kayos
/
zgrab2
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

sed name changes

This commit is contained in:
Alex 2017-10-14 14:57:52 -04:00
parent 677f2064b1
commit f99445c05b
66 changed files with 952 additions and 437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/ssh/agent/client.go
View File

@ -9,7 +9,7 @@
//
// References:
// [PROTOCOL.agent]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
package agent // import "github.com/zmap/zgrab/ztools/xssh/agent"
package agent // import "github.com/zmap/zgrab2/lib/agent"
import (
"bytes"
@ -25,7 +25,7 @@ import (
"math/big"
"sync"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
"golang.org/x/crypto/ed25519"
)
@ -36,13 +36,13 @@ type Agent interface {
// Sign has the agent sign the data using a protocol 2 key as defined
// in [PROTOCOL.agent] section 2.6.2.
Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
// Add adds a private key to the agent.
Add(key AddedKey) error
// Remove removes all identities with the given public key.
Remove(key xssh.PublicKey) error
Remove(key ssh.PublicKey) error
// RemoveAll removes all identities.
RemoveAll() error
@ -54,7 +54,7 @@ type Agent interface {
Unlock(passphrase []byte) error
// Signers returns signers for all the known keys.
Signers() ([]xssh.Signer, error)
Signers() ([]ssh.Signer, error)
}
// AddedKey describes an SSH key to be added to an Agent.
@ -64,7 +64,7 @@ type AddedKey struct {
PrivateKey interface{}
// Certificate, if not nil, is communicated to the agent and will be
// stored with the key.
Certificate *xssh.Certificate
Certificate *ssh.Certificate
// Comment is an optional, free-form string.
Comment string
// LifetimeSecs, if not zero, is the number of seconds that the
@ -103,7 +103,7 @@ const (
const maxAgentResponseBytes = 16 << 20
// Agent messages:
// These structures mirror the wire format of the corresponding xssh agent
// These structures mirror the wire format of the corresponding ssh agent
// messages found in [PROTOCOL.agent].
// 3.4 Generic replies from agent to client
@ -190,8 +190,8 @@ func (k *Key) Marshal() []byte {
}
// Verify satisfies the ssh.PublicKey interface.
func (k *Key) Verify(data []byte, sig *xssh.Signature) error {
pubKey, err := xssh.ParsePublicKey(k.Blob)
func (k *Key) Verify(data []byte, sig *ssh.Signature) error {
pubKey, err := ssh.ParsePublicKey(k.Blob)
if err != nil {
return fmt.Errorf("agent: bad public key: %v", err)
}
@ -210,12 +210,12 @@ func parseKey(in []byte) (out *Key, rest []byte, err error) {
Rest []byte `ssh:"rest"`
}
if err := xssh.Unmarshal(in, &record); err != nil {
if err := ssh.Unmarshal(in, &record); err != nil {
return nil, nil, err
}
var wk wireKey
if err := xssh.Unmarshal(record.Blob, &wk); err != nil {
if err := ssh.Unmarshal(record.Blob, &wk); err != nil {
return nil, nil, err
}
@ -289,22 +289,22 @@ func (c *client) RemoveAll() error {
return c.simpleCall([]byte{agentRemoveAllIdentities})
}
func (c *client) Remove(key xssh.PublicKey) error {
req := xssh.Marshal(&agentRemoveIdentityMsg{
func (c *client) Remove(key ssh.PublicKey) error {
req := ssh.Marshal(&agentRemoveIdentityMsg{
KeyBlob: key.Marshal(),
})
return c.simpleCall(req)
}
func (c *client) Lock(passphrase []byte) error {
req := xssh.Marshal(&agentLockMsg{
req := ssh.Marshal(&agentLockMsg{
Passphrase: passphrase,
})
return c.simpleCall(req)
}
func (c *client) Unlock(passphrase []byte) error {
req := xssh.Marshal(&agentUnlockMsg{
req := ssh.Marshal(&agentUnlockMsg{
Passphrase: passphrase,
})
return c.simpleCall(req)
@ -344,8 +344,8 @@ func (c *client) List() ([]*Key, error) {
// Sign has the agent sign the data using a protocol 2 key as defined
// in [PROTOCOL.agent] section 2.6.2.
func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) {
req := xssh.Marshal(signRequestAgentMsg{
func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
req := ssh.Marshal(signRequestAgentMsg{
KeyBlob: key.Marshal(),
Data: data,
})
@ -357,8 +357,8 @@ func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
switch msg := msg.(type) {
case *signResponseAgentMsg:
var sig xssh.Signature
if err := xssh.Unmarshal(msg.SigBlob, &sig); err != nil {
var sig ssh.Signature
if err := ssh.Unmarshal(msg.SigBlob, &sig); err != nil {
return nil, err
}
@ -390,7 +390,7 @@ func unmarshal(packet []byte) (interface{}, error) {
default:
return nil, fmt.Errorf("agent: unknown type tag %d", packet[0])
}
if err := xssh.Unmarshal(packet, msg); err != nil {
if err := ssh.Unmarshal(packet, msg); err != nil {
return nil, err
}
return msg, nil
@ -445,8 +445,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
}
k.Precompute()
req = xssh.Marshal(rsaKeyMsg{
Type: xssh.KeyAlgoRSA,
req = ssh.Marshal(rsaKeyMsg{
Type: ssh.KeyAlgoRSA,
N: k.N,
E: big.NewInt(int64(k.E)),
D: k.D,
@ -457,8 +457,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
Constraints: constraints,
})
case *dsa.PrivateKey:
req = xssh.Marshal(dsaKeyMsg{
Type: xssh.KeyAlgoDSA,
req = ssh.Marshal(dsaKeyMsg{
Type: ssh.KeyAlgoDSA,
P: k.P,
Q: k.Q,
G: k.G,
@ -469,7 +469,7 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
})
case *ecdsa.PrivateKey:
nistID := fmt.Sprintf("nistp%d", k.Params().BitSize)
req = xssh.Marshal(ecdsaKeyMsg{
req = ssh.Marshal(ecdsaKeyMsg{
Type: "ecdsa-sha2-" + nistID,
Curve: nistID,
KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y),
@ -478,8 +478,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
Constraints: constraints,
})
case *ed25519.PrivateKey:
req = xssh.Marshal(ed25519KeyMsg{
Type: xssh.KeyAlgoED25519,
req = ssh.Marshal(ed25519KeyMsg{
Type: ssh.KeyAlgoED25519,
Pub: []byte(*k)[32:],
Priv: []byte(*k),
Comments: comment,
@ -564,7 +564,7 @@ func (c *client) Add(key AddedKey) error {
}
}
func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment string, constraints []byte) error {
func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
var req []byte
switch k := s.(type) {
case *rsa.PrivateKey:
@ -572,7 +572,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
}
k.Precompute()
req = xssh.Marshal(rsaCertMsg{
req = ssh.Marshal(rsaCertMsg{
Type: cert.Type(),
CertBytes: cert.Marshal(),
D: k.D,
@ -583,7 +583,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
Constraints: constraints,
})
case *dsa.PrivateKey:
req = xssh.Marshal(dsaCertMsg{
req = ssh.Marshal(dsaCertMsg{
Type: cert.Type(),
CertBytes: cert.Marshal(),
X: k.X,
@ -591,7 +591,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
Constraints: constraints,
})
case *ecdsa.PrivateKey:
req = xssh.Marshal(ecdsaCertMsg{
req = ssh.Marshal(ecdsaCertMsg{
Type: cert.Type(),
CertBytes: cert.Marshal(),
D: k.D,
@ -599,7 +599,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
Constraints: constraints,
})
case *ed25519.PrivateKey:
req = xssh.Marshal(ed25519CertMsg{
req = ssh.Marshal(ed25519CertMsg{
Type: cert.Type(),
CertBytes: cert.Marshal(),
Pub: []byte(*k)[32:],
@ -616,7 +616,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
req[0] = agentAddIdConstrained
}
signer, err := xssh.NewSignerFromKey(s)
signer, err := ssh.NewSignerFromKey(s)
if err != nil {
return err
}
@ -635,13 +635,13 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
}
// Signers provides a callback for client authentication.
func (c *client) Signers() ([]xssh.Signer, error) {
func (c *client) Signers() ([]ssh.Signer, error) {
keys, err := c.List()
if err != nil {
return nil, err
}
var result []xssh.Signer
var result []ssh.Signer
for _, k := range keys {
result = append(result, &agentKeyringSigner{c, k})
}
@ -650,14 +650,14 @@ func (c *client) Signers() ([]xssh.Signer, error) {
type agentKeyringSigner struct {
agent *client
pub xssh.PublicKey
pub ssh.PublicKey
}
func (s *agentKeyringSigner) PublicKey() xssh.PublicKey {
func (s *agentKeyringSigner) PublicKey() ssh.PublicKey {
return s.pub
}
func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*xssh.Signature, error) {
func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error) {
// The agent has its own entropy source, so the rand argument is ignored.
return s.agent.Sign(s.pub, data)
}

38
lib/ssh/agent/client_test.go
View File

@ -16,7 +16,7 @@ import (
"testing"
"time"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
)
// startAgent executes ssh-agent, and returns a Agent interface to it.
@ -79,20 +79,20 @@ func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
}
}
func testAgent(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
agent, _, cleanup := startAgent(t)
defer cleanup()
testAgentInterface(t, agent, key, cert, lifetimeSecs)
}
func testKeyring(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
func testKeyring(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
a := NewKeyring()
testAgentInterface(t, a, key, cert, lifetimeSecs)
}
func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
signer, err := xssh.NewSignerFromKey(key)
func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
signer, err := ssh.NewSignerFromKey(key)
if err != nil {
t.Fatalf("NewSignerFromKey(%T): %v", key, err)
}
@ -104,7 +104,7 @@ func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.C
}
// Attempt to insert the key, with certificate if specified.
var pubKey xssh.PublicKey
var pubKey ssh.PublicKey
if cert != nil {
err = agent.Add(AddedKey{
PrivateKey: key,
@ -165,10 +165,10 @@ func DISABLED_TestAgent(t *testing.T) {
}
func TestCert(t *testing.T) {
cert := &xssh.Certificate{
cert := &ssh.Certificate{
Key: testPublicKeys["rsa"],
ValidBefore: xssh.CertTimeInfinity,
CertType: xssh.UserCert,
ValidBefore: ssh.CertTimeInfinity,
CertType: ssh.UserCert,
}
cert.SignCert(rand.Reader, testSigners["ecdsa"])
@ -215,9 +215,9 @@ func TestAuth(t *testing.T) {
t.Errorf("Add: %v", err)
}
serverConf := xssh.ServerConfig{}
serverConf := ssh.ServerConfig{}
serverConf.AddHostKey(testSigners["rsa"])
serverConf.PublicKeyCallback = func(c xssh.ConnMetadata, key xssh.PublicKey) (*xssh.Permissions, error) {
serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
return nil, nil
}
@ -226,16 +226,16 @@ func TestAuth(t *testing.T) {
}
go func() {
conn, _, _, err := xssh.NewServerConn(a, &serverConf)
conn, _, _, err := ssh.NewServerConn(a, &serverConf)
if err != nil {
t.Fatalf("Server: %v", err)
}
conn.Close()
}()
conf := xssh.ClientConfig{}
conf.Auth = append(conf.Auth, xssh.PublicKeysCallback(agent.Signers))
conn, _, _, err := xssh.NewClientConn(b, "", &conf)
conf := ssh.ClientConfig{}
conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
conn, _, _, err := ssh.NewClientConn(b, "", &conf)
if err != nil {
t.Fatalf("NewClientConn: %v", err)
}
@ -272,7 +272,7 @@ func testLockAgent(agent Agent, t *testing.T) {
t.Errorf("Want 0 keys, got %v", keys)
}
signer, _ := xssh.NewSignerFromKey(testPrivateKeys["rsa"])
signer, _ := ssh.NewSignerFromKey(testPrivateKeys["rsa"])
if _, err := agent.Sign(signer.PublicKey(), []byte("hello")); err == nil {
t.Fatalf("Sign did not fail")
}
@ -318,10 +318,10 @@ func TestAgentLifetime(t *testing.T) {
t.Fatalf("add: %v", err)
}
// Add certs to the agent.
cert := &xssh.Certificate{
cert := &ssh.Certificate{
Key: testPublicKeys[keyType],
ValidBefore: xssh.CertTimeInfinity,
CertType: xssh.UserCert,
ValidBefore: ssh.CertTimeInfinity,
CertType: ssh.UserCert,
}
cert.SignCert(rand.Reader, testSigners[keyType])
err = agent.Add(AddedKey{

12
lib/ssh/agent/example_test.go
View File

@ -9,8 +9,8 @@ import (
"net"
"os"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/agent"
"github.com/zmap/zgrab2/lib/agent"
"github.com/zmap/zgrab2/lib/ssh"
)
func ExampleClientAgent() {
@ -21,17 +21,17 @@ func ExampleClientAgent() {
log.Fatalf("net.Dial: %v", err)
}
agentClient := agent.NewClient(conn)
config := &xssh.ClientConfig{
config := &ssh.ClientConfig{
User: "username",
Auth: []xssh.AuthMethod{
Auth: []ssh.AuthMethod{
// Use a callback rather than PublicKeys
// so we only consult the agent once the remote server
// wants it.
xssh.PublicKeysCallback(agentClient.Signers),
ssh.PublicKeysCallback(agentClient.Signers),
},
}
sshc, err := xssh.Dial("tcp", "localhost:22", config)
sshc, err := ssh.Dial("tcp", "localhost:22", config)
if err != nil {
log.Fatalf("Dial: %v", err)
}

14
lib/ssh/agent/forward.go
View File

@ -10,13 +10,13 @@ import (
"net"
"sync"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
)
// RequestAgentForwarding sets up agent forwarding for the session.
// ForwardToAgent or ForwardToRemote should be called to route
// the authentication requests.
func RequestAgentForwarding(session *xssh.Session) error {
func RequestAgentForwarding(session *ssh.Session) error {
ok, err := session.SendRequest("auth-agent-req@openssh.com", true, nil)
if err != nil {
return err
@ -28,7 +28,7 @@ func RequestAgentForwarding(session *xssh.Session) error {
}
// ForwardToAgent routes authentication requests to the given keyring.
func ForwardToAgent(client *xssh.Client, keyring Agent) error {
func ForwardToAgent(client *ssh.Client, keyring Agent) error {
channels := client.HandleChannelOpen(channelType)
if channels == nil {
return errors.New("agent: already have handler for " + channelType)
@ -40,7 +40,7 @@ func ForwardToAgent(client *xssh.Client, keyring Agent) error {
if err != nil {
continue
}
go xssh.DiscardRequests(reqs)
go ssh.DiscardRequests(reqs)
go func() {
ServeAgent(keyring, channel)
channel.Close()
@ -54,7 +54,7 @@ const channelType = "auth-agent@openssh.com"
// ForwardToRemote routes authentication requests to the ssh-agent
// process serving on the given unix socket.
func ForwardToRemote(client *xssh.Client, addr string) error {
func ForwardToRemote(client *ssh.Client, addr string) error {
channels := client.HandleChannelOpen(channelType)
if channels == nil {
return errors.New("agent: already have handler for " + channelType)
@ -71,14 +71,14 @@ func ForwardToRemote(client *xssh.Client, addr string) error {
if err != nil {
continue
}
go xssh.DiscardRequests(reqs)
go ssh.DiscardRequests(reqs)
go forwardUnixSocket(channel, addr)
}
}()
return nil
}
func forwardUnixSocket(channel xssh.Channel, addr string) {
func forwardUnixSocket(channel ssh.Channel, addr string) {
conn, err := net.Dial("unix", addr)
if err != nil {
return

16
lib/ssh/agent/keyring.go
View File

@ -13,11 +13,11 @@ import (
"sync"
"time"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
)
type privKey struct {
signer xssh.Signer
signer ssh.Signer
comment string
expire *time.Time
}
@ -72,7 +72,7 @@ func (r *keyring) removeLocked(want []byte) error {
}
// Remove removes all identities with the given public key.
func (r *keyring) Remove(key xssh.PublicKey) error {
func (r *keyring) Remove(key ssh.PublicKey) error {
r.mu.Lock()
defer r.mu.Unlock()
if r.locked {
@ -152,14 +152,14 @@ func (r *keyring) Add(key AddedKey) error {
if r.locked {
return errLocked
}
signer, err := xssh.NewSignerFromKey(key.PrivateKey)
signer, err := ssh.NewSignerFromKey(key.PrivateKey)
if err != nil {
return err
}
if cert := key.Certificate; cert != nil {
signer, err = xssh.NewCertSigner(cert, signer)
signer, err = ssh.NewCertSigner(cert, signer)
if err != nil {
return err
}
@ -181,7 +181,7 @@ func (r *keyring) Add(key AddedKey) error {
}
// Sign returns a signature for the data.
func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) {
func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
r.mu.Lock()
defer r.mu.Unlock()
if r.locked {
@ -199,7 +199,7 @@ func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
}
// Signers returns signers for all the known keys.
func (r *keyring) Signers() ([]xssh.Signer, error) {
func (r *keyring) Signers() ([]ssh.Signer, error) {
r.mu.Lock()
defer r.mu.Unlock()
if r.locked {
@ -207,7 +207,7 @@ func (r *keyring) Signers() ([]xssh.Signer, error) {
}
r.expireKeysLocked()
s := make([]xssh.Signer, 0, len(r.keys))
s := make([]ssh.Signer, 0, len(r.keys))
for _, k := range r.keys {
s = append(s, k.signer)
}

76
lib/ssh/agent/server.go
View File

@ -16,7 +16,7 @@ import (
"log"
"math/big"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
"golang.org/x/crypto/ed25519"
)
@ -40,7 +40,7 @@ func (s *server) processRequestBytes(reqData []byte) []byte {
return []byte{agentSuccess}
}
return xssh.Marshal(rep)
return ssh.Marshal(rep)
}
func marshalKey(k *Key) []byte {
@ -51,7 +51,7 @@ func marshalKey(k *Key) []byte {
record.Blob = k.Marshal()
record.Comment = k.Comment
return xssh.Marshal(&record)
return ssh.Marshal(&record)
}
// See [PROTOCOL.agent], section 2.5.1.
@ -83,12 +83,12 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
case agentRemoveIdentity:
var req agentRemoveIdentityMsg
if err := xssh.Unmarshal(data, &req); err != nil {
if err := ssh.Unmarshal(data, &req); err != nil {
return nil, err
}
var wk wireKey
if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil {
if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
return nil, err
}
@ -99,7 +99,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
case agentLock:
var req agentLockMsg
if err := xssh.Unmarshal(data, &req); err != nil {
if err := ssh.Unmarshal(data, &req); err != nil {
return nil, err
}
@ -107,19 +107,19 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
case agentUnlock:
var req agentLockMsg
if err := xssh.Unmarshal(data, &req); err != nil {
if err := ssh.Unmarshal(data, &req); err != nil {
return nil, err
}
return nil, s.agent.Unlock(req.Passphrase)
case agentSignRequest:
var req signRequestAgentMsg
if err := xssh.Unmarshal(data, &req); err != nil {
if err := ssh.Unmarshal(data, &req); err != nil {
return nil, err
}
var wk wireKey
if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil {
if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
return nil, err
}
@ -132,7 +132,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
if err != nil {
return nil, err
}
return &signResponseAgentMsg{SigBlob: xssh.Marshal(sig)}, nil
return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil
case agentRequestIdentities:
keys, err := s.agent.List()
@ -157,7 +157,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
func parseRSAKey(req []byte) (*AddedKey, error) {
var k rsaKeyMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
if k.E.BitLen() > 30 {
@ -178,7 +178,7 @@ func parseRSAKey(req []byte) (*AddedKey, error) {
func parseEd25519Key(req []byte) (*AddedKey, error) {
var k ed25519KeyMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
priv := ed25519.PrivateKey(k.Priv)
@ -187,7 +187,7 @@ func parseEd25519Key(req []byte) (*AddedKey, error) {
func parseDSAKey(req []byte) (*AddedKey, error) {
var k dsaKeyMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
priv := &dsa.PrivateKey{
@ -231,15 +231,15 @@ func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (pri
func parseEd25519Cert(req []byte) (*AddedKey, error) {
var k ed25519CertMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
if err != nil {
return nil, err
}
priv := ed25519.PrivateKey(k.Priv)
cert, ok := pubKey.(*xssh.Certificate)
cert, ok := pubKey.(*ssh.Certificate)
if !ok {
return nil, errors.New("agent: bad ED25519 certificate")
}
@ -248,7 +248,7 @@ func parseEd25519Cert(req []byte) (*AddedKey, error) {
func parseECDSAKey(req []byte) (*AddedKey, error) {
var k ecdsaKeyMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
@ -262,16 +262,16 @@ func parseECDSAKey(req []byte) (*AddedKey, error) {
func parseRSACert(req []byte) (*AddedKey, error) {
var k rsaCertMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
if err != nil {
return nil, err
}
cert, ok := pubKey.(*xssh.Certificate)
cert, ok := pubKey.(*ssh.Certificate)
if !ok {
return nil, errors.New("agent: bad RSA certificate")
}
@ -282,7 +282,7 @@ func parseRSACert(req []byte) (*AddedKey, error) {
E *big.Int
N *big.Int
}
if err := xssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
}
@ -305,14 +305,14 @@ func parseRSACert(req []byte) (*AddedKey, error) {
func parseDSACert(req []byte) (*AddedKey, error) {
var k dsaCertMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
if err != nil {
return nil, err
}
cert, ok := pubKey.(*xssh.Certificate)
cert, ok := pubKey.(*ssh.Certificate)
if !ok {
return nil, errors.New("agent: bad DSA certificate")
}
@ -322,7 +322,7 @@ func parseDSACert(req []byte) (*AddedKey, error) {
Name string
P, Q, G, Y *big.Int
}
if err := xssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
}
@ -343,15 +343,15 @@ func parseDSACert(req []byte) (*AddedKey, error) {
func parseECDSACert(req []byte) (*AddedKey, error) {
var k ecdsaCertMsg
if err := xssh.Unmarshal(req, &k); err != nil {
if err := ssh.Unmarshal(req, &k); err != nil {
return nil, err
}
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
if err != nil {
return nil, err
}
cert, ok := pubKey.(*xssh.Certificate)
cert, ok := pubKey.(*ssh.Certificate)
if !ok {
return nil, errors.New("agent: bad ECDSA certificate")
}
@ -362,7 +362,7 @@ func parseECDSACert(req []byte) (*AddedKey, error) {
ID string
Key []byte
}
if err := xssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
return nil, err
}
@ -380,7 +380,7 @@ func (s *server) insertIdentity(req []byte) error {
Rest []byte `ssh:"rest"`
}
if err := xssh.Unmarshal(req, &record); err != nil {
if err := ssh.Unmarshal(req, &record); err != nil {
return err
}
@ -388,21 +388,21 @@ func (s *server) insertIdentity(req []byte) error {
var err error
switch record.Type {
case xssh.KeyAlgoRSA:
case ssh.KeyAlgoRSA:
addedKey, err = parseRSAKey(req)
case xssh.KeyAlgoDSA:
case ssh.KeyAlgoDSA:
addedKey, err = parseDSAKey(req)
case xssh.KeyAlgoECDSA256, xssh.KeyAlgoECDSA384, xssh.KeyAlgoECDSA521:
case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
addedKey, err = parseECDSAKey(req)
case xssh.KeyAlgoED25519:
case ssh.KeyAlgoED25519:
addedKey, err = parseEd25519Key(req)
case xssh.CertAlgoRSAv01:
case ssh.CertAlgoRSAv01:
addedKey, err = parseRSACert(req)
case xssh.CertAlgoDSAv01:
case ssh.CertAlgoDSAv01:
addedKey, err = parseDSACert(req)
case xssh.CertAlgoECDSA256v01, xssh.CertAlgoECDSA384v01, xssh.CertAlgoECDSA521v01:
case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:
addedKey, err = parseECDSACert(req)
case xssh.CertAlgoED25519v01:
case ssh.CertAlgoED25519v01:
addedKey, err = parseEd25519Cert(req)
default:
return fmt.Errorf("agent: not implemented: %q", record.Type)

28
lib/ssh/agent/server_test.go
View File

@ -10,7 +10,7 @@ import (
"fmt"
"testing"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab2/lib/ssh"
)
func TestServer(t *testing.T) {
@ -43,25 +43,25 @@ func TestSetupForwardAgent(t *testing.T) {
_, socket, cleanup := startAgent(t)
defer cleanup()
serverConf := xssh.ServerConfig{
serverConf := ssh.ServerConfig{
NoClientAuth: true,
}
serverConf.AddHostKey(testSigners["rsa"])
incoming := make(chan *xssh.ServerConn, 1)
incoming := make(chan *ssh.ServerConn, 1)
go func() {
conn, _, _, err := xssh.NewServerConn(a, &serverConf)
conn, _, _, err := ssh.NewServerConn(a, &serverConf)
if err != nil {
t.Fatalf("Server: %v", err)
}
incoming <- conn
}()
conf := xssh.ClientConfig{}
conn, chans, reqs, err := xssh.NewClientConn(b, "", &conf)
conf := ssh.ClientConfig{}
conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
if err != nil {
t.Fatalf("NewClientConn: %v", err)
}
client := xssh.NewClient(conn, chans, reqs)
client := ssh.NewClient(conn, chans, reqs)
if err := ForwardToRemote(client, socket); err != nil {
t.Fatalf("SetupForwardAgent: %v", err)
@ -72,7 +72,7 @@ func TestSetupForwardAgent(t *testing.T) {
if err != nil {
t.Fatalf("OpenChannel(%q): %v", channelType, err)
}
go xssh.DiscardRequests(reqs)
go ssh.DiscardRequests(reqs)
agentClient := NewClient(ch)
testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
@ -156,7 +156,7 @@ func TestKeyTypes(t *testing.T) {
}
}
func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error {
func addCertToAgentSock(key crypto.PrivateKey, cert *ssh.Certificate) error {
a, b, err := netPipe()
if err != nil {
return err
@ -171,7 +171,7 @@ func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error {
return verifyKey(agentClient)
}
func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error {
func addCertToAgent(key crypto.PrivateKey, cert *ssh.Certificate) error {
sshAgent := NewKeyring()
if err := sshAgent.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
return fmt.Errorf("add: %v", err)
@ -181,15 +181,15 @@ func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error {
func TestCertTypes(t *testing.T) {
for keyType, key := range testPublicKeys {
cert := &xssh.Certificate{
cert := &ssh.Certificate{
ValidPrincipals: []string{"gopher1"},
ValidAfter: 0,
ValidBefore: xssh.CertTimeInfinity,
ValidBefore: ssh.CertTimeInfinity,
Key: key,
Serial: 1,
CertType: xssh.UserCert,
CertType: ssh.UserCert,
SignatureKey: testPublicKeys["rsa"],
Permissions: xssh.Permissions{
Permissions: ssh.Permissions{
CriticalOptions: map[string]string{},
Extensions: map[string]string{},
},

24
lib/ssh/agent/testdata_test.go
View File

@ -12,14 +12,14 @@ import (
"crypto/rand"
"fmt"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/testdata"
"github.com/zmap/zgrab2/lib/ssh"
"github.com/zmap/zgrab2/lib/testdata"
)
var (
testPrivateKeys map[string]interface{}
testSigners map[string]xssh.Signer
testPublicKeys map[string]xssh.PublicKey
testSigners map[string]ssh.Signer
testPublicKeys map[string]ssh.PublicKey
)
func init() {
@ -27,14 +27,14 @@ func init() {
n := len(testdata.PEMBytes)
testPrivateKeys = make(map[string]interface{}, n)
testSigners = make(map[string]xssh.Signer, n)
testPublicKeys = make(map[string]xssh.PublicKey, n)
testSigners = make(map[string]ssh.Signer, n)
testPublicKeys = make(map[string]ssh.PublicKey, n)
for t, k := range testdata.PEMBytes {
testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k)
testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
if err != nil {
panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
}
testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t])
testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
if err != nil {
panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
}
@ -42,22 +42,22 @@ func init() {
}
// Create a cert and sign it for use in tests.
testCert := &xssh.Certificate{
testCert := &ssh.Certificate{
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
ValidAfter: 0, // unix epoch
ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time.
ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time.
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
Key: testPublicKeys["ecdsa"],
SignatureKey: testPublicKeys["rsa"],
Permissions: xssh.Permissions{
Permissions: ssh.Permissions{
CriticalOptions: map[string]string{},
Extensions: map[string]string{},
},
}
testCert.SignCert(rand.Reader, testSigners["rsa"])
testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"])
testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
if err != nil {
panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
}

2
lib/ssh/benchmark_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"errors"

2
lib/ssh/buffer.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"io"

2
lib/ssh/buffer_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"io"

2
lib/ssh/certs.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/certs_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/channel.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"encoding/binary"

2
lib/ssh/cipher.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"crypto/aes"

2
lib/ssh/cipher_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

4
lib/ssh/client.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"errors"
@ -116,7 +116,7 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e
}
}
}
if pkgConfig.Verbose {
if config.Verbose {
if config.ConnLog != nil {
//config.ConnLog.ClientIDString = string(c.clientVersion)
}

2
lib/ssh/client_auth.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/client_auth_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/client_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"net"

2
lib/ssh/common.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"crypto"

2
lib/ssh/config.go
View File

@ -1,4 +1,4 @@
package xssh
package ssh
func MakeXSSHConfig() *ClientConfig {
ret := new(ClientConfig)

2
lib/ssh/connection.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"fmt"

2
lib/ssh/doc.go
View File

@ -15,4 +15,4 @@ References:
[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
[SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
*/
package xssh // import "github.com/zmap/zgrab/ztools/xssh"
package ssh

70
lib/ssh/example_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh_test
package ssh_test
import (
"bytes"
@ -12,8 +12,8 @@ import (
"net"
"net/http"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/terminal"
"github.com/zmap/zgrab2/lib/ssh"
"github.com/zmap/zgrab2/lib/terminal"
)
func ExampleNewServerConn() {
@ -27,7 +27,7 @@ func ExampleNewServerConn() {
authorizedKeysMap := map[string]bool{}
for len(authorizedKeysBytes) > 0 {
pubKey, _, _, rest, err := xssh.ParseAuthorizedKey(authorizedKeysBytes)
pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes)
if err != nil {
log.Fatal(err)
}
@ -38,9 +38,9 @@ func ExampleNewServerConn() {
// An SSH server is represented by a ServerConfig, which holds
// certificate details and handles authentication of ServerConns.
config := &xssh.ServerConfig{
config := &ssh.ServerConfig{
// Remove to disable password auth.
PasswordCallback: func(c xssh.ConnMetadata, pass []byte) (*xssh.Permissions, error) {
PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
// Should use constant-time compare (or better, salt+hash) in
// a production setting.
if c.User() == "testuser" && string(pass) == "tiger" {
@ -50,7 +50,7 @@ func ExampleNewServerConn() {
},
// Remove to disable public key auth.
PublicKeyCallback: func(c xssh.ConnMetadata, pubKey xssh.PublicKey) (*xssh.Permissions, error) {
PublicKeyCallback: func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
if authorizedKeysMap[string(pubKey.Marshal())] {
return nil, nil
}
@ -63,7 +63,7 @@ func ExampleNewServerConn() {
log.Fatal("Failed to load private key: ", err)
}
private, err := xssh.ParsePrivateKey(privateBytes)
private, err := ssh.ParsePrivateKey(privateBytes)
if err != nil {
log.Fatal("Failed to parse private key: ", err)
}
@ -83,12 +83,12 @@ func ExampleNewServerConn() {
// Before use, a handshake must be performed on the incoming
// net.Conn.
_, chans, reqs, err := xssh.NewServerConn(nConn, config)
_, chans, reqs, err := ssh.NewServerConn(nConn, config)
if err != nil {
log.Fatal("failed to handshake: ", err)
}
// The incoming Request channel must be serviced.
go xssh.DiscardRequests(reqs)
go ssh.DiscardRequests(reqs)
// Service the incoming Channel channel.
@ -99,7 +99,7 @@ func ExampleNewServerConn() {
// "session" and ServerShell may be used to present a simple
// terminal interface.
if newChannel.ChannelType() != "session" {
newChannel.Reject(xssh.UnknownChannelType, "unknown channel type")
newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
continue
}
channel, requests, err := newChannel.Accept()
@ -110,7 +110,7 @@ func ExampleNewServerConn() {
// Sessions have out-of-band requests such as "shell",
// "pty-req" and "env". Here we handle only the
// "shell" request.
go func(in <-chan *xssh.Request) {
go func(in <-chan *ssh.Request) {
for req := range in {
req.Reply(req.Type == "shell", nil)
}
@ -136,13 +136,13 @@ func ExampleDial() {
//
// To authenticate with the remote server you must pass at least one
// implementation of AuthMethod via the Auth field in ClientConfig.
config := &xssh.ClientConfig{
config := &ssh.ClientConfig{
User: "username",
Auth: []xssh.AuthMethod{
xssh.Password("yourpassword"),
Auth: []ssh.AuthMethod{
ssh.Password("yourpassword"),
},
}
client, err := xssh.Dial("tcp", "yourserver.com:22", config)
client, err := ssh.Dial("tcp", "yourserver.com:22", config)
if err != nil {
log.Fatal("Failed to dial: ", err)
}
@ -177,21 +177,21 @@ func ExamplePublicKeys() {
}
// Create the Signer for this private key.
signer, err := xssh.ParsePrivateKey(key)
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Fatalf("unable to parse private key: %v", err)
}
config := &xssh.ClientConfig{
config := &ssh.ClientConfig{
User: "user",
Auth: []xssh.AuthMethod{
Auth: []ssh.AuthMethod{
// Use the PublicKeys method for remote authentication.
xssh.PublicKeys(signer),
ssh.PublicKeys(signer),
},
}
// Connect to the remote server and perform the SSH handshake.
client, err := xssh.Dial("tcp", "host.com:22", config)
client, err := ssh.Dial("tcp", "host.com:22", config)
if err != nil {
log.Fatalf("unable to connect: %v", err)
}
@ -199,14 +199,14 @@ func ExamplePublicKeys() {
}
func ExampleClient_Listen() {
config := &xssh.ClientConfig{
config := &ssh.ClientConfig{
User: "username",
Auth: []xssh.AuthMethod{
xssh.Password("password"),
Auth: []ssh.AuthMethod{
ssh.Password("password"),
},
}
// Dial your xssh server.
conn, err := xssh.Dial("tcp", "localhost:22", config)
// Dial your ssh server.
conn, err := ssh.Dial("tcp", "localhost:22", config)
if err != nil {
log.Fatal("unable to connect: ", err)
}
@ -227,14 +227,14 @@ func ExampleClient_Listen() {
func ExampleSession_RequestPty() {
// Create client config
config := &xssh.ClientConfig{
config := &ssh.ClientConfig{
User: "username",
Auth: []xssh.AuthMethod{
xssh.Password("password"),
Auth: []ssh.AuthMethod{
ssh.Password("password"),
},
}
// Connect to xssh server
conn, err := xssh.Dial("tcp", "localhost:22", config)
// Connect to ssh server
conn, err := ssh.Dial("tcp", "localhost:22", config)
if err != nil {
log.Fatal("unable to connect: ", err)
}
@ -246,10 +246,10 @@ func ExampleSession_RequestPty() {
}
defer session.Close()
// Set up terminal modes
modes := xssh.TerminalModes{
xssh.ECHO: 0, // disable echoing
xssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
xssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
modes := ssh.TerminalModes{
ssh.ECHO: 0, // disable echoing
ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
}
// Request pseudo terminal
if err := session.RequestPty("xterm", 40, 80, modes); err != nil {

157
lib/ssh/flag.go
View File

@ -1,157 +0,0 @@
package xssh
import (
"errors"
"flag"
"fmt"
"strings"
)
var pkgConfig XSSHConfig
type XSSHConfig struct {
ClientID string
HostKeyAlgorithms HostKeyAlgorithmsList
KexAlgorithms KexAlgorithmsList
Verbose bool
CollectUserAuth bool
Ciphers CipherList
GexMinBits uint
GexMaxBits uint
GexPreferredBits uint
}
type HostKeyAlgorithmsList struct {
Algorithms []string
}
func (hkaList *HostKeyAlgorithmsList) String() string {
return strings.Join(hkaList.Algorithms, ",")
}
func (hkaList *HostKeyAlgorithmsList) Set(value string) error {
for _, alg := range strings.Split(value, ",") {
isValid := false
for _, val := range supportedHostKeyAlgos {
if val == alg {
isValid = true
break
}
}
if !isValid {
return errors.New(fmt.Sprintf(`host key algorithm not supported: "%s"`, alg))
}
hkaList.Algorithms = append(hkaList.Algorithms, alg)
}
return nil
}
func (hkaList *HostKeyAlgorithmsList) Get() []string {
if len(hkaList.Algorithms) == 0 {
return supportedHostKeyAlgos
} else {
return hkaList.Algorithms
}
}
type KexAlgorithmsList struct {
Algorithms []string
}
func (kaList *KexAlgorithmsList) String() string {
return strings.Join(kaList.Algorithms, ",")
}
func (kaList *KexAlgorithmsList) Set(value string) error {
for _, alg := range strings.Split(value, ",") {
isValid := false
for _, val := range allSupportedKexAlgos {
if val == alg {
isValid = true
break
}
}
if !isValid {
return errors.New(fmt.Sprintf(`DH KEX algorithm not supported: "%s"`, alg))
}
kaList.Algorithms = append(kaList.Algorithms, alg)
}
return nil
}
func (kaList *KexAlgorithmsList) Get() []string {
if len(kaList.Algorithms) == 0 {
return defaultKexAlgos
} else {
return kaList.Algorithms
}
}
type CipherList struct {
Ciphers []string
}
func (cList *CipherList) String() string {
return strings.Join(cList.Ciphers, ",")
}
func (cList *CipherList) Set(value string) error {
for _, inCipher := range strings.Split(value, ",") {
isValid := false
for _, knownCipher := range allSupportedCiphers {
if inCipher == knownCipher {
isValid = true
break
}
}
if !isValid {
return errors.New(fmt.Sprintf(`cipher not supported: "%s"`, inCipher))
}
cList.Ciphers = append(cList.Ciphers, inCipher)
}
return nil
}
func (cList *CipherList) Get() []string {
if len(cList.Ciphers) == 0 {
return defaultCiphers
} else {
return cList.Ciphers
}
}
func init() {
flag.StringVar(&pkgConfig.ClientID, "xssh-client-id", packageVersion, "Specify the client ID string to use")
hostKeyAlgUsage := fmt.Sprintf(
"A comma-separated list of which host key algorithms to offer (default \"%s\")",
strings.Join(supportedHostKeyAlgos, ","),
)
flag.Var(&pkgConfig.HostKeyAlgorithms, "xssh-host-key-algorithms", hostKeyAlgUsage)
kexAlgUsage := fmt.Sprintf(
"A comma-separated list of which DH key exchange algorithms to offer (default \"%s\")",
strings.Join(defaultKexAlgos, ","),
)
flag.Var(&pkgConfig.KexAlgorithms, "xssh-kex-algorithms", kexAlgUsage)
ciphersUsage := fmt.Sprintf(
`A comma-separated list of which ciphers to offer (default "%s")`,
strings.Join(defaultCiphers, ","))
flag.Var(&pkgConfig.Ciphers, "xssh-ciphers", ciphersUsage)
flag.BoolVar(&pkgConfig.Verbose, "xssh-verbose", false, "Output additional information, including X/SSH client properties from the SSH handshake.")
flag.BoolVar(&pkgConfig.CollectUserAuth, "xssh-userauth", false, "Use the 'none' authentication request to see what userauth methods are allowed.")
flag.UintVar(&pkgConfig.GexMinBits, "xssh-gex-min-bits", 1024, "The minimum number of bits for the DH GEX prime.")
flag.UintVar(&pkgConfig.GexMaxBits, "xssh-gex-max-bits", 8192, "The maximum number of bits for the DH GEX prime.")
flag.UintVar(&pkgConfig.GexPreferredBits, "xssh-gex-preferred-bits", 2048, "The preferred number of bits for the DH GEX prime.")
}

2
lib/ssh/handshake.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"crypto/rand"

2
lib/ssh/handshake_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

8
lib/ssh/kex.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"crypto"
@ -205,7 +205,7 @@ func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int,
return new(big.Int).Exp(theirPublic, myPrivate, group.p), nil
}
func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics, config *Config) (*kexResult, error) {
group.JsonLog.Parameters = new(ztoolsKeys.DHParams)
hashFunc := crypto.SHA1
@ -220,13 +220,13 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha
}
}
if pkgConfig.Verbose {
if config.Verbose {
group.JsonLog.Parameters.ClientPrivate = x
}
X := new(big.Int).Exp(group.g, x, group.p)
if pkgConfig.Verbose {
if config.Verbose {
group.JsonLog.Parameters.ClientPublic = X
}

2
lib/ssh/kex_gex.go
View File

@ -1,4 +1,4 @@
package xssh
package ssh
import (
"crypto"

2
lib/ssh/kex_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
// Key exchange tests.

8
lib/ssh/keys.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"
@ -347,7 +347,7 @@ func parseRSA(in []byte) (out PublicKey, rest []byte, err error) {
func (r *rsaPublicKey) Marshal() []byte {
e := new(big.Int).SetInt64(int64(r.E))
// RSA publickey struct layout should match the struct used by
// parseRSACert in the github.com/zmap/zgrab/ztools/xssh/agent package.
// parseRSACert in the github.com/zmap/zgrab2/lib/agent package.
wirekey := struct {
Name string
E *big.Int
@ -409,7 +409,7 @@ func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {
func (k *dsaPublicKey) Marshal() []byte {
// DSA publickey struct layout should match the struct used by
// parseDSACert in the x/github.com/zmap/zgrab/ztools/xssh/agent package.
// parseDSACert in the x/github.com/zmap/zgrab2/lib/agent package.
w := struct {
Name string
P, Q, G, Y *big.Int
@ -615,7 +615,7 @@ func (key *ecdsaPublicKey) Marshal() []byte {
// See RFC 5656, section 3.1.
keyBytes := elliptic.Marshal(key.Curve, key.X, key.Y)
// ECDSA publickey struct layout should match the struct used by
// parseECDSACert in the github.com/zmap/zgrab/ztools/xssh/agent package.
// parseECDSACert in the github.com/zmap/zgrab2/lib/agent package.
w := struct {
Name string
ID string

4
lib/ssh/keys_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"
@ -17,7 +17,7 @@ import (
"strings"
"testing"
"github.com/zmap/zgrab/ztools/xssh/testdata"
"github.com/zmap/zgrab2/lib/testdata"
"golang.org/x/crypto/ed25519"
)

2
lib/ssh/log.go
View File

@ -12,7 +12,7 @@
* permissions and limitations under the License.
*/
package xssh
package ssh
// HandshakeLog contains detailed information about each step of the
// SSH handshake, and can be encoded to JSON.

2
lib/ssh/mac.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
// Message authentication support

2
lib/ssh/mempipe_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"io"

2
lib/ssh/messages.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/messages_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/mux.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"encoding/binary"

2
lib/ssh/mux_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"io"

2
lib/ssh/server.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

2
lib/ssh/session.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
// Session implements an interactive session described in
// "RFC 4254, section 6".

4
lib/ssh/session_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
// Session tests.
@ -16,7 +16,7 @@ import (
"net"
"testing"
"github.com/zmap/zgrab/ztools/xssh/terminal"
"github.com/zmap/zgrab2/lib/terminal"
)
type serverType func(Channel, <-chan *Request, *testing.T)

2
lib/ssh/tcpip.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"errors"

2
lib/ssh/tcpip_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"testing"

2
lib/ssh/terminal/util.go
View File

@ -14,7 +14,7 @@
// panic(err)
// }
// defer terminal.Restore(0, oldState)
package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal"
package terminal // import "github.com/zmap/zgrab2/lib/terminal"
import (
"io"

2
lib/ssh/terminal/util_solaris.go
View File

@ -4,7 +4,7 @@
// +build solaris
package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal"
package terminal // import "github.com/zmap/zgrab2/lib/terminal"
import (
"golang.org/x/sys/unix"

8
lib/ssh/test/agent_unix_test.go
View File

@ -10,8 +10,8 @@ import (
"bytes"
"testing"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/agent"
"github.com/zmap/zgrab/ztools/ssh"
"github.com/zmap/zgrab/ztools/ssh/agent"
)
func DISABLED_TestAgentForward(t *testing.T) {
@ -48,12 +48,12 @@ func DISABLED_TestAgentForward(t *testing.T) {
if err != nil {
t.Fatalf("running ssh-add: %v, out %s", err, out)
}
key, _, _, _, err := xssh.ParseAuthorizedKey(out)
key, _, _, _, err := ssh.ParseAuthorizedKey(out)
if err != nil {
t.Fatalf("ParseAuthorizedKey(%q): %v", out, err)
}
if !bytes.Equal(key.Marshal(), pub.Marshal()) {
t.Fatalf("got key %s, want %s", xssh.MarshalAuthorizedKey(key), xssh.MarshalAuthorizedKey(pub))
t.Fatalf("got key %s, want %s", ssh.MarshalAuthorizedKey(key), ssh.MarshalAuthorizedKey(pub))
}
}

14
lib/ssh/test/cert_test.go
View File

@ -10,7 +10,7 @@ import (
"crypto/rand"
"testing"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/ssh"
)
func DISABLED_TestCertLogin(t *testing.T) {
@ -20,25 +20,25 @@ func DISABLED_TestCertLogin(t *testing.T) {
// Use a key different from the default.
clientKey := testSigners["dsa"]
caAuthKey := testSigners["ecdsa"]
cert := &xssh.Certificate{
cert := &ssh.Certificate{
Key: clientKey.PublicKey(),
ValidPrincipals: []string{username()},
CertType: xssh.UserCert,
ValidBefore: xssh.CertTimeInfinity,
CertType: ssh.UserCert,
ValidBefore: ssh.CertTimeInfinity,
}
if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
t.Fatalf("SetSignature: %v", err)
}
certSigner, err := xssh.NewCertSigner(cert, clientKey)
certSigner, err := ssh.NewCertSigner(cert, clientKey)
if err != nil {
t.Fatalf("NewCertSigner: %v", err)
}
conf := &xssh.ClientConfig{
conf := &ssh.ClientConfig{
User: username(),
}
conf.Auth = append(conf.Auth, xssh.PublicKeys(certSigner))
conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
client, err := s.TryDial(conf)
if err != nil {
t.Fatalf("TryDial: %v", err)

4
lib/ssh/test/doc.go
View File

@ -3,5 +3,5 @@
// license that can be found in the LICENSE file.
// This package contains integration tests for the
// github.com/zmap/zgrab/ztools/xssh.
package test // import "github.com/zmap/zgrab/ztools/xssh/test"
// github.com/zmap/zgrab/ztools/ssh.
package test // import "github.com/zmap/zgrab/ztools/ssh/test"

22
lib/ssh/test/session_test.go
View File

@ -15,7 +15,7 @@ import (
"strings"
"testing"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/ssh"
)
func DISABLED_TestRunCommandSuccess(t *testing.T) {
@ -44,9 +44,9 @@ func DISABLED_TestHostKeyCheck(t *testing.T) {
conf.HostKeyCallback = hostDB.Check
// change the keys.
hostDB.keys[xssh.KeyAlgoRSA][25]++
hostDB.keys[xssh.KeyAlgoDSA][25]++
hostDB.keys[xssh.KeyAlgoECDSA256][25]++
hostDB.keys[ssh.KeyAlgoRSA][25]++
hostDB.keys[ssh.KeyAlgoDSA][25]++
hostDB.keys[ssh.KeyAlgoECDSA256][25]++
conn, err := server.TryDial(conf)
if err == nil {
@ -227,7 +227,7 @@ func DISABLED_TestInvalidTerminalMode(t *testing.T) {
}
defer session.Close()
if err = session.RequestPty("vt100", 80, 40, xssh.TerminalModes{255: 1984}); err == nil {
if err = session.RequestPty("vt100", 80, 40, ssh.TerminalModes{255: 1984}); err == nil {
t.Fatalf("req-pty failed: successful request with invalid mode")
}
}
@ -254,7 +254,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) {
t.Fatalf("unable to acquire stdin pipe: %s", err)
}
tm := xssh.TerminalModes{xssh.ECHO: 0}
tm := ssh.TerminalModes{ssh.ECHO: 0}
if err = session.RequestPty("xterm", 80, 40, tm); err != nil {
t.Fatalf("req-pty failed: %s", err)
}
@ -277,7 +277,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) {
}
func DISABLED_TestCiphers(t *testing.T) {
var config xssh.Config
var config ssh.Config
config.SetDefaults()
cipherOrder := config.Ciphers
// These ciphers will not be tested when commented out in cipher.go it will
@ -301,7 +301,7 @@ func DISABLED_TestCiphers(t *testing.T) {
}
func DISABLED_TestMACs(t *testing.T) {
var config xssh.Config
var config ssh.Config
config.SetDefaults()
macOrder := config.MACs
@ -321,7 +321,7 @@ func DISABLED_TestMACs(t *testing.T) {
}
func DISABLED_TestKeyExchanges(t *testing.T) {
var config xssh.Config
var config ssh.Config
config.SetDefaults()
kexOrder := config.KeyExchanges
for _, kex := range kexOrder {
@ -349,8 +349,8 @@ func DISABLED_TestClientAuthAlgorithms(t *testing.T) {
server := newServer(t)
conf := clientConfig()
conf.SetDefaults()
conf.Auth = []xssh.AuthMethod{
xssh.PublicKeys(testSigners[key]),
conf.Auth = []ssh.AuthMethod{
ssh.PublicKeys(testSigners[key]),
}
conn, err := server.TryDial(conf)

30
lib/ssh/test/test_unix_test.go
View File

@ -21,8 +21,8 @@ import (
"testing"
"text/template"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/testdata"
"github.com/zmap/zgrab/ztools/ssh"
"github.com/zmap/zgrab/ztools/ssh/testdata"
)
const sshd_config = `
@ -87,14 +87,14 @@ type storedHostKey struct {
checkCount int
}
func (k *storedHostKey) Add(key xssh.PublicKey) {
func (k *storedHostKey) Add(key ssh.PublicKey) {
if k.keys == nil {
k.keys = map[string][]byte{}
}
k.keys[key.Type()] = key.Marshal()
}
func (k *storedHostKey) Check(addr string, remote net.Addr, key xssh.PublicKey) error {
func (k *storedHostKey) Check(addr string, remote net.Addr, key ssh.PublicKey) error {
k.checkCount++
algo := key.Type()
@ -112,11 +112,11 @@ func hostKeyDB() *storedHostKey {
return keyChecker
}
func clientConfig() *xssh.ClientConfig {
config := &xssh.ClientConfig{
func clientConfig() *ssh.ClientConfig {
config := &ssh.ClientConfig{
User: username(),
Auth: []xssh.AuthMethod{
xssh.PublicKeys(testSigners["user"]),
Auth: []ssh.AuthMethod{
ssh.PublicKeys(testSigners["user"]),
},
HostKeyCallback: hostKeyDB().Check,
}
@ -153,7 +153,7 @@ func unixConnection() (*net.UnixConn, *net.UnixConn, error) {
return c1.(*net.UnixConn), c2.(*net.UnixConn), nil
}
func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) {
func (s *server) TryDial(config *ssh.ClientConfig) (*ssh.Client, error) {
sshd, err := exec.LookPath("sshd")
if err != nil {
s.t.Skipf("skipping test: %v", err)
@ -179,19 +179,19 @@ func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) {
s.t.Fatalf("s.cmd.Start: %v", err)
}
s.clientConn = c1
conn, chans, reqs, err := xssh.NewClientConn(c1, "", config)
conn, chans, reqs, err := ssh.NewClientConn(c1, "", config)
if err != nil {
return nil, err
}
return xssh.NewClient(conn, chans, reqs), nil
return ssh.NewClient(conn, chans, reqs), nil
}
func (s *server) Dial(config *xssh.ClientConfig) *xssh.Client {
func (s *server) Dial(config *ssh.ClientConfig) *ssh.Client {
conn, err := s.TryDial(config)
if err != nil {
s.t.Fail()
s.Shutdown()
s.t.Fatalf("xssh.Client: %v", err)
s.t.Fatalf("ssh.Client: %v", err)
}
return conn
}
@ -247,12 +247,12 @@ func newServer(t *testing.T) *server {
for k, v := range testdata.PEMBytes {
filename := "id_" + k
writeFile(filepath.Join(dir, filename), v)
writeFile(filepath.Join(dir, filename+".pub"), xssh.MarshalAuthorizedKey(testPublicKeys[k]))
writeFile(filepath.Join(dir, filename+".pub"), ssh.MarshalAuthorizedKey(testPublicKeys[k]))
}
var authkeys bytes.Buffer
for k := range testdata.PEMBytes {
authkeys.Write(xssh.MarshalAuthorizedKey(testPublicKeys[k]))
authkeys.Write(ssh.MarshalAuthorizedKey(testPublicKeys[k]))
}
writeFile(filepath.Join(dir, "authorized_keys"), authkeys.Bytes())

24
lib/ssh/test/testdata_test.go
View File

@ -12,14 +12,14 @@ import (
"crypto/rand"
"fmt"
"github.com/zmap/zgrab/ztools/xssh"
"github.com/zmap/zgrab/ztools/xssh/testdata"
"github.com/zmap/zgrab/ztools/ssh"
"github.com/zmap/zgrab/ztools/ssh/testdata"
)
var (
testPrivateKeys map[string]interface{}
testSigners map[string]xssh.Signer
testPublicKeys map[string]xssh.PublicKey
testSigners map[string]ssh.Signer
testPublicKeys map[string]ssh.PublicKey
)
func init() {
@ -27,14 +27,14 @@ func init() {
n := len(testdata.PEMBytes)
testPrivateKeys = make(map[string]interface{}, n)
testSigners = make(map[string]xssh.Signer, n)
testPublicKeys = make(map[string]xssh.PublicKey, n)
testSigners = make(map[string]ssh.Signer, n)
testPublicKeys = make(map[string]ssh.PublicKey, n)
for t, k := range testdata.PEMBytes {
testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k)
testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
if err != nil {
panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
}
testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t])
testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
if err != nil {
panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
}
@ -42,22 +42,22 @@ func init() {
}
// Create a cert and sign it for use in tests.
testCert := &xssh.Certificate{
testCert := &ssh.Certificate{
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
ValidAfter: 0, // unix epoch
ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time.
ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time.
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
Key: testPublicKeys["ecdsa"],
SignatureKey: testPublicKeys["rsa"],
Permissions: xssh.Permissions{
Permissions: ssh.Permissions{
CriticalOptions: map[string]string{},
Extensions: map[string]string{},
},
}
testCert.SignCert(rand.Reader, testSigners["rsa"])
testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"])
testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
if err != nil {
panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
}

4
lib/ssh/testdata/doc.go vendored
View File

@ -3,6 +3,6 @@
// license that can be found in the LICENSE file.
// This package contains test data shared between the various subpackages of
// the github.com/zmap/zgrab/ztools/xssh package. Under no circumstance should
// the github.com/zmap/zgrab2/lib package. Under no circumstance should
// this data be used for production code.
package testdata // import "github.com/zmap/zgrab/ztools/xssh/testdata"
package testdata // import "github.com/zmap/zgrab2/lib/testdata"

4
lib/ssh/testdata_test.go
View File

@ -6,13 +6,13 @@
// ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three
// instances.
package xssh
package ssh
import (
"crypto/rand"
"fmt"
"github.com/zmap/zgrab/ztools/xssh/testdata"
"github.com/zmap/zgrab2/lib/testdata"
)
var (

2
lib/ssh/transport.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bufio"

2
lib/ssh/transport_test.go
View File

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package xssh
package ssh
import (
"bytes"

130
tools/keys/dhe.go Normal file
View File

@ -0,0 +1,130 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"encoding/json"
"math/big"
)
// DHParams can be used to store finite-field Diffie-Hellman parameters. At any
// point in time, it is unlikely that both OurPrivate and TheirPrivate will be
// non-nil.
type DHParams struct {
Prime *big.Int
Generator *big.Int
ServerPublic *big.Int
ServerPrivate *big.Int
ClientPublic *big.Int
ClientPrivate *big.Int
SessionKey *big.Int
}
type auxDHParams struct {
Prime *cryptoParameter `json:"prime"`
Generator *cryptoParameter `json:"generator"`
ServerPublic *cryptoParameter `json:"server_public,omitempty"`
ServerPrivate *cryptoParameter `json:"server_private,omitempty"`
ClientPublic *cryptoParameter `json:"client_public,omitempty"`
ClientPrivate *cryptoParameter `json:"client_private,omitempty"`
SessionKey *cryptoParameter `json:"session_key,omitempty"`
}
// MarshalJSON implements the json.Marshal interface
func (p *DHParams) MarshalJSON() ([]byte, error) {
aux := auxDHParams{
Prime: &cryptoParameter{Int: p.Prime},
Generator: &cryptoParameter{Int: p.Generator},
}
if p.ServerPublic != nil {
aux.ServerPublic = &cryptoParameter{Int: p.ServerPublic}
}
if p.ServerPrivate != nil {
aux.ServerPrivate = &cryptoParameter{Int: p.ServerPrivate}
}
if p.ClientPublic != nil {
aux.ClientPublic = &cryptoParameter{Int: p.ClientPublic}
}
if p.ClientPrivate != nil {
aux.ClientPrivate = &cryptoParameter{Int: p.ClientPrivate}
}
if p.SessionKey != nil {
aux.SessionKey = &cryptoParameter{Int: p.SessionKey}
}
return json.Marshal(aux)
}
// UnmarshalJSON implement the json.Unmarshaler interface
func (p *DHParams) UnmarshalJSON(b []byte) error {
var aux auxDHParams
if err := json.Unmarshal(b, &aux); err != nil {
return err
}
if aux.Prime != nil {
p.Prime = aux.Prime.Int
}
if aux.Generator != nil {
p.Generator = aux.Generator.Int
}
if aux.ServerPublic != nil {
p.ServerPublic = aux.ServerPublic.Int
}
if aux.ServerPrivate != nil {
p.ServerPrivate = aux.ServerPrivate.Int
}
if aux.ClientPublic != nil {
p.ClientPublic = aux.ClientPublic.Int
}
if aux.ClientPrivate != nil {
p.ClientPrivate = aux.ClientPrivate.Int
}
if aux.SessionKey != nil {
p.SessionKey = aux.SessionKey.Int
}
return nil
}
// CryptoParameter represents a big.Int used a parameter in some cryptography.
// It serializes to json as a tupe of a base64-encoded number and a length in
// bits.
type cryptoParameter struct {
*big.Int
}
type auxCryptoParameter struct {
Raw []byte `json:"value"`
Length int `json:"length"`
}
// MarshalJSON implements the json.Marshaler interface
func (p *cryptoParameter) MarshalJSON() ([]byte, error) {
var aux auxCryptoParameter
if p.Int != nil {
aux.Raw = p.Bytes()
aux.Length = 8 * len(aux.Raw)
}
return json.Marshal(&aux)
}
// UnmarshalJSON implements the json.Unmarshal interface
func (p *cryptoParameter) UnmarshalJSON(b []byte) error {
var aux auxCryptoParameter
if err := json.Unmarshal(b, &aux); err != nil {
return err
}
p.Int = new(big.Int)
p.SetBytes(aux.Raw)
return nil
}

71
tools/keys/dhe_test.go Normal file
View File

@ -0,0 +1,71 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"encoding/json"
"math/big"
"testing"
. "gopkg.in/check.v1"
)
func TestDHE(t *testing.T) { TestingT(t) }
// from testdata/test1024dh.pem
var test1024Prime = []byte{0x00, 0xAE, 0x6A, 0xFA, 0xE1, 0x1D, 0x60, 0x76, 0x64, 0x56, 0x17, 0x01, 0x55, 0x14, 0xF0, 0x38, 0x71, 0xA0, 0x9E, 0xA2, 0x0C, 0x02, 0x03, 0x0E, 0x35, 0xC7, 0xD4, 0x2D, 0x32, 0x6A, 0x61, 0x24, 0x72, 0xDE, 0x64, 0x53, 0xB7, 0xEA, 0xB4, 0x89, 0x51, 0xF9, 0x2E, 0x24, 0x6D, 0x1B, 0x18, 0xC4, 0xAA, 0xB5, 0x5C, 0x0C, 0x90, 0xEC, 0xF9, 0xA0, 0x3D, 0xD8, 0x09, 0xEF, 0x85, 0x6E, 0x74, 0xC3, 0xC2, 0x13, 0x42, 0x17, 0xAA, 0x68, 0x79, 0xFD, 0x9C, 0xB5, 0xED, 0x6E, 0x3A, 0x31, 0xE7, 0x86, 0xCA, 0x08, 0xBC, 0xE6, 0xE7, 0x65, 0xCB, 0xB2, 0x08, 0xEA, 0x8C, 0x21, 0x3C, 0xE6, 0x0E, 0x66, 0xDD, 0x5E, 0x7D, 0x04, 0x57, 0xD8, 0xE4, 0xB3, 0x0B, 0xEF, 0x40, 0x71, 0x0C, 0xA1, 0xE2, 0x12, 0x75, 0x80, 0x92, 0x85, 0x22, 0x6E, 0xCF, 0x37, 0x43, 0x48, 0x27, 0x4C, 0x21, 0x22, 0xE6, 0xC7, 0xE3}
var testGenerator = []byte{0x02}
type DHESuite struct {
prime1024 *cryptoParameter
generator *cryptoParameter
param1024 *DHParams
}
var _ = Suite(&DHESuite{})
func (s *DHESuite) SetUpTest(c *C) {
s.prime1024 = new(cryptoParameter)
s.prime1024.Int = new(big.Int)
s.prime1024.SetBytes(test1024Prime)
s.generator = new(cryptoParameter)
s.generator.Int = new(big.Int)
s.generator.SetBytes(testGenerator)
s.param1024 = new(DHParams)
s.param1024.Prime = s.prime1024.Int
s.param1024.Generator = s.generator.Int
}
func (s *DHESuite) TestEncodeDecodeCryptoParameter(c *C) {
b, err := json.Marshal(s.prime1024)
c.Assert(err, IsNil)
c.Assert(b, NotNil)
var dec cryptoParameter
err = json.Unmarshal(b, &dec)
c.Assert(err, IsNil)
cmp := dec.Cmp(s.prime1024.Int)
c.Check(cmp, Equals, 0)
}
func (s *DHESuite) TestEncodeDecodeDHParams(c *C) {
b, err := json.Marshal(s.param1024)
c.Assert(err, IsNil)
c.Assert(b, NotNil)
var dec DHParams
err = json.Unmarshal(b, &dec)
c.Assert(err, IsNil)
c.Check(dec.Prime.Cmp(s.param1024.Prime), Equals, 0)
c.Check(dec.Generator.Cmp(s.param1024.Generator), Equals, 0)
}

106
tools/keys/ecdhe.go Normal file
View File

@ -0,0 +1,106 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"crypto/elliptic"
"encoding/json"
"math/big"
)
// TLSCurveID is the type of a TLS identifier for an elliptic curve. See
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
type TLSCurveID uint16
type ECDHPrivateParams struct {
Value []byte `json:"value,omitempty"`
Length int `json:"length,omitempty"`
}
// ECDHParams stores elliptic-curve Diffie-Hellman paramters.At any point in
// time, it is unlikely that both ServerPrivate and ClientPrivate will be non-nil.
type ECDHParams struct {
TLSCurveID TLSCurveID `json:"curve_id,omitempty"`
Curve elliptic.Curve `json:"-"`
ServerPublic *ECPoint `json:"server_public,omitempty"`
ServerPrivate *ECDHPrivateParams `json:"server_private,omitempty"`
ClientPublic *ECPoint `json:"client_public,omitempty"`
ClientPrivate *ECDHPrivateParams `json:"client_private,omitempty"`
}
// ECPoint represents an elliptic curve point and serializes nicely to JSON
type ECPoint struct {
X *big.Int
Y *big.Int
}
// MarshalJSON implements the json.Marshler interface
func (p *ECPoint) MarshalJSON() ([]byte, error) {
aux := struct {
X *cryptoParameter `json:"x"`
Y *cryptoParameter `json:"y"`
}{
X: &cryptoParameter{Int: p.X},
Y: &cryptoParameter{Int: p.Y},
}
return json.Marshal(&aux)
}
// UnmarshalJSON implements the json.Unmarshler interface
func (p *ECPoint) UnmarshalJSON(b []byte) error {
aux := struct {
X *cryptoParameter `json:"x"`
Y *cryptoParameter `json:"y"`
}{}
if err := json.Unmarshal(b, &aux); err != nil {
return err
}
p.X = aux.X.Int
p.Y = aux.Y.Int
return nil
}
// Description returns the description field for the given ID. See
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
func (c *TLSCurveID) Description() string {
if desc, ok := ecIDToName[*c]; ok {
return desc
}
return "unknown"
}
// MarshalJSON implements the json.Marshaler interface
func (c *TLSCurveID) MarshalJSON() ([]byte, error) {
aux := struct {
Name string `json:"name"`
ID uint16 `json:"id"`
}{
Name: c.Description(),
ID: uint16(*c),
}
return json.Marshal(&aux)
}
//UnmarshalJSON implements the json.Unmarshaler interface
func (c *TLSCurveID) UnmarshalJSON(b []byte) error {
aux := struct {
ID uint16 `json:"id"`
}{}
if err := json.Unmarshal(b, &aux); err != nil {
return err
}
*c = TLSCurveID(aux.ID)
return nil
}

80
tools/keys/ecdhe_test.go Normal file
View File

@ -0,0 +1,80 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"crypto/rand"
"encoding/json"
"math/big"
"testing"
. "gopkg.in/check.v1"
)
func TestECDHE(t *testing.T) { TestingT(t) }
type ECDHESuite struct{}
var _ = Suite(&ECDHESuite{})
func (s *ECDHESuite) TestEncodeDecodeCurveID(c *C) {
for curve := range ecIDToName {
out, errEnc := json.Marshal(&curve)
c.Assert(errEnc, IsNil)
var back TLSCurveID
errDec := json.Unmarshal(out, &back)
c.Assert(errDec, IsNil)
c.Check(back, Equals, curve)
}
}
func (s *ECDHESuite) TestEncodeDecodeECPoint(c *C) {
max := new(big.Int)
max.Exp(big.NewInt(2), big.NewInt(255), nil)
max.Sub(max, big.NewInt(19))
x, errX := rand.Int(rand.Reader, max)
y, errY := rand.Int(rand.Reader, max)
c.Assert(errX, IsNil)
c.Assert(errY, IsNil)
p := ECPoint{
X: x,
Y: y,
}
out, errEnc := json.Marshal(&p)
c.Assert(errEnc, IsNil)
c.Check(len(out), Not(Equals), 0)
var back ECPoint
errDec := json.Unmarshal(out, &back)
c.Assert(errDec, IsNil)
}
func (s *ECDHESuite) TestCurveIDDescription(c *C) {
for curve, name := range ecIDToName {
c.Check(curve.Description(), Equals, name)
}
unk := TLSCurveID(6500)
c.Check(unk.Description(), Equals, "unknown")
}
func (s *ECDHESuite) TestEncodeDecodeECParam(c *C) {
ecp := new(ECDHParams)
out, errEnc := json.Marshal(&ecp)
c.Assert(errEnc, IsNil)
c.Check(len(out), Not(Equals), 0)
back := new(ECDHParams)
errDec := json.Unmarshal(out, back)
c.Assert(errDec, IsNil)
c.Check(back, DeepEquals, ecp)
}

113
tools/keys/names.go Normal file
View File

@ -0,0 +1,113 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
// IANA-assigned curve ID values, see
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
const (
Sect163k1 TLSCurveID = 1
Sect163r1 TLSCurveID = 2
Sect163r2 TLSCurveID = 3
Sect193r1 TLSCurveID = 4
Sect193r2 TLSCurveID = 5
Sect233k1 TLSCurveID = 6
Sect233r1 TLSCurveID = 7
Sect239k1 TLSCurveID = 8
Sect283k1 TLSCurveID = 9
Sect283r1 TLSCurveID = 10
Sect409k1 TLSCurveID = 11
Sect409r1 TLSCurveID = 12
Sect571k1 TLSCurveID = 13
Sect571r1 TLSCurveID = 14
Secp160k1 TLSCurveID = 15
Secp160r1 TLSCurveID = 16
Secp160r2 TLSCurveID = 17
Secp192k1 TLSCurveID = 18
Secp192r1 TLSCurveID = 19
Secp224k1 TLSCurveID = 20
Secp224r1 TLSCurveID = 21
Secp256k1 TLSCurveID = 22
Secp256r1 TLSCurveID = 23
Secp384r1 TLSCurveID = 24
Secp521r1 TLSCurveID = 25
BrainpoolP256r1 TLSCurveID = 26
BrainpoolP384r1 TLSCurveID = 27
BrainpoolP512r1 TLSCurveID = 28
)
var ecIDToName map[TLSCurveID]string
var ecNameToID map[string]TLSCurveID
func init() {
ecIDToName = make(map[TLSCurveID]string, 64)
ecIDToName[Sect163k1] = "sect163k1"
ecIDToName[Sect163r1] = "sect163r1"
ecIDToName[Sect163r2] = "sect163r2"
ecIDToName[Sect193r1] = "sect193r1"
ecIDToName[Sect193r2] = "sect193r2"
ecIDToName[Sect233k1] = "sect233k1"
ecIDToName[Sect233r1] = "sect233r1"
ecIDToName[Sect239k1] = "sect239k1"
ecIDToName[Sect283k1] = "sect283k1"
ecIDToName[Sect283r1] = "sect283r1"
ecIDToName[Sect409k1] = "sect409k1"
ecIDToName[Sect409r1] = "sect409r1"
ecIDToName[Sect571k1] = "sect571k1"
ecIDToName[Sect571r1] = "sect571r1"
ecIDToName[Secp160k1] = "secp160k1"
ecIDToName[Secp160r1] = "secp160r1"
ecIDToName[Secp160r2] = "secp160r2"
ecIDToName[Secp192k1] = "secp192k1"
ecIDToName[Secp192r1] = "secp192r1"
ecIDToName[Secp224k1] = "secp224k1"
ecIDToName[Secp224r1] = "secp224r1"
ecIDToName[Secp256k1] = "secp256k1"
ecIDToName[Secp256r1] = "secp256r1"
ecIDToName[Secp384r1] = "secp384r1"
ecIDToName[Secp521r1] = "secp521r1"
ecIDToName[BrainpoolP256r1] = "brainpoolp256r1"
ecIDToName[BrainpoolP384r1] = "brainpoolp384r1"
ecIDToName[BrainpoolP512r1] = "brainpoolp512r1"
ecNameToID = make(map[string]TLSCurveID, 64)
ecNameToID["sect163k1"] = Sect163k1
ecNameToID["sect163r1"] = Sect163r1
ecNameToID["sect163r2"] = Sect163r2
ecNameToID["sect193r1"] = Sect193r1
ecNameToID["sect193r2"] = Sect193r2
ecNameToID["sect233k1"] = Sect233k1
ecNameToID["sect233r1"] = Sect233r1
ecNameToID["sect239k1"] = Sect239k1
ecNameToID["sect283k1"] = Sect283k1
ecNameToID["sect283r1"] = Sect283r1
ecNameToID["sect409k1"] = Sect409k1
ecNameToID["sect409r1"] = Sect409r1
ecNameToID["sect571k1"] = Sect571k1
ecNameToID["sect571r1"] = Sect571r1
ecNameToID["secp160k1"] = Secp160k1
ecNameToID["secp160r1"] = Secp160r1
ecNameToID["secp160r2"] = Secp160r2
ecNameToID["secp192k1"] = Secp192k1
ecNameToID["secp192r1"] = Secp192r1
ecNameToID["secp224k1"] = Secp224k1
ecNameToID["secp224r1"] = Secp224r1
ecNameToID["secp256k1"] = Secp256k1
ecNameToID["secp256r1"] = Secp256r1
ecNameToID["secp384r1"] = Secp384r1
ecNameToID["secp521r1"] = Secp521r1
ecNameToID["brainpoolp256r1"] = BrainpoolP256r1
ecNameToID["brainpoolp384r1"] = BrainpoolP384r1
ecNameToID["brainpoolp512r1"] = BrainpoolP512r1
}

65
tools/keys/rsa.go Normal file
View File

@ -0,0 +1,65 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"crypto/rsa"
"encoding/json"
"fmt"
"math/big"
)
type RSAPublicKey struct {
*rsa.PublicKey
}
type auxRSAPublicKey struct {
Exponent int `json:"exponent"`
Modulus []byte `json:"modulus"`
Length int `json:"length"`
}
type RSAClientParams struct {
Length uint16 `json:"length,omitempty"`
EncryptedPMS []byte `json:"encrypted_pre_master_secret,omitempty"`
}
// MarshalJSON implements the json.Marshal interface
func (rp *RSAPublicKey) MarshalJSON() ([]byte, error) {
var aux auxRSAPublicKey
if rp.PublicKey != nil {
aux.Exponent = rp.E
aux.Modulus = rp.N.Bytes()
aux.Length = len(aux.Modulus) * 8
}
return json.Marshal(&aux)
}
// UnmarshalJSON implements the json.Unmarshal interface
func (rp *RSAPublicKey) UnmarshalJSON(b []byte) error {
var aux auxRSAPublicKey
if err := json.Unmarshal(b, &aux); err != nil {
return err
}
if rp.PublicKey == nil {
rp.PublicKey = new(rsa.PublicKey)
}
rp.E = aux.Exponent
rp.N = big.NewInt(0).SetBytes(aux.Modulus)
if len(aux.Modulus)*8 != aux.Length {
return fmt.Errorf("mismatched length (got %d, field specified %d)", len(aux.Modulus), aux.Length)
}
return nil
}

51
tools/keys/rsa_test.go Normal file
View File

@ -0,0 +1,51 @@
/*
* ZGrab Copyright 2015 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package keys
import (
"crypto/rsa"
"encoding/json"
"math/big"
"testing"
. "gopkg.in/check.v1"
)
func TestRSA(t *testing.T) { TestingT(t) }
var test4096Modulus = []byte{0xD4, 0x0C, 0xE0, 0x39, 0x57, 0xAA, 0x36, 0x31, 0x89, 0x38, 0xD0, 0xDE, 0x36, 0xFF, 0xDF, 0x03, 0xD7, 0x98, 0xA5, 0xD9, 0x21, 0x98, 0xA4, 0x94, 0xBE, 0x2B, 0x22, 0x5B, 0x9A, 0xFF, 0x94, 0x75, 0xEA, 0x7E, 0x2E, 0x13, 0x59, 0x83, 0x2E, 0x34, 0x2E, 0xF0, 0x3B, 0x14, 0x83, 0x8F, 0xAB, 0x84, 0x51, 0x74, 0xA6, 0x0F, 0xE9, 0x69, 0x21, 0x8A, 0xEC, 0x8D, 0x1F, 0xCF, 0x73, 0x88, 0xAA, 0x75, 0xF4, 0x8D, 0x56, 0xD2, 0xEA, 0xBE, 0x49, 0xB2, 0xE6, 0x16, 0xC1, 0x4D, 0x9A, 0x2D, 0x78, 0x59, 0xFA, 0xE9, 0x32, 0xF3, 0x59, 0xA7, 0x95, 0xFB, 0x44, 0x3D, 0x88, 0xC7, 0xCE, 0x08, 0xE9, 0xE4, 0xAD, 0x93, 0x3F, 0x44, 0x49, 0xEF, 0x06, 0x0A, 0x16, 0xC9, 0xF9, 0x5B, 0xEB, 0x1F, 0x74, 0xCB, 0x68, 0x33, 0xCC, 0xB1, 0x2A, 0x8C, 0xA6, 0x18, 0x43, 0xC9, 0x9A, 0xD2, 0x36, 0x7E, 0x9F, 0x45, 0x04, 0xE6, 0xED, 0x7E, 0x02, 0x48, 0x7A, 0x8C, 0xEE, 0x84, 0x14, 0x08, 0xEC, 0x3C, 0x49, 0xFC, 0xE9, 0x68, 0xFE, 0xE5, 0x41, 0x4D, 0x6D, 0x1B, 0xCF, 0xE6, 0x1D, 0xC9, 0xCA, 0x4B, 0x09, 0xE3, 0xB5, 0x73, 0x2B, 0xF4, 0xA5, 0xEF, 0x05, 0x2B, 0x29, 0x49, 0xC8, 0xE6, 0xE7, 0x0C, 0xBA, 0xE4, 0x4F, 0xE9, 0x0F, 0xAA, 0x52, 0xFB, 0xA5, 0x01, 0x85, 0x8B, 0x03, 0x22, 0x17, 0xCF, 0xD5, 0x0F, 0x52, 0xE9, 0xFE, 0xAE, 0x89, 0x28, 0x8F, 0x13, 0x34, 0x5F, 0x3E, 0xD2, 0xFC, 0x3E, 0x27, 0x86, 0x37, 0xD2, 0x15, 0xFE, 0x36, 0x9C, 0xF6, 0x18, 0x8F, 0x09, 0xC4, 0x1F, 0x93, 0x57, 0xCE, 0x73, 0x70, 0xFA, 0xF6, 0x05, 0x8C, 0xA8, 0x70, 0xE0, 0x08, 0xF4, 0xFD, 0xA7, 0xFA, 0x08, 0x80, 0x46, 0xD7, 0xF7, 0x6B, 0xF6, 0x3B, 0xDF, 0xA4, 0x3E, 0xAC, 0xD1, 0x8D, 0x5D, 0xA9, 0x85, 0xFE, 0xC6, 0x41, 0x57, 0x25, 0x48, 0xDF, 0x26, 0xD5, 0x4C, 0xEF, 0xB2, 0xB8, 0x1A, 0xAA, 0x4E, 0x9F, 0x12, 0x80, 0xFC, 0x1D, 0x0E, 0x45, 0x65, 0xBF, 0x77, 0x9F, 0x8E, 0x1E, 0x9D, 0xBD, 0x8F, 0xA8, 0x6F, 0xD6, 0x22, 0x70, 0x87, 0x3D, 0x92, 0xF8, 0x85, 0x75, 0x8C, 0xFA, 0xE6, 0x39, 0x56, 0x3B, 0x51, 0x4D, 0xAE, 0x69, 0x44, 0x19, 0x5E, 0xA5, 0x36, 0xD5, 0x60, 0x61, 0xE4, 0x8B, 0x2F, 0xAF, 0xB2, 0x55, 0xC1, 0x59, 0xF0, 0x32, 0xA6, 0xCC, 0x92, 0x19, 0x25, 0xED, 0x91, 0x15, 0x4F, 0x43, 0x7F, 0xB7, 0x0E, 0x3C, 0x42, 0x31, 0xCA, 0x5E, 0xCA, 0xC0, 0x5C, 0xDE, 0xB8, 0x95, 0x5C, 0x08, 0xDF, 0x15, 0xE3, 0x05, 0x3A, 0xBC, 0xA9, 0x57, 0xF1, 0x6F, 0xA6, 0xBB, 0xA6, 0x14, 0x43, 0xDE, 0x62, 0xD4, 0x91, 0xAC, 0x73, 0x7A, 0x4D, 0x09, 0xBC, 0xF6, 0xD0, 0xB7, 0xA9, 0xEE, 0x6E, 0x00, 0xE4, 0x9A, 0x14, 0x39, 0x30, 0xBE, 0xBC, 0x33, 0x66, 0x4A, 0xD3, 0x3F, 0xC8, 0x12, 0x73, 0x75, 0x62, 0x75, 0x0E, 0xDA, 0xEB, 0x77, 0xBA, 0x6D, 0x4F, 0x2F, 0x44, 0x58, 0xD8, 0x89, 0xE2, 0xDF, 0xE4, 0x89, 0x6B, 0xC0, 0x4F, 0xF0, 0xB3, 0xEE, 0x44, 0x65, 0xCF, 0xA4, 0xA6, 0x1A, 0x0F, 0x1A, 0x08, 0xC3, 0xF5, 0xB0, 0x23, 0x10, 0x3B, 0xF2, 0xC2, 0x82, 0x2B, 0x73, 0xA7, 0x18, 0x31, 0x92, 0x86, 0x59, 0x36, 0x65, 0xF8, 0xF1, 0xD0, 0x29, 0x8F, 0x6B, 0x05, 0x3F, 0xCD, 0x56, 0x30, 0xD2, 0x08, 0x12, 0x49, 0x4D, 0x20, 0xC3, 0xB5, 0x8C, 0x48, 0x5C, 0x02, 0xAE, 0x0C, 0x09, 0x47, 0xBD, 0xE5, 0xE9, 0xE7, 0x0C, 0x27, 0xC7, 0x15, 0xCE, 0xC7, 0x3F, 0x87, 0x22, 0x20, 0xE8, 0x6D, 0x8D, 0x8A, 0x6E, 0x73, 0xF1, 0x04, 0x9F, 0x55, 0xA2, 0xF6, 0xB6, 0x10, 0x42, 0x3E, 0xE2, 0x70, 0x98, 0x7F}
type RSASuite struct {
pk4096 *RSAPublicKey
}
var _ = Suite(&RSASuite{})
func (s *RSASuite) SetUpTest(c *C) {
s.pk4096 = new(RSAPublicKey)
s.pk4096.PublicKey = new(rsa.PublicKey)
s.pk4096.E = 65537
s.pk4096.N = big.NewInt(0).SetBytes(test4096Modulus)
}
func (s *RSASuite) TestEncodeDecode(c *C) {
b, err := json.Marshal(s.pk4096)
c.Assert(err, IsNil)
c.Assert(b, NotNil)
var dec RSAPublicKey
err = json.Unmarshal(b, &dec)
c.Assert(err, IsNil)
c.Check(&dec, DeepEquals, s.pk4096)
}

5
tools/keys/testdata/test1024dh.pem vendored Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAK5q+uEdYHZkVhcBVRTwOHGgnqIMAgMONcfULTJqYSRy3mRTt+q0iVH5
LiRtGxjEqrVcDJDs+aA92AnvhW50w8ITQheqaHn9nLXtbjox54bKCLzm52XLsgjq
jCE85g5m3V59BFfY5LML70BxDKHiEnWAkoUibs83Q0gnTCEi5sfjAgEC
-----END DH PARAMETERS-----

51
tools/keys/testdata/test4096.pem vendored Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA1AzgOVeqNjGJONDeNv/fA9eYpdkhmKSUvisiW5r/lHXqfi4T
WYMuNC7wOxSDj6uEUXSmD+lpIYrsjR/Pc4iqdfSNVtLqvkmy5hbBTZoteFn66TLz
WaeV+0Q9iMfOCOnkrZM/REnvBgoWyflb6x90y2gzzLEqjKYYQ8ma0jZ+n0UE5u1+
Akh6jO6EFAjsPEn86Wj+5UFNbRvP5h3JyksJ47VzK/Sl7wUrKUnI5ucMuuRP6Q+q
UvulAYWLAyIXz9UPUun+rokojxM0Xz7S/D4nhjfSFf42nPYYjwnEH5NXznNw+vYF
jKhw4Aj0/af6CIBG1/dr9jvfpD6s0Y1dqYX+xkFXJUjfJtVM77K4GqpOnxKA/B0O
RWW/d5+OHp29j6hv1iJwhz2S+IV1jPrmOVY7UU2uaUQZXqU21WBh5Isvr7JVwVnw
MqbMkhkl7ZEVT0N/tw48QjHKXsrAXN64lVwI3xXjBTq8qVfxb6a7phRD3mLUkaxz
ek0JvPbQt6nubgDkmhQ5ML68M2ZK0z/IEnN1YnUO2ut3um1PL0RY2Ini3+SJa8BP
8LPuRGXPpKYaDxoIw/WwIxA78sKCK3OnGDGShlk2Zfjx0CmPawU/zVYw0ggSSU0g
w7WMSFwCrgwJR73l6ecMJ8cVzsc/hyIg6G2Nim5z8QSfVaL2thBCPuJwmH8CAwEA
AQKCAgEAjsoY1yQ8HwAeWh7z8+862ph8VvmukN4Ktz/OhAcMoYkBnXQjXXxjSYpu
BCqdKMqjcEJvbHmNbKPjBGjuRes6dfF2l4exwO9Zw2yBQGNYyRk2R4AitDWQXkGm
eguppwDxFxz3VmG+zb9PdzQt/FcTS8FgWC7Y6xsRbdw9H97IRzGvyl0UJC9wLqSS
VfdoNHTSFM66DeB6ZcV7qoZWkp0TDL3rzyaP8jL1zHi+CxZ80QDa+qKs2/JOO4cU
g8iaZj4fcoLVF+yOXkHdW2Gvq2GjNdMy6dJkLi/de7xkz6plT0UXSDcQp5XpZEND
zecmDEFs8xLOJWJOB4iY0QczkesEEny0MyXs2YgALDrFkttqR4V05TB/0UPt9vmX
Nm8pCZGfozWmCaPVB7HgWTbyyGa7Hokyq+2H6wtDy3quD3aPzy4A1W2BKlCDCUFG
oW/k4pK40JN4F2MWXFpYYn8QW7m7NQhLjrNgzIJ/op/4rdX8MI1vxuYAU/Kbfs+W
0I/4WnJBbtYN6RSveN7bEt5z4A5ZhWbURLTW/tum7BhjPisJ9ir47jOeLCv1pL+l
tO4iwcLy1IqFFRwSBXpRe0wxWDwTA2ZlV6iQrWKnBMKDs6Segnv51ELsvSjRZNZ9
nY28ippWzCt7zkFrIKvyhHNOCARknAls1fJsFNC3VaCWNLUz16ECggEBAOqhOWq3
ffSokFS5caMTx5EDWmu1FzE8cKoJDVevwdHAv3riiItp8zmtbzNjjnVE2Qt0GEP1
woQD4E/JDFmoFaZX7ggEko7Lfsabv+x6ITyL0N5a0JlyOpFt61khpHGR3BN7SsaP
80KbUMoLF/oMBdrkQfc7N/yGLY+4K3tYAtqj/tn+HXw64+vKOitHkkNx2lETPvWF
v+0R7wIBbWOpJJZJJJAsOFMw/+iCDaHURkCtK8Zp/EVlq0z886sOSxorYLrgJ+1i
Dacjxpe2X3i2OeL95LsFQ8qwDWRLcs0KoGeg10G0+00jfMyuZMWCmuFuidSfT+t3
/KamPMy7IhNBDg8CggEBAOddLJCLZ1hxt7ch+Pn5Vpr1yzIsyZh4xwwVkWniJ120
aimq7CDDJ1ScRcNnRIw22MLE29yQIUbk8TvFJS33YwU+tkLjBg7pgfqR0duhue+R
J4Jq/W5KBnv+Uc4/Mp3RXjzGvdGW8amrsGdFi/sx2bGAFcIRRXtwJdxGxi/BCRHk
UbK2GyDPap/4gpwvzp7QSzYotUxo10ekG8INaEU7Cp25FjshTW54nY4SJQYefWL/
lViSqXIDQZelunrg24n/nAqulwUjVFeqWQZIo0ukogba54oRPkDxTR6OVy5kWPMx
mKI4Qx8u6/yaGaHoTx9rhQkWRS5rb/PcjtIHM2PQPpECggEAVtMqqC8W0T6/ilrF
jo93PlZ7U3hECNhQ6NtIsLY9hx1IvnSuCsk+VI21pNKmmQbNOsvPXvbG8Ituqpe/
lj35JQFM+HKYuXbchyqDr0LSodErjd0VbHM08TQ371ffvpc3VY4+cZQ7dN582weX
69QfJo1pS9ACO9R7b7+7d31uMPKXEJxU1PAF/+9p7zIhEgxDudTha4H/L/9+7sMQ
c9zXyTVv7louzbpIOQZHfSdMiAqNNHNsA1JIPcktcpNrf1emCAGDRPkQDFXU27eF
ROpKKZHC3uJn382eZwr0hKP2D+MZRRtwE2+aczPl3qEiJ2H8Z049COnx+Mlznl9x
kKZ2SQKCAQAm6D9PS3IkqHL5pAfnmaubwYvbMzbvohfvC0153eM62dUkjq7Iz6i0
jNcahio73hlTn6FNlRtTfbqnj36yHTEUt7gUxXLGXTRTe+QrqCXJiMJ5Jx7ZRi+S
+HCvW2darNPJKq7PKTAYlVvD8ikZJAf01pJSIW9q07A6O9imPTMWRCwM/pzPRrIq
lrL4Kv33LRYI1I2wfMz/KjTUzEZlpgkh/vcjGHWaB0SPmLOLNONnG4306C0AlFWa
d+9FLL0eltKZ5URWQ9uyJl50NRDo7pWky3k2ebHbX/jVE6DLl2px8zw0w3teKhjb
UNrQpG1x3jXwEkOuC7k27DdEUJuuxF1RAoIBAQDDObyAVl7JQvCvEKjsayPfHmyQ
/Jav29/SrIEWH3DZu4/aXa5bwaSe4thWlMHp1aidpia18D2y9gABimPNBKZADTMs
GSyXwm5kO4oCAH1MuV6LaFjTNH6P5y8v1Ul17cphIgcWjaKoz4DTQzYaD6I6EZxE
tADHJlMYezlr64shcmjyP/He+x7J1cwF3j+c2ffXmn4EzcU9NDvgYs0YMRsRuoD/
uEK1DukCPPb3CRS4flgdIsTWvjQeLXbgYlB+v94L9OKJm4MEpApBXIy6+26JxeBf
KOc8qq/4qn1Xi9WiJif6chcn2Vglj585f/ugAO3ZshsGNXeFoqa0awl64ZJY
-----END RSA PRIVATE KEY-----