Merge branch 'master' into 471-int

author: Jeff Forcier <jeff@bitprophet.org> 2017-06-06 15:15:40 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2017-06-06 15:15:40 -0700
commit: 996fb6fd8ffb6df4f56c81e2ff199b9a600ecfc6 (patch)
tree: 4571659cb5f9320275cfedccc3ae897b0f425343 /tests/test_kex.py
parent: 57394f5199ff75abc87b0373e18be2102540d50d (diff)
parent: ddb277d4e4989e914b67ff26c14c7c298e7fab9f (diff)
1 files changed, 175 insertions, 2 deletions
diff --git a/tests/test_kex.py b/tests/test_kex.py
index 56f1b7c7..b7f588f7 100644
--- a/tests/test_kex.py
+++ b/tests/test_kex.py
@@ -20,20 +20,33 @@
 Some unit tests for the key exchange protocols.
 """
 
-from binascii import hexlify
+from binascii import hexlify, unhexlify
 import os
 import unittest
 
 import paramiko.util
 from paramiko.kex_group1 import KexGroup1
-from paramiko.kex_gex import KexGex
+from paramiko.kex_gex import KexGex, KexGexSHA256
 from paramiko import Message
 from paramiko.common import byte_chr
+from paramiko.kex_ecdh_nist import KexNistp256
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import ec
 
 
 def dummy_urandom(n):
     return byte_chr(0xcc) * n
 
+def dummy_generate_key_pair(obj):
+    private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037
+    public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989"
+    public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256R1(), unhexlify(public_key_numbers))
+    obj.P = ec.EllipticCurvePrivateNumbers(private_value=private_key_value, public_numbers=public_key_numbers_obj).private_key(default_backend())
+    if obj.transport.server_mode:
+        obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256R1(), unhexlify(public_key_numbers)).public_key(default_backend())
+        return
+    obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256R1(), unhexlify(public_key_numbers)).public_key(default_backend())
+
 
 class FakeKey (object):
     def __str__(self):
@@ -93,9 +106,12 @@ class KexTest (unittest.TestCase):
     def setUp(self):
         self._original_urandom = os.urandom
         os.urandom = dummy_urandom
+        self._original_generate_key_pair = KexNistp256._generate_key_pair
+        KexNistp256._generate_key_pair = dummy_generate_key_pair
 
     def tearDown(self):
         os.urandom = self._original_urandom
+        KexNistp256._generate_key_pair = self._original_generate_key_pair
 
     def test_1_group1_client(self):
         transport = FakeTransport()
@@ -252,3 +268,160 @@ class KexTest (unittest.TestCase):
         self.assertEqual(H, hexlify(transport._H).upper())
         self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
         self.assertTrue(transport._activated)
+
+    def test_7_gex_sha256_client(self):
+        transport = FakeTransport()
+        transport.server_mode = False
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        x = b'22000004000000080000002000'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_GROUP,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(FakeModulusPack.P)
+        msg.add_mpint(FakeModulusPack.G)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_GROUP, msg)
+        x = b'20000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D4'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REPLY,), transport._expect)
+
+        msg = Message()
+        msg.add_string('fake-host-key')
+        msg.add_mpint(69)
+        msg.add_string('fake-sig')
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REPLY, msg)
+        H = b'AD1A9365A67B4496F05594AD1BF656E3CDA0851289A4C1AFF549FEAE50896DF4'
+        self.assertEqual(self.K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual((b'fake-host-key', b'fake-sig'), transport._verify)
+        self.assertTrue(transport._activated)
+
+    def test_8_gex_sha256_old_client(self):
+        transport = FakeTransport()
+        transport.server_mode = False
+        kex = KexGexSHA256(transport)
+        kex.start_kex(_test_old_style=True)
+        x = b'1E00000800'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_GROUP,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(FakeModulusPack.P)
+        msg.add_mpint(FakeModulusPack.G)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_GROUP, msg)
+        x = b'20000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D4'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REPLY,), transport._expect)
+
+        msg = Message()
+        msg.add_string('fake-host-key')
+        msg.add_mpint(69)
+        msg.add_string('fake-sig')
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REPLY, msg)
+        H = b'518386608B15891AE5237DEE08DCADDE76A0BCEFCE7F6DB3AD66BC41D256DFE5'
+        self.assertEqual(self.K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual((b'fake-host-key', b'fake-sig'), transport._verify)
+        self.assertTrue(transport._activated)
+
+    def test_9_gex_sha256_server(self):
+        transport = FakeTransport()
+        transport.server_mode = True
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD), transport._expect)
+
+        msg = Message()
+        msg.add_int(1024)
+        msg.add_int(2048)
+        msg.add_int(4096)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, msg)
+        x = b'1F0000008100FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF0000000102'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_INIT,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(12345)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_INIT, msg)
+        K = 67592995013596137876033460028393339951879041140378510871612128162185209509220726296697886624612526735888348020498716482757677848959420073720160491114319163078862905400020959196386947926388406687288901564192071077389283980347784184487280885335302632305026248574716290537036069329724382811853044654824945750581
+        H = b'CCAC0497CF0ABA1DBF55E1A3995D17F4CC31824B0E8D95CDF8A06F169D050D80'
+        x = b'210000000866616B652D6B6579000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D40000000866616B652D736967'
+        self.assertEqual(K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertTrue(transport._activated)
+
+    def test_10_gex_sha256_server_with_old_client(self):
+        transport = FakeTransport()
+        transport.server_mode = True
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD), transport._expect)
+
+        msg = Message()
+        msg.add_int(2048)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD, msg)
+        x = b'1F0000008100FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF0000000102'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_INIT,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(12345)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_INIT, msg)
+        K = 67592995013596137876033460028393339951879041140378510871612128162185209509220726296697886624612526735888348020498716482757677848959420073720160491114319163078862905400020959196386947926388406687288901564192071077389283980347784184487280885335302632305026248574716290537036069329724382811853044654824945750581
+        H = b'3DDD2AD840AD095E397BA4D0573972DC60F6461FD38A187CACA6615A5BC8ADBB'
+        x = b'210000000866616B652D6B6579000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D40000000866616B652D736967'
+        self.assertEqual(K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertTrue(transport._activated)
+
+    def test_11_kex_nistp256_client(self):
+        K = 91610929826364598472338906427792435253694642563583721654249504912114314269754
+        transport = FakeTransport()
+        transport.server_mode = False
+        kex = KexNistp256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_ecdh_nist._MSG_KEXECDH_REPLY,), transport._expect)
+
+        #fake reply
+        msg = Message()
+        msg.add_string('fake-host-key')
+        Q_S = unhexlify("043ae159594ba062efa121480e9ef136203fa9ec6b6e1f8723a321c16e62b945f573f3b822258cbcd094b9fa1c125cbfe5f043280893e66863cc0cb4dccbe70210")
+        msg.add_string(Q_S)
+        msg.add_string('fake-sig')
+        msg.rewind()
+        kex.parse_next(paramiko.kex_ecdh_nist._MSG_KEXECDH_REPLY, msg)
+        H = b'BAF7CE243A836037EB5D2221420F35C02B9AB6C957FE3BDE3369307B9612570A'
+        self.assertEqual(K, kex.transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual((b'fake-host-key', b'fake-sig'), transport._verify)
+        self.assertTrue(transport._activated)
+
+    def test_12_kex_nistp256_server(self):
+        K = 91610929826364598472338906427792435253694642563583721654249504912114314269754
+        transport = FakeTransport()
+        transport.server_mode = True
+        kex = KexNistp256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_ecdh_nist._MSG_KEXECDH_INIT,), transport._expect)
+
+        #fake init
+        msg=Message()
+        Q_C = unhexlify("043ae159594ba062efa121480e9ef136203fa9ec6b6e1f8723a321c16e62b945f573f3b822258cbcd094b9fa1c125cbfe5f043280893e66863cc0cb4dccbe70210")
+        H = b'2EF4957AFD530DD3F05DBEABF68D724FACC060974DA9704F2AEE4C3DE861E7CA'
+        msg.add_string(Q_C)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_ecdh_nist._MSG_KEXECDH_INIT, msg)
+        self.assertEqual(K, transport._K)
+        self.assertTrue(transport._activated)
+        self.assertEqual(H, hexlify(transport._H).upper())
author	Jeff Forcier <jeff@bitprophet.org>	2017-06-06 15:15:40 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2017-06-06 15:15:40 -0700
commit	996fb6fd8ffb6df4f56c81e2ff199b9a600ecfc6 (patch)
tree	4571659cb5f9320275cfedccc3ae897b0f425343 /tests/test_kex.py
parent	57394f5199ff75abc87b0373e18be2102540d50d (diff)
parent	ddb277d4e4989e914b67ff26c14c7c298e7fab9f (diff)