sed name changes
This commit is contained in:
parent
677f2064b1
commit
f99445c05b
|
@ -9,7 +9,7 @@
|
|||
//
|
||||
// References:
|
||||
// [PROTOCOL.agent]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
|
||||
package agent // import "github.com/zmap/zgrab/ztools/xssh/agent"
|
||||
package agent // import "github.com/zmap/zgrab2/lib/agent"
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -25,7 +25,7 @@ import (
|
|||
"math/big"
|
||||
"sync"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
)
|
||||
|
||||
|
@ -36,13 +36,13 @@ type Agent interface {
|
|||
|
||||
// Sign has the agent sign the data using a protocol 2 key as defined
|
||||
// in [PROTOCOL.agent] section 2.6.2.
|
||||
Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
|
||||
Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
|
||||
|
||||
// Add adds a private key to the agent.
|
||||
Add(key AddedKey) error
|
||||
|
||||
// Remove removes all identities with the given public key.
|
||||
Remove(key xssh.PublicKey) error
|
||||
Remove(key ssh.PublicKey) error
|
||||
|
||||
// RemoveAll removes all identities.
|
||||
RemoveAll() error
|
||||
|
@ -54,7 +54,7 @@ type Agent interface {
|
|||
Unlock(passphrase []byte) error
|
||||
|
||||
// Signers returns signers for all the known keys.
|
||||
Signers() ([]xssh.Signer, error)
|
||||
Signers() ([]ssh.Signer, error)
|
||||
}
|
||||
|
||||
// AddedKey describes an SSH key to be added to an Agent.
|
||||
|
@ -64,7 +64,7 @@ type AddedKey struct {
|
|||
PrivateKey interface{}
|
||||
// Certificate, if not nil, is communicated to the agent and will be
|
||||
// stored with the key.
|
||||
Certificate *xssh.Certificate
|
||||
Certificate *ssh.Certificate
|
||||
// Comment is an optional, free-form string.
|
||||
Comment string
|
||||
// LifetimeSecs, if not zero, is the number of seconds that the
|
||||
|
@ -103,7 +103,7 @@ const (
|
|||
const maxAgentResponseBytes = 16 << 20
|
||||
|
||||
// Agent messages:
|
||||
// These structures mirror the wire format of the corresponding xssh agent
|
||||
// These structures mirror the wire format of the corresponding ssh agent
|
||||
// messages found in [PROTOCOL.agent].
|
||||
|
||||
// 3.4 Generic replies from agent to client
|
||||
|
@ -190,8 +190,8 @@ func (k *Key) Marshal() []byte {
|
|||
}
|
||||
|
||||
// Verify satisfies the ssh.PublicKey interface.
|
||||
func (k *Key) Verify(data []byte, sig *xssh.Signature) error {
|
||||
pubKey, err := xssh.ParsePublicKey(k.Blob)
|
||||
func (k *Key) Verify(data []byte, sig *ssh.Signature) error {
|
||||
pubKey, err := ssh.ParsePublicKey(k.Blob)
|
||||
if err != nil {
|
||||
return fmt.Errorf("agent: bad public key: %v", err)
|
||||
}
|
||||
|
@ -210,12 +210,12 @@ func parseKey(in []byte) (out *Key, rest []byte, err error) {
|
|||
Rest []byte `ssh:"rest"`
|
||||
}
|
||||
|
||||
if err := xssh.Unmarshal(in, &record); err != nil {
|
||||
if err := ssh.Unmarshal(in, &record); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
var wk wireKey
|
||||
if err := xssh.Unmarshal(record.Blob, &wk); err != nil {
|
||||
if err := ssh.Unmarshal(record.Blob, &wk); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
|
@ -289,22 +289,22 @@ func (c *client) RemoveAll() error {
|
|||
return c.simpleCall([]byte{agentRemoveAllIdentities})
|
||||
}
|
||||
|
||||
func (c *client) Remove(key xssh.PublicKey) error {
|
||||
req := xssh.Marshal(&agentRemoveIdentityMsg{
|
||||
func (c *client) Remove(key ssh.PublicKey) error {
|
||||
req := ssh.Marshal(&agentRemoveIdentityMsg{
|
||||
KeyBlob: key.Marshal(),
|
||||
})
|
||||
return c.simpleCall(req)
|
||||
}
|
||||
|
||||
func (c *client) Lock(passphrase []byte) error {
|
||||
req := xssh.Marshal(&agentLockMsg{
|
||||
req := ssh.Marshal(&agentLockMsg{
|
||||
Passphrase: passphrase,
|
||||
})
|
||||
return c.simpleCall(req)
|
||||
}
|
||||
|
||||
func (c *client) Unlock(passphrase []byte) error {
|
||||
req := xssh.Marshal(&agentUnlockMsg{
|
||||
req := ssh.Marshal(&agentUnlockMsg{
|
||||
Passphrase: passphrase,
|
||||
})
|
||||
return c.simpleCall(req)
|
||||
|
@ -344,8 +344,8 @@ func (c *client) List() ([]*Key, error) {
|
|||
|
||||
// Sign has the agent sign the data using a protocol 2 key as defined
|
||||
// in [PROTOCOL.agent] section 2.6.2.
|
||||
func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) {
|
||||
req := xssh.Marshal(signRequestAgentMsg{
|
||||
func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
|
||||
req := ssh.Marshal(signRequestAgentMsg{
|
||||
KeyBlob: key.Marshal(),
|
||||
Data: data,
|
||||
})
|
||||
|
@ -357,8 +357,8 @@ func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
|
|||
|
||||
switch msg := msg.(type) {
|
||||
case *signResponseAgentMsg:
|
||||
var sig xssh.Signature
|
||||
if err := xssh.Unmarshal(msg.SigBlob, &sig); err != nil {
|
||||
var sig ssh.Signature
|
||||
if err := ssh.Unmarshal(msg.SigBlob, &sig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -390,7 +390,7 @@ func unmarshal(packet []byte) (interface{}, error) {
|
|||
default:
|
||||
return nil, fmt.Errorf("agent: unknown type tag %d", packet[0])
|
||||
}
|
||||
if err := xssh.Unmarshal(packet, msg); err != nil {
|
||||
if err := ssh.Unmarshal(packet, msg); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return msg, nil
|
||||
|
@ -445,8 +445,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
|||
return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
|
||||
}
|
||||
k.Precompute()
|
||||
req = xssh.Marshal(rsaKeyMsg{
|
||||
Type: xssh.KeyAlgoRSA,
|
||||
req = ssh.Marshal(rsaKeyMsg{
|
||||
Type: ssh.KeyAlgoRSA,
|
||||
N: k.N,
|
||||
E: big.NewInt(int64(k.E)),
|
||||
D: k.D,
|
||||
|
@ -457,8 +457,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
|||
Constraints: constraints,
|
||||
})
|
||||
case *dsa.PrivateKey:
|
||||
req = xssh.Marshal(dsaKeyMsg{
|
||||
Type: xssh.KeyAlgoDSA,
|
||||
req = ssh.Marshal(dsaKeyMsg{
|
||||
Type: ssh.KeyAlgoDSA,
|
||||
P: k.P,
|
||||
Q: k.Q,
|
||||
G: k.G,
|
||||
|
@ -469,7 +469,7 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
|||
})
|
||||
case *ecdsa.PrivateKey:
|
||||
nistID := fmt.Sprintf("nistp%d", k.Params().BitSize)
|
||||
req = xssh.Marshal(ecdsaKeyMsg{
|
||||
req = ssh.Marshal(ecdsaKeyMsg{
|
||||
Type: "ecdsa-sha2-" + nistID,
|
||||
Curve: nistID,
|
||||
KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y),
|
||||
|
@ -478,8 +478,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
|||
Constraints: constraints,
|
||||
})
|
||||
case *ed25519.PrivateKey:
|
||||
req = xssh.Marshal(ed25519KeyMsg{
|
||||
Type: xssh.KeyAlgoED25519,
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(*k)[32:],
|
||||
Priv: []byte(*k),
|
||||
Comments: comment,
|
||||
|
@ -564,7 +564,7 @@ func (c *client) Add(key AddedKey) error {
|
|||
}
|
||||
}
|
||||
|
||||
func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment string, constraints []byte) error {
|
||||
func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
|
||||
var req []byte
|
||||
switch k := s.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
|
@ -572,7 +572,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
|
||||
}
|
||||
k.Precompute()
|
||||
req = xssh.Marshal(rsaCertMsg{
|
||||
req = ssh.Marshal(rsaCertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
D: k.D,
|
||||
|
@ -583,7 +583,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
Constraints: constraints,
|
||||
})
|
||||
case *dsa.PrivateKey:
|
||||
req = xssh.Marshal(dsaCertMsg{
|
||||
req = ssh.Marshal(dsaCertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
X: k.X,
|
||||
|
@ -591,7 +591,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
Constraints: constraints,
|
||||
})
|
||||
case *ecdsa.PrivateKey:
|
||||
req = xssh.Marshal(ecdsaCertMsg{
|
||||
req = ssh.Marshal(ecdsaCertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
D: k.D,
|
||||
|
@ -599,7 +599,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
Constraints: constraints,
|
||||
})
|
||||
case *ed25519.PrivateKey:
|
||||
req = xssh.Marshal(ed25519CertMsg{
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
Pub: []byte(*k)[32:],
|
||||
|
@ -616,7 +616,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
req[0] = agentAddIdConstrained
|
||||
}
|
||||
|
||||
signer, err := xssh.NewSignerFromKey(s)
|
||||
signer, err := ssh.NewSignerFromKey(s)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -635,13 +635,13 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin
|
|||
}
|
||||
|
||||
// Signers provides a callback for client authentication.
|
||||
func (c *client) Signers() ([]xssh.Signer, error) {
|
||||
func (c *client) Signers() ([]ssh.Signer, error) {
|
||||
keys, err := c.List()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var result []xssh.Signer
|
||||
var result []ssh.Signer
|
||||
for _, k := range keys {
|
||||
result = append(result, &agentKeyringSigner{c, k})
|
||||
}
|
||||
|
@ -650,14 +650,14 @@ func (c *client) Signers() ([]xssh.Signer, error) {
|
|||
|
||||
type agentKeyringSigner struct {
|
||||
agent *client
|
||||
pub xssh.PublicKey
|
||||
pub ssh.PublicKey
|
||||
}
|
||||
|
||||
func (s *agentKeyringSigner) PublicKey() xssh.PublicKey {
|
||||
func (s *agentKeyringSigner) PublicKey() ssh.PublicKey {
|
||||
return s.pub
|
||||
}
|
||||
|
||||
func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*xssh.Signature, error) {
|
||||
func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error) {
|
||||
// The agent has its own entropy source, so the rand argument is ignored.
|
||||
return s.agent.Sign(s.pub, data)
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
)
|
||||
|
||||
// startAgent executes ssh-agent, and returns a Agent interface to it.
|
||||
|
@ -79,20 +79,20 @@ func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
|
|||
}
|
||||
}
|
||||
|
||||
func testAgent(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
|
||||
func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
|
||||
agent, _, cleanup := startAgent(t)
|
||||
defer cleanup()
|
||||
|
||||
testAgentInterface(t, agent, key, cert, lifetimeSecs)
|
||||
}
|
||||
|
||||
func testKeyring(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
|
||||
func testKeyring(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
|
||||
a := NewKeyring()
|
||||
testAgentInterface(t, a, key, cert, lifetimeSecs)
|
||||
}
|
||||
|
||||
func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) {
|
||||
signer, err := xssh.NewSignerFromKey(key)
|
||||
func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
|
||||
signer, err := ssh.NewSignerFromKey(key)
|
||||
if err != nil {
|
||||
t.Fatalf("NewSignerFromKey(%T): %v", key, err)
|
||||
}
|
||||
|
@ -104,7 +104,7 @@ func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.C
|
|||
}
|
||||
|
||||
// Attempt to insert the key, with certificate if specified.
|
||||
var pubKey xssh.PublicKey
|
||||
var pubKey ssh.PublicKey
|
||||
if cert != nil {
|
||||
err = agent.Add(AddedKey{
|
||||
PrivateKey: key,
|
||||
|
@ -165,10 +165,10 @@ func DISABLED_TestAgent(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCert(t *testing.T) {
|
||||
cert := &xssh.Certificate{
|
||||
cert := &ssh.Certificate{
|
||||
Key: testPublicKeys["rsa"],
|
||||
ValidBefore: xssh.CertTimeInfinity,
|
||||
CertType: xssh.UserCert,
|
||||
ValidBefore: ssh.CertTimeInfinity,
|
||||
CertType: ssh.UserCert,
|
||||
}
|
||||
cert.SignCert(rand.Reader, testSigners["ecdsa"])
|
||||
|
||||
|
@ -215,9 +215,9 @@ func TestAuth(t *testing.T) {
|
|||
t.Errorf("Add: %v", err)
|
||||
}
|
||||
|
||||
serverConf := xssh.ServerConfig{}
|
||||
serverConf := ssh.ServerConfig{}
|
||||
serverConf.AddHostKey(testSigners["rsa"])
|
||||
serverConf.PublicKeyCallback = func(c xssh.ConnMetadata, key xssh.PublicKey) (*xssh.Permissions, error) {
|
||||
serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
|
||||
return nil, nil
|
||||
}
|
||||
|
@ -226,16 +226,16 @@ func TestAuth(t *testing.T) {
|
|||
}
|
||||
|
||||
go func() {
|
||||
conn, _, _, err := xssh.NewServerConn(a, &serverConf)
|
||||
conn, _, _, err := ssh.NewServerConn(a, &serverConf)
|
||||
if err != nil {
|
||||
t.Fatalf("Server: %v", err)
|
||||
}
|
||||
conn.Close()
|
||||
}()
|
||||
|
||||
conf := xssh.ClientConfig{}
|
||||
conf.Auth = append(conf.Auth, xssh.PublicKeysCallback(agent.Signers))
|
||||
conn, _, _, err := xssh.NewClientConn(b, "", &conf)
|
||||
conf := ssh.ClientConfig{}
|
||||
conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
|
||||
conn, _, _, err := ssh.NewClientConn(b, "", &conf)
|
||||
if err != nil {
|
||||
t.Fatalf("NewClientConn: %v", err)
|
||||
}
|
||||
|
@ -272,7 +272,7 @@ func testLockAgent(agent Agent, t *testing.T) {
|
|||
t.Errorf("Want 0 keys, got %v", keys)
|
||||
}
|
||||
|
||||
signer, _ := xssh.NewSignerFromKey(testPrivateKeys["rsa"])
|
||||
signer, _ := ssh.NewSignerFromKey(testPrivateKeys["rsa"])
|
||||
if _, err := agent.Sign(signer.PublicKey(), []byte("hello")); err == nil {
|
||||
t.Fatalf("Sign did not fail")
|
||||
}
|
||||
|
@ -318,10 +318,10 @@ func TestAgentLifetime(t *testing.T) {
|
|||
t.Fatalf("add: %v", err)
|
||||
}
|
||||
// Add certs to the agent.
|
||||
cert := &xssh.Certificate{
|
||||
cert := &ssh.Certificate{
|
||||
Key: testPublicKeys[keyType],
|
||||
ValidBefore: xssh.CertTimeInfinity,
|
||||
CertType: xssh.UserCert,
|
||||
ValidBefore: ssh.CertTimeInfinity,
|
||||
CertType: ssh.UserCert,
|
||||
}
|
||||
cert.SignCert(rand.Reader, testSigners[keyType])
|
||||
err = agent.Add(AddedKey{
|
||||
|
|
|
@ -9,8 +9,8 @@ import (
|
|||
"net"
|
||||
"os"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/agent"
|
||||
"github.com/zmap/zgrab2/lib/agent"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
)
|
||||
|
||||
func ExampleClientAgent() {
|
||||
|
@ -21,17 +21,17 @@ func ExampleClientAgent() {
|
|||
log.Fatalf("net.Dial: %v", err)
|
||||
}
|
||||
agentClient := agent.NewClient(conn)
|
||||
config := &xssh.ClientConfig{
|
||||
config := &ssh.ClientConfig{
|
||||
User: "username",
|
||||
Auth: []xssh.AuthMethod{
|
||||
Auth: []ssh.AuthMethod{
|
||||
// Use a callback rather than PublicKeys
|
||||
// so we only consult the agent once the remote server
|
||||
// wants it.
|
||||
xssh.PublicKeysCallback(agentClient.Signers),
|
||||
ssh.PublicKeysCallback(agentClient.Signers),
|
||||
},
|
||||
}
|
||||
|
||||
sshc, err := xssh.Dial("tcp", "localhost:22", config)
|
||||
sshc, err := ssh.Dial("tcp", "localhost:22", config)
|
||||
if err != nil {
|
||||
log.Fatalf("Dial: %v", err)
|
||||
}
|
||||
|
|
|
@ -10,13 +10,13 @@ import (
|
|||
"net"
|
||||
"sync"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
)
|
||||
|
||||
// RequestAgentForwarding sets up agent forwarding for the session.
|
||||
// ForwardToAgent or ForwardToRemote should be called to route
|
||||
// the authentication requests.
|
||||
func RequestAgentForwarding(session *xssh.Session) error {
|
||||
func RequestAgentForwarding(session *ssh.Session) error {
|
||||
ok, err := session.SendRequest("auth-agent-req@openssh.com", true, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -28,7 +28,7 @@ func RequestAgentForwarding(session *xssh.Session) error {
|
|||
}
|
||||
|
||||
// ForwardToAgent routes authentication requests to the given keyring.
|
||||
func ForwardToAgent(client *xssh.Client, keyring Agent) error {
|
||||
func ForwardToAgent(client *ssh.Client, keyring Agent) error {
|
||||
channels := client.HandleChannelOpen(channelType)
|
||||
if channels == nil {
|
||||
return errors.New("agent: already have handler for " + channelType)
|
||||
|
@ -40,7 +40,7 @@ func ForwardToAgent(client *xssh.Client, keyring Agent) error {
|
|||
if err != nil {
|
||||
continue
|
||||
}
|
||||
go xssh.DiscardRequests(reqs)
|
||||
go ssh.DiscardRequests(reqs)
|
||||
go func() {
|
||||
ServeAgent(keyring, channel)
|
||||
channel.Close()
|
||||
|
@ -54,7 +54,7 @@ const channelType = "auth-agent@openssh.com"
|
|||
|
||||
// ForwardToRemote routes authentication requests to the ssh-agent
|
||||
// process serving on the given unix socket.
|
||||
func ForwardToRemote(client *xssh.Client, addr string) error {
|
||||
func ForwardToRemote(client *ssh.Client, addr string) error {
|
||||
channels := client.HandleChannelOpen(channelType)
|
||||
if channels == nil {
|
||||
return errors.New("agent: already have handler for " + channelType)
|
||||
|
@ -71,14 +71,14 @@ func ForwardToRemote(client *xssh.Client, addr string) error {
|
|||
if err != nil {
|
||||
continue
|
||||
}
|
||||
go xssh.DiscardRequests(reqs)
|
||||
go ssh.DiscardRequests(reqs)
|
||||
go forwardUnixSocket(channel, addr)
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
func forwardUnixSocket(channel xssh.Channel, addr string) {
|
||||
func forwardUnixSocket(channel ssh.Channel, addr string) {
|
||||
conn, err := net.Dial("unix", addr)
|
||||
if err != nil {
|
||||
return
|
||||
|
|
|
@ -13,11 +13,11 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
)
|
||||
|
||||
type privKey struct {
|
||||
signer xssh.Signer
|
||||
signer ssh.Signer
|
||||
comment string
|
||||
expire *time.Time
|
||||
}
|
||||
|
@ -72,7 +72,7 @@ func (r *keyring) removeLocked(want []byte) error {
|
|||
}
|
||||
|
||||
// Remove removes all identities with the given public key.
|
||||
func (r *keyring) Remove(key xssh.PublicKey) error {
|
||||
func (r *keyring) Remove(key ssh.PublicKey) error {
|
||||
r.mu.Lock()
|
||||
defer r.mu.Unlock()
|
||||
if r.locked {
|
||||
|
@ -152,14 +152,14 @@ func (r *keyring) Add(key AddedKey) error {
|
|||
if r.locked {
|
||||
return errLocked
|
||||
}
|
||||
signer, err := xssh.NewSignerFromKey(key.PrivateKey)
|
||||
signer, err := ssh.NewSignerFromKey(key.PrivateKey)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if cert := key.Certificate; cert != nil {
|
||||
signer, err = xssh.NewCertSigner(cert, signer)
|
||||
signer, err = ssh.NewCertSigner(cert, signer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -181,7 +181,7 @@ func (r *keyring) Add(key AddedKey) error {
|
|||
}
|
||||
|
||||
// Sign returns a signature for the data.
|
||||
func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) {
|
||||
func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
|
||||
r.mu.Lock()
|
||||
defer r.mu.Unlock()
|
||||
if r.locked {
|
||||
|
@ -199,7 +199,7 @@ func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error)
|
|||
}
|
||||
|
||||
// Signers returns signers for all the known keys.
|
||||
func (r *keyring) Signers() ([]xssh.Signer, error) {
|
||||
func (r *keyring) Signers() ([]ssh.Signer, error) {
|
||||
r.mu.Lock()
|
||||
defer r.mu.Unlock()
|
||||
if r.locked {
|
||||
|
@ -207,7 +207,7 @@ func (r *keyring) Signers() ([]xssh.Signer, error) {
|
|||
}
|
||||
|
||||
r.expireKeysLocked()
|
||||
s := make([]xssh.Signer, 0, len(r.keys))
|
||||
s := make([]ssh.Signer, 0, len(r.keys))
|
||||
for _, k := range r.keys {
|
||||
s = append(s, k.signer)
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"log"
|
||||
"math/big"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
)
|
||||
|
||||
|
@ -40,7 +40,7 @@ func (s *server) processRequestBytes(reqData []byte) []byte {
|
|||
return []byte{agentSuccess}
|
||||
}
|
||||
|
||||
return xssh.Marshal(rep)
|
||||
return ssh.Marshal(rep)
|
||||
}
|
||||
|
||||
func marshalKey(k *Key) []byte {
|
||||
|
@ -51,7 +51,7 @@ func marshalKey(k *Key) []byte {
|
|||
record.Blob = k.Marshal()
|
||||
record.Comment = k.Comment
|
||||
|
||||
return xssh.Marshal(&record)
|
||||
return ssh.Marshal(&record)
|
||||
}
|
||||
|
||||
// See [PROTOCOL.agent], section 2.5.1.
|
||||
|
@ -83,12 +83,12 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
|
|||
|
||||
case agentRemoveIdentity:
|
||||
var req agentRemoveIdentityMsg
|
||||
if err := xssh.Unmarshal(data, &req); err != nil {
|
||||
if err := ssh.Unmarshal(data, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var wk wireKey
|
||||
if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil {
|
||||
if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -99,7 +99,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
|
|||
|
||||
case agentLock:
|
||||
var req agentLockMsg
|
||||
if err := xssh.Unmarshal(data, &req); err != nil {
|
||||
if err := ssh.Unmarshal(data, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -107,19 +107,19 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
|
|||
|
||||
case agentUnlock:
|
||||
var req agentLockMsg
|
||||
if err := xssh.Unmarshal(data, &req); err != nil {
|
||||
if err := ssh.Unmarshal(data, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return nil, s.agent.Unlock(req.Passphrase)
|
||||
|
||||
case agentSignRequest:
|
||||
var req signRequestAgentMsg
|
||||
if err := xssh.Unmarshal(data, &req); err != nil {
|
||||
if err := ssh.Unmarshal(data, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var wk wireKey
|
||||
if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil {
|
||||
if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -132,7 +132,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &signResponseAgentMsg{SigBlob: xssh.Marshal(sig)}, nil
|
||||
return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil
|
||||
|
||||
case agentRequestIdentities:
|
||||
keys, err := s.agent.List()
|
||||
|
@ -157,7 +157,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
|
|||
|
||||
func parseRSAKey(req []byte) (*AddedKey, error) {
|
||||
var k rsaKeyMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if k.E.BitLen() > 30 {
|
||||
|
@ -178,7 +178,7 @@ func parseRSAKey(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseEd25519Key(req []byte) (*AddedKey, error) {
|
||||
var k ed25519KeyMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := ed25519.PrivateKey(k.Priv)
|
||||
|
@ -187,7 +187,7 @@ func parseEd25519Key(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseDSAKey(req []byte) (*AddedKey, error) {
|
||||
var k dsaKeyMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := &dsa.PrivateKey{
|
||||
|
@ -231,15 +231,15 @@ func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (pri
|
|||
|
||||
func parseEd25519Cert(req []byte) (*AddedKey, error) {
|
||||
var k ed25519CertMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
|
||||
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := ed25519.PrivateKey(k.Priv)
|
||||
cert, ok := pubKey.(*xssh.Certificate)
|
||||
cert, ok := pubKey.(*ssh.Certificate)
|
||||
if !ok {
|
||||
return nil, errors.New("agent: bad ED25519 certificate")
|
||||
}
|
||||
|
@ -248,7 +248,7 @@ func parseEd25519Cert(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseECDSAKey(req []byte) (*AddedKey, error) {
|
||||
var k ecdsaKeyMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -262,16 +262,16 @@ func parseECDSAKey(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseRSACert(req []byte) (*AddedKey, error) {
|
||||
var k rsaCertMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
|
||||
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cert, ok := pubKey.(*xssh.Certificate)
|
||||
cert, ok := pubKey.(*ssh.Certificate)
|
||||
if !ok {
|
||||
return nil, errors.New("agent: bad RSA certificate")
|
||||
}
|
||||
|
@ -282,7 +282,7 @@ func parseRSACert(req []byte) (*AddedKey, error) {
|
|||
E *big.Int
|
||||
N *big.Int
|
||||
}
|
||||
if err := xssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
|
||||
if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
|
||||
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
|
||||
}
|
||||
|
||||
|
@ -305,14 +305,14 @@ func parseRSACert(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseDSACert(req []byte) (*AddedKey, error) {
|
||||
var k dsaCertMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
|
||||
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cert, ok := pubKey.(*xssh.Certificate)
|
||||
cert, ok := pubKey.(*ssh.Certificate)
|
||||
if !ok {
|
||||
return nil, errors.New("agent: bad DSA certificate")
|
||||
}
|
||||
|
@ -322,7 +322,7 @@ func parseDSACert(req []byte) (*AddedKey, error) {
|
|||
Name string
|
||||
P, Q, G, Y *big.Int
|
||||
}
|
||||
if err := xssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
|
||||
if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
|
||||
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
|
||||
}
|
||||
|
||||
|
@ -343,15 +343,15 @@ func parseDSACert(req []byte) (*AddedKey, error) {
|
|||
|
||||
func parseECDSACert(req []byte) (*AddedKey, error) {
|
||||
var k ecdsaCertMsg
|
||||
if err := xssh.Unmarshal(req, &k); err != nil {
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pubKey, err := xssh.ParsePublicKey(k.CertBytes)
|
||||
pubKey, err := ssh.ParsePublicKey(k.CertBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cert, ok := pubKey.(*xssh.Certificate)
|
||||
cert, ok := pubKey.(*ssh.Certificate)
|
||||
if !ok {
|
||||
return nil, errors.New("agent: bad ECDSA certificate")
|
||||
}
|
||||
|
@ -362,7 +362,7 @@ func parseECDSACert(req []byte) (*AddedKey, error) {
|
|||
ID string
|
||||
Key []byte
|
||||
}
|
||||
if err := xssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
|
||||
if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -380,7 +380,7 @@ func (s *server) insertIdentity(req []byte) error {
|
|||
Rest []byte `ssh:"rest"`
|
||||
}
|
||||
|
||||
if err := xssh.Unmarshal(req, &record); err != nil {
|
||||
if err := ssh.Unmarshal(req, &record); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -388,21 +388,21 @@ func (s *server) insertIdentity(req []byte) error {
|
|||
var err error
|
||||
|
||||
switch record.Type {
|
||||
case xssh.KeyAlgoRSA:
|
||||
case ssh.KeyAlgoRSA:
|
||||
addedKey, err = parseRSAKey(req)
|
||||
case xssh.KeyAlgoDSA:
|
||||
case ssh.KeyAlgoDSA:
|
||||
addedKey, err = parseDSAKey(req)
|
||||
case xssh.KeyAlgoECDSA256, xssh.KeyAlgoECDSA384, xssh.KeyAlgoECDSA521:
|
||||
case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
|
||||
addedKey, err = parseECDSAKey(req)
|
||||
case xssh.KeyAlgoED25519:
|
||||
case ssh.KeyAlgoED25519:
|
||||
addedKey, err = parseEd25519Key(req)
|
||||
case xssh.CertAlgoRSAv01:
|
||||
case ssh.CertAlgoRSAv01:
|
||||
addedKey, err = parseRSACert(req)
|
||||
case xssh.CertAlgoDSAv01:
|
||||
case ssh.CertAlgoDSAv01:
|
||||
addedKey, err = parseDSACert(req)
|
||||
case xssh.CertAlgoECDSA256v01, xssh.CertAlgoECDSA384v01, xssh.CertAlgoECDSA521v01:
|
||||
case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:
|
||||
addedKey, err = parseECDSACert(req)
|
||||
case xssh.CertAlgoED25519v01:
|
||||
case ssh.CertAlgoED25519v01:
|
||||
addedKey, err = parseEd25519Cert(req)
|
||||
default:
|
||||
return fmt.Errorf("agent: not implemented: %q", record.Type)
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
)
|
||||
|
||||
func TestServer(t *testing.T) {
|
||||
|
@ -43,25 +43,25 @@ func TestSetupForwardAgent(t *testing.T) {
|
|||
_, socket, cleanup := startAgent(t)
|
||||
defer cleanup()
|
||||
|
||||
serverConf := xssh.ServerConfig{
|
||||
serverConf := ssh.ServerConfig{
|
||||
NoClientAuth: true,
|
||||
}
|
||||
serverConf.AddHostKey(testSigners["rsa"])
|
||||
incoming := make(chan *xssh.ServerConn, 1)
|
||||
incoming := make(chan *ssh.ServerConn, 1)
|
||||
go func() {
|
||||
conn, _, _, err := xssh.NewServerConn(a, &serverConf)
|
||||
conn, _, _, err := ssh.NewServerConn(a, &serverConf)
|
||||
if err != nil {
|
||||
t.Fatalf("Server: %v", err)
|
||||
}
|
||||
incoming <- conn
|
||||
}()
|
||||
|
||||
conf := xssh.ClientConfig{}
|
||||
conn, chans, reqs, err := xssh.NewClientConn(b, "", &conf)
|
||||
conf := ssh.ClientConfig{}
|
||||
conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
|
||||
if err != nil {
|
||||
t.Fatalf("NewClientConn: %v", err)
|
||||
}
|
||||
client := xssh.NewClient(conn, chans, reqs)
|
||||
client := ssh.NewClient(conn, chans, reqs)
|
||||
|
||||
if err := ForwardToRemote(client, socket); err != nil {
|
||||
t.Fatalf("SetupForwardAgent: %v", err)
|
||||
|
@ -72,7 +72,7 @@ func TestSetupForwardAgent(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("OpenChannel(%q): %v", channelType, err)
|
||||
}
|
||||
go xssh.DiscardRequests(reqs)
|
||||
go ssh.DiscardRequests(reqs)
|
||||
|
||||
agentClient := NewClient(ch)
|
||||
testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
|
||||
|
@ -156,7 +156,7 @@ func TestKeyTypes(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error {
|
||||
func addCertToAgentSock(key crypto.PrivateKey, cert *ssh.Certificate) error {
|
||||
a, b, err := netPipe()
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -171,7 +171,7 @@ func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error {
|
|||
return verifyKey(agentClient)
|
||||
}
|
||||
|
||||
func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error {
|
||||
func addCertToAgent(key crypto.PrivateKey, cert *ssh.Certificate) error {
|
||||
sshAgent := NewKeyring()
|
||||
if err := sshAgent.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
|
||||
return fmt.Errorf("add: %v", err)
|
||||
|
@ -181,15 +181,15 @@ func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error {
|
|||
|
||||
func TestCertTypes(t *testing.T) {
|
||||
for keyType, key := range testPublicKeys {
|
||||
cert := &xssh.Certificate{
|
||||
cert := &ssh.Certificate{
|
||||
ValidPrincipals: []string{"gopher1"},
|
||||
ValidAfter: 0,
|
||||
ValidBefore: xssh.CertTimeInfinity,
|
||||
ValidBefore: ssh.CertTimeInfinity,
|
||||
Key: key,
|
||||
Serial: 1,
|
||||
CertType: xssh.UserCert,
|
||||
CertType: ssh.UserCert,
|
||||
SignatureKey: testPublicKeys["rsa"],
|
||||
Permissions: xssh.Permissions{
|
||||
Permissions: ssh.Permissions{
|
||||
CriticalOptions: map[string]string{},
|
||||
Extensions: map[string]string{},
|
||||
},
|
||||
|
|
|
@ -12,14 +12,14 @@ import (
|
|||
"crypto/rand"
|
||||
"fmt"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
"github.com/zmap/zgrab2/lib/testdata"
|
||||
)
|
||||
|
||||
var (
|
||||
testPrivateKeys map[string]interface{}
|
||||
testSigners map[string]xssh.Signer
|
||||
testPublicKeys map[string]xssh.PublicKey
|
||||
testSigners map[string]ssh.Signer
|
||||
testPublicKeys map[string]ssh.PublicKey
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -27,14 +27,14 @@ func init() {
|
|||
|
||||
n := len(testdata.PEMBytes)
|
||||
testPrivateKeys = make(map[string]interface{}, n)
|
||||
testSigners = make(map[string]xssh.Signer, n)
|
||||
testPublicKeys = make(map[string]xssh.PublicKey, n)
|
||||
testSigners = make(map[string]ssh.Signer, n)
|
||||
testPublicKeys = make(map[string]ssh.PublicKey, n)
|
||||
for t, k := range testdata.PEMBytes {
|
||||
testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k)
|
||||
testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
|
||||
}
|
||||
testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t])
|
||||
testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
|
||||
}
|
||||
|
@ -42,22 +42,22 @@ func init() {
|
|||
}
|
||||
|
||||
// Create a cert and sign it for use in tests.
|
||||
testCert := &xssh.Certificate{
|
||||
testCert := &ssh.Certificate{
|
||||
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
|
||||
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
|
||||
ValidAfter: 0, // unix epoch
|
||||
ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time.
|
||||
ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time.
|
||||
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
|
||||
Key: testPublicKeys["ecdsa"],
|
||||
SignatureKey: testPublicKeys["rsa"],
|
||||
Permissions: xssh.Permissions{
|
||||
Permissions: ssh.Permissions{
|
||||
CriticalOptions: map[string]string{},
|
||||
Extensions: map[string]string{},
|
||||
},
|
||||
}
|
||||
testCert.SignCert(rand.Reader, testSigners["rsa"])
|
||||
testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
|
||||
testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"])
|
||||
testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
@ -116,7 +116,7 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e
|
|||
}
|
||||
}
|
||||
}
|
||||
if pkgConfig.Verbose {
|
||||
if config.Verbose {
|
||||
if config.ConnLog != nil {
|
||||
//config.ConnLog.ClientIDString = string(c.clientVersion)
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package xssh
|
||||
package ssh
|
||||
|
||||
func MakeXSSHConfig() *ClientConfig {
|
||||
ret := new(ClientConfig)
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
|
|
@ -15,4 +15,4 @@ References:
|
|||
[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
|
||||
[SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
|
||||
*/
|
||||
package xssh // import "github.com/zmap/zgrab/ztools/xssh"
|
||||
package ssh
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh_test
|
||||
package ssh_test
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -12,8 +12,8 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/terminal"
|
||||
"github.com/zmap/zgrab2/lib/ssh"
|
||||
"github.com/zmap/zgrab2/lib/terminal"
|
||||
)
|
||||
|
||||
func ExampleNewServerConn() {
|
||||
|
@ -27,7 +27,7 @@ func ExampleNewServerConn() {
|
|||
|
||||
authorizedKeysMap := map[string]bool{}
|
||||
for len(authorizedKeysBytes) > 0 {
|
||||
pubKey, _, _, rest, err := xssh.ParseAuthorizedKey(authorizedKeysBytes)
|
||||
pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
@ -38,9 +38,9 @@ func ExampleNewServerConn() {
|
|||
|
||||
// An SSH server is represented by a ServerConfig, which holds
|
||||
// certificate details and handles authentication of ServerConns.
|
||||
config := &xssh.ServerConfig{
|
||||
config := &ssh.ServerConfig{
|
||||
// Remove to disable password auth.
|
||||
PasswordCallback: func(c xssh.ConnMetadata, pass []byte) (*xssh.Permissions, error) {
|
||||
PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
|
||||
// Should use constant-time compare (or better, salt+hash) in
|
||||
// a production setting.
|
||||
if c.User() == "testuser" && string(pass) == "tiger" {
|
||||
|
@ -50,7 +50,7 @@ func ExampleNewServerConn() {
|
|||
},
|
||||
|
||||
// Remove to disable public key auth.
|
||||
PublicKeyCallback: func(c xssh.ConnMetadata, pubKey xssh.PublicKey) (*xssh.Permissions, error) {
|
||||
PublicKeyCallback: func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
if authorizedKeysMap[string(pubKey.Marshal())] {
|
||||
return nil, nil
|
||||
}
|
||||
|
@ -63,7 +63,7 @@ func ExampleNewServerConn() {
|
|||
log.Fatal("Failed to load private key: ", err)
|
||||
}
|
||||
|
||||
private, err := xssh.ParsePrivateKey(privateBytes)
|
||||
private, err := ssh.ParsePrivateKey(privateBytes)
|
||||
if err != nil {
|
||||
log.Fatal("Failed to parse private key: ", err)
|
||||
}
|
||||
|
@ -83,12 +83,12 @@ func ExampleNewServerConn() {
|
|||
|
||||
// Before use, a handshake must be performed on the incoming
|
||||
// net.Conn.
|
||||
_, chans, reqs, err := xssh.NewServerConn(nConn, config)
|
||||
_, chans, reqs, err := ssh.NewServerConn(nConn, config)
|
||||
if err != nil {
|
||||
log.Fatal("failed to handshake: ", err)
|
||||
}
|
||||
// The incoming Request channel must be serviced.
|
||||
go xssh.DiscardRequests(reqs)
|
||||
go ssh.DiscardRequests(reqs)
|
||||
|
||||
// Service the incoming Channel channel.
|
||||
|
||||
|
@ -99,7 +99,7 @@ func ExampleNewServerConn() {
|
|||
// "session" and ServerShell may be used to present a simple
|
||||
// terminal interface.
|
||||
if newChannel.ChannelType() != "session" {
|
||||
newChannel.Reject(xssh.UnknownChannelType, "unknown channel type")
|
||||
newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
|
||||
continue
|
||||
}
|
||||
channel, requests, err := newChannel.Accept()
|
||||
|
@ -110,7 +110,7 @@ func ExampleNewServerConn() {
|
|||
// Sessions have out-of-band requests such as "shell",
|
||||
// "pty-req" and "env". Here we handle only the
|
||||
// "shell" request.
|
||||
go func(in <-chan *xssh.Request) {
|
||||
go func(in <-chan *ssh.Request) {
|
||||
for req := range in {
|
||||
req.Reply(req.Type == "shell", nil)
|
||||
}
|
||||
|
@ -136,13 +136,13 @@ func ExampleDial() {
|
|||
//
|
||||
// To authenticate with the remote server you must pass at least one
|
||||
// implementation of AuthMethod via the Auth field in ClientConfig.
|
||||
config := &xssh.ClientConfig{
|
||||
config := &ssh.ClientConfig{
|
||||
User: "username",
|
||||
Auth: []xssh.AuthMethod{
|
||||
xssh.Password("yourpassword"),
|
||||
Auth: []ssh.AuthMethod{
|
||||
ssh.Password("yourpassword"),
|
||||
},
|
||||
}
|
||||
client, err := xssh.Dial("tcp", "yourserver.com:22", config)
|
||||
client, err := ssh.Dial("tcp", "yourserver.com:22", config)
|
||||
if err != nil {
|
||||
log.Fatal("Failed to dial: ", err)
|
||||
}
|
||||
|
@ -177,21 +177,21 @@ func ExamplePublicKeys() {
|
|||
}
|
||||
|
||||
// Create the Signer for this private key.
|
||||
signer, err := xssh.ParsePrivateKey(key)
|
||||
signer, err := ssh.ParsePrivateKey(key)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to parse private key: %v", err)
|
||||
}
|
||||
|
||||
config := &xssh.ClientConfig{
|
||||
config := &ssh.ClientConfig{
|
||||
User: "user",
|
||||
Auth: []xssh.AuthMethod{
|
||||
Auth: []ssh.AuthMethod{
|
||||
// Use the PublicKeys method for remote authentication.
|
||||
xssh.PublicKeys(signer),
|
||||
ssh.PublicKeys(signer),
|
||||
},
|
||||
}
|
||||
|
||||
// Connect to the remote server and perform the SSH handshake.
|
||||
client, err := xssh.Dial("tcp", "host.com:22", config)
|
||||
client, err := ssh.Dial("tcp", "host.com:22", config)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to connect: %v", err)
|
||||
}
|
||||
|
@ -199,14 +199,14 @@ func ExamplePublicKeys() {
|
|||
}
|
||||
|
||||
func ExampleClient_Listen() {
|
||||
config := &xssh.ClientConfig{
|
||||
config := &ssh.ClientConfig{
|
||||
User: "username",
|
||||
Auth: []xssh.AuthMethod{
|
||||
xssh.Password("password"),
|
||||
Auth: []ssh.AuthMethod{
|
||||
ssh.Password("password"),
|
||||
},
|
||||
}
|
||||
// Dial your xssh server.
|
||||
conn, err := xssh.Dial("tcp", "localhost:22", config)
|
||||
// Dial your ssh server.
|
||||
conn, err := ssh.Dial("tcp", "localhost:22", config)
|
||||
if err != nil {
|
||||
log.Fatal("unable to connect: ", err)
|
||||
}
|
||||
|
@ -227,14 +227,14 @@ func ExampleClient_Listen() {
|
|||
|
||||
func ExampleSession_RequestPty() {
|
||||
// Create client config
|
||||
config := &xssh.ClientConfig{
|
||||
config := &ssh.ClientConfig{
|
||||
User: "username",
|
||||
Auth: []xssh.AuthMethod{
|
||||
xssh.Password("password"),
|
||||
Auth: []ssh.AuthMethod{
|
||||
ssh.Password("password"),
|
||||
},
|
||||
}
|
||||
// Connect to xssh server
|
||||
conn, err := xssh.Dial("tcp", "localhost:22", config)
|
||||
// Connect to ssh server
|
||||
conn, err := ssh.Dial("tcp", "localhost:22", config)
|
||||
if err != nil {
|
||||
log.Fatal("unable to connect: ", err)
|
||||
}
|
||||
|
@ -246,10 +246,10 @@ func ExampleSession_RequestPty() {
|
|||
}
|
||||
defer session.Close()
|
||||
// Set up terminal modes
|
||||
modes := xssh.TerminalModes{
|
||||
xssh.ECHO: 0, // disable echoing
|
||||
xssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
|
||||
xssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
|
||||
modes := ssh.TerminalModes{
|
||||
ssh.ECHO: 0, // disable echoing
|
||||
ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
|
||||
ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
|
||||
}
|
||||
// Request pseudo terminal
|
||||
if err := session.RequestPty("xterm", 40, 80, modes); err != nil {
|
||||
|
|
157
lib/ssh/flag.go
157
lib/ssh/flag.go
|
@ -1,157 +0,0 @@
|
|||
package xssh
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var pkgConfig XSSHConfig
|
||||
|
||||
type XSSHConfig struct {
|
||||
ClientID string
|
||||
HostKeyAlgorithms HostKeyAlgorithmsList
|
||||
KexAlgorithms KexAlgorithmsList
|
||||
Verbose bool
|
||||
CollectUserAuth bool
|
||||
Ciphers CipherList
|
||||
GexMinBits uint
|
||||
GexMaxBits uint
|
||||
GexPreferredBits uint
|
||||
}
|
||||
|
||||
type HostKeyAlgorithmsList struct {
|
||||
Algorithms []string
|
||||
}
|
||||
|
||||
func (hkaList *HostKeyAlgorithmsList) String() string {
|
||||
return strings.Join(hkaList.Algorithms, ",")
|
||||
}
|
||||
|
||||
func (hkaList *HostKeyAlgorithmsList) Set(value string) error {
|
||||
for _, alg := range strings.Split(value, ",") {
|
||||
isValid := false
|
||||
for _, val := range supportedHostKeyAlgos {
|
||||
if val == alg {
|
||||
isValid = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !isValid {
|
||||
return errors.New(fmt.Sprintf(`host key algorithm not supported: "%s"`, alg))
|
||||
}
|
||||
|
||||
hkaList.Algorithms = append(hkaList.Algorithms, alg)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (hkaList *HostKeyAlgorithmsList) Get() []string {
|
||||
if len(hkaList.Algorithms) == 0 {
|
||||
return supportedHostKeyAlgos
|
||||
} else {
|
||||
return hkaList.Algorithms
|
||||
}
|
||||
}
|
||||
|
||||
type KexAlgorithmsList struct {
|
||||
Algorithms []string
|
||||
}
|
||||
|
||||
func (kaList *KexAlgorithmsList) String() string {
|
||||
return strings.Join(kaList.Algorithms, ",")
|
||||
}
|
||||
|
||||
func (kaList *KexAlgorithmsList) Set(value string) error {
|
||||
for _, alg := range strings.Split(value, ",") {
|
||||
isValid := false
|
||||
for _, val := range allSupportedKexAlgos {
|
||||
if val == alg {
|
||||
isValid = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !isValid {
|
||||
return errors.New(fmt.Sprintf(`DH KEX algorithm not supported: "%s"`, alg))
|
||||
}
|
||||
|
||||
kaList.Algorithms = append(kaList.Algorithms, alg)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (kaList *KexAlgorithmsList) Get() []string {
|
||||
if len(kaList.Algorithms) == 0 {
|
||||
return defaultKexAlgos
|
||||
} else {
|
||||
return kaList.Algorithms
|
||||
}
|
||||
}
|
||||
|
||||
type CipherList struct {
|
||||
Ciphers []string
|
||||
}
|
||||
|
||||
func (cList *CipherList) String() string {
|
||||
return strings.Join(cList.Ciphers, ",")
|
||||
}
|
||||
|
||||
func (cList *CipherList) Set(value string) error {
|
||||
for _, inCipher := range strings.Split(value, ",") {
|
||||
isValid := false
|
||||
for _, knownCipher := range allSupportedCiphers {
|
||||
if inCipher == knownCipher {
|
||||
isValid = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !isValid {
|
||||
return errors.New(fmt.Sprintf(`cipher not supported: "%s"`, inCipher))
|
||||
}
|
||||
|
||||
cList.Ciphers = append(cList.Ciphers, inCipher)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (cList *CipherList) Get() []string {
|
||||
if len(cList.Ciphers) == 0 {
|
||||
return defaultCiphers
|
||||
} else {
|
||||
return cList.Ciphers
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
flag.StringVar(&pkgConfig.ClientID, "xssh-client-id", packageVersion, "Specify the client ID string to use")
|
||||
|
||||
hostKeyAlgUsage := fmt.Sprintf(
|
||||
"A comma-separated list of which host key algorithms to offer (default \"%s\")",
|
||||
strings.Join(supportedHostKeyAlgos, ","),
|
||||
)
|
||||
flag.Var(&pkgConfig.HostKeyAlgorithms, "xssh-host-key-algorithms", hostKeyAlgUsage)
|
||||
|
||||
kexAlgUsage := fmt.Sprintf(
|
||||
"A comma-separated list of which DH key exchange algorithms to offer (default \"%s\")",
|
||||
strings.Join(defaultKexAlgos, ","),
|
||||
)
|
||||
flag.Var(&pkgConfig.KexAlgorithms, "xssh-kex-algorithms", kexAlgUsage)
|
||||
|
||||
ciphersUsage := fmt.Sprintf(
|
||||
`A comma-separated list of which ciphers to offer (default "%s")`,
|
||||
strings.Join(defaultCiphers, ","))
|
||||
flag.Var(&pkgConfig.Ciphers, "xssh-ciphers", ciphersUsage)
|
||||
|
||||
flag.BoolVar(&pkgConfig.Verbose, "xssh-verbose", false, "Output additional information, including X/SSH client properties from the SSH handshake.")
|
||||
|
||||
flag.BoolVar(&pkgConfig.CollectUserAuth, "xssh-userauth", false, "Use the 'none' authentication request to see what userauth methods are allowed.")
|
||||
|
||||
flag.UintVar(&pkgConfig.GexMinBits, "xssh-gex-min-bits", 1024, "The minimum number of bits for the DH GEX prime.")
|
||||
flag.UintVar(&pkgConfig.GexMaxBits, "xssh-gex-max-bits", 8192, "The maximum number of bits for the DH GEX prime.")
|
||||
flag.UintVar(&pkgConfig.GexPreferredBits, "xssh-gex-preferred-bits", 2048, "The preferred number of bits for the DH GEX prime.")
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
|
@ -205,7 +205,7 @@ func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int,
|
|||
return new(big.Int).Exp(theirPublic, myPrivate, group.p), nil
|
||||
}
|
||||
|
||||
func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
|
||||
func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics, config *Config) (*kexResult, error) {
|
||||
group.JsonLog.Parameters = new(ztoolsKeys.DHParams)
|
||||
hashFunc := crypto.SHA1
|
||||
|
||||
|
@ -220,13 +220,13 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha
|
|||
}
|
||||
}
|
||||
|
||||
if pkgConfig.Verbose {
|
||||
if config.Verbose {
|
||||
group.JsonLog.Parameters.ClientPrivate = x
|
||||
}
|
||||
|
||||
X := new(big.Int).Exp(group.g, x, group.p)
|
||||
|
||||
if pkgConfig.Verbose {
|
||||
if config.Verbose {
|
||||
group.JsonLog.Parameters.ClientPublic = X
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
// Key exchange tests.
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -347,7 +347,7 @@ func parseRSA(in []byte) (out PublicKey, rest []byte, err error) {
|
|||
func (r *rsaPublicKey) Marshal() []byte {
|
||||
e := new(big.Int).SetInt64(int64(r.E))
|
||||
// RSA publickey struct layout should match the struct used by
|
||||
// parseRSACert in the github.com/zmap/zgrab/ztools/xssh/agent package.
|
||||
// parseRSACert in the github.com/zmap/zgrab2/lib/agent package.
|
||||
wirekey := struct {
|
||||
Name string
|
||||
E *big.Int
|
||||
|
@ -409,7 +409,7 @@ func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {
|
|||
|
||||
func (k *dsaPublicKey) Marshal() []byte {
|
||||
// DSA publickey struct layout should match the struct used by
|
||||
// parseDSACert in the x/github.com/zmap/zgrab/ztools/xssh/agent package.
|
||||
// parseDSACert in the x/github.com/zmap/zgrab2/lib/agent package.
|
||||
w := struct {
|
||||
Name string
|
||||
P, Q, G, Y *big.Int
|
||||
|
@ -615,7 +615,7 @@ func (key *ecdsaPublicKey) Marshal() []byte {
|
|||
// See RFC 5656, section 3.1.
|
||||
keyBytes := elliptic.Marshal(key.Curve, key.X, key.Y)
|
||||
// ECDSA publickey struct layout should match the struct used by
|
||||
// parseECDSACert in the github.com/zmap/zgrab/ztools/xssh/agent package.
|
||||
// parseECDSACert in the github.com/zmap/zgrab2/lib/agent package.
|
||||
w := struct {
|
||||
Name string
|
||||
ID string
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -17,7 +17,7 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
"github.com/zmap/zgrab2/lib/testdata"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
)
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
// HandshakeLog contains detailed information about each step of the
|
||||
// SSH handshake, and can be encoded to JSON.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
// Message authentication support
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
// Session implements an interactive session described in
|
||||
// "RFC 4254, section 6".
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
// Session tests.
|
||||
|
||||
|
@ -16,7 +16,7 @@ import (
|
|||
"net"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh/terminal"
|
||||
"github.com/zmap/zgrab2/lib/terminal"
|
||||
)
|
||||
|
||||
type serverType func(Channel, <-chan *Request, *testing.T)
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
// panic(err)
|
||||
// }
|
||||
// defer terminal.Restore(0, oldState)
|
||||
package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal"
|
||||
package terminal // import "github.com/zmap/zgrab2/lib/terminal"
|
||||
|
||||
import (
|
||||
"io"
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
// +build solaris
|
||||
|
||||
package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal"
|
||||
package terminal // import "github.com/zmap/zgrab2/lib/terminal"
|
||||
|
||||
import (
|
||||
"golang.org/x/sys/unix"
|
||||
|
|
|
@ -10,8 +10,8 @@ import (
|
|||
"bytes"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/agent"
|
||||
"github.com/zmap/zgrab/ztools/ssh"
|
||||
"github.com/zmap/zgrab/ztools/ssh/agent"
|
||||
)
|
||||
|
||||
func DISABLED_TestAgentForward(t *testing.T) {
|
||||
|
@ -48,12 +48,12 @@ func DISABLED_TestAgentForward(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("running ssh-add: %v, out %s", err, out)
|
||||
}
|
||||
key, _, _, _, err := xssh.ParseAuthorizedKey(out)
|
||||
key, _, _, _, err := ssh.ParseAuthorizedKey(out)
|
||||
if err != nil {
|
||||
t.Fatalf("ParseAuthorizedKey(%q): %v", out, err)
|
||||
}
|
||||
|
||||
if !bytes.Equal(key.Marshal(), pub.Marshal()) {
|
||||
t.Fatalf("got key %s, want %s", xssh.MarshalAuthorizedKey(key), xssh.MarshalAuthorizedKey(pub))
|
||||
t.Fatalf("got key %s, want %s", ssh.MarshalAuthorizedKey(key), ssh.MarshalAuthorizedKey(pub))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
"crypto/rand"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/ssh"
|
||||
)
|
||||
|
||||
func DISABLED_TestCertLogin(t *testing.T) {
|
||||
|
@ -20,25 +20,25 @@ func DISABLED_TestCertLogin(t *testing.T) {
|
|||
// Use a key different from the default.
|
||||
clientKey := testSigners["dsa"]
|
||||
caAuthKey := testSigners["ecdsa"]
|
||||
cert := &xssh.Certificate{
|
||||
cert := &ssh.Certificate{
|
||||
Key: clientKey.PublicKey(),
|
||||
ValidPrincipals: []string{username()},
|
||||
CertType: xssh.UserCert,
|
||||
ValidBefore: xssh.CertTimeInfinity,
|
||||
CertType: ssh.UserCert,
|
||||
ValidBefore: ssh.CertTimeInfinity,
|
||||
}
|
||||
if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
|
||||
t.Fatalf("SetSignature: %v", err)
|
||||
}
|
||||
|
||||
certSigner, err := xssh.NewCertSigner(cert, clientKey)
|
||||
certSigner, err := ssh.NewCertSigner(cert, clientKey)
|
||||
if err != nil {
|
||||
t.Fatalf("NewCertSigner: %v", err)
|
||||
}
|
||||
|
||||
conf := &xssh.ClientConfig{
|
||||
conf := &ssh.ClientConfig{
|
||||
User: username(),
|
||||
}
|
||||
conf.Auth = append(conf.Auth, xssh.PublicKeys(certSigner))
|
||||
conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
|
||||
client, err := s.TryDial(conf)
|
||||
if err != nil {
|
||||
t.Fatalf("TryDial: %v", err)
|
||||
|
|
|
@ -3,5 +3,5 @@
|
|||
// license that can be found in the LICENSE file.
|
||||
|
||||
// This package contains integration tests for the
|
||||
// github.com/zmap/zgrab/ztools/xssh.
|
||||
package test // import "github.com/zmap/zgrab/ztools/xssh/test"
|
||||
// github.com/zmap/zgrab/ztools/ssh.
|
||||
package test // import "github.com/zmap/zgrab/ztools/ssh/test"
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/ssh"
|
||||
)
|
||||
|
||||
func DISABLED_TestRunCommandSuccess(t *testing.T) {
|
||||
|
@ -44,9 +44,9 @@ func DISABLED_TestHostKeyCheck(t *testing.T) {
|
|||
conf.HostKeyCallback = hostDB.Check
|
||||
|
||||
// change the keys.
|
||||
hostDB.keys[xssh.KeyAlgoRSA][25]++
|
||||
hostDB.keys[xssh.KeyAlgoDSA][25]++
|
||||
hostDB.keys[xssh.KeyAlgoECDSA256][25]++
|
||||
hostDB.keys[ssh.KeyAlgoRSA][25]++
|
||||
hostDB.keys[ssh.KeyAlgoDSA][25]++
|
||||
hostDB.keys[ssh.KeyAlgoECDSA256][25]++
|
||||
|
||||
conn, err := server.TryDial(conf)
|
||||
if err == nil {
|
||||
|
@ -227,7 +227,7 @@ func DISABLED_TestInvalidTerminalMode(t *testing.T) {
|
|||
}
|
||||
defer session.Close()
|
||||
|
||||
if err = session.RequestPty("vt100", 80, 40, xssh.TerminalModes{255: 1984}); err == nil {
|
||||
if err = session.RequestPty("vt100", 80, 40, ssh.TerminalModes{255: 1984}); err == nil {
|
||||
t.Fatalf("req-pty failed: successful request with invalid mode")
|
||||
}
|
||||
}
|
||||
|
@ -254,7 +254,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) {
|
|||
t.Fatalf("unable to acquire stdin pipe: %s", err)
|
||||
}
|
||||
|
||||
tm := xssh.TerminalModes{xssh.ECHO: 0}
|
||||
tm := ssh.TerminalModes{ssh.ECHO: 0}
|
||||
if err = session.RequestPty("xterm", 80, 40, tm); err != nil {
|
||||
t.Fatalf("req-pty failed: %s", err)
|
||||
}
|
||||
|
@ -277,7 +277,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) {
|
|||
}
|
||||
|
||||
func DISABLED_TestCiphers(t *testing.T) {
|
||||
var config xssh.Config
|
||||
var config ssh.Config
|
||||
config.SetDefaults()
|
||||
cipherOrder := config.Ciphers
|
||||
// These ciphers will not be tested when commented out in cipher.go it will
|
||||
|
@ -301,7 +301,7 @@ func DISABLED_TestCiphers(t *testing.T) {
|
|||
}
|
||||
|
||||
func DISABLED_TestMACs(t *testing.T) {
|
||||
var config xssh.Config
|
||||
var config ssh.Config
|
||||
config.SetDefaults()
|
||||
macOrder := config.MACs
|
||||
|
||||
|
@ -321,7 +321,7 @@ func DISABLED_TestMACs(t *testing.T) {
|
|||
}
|
||||
|
||||
func DISABLED_TestKeyExchanges(t *testing.T) {
|
||||
var config xssh.Config
|
||||
var config ssh.Config
|
||||
config.SetDefaults()
|
||||
kexOrder := config.KeyExchanges
|
||||
for _, kex := range kexOrder {
|
||||
|
@ -349,8 +349,8 @@ func DISABLED_TestClientAuthAlgorithms(t *testing.T) {
|
|||
server := newServer(t)
|
||||
conf := clientConfig()
|
||||
conf.SetDefaults()
|
||||
conf.Auth = []xssh.AuthMethod{
|
||||
xssh.PublicKeys(testSigners[key]),
|
||||
conf.Auth = []ssh.AuthMethod{
|
||||
ssh.PublicKeys(testSigners[key]),
|
||||
}
|
||||
|
||||
conn, err := server.TryDial(conf)
|
||||
|
|
|
@ -21,8 +21,8 @@ import (
|
|||
"testing"
|
||||
"text/template"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
"github.com/zmap/zgrab/ztools/ssh"
|
||||
"github.com/zmap/zgrab/ztools/ssh/testdata"
|
||||
)
|
||||
|
||||
const sshd_config = `
|
||||
|
@ -87,14 +87,14 @@ type storedHostKey struct {
|
|||
checkCount int
|
||||
}
|
||||
|
||||
func (k *storedHostKey) Add(key xssh.PublicKey) {
|
||||
func (k *storedHostKey) Add(key ssh.PublicKey) {
|
||||
if k.keys == nil {
|
||||
k.keys = map[string][]byte{}
|
||||
}
|
||||
k.keys[key.Type()] = key.Marshal()
|
||||
}
|
||||
|
||||
func (k *storedHostKey) Check(addr string, remote net.Addr, key xssh.PublicKey) error {
|
||||
func (k *storedHostKey) Check(addr string, remote net.Addr, key ssh.PublicKey) error {
|
||||
k.checkCount++
|
||||
algo := key.Type()
|
||||
|
||||
|
@ -112,11 +112,11 @@ func hostKeyDB() *storedHostKey {
|
|||
return keyChecker
|
||||
}
|
||||
|
||||
func clientConfig() *xssh.ClientConfig {
|
||||
config := &xssh.ClientConfig{
|
||||
func clientConfig() *ssh.ClientConfig {
|
||||
config := &ssh.ClientConfig{
|
||||
User: username(),
|
||||
Auth: []xssh.AuthMethod{
|
||||
xssh.PublicKeys(testSigners["user"]),
|
||||
Auth: []ssh.AuthMethod{
|
||||
ssh.PublicKeys(testSigners["user"]),
|
||||
},
|
||||
HostKeyCallback: hostKeyDB().Check,
|
||||
}
|
||||
|
@ -153,7 +153,7 @@ func unixConnection() (*net.UnixConn, *net.UnixConn, error) {
|
|||
return c1.(*net.UnixConn), c2.(*net.UnixConn), nil
|
||||
}
|
||||
|
||||
func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) {
|
||||
func (s *server) TryDial(config *ssh.ClientConfig) (*ssh.Client, error) {
|
||||
sshd, err := exec.LookPath("sshd")
|
||||
if err != nil {
|
||||
s.t.Skipf("skipping test: %v", err)
|
||||
|
@ -179,19 +179,19 @@ func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) {
|
|||
s.t.Fatalf("s.cmd.Start: %v", err)
|
||||
}
|
||||
s.clientConn = c1
|
||||
conn, chans, reqs, err := xssh.NewClientConn(c1, "", config)
|
||||
conn, chans, reqs, err := ssh.NewClientConn(c1, "", config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return xssh.NewClient(conn, chans, reqs), nil
|
||||
return ssh.NewClient(conn, chans, reqs), nil
|
||||
}
|
||||
|
||||
func (s *server) Dial(config *xssh.ClientConfig) *xssh.Client {
|
||||
func (s *server) Dial(config *ssh.ClientConfig) *ssh.Client {
|
||||
conn, err := s.TryDial(config)
|
||||
if err != nil {
|
||||
s.t.Fail()
|
||||
s.Shutdown()
|
||||
s.t.Fatalf("xssh.Client: %v", err)
|
||||
s.t.Fatalf("ssh.Client: %v", err)
|
||||
}
|
||||
return conn
|
||||
}
|
||||
|
@ -247,12 +247,12 @@ func newServer(t *testing.T) *server {
|
|||
for k, v := range testdata.PEMBytes {
|
||||
filename := "id_" + k
|
||||
writeFile(filepath.Join(dir, filename), v)
|
||||
writeFile(filepath.Join(dir, filename+".pub"), xssh.MarshalAuthorizedKey(testPublicKeys[k]))
|
||||
writeFile(filepath.Join(dir, filename+".pub"), ssh.MarshalAuthorizedKey(testPublicKeys[k]))
|
||||
}
|
||||
|
||||
var authkeys bytes.Buffer
|
||||
for k := range testdata.PEMBytes {
|
||||
authkeys.Write(xssh.MarshalAuthorizedKey(testPublicKeys[k]))
|
||||
authkeys.Write(ssh.MarshalAuthorizedKey(testPublicKeys[k]))
|
||||
}
|
||||
writeFile(filepath.Join(dir, "authorized_keys"), authkeys.Bytes())
|
||||
|
||||
|
|
|
@ -12,14 +12,14 @@ import (
|
|||
"crypto/rand"
|
||||
"fmt"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh"
|
||||
"github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
"github.com/zmap/zgrab/ztools/ssh"
|
||||
"github.com/zmap/zgrab/ztools/ssh/testdata"
|
||||
)
|
||||
|
||||
var (
|
||||
testPrivateKeys map[string]interface{}
|
||||
testSigners map[string]xssh.Signer
|
||||
testPublicKeys map[string]xssh.PublicKey
|
||||
testSigners map[string]ssh.Signer
|
||||
testPublicKeys map[string]ssh.PublicKey
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -27,14 +27,14 @@ func init() {
|
|||
|
||||
n := len(testdata.PEMBytes)
|
||||
testPrivateKeys = make(map[string]interface{}, n)
|
||||
testSigners = make(map[string]xssh.Signer, n)
|
||||
testPublicKeys = make(map[string]xssh.PublicKey, n)
|
||||
testSigners = make(map[string]ssh.Signer, n)
|
||||
testPublicKeys = make(map[string]ssh.PublicKey, n)
|
||||
for t, k := range testdata.PEMBytes {
|
||||
testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k)
|
||||
testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
|
||||
}
|
||||
testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t])
|
||||
testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
|
||||
}
|
||||
|
@ -42,22 +42,22 @@ func init() {
|
|||
}
|
||||
|
||||
// Create a cert and sign it for use in tests.
|
||||
testCert := &xssh.Certificate{
|
||||
testCert := &ssh.Certificate{
|
||||
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
|
||||
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
|
||||
ValidAfter: 0, // unix epoch
|
||||
ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time.
|
||||
ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time.
|
||||
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
|
||||
Key: testPublicKeys["ecdsa"],
|
||||
SignatureKey: testPublicKeys["rsa"],
|
||||
Permissions: xssh.Permissions{
|
||||
Permissions: ssh.Permissions{
|
||||
CriticalOptions: map[string]string{},
|
||||
Extensions: map[string]string{},
|
||||
},
|
||||
}
|
||||
testCert.SignCert(rand.Reader, testSigners["rsa"])
|
||||
testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
|
||||
testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"])
|
||||
testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
|
||||
}
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
// license that can be found in the LICENSE file.
|
||||
|
||||
// This package contains test data shared between the various subpackages of
|
||||
// the github.com/zmap/zgrab/ztools/xssh package. Under no circumstance should
|
||||
// the github.com/zmap/zgrab2/lib package. Under no circumstance should
|
||||
// this data be used for production code.
|
||||
package testdata // import "github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
package testdata // import "github.com/zmap/zgrab2/lib/testdata"
|
||||
|
|
|
@ -6,13 +6,13 @@
|
|||
// ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three
|
||||
// instances.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"fmt"
|
||||
|
||||
"github.com/zmap/zgrab/ztools/xssh/testdata"
|
||||
"github.com/zmap/zgrab2/lib/testdata"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package xssh
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// DHParams can be used to store finite-field Diffie-Hellman parameters. At any
|
||||
// point in time, it is unlikely that both OurPrivate and TheirPrivate will be
|
||||
// non-nil.
|
||||
type DHParams struct {
|
||||
Prime *big.Int
|
||||
Generator *big.Int
|
||||
ServerPublic *big.Int
|
||||
ServerPrivate *big.Int
|
||||
ClientPublic *big.Int
|
||||
ClientPrivate *big.Int
|
||||
SessionKey *big.Int
|
||||
}
|
||||
|
||||
type auxDHParams struct {
|
||||
Prime *cryptoParameter `json:"prime"`
|
||||
Generator *cryptoParameter `json:"generator"`
|
||||
ServerPublic *cryptoParameter `json:"server_public,omitempty"`
|
||||
ServerPrivate *cryptoParameter `json:"server_private,omitempty"`
|
||||
ClientPublic *cryptoParameter `json:"client_public,omitempty"`
|
||||
ClientPrivate *cryptoParameter `json:"client_private,omitempty"`
|
||||
SessionKey *cryptoParameter `json:"session_key,omitempty"`
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshal interface
|
||||
func (p *DHParams) MarshalJSON() ([]byte, error) {
|
||||
aux := auxDHParams{
|
||||
Prime: &cryptoParameter{Int: p.Prime},
|
||||
Generator: &cryptoParameter{Int: p.Generator},
|
||||
}
|
||||
if p.ServerPublic != nil {
|
||||
aux.ServerPublic = &cryptoParameter{Int: p.ServerPublic}
|
||||
}
|
||||
if p.ServerPrivate != nil {
|
||||
aux.ServerPrivate = &cryptoParameter{Int: p.ServerPrivate}
|
||||
}
|
||||
if p.ClientPublic != nil {
|
||||
aux.ClientPublic = &cryptoParameter{Int: p.ClientPublic}
|
||||
}
|
||||
if p.ClientPrivate != nil {
|
||||
aux.ClientPrivate = &cryptoParameter{Int: p.ClientPrivate}
|
||||
}
|
||||
if p.SessionKey != nil {
|
||||
aux.SessionKey = &cryptoParameter{Int: p.SessionKey}
|
||||
}
|
||||
return json.Marshal(aux)
|
||||
}
|
||||
|
||||
// UnmarshalJSON implement the json.Unmarshaler interface
|
||||
func (p *DHParams) UnmarshalJSON(b []byte) error {
|
||||
var aux auxDHParams
|
||||
if err := json.Unmarshal(b, &aux); err != nil {
|
||||
return err
|
||||
}
|
||||
if aux.Prime != nil {
|
||||
p.Prime = aux.Prime.Int
|
||||
}
|
||||
if aux.Generator != nil {
|
||||
p.Generator = aux.Generator.Int
|
||||
}
|
||||
if aux.ServerPublic != nil {
|
||||
p.ServerPublic = aux.ServerPublic.Int
|
||||
}
|
||||
if aux.ServerPrivate != nil {
|
||||
p.ServerPrivate = aux.ServerPrivate.Int
|
||||
}
|
||||
if aux.ClientPublic != nil {
|
||||
p.ClientPublic = aux.ClientPublic.Int
|
||||
}
|
||||
if aux.ClientPrivate != nil {
|
||||
p.ClientPrivate = aux.ClientPrivate.Int
|
||||
}
|
||||
if aux.SessionKey != nil {
|
||||
p.SessionKey = aux.SessionKey.Int
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// CryptoParameter represents a big.Int used a parameter in some cryptography.
|
||||
// It serializes to json as a tupe of a base64-encoded number and a length in
|
||||
// bits.
|
||||
type cryptoParameter struct {
|
||||
*big.Int
|
||||
}
|
||||
|
||||
type auxCryptoParameter struct {
|
||||
Raw []byte `json:"value"`
|
||||
Length int `json:"length"`
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshaler interface
|
||||
func (p *cryptoParameter) MarshalJSON() ([]byte, error) {
|
||||
var aux auxCryptoParameter
|
||||
if p.Int != nil {
|
||||
aux.Raw = p.Bytes()
|
||||
aux.Length = 8 * len(aux.Raw)
|
||||
}
|
||||
return json.Marshal(&aux)
|
||||
}
|
||||
|
||||
// UnmarshalJSON implements the json.Unmarshal interface
|
||||
func (p *cryptoParameter) UnmarshalJSON(b []byte) error {
|
||||
var aux auxCryptoParameter
|
||||
if err := json.Unmarshal(b, &aux); err != nil {
|
||||
return err
|
||||
}
|
||||
p.Int = new(big.Int)
|
||||
p.SetBytes(aux.Raw)
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"math/big"
|
||||
"testing"
|
||||
|
||||
. "gopkg.in/check.v1"
|
||||
)
|
||||
|
||||
func TestDHE(t *testing.T) { TestingT(t) }
|
||||
|
||||
// from testdata/test1024dh.pem
|
||||
var test1024Prime = []byte{0x00, 0xAE, 0x6A, 0xFA, 0xE1, 0x1D, 0x60, 0x76, 0x64, 0x56, 0x17, 0x01, 0x55, 0x14, 0xF0, 0x38, 0x71, 0xA0, 0x9E, 0xA2, 0x0C, 0x02, 0x03, 0x0E, 0x35, 0xC7, 0xD4, 0x2D, 0x32, 0x6A, 0x61, 0x24, 0x72, 0xDE, 0x64, 0x53, 0xB7, 0xEA, 0xB4, 0x89, 0x51, 0xF9, 0x2E, 0x24, 0x6D, 0x1B, 0x18, 0xC4, 0xAA, 0xB5, 0x5C, 0x0C, 0x90, 0xEC, 0xF9, 0xA0, 0x3D, 0xD8, 0x09, 0xEF, 0x85, 0x6E, 0x74, 0xC3, 0xC2, 0x13, 0x42, 0x17, 0xAA, 0x68, 0x79, 0xFD, 0x9C, 0xB5, 0xED, 0x6E, 0x3A, 0x31, 0xE7, 0x86, 0xCA, 0x08, 0xBC, 0xE6, 0xE7, 0x65, 0xCB, 0xB2, 0x08, 0xEA, 0x8C, 0x21, 0x3C, 0xE6, 0x0E, 0x66, 0xDD, 0x5E, 0x7D, 0x04, 0x57, 0xD8, 0xE4, 0xB3, 0x0B, 0xEF, 0x40, 0x71, 0x0C, 0xA1, 0xE2, 0x12, 0x75, 0x80, 0x92, 0x85, 0x22, 0x6E, 0xCF, 0x37, 0x43, 0x48, 0x27, 0x4C, 0x21, 0x22, 0xE6, 0xC7, 0xE3}
|
||||
var testGenerator = []byte{0x02}
|
||||
|
||||
type DHESuite struct {
|
||||
prime1024 *cryptoParameter
|
||||
generator *cryptoParameter
|
||||
param1024 *DHParams
|
||||
}
|
||||
|
||||
var _ = Suite(&DHESuite{})
|
||||
|
||||
func (s *DHESuite) SetUpTest(c *C) {
|
||||
s.prime1024 = new(cryptoParameter)
|
||||
s.prime1024.Int = new(big.Int)
|
||||
s.prime1024.SetBytes(test1024Prime)
|
||||
s.generator = new(cryptoParameter)
|
||||
s.generator.Int = new(big.Int)
|
||||
s.generator.SetBytes(testGenerator)
|
||||
s.param1024 = new(DHParams)
|
||||
s.param1024.Prime = s.prime1024.Int
|
||||
s.param1024.Generator = s.generator.Int
|
||||
}
|
||||
|
||||
func (s *DHESuite) TestEncodeDecodeCryptoParameter(c *C) {
|
||||
b, err := json.Marshal(s.prime1024)
|
||||
c.Assert(err, IsNil)
|
||||
c.Assert(b, NotNil)
|
||||
var dec cryptoParameter
|
||||
err = json.Unmarshal(b, &dec)
|
||||
c.Assert(err, IsNil)
|
||||
cmp := dec.Cmp(s.prime1024.Int)
|
||||
c.Check(cmp, Equals, 0)
|
||||
}
|
||||
|
||||
func (s *DHESuite) TestEncodeDecodeDHParams(c *C) {
|
||||
b, err := json.Marshal(s.param1024)
|
||||
c.Assert(err, IsNil)
|
||||
c.Assert(b, NotNil)
|
||||
var dec DHParams
|
||||
err = json.Unmarshal(b, &dec)
|
||||
c.Assert(err, IsNil)
|
||||
c.Check(dec.Prime.Cmp(s.param1024.Prime), Equals, 0)
|
||||
c.Check(dec.Generator.Cmp(s.param1024.Generator), Equals, 0)
|
||||
}
|
|
@ -0,0 +1,106 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"crypto/elliptic"
|
||||
"encoding/json"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// TLSCurveID is the type of a TLS identifier for an elliptic curve. See
|
||||
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
|
||||
type TLSCurveID uint16
|
||||
|
||||
type ECDHPrivateParams struct {
|
||||
Value []byte `json:"value,omitempty"`
|
||||
Length int `json:"length,omitempty"`
|
||||
}
|
||||
|
||||
// ECDHParams stores elliptic-curve Diffie-Hellman paramters.At any point in
|
||||
// time, it is unlikely that both ServerPrivate and ClientPrivate will be non-nil.
|
||||
type ECDHParams struct {
|
||||
TLSCurveID TLSCurveID `json:"curve_id,omitempty"`
|
||||
Curve elliptic.Curve `json:"-"`
|
||||
ServerPublic *ECPoint `json:"server_public,omitempty"`
|
||||
ServerPrivate *ECDHPrivateParams `json:"server_private,omitempty"`
|
||||
ClientPublic *ECPoint `json:"client_public,omitempty"`
|
||||
ClientPrivate *ECDHPrivateParams `json:"client_private,omitempty"`
|
||||
}
|
||||
|
||||
// ECPoint represents an elliptic curve point and serializes nicely to JSON
|
||||
type ECPoint struct {
|
||||
X *big.Int
|
||||
Y *big.Int
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshler interface
|
||||
func (p *ECPoint) MarshalJSON() ([]byte, error) {
|
||||
aux := struct {
|
||||
X *cryptoParameter `json:"x"`
|
||||
Y *cryptoParameter `json:"y"`
|
||||
}{
|
||||
X: &cryptoParameter{Int: p.X},
|
||||
Y: &cryptoParameter{Int: p.Y},
|
||||
}
|
||||
return json.Marshal(&aux)
|
||||
}
|
||||
|
||||
// UnmarshalJSON implements the json.Unmarshler interface
|
||||
func (p *ECPoint) UnmarshalJSON(b []byte) error {
|
||||
aux := struct {
|
||||
X *cryptoParameter `json:"x"`
|
||||
Y *cryptoParameter `json:"y"`
|
||||
}{}
|
||||
if err := json.Unmarshal(b, &aux); err != nil {
|
||||
return err
|
||||
}
|
||||
p.X = aux.X.Int
|
||||
p.Y = aux.Y.Int
|
||||
return nil
|
||||
}
|
||||
|
||||
// Description returns the description field for the given ID. See
|
||||
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
|
||||
func (c *TLSCurveID) Description() string {
|
||||
if desc, ok := ecIDToName[*c]; ok {
|
||||
return desc
|
||||
}
|
||||
return "unknown"
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshaler interface
|
||||
func (c *TLSCurveID) MarshalJSON() ([]byte, error) {
|
||||
aux := struct {
|
||||
Name string `json:"name"`
|
||||
ID uint16 `json:"id"`
|
||||
}{
|
||||
Name: c.Description(),
|
||||
ID: uint16(*c),
|
||||
}
|
||||
return json.Marshal(&aux)
|
||||
}
|
||||
|
||||
//UnmarshalJSON implements the json.Unmarshaler interface
|
||||
func (c *TLSCurveID) UnmarshalJSON(b []byte) error {
|
||||
aux := struct {
|
||||
ID uint16 `json:"id"`
|
||||
}{}
|
||||
if err := json.Unmarshal(b, &aux); err != nil {
|
||||
return err
|
||||
}
|
||||
*c = TLSCurveID(aux.ID)
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,80 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/json"
|
||||
"math/big"
|
||||
"testing"
|
||||
|
||||
. "gopkg.in/check.v1"
|
||||
)
|
||||
|
||||
func TestECDHE(t *testing.T) { TestingT(t) }
|
||||
|
||||
type ECDHESuite struct{}
|
||||
|
||||
var _ = Suite(&ECDHESuite{})
|
||||
|
||||
func (s *ECDHESuite) TestEncodeDecodeCurveID(c *C) {
|
||||
for curve := range ecIDToName {
|
||||
out, errEnc := json.Marshal(&curve)
|
||||
c.Assert(errEnc, IsNil)
|
||||
var back TLSCurveID
|
||||
errDec := json.Unmarshal(out, &back)
|
||||
c.Assert(errDec, IsNil)
|
||||
c.Check(back, Equals, curve)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ECDHESuite) TestEncodeDecodeECPoint(c *C) {
|
||||
max := new(big.Int)
|
||||
max.Exp(big.NewInt(2), big.NewInt(255), nil)
|
||||
max.Sub(max, big.NewInt(19))
|
||||
x, errX := rand.Int(rand.Reader, max)
|
||||
y, errY := rand.Int(rand.Reader, max)
|
||||
c.Assert(errX, IsNil)
|
||||
c.Assert(errY, IsNil)
|
||||
p := ECPoint{
|
||||
X: x,
|
||||
Y: y,
|
||||
}
|
||||
out, errEnc := json.Marshal(&p)
|
||||
c.Assert(errEnc, IsNil)
|
||||
c.Check(len(out), Not(Equals), 0)
|
||||
var back ECPoint
|
||||
errDec := json.Unmarshal(out, &back)
|
||||
c.Assert(errDec, IsNil)
|
||||
}
|
||||
|
||||
func (s *ECDHESuite) TestCurveIDDescription(c *C) {
|
||||
for curve, name := range ecIDToName {
|
||||
c.Check(curve.Description(), Equals, name)
|
||||
}
|
||||
unk := TLSCurveID(6500)
|
||||
c.Check(unk.Description(), Equals, "unknown")
|
||||
}
|
||||
|
||||
func (s *ECDHESuite) TestEncodeDecodeECParam(c *C) {
|
||||
ecp := new(ECDHParams)
|
||||
out, errEnc := json.Marshal(&ecp)
|
||||
c.Assert(errEnc, IsNil)
|
||||
c.Check(len(out), Not(Equals), 0)
|
||||
back := new(ECDHParams)
|
||||
errDec := json.Unmarshal(out, back)
|
||||
c.Assert(errDec, IsNil)
|
||||
c.Check(back, DeepEquals, ecp)
|
||||
}
|
|
@ -0,0 +1,113 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
// IANA-assigned curve ID values, see
|
||||
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
|
||||
const (
|
||||
Sect163k1 TLSCurveID = 1
|
||||
Sect163r1 TLSCurveID = 2
|
||||
Sect163r2 TLSCurveID = 3
|
||||
Sect193r1 TLSCurveID = 4
|
||||
Sect193r2 TLSCurveID = 5
|
||||
Sect233k1 TLSCurveID = 6
|
||||
Sect233r1 TLSCurveID = 7
|
||||
Sect239k1 TLSCurveID = 8
|
||||
Sect283k1 TLSCurveID = 9
|
||||
Sect283r1 TLSCurveID = 10
|
||||
Sect409k1 TLSCurveID = 11
|
||||
Sect409r1 TLSCurveID = 12
|
||||
Sect571k1 TLSCurveID = 13
|
||||
Sect571r1 TLSCurveID = 14
|
||||
Secp160k1 TLSCurveID = 15
|
||||
Secp160r1 TLSCurveID = 16
|
||||
Secp160r2 TLSCurveID = 17
|
||||
Secp192k1 TLSCurveID = 18
|
||||
Secp192r1 TLSCurveID = 19
|
||||
Secp224k1 TLSCurveID = 20
|
||||
Secp224r1 TLSCurveID = 21
|
||||
Secp256k1 TLSCurveID = 22
|
||||
Secp256r1 TLSCurveID = 23
|
||||
Secp384r1 TLSCurveID = 24
|
||||
Secp521r1 TLSCurveID = 25
|
||||
BrainpoolP256r1 TLSCurveID = 26
|
||||
BrainpoolP384r1 TLSCurveID = 27
|
||||
BrainpoolP512r1 TLSCurveID = 28
|
||||
)
|
||||
|
||||
var ecIDToName map[TLSCurveID]string
|
||||
var ecNameToID map[string]TLSCurveID
|
||||
|
||||
func init() {
|
||||
ecIDToName = make(map[TLSCurveID]string, 64)
|
||||
ecIDToName[Sect163k1] = "sect163k1"
|
||||
ecIDToName[Sect163r1] = "sect163r1"
|
||||
ecIDToName[Sect163r2] = "sect163r2"
|
||||
ecIDToName[Sect193r1] = "sect193r1"
|
||||
ecIDToName[Sect193r2] = "sect193r2"
|
||||
ecIDToName[Sect233k1] = "sect233k1"
|
||||
ecIDToName[Sect233r1] = "sect233r1"
|
||||
ecIDToName[Sect239k1] = "sect239k1"
|
||||
ecIDToName[Sect283k1] = "sect283k1"
|
||||
ecIDToName[Sect283r1] = "sect283r1"
|
||||
ecIDToName[Sect409k1] = "sect409k1"
|
||||
ecIDToName[Sect409r1] = "sect409r1"
|
||||
ecIDToName[Sect571k1] = "sect571k1"
|
||||
ecIDToName[Sect571r1] = "sect571r1"
|
||||
ecIDToName[Secp160k1] = "secp160k1"
|
||||
ecIDToName[Secp160r1] = "secp160r1"
|
||||
ecIDToName[Secp160r2] = "secp160r2"
|
||||
ecIDToName[Secp192k1] = "secp192k1"
|
||||
ecIDToName[Secp192r1] = "secp192r1"
|
||||
ecIDToName[Secp224k1] = "secp224k1"
|
||||
ecIDToName[Secp224r1] = "secp224r1"
|
||||
ecIDToName[Secp256k1] = "secp256k1"
|
||||
ecIDToName[Secp256r1] = "secp256r1"
|
||||
ecIDToName[Secp384r1] = "secp384r1"
|
||||
ecIDToName[Secp521r1] = "secp521r1"
|
||||
ecIDToName[BrainpoolP256r1] = "brainpoolp256r1"
|
||||
ecIDToName[BrainpoolP384r1] = "brainpoolp384r1"
|
||||
ecIDToName[BrainpoolP512r1] = "brainpoolp512r1"
|
||||
|
||||
ecNameToID = make(map[string]TLSCurveID, 64)
|
||||
ecNameToID["sect163k1"] = Sect163k1
|
||||
ecNameToID["sect163r1"] = Sect163r1
|
||||
ecNameToID["sect163r2"] = Sect163r2
|
||||
ecNameToID["sect193r1"] = Sect193r1
|
||||
ecNameToID["sect193r2"] = Sect193r2
|
||||
ecNameToID["sect233k1"] = Sect233k1
|
||||
ecNameToID["sect233r1"] = Sect233r1
|
||||
ecNameToID["sect239k1"] = Sect239k1
|
||||
ecNameToID["sect283k1"] = Sect283k1
|
||||
ecNameToID["sect283r1"] = Sect283r1
|
||||
ecNameToID["sect409k1"] = Sect409k1
|
||||
ecNameToID["sect409r1"] = Sect409r1
|
||||
ecNameToID["sect571k1"] = Sect571k1
|
||||
ecNameToID["sect571r1"] = Sect571r1
|
||||
ecNameToID["secp160k1"] = Secp160k1
|
||||
ecNameToID["secp160r1"] = Secp160r1
|
||||
ecNameToID["secp160r2"] = Secp160r2
|
||||
ecNameToID["secp192k1"] = Secp192k1
|
||||
ecNameToID["secp192r1"] = Secp192r1
|
||||
ecNameToID["secp224k1"] = Secp224k1
|
||||
ecNameToID["secp224r1"] = Secp224r1
|
||||
ecNameToID["secp256k1"] = Secp256k1
|
||||
ecNameToID["secp256r1"] = Secp256r1
|
||||
ecNameToID["secp384r1"] = Secp384r1
|
||||
ecNameToID["secp521r1"] = Secp521r1
|
||||
ecNameToID["brainpoolp256r1"] = BrainpoolP256r1
|
||||
ecNameToID["brainpoolp384r1"] = BrainpoolP384r1
|
||||
ecNameToID["brainpoolp512r1"] = BrainpoolP512r1
|
||||
}
|
|
@ -0,0 +1,65 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"crypto/rsa"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
type RSAPublicKey struct {
|
||||
*rsa.PublicKey
|
||||
}
|
||||
|
||||
type auxRSAPublicKey struct {
|
||||
Exponent int `json:"exponent"`
|
||||
Modulus []byte `json:"modulus"`
|
||||
Length int `json:"length"`
|
||||
}
|
||||
|
||||
type RSAClientParams struct {
|
||||
Length uint16 `json:"length,omitempty"`
|
||||
EncryptedPMS []byte `json:"encrypted_pre_master_secret,omitempty"`
|
||||
}
|
||||
|
||||
// MarshalJSON implements the json.Marshal interface
|
||||
func (rp *RSAPublicKey) MarshalJSON() ([]byte, error) {
|
||||
var aux auxRSAPublicKey
|
||||
if rp.PublicKey != nil {
|
||||
aux.Exponent = rp.E
|
||||
aux.Modulus = rp.N.Bytes()
|
||||
aux.Length = len(aux.Modulus) * 8
|
||||
}
|
||||
return json.Marshal(&aux)
|
||||
}
|
||||
|
||||
// UnmarshalJSON implements the json.Unmarshal interface
|
||||
func (rp *RSAPublicKey) UnmarshalJSON(b []byte) error {
|
||||
var aux auxRSAPublicKey
|
||||
if err := json.Unmarshal(b, &aux); err != nil {
|
||||
return err
|
||||
}
|
||||
if rp.PublicKey == nil {
|
||||
rp.PublicKey = new(rsa.PublicKey)
|
||||
}
|
||||
rp.E = aux.Exponent
|
||||
rp.N = big.NewInt(0).SetBytes(aux.Modulus)
|
||||
if len(aux.Modulus)*8 != aux.Length {
|
||||
return fmt.Errorf("mismatched length (got %d, field specified %d)", len(aux.Modulus), aux.Length)
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
/*
|
||||
* ZGrab Copyright 2015 Regents of the University of Michigan
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* permissions and limitations under the License.
|
||||
*/
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"crypto/rsa"
|
||||
"encoding/json"
|
||||
"math/big"
|
||||
"testing"
|
||||
|
||||
. "gopkg.in/check.v1"
|
||||
)
|
||||
|
||||
func TestRSA(t *testing.T) { TestingT(t) }
|
||||
|
||||
var test4096Modulus = []byte{0xD4, 0x0C, 0xE0, 0x39, 0x57, 0xAA, 0x36, 0x31, 0x89, 0x38, 0xD0, 0xDE, 0x36, 0xFF, 0xDF, 0x03, 0xD7, 0x98, 0xA5, 0xD9, 0x21, 0x98, 0xA4, 0x94, 0xBE, 0x2B, 0x22, 0x5B, 0x9A, 0xFF, 0x94, 0x75, 0xEA, 0x7E, 0x2E, 0x13, 0x59, 0x83, 0x2E, 0x34, 0x2E, 0xF0, 0x3B, 0x14, 0x83, 0x8F, 0xAB, 0x84, 0x51, 0x74, 0xA6, 0x0F, 0xE9, 0x69, 0x21, 0x8A, 0xEC, 0x8D, 0x1F, 0xCF, 0x73, 0x88, 0xAA, 0x75, 0xF4, 0x8D, 0x56, 0xD2, 0xEA, 0xBE, 0x49, 0xB2, 0xE6, 0x16, 0xC1, 0x4D, 0x9A, 0x2D, 0x78, 0x59, 0xFA, 0xE9, 0x32, 0xF3, 0x59, 0xA7, 0x95, 0xFB, 0x44, 0x3D, 0x88, 0xC7, 0xCE, 0x08, 0xE9, 0xE4, 0xAD, 0x93, 0x3F, 0x44, 0x49, 0xEF, 0x06, 0x0A, 0x16, 0xC9, 0xF9, 0x5B, 0xEB, 0x1F, 0x74, 0xCB, 0x68, 0x33, 0xCC, 0xB1, 0x2A, 0x8C, 0xA6, 0x18, 0x43, 0xC9, 0x9A, 0xD2, 0x36, 0x7E, 0x9F, 0x45, 0x04, 0xE6, 0xED, 0x7E, 0x02, 0x48, 0x7A, 0x8C, 0xEE, 0x84, 0x14, 0x08, 0xEC, 0x3C, 0x49, 0xFC, 0xE9, 0x68, 0xFE, 0xE5, 0x41, 0x4D, 0x6D, 0x1B, 0xCF, 0xE6, 0x1D, 0xC9, 0xCA, 0x4B, 0x09, 0xE3, 0xB5, 0x73, 0x2B, 0xF4, 0xA5, 0xEF, 0x05, 0x2B, 0x29, 0x49, 0xC8, 0xE6, 0xE7, 0x0C, 0xBA, 0xE4, 0x4F, 0xE9, 0x0F, 0xAA, 0x52, 0xFB, 0xA5, 0x01, 0x85, 0x8B, 0x03, 0x22, 0x17, 0xCF, 0xD5, 0x0F, 0x52, 0xE9, 0xFE, 0xAE, 0x89, 0x28, 0x8F, 0x13, 0x34, 0x5F, 0x3E, 0xD2, 0xFC, 0x3E, 0x27, 0x86, 0x37, 0xD2, 0x15, 0xFE, 0x36, 0x9C, 0xF6, 0x18, 0x8F, 0x09, 0xC4, 0x1F, 0x93, 0x57, 0xCE, 0x73, 0x70, 0xFA, 0xF6, 0x05, 0x8C, 0xA8, 0x70, 0xE0, 0x08, 0xF4, 0xFD, 0xA7, 0xFA, 0x08, 0x80, 0x46, 0xD7, 0xF7, 0x6B, 0xF6, 0x3B, 0xDF, 0xA4, 0x3E, 0xAC, 0xD1, 0x8D, 0x5D, 0xA9, 0x85, 0xFE, 0xC6, 0x41, 0x57, 0x25, 0x48, 0xDF, 0x26, 0xD5, 0x4C, 0xEF, 0xB2, 0xB8, 0x1A, 0xAA, 0x4E, 0x9F, 0x12, 0x80, 0xFC, 0x1D, 0x0E, 0x45, 0x65, 0xBF, 0x77, 0x9F, 0x8E, 0x1E, 0x9D, 0xBD, 0x8F, 0xA8, 0x6F, 0xD6, 0x22, 0x70, 0x87, 0x3D, 0x92, 0xF8, 0x85, 0x75, 0x8C, 0xFA, 0xE6, 0x39, 0x56, 0x3B, 0x51, 0x4D, 0xAE, 0x69, 0x44, 0x19, 0x5E, 0xA5, 0x36, 0xD5, 0x60, 0x61, 0xE4, 0x8B, 0x2F, 0xAF, 0xB2, 0x55, 0xC1, 0x59, 0xF0, 0x32, 0xA6, 0xCC, 0x92, 0x19, 0x25, 0xED, 0x91, 0x15, 0x4F, 0x43, 0x7F, 0xB7, 0x0E, 0x3C, 0x42, 0x31, 0xCA, 0x5E, 0xCA, 0xC0, 0x5C, 0xDE, 0xB8, 0x95, 0x5C, 0x08, 0xDF, 0x15, 0xE3, 0x05, 0x3A, 0xBC, 0xA9, 0x57, 0xF1, 0x6F, 0xA6, 0xBB, 0xA6, 0x14, 0x43, 0xDE, 0x62, 0xD4, 0x91, 0xAC, 0x73, 0x7A, 0x4D, 0x09, 0xBC, 0xF6, 0xD0, 0xB7, 0xA9, 0xEE, 0x6E, 0x00, 0xE4, 0x9A, 0x14, 0x39, 0x30, 0xBE, 0xBC, 0x33, 0x66, 0x4A, 0xD3, 0x3F, 0xC8, 0x12, 0x73, 0x75, 0x62, 0x75, 0x0E, 0xDA, 0xEB, 0x77, 0xBA, 0x6D, 0x4F, 0x2F, 0x44, 0x58, 0xD8, 0x89, 0xE2, 0xDF, 0xE4, 0x89, 0x6B, 0xC0, 0x4F, 0xF0, 0xB3, 0xEE, 0x44, 0x65, 0xCF, 0xA4, 0xA6, 0x1A, 0x0F, 0x1A, 0x08, 0xC3, 0xF5, 0xB0, 0x23, 0x10, 0x3B, 0xF2, 0xC2, 0x82, 0x2B, 0x73, 0xA7, 0x18, 0x31, 0x92, 0x86, 0x59, 0x36, 0x65, 0xF8, 0xF1, 0xD0, 0x29, 0x8F, 0x6B, 0x05, 0x3F, 0xCD, 0x56, 0x30, 0xD2, 0x08, 0x12, 0x49, 0x4D, 0x20, 0xC3, 0xB5, 0x8C, 0x48, 0x5C, 0x02, 0xAE, 0x0C, 0x09, 0x47, 0xBD, 0xE5, 0xE9, 0xE7, 0x0C, 0x27, 0xC7, 0x15, 0xCE, 0xC7, 0x3F, 0x87, 0x22, 0x20, 0xE8, 0x6D, 0x8D, 0x8A, 0x6E, 0x73, 0xF1, 0x04, 0x9F, 0x55, 0xA2, 0xF6, 0xB6, 0x10, 0x42, 0x3E, 0xE2, 0x70, 0x98, 0x7F}
|
||||
|
||||
type RSASuite struct {
|
||||
pk4096 *RSAPublicKey
|
||||
}
|
||||
|
||||
var _ = Suite(&RSASuite{})
|
||||
|
||||
func (s *RSASuite) SetUpTest(c *C) {
|
||||
s.pk4096 = new(RSAPublicKey)
|
||||
s.pk4096.PublicKey = new(rsa.PublicKey)
|
||||
s.pk4096.E = 65537
|
||||
s.pk4096.N = big.NewInt(0).SetBytes(test4096Modulus)
|
||||
}
|
||||
|
||||
func (s *RSASuite) TestEncodeDecode(c *C) {
|
||||
b, err := json.Marshal(s.pk4096)
|
||||
c.Assert(err, IsNil)
|
||||
c.Assert(b, NotNil)
|
||||
var dec RSAPublicKey
|
||||
err = json.Unmarshal(b, &dec)
|
||||
c.Assert(err, IsNil)
|
||||
c.Check(&dec, DeepEquals, s.pk4096)
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAK5q+uEdYHZkVhcBVRTwOHGgnqIMAgMONcfULTJqYSRy3mRTt+q0iVH5
|
||||
LiRtGxjEqrVcDJDs+aA92AnvhW50w8ITQheqaHn9nLXtbjox54bKCLzm52XLsgjq
|
||||
jCE85g5m3V59BFfY5LML70BxDKHiEnWAkoUibs83Q0gnTCEi5sfjAgEC
|
||||
-----END DH PARAMETERS-----
|
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKQIBAAKCAgEA1AzgOVeqNjGJONDeNv/fA9eYpdkhmKSUvisiW5r/lHXqfi4T
|
||||
WYMuNC7wOxSDj6uEUXSmD+lpIYrsjR/Pc4iqdfSNVtLqvkmy5hbBTZoteFn66TLz
|
||||
WaeV+0Q9iMfOCOnkrZM/REnvBgoWyflb6x90y2gzzLEqjKYYQ8ma0jZ+n0UE5u1+
|
||||
Akh6jO6EFAjsPEn86Wj+5UFNbRvP5h3JyksJ47VzK/Sl7wUrKUnI5ucMuuRP6Q+q
|
||||
UvulAYWLAyIXz9UPUun+rokojxM0Xz7S/D4nhjfSFf42nPYYjwnEH5NXznNw+vYF
|
||||
jKhw4Aj0/af6CIBG1/dr9jvfpD6s0Y1dqYX+xkFXJUjfJtVM77K4GqpOnxKA/B0O
|
||||
RWW/d5+OHp29j6hv1iJwhz2S+IV1jPrmOVY7UU2uaUQZXqU21WBh5Isvr7JVwVnw
|
||||
MqbMkhkl7ZEVT0N/tw48QjHKXsrAXN64lVwI3xXjBTq8qVfxb6a7phRD3mLUkaxz
|
||||
ek0JvPbQt6nubgDkmhQ5ML68M2ZK0z/IEnN1YnUO2ut3um1PL0RY2Ini3+SJa8BP
|
||||
8LPuRGXPpKYaDxoIw/WwIxA78sKCK3OnGDGShlk2Zfjx0CmPawU/zVYw0ggSSU0g
|
||||
w7WMSFwCrgwJR73l6ecMJ8cVzsc/hyIg6G2Nim5z8QSfVaL2thBCPuJwmH8CAwEA
|
||||
AQKCAgEAjsoY1yQ8HwAeWh7z8+862ph8VvmukN4Ktz/OhAcMoYkBnXQjXXxjSYpu
|
||||
BCqdKMqjcEJvbHmNbKPjBGjuRes6dfF2l4exwO9Zw2yBQGNYyRk2R4AitDWQXkGm
|
||||
eguppwDxFxz3VmG+zb9PdzQt/FcTS8FgWC7Y6xsRbdw9H97IRzGvyl0UJC9wLqSS
|
||||
VfdoNHTSFM66DeB6ZcV7qoZWkp0TDL3rzyaP8jL1zHi+CxZ80QDa+qKs2/JOO4cU
|
||||
g8iaZj4fcoLVF+yOXkHdW2Gvq2GjNdMy6dJkLi/de7xkz6plT0UXSDcQp5XpZEND
|
||||
zecmDEFs8xLOJWJOB4iY0QczkesEEny0MyXs2YgALDrFkttqR4V05TB/0UPt9vmX
|
||||
Nm8pCZGfozWmCaPVB7HgWTbyyGa7Hokyq+2H6wtDy3quD3aPzy4A1W2BKlCDCUFG
|
||||
oW/k4pK40JN4F2MWXFpYYn8QW7m7NQhLjrNgzIJ/op/4rdX8MI1vxuYAU/Kbfs+W
|
||||
0I/4WnJBbtYN6RSveN7bEt5z4A5ZhWbURLTW/tum7BhjPisJ9ir47jOeLCv1pL+l
|
||||
tO4iwcLy1IqFFRwSBXpRe0wxWDwTA2ZlV6iQrWKnBMKDs6Segnv51ELsvSjRZNZ9
|
||||
nY28ippWzCt7zkFrIKvyhHNOCARknAls1fJsFNC3VaCWNLUz16ECggEBAOqhOWq3
|
||||
ffSokFS5caMTx5EDWmu1FzE8cKoJDVevwdHAv3riiItp8zmtbzNjjnVE2Qt0GEP1
|
||||
woQD4E/JDFmoFaZX7ggEko7Lfsabv+x6ITyL0N5a0JlyOpFt61khpHGR3BN7SsaP
|
||||
80KbUMoLF/oMBdrkQfc7N/yGLY+4K3tYAtqj/tn+HXw64+vKOitHkkNx2lETPvWF
|
||||
v+0R7wIBbWOpJJZJJJAsOFMw/+iCDaHURkCtK8Zp/EVlq0z886sOSxorYLrgJ+1i
|
||||
Dacjxpe2X3i2OeL95LsFQ8qwDWRLcs0KoGeg10G0+00jfMyuZMWCmuFuidSfT+t3
|
||||
/KamPMy7IhNBDg8CggEBAOddLJCLZ1hxt7ch+Pn5Vpr1yzIsyZh4xwwVkWniJ120
|
||||
aimq7CDDJ1ScRcNnRIw22MLE29yQIUbk8TvFJS33YwU+tkLjBg7pgfqR0duhue+R
|
||||
J4Jq/W5KBnv+Uc4/Mp3RXjzGvdGW8amrsGdFi/sx2bGAFcIRRXtwJdxGxi/BCRHk
|
||||
UbK2GyDPap/4gpwvzp7QSzYotUxo10ekG8INaEU7Cp25FjshTW54nY4SJQYefWL/
|
||||
lViSqXIDQZelunrg24n/nAqulwUjVFeqWQZIo0ukogba54oRPkDxTR6OVy5kWPMx
|
||||
mKI4Qx8u6/yaGaHoTx9rhQkWRS5rb/PcjtIHM2PQPpECggEAVtMqqC8W0T6/ilrF
|
||||
jo93PlZ7U3hECNhQ6NtIsLY9hx1IvnSuCsk+VI21pNKmmQbNOsvPXvbG8Ituqpe/
|
||||
lj35JQFM+HKYuXbchyqDr0LSodErjd0VbHM08TQ371ffvpc3VY4+cZQ7dN582weX
|
||||
69QfJo1pS9ACO9R7b7+7d31uMPKXEJxU1PAF/+9p7zIhEgxDudTha4H/L/9+7sMQ
|
||||
c9zXyTVv7louzbpIOQZHfSdMiAqNNHNsA1JIPcktcpNrf1emCAGDRPkQDFXU27eF
|
||||
ROpKKZHC3uJn382eZwr0hKP2D+MZRRtwE2+aczPl3qEiJ2H8Z049COnx+Mlznl9x
|
||||
kKZ2SQKCAQAm6D9PS3IkqHL5pAfnmaubwYvbMzbvohfvC0153eM62dUkjq7Iz6i0
|
||||
jNcahio73hlTn6FNlRtTfbqnj36yHTEUt7gUxXLGXTRTe+QrqCXJiMJ5Jx7ZRi+S
|
||||
+HCvW2darNPJKq7PKTAYlVvD8ikZJAf01pJSIW9q07A6O9imPTMWRCwM/pzPRrIq
|
||||
lrL4Kv33LRYI1I2wfMz/KjTUzEZlpgkh/vcjGHWaB0SPmLOLNONnG4306C0AlFWa
|
||||
d+9FLL0eltKZ5URWQ9uyJl50NRDo7pWky3k2ebHbX/jVE6DLl2px8zw0w3teKhjb
|
||||
UNrQpG1x3jXwEkOuC7k27DdEUJuuxF1RAoIBAQDDObyAVl7JQvCvEKjsayPfHmyQ
|
||||
/Jav29/SrIEWH3DZu4/aXa5bwaSe4thWlMHp1aidpia18D2y9gABimPNBKZADTMs
|
||||
GSyXwm5kO4oCAH1MuV6LaFjTNH6P5y8v1Ul17cphIgcWjaKoz4DTQzYaD6I6EZxE
|
||||
tADHJlMYezlr64shcmjyP/He+x7J1cwF3j+c2ffXmn4EzcU9NDvgYs0YMRsRuoD/
|
||||
uEK1DukCPPb3CRS4flgdIsTWvjQeLXbgYlB+v94L9OKJm4MEpApBXIy6+26JxeBf
|
||||
KOc8qq/4qn1Xi9WiJif6chcn2Vglj585f/ugAO3ZshsGNXeFoqa0awl64ZJY
|
||||
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in New Issue