github.com/psiphon-labs/psiphon-tunnel-core@v2.0.28+incompatible/psiphon/common/crypto/ssh/ssh_gss_test.go (about)

     1  package ssh
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  )
     7  
     8  func TestParseGSSAPIPayload(t *testing.T) {
     9  	payload := []byte{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x06, 0x09,
    10  		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02}
    11  	res, err := parseGSSAPIPayload(payload)
    12  	if err != nil {
    13  		t.Fatal(err)
    14  	}
    15  	if ok := res.OIDS[0].Equal(krb5Mesh); !ok {
    16  		t.Fatalf("got %v, want %v", res, krb5Mesh)
    17  	}
    18  }
    19  
    20  func TestBuildMIC(t *testing.T) {
    21  	sessionID := []byte{134, 180, 134, 194, 62, 145, 171, 82, 119, 149, 254, 196, 125, 173, 177, 145, 187, 85, 53,
    22  		183, 44, 150, 219, 129, 166, 195, 19, 33, 209, 246, 175, 121}
    23  	username := "testuser"
    24  	service := "ssh-connection"
    25  	authMethod := "gssapi-with-mic"
    26  	expected := []byte{0, 0, 0, 32, 134, 180, 134, 194, 62, 145, 171, 82, 119, 149, 254, 196, 125, 173, 177, 145, 187, 85, 53, 183, 44, 150, 219, 129, 166, 195, 19, 33, 209, 246, 175, 121, 50, 0, 0, 0, 8, 116, 101, 115, 116, 117, 115, 101, 114, 0, 0, 0, 14, 115, 115, 104, 45, 99, 111, 110, 110, 101, 99, 116, 105, 111, 110, 0, 0, 0, 15, 103, 115, 115, 97, 112, 105, 45, 119, 105, 116, 104, 45, 109, 105, 99}
    27  	result := buildMIC(string(sessionID), username, service, authMethod)
    28  	if string(result) != string(expected) {
    29  		t.Fatalf("buildMic: got %v, want %v", result, expected)
    30  	}
    31  }
    32  
    33  type exchange struct {
    34  	outToken      string
    35  	expectedToken string
    36  }
    37  
    38  type FakeClient struct {
    39  	exchanges []*exchange
    40  	round     int
    41  	mic       []byte
    42  	maxRound  int
    43  }
    44  
    45  func (f *FakeClient) InitSecContext(target string, token []byte, isGSSDelegCreds bool) (outputToken []byte, needContinue bool, err error) {
    46  	if token == nil {
    47  		if f.exchanges[f.round].expectedToken != "" {
    48  			err = fmt.Errorf("got empty token, want %q", f.exchanges[f.round].expectedToken)
    49  		} else {
    50  			outputToken = []byte(f.exchanges[f.round].outToken)
    51  		}
    52  	} else {
    53  		if string(token) != string(f.exchanges[f.round].expectedToken) {
    54  			err = fmt.Errorf("got %q, want token %q", token, f.exchanges[f.round].expectedToken)
    55  		} else {
    56  			outputToken = []byte(f.exchanges[f.round].outToken)
    57  		}
    58  	}
    59  	f.round++
    60  	needContinue = f.round < f.maxRound
    61  	return
    62  }
    63  
    64  func (f *FakeClient) GetMIC(micField []byte) ([]byte, error) {
    65  	return f.mic, nil
    66  }
    67  
    68  func (f *FakeClient) DeleteSecContext() error {
    69  	return nil
    70  }
    71  
    72  type FakeServer struct {
    73  	exchanges   []*exchange
    74  	round       int
    75  	expectedMIC []byte
    76  	srcName     string
    77  	maxRound    int
    78  }
    79  
    80  func (f *FakeServer) AcceptSecContext(token []byte) (outputToken []byte, srcName string, needContinue bool, err error) {
    81  	if token == nil {
    82  		if f.exchanges[f.round].expectedToken != "" {
    83  			err = fmt.Errorf("got empty token, want %q", f.exchanges[f.round].expectedToken)
    84  		} else {
    85  			outputToken = []byte(f.exchanges[f.round].outToken)
    86  		}
    87  	} else {
    88  		if string(token) != string(f.exchanges[f.round].expectedToken) {
    89  			err = fmt.Errorf("got %q, want token %q", token, f.exchanges[f.round].expectedToken)
    90  		} else {
    91  			outputToken = []byte(f.exchanges[f.round].outToken)
    92  		}
    93  	}
    94  	f.round++
    95  	needContinue = f.round < f.maxRound
    96  	srcName = f.srcName
    97  	return
    98  }
    99  
   100  func (f *FakeServer) VerifyMIC(micField []byte, micToken []byte) error {
   101  	if string(micToken) != string(f.expectedMIC) {
   102  		return fmt.Errorf("got MICToken %q, want %q", micToken, f.expectedMIC)
   103  	}
   104  	return nil
   105  }
   106  
   107  func (f *FakeServer) DeleteSecContext() error {
   108  	return nil
   109  }