def test_dh_errors(self):
"""Unit test error conditions in DH key exchange"""
client_conn, server_conn = \
_KexClientStub.make_pair(b'diffie-hellman-group14-sha1')
host_key = server_conn.get_server_host_key()
with self.subTest('Init sent to client'):
with self.assertRaises(asyncssh.ProtocolError):
client_conn.process_packet(Byte(MSG_KEXDH_INIT))
with self.subTest('Reply sent to server'):
with self.assertRaises(asyncssh.ProtocolError):
server_conn.process_packet(Byte(MSG_KEXDH_REPLY))
with self.subTest('Invalid e value'):
with self.assertRaises(asyncssh.ProtocolError):
server_conn.simulate_dh_init(0)
with self.subTest('Invalid f value'):
with self.assertRaises(asyncssh.ProtocolError):
client_conn.start()
client_conn.simulate_dh_reply(host_key.public_data, 0, b'')
with self.subTest('Invalid signature'):
with self.assertRaises(asyncssh.KeyExchangeFailed):
client_conn.start()
client_conn.simulate_dh_reply(host_key.public_data, 1, b'')
client_conn.close()
server_conn.close()
def _send_request(self, request, *args, want_reply=False):
"""Send a channel request"""
if request == b'env' and args[1] == String('invalid'):
args = args[:1] + (String(b'\xff'), )
elif request == b'pty-req':
if args[5][-6:-5] == Byte(PTY_OP_PARTIAL):
args = args[:5] + (String(args[5][4:-5]), )
elif args[5][-6:-5] == Byte(PTY_OP_NO_END):
args = args[:5] + (String(args[5][4:-6]), )
super()._send_request(request, *args, want_reply=want_reply)
def _get_userauth_request_packet(self, method, args):
"""Get packet data for a user authentication request"""
# pylint: disable=no-self-use
return b''.join((Byte(MSG_USERAUTH_REQUEST), String('user'),
String('service'), String(method)) + args)
async def test_errors(self):
"""Test getting error responses from SSH agent"""
key = asyncssh.generate_private_key('ssh-rsa')
keypair = asyncssh.load_keypairs(key)[0]
for response in (None, b'', Byte(SSH_AGENT_FAILURE), b'\xff'):
mock_agent = _Agent(response)
await mock_agent.start('mock_agent')
async with asyncssh.connect_agent('mock_agent') as agent:
for request in (agent.get_keys(),
agent.sign(b'xxx', b'test'),
agent.add_keys([key]),
agent.add_smartcard_keys('xxx'),
agent.remove_keys([keypair]),
agent.remove_smartcard_keys('xxx'),
agent.remove_all(),
agent.lock('passphrase'),
agent.unlock('passphrase')):
async with agent:
with self.assertRaises(ValueError):
await request
await mock_agent.stop()
def send_packet(self, pkttype, *args, **kwargs):
"""Send a packet to this connection's peer"""
# pylint: disable=unused-argument
if self._peer:
self._peer.queue_packet(Byte(pkttype) + b''.join(args))
def test_errors(self):
"""Test getting error responses from SSH agent"""
# pylint: disable=bad-whitespace
key = asyncssh.generate_private_key('ssh-rsa')
keypair = asyncssh.load_keypairs(key)[0]
for response in (b'', String(b''), String(Byte(SSH_AGENT_FAILURE)),
String(b'\xff')):
mock_agent = _Agent(response)
yield from mock_agent.start('mock_agent')
agent = yield from asyncssh.connect_agent('mock_agent')
for request in (agent.get_keys(), agent.sign(b'xxx', b'test'),
agent.add_keys([key]),
agent.add_smartcard_keys('xxx'),
agent.remove_keys([keypair]),
agent.remove_smartcard_keys('xxx'),
agent.remove_all(), agent.lock('passphrase'),
agent.unlock('passphrase')):
with self.assertRaises(ValueError):
yield from request
agent.close()
yield from mock_agent.stop()
def test_dh_gex_errors(self):
"""Unit test error conditions in DH group exchange"""
client_conn, server_conn = \
_KexClientStub.make_pair(b'diffie-hellman-group-exchange-sha1')
with self.subTest('Request sent to client'):
with self.assertRaises(asyncssh.ProtocolError):
client_conn.process_packet(Byte(MSG_KEX_DH_GEX_REQUEST))
with self.subTest('Group sent to server'):
with self.assertRaises(asyncssh.ProtocolError):
server_conn.simulate_dh_gex_group(1, 2)
with self.subTest('Init sent to client'):
with self.assertRaises(asyncssh.ProtocolError):
client_conn.simulate_dh_gex_init(1)
with self.subTest('Init sent before group'):
with self.assertRaises(asyncssh.ProtocolError):
server_conn.simulate_dh_gex_init(1)
with self.subTest('Reply sent to server'):
with self.assertRaises(asyncssh.ProtocolError):
server_conn.simulate_dh_gex_reply(b'', 1, b'')
with self.subTest('Reply sent before group'):
with self.assertRaises(asyncssh.ProtocolError):
client_conn.simulate_dh_gex_reply(b'', 1, b'')
client_conn.close()
server_conn.close()
def test_invalid_newkeys(self):
"""Test invalid new keys request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_NEWKEYS))
yield from conn.wait_closed()
def test_packet_decode_error(self):
"""Test SSH packet decode error"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_DEBUG))
yield from conn.wait_closed()
def test_unexpected_userauth_banner(self):
"""Test unexpected userauth banner"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_USERAUTH_BANNER), String(''), String(''))
yield from conn.wait_closed()
def test_invalid_service_request(self):
"""Test invalid service request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_SERVICE_REQUEST), String('xxx'))
yield from conn.wait_closed()
def test_invalid_data_channel_number(self):
"""Test invalid channel number in channel data message"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_DATA), String(''))
yield from conn.wait_closed()
def test_invalid_service_accept(self):
"""Test invalid service accept"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_SERVICE_ACCEPT), String('xxx'))
yield from conn.wait_closed()
def test_unexpected_userauth_success(self):
"""Test unexpected userauth success response"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_USERAUTH_SUCCESS))
yield from conn.wait_closed()
def test_invalid_channel_open_failure_number(self):
"""Test invalid channel number in open failure"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_OPEN_FAILURE), UInt32(0xff),
UInt32(0), String(''), String(''))
yield from conn.wait_closed()
def test_extra_userauth_request(self):
"""Test userauth request after auth is complete"""
with (yield from self.connect()) as conn:
conn.send_packet(Byte(MSG_USERAUTH_REQUEST), String('guest'),
String('ssh-connection'), String('none'))
yield from asyncio.sleep(0.1)
yield from conn.wait_closed()
def test_unknown_channel_type(self):
"""Test unknown channel open type"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_OPEN), String('xxx'), UInt32(0),
UInt32(0), UInt32(0))
yield from conn.wait_closed()
def test_invalid_channel_open(self):
"""Test invalid channel open request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_OPEN), String(b'\xff'), UInt32(0),
UInt32(0), UInt32(0))
yield from conn.wait_closed()
def test_invalid_global_request(self):
"""Test invalid global request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_GLOBAL_REQUEST), String(b'\xff'),
Boolean(True))
yield from conn.wait_closed()
def test_unexpected_userauth_failure(self):
"""Test unexpected userauth failure response"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_USERAUTH_FAILURE), NameList([]),
Boolean(False))
yield from conn.wait_closed()
def test_invalid_channel_open_failure_language(self):
"""Test invalid language in channel open failure"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_OPEN_FAILURE), UInt32(0), UInt32(0),
String(''), String(b'\xff'))
yield from conn.wait_closed()
def test_invalid_channel_open_confirmation_number(self):
"""Test invalid channel number in open confirmation"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_CHANNEL_OPEN_CONFIRMATION), UInt32(0xff),
UInt32(0), UInt32(0), UInt32(0))
yield from conn.wait_closed()
def test_unexpected_global_response(self):
"""Test unexpected global response"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_GLOBAL_REQUEST), String('xxx'),
Boolean(True))
yield from conn.wait_closed()
def test_invalid_userauth_service(self):
"""Test invalid service in userauth request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_USERAUTH_REQUEST), String('guest'),
String('xxx'), String('none'))
yield from conn.wait_closed()
def test_invalid_username(self):
"""Test invalid username in userauth request"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_USERAUTH_REQUEST), String(b'\xff'),
String('ssh-connection'), String('none'))
yield from conn.wait_closed()
def send_userauth_request(self, method, *args, key=None):
"""Send a user authentication request"""
packet = b''.join((Byte(MSG_USERAUTH_REQUEST), String('user'),
String(b'service'), String(method)) + args)
if key:
packet += String(key.sign(String('') + packet))
self.send_packet(packet)
def test_query_extensions(self):
"""Test query of supported extensions"""
mock_agent = _Agent(String(Byte(SSH_AGENT_SUCCESS) + String('xxx')))
yield from mock_agent.start('mock_agent')
agent = yield from asyncssh.connect_agent('mock_agent')
extensions = yield from agent.query_extensions()
self.assertEqual(extensions, ['xxx'])
agent.close()
yield from mock_agent.stop()
mock_agent = _Agent(String(Byte(SSH_AGENT_SUCCESS) + String(b'\xff')))
yield from mock_agent.start('mock_agent')
agent = yield from asyncssh.connect_agent('mock_agent')
with self.assertRaises(ValueError):
yield from agent.query_extensions()
agent.close()
yield from mock_agent.stop()
mock_agent = _Agent(String(Byte(SSH_AGENT_FAILURE)))
yield from mock_agent.start('mock_agent')
agent = yield from asyncssh.connect_agent('mock_agent')
extensions = yield from agent.query_extensions()
self.assertEqual(extensions, [])
agent.close()
yield from mock_agent.stop()
mock_agent = _Agent(String(b'\xff'))
yield from mock_agent.start('mock_agent')
agent = yield from asyncssh.connect_agent('mock_agent')
with self.assertRaises(ValueError):
yield from agent.query_extensions()
agent.close()
yield from mock_agent.stop()
async def test_add_remove_smartcard_keys(self):
"""Test adding and removing smart card keys"""
mock_agent = _Agent(Byte(SSH_AGENT_SUCCESS))
await mock_agent.start('mock_agent')
async with asyncssh.connect_agent('mock_agent') as agent:
result = await agent.add_smartcard_keys('provider')
self.assertIsNone(result)
await mock_agent.stop()
mock_agent = _Agent(Byte(SSH_AGENT_SUCCESS))
await mock_agent.start('mock_agent')
async with asyncssh.connect_agent('mock_agent') as agent:
result = await agent.remove_smartcard_keys('provider')
self.assertIsNone(result)
await mock_agent.stop()
def test_no_matching_kex_algs(self):
"""Test no matching key exchange algorithms"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_KEXINIT), os.urandom(16), NameList([b'xxx']),
NameList([]), NameList([]), NameList([]),
NameList([]), NameList([]), NameList([]),
NameList([]), NameList([]), NameList([]),
Boolean(False), UInt32(0))
yield from conn.wait_closed()
def test_no_matching_host_key_algs(self):
"""Test no matching server host key algorithms"""
conn = yield from self.connect()
conn.send_packet(Byte(MSG_KEXINIT), os.urandom(16),
NameList([b'ecdh-sha2-nistp521']), NameList([b'xxx']),
NameList([]), NameList([]), NameList([]),
NameList([]), NameList([]), NameList([]),
NameList([]), NameList([]), Boolean(False), UInt32(0))
yield from conn.wait_closed()
