elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-06-22 02:33:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120).

Browse Source
This commit is contained in:
Joe Testa
2023-04-25 09:17:32 -04:00
parent 4f31304b66
commit 263267c5ad
34 changed files with 556 additions and 308 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json
View File

@ -10,7 +10,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"
"mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes"
},
{
"actual": [
@ -22,7 +22,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"
"mismatched_field": "CA signature size (ssh-rsa)"
}
],
"host": "localhost",

19
test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt
View File

@ -1,13 +1,28 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker poliicy: test10 (version 1)
Result: ❌ Failed!

Errors:
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
* CA signature size (ssh-rsa) did not match.
- Expected: 4096
- Actual: 1024
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
* Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
- Expected: 4096
- Actual: 3072


15
test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt
View File

@ -1,3 +1,18 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker poliicy: test7 (version 1)
Result: ✔ Passed

2
test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json
View File

@ -10,7 +10,7 @@
"expected_required": [
"2048"
],
"mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"
"mismatched_field": "CA signature size (ssh-rsa)"
}
],
"host": "localhost",

17
test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt
View File

@ -1,9 +1,24 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker poliicy: test8 (version 1)
Result: ❌ Failed!

Errors:
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
* CA signature size (ssh-rsa) did not match.
- Expected: 2048
- Actual: 1024


2
test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json
View File

@ -10,7 +10,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"
"mismatched_field": "Host key (ssh-rsa-cert-v01@openssh.com) sizes"
}
],
"host": "localhost",

17
test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt
View File

@ -1,9 +1,24 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker poliicy: test9 (version 1)
Result: ❌ Failed!

Errors:
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
* Host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
- Expected: 4096
- Actual: 3072


1
test/docker/expected_results/openssh_5.6p1_test2.json
View File

@ -139,6 +139,7 @@
},
{
"algorithm": "ssh-rsa-cert-v01@openssh.com",
"ca_algorithm": "ssh-rsa",
"casize": 1024,
"keysize": 1024
}

9
test/docker/expected_results/openssh_5.6p1_test2.txt
View File

@ -40,10 +40,11 @@
 `- [fail] using small 1024-bit modulus
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit hostkey modulus
 `- [fail] using small 1024-bit CA key modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

1
test/docker/expected_results/openssh_5.6p1_test3.json
View File

@ -139,6 +139,7 @@
},
{
"algorithm": "ssh-rsa-cert-v01@openssh.com",
"ca_algorithm": "ssh-rsa",
"casize": 3072,
"keysize": 1024
}

8
test/docker/expected_results/openssh_5.6p1_test3.txt
View File

@ -40,10 +40,10 @@
 `- [fail] using small 1024-bit modulus
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit hostkey modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

1
test/docker/expected_results/openssh_5.6p1_test4.json
View File

@ -139,6 +139,7 @@
},
{
"algorithm": "ssh-rsa-cert-v01@openssh.com",
"ca_algorithm": "ssh-rsa",
"casize": 1024,
"keysize": 3072
}

8
test/docker/expected_results/openssh_5.6p1_test4.txt
View File

@ -39,10 +39,10 @@
(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm
 `- [fail] using small 1024-bit CA key modulus
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

1
test/docker/expected_results/openssh_5.6p1_test5.json
View File

@ -139,6 +139,7 @@
},
{
"algorithm": "ssh-rsa-cert-v01@openssh.com",
"ca_algorithm": "ssh-rsa",
"casize": 3072,
"keysize": 3072
}

6
test/docker/expected_results/openssh_5.6p1_test5.txt
View File

@ -39,9 +39,9 @@
(key) ssh-rsa (3072-bit) -- [fail] using broken SHA-1 hash algorithm
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using broken SHA-1 hash algorithm
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm
`- [info] available since OpenSSH 5.6
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

9
test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt
View File

@ -1,3 +1,12 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker policy: test11 (version 1)
Result: ✔ Passed

6
test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json
View File

@ -10,7 +10,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA host key (rsa-sha2-256) sizes"
"mismatched_field": "Host key (rsa-sha2-256) sizes"
},
{
"actual": [
@ -22,7 +22,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA host key (rsa-sha2-512) sizes"
"mismatched_field": "Host key (rsa-sha2-512) sizes"
},
{
"actual": [
@ -34,7 +34,7 @@
"expected_required": [
"4096"
],
"mismatched_field": "RSA host key (ssh-rsa) sizes"
"mismatched_field": "Host key (ssh-rsa) sizes"
}
],
"host": "localhost",

15
test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt
View File

@ -1,17 +1,26 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker policy: test12 (version 1)
Result: ❌ Failed!

Errors:
* RSA host key (rsa-sha2-256) sizes did not match.
* Host key (rsa-sha2-256) sizes did not match.
- Expected: 4096
- Actual: 3072
* RSA host key (rsa-sha2-512) sizes did not match.
* Host key (rsa-sha2-512) sizes did not match.
- Expected: 4096
- Actual: 3072
* RSA host key (ssh-rsa) sizes did not match.
* Host key (ssh-rsa) sizes did not match.
- Expected: 4096
- Actual: 3072


12
test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt
View File

@ -1,3 +1,15 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker policy: test13 (version 1)
Result: ✔ Passed

12
test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt
View File

@ -1,3 +1,15 @@
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
WARNING: this policy is using deprecated features. Future versions of ssh-audit may remove support for them. Re-generating the policy file is perhaps the most straight-forward way of resolving this issue. Manually converting the 'hostkey_size_*', 'cakey_size_*', and 'dh_modulus_size_*' directives into the new format is another option.
Host: localhost:2222
Policy: Docker policy: test14 (version 1)
Result: ❌ Failed!

4
test/docker/expected_results/openssh_8.0p1_test2.json
View File

@ -92,7 +92,9 @@
"algorithm": "ssh-ed25519"
},
{
"algorithm": "ssh-ed25519-cert-v01@openssh.com"
"algorithm": "ssh-ed25519-cert-v01@openssh.com",
"ca_algorithm": "ssh-ed25519",
"casize": 256
}
],
"mac": [

2
test/docker/expected_results/openssh_8.0p1_test2.txt
View File

@ -34,7 +34,7 @@
# host-key algorithms
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5
(key) ssh-ed25519-cert-v01@openssh.com (256-bit cert/256-bit ssh-ed25519 CA) -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5

21
test/test_build_struct.py
View File

@ -1,6 +1,7 @@
import os
import pytest
from ssh_audit.outputbuffer import OutputBuffer
from ssh_audit.ssh2_kex import SSH2_Kex
from ssh_audit.ssh2_kexparty import SSH2_KexParty
@ -13,7 +14,7 @@ def kex(ssh_audit):
enc, mac, compression, languages = [], [], ['none'], []
srv = SSH2_KexParty(enc, mac, compression, languages)
cookie = os.urandom(16)
kex = SSH2_Kex(cookie, kex_algs, key_algs, cli, srv, 0)
kex = SSH2_Kex(OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0)
return kex
@ -25,15 +26,15 @@ def test_prevent_runtime_error_regression(ssh_audit, kex):
keys, and an error occurred when iterating and modifying them at the
same time.
"""
kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00")
kex.set_host_key("ssh-rsa", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa1", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa2", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa3", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa4", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa5", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa6", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
rv = ssh_audit.build_struct('localhost', None, [], kex=kex)

4
test/test_policy.py
View File

@ -2,6 +2,7 @@ import hashlib
import pytest
from datetime import date
from ssh_audit.outputbuffer import OutputBuffer
from ssh_audit.policy import Policy
from ssh_audit.ssh2_kex import SSH2_Kex
from ssh_audit.writebuf import WriteBuf
@ -10,6 +11,7 @@ from ssh_audit.writebuf import WriteBuf
class TestPolicy:
@pytest.fixture(autouse=True)
def init(self, ssh_audit):
self.OutputBuffer = OutputBuffer
self.Policy = Policy
self.wbuf = WriteBuf
self.ssh2_kex = SSH2_Kex
@ -32,7 +34,7 @@ class TestPolicy:
w.write_list([''])
w.write_byte(False)
w.write_int(0)
return self.ssh2_kex.parse(w.write_flush())
return self.ssh2_kex.parse(self.OutputBuffer, w.write_flush())
def test_builtin_policy_consistency(self):

6
test/test_ssh2.py
View File

@ -79,7 +79,7 @@ class TestSSH2:
return w.write_flush()
def test_kex_read(self):
kex = self.ssh2_kex.parse(self._kex_payload())
kex = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload())
assert kex is not None
assert kex.cookie == b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
assert kex.kex_algorithms == ['bogus_kex1', 'bogus_kex2']
@ -105,7 +105,7 @@ class TestSSH2:
srv = self.ssh2_kexparty(enc, mac, compression, languages)
if cookie is None:
cookie = os.urandom(16)
kex = self.ssh2_kex(cookie, kex_algs, key_algs, cli, srv, 0)
kex = self.ssh2_kex(self.OutputBuffer, cookie, kex_algs, key_algs, cli, srv, 0)
return kex
def _get_kex_variat1(self):
@ -149,7 +149,7 @@ class TestSSH2:
def test_key_payload(self):
kex1 = self._get_kex_variat1()
kex2 = self.ssh2_kex.parse(self._kex_payload())
kex2 = self.ssh2_kex.parse(self.OutputBuffer, self._kex_payload())
assert kex1.payload == kex2.payload
def test_ssh2_server_simple(self, output_spy, virtual_socket):