cipher_test.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. // Copyright 2011 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package ssh
  5. import (
  6. "bytes"
  7. "crypto"
  8. "crypto/aes"
  9. "crypto/rand"
  10. "testing"
  11. )
  12. func TestDefaultCiphersExist(t *testing.T) {
  13. for _, cipherAlgo := range supportedCiphers {
  14. if _, ok := cipherModes[cipherAlgo]; !ok {
  15. t.Errorf("default cipher %q is unknown", cipherAlgo)
  16. }
  17. }
  18. }
  19. func TestPacketCiphers(t *testing.T) {
  20. // Still test aes128cbc cipher although it's commented out.
  21. cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
  22. defer delete(cipherModes, aes128cbcID)
  23. for cipher := range cipherModes {
  24. for mac := range macModes {
  25. kr := &kexResult{Hash: crypto.SHA1}
  26. algs := directionAlgorithms{
  27. Cipher: cipher,
  28. MAC: mac,
  29. Compression: "none",
  30. }
  31. client, err := newPacketCipher(clientKeys, algs, kr)
  32. if err != nil {
  33. t.Errorf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
  34. continue
  35. }
  36. server, err := newPacketCipher(clientKeys, algs, kr)
  37. if err != nil {
  38. t.Errorf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
  39. continue
  40. }
  41. want := "bla bla"
  42. input := []byte(want)
  43. buf := &bytes.Buffer{}
  44. if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
  45. t.Errorf("writePacket(%q, %q): %v", cipher, mac, err)
  46. continue
  47. }
  48. packet, err := server.readPacket(0, buf)
  49. if err != nil {
  50. t.Errorf("readPacket(%q, %q): %v", cipher, mac, err)
  51. continue
  52. }
  53. if string(packet) != want {
  54. t.Errorf("roundtrip(%q, %q): got %q, want %q", cipher, mac, packet, want)
  55. }
  56. }
  57. }
  58. }
  59. func TestCBCOracleCounterMeasure(t *testing.T) {
  60. cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
  61. defer delete(cipherModes, aes128cbcID)
  62. kr := &kexResult{Hash: crypto.SHA1}
  63. algs := directionAlgorithms{
  64. Cipher: aes128cbcID,
  65. MAC: "hmac-sha1",
  66. Compression: "none",
  67. }
  68. client, err := newPacketCipher(clientKeys, algs, kr)
  69. if err != nil {
  70. t.Fatalf("newPacketCipher(client): %v", err)
  71. }
  72. want := "bla bla"
  73. input := []byte(want)
  74. buf := &bytes.Buffer{}
  75. if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
  76. t.Errorf("writePacket: %v", err)
  77. }
  78. packetSize := buf.Len()
  79. buf.Write(make([]byte, 2*maxPacket))
  80. // We corrupt each byte, but this usually will only test the
  81. // 'packet too large' or 'MAC failure' cases.
  82. lastRead := -1
  83. for i := 0; i < packetSize; i++ {
  84. server, err := newPacketCipher(clientKeys, algs, kr)
  85. if err != nil {
  86. t.Fatalf("newPacketCipher(client): %v", err)
  87. }
  88. fresh := &bytes.Buffer{}
  89. fresh.Write(buf.Bytes())
  90. fresh.Bytes()[i] ^= 0x01
  91. before := fresh.Len()
  92. _, err = server.readPacket(0, fresh)
  93. if err == nil {
  94. t.Errorf("corrupt byte %d: readPacket succeeded ", i)
  95. continue
  96. }
  97. if _, ok := err.(cbcError); !ok {
  98. t.Errorf("corrupt byte %d: got %v (%T), want cbcError", i, err, err)
  99. continue
  100. }
  101. after := fresh.Len()
  102. bytesRead := before - after
  103. if bytesRead < maxPacket {
  104. t.Errorf("corrupt byte %d: read %d bytes, want more than %d", i, bytesRead, maxPacket)
  105. continue
  106. }
  107. if i > 0 && bytesRead != lastRead {
  108. t.Errorf("corrupt byte %d: read %d bytes, want %d bytes read", i, bytesRead, lastRead)
  109. }
  110. lastRead = bytesRead
  111. }
  112. }