1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
22 // private key for mock server
23 const testServerPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
24 MIIEpAIBAAKCAQEA19lGVsTqIT5iiNYRgnoY1CwkbETW5cq+Rzk5v/kTlf31XpSU
25 70HVWkbTERECjaYdXM2gGcbb+sxpq6GtXf1M3kVomycqhxwhPv4Cr6Xp4WT/jkFx
26 9z+FFzpeodGJWjOH6L2H5uX1Cvr9EDdQp9t9/J32/qBFntY8GwoUI/y/1MSTmMiF
27 tupdMODN064vd3gyMKTwrlQ8tZM6aYuyOPsutLlUY7M5x5FwMDYvnPDSeyT/Iw0z
28 s3B+NCyqeeMd2T7YzQFnRATj0M7rM5LoSs7DVqVriOEABssFyLj31PboaoLhOKgc
29 qoM9khkNzr7FHVvi+DhYM2jD0DwvqZLN6NmnLwIDAQABAoIBAQCGVj+kuSFOV1lT
30 +IclQYA6bM6uY5mroqcSBNegVxCNhWU03BxlW//BE9tA/+kq53vWylMeN9mpGZea
31 riEMIh25KFGWXqXlOOioH8bkMsqA8S7sBmc7jljyv+0toQ9vCCtJ+sueNPhxQQxH
32 D2YvUjfzBQ04I9+wn30BByDJ1QA/FoPsunxIOUCcRBE/7jxuLYcpR+JvEF68yYIh
33 atXRld4W4in7T65YDR8jK1Uj9XAcNeDYNpT/M6oFLx1aPIlkG86aCWRO19S1jLPT
34 b1ZAKHHxPMCVkSYW0RqvIgLXQOR62D0Zne6/2wtzJkk5UCjkSQ2z7ZzJpMkWgDgN
35 ifCULFPBAoGBAPoMZ5q1w+zB+knXUD33n1J+niN6TZHJulpf2w5zsW+m2K6Zn62M
36 MXndXlVAHtk6p02q9kxHdgov34Uo8VpuNjbS1+abGFTI8NZgFo+bsDxJdItemwC4
37 KJ7L1iz39hRN/ZylMRLz5uTYRGddCkeIHhiG2h7zohH/MaYzUacXEEy3AoGBANz8
38 e/msleB+iXC0cXKwds26N4hyMdAFE5qAqJXvV3S2W8JZnmU+sS7vPAWMYPlERPk1
39 D8Q2eXqdPIkAWBhrx4RxD7rNc5qFNcQWEhCIxC9fccluH1y5g2M+4jpMX2CT8Uv+
40 3z+NoJ5uDTXZTnLCfoZzgZ4nCZVZ+6iU5U1+YXFJAoGBANLPpIV920n/nJmmquMj
41 orI1R/QXR9Cy56cMC65agezlGOfTYxk5Cfl5Ve+/2IJCfgzwJyjWUsFx7RviEeGw
42 64o7JoUom1HX+5xxdHPsyZ96OoTJ5RqtKKoApnhRMamau0fWydH1yeOEJd+TRHhc
43 XStGfhz8QNa1dVFvENczja1vAoGABGWhsd4VPVpHMc7lUvrf4kgKQtTC2PjA4xoc
44 QJ96hf/642sVE76jl+N6tkGMzGjnVm4P2j+bOy1VvwQavKGoXqJBRd5Apppv727g
45 /SM7hBXKFc/zH80xKBBgP/i1DR7kdjakCoeu4ngeGywvu2jTS6mQsqzkK+yWbUxJ
46 I7mYBsECgYB/KNXlTEpXtz/kwWCHFSYA8U74l7zZbVD8ul0e56JDK+lLcJ0tJffk
47 gqnBycHj6AhEycjda75cs+0zybZvN4x65KZHOGW/O/7OAWEcZP5TPb3zf9ned3Hl
48 NsZoFj52ponUM6+99A2CmezFCN16c4mbA//luWF+k3VVqR6BpkrhKw==
49 -----END RSA PRIVATE KEY-----`
51 const testClientPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
52 MIIBOwIBAAJBALdGZxkXDAjsYk10ihwU6Id2KeILz1TAJuoq4tOgDWxEEGeTrcld
53 r/ZwVaFzjWzxaf6zQIJbfaSEAhqD5yo72+sCAwEAAQJBAK8PEVU23Wj8mV0QjwcJ
54 tZ4GcTUYQL7cF4+ezTCE9a1NrGnCP2RuQkHEKxuTVrxXt+6OF15/1/fuXnxKjmJC
55 nxkCIQDaXvPPBi0c7vAxGwNY9726x01/dNbHCE0CBtcotobxpwIhANbbQbh3JHVW
56 2haQh4fAG5mhesZKAGcxTyv4mQ7uMSQdAiAj+4dzMpJWdSzQ+qGHlHMIBvVHLkqB
57 y2VdEyF7DPCZewIhAI7GOI/6LDIFOvtPo6Bj2nNmyQ1HU6k/LRtNIXi4c9NJAiAr
58 rrxx26itVhJmcvoUhOjwuzSlP2bE5VHAvkGB352YBg==
59 -----END RSA PRIVATE KEY-----`
61 // keychain implements the ClientPublickey interface
62 type keychain struct {
66 func (k *keychain) Key(i int) (interface{}, error) {
67 if i < 0 || i >= len(k.keys) {
70 switch key := k.keys[i].(type) {
72 return key.PublicKey, nil
74 return key.PublicKey, nil
76 panic("unknown key type")
79 func (k *keychain) Sign(i int, rand io.Reader, data []byte) (sig []byte, err error) {
80 hashFunc := crypto.SHA1
84 switch key := k.keys[i].(type) {
86 return rsa.SignPKCS1v15(rand, key, hashFunc, digest)
88 return nil, errors.New("unknown key type")
91 func (k *keychain) loadPEM(file string) error {
92 buf, err := ioutil.ReadFile(file)
96 block, _ := pem.Decode(buf)
98 return errors.New("ssh: no key found")
100 r, err := x509.ParsePKCS1PrivateKey(block.Bytes)
104 k.keys = append(k.keys, r)
108 // password implements the ClientPassword interface
111 func (p password) Password(user string) (string, error) {
112 return string(p), nil
115 // reused internally by tests
117 rsakey *rsa.PrivateKey
118 dsakey *dsa.PrivateKey
119 clientKeychain = new(keychain)
120 clientPassword = password("tiger")
121 serverConfig = &ServerConfig{
122 PasswordCallback: func(user, pass string) bool {
123 return user == "testuser" && pass == string(clientPassword)
125 PubKeyCallback: func(user, algo string, pubkey []byte) bool {
126 key := clientKeychain.keys[0].(*rsa.PrivateKey).PublicKey
127 expected := []byte(serializePublickey(key))
128 algoname := algoName(key)
129 return user == "testuser" && algo == algoname && bytes.Equal(pubkey, expected)
135 if err := serverConfig.SetRSAPrivateKey([]byte(testServerPrivateKey)); err != nil {
136 panic("unable to set private key: " + err.Error())
139 block, _ := pem.Decode([]byte(testClientPrivateKey))
140 rsakey, _ = x509.ParsePKCS1PrivateKey(block.Bytes)
142 clientKeychain.keys = append(clientKeychain.keys, rsakey)
143 dsakey = new(dsa.PrivateKey)
144 // taken from crypto/dsa/dsa_test.go
145 dsakey.P, _ = new(big.Int).SetString("A9B5B793FB4785793D246BAE77E8FF63CA52F442DA763C440259919FE1BC1D6065A9350637A04F75A2F039401D49F08E066C4D275A5A65DA5684BC563C14289D7AB8A67163BFBF79D85972619AD2CFF55AB0EE77A9002B0EF96293BDD0F42685EBB2C66C327079F6C98000FBCB79AACDE1BC6F9D5C7B1A97E3D9D54ED7951FEF", 16)
146 dsakey.Q, _ = new(big.Int).SetString("E1D3391245933D68A0714ED34BBCB7A1F422B9C1", 16)
147 dsakey.G, _ = new(big.Int).SetString("634364FC25248933D01D1993ECABD0657CC0CB2CEED7ED2E3E8AECDFCDC4A25C3B15E9E3B163ACA2984B5539181F3EFF1A5E8903D71D5B95DA4F27202B77D2C44B430BB53741A8D59A8F86887525C9F2A6A5980A195EAA7F2FF910064301DEF89D3AA213E1FAC7768D89365318E370AF54A112EFBA9246D9158386BA1B4EEFDA", 16)
148 dsakey.Y, _ = new(big.Int).SetString("32969E5780CFE1C849A1C276D7AEB4F38A23B591739AA2FE197349AEEBD31366AEE5EB7E6C6DDB7C57D02432B30DB5AA66D9884299FAA72568944E4EEDC92EA3FBC6F39F53412FBCC563208F7C15B737AC8910DBC2D9C9B8C001E72FDC40EB694AB1F06A5A2DBD18D9E36C66F31F566742F11EC0A52E9F7B89355C02FB5D32D2", 16)
149 dsakey.X, _ = new(big.Int).SetString("5078D4D29795CBE76D3AACFE48C9AF0BCDBEE91A", 16)
152 // newMockAuthServer creates a new Server bound to
153 // the loopback interface. The server exits after
154 // processing one handshake.
155 func newMockAuthServer(t *testing.T) string {
156 l, err := Listen("tcp", "127.0.0.1:0", serverConfig)
158 t.Fatalf("unable to newMockAuthServer: %s", err)
165 t.Errorf("Unable to accept incoming connection: %v", err)
168 if err := c.Handshake(); err != nil {
169 // not Errorf because this is expected to
170 // fail for some tests.
171 t.Logf("Handshaking error: %v", err)
175 return l.Addr().String()
178 func TestClientAuthPublickey(t *testing.T) {
179 config := &ClientConfig{
182 ClientAuthPublickey(clientKeychain),
185 c, err := Dial("tcp", newMockAuthServer(t), config)
187 t.Fatalf("unable to dial remote side: %s", err)
192 func TestClientAuthPassword(t *testing.T) {
193 config := &ClientConfig{
196 ClientAuthPassword(clientPassword),
200 c, err := Dial("tcp", newMockAuthServer(t), config)
202 t.Fatalf("unable to dial remote side: %s", err)
207 func TestClientAuthWrongPassword(t *testing.T) {
208 wrongPw := password("wrong")
209 config := &ClientConfig{
212 ClientAuthPassword(wrongPw),
213 ClientAuthPublickey(clientKeychain),
217 c, err := Dial("tcp", newMockAuthServer(t), config)
219 t.Fatalf("unable to dial remote side: %s", err)
224 // the mock server will only authenticate ssh-rsa keys
225 func TestClientAuthInvalidPublickey(t *testing.T) {
227 kc.keys = append(kc.keys, dsakey)
228 config := &ClientConfig{
231 ClientAuthPublickey(kc),
235 c, err := Dial("tcp", newMockAuthServer(t), config)
238 t.Fatalf("dsa private key should not have authenticated with rsa public key")
242 // the client should authenticate with the second key
243 func TestClientAuthRSAandDSA(t *testing.T) {
245 kc.keys = append(kc.keys, dsakey, rsakey)
246 config := &ClientConfig{
249 ClientAuthPublickey(kc),
252 c, err := Dial("tcp", newMockAuthServer(t), config)
254 t.Fatalf("client could not authenticate with rsa key: %v", err)