mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-23 06:27:41 +01:00
Add SSH1 and SSH2 tests.
This commit is contained in:
parent
ec0b4704e9
commit
d0356564d5
63
test/test_ssh1.py
Normal file
63
test/test_ssh1.py
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
|
||||||
|
class TestSSH1(object):
|
||||||
|
@pytest.fixture(autouse=True)
|
||||||
|
def init(self, ssh_audit):
|
||||||
|
self.ssh = ssh_audit.SSH
|
||||||
|
self.ssh1 = ssh_audit.SSH1
|
||||||
|
self.rbuf = ssh_audit.ReadBuf
|
||||||
|
self.wbuf = ssh_audit.WriteBuf
|
||||||
|
|
||||||
|
def test_crc32(self):
|
||||||
|
assert self.ssh1.crc32(b'') == 0x00
|
||||||
|
assert self.ssh1.crc32(b'The quick brown fox jumps over the lazy dog') == 0xb9c60808
|
||||||
|
|
||||||
|
def _server_key(self):
|
||||||
|
return (1024, 0x10001, 0xee6552da432e0ac2c422df1a51287507748bfe3b5e3e4fa989a8f49fdc163a17754939ef18ef8a667ea3b71036a151fcd7f5e01ceef1e4439864baf3ac569047582c69d6c128212e0980dcb3168f00d371004039983f6033cd785b8b8f85096c7d9405cbfdc664e27c966356a6b4eb6ee20ad43414b50de18b22829c1880b551)
|
||||||
|
|
||||||
|
def _host_key(self):
|
||||||
|
return (2048, 0x10001, 0xdfa20cd2a530ccc8c870aa60d9feb3b35deeab81c3215a96557abbd683d21f4600f38e475d87100da9a4404220eeb3bb5584e5a2b5b48ffda58530ea19104a32577d7459d91e76aa711b241050f4cc6d5327ccce254f371acad3be56d46eb5919b73f20dbdb1177b700f00891c5bf4ed128bb90ed541b778288285bcfa28432ab5cbcb8321b6e24760e998e0daa519f093a631e44276d7dd252ce0c08c75e2ab28a7349ead779f97d0f20a6d413bf3623cd216dc35375f6366690bcc41e3b2d5465840ec7ee0dc7e3f1c101d674a0c7dbccbc3942788b111396add2f8153b46a0e4b50d66e57ee92958f1c860dd97cc0e40e32febff915343ed53573142bdf4b)
|
||||||
|
|
||||||
|
def _pkm_payload(self):
|
||||||
|
w = self.wbuf()
|
||||||
|
w.write(b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff')
|
||||||
|
b, e, m = self._server_key()
|
||||||
|
w.write_int(b).write_mpint1(e).write_mpint1(m)
|
||||||
|
b, e, m = self._host_key()
|
||||||
|
w.write_int(b).write_mpint1(e).write_mpint1(m)
|
||||||
|
w.write_int(2)
|
||||||
|
w.write_int(72)
|
||||||
|
w.write_int(36)
|
||||||
|
return w.write_flush()
|
||||||
|
|
||||||
|
def test_fingerprint(self):
|
||||||
|
b, e, m = self._host_key()
|
||||||
|
fpd = self.wbuf._create_mpint(m, False)
|
||||||
|
fpd += self.wbuf._create_mpint(e, False)
|
||||||
|
fp = self.ssh.Fingerprint(fpd)
|
||||||
|
assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96'
|
||||||
|
assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs'
|
||||||
|
|
||||||
|
def test_pkm_read(self):
|
||||||
|
pkm = self.ssh1.PublicKeyMessage.parse(self._pkm_payload())
|
||||||
|
assert pkm is not None
|
||||||
|
assert pkm.cookie == b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
|
||||||
|
b, e, m = self._server_key()
|
||||||
|
assert pkm.server_key_bits == b
|
||||||
|
assert pkm.server_key_public_exponent == e
|
||||||
|
assert pkm.server_key_public_modulus == m
|
||||||
|
b, e, m = self._host_key()
|
||||||
|
assert pkm.host_key_bits == b
|
||||||
|
assert pkm.host_key_public_exponent == e
|
||||||
|
assert pkm.host_key_public_modulus == m
|
||||||
|
fp = self.ssh.Fingerprint(pkm.host_key_fingerprint_data)
|
||||||
|
assert pkm.protocol_flags == 2
|
||||||
|
assert pkm.supported_ciphers_mask == 72
|
||||||
|
assert pkm.supported_ciphers == ['3des', 'blowfish']
|
||||||
|
assert pkm.supported_authentications_mask == 36
|
||||||
|
assert pkm.supported_authentications == ['rsa', 'tis']
|
||||||
|
assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96'
|
||||||
|
assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs'
|
48
test/test_ssh2.py
Normal file
48
test/test_ssh2.py
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
|
||||||
|
class TestSSH2(object):
|
||||||
|
@pytest.fixture(autouse=True)
|
||||||
|
def init(self, ssh_audit):
|
||||||
|
self.ssh = ssh_audit.SSH
|
||||||
|
self.ssh2 = ssh_audit.SSH2
|
||||||
|
self.rbuf = ssh_audit.ReadBuf
|
||||||
|
self.wbuf = ssh_audit.WriteBuf
|
||||||
|
|
||||||
|
def _kex_payload(self):
|
||||||
|
w = self.wbuf()
|
||||||
|
w.write(b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff')
|
||||||
|
w.write_list([u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'])
|
||||||
|
w.write_list([u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ssh-ed25519'])
|
||||||
|
w.write_list([u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc'])
|
||||||
|
w.write_list([u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc'])
|
||||||
|
w.write_list([u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'])
|
||||||
|
w.write_list([u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'])
|
||||||
|
w.write_list([u'none', u'zlib@openssh.com'])
|
||||||
|
w.write_list([u'none', u'zlib@openssh.com'])
|
||||||
|
w.write_list([u''])
|
||||||
|
w.write_list([u''])
|
||||||
|
w.write_byte(False)
|
||||||
|
w.write_int(0)
|
||||||
|
return w.write_flush()
|
||||||
|
|
||||||
|
def test_kex_read(self):
|
||||||
|
kex = self.ssh2.Kex.parse(self._kex_payload())
|
||||||
|
assert kex is not None
|
||||||
|
assert kex.cookie == b'\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
|
||||||
|
assert kex.kex_algorithms == [u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1']
|
||||||
|
assert kex.key_algorithms == [u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ssh-ed25519']
|
||||||
|
assert kex.client is not None
|
||||||
|
assert kex.server is not None
|
||||||
|
assert kex.client.encryption == [u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc']
|
||||||
|
assert kex.server.encryption == [u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'aes192-cbc', u'aes256-cbc']
|
||||||
|
assert kex.client.mac == [u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1']
|
||||||
|
assert kex.server.mac == [u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1']
|
||||||
|
assert kex.client.compression == [u'none', u'zlib@openssh.com']
|
||||||
|
assert kex.server.compression == [u'none', u'zlib@openssh.com']
|
||||||
|
assert kex.client.languages == [u'']
|
||||||
|
assert kex.server.languages == [u'']
|
||||||
|
assert kex.follows is False
|
||||||
|
assert kex.unused == 0
|
Loading…
Reference in New Issue
Block a user