/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key
/// </summary>
public static void addConfirmConstraint(this ISshKey aKey)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
aKey.AddConstraint(constraint);
}
/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key
/// </summary>
public static void addLifetimeConstraint(this ISshKey aKey, uint aLifetime)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME;
constraint.Data = aLifetime;
aKey.AddConstraint(constraint);
}
public void AddConstraint(Agent.KeyConstraint aConstraint)
{
if ((aConstraint.Data == null && aConstraint.Type.GetDataType() != null) ||
(aConstraint.Data != null &&
aConstraint.Data.GetType() != aConstraint.Type.GetDataType()))
{
throw new ArgumentException("Malformed constraint", "aConstraint");
}
keyConstraints.Add(aConstraint);
}
public void TestAddConstrainedKey()
{
var agentClient = new TestAgentClient();
agentClient.Agent.ConfirmUserPermissionCallback = delegate
{
return true;
};
Agent.KeyConstraint constraint;
List<Agent.KeyConstraint> constraints = new List<Agent.KeyConstraint>();
constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
constraints.Add(constraint);
agentClient.AddKey(rsaKey, constraints);
Assert.That(agentClient.Agent.KeyCount, Is.EqualTo(1));
Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.Count,
Is.EqualTo(1));
Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.First().Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME;
constraint.Data = (uint)10;
constraints.Clear();
constraints.Add(constraint);
agentClient.AddKey(rsaKey, constraints);
Assert.That(agentClient.Agent.KeyCount, Is.EqualTo(1));
Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.Count,
Is.EqualTo(1));
Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.First().Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
}
/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key
/// </summary>
public static void addLifetimeConstraint(this ISshKey aKey, uint aLifetime)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME;
constraint.Data = aLifetime;
aKey.AddConstraint(constraint);
}
private void PageantAgent_KeyAdded(object sender,SshKeyEventArgs e)
{
if (Options.AlwaysConfirm && !e.Key.HasConstraint(
Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM))
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
e.Key.AddConstraint(constraint);
}
}
/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key
/// </summary>
public static void addConfirmConstraint(this ISshKey aKey)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
aKey.AddConstraint(constraint);
}
/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key
/// </summary>
public static void addConfirmConstraint(this ICollection<Agent.KeyConstraint> aKeyCollection)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
aKeyCollection.Add(constraint);
}
/// <summary>
/// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key
/// </summary>
public static void addLifetimeConstraint(this ICollection<Agent.KeyConstraint> aKeyCollection, uint aLifetime)
{
var constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME;
constraint.Data = aLifetime;
aKeyCollection.Add(constraint);
}
public void TestAnswerSSH2_AGENTC_SIGN_REQUEST()
{
const string signatureData = "this is the data that gets signed";
byte[] signatureDataBytes = Encoding.UTF8.GetBytes(signatureData);
BlobBuilder builder = new BlobBuilder();
Agent agent = new TestAgent(allKeys);
Agent.BlobHeader header;
byte[] signatureBlob;
BlobParser signatureParser;
string algorithm;
byte[] signature;
ISigner signer;
bool signatureOk;
BigInteger r, s;
DerSequence seq;
/* test signatures */
foreach (ISshKey key in allKeys.Where(key => key.Version == SshVersion.SSH2)) {
builder.Clear();
builder.AddBlob(key.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
/* check that proper response type was received */
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
algorithm = signatureParser.ReadString();
Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString()));
signature = signatureParser.ReadBlob();
if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA) {
Assert.That(signature.Length == key.Size / 8);
} else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS) {
Assert.That(signature.Length, Is.EqualTo(40));
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521) {
Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8));
Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10));
BlobParser sigParser = new BlobParser(signature);
r = new BigInteger(sigParser.ReadBlob());
s = new BigInteger(sigParser.ReadBlob());
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ED25519) {
Assert.That(signature.Length, Is.EqualTo(64));
}
signer = key.GetSigner();
signer.Init(false, key.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
}
/* test DSA key old signature format */
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.AddInt((uint)Agent.SignRequestFlags.SSH_AGENT_OLD_SIGNATURE);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
signature = signatureParser.ReadBlob();
Assert.That(signature.Length == 40);
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
signer = dsaKey.GetSigner();
signer.Init(false, dsaKey.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
/* test key not found */
agent = new TestAgent();
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test confirm constraint */
agent = new TestAgent();
Agent.KeyConstraint testConstraint = new Agent.KeyConstraint();
testConstraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
SshKey testKey = dsaKey.Clone();
bool confirmCallbackReturnValue = false;
agent.ConfirmUserPermissionCallback = delegate(ISshKey k, Process p)
{
return confirmCallbackReturnValue;
};
testKey.AddConstraint(testConstraint);
agent.AddKey(testKey);
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
confirmCallbackReturnValue = true;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.Not.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
}
public void TestOnKeyListChanged()
{
Agent agent = new TestAgent();
/* test that key with lifetime constraint is automatically removed *
* after lifetime expires */
AsymmetricCipherKeyPair keyPair =
new AsymmetricCipherKeyPair(rsaKey.GetPublicKeyParameters(),
rsaKey.GetPrivateKeyParameters());
ISshKey key = new SshKey(SshVersion.SSH2, keyPair);
Agent.KeyConstraint constraint = new Agent.KeyConstraint();
constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME;
constraint.Data = (UInt32)1;
key.AddConstraint(constraint);
agent.AddKey(key);
Thread.Sleep(500);
Assert.That(agent.GetAllKeys().Count, Is.EqualTo(1));
Thread.Sleep(1000);
Assert.That(agent.GetAllKeys().Count, Is.EqualTo(0));
}
