public void TestAnswerSSH2_AGENTC_REMOVE_ALL_IDENTITIES()
{
Agent agent = new TestAgent(allKeys);
/* test that remove all keys removes keys */
PrepareSimpleMessage(Agent.Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
int actualKeyCount = agent.GetAllKeys()
.Count(key => key.Version != SshVersion.SSH2);
int expectedKeyCount = allKeys.Count(key => key.Version != SshVersion.SSH2);
Assert.That(actualKeyCount, Is.EqualTo(expectedKeyCount));
/* test that remove all keys returns success even when there are no keys */
agent = new TestAgent();
PrepareSimpleMessage(Agent.Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
/* test that returns failure when locked */
agent.Lock(new byte[0]);
PrepareSimpleMessage(Agent.Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
}
public void TestAnswerSSH_AGENTC_LOCKandSSH_AGENTC_UNLOCK()
{
const string password = "******";
Agent agent = new TestAgent();
Assert.That(agent.IsLocked, Is.False, "Agent initial state was locked!");
bool agentLockedCalled = false;
Agent.BlobHeader replyHeader;
Agent.LockEventHandler agentLocked =
delegate(object aSender, Agent.LockEventArgs aEventArgs)
{
Assert.That(agentLockedCalled, Is.False,
"LockEvent fired without resetting agentLockedCalled");
agentLockedCalled = true;
};
agent.Locked += new Agent.LockEventHandler(agentLocked);
/* test that unlock does nothing when already unlocked */
PrepareLockMessage(false, password);
agentLockedCalled = false;
agent.AnswerMessage(stream);
RewindStream();
replyHeader = parser.ReadHeader();
Assert.That(replyHeader.Message,
Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE),
"Unlock should have failed because agent was already unlocked");
Assert.That(agent.IsLocked, Is.False, "Agent should still be unlocked");
Assert.That(agentLockedCalled, Is.False,
"agentLocked should not have been called because state did not change.");
/* test that locking works */
PrepareLockMessage(true, password);
agentLockedCalled = false;
agent.AnswerMessage(stream);
RewindStream();
replyHeader = parser.ReadHeader();
Assert.That(replyHeader.Message,
Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS),
"Locking should have succeeded");
Assert.That(agent.IsLocked, Is.True, "Agent should be locked");
Assert.That(agentLockedCalled, Is.True,
"agentLocked should have been called");
/* test that trying to lock when already locked fails */
PrepareLockMessage(true, password);
agentLockedCalled = false;
agent.AnswerMessage(stream);
RewindStream();
replyHeader = parser.ReadHeader();
Assert.That(replyHeader.Message,
Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE),
"Unlock should have failed because agent was already unlocked");
Assert.That(agent.IsLocked, Is.True, "Agent should still be locked");
Assert.That(agentLockedCalled, Is.False,
"agentLocked should not have been called because state did not change.");
/* test that unlocking with wrong password fails */
PrepareLockMessage(false, password + "x");
agentLockedCalled = false;
agent.AnswerMessage(stream);
RewindStream();
replyHeader = parser.ReadHeader();
Assert.That(replyHeader.Message,
Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE),
"Unlock should have failed because password was incorrect");
Assert.That(agent.IsLocked, Is.True, "Agent should still be locked");
Assert.That(agentLockedCalled, Is.False,
"agentLocked should not have been called because state did not change.");
/* test that unlocking works */
PrepareLockMessage(false, password);
agentLockedCalled = false;
agent.AnswerMessage(stream);
RewindStream();
replyHeader = parser.ReadHeader();
Assert.That(replyHeader.Message,
Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS),
"Unlock should have succeeded");
Assert.That(agent.IsLocked, Is.False, "Agent should be unlocked");
Assert.That(agentLockedCalled, Is.True,
"agentLocked should have been called");
agent.Locked -= new Agent.LockEventHandler(agentLocked);
}
public void TestAnswerSSH2_AGENTC_SIGN_REQUEST()
{
const string signatureData = "this is the data that gets signed";
byte[] signatureDataBytes = Encoding.UTF8.GetBytes(signatureData);
BlobBuilder builder = new BlobBuilder();
Agent agent = new TestAgent(allKeys);
Agent.BlobHeader header;
byte[] signatureBlob;
BlobParser signatureParser;
string algorithm;
byte[] signature;
ISigner signer;
bool signatureOk;
BigInteger r, s;
DerSequence seq;
/* test signatures */
foreach (ISshKey key in allKeys.Where(key => key.Version == SshVersion.SSH2)) {
builder.Clear();
builder.AddBlob(key.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
/* check that proper response type was received */
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
algorithm = signatureParser.ReadString();
Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString()));
signature = signatureParser.ReadBlob();
if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA) {
Assert.That(signature.Length == key.Size / 8);
} else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS) {
Assert.That(signature.Length, Is.EqualTo(40));
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521) {
Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8));
Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10));
BlobParser sigParser = new BlobParser(signature);
r = new BigInteger(sigParser.ReadBlob());
s = new BigInteger(sigParser.ReadBlob());
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ED25519) {
Assert.That(signature.Length, Is.EqualTo(64));
}
signer = key.GetSigner();
signer.Init(false, key.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
}
/* test DSA key old signature format */
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.AddInt((uint)Agent.SignRequestFlags.SSH_AGENT_OLD_SIGNATURE);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
signature = signatureParser.ReadBlob();
Assert.That(signature.Length == 40);
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
signer = dsaKey.GetSigner();
signer.Init(false, dsaKey.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
/* test key not found */
agent = new TestAgent();
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test confirm constraint */
agent = new TestAgent();
Agent.KeyConstraint testConstraint = new Agent.KeyConstraint();
testConstraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
SshKey testKey = dsaKey.Clone();
bool confirmCallbackReturnValue = false;
agent.ConfirmUserPermissionCallback = delegate(ISshKey k, Process p)
{
return confirmCallbackReturnValue;
};
testKey.AddConstraint(testConstraint);
agent.AddKey(testKey);
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
confirmCallbackReturnValue = true;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.Not.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
}
public void TestAnswerSSH2_AGENTC_REMOVE_IDENTITY()
{
Agent agent = new TestAgent(allKeys);
BlobBuilder builder = new BlobBuilder();
/* test remove key returns success when key is removed */
builder.AddBlob(rsaKey.GetPublicKeyBlob());
builder.InsertHeader(Agent.Message.SSH2_AGENTC_REMOVE_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
Assert.That(agent.GetAllKeys()
.SequenceEqual(allKeys.Where(key => key != rsaKey)));
/* test remove key returns failure when key does not exist */
int startCount = agent.GetAllKeys().Count();
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
Assert.That(agent.GetAllKeys().Count(), Is.EqualTo(startCount));
/* test returns failure when locked */
agent.Lock(new byte[0]);
startCount = agent.GetAllKeys().Count();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.InsertHeader(Agent.Message.SSH2_AGENTC_REMOVE_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
Assert.That(agent.GetAllKeys().Count(), Is.EqualTo(startCount));
}
public void TestAnswerSSH2_AGENTC_REQUEST_IDENTITIES()
{
Agent agent = new TestAgent(allKeys);
/* send request for SSH2 identities */
PrepareSimpleMessage(Agent.Message.SSH2_AGENTC_REQUEST_IDENTITIES);
agent.AnswerMessage(stream);
RewindStream();
/* check that we received proper response type */
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_IDENTITIES_ANSWER));
/* check that we received the correct key count */
UInt32 actualKeyCount = parser.ReadInt();
List<ISshKey> ssh2KeyList =
agent.GetAllKeys().Where(key => key.Version == SshVersion.SSH2).ToList();
int expectedSsh2KeyCount = ssh2KeyList.Count;
Assert.That(actualKeyCount, Is.EqualTo(expectedSsh2KeyCount));
/* check that we have data for each key */
for (int i = 0; i < actualKeyCount; i++) {
byte[] actualPublicKeyBlob = parser.ReadBlob();
byte[] expectedPublicKeyBlob =
ssh2KeyList[i].GetPublicKeyBlob();
Assert.That(actualPublicKeyBlob, Is.EqualTo(expectedPublicKeyBlob));
string actualComment = parser.ReadString();
string expectedComment = ssh2KeyList[i].Comment;
Assert.That(actualComment, Is.EqualTo(expectedComment));
}
/* verify that the overall response length is correct */
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
}
public void TestAnswerSSH1_AGENTC_RSA_CHALLENGE()
{
Agent agent = new TestAgent(allKeys);
/* test answering to RSA challenge */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
byte[] decryptedChallenge = new byte[8];
byte[] sessionId = new byte[16];
Random random = new Random();
random.NextBytes(decryptedChallenge);
random.NextBytes(sessionId);
IAsymmetricBlockCipher engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true, rsa1Key.GetPublicKeyParameters());
byte[] encryptedChallenge = engine.ProcessBlock(decryptedChallenge, 0,
decryptedChallenge.Length);
BigInteger chal = new BigInteger(encryptedChallenge);
builder.AddSsh1BigIntBlob(chal);
builder.AddBytes(sessionId);
builder.AddInt(1);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
byte[] md5Received = parser.ReadBytes(16);
/* check that proper response type was received */
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH1_AGENT_RSA_RESPONSE));
using (MD5 md5 = MD5.Create())
{
byte[] md5Buffer = new byte[48];
decryptedChallenge.CopyTo(md5Buffer, 0);
sessionId.CopyTo(md5Buffer, 32);
byte[] md5Expected = md5.ComputeHash(md5Buffer);
/* check the encrypted challenge was successfully read */
Assert.That(md5Received, Is.EqualTo(md5Expected));
}
}
public void TestAnswerSSH1_AGENTC_REQUEST_RSA_IDENTITIES()
{
Agent agent = new TestAgent(allKeys);
/* send request for SSH1 identities */
PrepareSimpleMessage(Agent.Message.SSH1_AGENTC_REQUEST_RSA_IDENTITIES);
agent.AnswerMessage(stream);
RewindStream();
/* check that we received proper response type */
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH1_AGENT_RSA_IDENTITIES_ANSWER));
/* check that we received the correct key count */
UInt32 actualKeyCount = parser.ReadInt();
List<ISshKey> ssh1KeyList =
agent.GetAllKeys().Where(key => key.Version == SshVersion.SSH1).ToList();
int expectedSsh1KeyCount = ssh1KeyList.Count;
Assert.That(actualKeyCount, Is.EqualTo(expectedSsh1KeyCount));
/* check that we have data for each key */
for (int i = 0; i < actualKeyCount; i++) {
uint actualKeySizeBlob = parser.ReadInt();
BigInteger actualExponentBlob = new BigInteger(1, parser.ReadSsh1BigIntBlob());
BigInteger actualModulusBlob = new BigInteger(1, parser.ReadSsh1BigIntBlob());
Assert.That(actualKeySizeBlob, Is.EqualTo(ssh1KeyList[i].Size));
Assert.That(actualModulusBlob, Is.EqualTo((ssh1KeyList[i].GetPublicKeyParameters() as RsaKeyParameters).Modulus));
Assert.That(actualExponentBlob, Is.EqualTo((ssh1KeyList[i].GetPublicKeyParameters() as RsaKeyParameters).Exponent));
string actualComment = parser.ReadString();
string expectedComment = ssh1KeyList[i].Comment;
Assert.That(actualComment, Is.EqualTo(expectedComment));
}
/* verify that the overall response length is correct */
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
}
public void TestAnswerSSH2_AGENTC_ADD_ID_CONSTRAINED()
{
/* most code is shared with SSH2_AGENTC_ADD_IDENTITY, so we just
* need to test the differences */
Agent.ConfirmUserPermissionDelegate confirmCallback =
delegate(ISshKey k, Process p) { return true; };
Agent agent = new TestAgent();
/* test that no confirmation callback returns failure */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsaKey.GetPrivateKeyParameters();
builder.AddStringBlob(rsaKey.Algorithm.GetIdentifierString());
builder.AddBigIntBlob(rsaParameters.Modulus);
builder.AddBigIntBlob(rsaParameters.PublicExponent);
builder.AddBigIntBlob(rsaParameters.Exponent);
builder.AddBigIntBlob(rsaParameters.QInv);
builder.AddBigIntBlob(rsaParameters.P);
builder.AddBigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsaKey.Comment);
//save blob so far so we don't have to repeat later.
byte[] commonBlob = builder.GetBlob();
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test adding key with confirm constraint */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
/* test adding key with lifetime constraint */
agent = new TestAgent();
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data.GetType(),
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME.GetDataType()));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
/* test adding key with multiple constraints */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[1].Data, Is.EqualTo(10));
/* test adding key with multiple constraints in different order */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[1].Data, Is.Null);
}
public void TestAnswerSSH2_AGENTC_ADD_IDENTITY()
{
Agent agent = new TestAgent();
/* test adding RSA key */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsaKey.GetPrivateKeyParameters();
builder.AddStringBlob(rsaKey.Algorithm.GetIdentifierString());
builder.AddBigIntBlob(rsaParameters.Modulus);
builder.AddBigIntBlob(rsaParameters.PublicExponent);
builder.AddBigIntBlob(rsaParameters.Exponent);
builder.AddBigIntBlob(rsaParameters.QInv);
builder.AddBigIntBlob(rsaParameters.P);
builder.AddBigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsaKey.Comment);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(rsaKey.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(rsaKey.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(rsaKey.GetMD5Fingerprint()));
/* test adding DSA key */
agent = new TestAgent();
builder.Clear();
DsaPublicKeyParameters dsaPublicParameters =
(DsaPublicKeyParameters)dsaKey.GetPublicKeyParameters();
DsaPrivateKeyParameters dsaPrivateParameters =
(DsaPrivateKeyParameters)dsaKey.GetPrivateKeyParameters();
builder.AddStringBlob(dsaKey.Algorithm.GetIdentifierString());
builder.AddBigIntBlob(dsaPublicParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicParameters.Y);
builder.AddBigIntBlob(dsaPrivateParameters.X);
builder.AddStringBlob(dsaKey.Comment);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<DsaKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<DsaKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(dsaKey.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(dsaKey.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(dsaKey.GetMD5Fingerprint()));
/* test adding ECDSA keys */
List<ISshKey> ecdsaKeysList = new List<ISshKey>();
ecdsaKeysList.Add(ecdsa256Key);
ecdsaKeysList.Add(ecdsa384Key);
ecdsaKeysList.Add(ecdsa521Key);
foreach (ISshKey key in ecdsaKeysList) {
agent = new TestAgent();
builder.Clear();
ECPublicKeyParameters ecdsaPublicParameters =
(ECPublicKeyParameters)key.GetPublicKeyParameters();
ECPrivateKeyParameters ecdsaPrivateParameters =
(ECPrivateKeyParameters)key.GetPrivateKeyParameters();
string ecdsaAlgorithm = key.Algorithm.GetIdentifierString();
builder.AddStringBlob(ecdsaAlgorithm);
ecdsaAlgorithm =
ecdsaAlgorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(ecdsaAlgorithm);
builder.AddBlob(ecdsaPublicParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateParameters.D);
builder.AddStringBlob(key.Comment);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<ECPublicKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<ECPrivateKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(key.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(key.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(key.GetMD5Fingerprint()));
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(0));
}
/* test adding key that already is in KeyList does not create duplicate */
int startingCount = agent.GetAllKeys().Count();
Assert.That(startingCount, Is.Not.EqualTo(0));
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
Assert.That(agent.GetAllKeys().Count(), Is.EqualTo(startingCount));
/* test locked => failure */
agent = new TestAgent();
agent.Lock(new byte[0]);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
Assert.That(agent.GetAllKeys().Count, Is.EqualTo(0));
}
public void TestAnswerSSH1_AGENTC_ADD_RSA_IDENTITY()
{
Agent agent = new TestAgent();
/* test adding RSA key */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaParameters.QInv);
builder.AddSsh1BigIntBlob(rsaParameters.P);
builder.AddSsh1BigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsa1Key.Comment);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(rsa1Key.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(rsa1Key.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(rsa1Key.GetMD5Fingerprint()));
}
public void TestAnswerUnknownRequest()
{
Agent agent = new TestAgent();
var unknownMessage = (byte)Agent.Message.UNKNOWN;
Assert.That(unknownMessage, Is.Not.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
PrepareSimpleMessage(unchecked((Agent.Message)(unknownMessage)));
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
}
