132 lines
3.3 KiB
Go
132 lines
3.3 KiB
Go
// Copyright 2011 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto"
|
|
"crypto/rand"
|
|
"testing"
|
|
)
|
|
|
|
func TestDefaultCiphersExist(t *testing.T) {
|
|
for _, cipherAlgo := range supportedCiphers {
|
|
if _, ok := cipherModes[cipherAlgo]; !ok {
|
|
t.Errorf("supported cipher %q is unknown", cipherAlgo)
|
|
}
|
|
}
|
|
for _, cipherAlgo := range preferredCiphers {
|
|
if _, ok := cipherModes[cipherAlgo]; !ok {
|
|
t.Errorf("preferred cipher %q is unknown", cipherAlgo)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestPacketCiphers(t *testing.T) {
|
|
defaultMac := "hmac-sha2-256"
|
|
defaultCipher := "aes128-ctr"
|
|
for cipher := range cipherModes {
|
|
t.Run("cipher="+cipher,
|
|
func(t *testing.T) { testPacketCipher(t, cipher, defaultMac) })
|
|
}
|
|
for mac := range macModes {
|
|
t.Run("mac="+mac,
|
|
func(t *testing.T) { testPacketCipher(t, defaultCipher, mac) })
|
|
}
|
|
}
|
|
|
|
func testPacketCipher(t *testing.T, cipher, mac string) {
|
|
kr := &kexResult{Hash: crypto.SHA1}
|
|
algs := directionAlgorithms{
|
|
Cipher: cipher,
|
|
MAC: mac,
|
|
Compression: "none",
|
|
}
|
|
client, err := newPacketCipher(clientKeys, algs, kr)
|
|
if err != nil {
|
|
t.Fatalf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
|
|
}
|
|
server, err := newPacketCipher(clientKeys, algs, kr)
|
|
if err != nil {
|
|
t.Fatalf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
|
|
}
|
|
|
|
want := "bla bla"
|
|
input := []byte(want)
|
|
buf := &bytes.Buffer{}
|
|
if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
|
|
t.Fatalf("writePacket(%q, %q): %v", cipher, mac, err)
|
|
}
|
|
|
|
packet, err := server.readPacket(0, buf)
|
|
if err != nil {
|
|
t.Fatalf("readPacket(%q, %q): %v", cipher, mac, err)
|
|
}
|
|
|
|
if string(packet) != want {
|
|
t.Errorf("roundtrip(%q, %q): got %q, want %q", cipher, mac, packet, want)
|
|
}
|
|
}
|
|
|
|
func TestCBCOracleCounterMeasure(t *testing.T) {
|
|
kr := &kexResult{Hash: crypto.SHA1}
|
|
algs := directionAlgorithms{
|
|
Cipher: aes128cbcID,
|
|
MAC: "hmac-sha1",
|
|
Compression: "none",
|
|
}
|
|
client, err := newPacketCipher(clientKeys, algs, kr)
|
|
if err != nil {
|
|
t.Fatalf("newPacketCipher(client): %v", err)
|
|
}
|
|
|
|
want := "bla bla"
|
|
input := []byte(want)
|
|
buf := &bytes.Buffer{}
|
|
if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
|
|
t.Errorf("writePacket: %v", err)
|
|
}
|
|
|
|
packetSize := buf.Len()
|
|
buf.Write(make([]byte, 2*maxPacket))
|
|
|
|
// We corrupt each byte, but this usually will only test the
|
|
// 'packet too large' or 'MAC failure' cases.
|
|
lastRead := -1
|
|
for i := 0; i < packetSize; i++ {
|
|
server, err := newPacketCipher(clientKeys, algs, kr)
|
|
if err != nil {
|
|
t.Fatalf("newPacketCipher(client): %v", err)
|
|
}
|
|
|
|
fresh := &bytes.Buffer{}
|
|
fresh.Write(buf.Bytes())
|
|
fresh.Bytes()[i] ^= 0x01
|
|
|
|
before := fresh.Len()
|
|
_, err = server.readPacket(0, fresh)
|
|
if err == nil {
|
|
t.Errorf("corrupt byte %d: readPacket succeeded ", i)
|
|
continue
|
|
}
|
|
if _, ok := err.(cbcError); !ok {
|
|
t.Errorf("corrupt byte %d: got %v (%T), want cbcError", i, err, err)
|
|
continue
|
|
}
|
|
|
|
after := fresh.Len()
|
|
bytesRead := before - after
|
|
if bytesRead < maxPacket {
|
|
t.Errorf("corrupt byte %d: read %d bytes, want more than %d", i, bytesRead, maxPacket)
|
|
continue
|
|
}
|
|
|
|
if i > 0 && bytesRead != lastRead {
|
|
t.Errorf("corrupt byte %d: read %d bytes, want %d bytes read", i, bytesRead, lastRead)
|
|
}
|
|
lastRead = bytesRead
|
|
}
|
|
}
|