Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1414)

Delta Between Two Patch Sets: ssh/certs_test.go

Issue 14540051: code review 14540051: go.crypto/ssh: Add certificate verification, step up su... (Closed)
Left Patch Set: diff -r 04f39b6a609b https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Right Patch Set: diff -r 5ff5636e18c9 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « ssh/certs.go ('k') | ssh/keys.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2013 The Go Authors. All rights reserved. 1 // Copyright 2013 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "bytes" 8 "bytes"
9 "testing" 9 "testing"
10 ) 10 )
11 11
12 // Cert generated by ssh-keygen 6.0p1 Debian-4. 12 // Cert generated by ssh-keygen 6.0p1 Debian-4.
13 // % ssh-keygen -s ca-key -I test user-key 13 // % ssh-keygen -s ca-key -I test user-key
14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb 3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6 aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/ tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y 9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow 0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=` 14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb 3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6 aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/ tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y 9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow 0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
15
16 /* Structure of the base64 section of exampleSSHCert is as follows:
hanwen-google 2013/10/16 20:45:24 this can go now?
jmpittman 2013/10/16 20:51:08 Done.
17 Field Position Length Value
18
19 AlgoLen 0 4
20 Algo 4 28 "ssh-rsa-cert-v01@openss h.com"
21 Certificate 32 564
22
23 The below field positions are all relative to the start of the certificate to
24 match how we parse the certificate.
25 NonceLen 0 4
26 Nonce 4 32
27 PublicExponentLen 36 4
28 PublicExponent 40 3
29 ModulusLen 43 4
30 Modulus 47 97
31 Serial 144 8
32 CertType 152 4
33 KeyIdLen 156 4
34 KeyId 160 4 "test"
35 ValidPrincipalsLen 164 4
36 ValidPrincipals 0 (none)
37 ValidAfter 168 8
38 ValidBefore 176 8
39 CriticalOptionsLen 184 4
40 CriticalOptions 0 (none)
41 ExtensionsLength 188 4
42 Extensions 192 130
43 Extension1
44 NameLen 192 4
45 Name 196 21 "permit-X11-forwarding"
46 DataLen 217 4
47 Data 0
48 Extension2
49 NameLen 221 4
50 Name 225 23 "permit-agent-forwarding "
51 DataLen 248 4
52 Data 0
53 Extension3
54 NameLen 252 4
55 Name 256 22 "permit-port-forwarding"
56 DataLen 278 4
57 Data 0
58 Extension4
59 NameLen 282 4
60 Name 286 10 "permit-pty"
61 DataLen 296 4
62 Data 0
63 Extension5
64 NameLen 300 4
65 Name 304 14 "permit-user-rc"
66 DataLen 318 4
67 Data 0
68 ReservedLen 322 4
69 Reserved 0
70 SignatureKeyLen 326 4
71 SignatureKey 330 119
72 AlgoLen 330 4
73 Algo 334 7 "ssh-rsa"
74 PublicExponentLen 341 4
75 PublicExponent 345 3
76 ModulusLen 348 4
77 Modulus 352 97
78 SignatureLen 449 4
79 Signature 453 111
80 FormatLen 453 4
81 Format 457 7 "ssh-rsa"
82 BlobLen 464 4
83 Blob 468 96
84 */
85 15
86 func TestParseCert(t *testing.T) { 16 func TestParseCert(t *testing.T) {
87 authKeyBytes := []byte(exampleSSHCert) 17 authKeyBytes := []byte(exampleSSHCert)
88 18
89 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes) 19 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes)
90 if !ok { 20 if !ok {
91 t.Fatalf("could not parse certificate") 21 t.Fatalf("could not parse certificate")
92 } 22 }
93 if len(rest) > 0 { 23 if len(rest) > 0 {
94 t.Errorf("rest: got %q, want empty", rest) 24 t.Errorf("rest: got %q, want empty", rest)
(...skipping 21 matching lines...) Expand all
116 46
117 invalidCert := &OpenSSHCertV01{ 47 invalidCert := &OpenSSHCertV01{
118 Key: rsaKey.PublicKey(), 48 Key: rsaKey.PublicKey(),
119 SignatureKey: ecdsaKey.PublicKey(), 49 SignatureKey: ecdsaKey.PublicKey(),
120 Signature: &signature{}, 50 Signature: &signature{},
121 } 51 }
122 if ok := validateOpenSSHCertV01Signature(invalidCert); ok { 52 if ok := validateOpenSSHCertV01Signature(invalidCert); ok {
123 t.Error("Invalid cert signature passed validation!") 53 t.Error("Invalid cert signature passed validation!")
124 } 54 }
125 } 55 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b