Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(952)

Delta Between Two Patch Sets: ssh/client_auth_test.go

Issue 9853050: code review 9853050: go.crypto/ssh: implement challenge/response auth (RFC 4... (Closed)
Left Patch Set: diff -r 273987d8ccbc https://code.google.com/p/go.crypto Created 10 years, 10 months ago
Right Patch Set: diff -r b5f1a3f28dce https://code.google.com/p/go.crypto Created 10 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « ssh/client_auth.go ('k') | ssh/common.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2011 The Go Authors. All rights reserved. 1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "bytes" 8 "bytes"
9 "crypto" 9 "crypto"
10 "crypto/dsa" 10 "crypto/dsa"
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
105 return nil 105 return nil
106 } 106 }
107 107
108 // password implements the ClientPassword interface 108 // password implements the ClientPassword interface
109 type password string 109 type password string
110 110
111 func (p password) Password(user string) (string, error) { 111 func (p password) Password(user string) (string, error) {
112 return string(p), nil 112 return string(p), nil
113 } 113 }
114 114
115 type challengeResponse map[string]string 115 type keyboardInteractive map[string]string
116 116
117 func (cr *challengeResponse) Challenge(user string, instruction string, 117 func (cr *keyboardInteractive) Challenge(user string, instruction string, questi ons []string, echos []bool) ([]string, error) {
118 » questions []string, echos []bool) (answers []string, err error) { 118 » var answers []string
dfc 2013/06/06 12:04:42 same as previous file. As you are not using a nake
hanwen-google 2013/06/06 13:33:07 Done.
119 for _, q := range questions { 119 for _, q := range questions {
120 answers = append(answers, (*cr)[q]) 120 answers = append(answers, (*cr)[q])
121 } 121 }
122 return answers, nil 122 return answers, nil
123 } 123 }
124 124
125 // reused internally by tests 125 // reused internally by tests
126 var ( 126 var (
127 rsakey *rsa.PrivateKey 127 rsakey *rsa.PrivateKey
128 dsakey *dsa.PrivateKey 128 dsakey *dsa.PrivateKey
129 clientKeychain = new(keychain) 129 clientKeychain = new(keychain)
130 clientPassword = password("tiger") 130 clientPassword = password("tiger")
131 serverConfig = &ServerConfig{ 131 serverConfig = &ServerConfig{
132 PasswordCallback: func(conn *ServerConn, user, pass string) bool { 132 PasswordCallback: func(conn *ServerConn, user, pass string) bool {
133 return user == "testuser" && pass == string(clientPasswo rd) 133 return user == "testuser" && pass == string(clientPasswo rd)
134 }, 134 },
135 PublicKeyCallback: func(conn *ServerConn, user, algo string, pub key []byte) bool { 135 PublicKeyCallback: func(conn *ServerConn, user, algo string, pub key []byte) bool {
136 key := &clientKeychain.keys[0].(*rsa.PrivateKey).PublicK ey 136 key := &clientKeychain.keys[0].(*rsa.PrivateKey).PublicK ey
137 expected := []byte(serializePublickey(key)) 137 expected := []byte(serializePublickey(key))
138 algoname := algoName(key) 138 algoname := algoName(key)
139 return user == "testuser" && algo == algoname && bytes.E qual(pubkey, expected) 139 return user == "testuser" && algo == algoname && bytes.E qual(pubkey, expected)
140 }, 140 },
141 » » ChallengeResponseCallback: func(conn *ServerConn, user string, c lient ClientChallengeResponse) bool { 141 » » KeyboardInteractiveCallback: func(conn *ServerConn, user string, client ClientKeyboardInteractive) bool {
142 ans, err := client.Challenge("user", 142 ans, err := client.Challenge("user",
143 "instruction", 143 "instruction",
144 []string{"question1", "question2"}, 144 []string{"question1", "question2"},
145 []bool{true, true}) 145 []bool{true, true})
146 if err != nil { 146 if err != nil {
147 return false 147 return false
148 } 148 }
149 ok := user == "testuser" && ans[0] == "answer1" && ans[1 ] == "answer2" 149 ok := user == "testuser" && ans[0] == "answer1" && ans[1 ] == "answer2"
150 » » » client.Challenge("user", "thank you for your cooperation ", nil, nil) 150 » » » client.Challenge("user", "motd", nil, nil)
dfc 2013/06/06 12:04:42 Is this a standard response message ?
hanwen-google 2013/06/06 13:33:07 no, I was drinking a beer when writing this :) an
151 return ok 151 return ok
152 }, 152 },
153 } 153 }
154 ) 154 )
155 155
156 func init() { 156 func init() {
157 if err := serverConfig.SetRSAPrivateKey([]byte(testServerPrivateKey)); e rr != nil { 157 if err := serverConfig.SetRSAPrivateKey([]byte(testServerPrivateKey)); e rr != nil {
158 panic("unable to set private key: " + err.Error()) 158 panic("unable to set private key: " + err.Error())
159 } 159 }
160 160
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
236 }, 236 },
237 } 237 }
238 238
239 c, err := Dial("tcp", newMockAuthServer(t), config) 239 c, err := Dial("tcp", newMockAuthServer(t), config)
240 if err != nil { 240 if err != nil {
241 t.Fatalf("unable to dial remote side: %s", err) 241 t.Fatalf("unable to dial remote side: %s", err)
242 } 242 }
243 c.Close() 243 c.Close()
244 } 244 }
245 245
246 func TestClientAuthChallengeResponse(t *testing.T) { 246 func TestClientAuthKeyboardInteractive(t *testing.T) {
247 » answers := challengeResponse(map[string]string{ 247 » answers := keyboardInteractive(map[string]string{
248 "question1": "answer1", 248 "question1": "answer1",
249 "question2": "answer2", 249 "question2": "answer2",
250 }) 250 })
251 config := &ClientConfig{ 251 config := &ClientConfig{
252 User: "testuser", 252 User: "testuser",
253 Auth: []ClientAuth{ 253 Auth: []ClientAuth{
254 » » » ClientAuthChallengeResponse(&answers), 254 » » » ClientAuthKeyboardInteractive(&answers),
255 }, 255 },
256 } 256 }
257 257
258 c, err := Dial("tcp", newMockAuthServer(t), config) 258 c, err := Dial("tcp", newMockAuthServer(t), config)
259 if err != nil { 259 if err != nil {
260 t.Fatalf("unable to dial remote side: %s", err) 260 t.Fatalf("unable to dial remote side: %s", err)
261 } 261 }
262 c.Close() 262 c.Close()
263 } 263 }
264 264
265 func TestClientAuthWrongChallengeResponse(t *testing.T) { 265 func TestClientAuthWrongKeyboardInteractive(t *testing.T) {
266 » answers := challengeResponse(map[string]string{ 266 » answers := keyboardInteractive(map[string]string{
267 "question1": "answer1", 267 "question1": "answer1",
268 "question2": "WRONG", 268 "question2": "WRONG",
269 }) 269 })
270 config := &ClientConfig{ 270 config := &ClientConfig{
271 User: "testuser", 271 User: "testuser",
272 Auth: []ClientAuth{ 272 Auth: []ClientAuth{
273 » » » ClientAuthChallengeResponse(&answers), 273 » » » ClientAuthKeyboardInteractive(&answers),
274 }, 274 },
275 } 275 }
276 276
277 c, err := Dial("tcp", newMockAuthServer(t), config) 277 c, err := Dial("tcp", newMockAuthServer(t), config)
278 if err == nil { 278 if err == nil {
279 c.Close() 279 c.Close()
280 » » t.Fatalf("wrong answers should not have authenticated with Chall engeResponse") 280 » » t.Fatalf("wrong answers should not have authenticated with Keybo ardInteractive")
281 } 281 }
282 } 282 }
283 283
284 // the mock server will only authenticate ssh-rsa keys 284 // the mock server will only authenticate ssh-rsa keys
285 func TestClientAuthInvalidPublickey(t *testing.T) { 285 func TestClientAuthInvalidPublickey(t *testing.T) {
286 kc := new(keychain) 286 kc := new(keychain)
287 kc.keys = append(kc.keys, dsakey) 287 kc.keys = append(kc.keys, dsakey)
288 config := &ClientConfig{ 288 config := &ClientConfig{
289 User: "testuser", 289 User: "testuser",
290 Auth: []ClientAuth{ 290 Auth: []ClientAuth{
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
349 Crypto: CryptoConfig{ 349 Crypto: CryptoConfig{
350 Ciphers: []string{"aes128-cbc"}, // not currently suppor ted 350 Ciphers: []string{"aes128-cbc"}, // not currently suppor ted
351 }, 351 },
352 } 352 }
353 c, err := Dial("tcp", newMockAuthServer(t), config) 353 c, err := Dial("tcp", newMockAuthServer(t), config)
354 if err == nil { 354 if err == nil {
355 t.Errorf("expected no ciphers in common") 355 t.Errorf("expected no ciphers in common")
356 c.Close() 356 c.Close()
357 } 357 }
358 } 358 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b