diff --git a/lib/ssh/agent/client.go b/lib/ssh/agent/client.go index 3822f05..d5fa8f4 100644 --- a/lib/ssh/agent/client.go +++ b/lib/ssh/agent/client.go @@ -9,7 +9,7 @@ // // References: // [PROTOCOL.agent]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD -package agent // import "github.com/zmap/zgrab/ztools/xssh/agent" +package agent // import "github.com/zmap/zgrab2/lib/agent" import ( "bytes" @@ -25,7 +25,7 @@ import ( "math/big" "sync" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" "golang.org/x/crypto/ed25519" ) @@ -36,13 +36,13 @@ type Agent interface { // Sign has the agent sign the data using a protocol 2 key as defined // in [PROTOCOL.agent] section 2.6.2. - Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) + Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) // Add adds a private key to the agent. Add(key AddedKey) error // Remove removes all identities with the given public key. - Remove(key xssh.PublicKey) error + Remove(key ssh.PublicKey) error // RemoveAll removes all identities. RemoveAll() error @@ -54,7 +54,7 @@ type Agent interface { Unlock(passphrase []byte) error // Signers returns signers for all the known keys. - Signers() ([]xssh.Signer, error) + Signers() ([]ssh.Signer, error) } // AddedKey describes an SSH key to be added to an Agent. @@ -64,7 +64,7 @@ type AddedKey struct { PrivateKey interface{} // Certificate, if not nil, is communicated to the agent and will be // stored with the key. - Certificate *xssh.Certificate + Certificate *ssh.Certificate // Comment is an optional, free-form string. Comment string // LifetimeSecs, if not zero, is the number of seconds that the @@ -103,7 +103,7 @@ const ( const maxAgentResponseBytes = 16 << 20 // Agent messages: -// These structures mirror the wire format of the corresponding xssh agent +// These structures mirror the wire format of the corresponding ssh agent // messages found in [PROTOCOL.agent]. // 3.4 Generic replies from agent to client @@ -190,8 +190,8 @@ func (k *Key) Marshal() []byte { } // Verify satisfies the ssh.PublicKey interface. -func (k *Key) Verify(data []byte, sig *xssh.Signature) error { - pubKey, err := xssh.ParsePublicKey(k.Blob) +func (k *Key) Verify(data []byte, sig *ssh.Signature) error { + pubKey, err := ssh.ParsePublicKey(k.Blob) if err != nil { return fmt.Errorf("agent: bad public key: %v", err) } @@ -210,12 +210,12 @@ func parseKey(in []byte) (out *Key, rest []byte, err error) { Rest []byte `ssh:"rest"` } - if err := xssh.Unmarshal(in, &record); err != nil { + if err := ssh.Unmarshal(in, &record); err != nil { return nil, nil, err } var wk wireKey - if err := xssh.Unmarshal(record.Blob, &wk); err != nil { + if err := ssh.Unmarshal(record.Blob, &wk); err != nil { return nil, nil, err } @@ -289,22 +289,22 @@ func (c *client) RemoveAll() error { return c.simpleCall([]byte{agentRemoveAllIdentities}) } -func (c *client) Remove(key xssh.PublicKey) error { - req := xssh.Marshal(&agentRemoveIdentityMsg{ +func (c *client) Remove(key ssh.PublicKey) error { + req := ssh.Marshal(&agentRemoveIdentityMsg{ KeyBlob: key.Marshal(), }) return c.simpleCall(req) } func (c *client) Lock(passphrase []byte) error { - req := xssh.Marshal(&agentLockMsg{ + req := ssh.Marshal(&agentLockMsg{ Passphrase: passphrase, }) return c.simpleCall(req) } func (c *client) Unlock(passphrase []byte) error { - req := xssh.Marshal(&agentUnlockMsg{ + req := ssh.Marshal(&agentUnlockMsg{ Passphrase: passphrase, }) return c.simpleCall(req) @@ -344,8 +344,8 @@ func (c *client) List() ([]*Key, error) { // Sign has the agent sign the data using a protocol 2 key as defined // in [PROTOCOL.agent] section 2.6.2. -func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) { - req := xssh.Marshal(signRequestAgentMsg{ +func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) { + req := ssh.Marshal(signRequestAgentMsg{ KeyBlob: key.Marshal(), Data: data, }) @@ -357,8 +357,8 @@ func (c *client) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) switch msg := msg.(type) { case *signResponseAgentMsg: - var sig xssh.Signature - if err := xssh.Unmarshal(msg.SigBlob, &sig); err != nil { + var sig ssh.Signature + if err := ssh.Unmarshal(msg.SigBlob, &sig); err != nil { return nil, err } @@ -390,7 +390,7 @@ func unmarshal(packet []byte) (interface{}, error) { default: return nil, fmt.Errorf("agent: unknown type tag %d", packet[0]) } - if err := xssh.Unmarshal(packet, msg); err != nil { + if err := ssh.Unmarshal(packet, msg); err != nil { return nil, err } return msg, nil @@ -445,8 +445,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes)) } k.Precompute() - req = xssh.Marshal(rsaKeyMsg{ - Type: xssh.KeyAlgoRSA, + req = ssh.Marshal(rsaKeyMsg{ + Type: ssh.KeyAlgoRSA, N: k.N, E: big.NewInt(int64(k.E)), D: k.D, @@ -457,8 +457,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er Constraints: constraints, }) case *dsa.PrivateKey: - req = xssh.Marshal(dsaKeyMsg{ - Type: xssh.KeyAlgoDSA, + req = ssh.Marshal(dsaKeyMsg{ + Type: ssh.KeyAlgoDSA, P: k.P, Q: k.Q, G: k.G, @@ -469,7 +469,7 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er }) case *ecdsa.PrivateKey: nistID := fmt.Sprintf("nistp%d", k.Params().BitSize) - req = xssh.Marshal(ecdsaKeyMsg{ + req = ssh.Marshal(ecdsaKeyMsg{ Type: "ecdsa-sha2-" + nistID, Curve: nistID, KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y), @@ -478,8 +478,8 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er Constraints: constraints, }) case *ed25519.PrivateKey: - req = xssh.Marshal(ed25519KeyMsg{ - Type: xssh.KeyAlgoED25519, + req = ssh.Marshal(ed25519KeyMsg{ + Type: ssh.KeyAlgoED25519, Pub: []byte(*k)[32:], Priv: []byte(*k), Comments: comment, @@ -564,7 +564,7 @@ func (c *client) Add(key AddedKey) error { } } -func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment string, constraints []byte) error { +func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error { var req []byte switch k := s.(type) { case *rsa.PrivateKey: @@ -572,7 +572,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes)) } k.Precompute() - req = xssh.Marshal(rsaCertMsg{ + req = ssh.Marshal(rsaCertMsg{ Type: cert.Type(), CertBytes: cert.Marshal(), D: k.D, @@ -583,7 +583,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin Constraints: constraints, }) case *dsa.PrivateKey: - req = xssh.Marshal(dsaCertMsg{ + req = ssh.Marshal(dsaCertMsg{ Type: cert.Type(), CertBytes: cert.Marshal(), X: k.X, @@ -591,7 +591,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin Constraints: constraints, }) case *ecdsa.PrivateKey: - req = xssh.Marshal(ecdsaCertMsg{ + req = ssh.Marshal(ecdsaCertMsg{ Type: cert.Type(), CertBytes: cert.Marshal(), D: k.D, @@ -599,7 +599,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin Constraints: constraints, }) case *ed25519.PrivateKey: - req = xssh.Marshal(ed25519CertMsg{ + req = ssh.Marshal(ed25519CertMsg{ Type: cert.Type(), CertBytes: cert.Marshal(), Pub: []byte(*k)[32:], @@ -616,7 +616,7 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin req[0] = agentAddIdConstrained } - signer, err := xssh.NewSignerFromKey(s) + signer, err := ssh.NewSignerFromKey(s) if err != nil { return err } @@ -635,13 +635,13 @@ func (c *client) insertCert(s interface{}, cert *xssh.Certificate, comment strin } // Signers provides a callback for client authentication. -func (c *client) Signers() ([]xssh.Signer, error) { +func (c *client) Signers() ([]ssh.Signer, error) { keys, err := c.List() if err != nil { return nil, err } - var result []xssh.Signer + var result []ssh.Signer for _, k := range keys { result = append(result, &agentKeyringSigner{c, k}) } @@ -650,14 +650,14 @@ func (c *client) Signers() ([]xssh.Signer, error) { type agentKeyringSigner struct { agent *client - pub xssh.PublicKey + pub ssh.PublicKey } -func (s *agentKeyringSigner) PublicKey() xssh.PublicKey { +func (s *agentKeyringSigner) PublicKey() ssh.PublicKey { return s.pub } -func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*xssh.Signature, error) { +func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error) { // The agent has its own entropy source, so the rand argument is ignored. return s.agent.Sign(s.pub, data) } diff --git a/lib/ssh/agent/client_test.go b/lib/ssh/agent/client_test.go index a350092..19da994 100644 --- a/lib/ssh/agent/client_test.go +++ b/lib/ssh/agent/client_test.go @@ -16,7 +16,7 @@ import ( "testing" "time" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" ) // startAgent executes ssh-agent, and returns a Agent interface to it. @@ -79,20 +79,20 @@ func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) { } } -func testAgent(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) { +func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) { agent, _, cleanup := startAgent(t) defer cleanup() testAgentInterface(t, agent, key, cert, lifetimeSecs) } -func testKeyring(t *testing.T, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) { +func testKeyring(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) { a := NewKeyring() testAgentInterface(t, a, key, cert, lifetimeSecs) } -func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.Certificate, lifetimeSecs uint32) { - signer, err := xssh.NewSignerFromKey(key) +func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) { + signer, err := ssh.NewSignerFromKey(key) if err != nil { t.Fatalf("NewSignerFromKey(%T): %v", key, err) } @@ -104,7 +104,7 @@ func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *xssh.C } // Attempt to insert the key, with certificate if specified. - var pubKey xssh.PublicKey + var pubKey ssh.PublicKey if cert != nil { err = agent.Add(AddedKey{ PrivateKey: key, @@ -165,10 +165,10 @@ func DISABLED_TestAgent(t *testing.T) { } func TestCert(t *testing.T) { - cert := &xssh.Certificate{ + cert := &ssh.Certificate{ Key: testPublicKeys["rsa"], - ValidBefore: xssh.CertTimeInfinity, - CertType: xssh.UserCert, + ValidBefore: ssh.CertTimeInfinity, + CertType: ssh.UserCert, } cert.SignCert(rand.Reader, testSigners["ecdsa"]) @@ -215,9 +215,9 @@ func TestAuth(t *testing.T) { t.Errorf("Add: %v", err) } - serverConf := xssh.ServerConfig{} + serverConf := ssh.ServerConfig{} serverConf.AddHostKey(testSigners["rsa"]) - serverConf.PublicKeyCallback = func(c xssh.ConnMetadata, key xssh.PublicKey) (*xssh.Permissions, error) { + serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) { return nil, nil } @@ -226,16 +226,16 @@ func TestAuth(t *testing.T) { } go func() { - conn, _, _, err := xssh.NewServerConn(a, &serverConf) + conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf("Server: %v", err) } conn.Close() }() - conf := xssh.ClientConfig{} - conf.Auth = append(conf.Auth, xssh.PublicKeysCallback(agent.Signers)) - conn, _, _, err := xssh.NewClientConn(b, "", &conf) + conf := ssh.ClientConfig{} + conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers)) + conn, _, _, err := ssh.NewClientConn(b, "", &conf) if err != nil { t.Fatalf("NewClientConn: %v", err) } @@ -272,7 +272,7 @@ func testLockAgent(agent Agent, t *testing.T) { t.Errorf("Want 0 keys, got %v", keys) } - signer, _ := xssh.NewSignerFromKey(testPrivateKeys["rsa"]) + signer, _ := ssh.NewSignerFromKey(testPrivateKeys["rsa"]) if _, err := agent.Sign(signer.PublicKey(), []byte("hello")); err == nil { t.Fatalf("Sign did not fail") } @@ -318,10 +318,10 @@ func TestAgentLifetime(t *testing.T) { t.Fatalf("add: %v", err) } // Add certs to the agent. - cert := &xssh.Certificate{ + cert := &ssh.Certificate{ Key: testPublicKeys[keyType], - ValidBefore: xssh.CertTimeInfinity, - CertType: xssh.UserCert, + ValidBefore: ssh.CertTimeInfinity, + CertType: ssh.UserCert, } cert.SignCert(rand.Reader, testSigners[keyType]) err = agent.Add(AddedKey{ diff --git a/lib/ssh/agent/example_test.go b/lib/ssh/agent/example_test.go index 582b878..80b9326 100644 --- a/lib/ssh/agent/example_test.go +++ b/lib/ssh/agent/example_test.go @@ -9,8 +9,8 @@ import ( "net" "os" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/agent" + "github.com/zmap/zgrab2/lib/agent" + "github.com/zmap/zgrab2/lib/ssh" ) func ExampleClientAgent() { @@ -21,17 +21,17 @@ func ExampleClientAgent() { log.Fatalf("net.Dial: %v", err) } agentClient := agent.NewClient(conn) - config := &xssh.ClientConfig{ + config := &ssh.ClientConfig{ User: "username", - Auth: []xssh.AuthMethod{ + Auth: []ssh.AuthMethod{ // Use a callback rather than PublicKeys // so we only consult the agent once the remote server // wants it. - xssh.PublicKeysCallback(agentClient.Signers), + ssh.PublicKeysCallback(agentClient.Signers), }, } - sshc, err := xssh.Dial("tcp", "localhost:22", config) + sshc, err := ssh.Dial("tcp", "localhost:22", config) if err != nil { log.Fatalf("Dial: %v", err) } diff --git a/lib/ssh/agent/forward.go b/lib/ssh/agent/forward.go index c7969ac..4302a72 100644 --- a/lib/ssh/agent/forward.go +++ b/lib/ssh/agent/forward.go @@ -10,13 +10,13 @@ import ( "net" "sync" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" ) // RequestAgentForwarding sets up agent forwarding for the session. // ForwardToAgent or ForwardToRemote should be called to route // the authentication requests. -func RequestAgentForwarding(session *xssh.Session) error { +func RequestAgentForwarding(session *ssh.Session) error { ok, err := session.SendRequest("auth-agent-req@openssh.com", true, nil) if err != nil { return err @@ -28,7 +28,7 @@ func RequestAgentForwarding(session *xssh.Session) error { } // ForwardToAgent routes authentication requests to the given keyring. -func ForwardToAgent(client *xssh.Client, keyring Agent) error { +func ForwardToAgent(client *ssh.Client, keyring Agent) error { channels := client.HandleChannelOpen(channelType) if channels == nil { return errors.New("agent: already have handler for " + channelType) @@ -40,7 +40,7 @@ func ForwardToAgent(client *xssh.Client, keyring Agent) error { if err != nil { continue } - go xssh.DiscardRequests(reqs) + go ssh.DiscardRequests(reqs) go func() { ServeAgent(keyring, channel) channel.Close() @@ -54,7 +54,7 @@ const channelType = "auth-agent@openssh.com" // ForwardToRemote routes authentication requests to the ssh-agent // process serving on the given unix socket. -func ForwardToRemote(client *xssh.Client, addr string) error { +func ForwardToRemote(client *ssh.Client, addr string) error { channels := client.HandleChannelOpen(channelType) if channels == nil { return errors.New("agent: already have handler for " + channelType) @@ -71,14 +71,14 @@ func ForwardToRemote(client *xssh.Client, addr string) error { if err != nil { continue } - go xssh.DiscardRequests(reqs) + go ssh.DiscardRequests(reqs) go forwardUnixSocket(channel, addr) } }() return nil } -func forwardUnixSocket(channel xssh.Channel, addr string) { +func forwardUnixSocket(channel ssh.Channel, addr string) { conn, err := net.Dial("unix", addr) if err != nil { return diff --git a/lib/ssh/agent/keyring.go b/lib/ssh/agent/keyring.go index 71af400..b5bbfac 100644 --- a/lib/ssh/agent/keyring.go +++ b/lib/ssh/agent/keyring.go @@ -13,11 +13,11 @@ import ( "sync" "time" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" ) type privKey struct { - signer xssh.Signer + signer ssh.Signer comment string expire *time.Time } @@ -72,7 +72,7 @@ func (r *keyring) removeLocked(want []byte) error { } // Remove removes all identities with the given public key. -func (r *keyring) Remove(key xssh.PublicKey) error { +func (r *keyring) Remove(key ssh.PublicKey) error { r.mu.Lock() defer r.mu.Unlock() if r.locked { @@ -152,14 +152,14 @@ func (r *keyring) Add(key AddedKey) error { if r.locked { return errLocked } - signer, err := xssh.NewSignerFromKey(key.PrivateKey) + signer, err := ssh.NewSignerFromKey(key.PrivateKey) if err != nil { return err } if cert := key.Certificate; cert != nil { - signer, err = xssh.NewCertSigner(cert, signer) + signer, err = ssh.NewCertSigner(cert, signer) if err != nil { return err } @@ -181,7 +181,7 @@ func (r *keyring) Add(key AddedKey) error { } // Sign returns a signature for the data. -func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) { +func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) { r.mu.Lock() defer r.mu.Unlock() if r.locked { @@ -199,7 +199,7 @@ func (r *keyring) Sign(key xssh.PublicKey, data []byte) (*xssh.Signature, error) } // Signers returns signers for all the known keys. -func (r *keyring) Signers() ([]xssh.Signer, error) { +func (r *keyring) Signers() ([]ssh.Signer, error) { r.mu.Lock() defer r.mu.Unlock() if r.locked { @@ -207,7 +207,7 @@ func (r *keyring) Signers() ([]xssh.Signer, error) { } r.expireKeysLocked() - s := make([]xssh.Signer, 0, len(r.keys)) + s := make([]ssh.Signer, 0, len(r.keys)) for _, k := range r.keys { s = append(s, k.signer) } diff --git a/lib/ssh/agent/server.go b/lib/ssh/agent/server.go index 605df62..bd0b201 100644 --- a/lib/ssh/agent/server.go +++ b/lib/ssh/agent/server.go @@ -16,7 +16,7 @@ import ( "log" "math/big" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" "golang.org/x/crypto/ed25519" ) @@ -40,7 +40,7 @@ func (s *server) processRequestBytes(reqData []byte) []byte { return []byte{agentSuccess} } - return xssh.Marshal(rep) + return ssh.Marshal(rep) } func marshalKey(k *Key) []byte { @@ -51,7 +51,7 @@ func marshalKey(k *Key) []byte { record.Blob = k.Marshal() record.Comment = k.Comment - return xssh.Marshal(&record) + return ssh.Marshal(&record) } // See [PROTOCOL.agent], section 2.5.1. @@ -83,12 +83,12 @@ func (s *server) processRequest(data []byte) (interface{}, error) { case agentRemoveIdentity: var req agentRemoveIdentityMsg - if err := xssh.Unmarshal(data, &req); err != nil { + if err := ssh.Unmarshal(data, &req); err != nil { return nil, err } var wk wireKey - if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil { + if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil { return nil, err } @@ -99,7 +99,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) { case agentLock: var req agentLockMsg - if err := xssh.Unmarshal(data, &req); err != nil { + if err := ssh.Unmarshal(data, &req); err != nil { return nil, err } @@ -107,19 +107,19 @@ func (s *server) processRequest(data []byte) (interface{}, error) { case agentUnlock: var req agentLockMsg - if err := xssh.Unmarshal(data, &req); err != nil { + if err := ssh.Unmarshal(data, &req); err != nil { return nil, err } return nil, s.agent.Unlock(req.Passphrase) case agentSignRequest: var req signRequestAgentMsg - if err := xssh.Unmarshal(data, &req); err != nil { + if err := ssh.Unmarshal(data, &req); err != nil { return nil, err } var wk wireKey - if err := xssh.Unmarshal(req.KeyBlob, &wk); err != nil { + if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil { return nil, err } @@ -132,7 +132,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) { if err != nil { return nil, err } - return &signResponseAgentMsg{SigBlob: xssh.Marshal(sig)}, nil + return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil case agentRequestIdentities: keys, err := s.agent.List() @@ -157,7 +157,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) { func parseRSAKey(req []byte) (*AddedKey, error) { var k rsaKeyMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } if k.E.BitLen() > 30 { @@ -178,7 +178,7 @@ func parseRSAKey(req []byte) (*AddedKey, error) { func parseEd25519Key(req []byte) (*AddedKey, error) { var k ed25519KeyMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } priv := ed25519.PrivateKey(k.Priv) @@ -187,7 +187,7 @@ func parseEd25519Key(req []byte) (*AddedKey, error) { func parseDSAKey(req []byte) (*AddedKey, error) { var k dsaKeyMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } priv := &dsa.PrivateKey{ @@ -231,15 +231,15 @@ func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (pri func parseEd25519Cert(req []byte) (*AddedKey, error) { var k ed25519CertMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } - pubKey, err := xssh.ParsePublicKey(k.CertBytes) + pubKey, err := ssh.ParsePublicKey(k.CertBytes) if err != nil { return nil, err } priv := ed25519.PrivateKey(k.Priv) - cert, ok := pubKey.(*xssh.Certificate) + cert, ok := pubKey.(*ssh.Certificate) if !ok { return nil, errors.New("agent: bad ED25519 certificate") } @@ -248,7 +248,7 @@ func parseEd25519Cert(req []byte) (*AddedKey, error) { func parseECDSAKey(req []byte) (*AddedKey, error) { var k ecdsaKeyMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } @@ -262,16 +262,16 @@ func parseECDSAKey(req []byte) (*AddedKey, error) { func parseRSACert(req []byte) (*AddedKey, error) { var k rsaCertMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } - pubKey, err := xssh.ParsePublicKey(k.CertBytes) + pubKey, err := ssh.ParsePublicKey(k.CertBytes) if err != nil { return nil, err } - cert, ok := pubKey.(*xssh.Certificate) + cert, ok := pubKey.(*ssh.Certificate) if !ok { return nil, errors.New("agent: bad RSA certificate") } @@ -282,7 +282,7 @@ func parseRSACert(req []byte) (*AddedKey, error) { E *big.Int N *big.Int } - if err := xssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil { + if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil { return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err) } @@ -305,14 +305,14 @@ func parseRSACert(req []byte) (*AddedKey, error) { func parseDSACert(req []byte) (*AddedKey, error) { var k dsaCertMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } - pubKey, err := xssh.ParsePublicKey(k.CertBytes) + pubKey, err := ssh.ParsePublicKey(k.CertBytes) if err != nil { return nil, err } - cert, ok := pubKey.(*xssh.Certificate) + cert, ok := pubKey.(*ssh.Certificate) if !ok { return nil, errors.New("agent: bad DSA certificate") } @@ -322,7 +322,7 @@ func parseDSACert(req []byte) (*AddedKey, error) { Name string P, Q, G, Y *big.Int } - if err := xssh.Unmarshal(cert.Key.Marshal(), &w); err != nil { + if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil { return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err) } @@ -343,15 +343,15 @@ func parseDSACert(req []byte) (*AddedKey, error) { func parseECDSACert(req []byte) (*AddedKey, error) { var k ecdsaCertMsg - if err := xssh.Unmarshal(req, &k); err != nil { + if err := ssh.Unmarshal(req, &k); err != nil { return nil, err } - pubKey, err := xssh.ParsePublicKey(k.CertBytes) + pubKey, err := ssh.ParsePublicKey(k.CertBytes) if err != nil { return nil, err } - cert, ok := pubKey.(*xssh.Certificate) + cert, ok := pubKey.(*ssh.Certificate) if !ok { return nil, errors.New("agent: bad ECDSA certificate") } @@ -362,7 +362,7 @@ func parseECDSACert(req []byte) (*AddedKey, error) { ID string Key []byte } - if err := xssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil { + if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil { return nil, err } @@ -380,7 +380,7 @@ func (s *server) insertIdentity(req []byte) error { Rest []byte `ssh:"rest"` } - if err := xssh.Unmarshal(req, &record); err != nil { + if err := ssh.Unmarshal(req, &record); err != nil { return err } @@ -388,21 +388,21 @@ func (s *server) insertIdentity(req []byte) error { var err error switch record.Type { - case xssh.KeyAlgoRSA: + case ssh.KeyAlgoRSA: addedKey, err = parseRSAKey(req) - case xssh.KeyAlgoDSA: + case ssh.KeyAlgoDSA: addedKey, err = parseDSAKey(req) - case xssh.KeyAlgoECDSA256, xssh.KeyAlgoECDSA384, xssh.KeyAlgoECDSA521: + case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521: addedKey, err = parseECDSAKey(req) - case xssh.KeyAlgoED25519: + case ssh.KeyAlgoED25519: addedKey, err = parseEd25519Key(req) - case xssh.CertAlgoRSAv01: + case ssh.CertAlgoRSAv01: addedKey, err = parseRSACert(req) - case xssh.CertAlgoDSAv01: + case ssh.CertAlgoDSAv01: addedKey, err = parseDSACert(req) - case xssh.CertAlgoECDSA256v01, xssh.CertAlgoECDSA384v01, xssh.CertAlgoECDSA521v01: + case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01: addedKey, err = parseECDSACert(req) - case xssh.CertAlgoED25519v01: + case ssh.CertAlgoED25519v01: addedKey, err = parseEd25519Cert(req) default: return fmt.Errorf("agent: not implemented: %q", record.Type) diff --git a/lib/ssh/agent/server_test.go b/lib/ssh/agent/server_test.go index fa7aeb4..7259eef 100644 --- a/lib/ssh/agent/server_test.go +++ b/lib/ssh/agent/server_test.go @@ -10,7 +10,7 @@ import ( "fmt" "testing" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab2/lib/ssh" ) func TestServer(t *testing.T) { @@ -43,25 +43,25 @@ func TestSetupForwardAgent(t *testing.T) { _, socket, cleanup := startAgent(t) defer cleanup() - serverConf := xssh.ServerConfig{ + serverConf := ssh.ServerConfig{ NoClientAuth: true, } serverConf.AddHostKey(testSigners["rsa"]) - incoming := make(chan *xssh.ServerConn, 1) + incoming := make(chan *ssh.ServerConn, 1) go func() { - conn, _, _, err := xssh.NewServerConn(a, &serverConf) + conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf("Server: %v", err) } incoming <- conn }() - conf := xssh.ClientConfig{} - conn, chans, reqs, err := xssh.NewClientConn(b, "", &conf) + conf := ssh.ClientConfig{} + conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf) if err != nil { t.Fatalf("NewClientConn: %v", err) } - client := xssh.NewClient(conn, chans, reqs) + client := ssh.NewClient(conn, chans, reqs) if err := ForwardToRemote(client, socket); err != nil { t.Fatalf("SetupForwardAgent: %v", err) @@ -72,7 +72,7 @@ func TestSetupForwardAgent(t *testing.T) { if err != nil { t.Fatalf("OpenChannel(%q): %v", channelType, err) } - go xssh.DiscardRequests(reqs) + go ssh.DiscardRequests(reqs) agentClient := NewClient(ch) testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0) @@ -156,7 +156,7 @@ func TestKeyTypes(t *testing.T) { } } -func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error { +func addCertToAgentSock(key crypto.PrivateKey, cert *ssh.Certificate) error { a, b, err := netPipe() if err != nil { return err @@ -171,7 +171,7 @@ func addCertToAgentSock(key crypto.PrivateKey, cert *xssh.Certificate) error { return verifyKey(agentClient) } -func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error { +func addCertToAgent(key crypto.PrivateKey, cert *ssh.Certificate) error { sshAgent := NewKeyring() if err := sshAgent.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil { return fmt.Errorf("add: %v", err) @@ -181,15 +181,15 @@ func addCertToAgent(key crypto.PrivateKey, cert *xssh.Certificate) error { func TestCertTypes(t *testing.T) { for keyType, key := range testPublicKeys { - cert := &xssh.Certificate{ + cert := &ssh.Certificate{ ValidPrincipals: []string{"gopher1"}, ValidAfter: 0, - ValidBefore: xssh.CertTimeInfinity, + ValidBefore: ssh.CertTimeInfinity, Key: key, Serial: 1, - CertType: xssh.UserCert, + CertType: ssh.UserCert, SignatureKey: testPublicKeys["rsa"], - Permissions: xssh.Permissions{ + Permissions: ssh.Permissions{ CriticalOptions: map[string]string{}, Extensions: map[string]string{}, }, diff --git a/lib/ssh/agent/testdata_test.go b/lib/ssh/agent/testdata_test.go index 5240d61..16f2ef0 100644 --- a/lib/ssh/agent/testdata_test.go +++ b/lib/ssh/agent/testdata_test.go @@ -12,14 +12,14 @@ import ( "crypto/rand" "fmt" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/testdata" + "github.com/zmap/zgrab2/lib/ssh" + "github.com/zmap/zgrab2/lib/testdata" ) var ( testPrivateKeys map[string]interface{} - testSigners map[string]xssh.Signer - testPublicKeys map[string]xssh.PublicKey + testSigners map[string]ssh.Signer + testPublicKeys map[string]ssh.PublicKey ) func init() { @@ -27,14 +27,14 @@ func init() { n := len(testdata.PEMBytes) testPrivateKeys = make(map[string]interface{}, n) - testSigners = make(map[string]xssh.Signer, n) - testPublicKeys = make(map[string]xssh.PublicKey, n) + testSigners = make(map[string]ssh.Signer, n) + testPublicKeys = make(map[string]ssh.PublicKey, n) for t, k := range testdata.PEMBytes { - testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k) + testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k) if err != nil { panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err)) } - testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t]) + testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t]) if err != nil { panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err)) } @@ -42,22 +42,22 @@ func init() { } // Create a cert and sign it for use in tests. - testCert := &xssh.Certificate{ + testCert := &ssh.Certificate{ Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage ValidAfter: 0, // unix epoch - ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time. + ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time. Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil Key: testPublicKeys["ecdsa"], SignatureKey: testPublicKeys["rsa"], - Permissions: xssh.Permissions{ + Permissions: ssh.Permissions{ CriticalOptions: map[string]string{}, Extensions: map[string]string{}, }, } testCert.SignCert(rand.Reader, testSigners["rsa"]) testPrivateKeys["cert"] = testPrivateKeys["ecdsa"] - testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"]) + testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"]) if err != nil { panic(fmt.Sprintf("Unable to create certificate signer: %v", err)) } diff --git a/lib/ssh/benchmark_test.go b/lib/ssh/benchmark_test.go index 968115a..727a796 100644 --- a/lib/ssh/benchmark_test.go +++ b/lib/ssh/benchmark_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "errors" diff --git a/lib/ssh/buffer.go b/lib/ssh/buffer.go index 80d80ae..6931b51 100644 --- a/lib/ssh/buffer.go +++ b/lib/ssh/buffer.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "io" diff --git a/lib/ssh/buffer_test.go b/lib/ssh/buffer_test.go index c474559..d5781cb 100644 --- a/lib/ssh/buffer_test.go +++ b/lib/ssh/buffer_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "io" diff --git a/lib/ssh/certs.go b/lib/ssh/certs.go index b192b61..54c9d7f 100644 --- a/lib/ssh/certs.go +++ b/lib/ssh/certs.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/certs_test.go b/lib/ssh/certs_test.go index a5219f4..c5f2e53 100644 --- a/lib/ssh/certs_test.go +++ b/lib/ssh/certs_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/channel.go b/lib/ssh/channel.go index a9db6f2..6d709b5 100644 --- a/lib/ssh/channel.go +++ b/lib/ssh/channel.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "encoding/binary" diff --git a/lib/ssh/cipher.go b/lib/ssh/cipher.go index dd023ab..34d3917 100644 --- a/lib/ssh/cipher.go +++ b/lib/ssh/cipher.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "crypto/aes" diff --git a/lib/ssh/cipher_test.go b/lib/ssh/cipher_test.go index 26eee25..e4bb1d9 100644 --- a/lib/ssh/cipher_test.go +++ b/lib/ssh/cipher_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/client.go b/lib/ssh/client.go index 4a8e1b6..24ebd16 100644 --- a/lib/ssh/client.go +++ b/lib/ssh/client.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "errors" @@ -116,7 +116,7 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e } } } - if pkgConfig.Verbose { + if config.Verbose { if config.ConnLog != nil { //config.ConnLog.ClientIDString = string(c.clientVersion) } diff --git a/lib/ssh/client_auth.go b/lib/ssh/client_auth.go index 9caf3c4..da97538 100644 --- a/lib/ssh/client_auth.go +++ b/lib/ssh/client_auth.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/client_auth_test.go b/lib/ssh/client_auth_test.go index 1f98c5f..1409276 100644 --- a/lib/ssh/client_auth_test.go +++ b/lib/ssh/client_auth_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/client_test.go b/lib/ssh/client_test.go index 830f4f6..1fe790c 100644 --- a/lib/ssh/client_test.go +++ b/lib/ssh/client_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "net" diff --git a/lib/ssh/common.go b/lib/ssh/common.go index 67ebb3a..66e483a 100644 --- a/lib/ssh/common.go +++ b/lib/ssh/common.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "crypto" diff --git a/lib/ssh/config.go b/lib/ssh/config.go index 7798913..7f9b7e2 100644 --- a/lib/ssh/config.go +++ b/lib/ssh/config.go @@ -1,4 +1,4 @@ -package xssh +package ssh func MakeXSSHConfig() *ClientConfig { ret := new(ClientConfig) diff --git a/lib/ssh/connection.go b/lib/ssh/connection.go index f01f70c..e786f2f 100644 --- a/lib/ssh/connection.go +++ b/lib/ssh/connection.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "fmt" diff --git a/lib/ssh/doc.go b/lib/ssh/doc.go index 4bbc826..a5ff8af 100644 --- a/lib/ssh/doc.go +++ b/lib/ssh/doc.go @@ -15,4 +15,4 @@ References: [PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD [SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1 */ -package xssh // import "github.com/zmap/zgrab/ztools/xssh" +package ssh diff --git a/lib/ssh/example_test.go b/lib/ssh/example_test.go index 2b4563a..6f02d61 100644 --- a/lib/ssh/example_test.go +++ b/lib/ssh/example_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh_test +package ssh_test import ( "bytes" @@ -12,8 +12,8 @@ import ( "net" "net/http" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/terminal" + "github.com/zmap/zgrab2/lib/ssh" + "github.com/zmap/zgrab2/lib/terminal" ) func ExampleNewServerConn() { @@ -27,7 +27,7 @@ func ExampleNewServerConn() { authorizedKeysMap := map[string]bool{} for len(authorizedKeysBytes) > 0 { - pubKey, _, _, rest, err := xssh.ParseAuthorizedKey(authorizedKeysBytes) + pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes) if err != nil { log.Fatal(err) } @@ -38,9 +38,9 @@ func ExampleNewServerConn() { // An SSH server is represented by a ServerConfig, which holds // certificate details and handles authentication of ServerConns. - config := &xssh.ServerConfig{ + config := &ssh.ServerConfig{ // Remove to disable password auth. - PasswordCallback: func(c xssh.ConnMetadata, pass []byte) (*xssh.Permissions, error) { + PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) { // Should use constant-time compare (or better, salt+hash) in // a production setting. if c.User() == "testuser" && string(pass) == "tiger" { @@ -50,7 +50,7 @@ func ExampleNewServerConn() { }, // Remove to disable public key auth. - PublicKeyCallback: func(c xssh.ConnMetadata, pubKey xssh.PublicKey) (*xssh.Permissions, error) { + PublicKeyCallback: func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) { if authorizedKeysMap[string(pubKey.Marshal())] { return nil, nil } @@ -63,7 +63,7 @@ func ExampleNewServerConn() { log.Fatal("Failed to load private key: ", err) } - private, err := xssh.ParsePrivateKey(privateBytes) + private, err := ssh.ParsePrivateKey(privateBytes) if err != nil { log.Fatal("Failed to parse private key: ", err) } @@ -83,12 +83,12 @@ func ExampleNewServerConn() { // Before use, a handshake must be performed on the incoming // net.Conn. - _, chans, reqs, err := xssh.NewServerConn(nConn, config) + _, chans, reqs, err := ssh.NewServerConn(nConn, config) if err != nil { log.Fatal("failed to handshake: ", err) } // The incoming Request channel must be serviced. - go xssh.DiscardRequests(reqs) + go ssh.DiscardRequests(reqs) // Service the incoming Channel channel. @@ -99,7 +99,7 @@ func ExampleNewServerConn() { // "session" and ServerShell may be used to present a simple // terminal interface. if newChannel.ChannelType() != "session" { - newChannel.Reject(xssh.UnknownChannelType, "unknown channel type") + newChannel.Reject(ssh.UnknownChannelType, "unknown channel type") continue } channel, requests, err := newChannel.Accept() @@ -110,7 +110,7 @@ func ExampleNewServerConn() { // Sessions have out-of-band requests such as "shell", // "pty-req" and "env". Here we handle only the // "shell" request. - go func(in <-chan *xssh.Request) { + go func(in <-chan *ssh.Request) { for req := range in { req.Reply(req.Type == "shell", nil) } @@ -136,13 +136,13 @@ func ExampleDial() { // // To authenticate with the remote server you must pass at least one // implementation of AuthMethod via the Auth field in ClientConfig. - config := &xssh.ClientConfig{ + config := &ssh.ClientConfig{ User: "username", - Auth: []xssh.AuthMethod{ - xssh.Password("yourpassword"), + Auth: []ssh.AuthMethod{ + ssh.Password("yourpassword"), }, } - client, err := xssh.Dial("tcp", "yourserver.com:22", config) + client, err := ssh.Dial("tcp", "yourserver.com:22", config) if err != nil { log.Fatal("Failed to dial: ", err) } @@ -177,21 +177,21 @@ func ExamplePublicKeys() { } // Create the Signer for this private key. - signer, err := xssh.ParsePrivateKey(key) + signer, err := ssh.ParsePrivateKey(key) if err != nil { log.Fatalf("unable to parse private key: %v", err) } - config := &xssh.ClientConfig{ + config := &ssh.ClientConfig{ User: "user", - Auth: []xssh.AuthMethod{ + Auth: []ssh.AuthMethod{ // Use the PublicKeys method for remote authentication. - xssh.PublicKeys(signer), + ssh.PublicKeys(signer), }, } // Connect to the remote server and perform the SSH handshake. - client, err := xssh.Dial("tcp", "host.com:22", config) + client, err := ssh.Dial("tcp", "host.com:22", config) if err != nil { log.Fatalf("unable to connect: %v", err) } @@ -199,14 +199,14 @@ func ExamplePublicKeys() { } func ExampleClient_Listen() { - config := &xssh.ClientConfig{ + config := &ssh.ClientConfig{ User: "username", - Auth: []xssh.AuthMethod{ - xssh.Password("password"), + Auth: []ssh.AuthMethod{ + ssh.Password("password"), }, } - // Dial your xssh server. - conn, err := xssh.Dial("tcp", "localhost:22", config) + // Dial your ssh server. + conn, err := ssh.Dial("tcp", "localhost:22", config) if err != nil { log.Fatal("unable to connect: ", err) } @@ -227,14 +227,14 @@ func ExampleClient_Listen() { func ExampleSession_RequestPty() { // Create client config - config := &xssh.ClientConfig{ + config := &ssh.ClientConfig{ User: "username", - Auth: []xssh.AuthMethod{ - xssh.Password("password"), + Auth: []ssh.AuthMethod{ + ssh.Password("password"), }, } - // Connect to xssh server - conn, err := xssh.Dial("tcp", "localhost:22", config) + // Connect to ssh server + conn, err := ssh.Dial("tcp", "localhost:22", config) if err != nil { log.Fatal("unable to connect: ", err) } @@ -246,10 +246,10 @@ func ExampleSession_RequestPty() { } defer session.Close() // Set up terminal modes - modes := xssh.TerminalModes{ - xssh.ECHO: 0, // disable echoing - xssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud - xssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud + modes := ssh.TerminalModes{ + ssh.ECHO: 0, // disable echoing + ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud + ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud } // Request pseudo terminal if err := session.RequestPty("xterm", 40, 80, modes); err != nil { diff --git a/lib/ssh/flag.go b/lib/ssh/flag.go deleted file mode 100644 index 61c9829..0000000 --- a/lib/ssh/flag.go +++ /dev/null @@ -1,157 +0,0 @@ -package xssh - -import ( - "errors" - "flag" - "fmt" - "strings" -) - -var pkgConfig XSSHConfig - -type XSSHConfig struct { - ClientID string - HostKeyAlgorithms HostKeyAlgorithmsList - KexAlgorithms KexAlgorithmsList - Verbose bool - CollectUserAuth bool - Ciphers CipherList - GexMinBits uint - GexMaxBits uint - GexPreferredBits uint -} - -type HostKeyAlgorithmsList struct { - Algorithms []string -} - -func (hkaList *HostKeyAlgorithmsList) String() string { - return strings.Join(hkaList.Algorithms, ",") -} - -func (hkaList *HostKeyAlgorithmsList) Set(value string) error { - for _, alg := range strings.Split(value, ",") { - isValid := false - for _, val := range supportedHostKeyAlgos { - if val == alg { - isValid = true - break - } - } - - if !isValid { - return errors.New(fmt.Sprintf(`host key algorithm not supported: "%s"`, alg)) - } - - hkaList.Algorithms = append(hkaList.Algorithms, alg) - } - return nil -} - -func (hkaList *HostKeyAlgorithmsList) Get() []string { - if len(hkaList.Algorithms) == 0 { - return supportedHostKeyAlgos - } else { - return hkaList.Algorithms - } -} - -type KexAlgorithmsList struct { - Algorithms []string -} - -func (kaList *KexAlgorithmsList) String() string { - return strings.Join(kaList.Algorithms, ",") -} - -func (kaList *KexAlgorithmsList) Set(value string) error { - for _, alg := range strings.Split(value, ",") { - isValid := false - for _, val := range allSupportedKexAlgos { - if val == alg { - isValid = true - break - } - } - - if !isValid { - return errors.New(fmt.Sprintf(`DH KEX algorithm not supported: "%s"`, alg)) - } - - kaList.Algorithms = append(kaList.Algorithms, alg) - } - return nil -} - -func (kaList *KexAlgorithmsList) Get() []string { - if len(kaList.Algorithms) == 0 { - return defaultKexAlgos - } else { - return kaList.Algorithms - } -} - -type CipherList struct { - Ciphers []string -} - -func (cList *CipherList) String() string { - return strings.Join(cList.Ciphers, ",") -} - -func (cList *CipherList) Set(value string) error { - for _, inCipher := range strings.Split(value, ",") { - isValid := false - for _, knownCipher := range allSupportedCiphers { - if inCipher == knownCipher { - isValid = true - break - } - } - - if !isValid { - return errors.New(fmt.Sprintf(`cipher not supported: "%s"`, inCipher)) - } - - cList.Ciphers = append(cList.Ciphers, inCipher) - } - - return nil -} - -func (cList *CipherList) Get() []string { - if len(cList.Ciphers) == 0 { - return defaultCiphers - } else { - return cList.Ciphers - } -} - -func init() { - flag.StringVar(&pkgConfig.ClientID, "xssh-client-id", packageVersion, "Specify the client ID string to use") - - hostKeyAlgUsage := fmt.Sprintf( - "A comma-separated list of which host key algorithms to offer (default \"%s\")", - strings.Join(supportedHostKeyAlgos, ","), - ) - flag.Var(&pkgConfig.HostKeyAlgorithms, "xssh-host-key-algorithms", hostKeyAlgUsage) - - kexAlgUsage := fmt.Sprintf( - "A comma-separated list of which DH key exchange algorithms to offer (default \"%s\")", - strings.Join(defaultKexAlgos, ","), - ) - flag.Var(&pkgConfig.KexAlgorithms, "xssh-kex-algorithms", kexAlgUsage) - - ciphersUsage := fmt.Sprintf( - `A comma-separated list of which ciphers to offer (default "%s")`, - strings.Join(defaultCiphers, ",")) - flag.Var(&pkgConfig.Ciphers, "xssh-ciphers", ciphersUsage) - - flag.BoolVar(&pkgConfig.Verbose, "xssh-verbose", false, "Output additional information, including X/SSH client properties from the SSH handshake.") - - flag.BoolVar(&pkgConfig.CollectUserAuth, "xssh-userauth", false, "Use the 'none' authentication request to see what userauth methods are allowed.") - - flag.UintVar(&pkgConfig.GexMinBits, "xssh-gex-min-bits", 1024, "The minimum number of bits for the DH GEX prime.") - flag.UintVar(&pkgConfig.GexMaxBits, "xssh-gex-max-bits", 8192, "The maximum number of bits for the DH GEX prime.") - flag.UintVar(&pkgConfig.GexPreferredBits, "xssh-gex-preferred-bits", 2048, "The preferred number of bits for the DH GEX prime.") -} diff --git a/lib/ssh/handshake.go b/lib/ssh/handshake.go index 5f0e6c2..109abb3 100644 --- a/lib/ssh/handshake.go +++ b/lib/ssh/handshake.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "crypto/rand" diff --git a/lib/ssh/handshake_test.go b/lib/ssh/handshake_test.go index 41603b9..da53d3a 100644 --- a/lib/ssh/handshake_test.go +++ b/lib/ssh/handshake_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/kex.go b/lib/ssh/kex.go index 3b36802..213df4d 100644 --- a/lib/ssh/kex.go +++ b/lib/ssh/kex.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "crypto" @@ -205,7 +205,7 @@ func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, return new(big.Int).Exp(theirPublic, myPrivate, group.p), nil } -func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { +func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics, config *Config) (*kexResult, error) { group.JsonLog.Parameters = new(ztoolsKeys.DHParams) hashFunc := crypto.SHA1 @@ -220,13 +220,13 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha } } - if pkgConfig.Verbose { + if config.Verbose { group.JsonLog.Parameters.ClientPrivate = x } X := new(big.Int).Exp(group.g, x, group.p) - if pkgConfig.Verbose { + if config.Verbose { group.JsonLog.Parameters.ClientPublic = X } diff --git a/lib/ssh/kex_gex.go b/lib/ssh/kex_gex.go index b2b6c57..a3af2ed 100644 --- a/lib/ssh/kex_gex.go +++ b/lib/ssh/kex_gex.go @@ -1,4 +1,4 @@ -package xssh +package ssh import ( "crypto" diff --git a/lib/ssh/kex_test.go b/lib/ssh/kex_test.go index 61d41f0..12ca0ac 100644 --- a/lib/ssh/kex_test.go +++ b/lib/ssh/kex_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh // Key exchange tests. diff --git a/lib/ssh/keys.go b/lib/ssh/keys.go index bb86255..76f3161 100644 --- a/lib/ssh/keys.go +++ b/lib/ssh/keys.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" @@ -347,7 +347,7 @@ func parseRSA(in []byte) (out PublicKey, rest []byte, err error) { func (r *rsaPublicKey) Marshal() []byte { e := new(big.Int).SetInt64(int64(r.E)) // RSA publickey struct layout should match the struct used by - // parseRSACert in the github.com/zmap/zgrab/ztools/xssh/agent package. + // parseRSACert in the github.com/zmap/zgrab2/lib/agent package. wirekey := struct { Name string E *big.Int @@ -409,7 +409,7 @@ func parseDSA(in []byte) (out PublicKey, rest []byte, err error) { func (k *dsaPublicKey) Marshal() []byte { // DSA publickey struct layout should match the struct used by - // parseDSACert in the x/github.com/zmap/zgrab/ztools/xssh/agent package. + // parseDSACert in the x/github.com/zmap/zgrab2/lib/agent package. w := struct { Name string P, Q, G, Y *big.Int @@ -615,7 +615,7 @@ func (key *ecdsaPublicKey) Marshal() []byte { // See RFC 5656, section 3.1. keyBytes := elliptic.Marshal(key.Curve, key.X, key.Y) // ECDSA publickey struct layout should match the struct used by - // parseECDSACert in the github.com/zmap/zgrab/ztools/xssh/agent package. + // parseECDSACert in the github.com/zmap/zgrab2/lib/agent package. w := struct { Name string ID string diff --git a/lib/ssh/keys_test.go b/lib/ssh/keys_test.go index 4006553..ed0058d 100644 --- a/lib/ssh/keys_test.go +++ b/lib/ssh/keys_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" @@ -17,7 +17,7 @@ import ( "strings" "testing" - "github.com/zmap/zgrab/ztools/xssh/testdata" + "github.com/zmap/zgrab2/lib/testdata" "golang.org/x/crypto/ed25519" ) diff --git a/lib/ssh/log.go b/lib/ssh/log.go index 163f607..cac3e50 100644 --- a/lib/ssh/log.go +++ b/lib/ssh/log.go @@ -12,7 +12,7 @@ * permissions and limitations under the License. */ -package xssh +package ssh // HandshakeLog contains detailed information about each step of the // SSH handshake, and can be encoded to JSON. diff --git a/lib/ssh/mac.go b/lib/ssh/mac.go index d037bf2..07744ad 100644 --- a/lib/ssh/mac.go +++ b/lib/ssh/mac.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh // Message authentication support diff --git a/lib/ssh/mempipe_test.go b/lib/ssh/mempipe_test.go index 3c44a89..8697cd6 100644 --- a/lib/ssh/mempipe_test.go +++ b/lib/ssh/mempipe_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "io" diff --git a/lib/ssh/messages.go b/lib/ssh/messages.go index 98ddd31..5e6ca06 100644 --- a/lib/ssh/messages.go +++ b/lib/ssh/messages.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/messages_test.go b/lib/ssh/messages_test.go index c6ac051..e790764 100644 --- a/lib/ssh/messages_test.go +++ b/lib/ssh/messages_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/mux.go b/lib/ssh/mux.go index b00e1d9..f3a3ddd 100644 --- a/lib/ssh/mux.go +++ b/lib/ssh/mux.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "encoding/binary" diff --git a/lib/ssh/mux_test.go b/lib/ssh/mux_test.go index c8164ac..591aae8 100644 --- a/lib/ssh/mux_test.go +++ b/lib/ssh/mux_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "io" diff --git a/lib/ssh/server.go b/lib/ssh/server.go index 4f98e7f..6f84932 100644 --- a/lib/ssh/server.go +++ b/lib/ssh/server.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/lib/ssh/session.go b/lib/ssh/session.go index 5a9ec18..8c74474 100644 --- a/lib/ssh/session.go +++ b/lib/ssh/session.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh // Session implements an interactive session described in // "RFC 4254, section 6". diff --git a/lib/ssh/session_test.go b/lib/ssh/session_test.go index 62cb64a..8d37176 100644 --- a/lib/ssh/session_test.go +++ b/lib/ssh/session_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh // Session tests. @@ -16,7 +16,7 @@ import ( "net" "testing" - "github.com/zmap/zgrab/ztools/xssh/terminal" + "github.com/zmap/zgrab2/lib/terminal" ) type serverType func(Channel, <-chan *Request, *testing.T) diff --git a/lib/ssh/tcpip.go b/lib/ssh/tcpip.go index 514c735..6151241 100644 --- a/lib/ssh/tcpip.go +++ b/lib/ssh/tcpip.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "errors" diff --git a/lib/ssh/tcpip_test.go b/lib/ssh/tcpip_test.go index 5879f1d..f1265cb 100644 --- a/lib/ssh/tcpip_test.go +++ b/lib/ssh/tcpip_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "testing" diff --git a/lib/ssh/terminal/util.go b/lib/ssh/terminal/util.go index c162b8b..2344cc6 100644 --- a/lib/ssh/terminal/util.go +++ b/lib/ssh/terminal/util.go @@ -14,7 +14,7 @@ // panic(err) // } // defer terminal.Restore(0, oldState) -package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal" +package terminal // import "github.com/zmap/zgrab2/lib/terminal" import ( "io" diff --git a/lib/ssh/terminal/util_solaris.go b/lib/ssh/terminal/util_solaris.go index 431cafe..8d2dfdc 100644 --- a/lib/ssh/terminal/util_solaris.go +++ b/lib/ssh/terminal/util_solaris.go @@ -4,7 +4,7 @@ // +build solaris -package terminal // import "github.com/zmap/zgrab/ztools/xssh/terminal" +package terminal // import "github.com/zmap/zgrab2/lib/terminal" import ( "golang.org/x/sys/unix" diff --git a/lib/ssh/test/agent_unix_test.go b/lib/ssh/test/agent_unix_test.go index 716bfa3..7f2cc45 100644 --- a/lib/ssh/test/agent_unix_test.go +++ b/lib/ssh/test/agent_unix_test.go @@ -10,8 +10,8 @@ import ( "bytes" "testing" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/agent" + "github.com/zmap/zgrab/ztools/ssh" + "github.com/zmap/zgrab/ztools/ssh/agent" ) func DISABLED_TestAgentForward(t *testing.T) { @@ -48,12 +48,12 @@ func DISABLED_TestAgentForward(t *testing.T) { if err != nil { t.Fatalf("running ssh-add: %v, out %s", err, out) } - key, _, _, _, err := xssh.ParseAuthorizedKey(out) + key, _, _, _, err := ssh.ParseAuthorizedKey(out) if err != nil { t.Fatalf("ParseAuthorizedKey(%q): %v", out, err) } if !bytes.Equal(key.Marshal(), pub.Marshal()) { - t.Fatalf("got key %s, want %s", xssh.MarshalAuthorizedKey(key), xssh.MarshalAuthorizedKey(pub)) + t.Fatalf("got key %s, want %s", ssh.MarshalAuthorizedKey(key), ssh.MarshalAuthorizedKey(pub)) } } diff --git a/lib/ssh/test/cert_test.go b/lib/ssh/test/cert_test.go index d1f5aaf..ae758a5 100644 --- a/lib/ssh/test/cert_test.go +++ b/lib/ssh/test/cert_test.go @@ -10,7 +10,7 @@ import ( "crypto/rand" "testing" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab/ztools/ssh" ) func DISABLED_TestCertLogin(t *testing.T) { @@ -20,25 +20,25 @@ func DISABLED_TestCertLogin(t *testing.T) { // Use a key different from the default. clientKey := testSigners["dsa"] caAuthKey := testSigners["ecdsa"] - cert := &xssh.Certificate{ + cert := &ssh.Certificate{ Key: clientKey.PublicKey(), ValidPrincipals: []string{username()}, - CertType: xssh.UserCert, - ValidBefore: xssh.CertTimeInfinity, + CertType: ssh.UserCert, + ValidBefore: ssh.CertTimeInfinity, } if err := cert.SignCert(rand.Reader, caAuthKey); err != nil { t.Fatalf("SetSignature: %v", err) } - certSigner, err := xssh.NewCertSigner(cert, clientKey) + certSigner, err := ssh.NewCertSigner(cert, clientKey) if err != nil { t.Fatalf("NewCertSigner: %v", err) } - conf := &xssh.ClientConfig{ + conf := &ssh.ClientConfig{ User: username(), } - conf.Auth = append(conf.Auth, xssh.PublicKeys(certSigner)) + conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner)) client, err := s.TryDial(conf) if err != nil { t.Fatalf("TryDial: %v", err) diff --git a/lib/ssh/test/doc.go b/lib/ssh/test/doc.go index 5693273..be19782 100644 --- a/lib/ssh/test/doc.go +++ b/lib/ssh/test/doc.go @@ -3,5 +3,5 @@ // license that can be found in the LICENSE file. // This package contains integration tests for the -// github.com/zmap/zgrab/ztools/xssh. -package test // import "github.com/zmap/zgrab/ztools/xssh/test" +// github.com/zmap/zgrab/ztools/ssh. +package test // import "github.com/zmap/zgrab/ztools/ssh/test" diff --git a/lib/ssh/test/session_test.go b/lib/ssh/test/session_test.go index d80ec2a..5f2492d 100644 --- a/lib/ssh/test/session_test.go +++ b/lib/ssh/test/session_test.go @@ -15,7 +15,7 @@ import ( "strings" "testing" - "github.com/zmap/zgrab/ztools/xssh" + "github.com/zmap/zgrab/ztools/ssh" ) func DISABLED_TestRunCommandSuccess(t *testing.T) { @@ -44,9 +44,9 @@ func DISABLED_TestHostKeyCheck(t *testing.T) { conf.HostKeyCallback = hostDB.Check // change the keys. - hostDB.keys[xssh.KeyAlgoRSA][25]++ - hostDB.keys[xssh.KeyAlgoDSA][25]++ - hostDB.keys[xssh.KeyAlgoECDSA256][25]++ + hostDB.keys[ssh.KeyAlgoRSA][25]++ + hostDB.keys[ssh.KeyAlgoDSA][25]++ + hostDB.keys[ssh.KeyAlgoECDSA256][25]++ conn, err := server.TryDial(conf) if err == nil { @@ -227,7 +227,7 @@ func DISABLED_TestInvalidTerminalMode(t *testing.T) { } defer session.Close() - if err = session.RequestPty("vt100", 80, 40, xssh.TerminalModes{255: 1984}); err == nil { + if err = session.RequestPty("vt100", 80, 40, ssh.TerminalModes{255: 1984}); err == nil { t.Fatalf("req-pty failed: successful request with invalid mode") } } @@ -254,7 +254,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) { t.Fatalf("unable to acquire stdin pipe: %s", err) } - tm := xssh.TerminalModes{xssh.ECHO: 0} + tm := ssh.TerminalModes{ssh.ECHO: 0} if err = session.RequestPty("xterm", 80, 40, tm); err != nil { t.Fatalf("req-pty failed: %s", err) } @@ -277,7 +277,7 @@ func DISABLED_TestValidTerminalMode(t *testing.T) { } func DISABLED_TestCiphers(t *testing.T) { - var config xssh.Config + var config ssh.Config config.SetDefaults() cipherOrder := config.Ciphers // These ciphers will not be tested when commented out in cipher.go it will @@ -301,7 +301,7 @@ func DISABLED_TestCiphers(t *testing.T) { } func DISABLED_TestMACs(t *testing.T) { - var config xssh.Config + var config ssh.Config config.SetDefaults() macOrder := config.MACs @@ -321,7 +321,7 @@ func DISABLED_TestMACs(t *testing.T) { } func DISABLED_TestKeyExchanges(t *testing.T) { - var config xssh.Config + var config ssh.Config config.SetDefaults() kexOrder := config.KeyExchanges for _, kex := range kexOrder { @@ -349,8 +349,8 @@ func DISABLED_TestClientAuthAlgorithms(t *testing.T) { server := newServer(t) conf := clientConfig() conf.SetDefaults() - conf.Auth = []xssh.AuthMethod{ - xssh.PublicKeys(testSigners[key]), + conf.Auth = []ssh.AuthMethod{ + ssh.PublicKeys(testSigners[key]), } conn, err := server.TryDial(conf) diff --git a/lib/ssh/test/test_unix_test.go b/lib/ssh/test/test_unix_test.go index eae841a..784af2d 100644 --- a/lib/ssh/test/test_unix_test.go +++ b/lib/ssh/test/test_unix_test.go @@ -21,8 +21,8 @@ import ( "testing" "text/template" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/testdata" + "github.com/zmap/zgrab/ztools/ssh" + "github.com/zmap/zgrab/ztools/ssh/testdata" ) const sshd_config = ` @@ -87,14 +87,14 @@ type storedHostKey struct { checkCount int } -func (k *storedHostKey) Add(key xssh.PublicKey) { +func (k *storedHostKey) Add(key ssh.PublicKey) { if k.keys == nil { k.keys = map[string][]byte{} } k.keys[key.Type()] = key.Marshal() } -func (k *storedHostKey) Check(addr string, remote net.Addr, key xssh.PublicKey) error { +func (k *storedHostKey) Check(addr string, remote net.Addr, key ssh.PublicKey) error { k.checkCount++ algo := key.Type() @@ -112,11 +112,11 @@ func hostKeyDB() *storedHostKey { return keyChecker } -func clientConfig() *xssh.ClientConfig { - config := &xssh.ClientConfig{ +func clientConfig() *ssh.ClientConfig { + config := &ssh.ClientConfig{ User: username(), - Auth: []xssh.AuthMethod{ - xssh.PublicKeys(testSigners["user"]), + Auth: []ssh.AuthMethod{ + ssh.PublicKeys(testSigners["user"]), }, HostKeyCallback: hostKeyDB().Check, } @@ -153,7 +153,7 @@ func unixConnection() (*net.UnixConn, *net.UnixConn, error) { return c1.(*net.UnixConn), c2.(*net.UnixConn), nil } -func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) { +func (s *server) TryDial(config *ssh.ClientConfig) (*ssh.Client, error) { sshd, err := exec.LookPath("sshd") if err != nil { s.t.Skipf("skipping test: %v", err) @@ -179,19 +179,19 @@ func (s *server) TryDial(config *xssh.ClientConfig) (*xssh.Client, error) { s.t.Fatalf("s.cmd.Start: %v", err) } s.clientConn = c1 - conn, chans, reqs, err := xssh.NewClientConn(c1, "", config) + conn, chans, reqs, err := ssh.NewClientConn(c1, "", config) if err != nil { return nil, err } - return xssh.NewClient(conn, chans, reqs), nil + return ssh.NewClient(conn, chans, reqs), nil } -func (s *server) Dial(config *xssh.ClientConfig) *xssh.Client { +func (s *server) Dial(config *ssh.ClientConfig) *ssh.Client { conn, err := s.TryDial(config) if err != nil { s.t.Fail() s.Shutdown() - s.t.Fatalf("xssh.Client: %v", err) + s.t.Fatalf("ssh.Client: %v", err) } return conn } @@ -247,12 +247,12 @@ func newServer(t *testing.T) *server { for k, v := range testdata.PEMBytes { filename := "id_" + k writeFile(filepath.Join(dir, filename), v) - writeFile(filepath.Join(dir, filename+".pub"), xssh.MarshalAuthorizedKey(testPublicKeys[k])) + writeFile(filepath.Join(dir, filename+".pub"), ssh.MarshalAuthorizedKey(testPublicKeys[k])) } var authkeys bytes.Buffer for k := range testdata.PEMBytes { - authkeys.Write(xssh.MarshalAuthorizedKey(testPublicKeys[k])) + authkeys.Write(ssh.MarshalAuthorizedKey(testPublicKeys[k])) } writeFile(filepath.Join(dir, "authorized_keys"), authkeys.Bytes()) diff --git a/lib/ssh/test/testdata_test.go b/lib/ssh/test/testdata_test.go index cdf93b7..ef52dea 100644 --- a/lib/ssh/test/testdata_test.go +++ b/lib/ssh/test/testdata_test.go @@ -12,14 +12,14 @@ import ( "crypto/rand" "fmt" - "github.com/zmap/zgrab/ztools/xssh" - "github.com/zmap/zgrab/ztools/xssh/testdata" + "github.com/zmap/zgrab/ztools/ssh" + "github.com/zmap/zgrab/ztools/ssh/testdata" ) var ( testPrivateKeys map[string]interface{} - testSigners map[string]xssh.Signer - testPublicKeys map[string]xssh.PublicKey + testSigners map[string]ssh.Signer + testPublicKeys map[string]ssh.PublicKey ) func init() { @@ -27,14 +27,14 @@ func init() { n := len(testdata.PEMBytes) testPrivateKeys = make(map[string]interface{}, n) - testSigners = make(map[string]xssh.Signer, n) - testPublicKeys = make(map[string]xssh.PublicKey, n) + testSigners = make(map[string]ssh.Signer, n) + testPublicKeys = make(map[string]ssh.PublicKey, n) for t, k := range testdata.PEMBytes { - testPrivateKeys[t], err = xssh.ParseRawPrivateKey(k) + testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k) if err != nil { panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err)) } - testSigners[t], err = xssh.NewSignerFromKey(testPrivateKeys[t]) + testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t]) if err != nil { panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err)) } @@ -42,22 +42,22 @@ func init() { } // Create a cert and sign it for use in tests. - testCert := &xssh.Certificate{ + testCert := &ssh.Certificate{ Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage ValidAfter: 0, // unix epoch - ValidBefore: xssh.CertTimeInfinity, // The end of currently representable time. + ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time. Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil Key: testPublicKeys["ecdsa"], SignatureKey: testPublicKeys["rsa"], - Permissions: xssh.Permissions{ + Permissions: ssh.Permissions{ CriticalOptions: map[string]string{}, Extensions: map[string]string{}, }, } testCert.SignCert(rand.Reader, testSigners["rsa"]) testPrivateKeys["cert"] = testPrivateKeys["ecdsa"] - testSigners["cert"], err = xssh.NewCertSigner(testCert, testSigners["ecdsa"]) + testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"]) if err != nil { panic(fmt.Sprintf("Unable to create certificate signer: %v", err)) } diff --git a/lib/ssh/testdata/doc.go b/lib/ssh/testdata/doc.go index 163c448..c946f21 100644 --- a/lib/ssh/testdata/doc.go +++ b/lib/ssh/testdata/doc.go @@ -3,6 +3,6 @@ // license that can be found in the LICENSE file. // This package contains test data shared between the various subpackages of -// the github.com/zmap/zgrab/ztools/xssh package. Under no circumstance should +// the github.com/zmap/zgrab2/lib package. Under no circumstance should // this data be used for production code. -package testdata // import "github.com/zmap/zgrab/ztools/xssh/testdata" +package testdata // import "github.com/zmap/zgrab2/lib/testdata" diff --git a/lib/ssh/testdata_test.go b/lib/ssh/testdata_test.go index e0fded6..3cc3273 100644 --- a/lib/ssh/testdata_test.go +++ b/lib/ssh/testdata_test.go @@ -6,13 +6,13 @@ // ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three // instances. -package xssh +package ssh import ( "crypto/rand" "fmt" - "github.com/zmap/zgrab/ztools/xssh/testdata" + "github.com/zmap/zgrab2/lib/testdata" ) var ( diff --git a/lib/ssh/transport.go b/lib/ssh/transport.go index a1c0851..62fba62 100644 --- a/lib/ssh/transport.go +++ b/lib/ssh/transport.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bufio" diff --git a/lib/ssh/transport_test.go b/lib/ssh/transport_test.go index d77703f..92d83ab 100644 --- a/lib/ssh/transport_test.go +++ b/lib/ssh/transport_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package xssh +package ssh import ( "bytes" diff --git a/tools/keys/dhe.go b/tools/keys/dhe.go new file mode 100644 index 0000000..499ae68 --- /dev/null +++ b/tools/keys/dhe.go @@ -0,0 +1,130 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "encoding/json" + "math/big" +) + +// DHParams can be used to store finite-field Diffie-Hellman parameters. At any +// point in time, it is unlikely that both OurPrivate and TheirPrivate will be +// non-nil. +type DHParams struct { + Prime *big.Int + Generator *big.Int + ServerPublic *big.Int + ServerPrivate *big.Int + ClientPublic *big.Int + ClientPrivate *big.Int + SessionKey *big.Int +} + +type auxDHParams struct { + Prime *cryptoParameter `json:"prime"` + Generator *cryptoParameter `json:"generator"` + ServerPublic *cryptoParameter `json:"server_public,omitempty"` + ServerPrivate *cryptoParameter `json:"server_private,omitempty"` + ClientPublic *cryptoParameter `json:"client_public,omitempty"` + ClientPrivate *cryptoParameter `json:"client_private,omitempty"` + SessionKey *cryptoParameter `json:"session_key,omitempty"` +} + +// MarshalJSON implements the json.Marshal interface +func (p *DHParams) MarshalJSON() ([]byte, error) { + aux := auxDHParams{ + Prime: &cryptoParameter{Int: p.Prime}, + Generator: &cryptoParameter{Int: p.Generator}, + } + if p.ServerPublic != nil { + aux.ServerPublic = &cryptoParameter{Int: p.ServerPublic} + } + if p.ServerPrivate != nil { + aux.ServerPrivate = &cryptoParameter{Int: p.ServerPrivate} + } + if p.ClientPublic != nil { + aux.ClientPublic = &cryptoParameter{Int: p.ClientPublic} + } + if p.ClientPrivate != nil { + aux.ClientPrivate = &cryptoParameter{Int: p.ClientPrivate} + } + if p.SessionKey != nil { + aux.SessionKey = &cryptoParameter{Int: p.SessionKey} + } + return json.Marshal(aux) +} + +// UnmarshalJSON implement the json.Unmarshaler interface +func (p *DHParams) UnmarshalJSON(b []byte) error { + var aux auxDHParams + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + if aux.Prime != nil { + p.Prime = aux.Prime.Int + } + if aux.Generator != nil { + p.Generator = aux.Generator.Int + } + if aux.ServerPublic != nil { + p.ServerPublic = aux.ServerPublic.Int + } + if aux.ServerPrivate != nil { + p.ServerPrivate = aux.ServerPrivate.Int + } + if aux.ClientPublic != nil { + p.ClientPublic = aux.ClientPublic.Int + } + if aux.ClientPrivate != nil { + p.ClientPrivate = aux.ClientPrivate.Int + } + if aux.SessionKey != nil { + p.SessionKey = aux.SessionKey.Int + } + return nil +} + +// CryptoParameter represents a big.Int used a parameter in some cryptography. +// It serializes to json as a tupe of a base64-encoded number and a length in +// bits. +type cryptoParameter struct { + *big.Int +} + +type auxCryptoParameter struct { + Raw []byte `json:"value"` + Length int `json:"length"` +} + +// MarshalJSON implements the json.Marshaler interface +func (p *cryptoParameter) MarshalJSON() ([]byte, error) { + var aux auxCryptoParameter + if p.Int != nil { + aux.Raw = p.Bytes() + aux.Length = 8 * len(aux.Raw) + } + return json.Marshal(&aux) +} + +// UnmarshalJSON implements the json.Unmarshal interface +func (p *cryptoParameter) UnmarshalJSON(b []byte) error { + var aux auxCryptoParameter + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + p.Int = new(big.Int) + p.SetBytes(aux.Raw) + return nil +} diff --git a/tools/keys/dhe_test.go b/tools/keys/dhe_test.go new file mode 100644 index 0000000..c625e9d --- /dev/null +++ b/tools/keys/dhe_test.go @@ -0,0 +1,71 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "encoding/json" + "math/big" + "testing" + + . "gopkg.in/check.v1" +) + +func TestDHE(t *testing.T) { TestingT(t) } + +// from testdata/test1024dh.pem +var test1024Prime = []byte{0x00, 0xAE, 0x6A, 0xFA, 0xE1, 0x1D, 0x60, 0x76, 0x64, 0x56, 0x17, 0x01, 0x55, 0x14, 0xF0, 0x38, 0x71, 0xA0, 0x9E, 0xA2, 0x0C, 0x02, 0x03, 0x0E, 0x35, 0xC7, 0xD4, 0x2D, 0x32, 0x6A, 0x61, 0x24, 0x72, 0xDE, 0x64, 0x53, 0xB7, 0xEA, 0xB4, 0x89, 0x51, 0xF9, 0x2E, 0x24, 0x6D, 0x1B, 0x18, 0xC4, 0xAA, 0xB5, 0x5C, 0x0C, 0x90, 0xEC, 0xF9, 0xA0, 0x3D, 0xD8, 0x09, 0xEF, 0x85, 0x6E, 0x74, 0xC3, 0xC2, 0x13, 0x42, 0x17, 0xAA, 0x68, 0x79, 0xFD, 0x9C, 0xB5, 0xED, 0x6E, 0x3A, 0x31, 0xE7, 0x86, 0xCA, 0x08, 0xBC, 0xE6, 0xE7, 0x65, 0xCB, 0xB2, 0x08, 0xEA, 0x8C, 0x21, 0x3C, 0xE6, 0x0E, 0x66, 0xDD, 0x5E, 0x7D, 0x04, 0x57, 0xD8, 0xE4, 0xB3, 0x0B, 0xEF, 0x40, 0x71, 0x0C, 0xA1, 0xE2, 0x12, 0x75, 0x80, 0x92, 0x85, 0x22, 0x6E, 0xCF, 0x37, 0x43, 0x48, 0x27, 0x4C, 0x21, 0x22, 0xE6, 0xC7, 0xE3} +var testGenerator = []byte{0x02} + +type DHESuite struct { + prime1024 *cryptoParameter + generator *cryptoParameter + param1024 *DHParams +} + +var _ = Suite(&DHESuite{}) + +func (s *DHESuite) SetUpTest(c *C) { + s.prime1024 = new(cryptoParameter) + s.prime1024.Int = new(big.Int) + s.prime1024.SetBytes(test1024Prime) + s.generator = new(cryptoParameter) + s.generator.Int = new(big.Int) + s.generator.SetBytes(testGenerator) + s.param1024 = new(DHParams) + s.param1024.Prime = s.prime1024.Int + s.param1024.Generator = s.generator.Int +} + +func (s *DHESuite) TestEncodeDecodeCryptoParameter(c *C) { + b, err := json.Marshal(s.prime1024) + c.Assert(err, IsNil) + c.Assert(b, NotNil) + var dec cryptoParameter + err = json.Unmarshal(b, &dec) + c.Assert(err, IsNil) + cmp := dec.Cmp(s.prime1024.Int) + c.Check(cmp, Equals, 0) +} + +func (s *DHESuite) TestEncodeDecodeDHParams(c *C) { + b, err := json.Marshal(s.param1024) + c.Assert(err, IsNil) + c.Assert(b, NotNil) + var dec DHParams + err = json.Unmarshal(b, &dec) + c.Assert(err, IsNil) + c.Check(dec.Prime.Cmp(s.param1024.Prime), Equals, 0) + c.Check(dec.Generator.Cmp(s.param1024.Generator), Equals, 0) +} diff --git a/tools/keys/ecdhe.go b/tools/keys/ecdhe.go new file mode 100644 index 0000000..459d90b --- /dev/null +++ b/tools/keys/ecdhe.go @@ -0,0 +1,106 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "crypto/elliptic" + "encoding/json" + "math/big" +) + +// TLSCurveID is the type of a TLS identifier for an elliptic curve. See +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 +type TLSCurveID uint16 + +type ECDHPrivateParams struct { + Value []byte `json:"value,omitempty"` + Length int `json:"length,omitempty"` +} + +// ECDHParams stores elliptic-curve Diffie-Hellman paramters.At any point in +// time, it is unlikely that both ServerPrivate and ClientPrivate will be non-nil. +type ECDHParams struct { + TLSCurveID TLSCurveID `json:"curve_id,omitempty"` + Curve elliptic.Curve `json:"-"` + ServerPublic *ECPoint `json:"server_public,omitempty"` + ServerPrivate *ECDHPrivateParams `json:"server_private,omitempty"` + ClientPublic *ECPoint `json:"client_public,omitempty"` + ClientPrivate *ECDHPrivateParams `json:"client_private,omitempty"` +} + +// ECPoint represents an elliptic curve point and serializes nicely to JSON +type ECPoint struct { + X *big.Int + Y *big.Int +} + +// MarshalJSON implements the json.Marshler interface +func (p *ECPoint) MarshalJSON() ([]byte, error) { + aux := struct { + X *cryptoParameter `json:"x"` + Y *cryptoParameter `json:"y"` + }{ + X: &cryptoParameter{Int: p.X}, + Y: &cryptoParameter{Int: p.Y}, + } + return json.Marshal(&aux) +} + +// UnmarshalJSON implements the json.Unmarshler interface +func (p *ECPoint) UnmarshalJSON(b []byte) error { + aux := struct { + X *cryptoParameter `json:"x"` + Y *cryptoParameter `json:"y"` + }{} + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + p.X = aux.X.Int + p.Y = aux.Y.Int + return nil +} + +// Description returns the description field for the given ID. See +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 +func (c *TLSCurveID) Description() string { + if desc, ok := ecIDToName[*c]; ok { + return desc + } + return "unknown" +} + +// MarshalJSON implements the json.Marshaler interface +func (c *TLSCurveID) MarshalJSON() ([]byte, error) { + aux := struct { + Name string `json:"name"` + ID uint16 `json:"id"` + }{ + Name: c.Description(), + ID: uint16(*c), + } + return json.Marshal(&aux) +} + +//UnmarshalJSON implements the json.Unmarshaler interface +func (c *TLSCurveID) UnmarshalJSON(b []byte) error { + aux := struct { + ID uint16 `json:"id"` + }{} + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + *c = TLSCurveID(aux.ID) + return nil +} diff --git a/tools/keys/ecdhe_test.go b/tools/keys/ecdhe_test.go new file mode 100644 index 0000000..1d63576 --- /dev/null +++ b/tools/keys/ecdhe_test.go @@ -0,0 +1,80 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "crypto/rand" + "encoding/json" + "math/big" + "testing" + + . "gopkg.in/check.v1" +) + +func TestECDHE(t *testing.T) { TestingT(t) } + +type ECDHESuite struct{} + +var _ = Suite(&ECDHESuite{}) + +func (s *ECDHESuite) TestEncodeDecodeCurveID(c *C) { + for curve := range ecIDToName { + out, errEnc := json.Marshal(&curve) + c.Assert(errEnc, IsNil) + var back TLSCurveID + errDec := json.Unmarshal(out, &back) + c.Assert(errDec, IsNil) + c.Check(back, Equals, curve) + } +} + +func (s *ECDHESuite) TestEncodeDecodeECPoint(c *C) { + max := new(big.Int) + max.Exp(big.NewInt(2), big.NewInt(255), nil) + max.Sub(max, big.NewInt(19)) + x, errX := rand.Int(rand.Reader, max) + y, errY := rand.Int(rand.Reader, max) + c.Assert(errX, IsNil) + c.Assert(errY, IsNil) + p := ECPoint{ + X: x, + Y: y, + } + out, errEnc := json.Marshal(&p) + c.Assert(errEnc, IsNil) + c.Check(len(out), Not(Equals), 0) + var back ECPoint + errDec := json.Unmarshal(out, &back) + c.Assert(errDec, IsNil) +} + +func (s *ECDHESuite) TestCurveIDDescription(c *C) { + for curve, name := range ecIDToName { + c.Check(curve.Description(), Equals, name) + } + unk := TLSCurveID(6500) + c.Check(unk.Description(), Equals, "unknown") +} + +func (s *ECDHESuite) TestEncodeDecodeECParam(c *C) { + ecp := new(ECDHParams) + out, errEnc := json.Marshal(&ecp) + c.Assert(errEnc, IsNil) + c.Check(len(out), Not(Equals), 0) + back := new(ECDHParams) + errDec := json.Unmarshal(out, back) + c.Assert(errDec, IsNil) + c.Check(back, DeepEquals, ecp) +} diff --git a/tools/keys/names.go b/tools/keys/names.go new file mode 100644 index 0000000..282c814 --- /dev/null +++ b/tools/keys/names.go @@ -0,0 +1,113 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +// IANA-assigned curve ID values, see +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 +const ( + Sect163k1 TLSCurveID = 1 + Sect163r1 TLSCurveID = 2 + Sect163r2 TLSCurveID = 3 + Sect193r1 TLSCurveID = 4 + Sect193r2 TLSCurveID = 5 + Sect233k1 TLSCurveID = 6 + Sect233r1 TLSCurveID = 7 + Sect239k1 TLSCurveID = 8 + Sect283k1 TLSCurveID = 9 + Sect283r1 TLSCurveID = 10 + Sect409k1 TLSCurveID = 11 + Sect409r1 TLSCurveID = 12 + Sect571k1 TLSCurveID = 13 + Sect571r1 TLSCurveID = 14 + Secp160k1 TLSCurveID = 15 + Secp160r1 TLSCurveID = 16 + Secp160r2 TLSCurveID = 17 + Secp192k1 TLSCurveID = 18 + Secp192r1 TLSCurveID = 19 + Secp224k1 TLSCurveID = 20 + Secp224r1 TLSCurveID = 21 + Secp256k1 TLSCurveID = 22 + Secp256r1 TLSCurveID = 23 + Secp384r1 TLSCurveID = 24 + Secp521r1 TLSCurveID = 25 + BrainpoolP256r1 TLSCurveID = 26 + BrainpoolP384r1 TLSCurveID = 27 + BrainpoolP512r1 TLSCurveID = 28 +) + +var ecIDToName map[TLSCurveID]string +var ecNameToID map[string]TLSCurveID + +func init() { + ecIDToName = make(map[TLSCurveID]string, 64) + ecIDToName[Sect163k1] = "sect163k1" + ecIDToName[Sect163r1] = "sect163r1" + ecIDToName[Sect163r2] = "sect163r2" + ecIDToName[Sect193r1] = "sect193r1" + ecIDToName[Sect193r2] = "sect193r2" + ecIDToName[Sect233k1] = "sect233k1" + ecIDToName[Sect233r1] = "sect233r1" + ecIDToName[Sect239k1] = "sect239k1" + ecIDToName[Sect283k1] = "sect283k1" + ecIDToName[Sect283r1] = "sect283r1" + ecIDToName[Sect409k1] = "sect409k1" + ecIDToName[Sect409r1] = "sect409r1" + ecIDToName[Sect571k1] = "sect571k1" + ecIDToName[Sect571r1] = "sect571r1" + ecIDToName[Secp160k1] = "secp160k1" + ecIDToName[Secp160r1] = "secp160r1" + ecIDToName[Secp160r2] = "secp160r2" + ecIDToName[Secp192k1] = "secp192k1" + ecIDToName[Secp192r1] = "secp192r1" + ecIDToName[Secp224k1] = "secp224k1" + ecIDToName[Secp224r1] = "secp224r1" + ecIDToName[Secp256k1] = "secp256k1" + ecIDToName[Secp256r1] = "secp256r1" + ecIDToName[Secp384r1] = "secp384r1" + ecIDToName[Secp521r1] = "secp521r1" + ecIDToName[BrainpoolP256r1] = "brainpoolp256r1" + ecIDToName[BrainpoolP384r1] = "brainpoolp384r1" + ecIDToName[BrainpoolP512r1] = "brainpoolp512r1" + + ecNameToID = make(map[string]TLSCurveID, 64) + ecNameToID["sect163k1"] = Sect163k1 + ecNameToID["sect163r1"] = Sect163r1 + ecNameToID["sect163r2"] = Sect163r2 + ecNameToID["sect193r1"] = Sect193r1 + ecNameToID["sect193r2"] = Sect193r2 + ecNameToID["sect233k1"] = Sect233k1 + ecNameToID["sect233r1"] = Sect233r1 + ecNameToID["sect239k1"] = Sect239k1 + ecNameToID["sect283k1"] = Sect283k1 + ecNameToID["sect283r1"] = Sect283r1 + ecNameToID["sect409k1"] = Sect409k1 + ecNameToID["sect409r1"] = Sect409r1 + ecNameToID["sect571k1"] = Sect571k1 + ecNameToID["sect571r1"] = Sect571r1 + ecNameToID["secp160k1"] = Secp160k1 + ecNameToID["secp160r1"] = Secp160r1 + ecNameToID["secp160r2"] = Secp160r2 + ecNameToID["secp192k1"] = Secp192k1 + ecNameToID["secp192r1"] = Secp192r1 + ecNameToID["secp224k1"] = Secp224k1 + ecNameToID["secp224r1"] = Secp224r1 + ecNameToID["secp256k1"] = Secp256k1 + ecNameToID["secp256r1"] = Secp256r1 + ecNameToID["secp384r1"] = Secp384r1 + ecNameToID["secp521r1"] = Secp521r1 + ecNameToID["brainpoolp256r1"] = BrainpoolP256r1 + ecNameToID["brainpoolp384r1"] = BrainpoolP384r1 + ecNameToID["brainpoolp512r1"] = BrainpoolP512r1 +} diff --git a/tools/keys/rsa.go b/tools/keys/rsa.go new file mode 100644 index 0000000..b6ab58e --- /dev/null +++ b/tools/keys/rsa.go @@ -0,0 +1,65 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "crypto/rsa" + "encoding/json" + "fmt" + "math/big" +) + +type RSAPublicKey struct { + *rsa.PublicKey +} + +type auxRSAPublicKey struct { + Exponent int `json:"exponent"` + Modulus []byte `json:"modulus"` + Length int `json:"length"` +} + +type RSAClientParams struct { + Length uint16 `json:"length,omitempty"` + EncryptedPMS []byte `json:"encrypted_pre_master_secret,omitempty"` +} + +// MarshalJSON implements the json.Marshal interface +func (rp *RSAPublicKey) MarshalJSON() ([]byte, error) { + var aux auxRSAPublicKey + if rp.PublicKey != nil { + aux.Exponent = rp.E + aux.Modulus = rp.N.Bytes() + aux.Length = len(aux.Modulus) * 8 + } + return json.Marshal(&aux) +} + +// UnmarshalJSON implements the json.Unmarshal interface +func (rp *RSAPublicKey) UnmarshalJSON(b []byte) error { + var aux auxRSAPublicKey + if err := json.Unmarshal(b, &aux); err != nil { + return err + } + if rp.PublicKey == nil { + rp.PublicKey = new(rsa.PublicKey) + } + rp.E = aux.Exponent + rp.N = big.NewInt(0).SetBytes(aux.Modulus) + if len(aux.Modulus)*8 != aux.Length { + return fmt.Errorf("mismatched length (got %d, field specified %d)", len(aux.Modulus), aux.Length) + } + return nil +} diff --git a/tools/keys/rsa_test.go b/tools/keys/rsa_test.go new file mode 100644 index 0000000..8d6a483 --- /dev/null +++ b/tools/keys/rsa_test.go @@ -0,0 +1,51 @@ +/* + * ZGrab Copyright 2015 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package keys + +import ( + "crypto/rsa" + "encoding/json" + "math/big" + "testing" + + . "gopkg.in/check.v1" +) + +func TestRSA(t *testing.T) { TestingT(t) } + +var test4096Modulus = []byte{0xD4, 0x0C, 0xE0, 0x39, 0x57, 0xAA, 0x36, 0x31, 0x89, 0x38, 0xD0, 0xDE, 0x36, 0xFF, 0xDF, 0x03, 0xD7, 0x98, 0xA5, 0xD9, 0x21, 0x98, 0xA4, 0x94, 0xBE, 0x2B, 0x22, 0x5B, 0x9A, 0xFF, 0x94, 0x75, 0xEA, 0x7E, 0x2E, 0x13, 0x59, 0x83, 0x2E, 0x34, 0x2E, 0xF0, 0x3B, 0x14, 0x83, 0x8F, 0xAB, 0x84, 0x51, 0x74, 0xA6, 0x0F, 0xE9, 0x69, 0x21, 0x8A, 0xEC, 0x8D, 0x1F, 0xCF, 0x73, 0x88, 0xAA, 0x75, 0xF4, 0x8D, 0x56, 0xD2, 0xEA, 0xBE, 0x49, 0xB2, 0xE6, 0x16, 0xC1, 0x4D, 0x9A, 0x2D, 0x78, 0x59, 0xFA, 0xE9, 0x32, 0xF3, 0x59, 0xA7, 0x95, 0xFB, 0x44, 0x3D, 0x88, 0xC7, 0xCE, 0x08, 0xE9, 0xE4, 0xAD, 0x93, 0x3F, 0x44, 0x49, 0xEF, 0x06, 0x0A, 0x16, 0xC9, 0xF9, 0x5B, 0xEB, 0x1F, 0x74, 0xCB, 0x68, 0x33, 0xCC, 0xB1, 0x2A, 0x8C, 0xA6, 0x18, 0x43, 0xC9, 0x9A, 0xD2, 0x36, 0x7E, 0x9F, 0x45, 0x04, 0xE6, 0xED, 0x7E, 0x02, 0x48, 0x7A, 0x8C, 0xEE, 0x84, 0x14, 0x08, 0xEC, 0x3C, 0x49, 0xFC, 0xE9, 0x68, 0xFE, 0xE5, 0x41, 0x4D, 0x6D, 0x1B, 0xCF, 0xE6, 0x1D, 0xC9, 0xCA, 0x4B, 0x09, 0xE3, 0xB5, 0x73, 0x2B, 0xF4, 0xA5, 0xEF, 0x05, 0x2B, 0x29, 0x49, 0xC8, 0xE6, 0xE7, 0x0C, 0xBA, 0xE4, 0x4F, 0xE9, 0x0F, 0xAA, 0x52, 0xFB, 0xA5, 0x01, 0x85, 0x8B, 0x03, 0x22, 0x17, 0xCF, 0xD5, 0x0F, 0x52, 0xE9, 0xFE, 0xAE, 0x89, 0x28, 0x8F, 0x13, 0x34, 0x5F, 0x3E, 0xD2, 0xFC, 0x3E, 0x27, 0x86, 0x37, 0xD2, 0x15, 0xFE, 0x36, 0x9C, 0xF6, 0x18, 0x8F, 0x09, 0xC4, 0x1F, 0x93, 0x57, 0xCE, 0x73, 0x70, 0xFA, 0xF6, 0x05, 0x8C, 0xA8, 0x70, 0xE0, 0x08, 0xF4, 0xFD, 0xA7, 0xFA, 0x08, 0x80, 0x46, 0xD7, 0xF7, 0x6B, 0xF6, 0x3B, 0xDF, 0xA4, 0x3E, 0xAC, 0xD1, 0x8D, 0x5D, 0xA9, 0x85, 0xFE, 0xC6, 0x41, 0x57, 0x25, 0x48, 0xDF, 0x26, 0xD5, 0x4C, 0xEF, 0xB2, 0xB8, 0x1A, 0xAA, 0x4E, 0x9F, 0x12, 0x80, 0xFC, 0x1D, 0x0E, 0x45, 0x65, 0xBF, 0x77, 0x9F, 0x8E, 0x1E, 0x9D, 0xBD, 0x8F, 0xA8, 0x6F, 0xD6, 0x22, 0x70, 0x87, 0x3D, 0x92, 0xF8, 0x85, 0x75, 0x8C, 0xFA, 0xE6, 0x39, 0x56, 0x3B, 0x51, 0x4D, 0xAE, 0x69, 0x44, 0x19, 0x5E, 0xA5, 0x36, 0xD5, 0x60, 0x61, 0xE4, 0x8B, 0x2F, 0xAF, 0xB2, 0x55, 0xC1, 0x59, 0xF0, 0x32, 0xA6, 0xCC, 0x92, 0x19, 0x25, 0xED, 0x91, 0x15, 0x4F, 0x43, 0x7F, 0xB7, 0x0E, 0x3C, 0x42, 0x31, 0xCA, 0x5E, 0xCA, 0xC0, 0x5C, 0xDE, 0xB8, 0x95, 0x5C, 0x08, 0xDF, 0x15, 0xE3, 0x05, 0x3A, 0xBC, 0xA9, 0x57, 0xF1, 0x6F, 0xA6, 0xBB, 0xA6, 0x14, 0x43, 0xDE, 0x62, 0xD4, 0x91, 0xAC, 0x73, 0x7A, 0x4D, 0x09, 0xBC, 0xF6, 0xD0, 0xB7, 0xA9, 0xEE, 0x6E, 0x00, 0xE4, 0x9A, 0x14, 0x39, 0x30, 0xBE, 0xBC, 0x33, 0x66, 0x4A, 0xD3, 0x3F, 0xC8, 0x12, 0x73, 0x75, 0x62, 0x75, 0x0E, 0xDA, 0xEB, 0x77, 0xBA, 0x6D, 0x4F, 0x2F, 0x44, 0x58, 0xD8, 0x89, 0xE2, 0xDF, 0xE4, 0x89, 0x6B, 0xC0, 0x4F, 0xF0, 0xB3, 0xEE, 0x44, 0x65, 0xCF, 0xA4, 0xA6, 0x1A, 0x0F, 0x1A, 0x08, 0xC3, 0xF5, 0xB0, 0x23, 0x10, 0x3B, 0xF2, 0xC2, 0x82, 0x2B, 0x73, 0xA7, 0x18, 0x31, 0x92, 0x86, 0x59, 0x36, 0x65, 0xF8, 0xF1, 0xD0, 0x29, 0x8F, 0x6B, 0x05, 0x3F, 0xCD, 0x56, 0x30, 0xD2, 0x08, 0x12, 0x49, 0x4D, 0x20, 0xC3, 0xB5, 0x8C, 0x48, 0x5C, 0x02, 0xAE, 0x0C, 0x09, 0x47, 0xBD, 0xE5, 0xE9, 0xE7, 0x0C, 0x27, 0xC7, 0x15, 0xCE, 0xC7, 0x3F, 0x87, 0x22, 0x20, 0xE8, 0x6D, 0x8D, 0x8A, 0x6E, 0x73, 0xF1, 0x04, 0x9F, 0x55, 0xA2, 0xF6, 0xB6, 0x10, 0x42, 0x3E, 0xE2, 0x70, 0x98, 0x7F} + +type RSASuite struct { + pk4096 *RSAPublicKey +} + +var _ = Suite(&RSASuite{}) + +func (s *RSASuite) SetUpTest(c *C) { + s.pk4096 = new(RSAPublicKey) + s.pk4096.PublicKey = new(rsa.PublicKey) + s.pk4096.E = 65537 + s.pk4096.N = big.NewInt(0).SetBytes(test4096Modulus) +} + +func (s *RSASuite) TestEncodeDecode(c *C) { + b, err := json.Marshal(s.pk4096) + c.Assert(err, IsNil) + c.Assert(b, NotNil) + var dec RSAPublicKey + err = json.Unmarshal(b, &dec) + c.Assert(err, IsNil) + c.Check(&dec, DeepEquals, s.pk4096) +} diff --git a/tools/keys/testdata/test1024dh.pem b/tools/keys/testdata/test1024dh.pem new file mode 100644 index 0000000..535c2c7 --- /dev/null +++ b/tools/keys/testdata/test1024dh.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAK5q+uEdYHZkVhcBVRTwOHGgnqIMAgMONcfULTJqYSRy3mRTt+q0iVH5 +LiRtGxjEqrVcDJDs+aA92AnvhW50w8ITQheqaHn9nLXtbjox54bKCLzm52XLsgjq +jCE85g5m3V59BFfY5LML70BxDKHiEnWAkoUibs83Q0gnTCEi5sfjAgEC +-----END DH PARAMETERS----- diff --git a/tools/keys/testdata/test4096.pem b/tools/keys/testdata/test4096.pem new file mode 100644 index 0000000..f2654dc --- /dev/null +++ b/tools/keys/testdata/test4096.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA1AzgOVeqNjGJONDeNv/fA9eYpdkhmKSUvisiW5r/lHXqfi4T +WYMuNC7wOxSDj6uEUXSmD+lpIYrsjR/Pc4iqdfSNVtLqvkmy5hbBTZoteFn66TLz +WaeV+0Q9iMfOCOnkrZM/REnvBgoWyflb6x90y2gzzLEqjKYYQ8ma0jZ+n0UE5u1+ +Akh6jO6EFAjsPEn86Wj+5UFNbRvP5h3JyksJ47VzK/Sl7wUrKUnI5ucMuuRP6Q+q +UvulAYWLAyIXz9UPUun+rokojxM0Xz7S/D4nhjfSFf42nPYYjwnEH5NXznNw+vYF +jKhw4Aj0/af6CIBG1/dr9jvfpD6s0Y1dqYX+xkFXJUjfJtVM77K4GqpOnxKA/B0O +RWW/d5+OHp29j6hv1iJwhz2S+IV1jPrmOVY7UU2uaUQZXqU21WBh5Isvr7JVwVnw +MqbMkhkl7ZEVT0N/tw48QjHKXsrAXN64lVwI3xXjBTq8qVfxb6a7phRD3mLUkaxz +ek0JvPbQt6nubgDkmhQ5ML68M2ZK0z/IEnN1YnUO2ut3um1PL0RY2Ini3+SJa8BP +8LPuRGXPpKYaDxoIw/WwIxA78sKCK3OnGDGShlk2Zfjx0CmPawU/zVYw0ggSSU0g +w7WMSFwCrgwJR73l6ecMJ8cVzsc/hyIg6G2Nim5z8QSfVaL2thBCPuJwmH8CAwEA +AQKCAgEAjsoY1yQ8HwAeWh7z8+862ph8VvmukN4Ktz/OhAcMoYkBnXQjXXxjSYpu +BCqdKMqjcEJvbHmNbKPjBGjuRes6dfF2l4exwO9Zw2yBQGNYyRk2R4AitDWQXkGm +eguppwDxFxz3VmG+zb9PdzQt/FcTS8FgWC7Y6xsRbdw9H97IRzGvyl0UJC9wLqSS +VfdoNHTSFM66DeB6ZcV7qoZWkp0TDL3rzyaP8jL1zHi+CxZ80QDa+qKs2/JOO4cU +g8iaZj4fcoLVF+yOXkHdW2Gvq2GjNdMy6dJkLi/de7xkz6plT0UXSDcQp5XpZEND +zecmDEFs8xLOJWJOB4iY0QczkesEEny0MyXs2YgALDrFkttqR4V05TB/0UPt9vmX +Nm8pCZGfozWmCaPVB7HgWTbyyGa7Hokyq+2H6wtDy3quD3aPzy4A1W2BKlCDCUFG +oW/k4pK40JN4F2MWXFpYYn8QW7m7NQhLjrNgzIJ/op/4rdX8MI1vxuYAU/Kbfs+W +0I/4WnJBbtYN6RSveN7bEt5z4A5ZhWbURLTW/tum7BhjPisJ9ir47jOeLCv1pL+l +tO4iwcLy1IqFFRwSBXpRe0wxWDwTA2ZlV6iQrWKnBMKDs6Segnv51ELsvSjRZNZ9 +nY28ippWzCt7zkFrIKvyhHNOCARknAls1fJsFNC3VaCWNLUz16ECggEBAOqhOWq3 +ffSokFS5caMTx5EDWmu1FzE8cKoJDVevwdHAv3riiItp8zmtbzNjjnVE2Qt0GEP1 +woQD4E/JDFmoFaZX7ggEko7Lfsabv+x6ITyL0N5a0JlyOpFt61khpHGR3BN7SsaP +80KbUMoLF/oMBdrkQfc7N/yGLY+4K3tYAtqj/tn+HXw64+vKOitHkkNx2lETPvWF +v+0R7wIBbWOpJJZJJJAsOFMw/+iCDaHURkCtK8Zp/EVlq0z886sOSxorYLrgJ+1i +Dacjxpe2X3i2OeL95LsFQ8qwDWRLcs0KoGeg10G0+00jfMyuZMWCmuFuidSfT+t3 +/KamPMy7IhNBDg8CggEBAOddLJCLZ1hxt7ch+Pn5Vpr1yzIsyZh4xwwVkWniJ120 +aimq7CDDJ1ScRcNnRIw22MLE29yQIUbk8TvFJS33YwU+tkLjBg7pgfqR0duhue+R +J4Jq/W5KBnv+Uc4/Mp3RXjzGvdGW8amrsGdFi/sx2bGAFcIRRXtwJdxGxi/BCRHk +UbK2GyDPap/4gpwvzp7QSzYotUxo10ekG8INaEU7Cp25FjshTW54nY4SJQYefWL/ +lViSqXIDQZelunrg24n/nAqulwUjVFeqWQZIo0ukogba54oRPkDxTR6OVy5kWPMx +mKI4Qx8u6/yaGaHoTx9rhQkWRS5rb/PcjtIHM2PQPpECggEAVtMqqC8W0T6/ilrF +jo93PlZ7U3hECNhQ6NtIsLY9hx1IvnSuCsk+VI21pNKmmQbNOsvPXvbG8Ituqpe/ +lj35JQFM+HKYuXbchyqDr0LSodErjd0VbHM08TQ371ffvpc3VY4+cZQ7dN582weX +69QfJo1pS9ACO9R7b7+7d31uMPKXEJxU1PAF/+9p7zIhEgxDudTha4H/L/9+7sMQ +c9zXyTVv7louzbpIOQZHfSdMiAqNNHNsA1JIPcktcpNrf1emCAGDRPkQDFXU27eF +ROpKKZHC3uJn382eZwr0hKP2D+MZRRtwE2+aczPl3qEiJ2H8Z049COnx+Mlznl9x +kKZ2SQKCAQAm6D9PS3IkqHL5pAfnmaubwYvbMzbvohfvC0153eM62dUkjq7Iz6i0 +jNcahio73hlTn6FNlRtTfbqnj36yHTEUt7gUxXLGXTRTe+QrqCXJiMJ5Jx7ZRi+S ++HCvW2darNPJKq7PKTAYlVvD8ikZJAf01pJSIW9q07A6O9imPTMWRCwM/pzPRrIq +lrL4Kv33LRYI1I2wfMz/KjTUzEZlpgkh/vcjGHWaB0SPmLOLNONnG4306C0AlFWa +d+9FLL0eltKZ5URWQ9uyJl50NRDo7pWky3k2ebHbX/jVE6DLl2px8zw0w3teKhjb +UNrQpG1x3jXwEkOuC7k27DdEUJuuxF1RAoIBAQDDObyAVl7JQvCvEKjsayPfHmyQ +/Jav29/SrIEWH3DZu4/aXa5bwaSe4thWlMHp1aidpia18D2y9gABimPNBKZADTMs +GSyXwm5kO4oCAH1MuV6LaFjTNH6P5y8v1Ul17cphIgcWjaKoz4DTQzYaD6I6EZxE +tADHJlMYezlr64shcmjyP/He+x7J1cwF3j+c2ffXmn4EzcU9NDvgYs0YMRsRuoD/ +uEK1DukCPPb3CRS4flgdIsTWvjQeLXbgYlB+v94L9OKJm4MEpApBXIy6+26JxeBf +KOc8qq/4qn1Xi9WiJif6chcn2Vglj585f/ugAO3ZshsGNXeFoqa0awl64ZJY +-----END RSA PRIVATE KEY-----