ( 4 }---  3444 HIII  3444 --.ABBB 4555 r***&* # ))*ABBB 4555 r*****r/c|g|j_|g|j_|j|j|j|\}}tj|\}}t|d|}|j tj |tj tjd|dzzd} t|jj| |jj} ||jj| t|| |jj} t)} | tj|jjdz| tj|jjdz| tj|| tj || | | | | } || |}||jtjtj|| ztj|zftjdfgdS) a Test that the KEXDH_INIT packet causes the server to send a KEXDH_REPLY with the server's public key and a signature. @param kexAlgorithm: The key exchange algorithm to use. @type kexAlgorithm: L{bytes} @param keyAlgorithm: The public key signature algorithm to use. @type keyAlgorithm: L{bytes} @param bits: The bit length of the DH modulus. @type bits: L{int} irrr signatureTyper/N)r rrrr%rFrrrrKrr"rJgetMPrArOrrrHrrupdaterourKexInitPayloadrrHsignrMSG_KEXDH_REPLY MSG_NEWKEYS)r?r' keyAlgorithmr pubHostKey privHostKeyrrerMrGr hr! signatures r0assertKexDHInitResponsez/ServerSSHTransportTests.assertKexDHInitResponsesW-9> (*6 &  4 4 6 6777"&*"9"9,"G"G K*<881 4OO --fill;;; L7dai#899 : :1 = 4:<DJL 1 1 7;;;aDJL11 FF 4:677!;<<< 4:7881<=== :??,,--... 1   xxzz $$\$NN   L-Ijoo//0014vy7K7KK&,   r/cd|j_d|j_|t|jjt jddS) Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message and the key exchange algorithm is not set, we raise a ConchError. s bad-curvers unused-keyN)r rFrrr_ssh_KEX_ECDH_INITr"rArYs r0%test_checkBad_KEX_ECDH_INIT_CurveNamez=ServerSSHTransportTests.test_checkBad_KEX_ECDH_INIT_CurveNamesR ) &   J ) Im $ $     r/cVdtjdztjdztjdztjdztjdztjdztjdztjdztjdztjdzdzd z}|j||t |t d S) zy Test that if the server received a bad name for a curve we raise an UnsupportedAlgorithm error. r6r/rr7r8r9r/r:r;N)r"rAr rrAttributeErrorr)r?kexmsgs r0 test_checkBad_KEX_INIT_CurveNamez8ServerSSHTransportTests.test_checkBad_KEX_INIT_CurveNames( i-.. /i ## $i && 'i &&  ' i %%  & i %%  &i   !i   !inn inn  " "  v&&& .))) ./////r/c4|ddddS)z KEXDH_INIT messages are processed when the diffie-hellman-group14-sha1 key exchange algorithm and the ssh-rsa public key signature algorithm are requested. rrrNrrYs r0test_KEXDH_INIT_GROUP14z/ServerSSHTransportTests.test_KEXDH_INIT_GROUP14s$ $$%CZQUVVVVVr/c4|ddddS) KEXDH_INIT messages are processed when the diffie-hellman-group14-sha1 key exchange algorithm and the rsa-sha2-256 public key signature algorithm are requested. rrrNrrYs r0$test_KEXDH_INIT_GROUP14_rsa_sha2_256z.-UUU14:%%a66UUUr/ABCDEFrtrrrrrN r rFrqrr"rHrGrr%rrr$r?newKeyss` r0 test_keySetupz%ServerSSHTransportTests.test_keySetup; %/\\ "   ... -u555   ... -u555 b)I,A3+GHHHUUUU )@T@TUUU  J & + QZWQZWQZQR T     r/c<gd|j_d|j_t|j_d|j_|dd||jdtj df||jdtj d tj d ztj d zf|dd ||jdtj dfd S)a If the client advertised support for extension negotiation, then _keySetup sends SSH_MSG_EXT_INFO with the "server-sig-algs" extension as the next packet following the server's first SSH_MSG_NEWKEYS. See RFC 8308, sections 2.4 and 3.1. )rrrrTrDrEr/rsrrrBN)r rrFrqrrr"rHrr%rrr"rArYs r0test_keySetupWithExtInfoz0ServerSSHTransportTests.test_keySetupWithExtInfos *X)W)W &: %/\\ "-1 *   ... b)I,A3+GHHH  L &#).//0)@AAB       ... b)I,A3+GHHHHHr/c Vdj_tj_ddjjdddjjdjdtj dffdtdD}jjj |d |d |d |d |d |dfdS)rr/rDrErBrr/cHg|]}j|ddSrrrs r0rz>ServerSSHTransportTests.test_ECDH_keySetup..9rr/rrtrrrrrNrrs` r0test_ECDH_keySetupz*ServerSSHTransportTests.test_ECDH_keySetup.s2 %/\\ "   ... -u555   ... -u555 b)I,A3+GHHHUUUU )@T@TUUU  J & + QZWQZWQZQR T     r/c|tjdddd|j_|jd||jj|jj||jj ||jj d|j_ | dd|jd| |jj d|j_| dd|jd| |jj dS)zj Test that NEWKEYS transitions the keys in nextEncryptions to currentEncryptions. r9r/zlibrDrErBN)rr%rr r ssh_NEWKEYSassertIsrdryrjr}rr"assertIsNotNonerrYs r0 test_NEWKEYSz$ServerSSHTransportTests.test_NEWKEYS?sB ++---%.%9 Wgw& &  " s### dj3TZ5OPPP $*8999 $*8999-4 *   ... s### TZ;<<<-4 *   ... s### TZ;<<<< (*4 &  4 4 6 6777 --.ABBB#z1;;==AA$GGJ W  L2Ig&&)@@     q))) w/////r/cjd|j_|t|jjddS)rN)r rFrrrrYs r0%test_KEX_DH_GEX_REQUEST_OLD_badKexAlgzOServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLD_badKexAlgs1 !  *dj&KTRRRRRr/rcH|jg|j_|g|j_|j|j|jd|jj dd\}}| |j t j tj|dzfg| |jjd| |jj|dS)z Test that the KEX_DH_GEX_REQUEST message causes the server to reply with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman group.  rrr rN)r'r rrrr%rFrr#rr rHrrr"rJrr)r?rrrs r0test_KEX_DH_GEX_REQUESTzAServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUESTs -1,=+> (*6 &  4 4 6 6777 )) E    $z1;;==AA$GGJ W  L2Ig&&)@@     q))) w/////r/c ||jd\}}t|jjd|jj}t jdd}||jj j |t|jj||jj}||jj |t|||jj}|}|t j|jjdz|t j|jjdz|t j||d|t j|jj|t j|jj|t j||||||}|jt j|||jddt0jt j||zt j||zft0jd fgdS) z Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST_OLD causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. rrsrrr rtNr/)rr rrKrrr"rrHrprivate_numbersrLrOrr(rrArrrrJrHssh_KEX_DH_GEX_INITrr%MSG_KEX_DH_GEX_REPLYrr r?rrrrMrGr rr!s r0&test_KEX_DH_GEX_INIT_after_REQUEST_OLDzPServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_OLDs ((***"&*"9"9*"E"E K  a . . L< = =a @ /??AACQGGG 4:<DJL 1 1 7;;;aDJL11     4:677!;<<< 4:7881<=== :??,,--... $%%% 4:<(())) 4:<(())) 1   xxzz  &&vy||444  L 2Ijoo//00i 0 0 > >??@ &,  r/c ||jd\}}t|jjd|jj}t jdd}t|jj||jj}t|||jj}| }| t j |jj dz| t j |jj dz| t j || d| t j|jj| t j|jj| t j|| || ||}|jt j|||jdt(jt j ||zt j ||zfdS) z Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. rrrrrrtNrr rrKrrr"rrOr(rrArrrrJrHrrHrr%rrrs r0"test_KEX_DH_GEX_INIT_after_REQUESTzLServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUESTs= $$&&&"&*"9"9*"E"E K  a . . L< = =a @ 4:<DJL 1 1aDJL11     4:677!;<<< 4:7881<=== :??,,--... DEEE 4:<(())) 4:<(())) 1   xxzz  &&vy||444  LO. *//++,,)K,,\::;;<      r/c |d|jd\}}t|jjd|jj}t jdd}t|jj||jj}t|||jj}| }| t j |jj dz| t j |jj dz| t j || d| t j|jj| t j|jj| t j|| || ||}|jt j|||jdt(jt j ||zt j ||d zfd S) a& Test that the KEX_DH_GEX_INIT message after the client sends KEX_DH_GEX_REQUEST using a public key signature algorithm other than the default for the public key format causes the server to send a KEX_DH_GEX_INIT message with a public key and signature. r)rrrrrrrtrNrrs r0/test_KEX_DH_GEX_INIT_after_REQUEST_rsa_sha2_512zYServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_rsa_sha2_512sL $$/$BBB"&*"9"9/"J"J K  a . . L< = =a @ 4:<DJL 1 1aDJL11     4:677!;<<< 4:7881<=== :??,,--... DEEE 4:<(())) 4:<(())) 1   xxzz  &&vy||444  LO. *//++,,)$$\$QQ  r/N)r) r+r,r-rorrrrr r"r.r/r0r r qs000.SSS00002% % % N" " " H% % % % % r/r ceZdZdZdS)*ServerSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHServerTransport. NrQr.r/r0r$r$!rUr/r$ceZdZdZdS),ServerSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHServerTransport. NrQr.r/r0r&r&+rUr/r&ceZdZdZdZdS)ServerSSHTransportECDHBaseCasezE Elliptic Curve Diffie-Hellman tests for SSHServerTransport. c |jg|j_dg|j_|j|j|jd\}}|j}| }|j |}|j tj ||j||j |jj}|}|tj |jj|tj |jj|tj |jj|tj |jj|tj ||tj ||tj |j |jj|||}||} ||jt jtj |tj |j |jjztj | zft jdfgdS)z Test that the KEXDH_INIT message causes the server to send a KEXDH_REPLY with the server's public key and a signature. rr/N)r'r rrrr%rFr_generateECPrivateKeyr_encodeECPublicKeyrr"rA_generateECSharedSecretecPubr(rrrotherKexInitPayloadrrrHrrHrrr) r?rrecPrivr-encPubr rr!rs r0test_KEX_ECDH_INITz1ServerSSHTransportECDHBaseCase.test_KEX_ECDH_INIT:s -1,=+> (*4 &  4 4 6 6777"&*"9"9*"E"E K1133!!##..u55 --fi.?.?@@@z99 DJ11$*2BCC       4:899::: 4:677888 4:9::;;; 4:788999 :??,,--... 6""### 4:889IJJKKLLL xxzz $$\22   L-Ijoo//00i = =dj>N O OPPQi **+ &,  r/N)r+r,r-ror1r.r/r0r(r(5s-, , , , , r/r(ceZdZdZdS)ServerSSHTransportECDHTestsz: ecdh-sha2-nistp256 tests for SSHServerTransport. NrQr.r/r0r3r3irRr/r3ceZdZdZdS)'ServerSSHTransportCurve25519SHA256Testsz9 curve25519-sha256 tests for SSHServerTransport. NrQr.r/r0r5r5qrZr/r5cZeZdZUdZejZeeej e d<dZ dZ dS)ClientSSHTransportBaseCasez1 Base case for SSHClientTransport tests. rc$d|_|||j||ddt jt |tj dS)zC Mock version of SSHClientTransport.verifyHostKey. T:r/) calledVerifyHostKeyrHrreplacebinasciihexlifyrrHrsucceed)r?pubKey fingerprints r0 verifyHostKeyz(ClientSSHTransportBaseCase.verifyHostKeys$(  +++    c * *H,._checkRaisess FF& ' ' ' ' 'r/N)rrJrconnectionSecurerA addCallbackfail addErrback)r?rKds r0 test_notImplementedClientMethodsz8ClientSSHTransportTests.test_notImplementedClientMethodssv -tzz||/LMMM ( ( ( JJLL & &tT 2 2}}TY''22<@@@r/c|g|j_|j|j|jjj}|tj |ddd|dzz||j tj |jj fgdS)z Test that a KEXINIT packet with a group1 or group14 key exchange results in a correct KEXDH_INIT response. @param kexAlgorithm: The key exchange algorithm to use @type kexAlgorithm: L{str} rNrr)r rrr%rFrrrLrHr"rJrMSG_KEXDH_INITr)r?r'rrLs r0assertKexInitResponseForDHz2ClientSSHTransportTests.assertKexInitResponseForDHs-9> (  4 4 6 6777 J " 2 2 4 4 6 1abb)7dai+@AAA  LI4dj6TUV     r/c2|dddS)zq KEXINIT messages requesting diffie-hellman-group14-sha1 result in KEXDH_INIT responses. rrN)rTrYs r0test_KEXINIT_group14z,ClientSSHTransportTests.test_KEXINIT_group14s! ''(FMMMMMr/cdg|j_|jdd}|t |jj|dS)z Test that the client raises a ConchError if it receives a KEXINIT message but doesn't have a key exchange algorithm that we understand. sdiffie-hellman-group24-sha1sgroup14sgroup24N)r rr%rFr;rrr)r?rs r0test_KEXINIT_badKexAlgz.ClientSSHTransportTests.test_KEXINIT_badKexAlgsX -K+K (~##%%--j*EE *dj&=tDDDDDr/c,dtjdztjdztjdztjdztjdztjdztjdztjdztjdztjdzdzd z}|j|||jjd S) z If the server sends "ext-info-s" in its key exchange algorithms, then the client notes that the server supports extension negotiation. See RFC 8308, section 2.1. rs/diffie-hellman-group-exchange-sha256,ext-info-srr7r8r9r/r:r;N)r"rAr rrWrrs r0rz8ClientSSHTransportTests.test_KEXINITExtensionNegotiations iJKK Li ## $i && 'i &&  ' i %%  & i %%  &i   !i   !inn inn  " "  }---  :;;;;;r/cF|d}tj|}|jjj}|jj}t|||}t}| tj |jj dz| tj |jj dz| tj |j| |jj| || ||}|j|}||tj |j|zfS)a Utility for test_KEXDH_REPLY and test_disconnectKEXDH_REPLYBadSignature. Begins a Diffie-Hellman key exchange in the named group Group-14 and computes information needed to return either a correct or incorrect signature. r)rVr"rJr rrrLrrOrrrArrrrrHrCr) r?rGfMPrLrr rr!rs r0begin_KEXDH_REPLYz)ClientSSHTransportTests.begin_KEXDH_REPLY sD !!### ill J " 2 2 4 4 6 JLaA FF 4:677!;<<< 4:7881<=== 49%%&&& /000   xxzz L%%l33 i49)=)=)CDDr/c\}}fd}j|tj|z}|||S)zH Test that the KEXDH_REPLY message verifies the server. c|jjjdSrryrWr:rHr rGrFr!r?s r0_cbTestKEXDH_REPLYzDClientSSHTransportTests.test_KEXDH_REPLY.._cbTestKEXDH_REPLY- M   e $ $ $ OOD4 5 5 5   TZ1< @ @ @ @ @r/r\r ssh_KEX_DH_GEX_GROUPr"rArMr?r packetStartrarPr!s` @r0test_KEXDH_REPLYz(ClientSSHTransportTests.test_KEXDH_REPLY' s261G1G1I1I.y+ A A A A A A J + +K&)I:N:N,N O O ()))r/c Vdj_tj_ddjjdddjjdjdtj dffdtdD}jjj |d |d |d |d |d |dfdS)rrrDrErBrr/cHg|]}j|ddSrrrs r0rz9ClientSSHTransportTests.test_keySetup..B rr/rrrrtrrrNrrs` r0rz%ClientSSHTransportTests.test_keySetup7 rr/c|dgfd}||j_tjdddd|j_|dd||jj|jjt|j_|j d| |jj | |jj ||jj|jj|dd|j_|dd |j d||jj d|j_|dd |j d||jj d S) zl Test that NEWKEYS transitions the keys from nextEncryptions to currentEncryptions. Fcdd<dSrr.)securesr0stubConnectionSecurezBClientSSHTransportTests.test_NEWKEYS..stubConnectionSecureP sF1IIIr/r9rDrEr/rrsGHsIJN)rr rLr%rrr" assertIsNotrdrqrryrjr}rrWrrr)r?rmrls @r0rz$ClientSSHTransportTests.test_NEWKEYSH s ++---     '; #%.%9 Wgw& &  "   ... 6 8RSSS%/\\ " s### $*8999 $*8999 dj3TZ5OPPP q """-4 *   ... s### TZ;<<<-4 *   ... s### TZ;<<<<. d,,Y-UVVr/rcr?r!rrfrPs` r0&test_disconnectKEXDH_REPLYBadSignaturez>ClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignature| d261G1G1I1I.y+ J + +K&)DT:U:U,U V V}} V V V V   r/cdtjdztjdztjdztjdztjdztjdztjdztjdztjdztjdzdzd z}|j||jd t jt jt|j_ |jj |j_ t jt jt}| }| tjjtjj}t j|j_d|j_|jtjt+dtj|ztjd z|t2jd S O Test that KEX_ECDH_REPLY disconnects if the signature is bad. r6r/rr7r8r9r/r:r;sSSH-2.0-OpenSSH s bad-signatureNr"rAr rrr!generate_private_key SECP256R1rr/rr- public_bytesrEncodingX962 PublicFormatUncompressedPointcurverF_ssh_KEX_ECDH_REPLYrrrr^r%r`r?rthisPrivthisPubr0s r0)test_disconnectKEX_ECDH_REPLYBadSignaturezAClientSSHTransportTests.test_disconnectKEX_ECDH_REPLYBadSignature M i-.. /i ## $i && 'i &&  ' i %%  & i %%  &i   !i   !inn inn  " "  v&&&  67773BLNNODUDUVV :,7799 *2<>>?;L;LMM%%''%%  " ')C)U  <>> 1  && Ikmm1133J?DDFF G Gi i()) *   yGHHHHHr/cb|jd|dSrrrYs r0rz2ClientSSHTransportTests.test_disconnectNEWKEYSData rr/ct|j_|jd|dS)z Test that SERVICE_ACCEPT disconnects if the accepted protocol is differet from the asked-for protocol. sbadN)rr rqrrr^rYs r0test_disconnectSERVICE_ACCEPTz5ClientSSHTransportTests.test_disconnectSERVICE_ACCEPT sA *mm  %%&<===      r/ct|j_|jd||jjj|t|jddS)z Some commercial SSH servers don't send a payload with the SERVICE_ACCEPT message. Conch pretends that it got the correct name of the service. r/rN) rr rqrrrWrrHrxrrYs r0test_noPayloadSERVICE_ACCEPTz4ClientSSHTransportTests.test_noPayloadSERVICE_ACCEPT sh *mm  %%c***  +3444 T\**A.....r/N)r+r,r-rorrQrTrVrXrr\rgrrrsrvrrrrrr.r/r0rErEs/ 5 5 5D A A A   .NNNEEE<<<0EEE<    " = = =D555       ,I,I,I\!!!!!! / / / / /r/rEcPeZdZdZ eddZdZdZdZdZ dZ d Z d S) )ClientSSHTransportDHGroupExchangeBaseCasezE Diffie-Hellman group exchange tests for SSHClientTransport. FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFFc|jg|j_|j|j||jtjdfgdS)zt KEXINIT packet with a group-exchange key exchange results in a KEX_DH_GEX_REQUEST message.  N) r'r rrr%rFrHrMSG_KEX_DH_GEX_REQUESTrYs r0test_KEXINIT_groupexchangezDClientSSHTransportDHGroupExchangeBaseCase.test_KEXINIT_groupexchange st -1,=+> (  4 4 6 6777  L4G      r/c ||jtj|jtjdz||jj|j||jjd|jj j }|tj|ddd||jj tjtd||j||jddtj|jj fgdS)z Test that the KEX_DH_GEX_GROUP message results in a KEX_DH_GEX_INIT message with the client's Diffie-Hellman public key. rrNsrt)rr rdr"rJP1536rHrrrrrLrrKrr%MSG_KEX_DH_GEX_INITr{s r0test_KEX_DH_GEX_GROUPz?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_GROUP s: ''))) '' $*(=(= ! (LMMM tz222 q))) J " 2 2 4 4 6 1abb)=999  J *FIc!Q 6K6K,L,L     L +TZ-K L M     r/c||jj}d}tj|}t ||jjj|}| }| tj |jj dz| tj |jj dz| tj |j| d| tj|jtjdz| |jj| || ||}|j|}||tj |j|zfS)a Utility for test_KEX_DH_GEX_REPLY and test_disconnectGEX_REPLYBadSignature. Begins a Diffie-Hellman key exchange in an unnamed (server-specified) group and computes information needed to return either a correct or incorrect signature. rrr)rr rr"rJrOrrrLr(rrArrrrrrHrCr)r?rrGr[r rr!rs r0begin_KEX_DH_GEX_REPLYz@ClientSSHTransportDHGroupExchangeBaseCase.begin_KEX_DH_GEX_REPLY s ""$$$ JL illa!7!G!G!I!I!KQOO     4:677!;<<< 4:7881<=== 49%%&&& DEEE 4:&&15666 /000   xxzz L%%l33 i49)=)=)CDDr/c\}}fd}j|tj|z}|||S)z^ Test that the KEX_DH_GEX_REPLY message results in a verified server. c|jjjdSrr_r`s r0_cbTestKEX_DH_GEX_REPLYz`ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY.._cbTestKEX_DH_GEX_REPLY0 rbr/rr ssh_KEX_DH_GEX_REPLYr"rArM)r?rrfrrPr!s` @r0test_KEX_DH_GEX_REPLYz?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY) s 261L1L1N1N.y+ A A A A A A J + +K&)I:N:N,N O O -...r/c\}}}j|tjdz}|fdS)zQ Test that KEX_DH_GEX_REPLY disconnects if the signature is bad. rxcBtjSrrzr{s r0rtz`ClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignature..A r}r/rr~s` r0$test_disconnectGEX_REPLYBadSignaturezNClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignature9 sd261L1L1N1N.y+ J + +K&)DT:U:U,U V V}} V V V V   r/cdtjdztjdztjdztjdztjdztjdztjdztjdztjdztjdzdzd z}|j||jd t jt jt|j_ |jj |j_ t jt jt}| }| tjjtjj}t j|j_d|j_|jtjt+dtj|ztjd z|t2jd Srrrs r0rzSClientSSHTransportDHGroupExchangeBaseCase.test_disconnectKEX_ECDH_REPLYBadSignatureD rr/N) r+r,r-rorrrrrrrrr.r/r0rr s C ;   E   $   &EEE>    ,I,I,I,I,Ir/rceZdZdZdS)*ClientSSHTransportDHGroupExchangeSHA1TestszJ diffie-hellman-group-exchange-sha1 tests for SSHClientTransport. NrQr.r/r0rrs rUr/rceZdZdZdS),ClientSSHTransportDHGroupExchangeSHA256TestszL diffie-hellman-group-exchange-sha256 tests for SSHClientTransport. NrQr.r/r0rr} rUr/rc*eZdZdZdZdZdZdZdS)ClientSSHTransportECDHBaseCasezE Elliptic Curve Diffie-Hellman tests for SSHClientTransport. c D|jg|j_|j|j||jtjtj |j |jj fgdS)zm KEXINIT packet with an elliptic curve key exchange results in a KEXDH_INIT message. N) r'r rrr%rFrHrrSr"rAr+r-rYs r0 test_KEXINITz+ClientSSHTransportECDHBaseCase.test_KEXINIT s -1,=+> (  4 4 6 6777  L,Idj;;DJ._cbTestKEXDH_REPLY rbr/rcres` @r0rgz/ClientSSHTransportECDHBaseCase.test_KEXDH_REPLY s261G1G1I1I.y+ A A A A A A J + +K&)I:N:N,N O O ()))r/c\}}}j|tjdz}|fdS)rrxcBtjSrrzr{s r0rtzWClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignature.. r}r/rcr~s` r0rzEClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignature rr/N)r+r,r-rorr\rgrr.r/r0rr s^   $"W"W"WH         r/rceZdZdZdS)ClientSSHTransportECDHTestsz: ecdh-sha2-nistp256 tests for SSHClientTransport. NrQr.r/r0rr rRr/rceZdZdZdS)'ClientSSHTransportCurve25519SHA256Testsz9 curve25519-sha256 tests for SSHClientTransport. NrQr.r/r0rr rZr/rcPeZdZdZereZdZdZdZdZ dZ dZ dZ d Z d Zd S) GetMACTestsz* Tests for L{SSHCiphers._getMAC}. c>tjdddd|_dS)Nrrirr)r%rrrYs r0rzGetMACTests.setUp s +D$dCC r/c tdS)z Generate a new shared secret to be used with the tests. @return: A new secret. @rtype: L{bytes} @rrYs r0getSharedSecretzGetMACTests.getSharedSecret sb!!!r/c|}|j||}|d|d|zz}tdt |D}tdt |D} |||| |f||||jdS)a Check that when L{SSHCiphers._getMAC} is called with a supportd HMAC algorithm name it returns a tuple of (digest object, inner pad, outer pad, digest size) with a C{key} attribute set to the value of the key supplied. @param hmacName: Identifier of HMAC algorithm. @type hmacName: L{bytes} @param hashProcessor: Callable for the hash algorithm. @type hashProcessor: C{callable} @param digestSize: Size of the digest for algorithm. @type digestSize: L{int} @param blockPadSize: Size of padding applied to the shared secret to match the block size. @type blockPadSize: L{int} Nr:c3:K|]}t|dz VdS)6Nr`rbs r0rz+GetMACTests.assertGetMAC.. ,??1Q$??????r/c3:K|]}t|dz VdS)\Nrrs r0rz+GetMACTests.assertGetMAC.. rr/)rr_getMACrrrHr) r?hmacNamer( digestSize blockPadSizesecretparamsrinnerPadouterPads r0 assertGetMACzGetMACTests.assertGetMAC s(%%''%%h77[j[!Gl$::?? #??????? #????? -8ZH&QQQ fj)))))r/cB|dtdddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-512"} MAC algorithm name it returns a tuple of (sha512 digest object, inner pad, outer pad, sha512 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-512rrrN)rrrYs r0test_hmacsha2512zGetMACTests.test_hmacsha2512 ) *FrPRSSSSSr/cB|dtdddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-384"} MAC algorithm name it returns a tuple of (sha384 digest object, inner pad, outer pad, sha384 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-3840PrN)rrrYs r0test_hmacsha2384zGetMACTests.test_hmacsha2384) rr/cB|dtdddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-256"} MAC algorithm name it returns a tuple of (sha256 digest object, inner pad, outer pad, sha256 digest size) with a C{key} attribute set to the value of the key supplied. s hmac-sha2-256 rN)rrrYs r0test_hmacsha2256zGetMACTests.test_hmacsha22562 rr/cB|dtdddS)a  When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha1"} MAC algorithm name it returns a tuple of (sha1 digest object, inner pad, outer pad, sha1 digest size) with a C{key} attribute set to the value of the key supplied. r8,rN)rrrYs r0 test_hmacsha1zGetMACTests.test_hmacsha1; s' ,"MMMMMr/cB|dtdddS)a When L{SSHCiphers._getMAC} is called with the C{b"hmac-md5"} MAC algorithm name it returns a tuple of (md5 digest object, inner pad, outer pad, md5 digest size) with a C{key} attribute set to the value of the key supplied. rrrrN)rrrYs r0 test_hmacmd5zGetMACTests.test_hmacmd5D s' +srKKKKKr/c|}|jd|}|d|dS)z When L{SSHCiphers._getMAC} is called with the C{b"none"} MAC algorithm name it returns a tuple of (None, "", "", 0). r9)Nr/r/rN)rrrrH)r?rrs r0 test_nonezGetMACTests.test_noneM sI ""$$%%gs33 ,f55555r/N)r+r,r-rorrErrrrrrrrrr.r/r0rr sDDD"""***<TTTTTTTTTNNNLLL 6 6 6 6 6r/rc8eZdZdZereZdZdZdZdZ dZ dS)SSHCiphersTestsz0 Tests for the SSHCiphers helper class. c tjdddd}||jd||jd||jd||jddS)zJ Test that the initializer sets up the SSHCiphers object. rrirrN)r%rrHrrrr)r?rs r0 test_initzSSHCiphersTests.test_inita s&tT4>> +T222 *D111 +T222 *D11111r/c4tjdddd}dx}}|jD]b\}\}}}||||}|dkr!||tjG||j|cdS)zM Test that the _getCipher method returns the correct cipher. rrirrrr9N)r%r cipherMaprrassertIsInstance _DummyCipher algorithm) r?rrrralgClasskeySizecountercips r0test_getCipherzSSHCiphersTests.test_getCipherk s&tT4>>S5<5F5L5L5N5N ? ? 1G1h$$Wb#66C'!!%%c9+ABBBB%%cmX>>>>  ? ?r/c  d}tjjD]}tjj|\}}}tj|ddd}tjd|dd}||||}|jjdz} |||dddd|dd||dd| |j | | |j | | } | |d| } | |d| } | ||d| | | ||d| | | || |d| | || |d| dS)z8 Test that setKeys sets up the ciphers. @r9rr/N)r%r1rrrrr block_sizerrHryr encryptorrr|r) r?rrmodNamerr encCipher decCipherrbsrencenc2s r0test_setKeysCiphersz#SSHCiphersTests.test_setKeysCiphersx s 1B @ @G(1(<(Fw(O %GWg!,WgwPPI!,WgwPPI&&wS99C)Q.B   c3S#s ; ; ;   c3S#s ; ; ;   Y3R 8 8 8   Y3R 8 8 8 I""3ss8,,C##CH--D   Y..s3B3x88# > > >   Y..s3B3x88$ ? ? ?   Y..s33S"X > > >   Y..t44c#2#h ? ? ? ?! @ @r/c d}tjjD]T\}}tjdd|d}tjddd|}|dddd|d|ddddd||r|j}nd}||j||r|||\}}}}d} |} d|z} |r?||||| z z } nd} || | | | | | | | | VdS)z5 Test that setKeys sets up the MACs. rr9r/rr;N) r%rmacMaprr digest_sizerHrrrHrrWr) r?rmacNamemodoutMacinMacdsioseqidrrmmacs r0test_setKeysMACsz SSHCiphersTests.test_setKeysMACs s%07==?? < >@@   V^^E488# > > > OOELLc:: ; ; ; ;) < LNrzFailed HMAC test vector; key=z data=) r%rrrstructunpackrHr<r=r)r?vectorsrrrrr shorteneds r0 test_makeMACzSSHCiphersTests.test_makeMAC s    &  NCs)'7KQQF"NN;<. 1E1EtTl1S1Sr/c*tjdSr)rr>)rLrMs r0rtz9TransportLoopbackTests._runClientServer.. sEM$,?,?r/c<j||fSrr^)rrclients r0rtz9TransportLoopbackTests._runClientServer.. r r/c,Sr)r)r#sr0rtz9TransportLoopbackTests._runClientServer.. s&*?*?*A*Ar/ct|jd|jd|jd|jdg}|jg|jtjdfg|jddkrQ | | | |nP | | | ||jddkrR | | | |dS | | | |dS)Nrsuser closed connectionr9) reprrrrrrHrTr%r rUrrWr)ignoredrr#rr?s r0checkz6TransportLoopbackTests._runClientServer..check s+A.(+0303 D   V]B / / /    68QRS   &q)W44  !3!3!5!5t<<<  !3!3!5!5t<<<< 2 2 4 4d;;; 2 2 4 4d;;;#A&'11  !2!2!4!4d;;;  !2!2!4!4d;;;;; 1 1 3 3T::: 1 1 3 3T:::::r/)rr%r5r#rrTrbr8rArLlistrr$rr loopbackAsyncrM)r?r r#r(rPr#rs` @@r0_runClientServerz'TransportLoopbackTests._runClientServer s---//  SSSS-//?? SSSS"A"A"A"A%)&.*F*F*H*H*M*M*O*O%P%P"VV ; ; ; ; ;6  "66 2 2 eVV,,,r/cg}tjjdgzD]/fd}|||0t j|dS)z{ Test that the client and server play nicely together, in all the various combinations of ciphers. r9cg|_|Srrv)r ciphers r0 setCipherz6TransportLoopbackTests.test_ciphers..setCipher s*0& r/TfireOnOneErrback)r%r1rr_r+r DeferredList)r? deferredsr/r.s @r0 test_ciphersz#TransportLoopbackTests.test_ciphers s|  0AWIM ? ?F        T229== > > > >!)dCCCCr/cg}tjjdgzD]/fd}|||0t j|dS)z> Like test_ciphers, but for the various MACs. r9cg|_|Srr{)r rs r0setMACz0TransportLoopbackTests.test_macs..setMAC s'*e# r/Tr0)r%r1rr_r+rr2)r?r3r7rs @r0 test_macsz TransportLoopbackTests.test_macs s| -;wiG < .setKeyExchange) s/;n+ r/Tr0)r%r1rr_r+rr2)r?r3r;r's @r0test_keyexchangesz(TransportLoopbackTests.test_keyexchanges" sw %6L D DL        T22>BB C C C C!)dCCCCr/cg}tjjD]/fd}|||0t j|dS)zF Like test_ciphers, but for the various compressions. cg|_|Srrq)r  compressions r0setCompressionz@TransportLoopbackTests.test_compressions..setCompression7 s/:m+ r/Tr0)r%r1rr_r+rr2)r?r3r@r?s @r0test_compressionsz(TransportLoopbackTests.test_compressions0 sw $5K D DK        T22>BB C C C C!)dCCCCr/N) r+r,r-rorrEr+r4r8r<rAr.r/r0rr s555n D D D D D D D D D D D D D Dr/r)mror<rCrMrr hashlibrrrrrtypingrr r r r twistedr rItwisted.conch.errorrtwisted.conch.sshrrrtwisted.internetrtwisted.protocolsrtwisted.pythonrtwisted.python.compatrtwisted.python.randbytesrtwisted.python.reflectr twisted.testrtwisted.trial.unittestrrstrr#rcryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr r!r"r#r$r%twisted.conch.testr&x25519_supportedrDrHrOr1rQrqr SSHServicerr<rrrrrr%r*r.r1r3r5r@rPrTrWrYr\rrr r$r&r(r3r5r7rErrrrrrrrrr.r/r0rWs}   5555555555555544444444444444222222******4444444444""""""&&&&&&$$$$$$++++++333333000000&&&&&&++++++}^,,  "N<<<<<<<<<<<<<<<<<<@@@@@@@@BBBBBBBBBBBB******&((99;; :9    ###B%B%B%B%B% 2B%B%B%J>@>@>@>@>@>@>@>@B         0 0 0 0 0'$ 0 0 0F(1(1(1(1(1'$(1(1(1V     {            (:9:9:9:9:9:9:9:9zJJJJJJJJr ;r ;r ;r ;r ;46Gr ;r ;r ;jTTTTT.FTTT&+-EGX++Y8I+-BDUb b b b b b b b J!D$yKyKyKyKyK8:KyKyKyKx m m m m m 0Jm m m `--1 1 1 1 1 %?1 1 1 h"I/@"$9;L66666!D6664z/z/z/z/z/8:Kz/z/z/z _I_I_I_I_I0J_I_I_ID--S S S S S %?S S S l"I/@"$9;Lh6h6h6h6h6(h6h6h6VjjjjjhjjjZvDvDvDvDvDXvDvDvDvDvDr/