%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/twisted/conch/test/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/twisted/conch/test/__pycache__/test_transport.cpython-312.pyc

�

Ϫ�f�����UdZddlZddlZddlZddlZddlZddlmZmZm	Z	m
Z
mZddlm
Z
mZmZmZmZddlmZddlmZddlmZmZmZddlmZdd	lmZdd
lm Z ddl!m"Z"ddl#m$Z$dd
l%m&Z&ddl'm(Z(ddl)m*Z*e&d�Z+ee,e-d<e+rDdZ.ddl/m0Z0ddl1m2Z2ddl3m4Z4ddl5m6Z6m7Z7ddlm8Z8m9Z9m:Z:m;Z;ddl<m=Z=e2�j}�Z?n$e+sdZ.dZ?Gd�d�Z;Gd�d�Z9Gd�d�Z8d �Z@d!�ZAGd"�d#e;j��ZCGd$�d%�ZDGd&�d'�ZEGd(�d)ej��ZGGd*�d+e9j��ZIGd,�d-eI�ZJGd.�d/eI�ZKd0�ZLGd1�d2e*�ZMGd3�d4�ZNGd5�d6�ZOGd7�d8�ZPGd9�d:�ZQGd;�d<�ZRGd=�d>eReM�ZSGd?�d@eR�ZTGdA�dBeTeNeM�ZUGdC�dDeTeOeM�ZVGdE�dFeTePeM�ZWe@GdG�dHeTeQeM��ZXGdI�dJ�ZYGdK�dLeY�ZZGdM�dNeZeM�Z[GdO�dPeZ�Z\GdQ�dRe\eNeM�Z]GdS�dTe\eOeM�Z^GdU�dVeZ�Z_GdW�dXe_ePeM�Z`e@GdY�dZe_eQeM��ZaGd[�d\eY�ZbGd]�d^ebeM�ZcGd_�d`eb�ZdGda�dbedeNeM�ZeGdc�ddedeOeM�ZfGde�dfeb�ZgGdg�dhegePeM�Zhe@Gdi�djegeQeM��ZiGdk�dle*�ZjGdm�dne*�ZkGdo�dpe*�Zly)qz5
Tests for ssh/transport.py and the classes therein.
�N)�md5�sha1�sha256�sha384�sha512)�Dict�List�Optional�Tuple�Type)�__version__)�
ConchError)�_kex�address�service)�defer)�loopback)�	randbytes)�	iterbytes��insecureRandom)�
requireModule)�
proto_helpers)�TestCase�cryptography�dependencySkip)�UnsupportedAlgorithm)�default_backend)�
serialization)�dh�ec)�common�factory�keys�	transport)�keydatazcan't run without cryptographyFc�H�eZdZGd�d�ZGd�d�ZGd�d�Zy)r%c��eZdZy)�transport.SSHTransportBaseN��__name__�
__module__�__qualname__���C/usr/lib/python3/dist-packages/twisted/conch/test/test_transport.py�SSHTransportBaser)2���r/r1c��eZdZy)�transport.SSHServerTransportNr*r.r/r0�SSHServerTransportr45r2r/r5c��eZdZy)�transport.SSHClientTransportNr*r.r/r0�SSHClientTransportr78r2r/r8N)r+r,r-r1r5r8r.r/r0r%r%1s ��	�	�	�	�	�	r/r%c� �eZdZGd�d�Zy)r#c��eZdZy)�factory.SSHFactoryNr*r.r/r0�
SSHFactoryr;<r2r/r<N)r+r,r-r<r.r/r0r#r#;s��	�	r/r#c��eZdZed��Zy)r"c��y)Nr/r.)�self�args  r0�NSz	common.NS@s��r/N)r+r,r-�classmethodrAr.r/r0r"r"?s��	�	�
�	r/r"c� �tsd|_|S)Nz#x25519 not supported on this system)�X25519_SUPPORTED�skip��fs r0�skipWithoutX25519rHEs���6����Hr/c�B�tjt|||��S)z3
    Return the MP version of C{(x ** y) % z}.
    )r"�MP�pow)�x�y�zs   r0�_MPpowrOKs���9�9�S��A�q�\�"�"r/c�4�eZdZdZd�Zd�Zd�Zd�Zd�Zd�Z	y)	�MockTransportBasean
    A base class for the client and server protocols.  Stores the messages
    it receives instead of ignoring them.

    @ivar errors: a list of tuples: (reasonCode, description)
    @ivar unimplementeds: a list of integers: sequence number
    @ivar debugs: a list of tuples: (alwaysDisplay, message, lang)
    @ivar ignoreds: a list of strings: ignored data
    c��tjj|�g|_g|_g|_g|_d|_y)z,
        Set up instance variables.
        N)r%r1�connectionMade�errors�unimplementeds�debugs�ignoreds�gotUnsupportedVersion�r?s r0rSz MockTransportBase.connectionMade]s=��	�"�"�1�1�$�7���� ��������
�%)��"r/c�P�||_tjj||�S)zZ
        Intercept unsupported version call.

        @type remoteVersion: L{str}
        )rXr%r1�_unsupportedVersionReceived)r?�
remoteVersions  r0r[z-MockTransportBase._unsupportedVersionReceivedhs*��&3��"��)�)�E�E��-�
�	
r/c�>�|jj||f�y)zp
        Store any errors received.

        @type reasonCode: L{int}
        @type description: L{str}
        N�rT�append)r?�
reasonCode�descriptions   r0�receiveErrorzMockTransportBase.receiveErrorss��	
�����J��4�5r/c�:�|jj|�y)zX
        Store any unimplemented packet messages.

        @type seqnum: L{int}
        N)rUr_)r?�seqnums  r0�receiveUnimplementedz&MockTransportBase.receiveUnimplemented|s��	
���"�"�6�*r/c�@�|jj|||f�y)z�
        Store any debug messages.

        @type alwaysDisplay: L{bool}
        @type message: L{str}
        @type lang: L{str}
        N)rVr_)r?�
alwaysDisplay�message�langs    r0�receiveDebugzMockTransportBase.receiveDebug�s��	
�����M�7�D�9�:r/c�:�|jj|�y)zG
        Store any ignored data.

        @type packet: L{str}
        N)rWr_�r?�packets  r0�
ssh_IGNOREzMockTransportBase.ssh_IGNORE�s��	
�
�
���V�$r/N)
r+r,r-�__doc__rSr[rbrerjrnr.r/r0rQrQRs%���	*�	
�6�+�;�%r/rQc�^�eZdZdZdZdZdZdZdZdZ	dZ
dZdZdZ
dZdZd�Zd	�Zd
�Zd�Zd�Zy
)�
MockCipherzH
    A mocked-up version of twisted.conch.ssh.transport.SSHCiphers.
    �test��F)Nr/r/rtr.c��d|_t|�|jzdk7r:tdt|�|jt|�|jzfz��|S)z~
        Called to encrypt the packet.  Simply record that encryption was used
        and return the data unchanged.
        Tr�*length %i modulo blocksize %i is not 0: %i)�usedEncrypt�len�encBlockSize�RuntimeError�r?rLs  r0�encryptzMockCipher.encrypt��c��
 �����F�T�&�&�&�1�,��<��q�6�4�,�,�c�!�f�t�7H�7H�.H�I�J��
��r/c��d|_t|�|jzdk7r:tdt|�|jt|�|jzfz��|S)z~
        Called to decrypt the packet.  Simply record that decryption was used
        and return the data unchanged.
        Trrv)�usedDecryptrxryrz�decBlockSizer{s  r0�decryptzMockCipher.decrypt�r}r/c��t|f�S)zs
        Make a Message Authentication Code by sending the character value of
        the outgoing packet.
        ��bytes)r?�outgoingPacketSequence�payloads   r0�makeMACzMockCipher.makeMAC�s��
�,�.�/�/r/c� �t|f�|k(S)zy
        Verify the Message Authentication Code by checking that the packet
        sequence number is the same.
        r�)r?�incomingPacketSequencerm�macDatas    r0�verifyzMockCipher.verify�s��
�,�.�/�7�:�:r/c��||||||f|_y)z"
        Record the keys.
        N)r$)r?�ivOut�keyOut�ivIn�keyIn�macIn�macOuts       r0�setKeyszMockCipher.setKeys�s���F�D�%���?��	r/N)r+r,r-ro�
outCipTypery�	inCipTyper��	inMACType�
outMACType�verifyDigestSizerwr�outMAC�inMACr$r|r�r�r�r�r.r/r0rqrq�s`����J��L��I��L��I��J����K��K�
 �F��E�
�D���0�;�@r/rqc�"�eZdZdZd�Zd�Zd�Zy)�MockCompressionz�
    A mocked-up compression, based on the zlib interface.  Instead of
    compressing, it reverses the data and adds a 0x66 byte to the end.
    c��|ddd�S�N���r.�r?r�s  r0�compresszMockCompression.compress�s���t��t�}�r/c��|ddddd�Sr�r.r�s  r0�
decompresszMockCompression.decompress�s���s��|�D�b�D�!�!r/c��y)N�fr.�r?�kinds  r0�flushzMockCompression.flush�s��r/N)r+r,r-ror�r�r�r.r/r0r�r��s���
�"�r/r�c�>�eZdZdZdZdZdZddd�Zd�Zd�Z	d	�Z
d
�Zy)�MockServicez�
    A mocked-up service, based on twisted.conch.ssh.service.SSHService.

    @ivar started: True if this service has been started.
    @ivar stopped: True if this service has been stopped.
    �MockServiceF�MSG_TEST�MSG_fiction)��Gc��y)Nr�r.rYs r0�	logPrefixzMockService.logPrefix�s��r/c��d|_y)z6
        Record that the service was started.
        TN)�startedrYs r0�serviceStartedzMockService.serviceStarted������r/c��d|_y)z6
        Record that the service was stopped.
        TN)�stoppedrYs r0�serviceStoppedzMockService.serviceStopped�r�r/c�<�|jjd|�y)z:
        A message that this service responds to.
        r�N)r%�
sendPacketrls  r0�ssh_TESTzMockService.ssh_TESTs��	
���!�!�$��/r/N)r+r,r-ro�namer�r��protocolMessagesr�r�r�r�r.r/r0r�r��s7����D��G��G�(�m�<�����0r/r�c�J�eZdZdZdeiZd�Zd�Zdee	e
ee	e	fffd�Zy)�MockFactoryzL
    A mocked-up factory based on twisted.conch.ssh.factory.SSHFactory.
    �ssh-userauthc��tjjtj�tjjtj
�d�S)zG
        Return the public keys that authenticate this server.
        ��ssh-rsasssh-dsa)r$�Key�
fromStringr&�publicRSA_openssh�publicDSA_opensshrYs r0�
getPublicKeyszMockFactory.getPublicKeyss>��
���+�+�G�,E�,E�F����+�+�G�,E�,E�F�
�	
r/c��tjjtj�tjjtj
�d�S)zH
        Return the private keys that authenticate this server.
        r�)r$r�r�r&�privateRSA_openssh�privateDSA_opensshrYs r0�getPrivateKeyszMockFactory.getPrivateKeyss>��
���+�+�G�,F�,F�G����+�+�G�,F�,F�G�
�	
r/�returnc�:�tjd�}|gdgd�S)a/
        Diffie-Hellman primes that can be used for key exchange algorithms
        that use group exchange to establish a prime / generator group.

        @return: The primes and generators.
        @rtype: L{dict} mapping the key size to a C{list} of
            C{(generator, prime)} tuple.
        �diffie-hellman-group14-sha1)��)�i)r�getDHGeneratorAndPrime)r?�group14s  r0�	getPrimeszMockFactory.getPrimes$s$���-�-�.L�M���i��x�0�0r/N)
r+r,r-ror��servicesr�r�r�intr	rr�r.r/r0r�r�s@��� ��-�H�
�
�1�4��T�%��S��/�%:� :�;�1r/r�c��eZdZdZd�Zy)�MockOldFactoryPublicKeysz�
    The old SSHFactory returned mappings from key names to strings from
    getPublicKeys().  We return those here for testing.
    c��tj|�}|j�ddD]\}}|j�||<�|S)zJ
        We used to map key types to public key blobs as strings.
        N)r�r��items�blob�r?r$r��keys    r0r�z&MockOldFactoryPublicKeys.getPublicKeys<sG���(�(��.��#�����a��	$�I�D�#�����D��J�	$��r/N)r+r,r-ror�r.r/r0r�r�6����
r/r�c��eZdZdZd�Zy)�MockOldFactoryPrivateKeysz�
    The old SSHFactory returned mappings from key names to cryptography key
    objects from getPrivateKeys().  We return those here for testing.
    c��tj|�}|j�ddD]\}}|j||<�|S)zG
        We used to map key types to cryptography key objects.
        N)r�r�r��	keyObjectr�s    r0r�z(MockOldFactoryPrivateKeys.getPrivateKeysLsE���)�)�$�/��#�����a��	'�I�D�#����D��J�	'��r/N)r+r,r-ror�r.r/r0r�r�Fr�r/r�c
�>�|j}|j}|j�}td�t	d|dz
d�D��}t|||�}	t
j|t
j|t
j||���jt��|_tj |jj#�j%�j&�|_y#t$rtd|�d|�d|�d���wxYw)	Nc3�&K�|]	}d|z���y�w)�	Nr.)�.0rLs  r0�	<genexpr>z)generatePredictableKey.<locals>.<genexpr>Zs����4��C�1�H�4�s�r��z
p=z
g=z
x=�
)�p�g�
bit_length�sum�rangerKr �DHPrivateNumbers�DHPublicNumbers�DHParameterNumbers�private_keyr�dhSecretKey�
ValueError�printr"rJ�
public_key�public_numbersrM�dhSecretKeyPublicMP)r%r�r��bitsrLrMs      r0�generatePredictableKeyr�Vs������A����A��<�<�>�D��4�e�A�t�a�x��3�4�4�A�	�A�q�!��A�� "� 3� 3�
�r�!�!�!�R�%:�%:�1�a�%@�A�!
�
�+�o�'�
(�	��%+�I�I����(�(�*�9�9�;�=�=�%�I�!����
��Q�C�t�A�3�d�1�#�R�(�)�
��s
�AC<�< Dc�Z�eZdZUdZdZeeeje	d<e
re
Zd�Zd�Z
d�Zy)�TransportTestCasez.
    Base class for transport test cases.
    N�klassc���tj��_�j��_g�_d�}�j
td|�tjt�j��j_�fd�}�jj�j�|�j_
y)Nc��d|zS)z;
            Return a consistent entropy value
            ��r.)rxs r0�secureRandomz-TransportTestCase.setUp.<locals>.secureRandomys���S�=� r/rc�@���jj||f�y�N)�packetsr_)�messageTyper�r?s  �r0�stubSendPacketz/TransportTestCase.setUp.<locals>.stubSendPacket�s����L�L����g� 6�7r/)r�StringTransportr%r��protor�patchr�types�
MethodTyper��_startEphemeralDH�makeConnectionr�)r?rrs`  r0�setUpzTransportTestCase.setUpts����&�6�6�8����Z�Z�\��
����	!�	
�
�
�9�n�l�;�',�'7�'7�"�D�J�J�(
��
�
�$�	8�	
�
�
�!�!�$�.�.�1� .��
�
�r/c��|jd�|jtj|j�|jdd�|j|_y)z�
        Deliver enough additional messages to C{proto} so that the key exchange
        which is started in L{SSHTransportBase.connectionMade} completes and
        non-key exchange messages can be sent and received.
        sSSH-2.0-BogoClient-1.2i
�foosbarN)�dataReceived�dispatchMessager%�MSG_KEXINIT�_A_KEXINIT_MESSAGE�	_keySetup�_KEY_EXCHANGE_NONE�_keyExchangeState�r?r
s  r0�finishKeyExchangez#TransportTestCase.finishKeyExchange�sM��	���9�:�
���i�3�3�T�5L�5L�M�
�����'�#(�":�":��r/c��|jj|j_g|j_|jj	||�y)z�
        Finish a key exchange by calling C{_keySetup} with the given arguments.
        Also do extra whitebox stuff to satisfy that method's assumption that
        some kind of key exchange has actually taken place.
        N)r
�_KEY_EXCHANGE_REQUESTEDr�_blockedByKeyExchanger)r?�sharedSecret�exchangeHashs   r0�simulateKeyExchangez%TransportTestCase.simulateKeyExchange�s:��(,�z�z�'I�'I��
�
�$�+-��
�
�(��
�
���\�<�8r/)r+r,r-ror�r
rr%r1�__annotations__rrErrr!r.r/r0r�r�js:���9=�E�8�D��3�3�4�5�<����/�.;�"9r/r�c��eZdZdZdZeZy)�DHGroupExchangeSHA1Mixinz=
    Mixin for diffie-hellman-group-exchange-sha1 tests.
    �"diffie-hellman-group-exchange-sha1N)r+r,r-ro�kexAlgorithmr�
hashProcessorr.r/r0r$r$�s���9�L��Mr/r$c��eZdZdZdZeZy)�DHGroupExchangeSHA256Mixinz?
    Mixin for diffie-hellman-group-exchange-sha256 tests.
    �$diffie-hellman-group-exchange-sha256N�r+r,r-ror&rr'r.r/r0r)r)�s���;�L��Mr/r)c��eZdZdZdZeZy)�	ECDHMixinz8
    Mixin for elliptic curve diffie-hellman tests.
    �ecdh-sha2-nistp256Nr+r.r/r0r-r-�s���)�L��Mr/r-c��eZdZdZdZeZy)�Curve25519SHA256Mixinz,
    Mixin for curve25519-sha256 tests.
    scurve25519-sha256Nr+r.r/r0r0r0�s���(�L��Mr/r0c�@�eZdZUdZeZeeeje
d<y)�BaseSSHTransportBaseCasez,
    Base case for TransportBase tests.
    r�N)r+r,r-rorQr�r
rr%r1r"r.r/r0r2r2�s$���9J�E�8�D��3�3�4�5�Ir/r2c��eZdZdZereZdejd�zejd�zejd�zejd�zejd�zejd�zejd�zejd�zejd�zejd�zd	zd
zZd�Z	d�Z
d
�Zd�Zd�Z
d�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd �Zd!�Zd"�Z d#�Z!d$�Z"d%�Z#d&�Z$d'�Z%d(�Z&d)�Z'd*�Z(d+�Z)d,�Z*d-�Z+d.�Z,d/�Z-d0�Z.d1�Z/d2�Z0d3�Z1d4�Z2d5�Z3y6)7�BaseSSHTransportTestszs
    Test TransportBase. It implements the non-server/client specific
    parts of the SSH transport protocol.
    �����������������r�r��
aes256-ctr�	hmac-sha1�noner/��c�d�|jj�jdd�d}|j|dt	j
d�z�|j
d�td�d}dd	jd
�tjD��zdz}|j||�y)a
        Test that the first thing sent over the connection is the version
        string.  The 'softwareversion' part must consist of printable
        US-ASCII characters, with the exception of whitespace characters and
        the minus sign.

        RFC 4253, section 4.2.
        �
rtrsSSH-2.0-Twisted_�asciizSSH-2.0-Nz^(�|c3�tK�|]0}|dk7s�	|j�r�tj|����2y�w)�-N)�isspace�re�escape)r��cs  r0r�z9BaseSSHTransportTests.test_sendVersion.<locals>.<genexpr>�s+�����!"�!�s�(�1�9�9�;��	�	�!���s�
8�8�8z)*$)r%�value�split�assertEqual�twisted_version�encode�decoderx�join�string�	printable�assertRegex)r?�version�softwareVersion�softwareVersionRegexs    r0�test_sendVersionz&BaseSSHTransportTests.test_sendVersion�s����.�.�&�&�(�.�.�w��:�1�=������"5��8N�8N�w�8W�"W�X�!�.�.��1�#�j�/�2C�D��
��h�h��&,�&6�&6���
��	
�	�	
����*>�?r/c��t�}|j|j�|jd�|jd�|jd�|j	|jj
�|jd�|j
|jj
�|jd|jj��y)z�
        When the peer is not sending its SSH version but keeps sending data,
        the connection is disconnected after 4KB to prevent buffering too
        much and running our of memory.
        sSSH-2-Server-Identifiers�1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890s1235678s1234567s%Preventing a denial of service attackN)	rQrr%r�assertFalse�
disconnecting�
assertTrue�assertInrE�r?�suts  r0�'test_dataReceiveVersionNotSentMemoryDOSz=BaseSSHTransportTests.test_dataReceiveVersionNotSentMemoryDOSs��� �!�����4�>�>�*�	���3�4����,�-�����$�������5�5�6�	����$�	
������4�4�5��
�
�>����@T�@T�@V�Wr/c�:�t�}|j|j�|j|�|jj	�td�}d}|j
||�|jj�}|j|d�y)a@
        Test that plain (unencrypted, uncompressed) packets are sent
        correctly.  The format is::
            uint32 length (including type and padding length)
            byte padding length
            byte type
            bytes[length-padding length-2] data
            bytes[padding length] padding
        �A�BCDEFGsABCDEFG����N)	rQrr%r�clear�ordr�rErG)r?r
rhr�rEs     r0�test_sendPacketPlainz*BaseSSHTransportTests.test_sendPacketPlains}��"�#��
���T�^�^�,����u�%��������c�(����
����'�*����$�$�&������ N�Or/c��t�}|j|j�|j|�t	�x|_}t
d�}d}|jj�|j||�|j|j�|jj�}|j|d�y)z�
        Test that packets sent while encryption is enabled are sent
        correctly.  The whole packet should be encrypted.
        r\�BCs
ABC����N)
rQrr%rrq�currentEncryptionsr_r^r�rVrwrErG�r?r
�
testCipherrhr�rEs      r0�test_sendPacketEncryptedz.BaseSSHTransportTests.test_sendPacketEncrypted-s���
"�#��
���T�^�^�,����u�%�0:��<�� �:��c�(����������
����'�*����
�.�.�/����$�$�&������
�	
r/c�P�t�}|j|j�|j|�t	�|_|jj
�|jtd�d�|jj�}|j|d�y)z�
        Test that packets sent while compression is enabled are sent
        correctly.  The packet type and data should be encrypted.
        r\�BsBAf��������N)rQrr%rr��outgoingCompressionr^r�r_rErG)r?r
rEs   r0�test_sendPacketCompressedz/BaseSSHTransportTests.test_sendPacketCompressedJs���
"�#��
���T�^�^�,����u�%�$3�$5��!�������
����S��4�(����$�$�&������P�	
r/c��t�}|j|j�|j|�t	�x|_}t
�|_td�}d}|jj�|j||�|j|j�|jj�}|j|d�y)z�
        Test that packets sent while compression and encryption are
        enabled are sent correctly.  The packet type and data should be
        compressed and then the whole packet should be encrypted.
        r\rbs	CBAf���������N)rQrr%rrqrcr�rir_r^r�rVrwrErGrds      r0�test_sendPacketBothz)BaseSSHTransportTests.test_sendPacketBothZs���"�#��
���T�^�^�,����u�%�0:��<�� �:�$3�$5��!��c�(����������
����'�*����
�.�.�/����$�$�&������
�	
r/c��t�}|j|j�|j|�|jj	�|jt
d�d�|jj�dz|_|j|j�d�|j|jd�y)zt
        Test that packets are retrieved correctly out of the buffer when
        no encryption is enabled.
        r\rbsextrasABCN)rQrr%rr^r�r_rE�bufrG�	getPacketrs  r0�test_getPacketPlainz)BaseSSHTransportTests.test_getPacketPlainys���
"�#��
���T�^�^�,����u�%�������
����S��5�)��N�N�(�(�*�X�5��	�������*�F�3�������H�-r/c��t�}d�|_|j|j�|jj	�t�x|_}|jtd�d�|jj�}|dt
j|_|j|j��|j|j�|j!|j"d�|xj|t
jdz
c_|j!|j�d�|j!|jd�y)zl
        Test that encrypted packets are retrieved correctly.
        See test_sendPacketEncrypted.
        c��yrr.r.r/r0�<lambda>z?BaseSSHTransportTests.test_getPacketEncrypted.<locals>.<lambda>���r/r\�BCDNs	A�ABCDr/)rQ�sendKexInitrr%r^rqrcr�r_rEr�rn�assertIsNonerorVrrG�first)r?r
rerEs    r0�test_getPacketEncryptedz-BaseSSHTransportTests.test_getPacketEncrypted�s��
"�#��(���
���T�^�^�,�������0:��<�� �:�
����S��6�*����$�$�&���3�J�3�3�4��	����%�/�/�+�,����
�.�.�/�������&>�?�
�	�	�U�:�2�2�4�5�5�	�������*�G�4�������C�(r/c��t�}|j|j�|j|�|jj	�t�|_|j|_|jtd�d�|jj�|_|j|j�d�y)zo
        Test that compressed packets are retrieved correctly.  See
        test_sendPacketCompressed.
        r\rurvN)rQrr%rr^r�ri�incomingCompressionr�r_rErnrGrors  r0�test_getPacketCompressedz.BaseSSHTransportTests.test_getPacketCompressed�s���
"�#��
���T�^�^�,����u�%�������$3�$5��!�$)�$=�$=��!�
����S��6�*��N�N�(�(�*��	�������*�G�4r/c��t�}d�|_|j|j�|jj	�t�|_t�|_|j|_	|jtd�d�|jj�|_
|j|j�d�y)zv
        Test that compressed and encrypted packets are retrieved correctly.
        See test_sendPacketBoth.
        c��yrr.r.r/r0rsz:BaseSSHTransportTests.test_getPacketBoth.<locals>.<lambda>�rtr/r\r]sABCDEFGN)rQrwrr%r^rqrcr�rir|r�r_rErnrGrors  r0�test_getPacketBothz(BaseSSHTransportTests.test_getPacketBoth�s���
"�#��(���
���T�^�^�,�������#-�<�� �$3�$5��!�$)�$=�$=��!�
����S��9�-��N�N�(�(�*��	�������*�J�7r/c��tjdddd�}dx}}|jjD]$}|j	|j|||���&y)z?
        Test that all the supportedCiphers are valid.
        �Arh�C�D�N)r%�
SSHCiphersr
�supportedCiphersrV�
_getCipher)r?�ciphers�ivr��cipNames     r0�test_ciphersAreValidz*BaseSSHTransportTests.test_ciphersAreValid�sZ���&�&�t�T�4��>�����S��z�z�2�2�	B�G��O�O�G�.�.�w��C�@�A�	Br/c���|jj�jdd�d}||j_|jj�}|j
|ddttjf��|j
|ddd�tj|ddd�\}}}}}}}	}
}}}
|j
|dj|jjd	gz��|j
|dj|jj��|j
|dj|jj��|j
|dj|jj��|j
|dj|jj��|j
|dj|jj��|j
|	dj|jj ��|j
|
dj|jj ��|j
|dj|jj"��|j
|dj|jj"��|j
|
d
�y)a�
        Test that the KEXINIT (key exchange initiation) message is sent
        correctly.  Payload::
            bytes[16] cookie
            string key exchange algorithms
            string public key algorithms
            string outgoing ciphers
            string incoming ciphers
            string outgoing MACs
            string incoming MACs
            string outgoing compressions
            string incoming compressions
            bool first packet follows
            uint32 0
        r<rtr�s����������������N�
�,s
ext-info-ss)r%rErFr
rnrorGr�rr"�getNSrK�supportedKeyExchanges�supportedPublicKeysr��
supportedMACs�supportedCompressions�supportedLanguages)r?rErm�keyExchanges�pubkeys�ciphers1�ciphers2�macs1�macs2�
compressions1�
compressions2�
languages1�
languages2rns              r0�test_sendKexInitz&BaseSSHTransportTests.test_sendKexInit�s7�� ���$�$�&�,�,�W�a�8��;����
�
�����%�%�'�������!��e�Y�-B�-B�,D�&E�F������"��|�4�
�L�L�����b�)�	
������������	
����$�)�)�D�J�J�$D�$D�
��$V�W�	
�	
����$�)�)�D�J�J�,J�,J�"K�L�����4�9�9�T�Z�Z�-H�-H�#I�J�����4�9�9�T�Z�Z�-H�-H�#I�J������	�	�$�*�*�*B�*B� C�D������	�	�$�*�*�*B�*B� C�D������	�	�$�*�*�2R�2R�(S�T������	�	�$�*�*�2R�2R�(S�T�����T�Y�Y�t�z�z�/L�/L�%M�N�����T�Y�Y�t�z�z�/L�/L�%M�N�����k�*r/c���|jj�|jjtj|j
�|j
|jg�y)zy
        Immediately after connecting, the transport expects a KEXINIT message
        and does not reply to it.
        N)r%r^r
rrrrGrrYs r0�test_receiveKEXINITReplyz.BaseSSHTransportTests.test_receiveKEXINITReply�sH��
	
�������
�
�"�"�9�#8�#8�$�:Q�:Q�R�������r�*r/c�j�|j|j�|jdd�=|jjtj
|j�|jt|j�d�|j|jddtj
�y)z�
        When a KEXINIT message is received which is not a reply to an earlier
        KEXINIT message which was sent, a KEXINIT reply is sent.
        Nrtr)	rr
rrr%rrrGrxrYs r0�test_sendKEXINITReplyz+BaseSSHTransportTests.test_sendKEXINITReply�s}��
	
���t�z�z�*��L�L��O��
�
�"�"�9�#8�#8�$�:Q�:Q�R�����T�\�\�*�A�.�������a���+�Y�-B�-B�Cr/c�X�|jt|jj�y)a(
        A new key exchange cannot be started while a key exchange is already in
        progress.  If an attempt is made to send a I{KEXINIT} message using
        L{SSHTransportBase.sendKexInit} while a key exchange is in progress
        causes that method to raise a L{RuntimeError}.
        N)�assertRaisesrzr
rwrYs r0�test_sendKexInitTwiceFailsz0BaseSSHTransportTests.test_sendKexInitTwiceFails	s��	
���,��
�
�(>�(>�?r/c�8�tjtjg}|jj�|j`|D]H}|jj|d�|j
|jj�d��J|j|j�t�|j_
|jj�|j
|jj�jd�d�y)z�
        After L{SSHTransportBase.sendKexInit} has been called, messages types
        other than the following are queued and not sent until after I{NEWKEYS}
        is sent by L{SSHTransportBase._keySetup}.

        RFC 4253, section 7.1.
        rr/�N)
r%�MSG_SERVICE_REQUESTrr^r
r�rGrErrq�nextEncryptions�_newKeys�count)r?�disallowedMessageTypesrs   r0�test_sendKexInitBlocksOthersz2BaseSSHTransportTests.test_sendKexInitBlocksOtherss���
�)�)��!�!�"
��	
������
�J�J�!�1�	:�K��J�J�!�!�+�v�6����T�^�^�1�1�3�S�9�	:�	
���t�z�z�*�&0�\��
�
�"�	
�
�
����������-�-�/�5�5�f�=�q�Ar/c�j�d|j_|jjddg�|j|jt
jdtjd�ztjd�ztjd�ztjd�zfg�y	)
ze
        Test that EXT_INFO messages are sent correctly.  See RFC 8308,
        section 2.3.
        T��server-sig-algs�ssh-rsa,rsa-sha2-256)�	elevation�d�r�r�r�r�N)	r
�_peerSupportsExtensions�sendExtInforGrr%�MSG_EXT_INFOr"rArYs r0�test_sendExtInfoz&BaseSSHTransportTests.test_sendExtInfo6s���
.2��
�
�*��
�
���=�$�
�	
�	
����L�L��*�*�'��i�i� 2�3�4��i�i� 7�8�9��i�i��-�.��i�i��o�	&��	
�	
r/c�t�|jjdg�|j|jg�y)z�
        If the peer has not advertised support for extension negotiation, no
        EXT_INFO message is sent, since RFC 8308 only guarantees that the
        peer will be prepared to accept it if it has advertised support.
        r�N)r
r�rGrrYs r0�test_sendExtInfoUnsupportedz1BaseSSHTransportTests.test_sendExtInfoUnsupportedPs.��	
�
�
��� M�N�O�������r�*r/c�Z�|jjtjdt	j
d�zt	j
d�zt	j
d�zt	j
d�z�|j
|jjddd��y)z�
        When an EXT_INFO message is received, the transport stores a mapping
        of the peer's advertised extensions.  See RFC 8308, section 2.3.
        r�r��!ssh-rsa,rsa-sha2-256,rsa-sha2-512�no-flow-control�s)r�r�N)r
rr%r�r"rArG�peerExtensionsrYs r0�
test_EXT_INFOz#BaseSSHTransportTests.test_EXT_INFOYs���
	
�
�
�"�"��"�"���i�i�*�+�
,��i�i�<�=�
>��i�i�*�+�
,��i�i��o�	
�	
�	
����J�J�%�%�$H�$(�
�	
r/c��|jjddd�|j|jtj
dfg�y)z�
        Test that debug messages are sent correctly.  Payload::
            bool always display
            string debug message
            string language
        rrT�en�testenN)r
�	sendDebugrGrr%�	MSG_DEBUGrYs r0�test_sendDebugz$BaseSSHTransportTests.test_sendDebugnsA��	
�
�
���W�d�E�2�����L�L��!�!�#P�
Q�R�	
r/c��|jjtjd�|jjtjd�|j	|jj
ddg�y)zW
        Test that debug messages are received correctly.  See test_sendDebug.
        r�ssilenten)Trrr�)Fssilentr�N)r
rr%r�rGrVrYs r0�test_receiveDebugz'BaseSSHTransportTests.test_receiveDebug{sh��	
�
�
�"�"����!N�	
�	
�
�
�"�"����!P�	
�	
����J�J��� 6�8Q�R�	
r/c��|jjd�|j|jtj
dfg�y)zk
        Test that ignored messages are sent correctly.  Payload::
            string ignored data
        rrstestN)r
�
sendIgnorerGrr%�
MSG_IGNORErYs r0�test_sendIgnorez%BaseSSHTransportTests.test_sendIgnore�s<��
	
�
�
���g�&�����L�L�I�0�0�2I�J�K�	
r/c��|jjtjd�|j	|jj
dg�y)zb
        Test that ignored messages are received correctly.  See
        test_sendIgnore.
        rrN)r
rr%r�rGrWrYs r0�test_receiveIgnorez(BaseSSHTransportTests.test_receiveIgnore�s:��
	
�
�
�"�"�9�#7�#7��A�������,�,�w�i�8r/c��|jj�|j|jtj
dfg�y)zt
        Test that unimplemented messages are sent correctly.  Payload::
            uint32 sequence number
        r:N)r
�sendUnimplementedrGrr%�MSG_UNIMPLEMENTEDrYs r0�test_sendUnimplementedz,BaseSSHTransportTests.test_sendUnimplemented�s:��
	
�
�
�$�$�&�����L�L�I�7�7�9L�M�N�	
r/c��|jjtjd�|j	|jj
dg�y)zo
        Test that unimplemented messages are received correctly.  See
        test_sendUnimplemented.
        s�r�N)r
rr%r�rGrUrYs r0�test_receiveUnimplementedz/BaseSSHTransportTests.test_receiveUnimplemented�s;��
	
�
�
�"�"�9�#>�#>�@S�T�������2�2�S�E�:r/c����dg��fd�}||j_|jjdd�|j	|j
tjdfg�|j�d�y)z�
        Test that disconnection messages are sent correctly.  Payload::
            uint32 reason code
            string reason description
            string language
        Fc���d�d<y�NTrr.��disconnecteds�r0�stubLoseConnectionzEBaseSSHTransportTests.test_sendDisconnect.<locals>.stubLoseConnection�����"�L��Or/r�rrs�testrN)r%�loseConnectionr
�sendDisconnectrGr�MSG_DISCONNECTrV�r?r�r�s  @r0�test_sendDisconnectz)BaseSSHTransportTests.test_sendDisconnect�sr����w��	#�);����%��
�
�!�!�$��0�����L�L��,�,�K��
�	
�	
����Q��(r/c���dg��fd�}||j_|jjtjd�|j|jjdg�|j�d�y)zl
        Test that disconnection messages are received correctly.  See
        test_sendDisconnect.
        Fc���d�d<yr�r.r�s�r0r�zHBaseSSHTransportTests.test_receiveDisconnect.<locals>.stubLoseConnection�r�r/s�test�r�rrrN)r%r�r
rr�rGrTrVr�s  @r0�test_receiveDisconnectz,BaseSSHTransportTests.test_receiveDisconnect�sl���
�w��	#�);����%��
�
�"�"��$�$�&M�	
�	
������*�*�^�,<�=�����Q��(r/c���dg��fd�}||j_|jj|jj	��|j|jj�|j|jj|jj�|j�d�y)ze
        Test that dataReceived parses packets and dispatches them to
        ssh_* methods.
        Fc���d�d<yr�r.)rm�kexInits �r0�stubKEXINITz<BaseSSHTransportTests.test_dataReceived.<locals>.stubKEXINIT�s����G�A�Jr/rN)
r
�ssh_KEXINITrr%rErV�
gotVersionrG�ourVersionString�otherVersionString)r?r�r�s  @r0�test_dataReceivedz'BaseSSHTransportTests.test_dataReceived�s����
�'��	�"-��
�
���
�
������ 4� 4� 6�7�����
�
�-�-�.�������4�4�d�j�j�6S�6S�T������
�#r/c�d�t�}|jj|�|j|jj|�|j|j�|jjdd�|j|jdg�t�}|jj|�|j|j�|j|j�|jjd�|j|j�y)z�
        Test that the transport can set the running service and dispatches
        packets to the service's packetReceived method.
        r�rrr�N)r�r
�
setServicerGrrVr�rrr��connectionLost)r?r�service2s   r0�test_servicez"BaseSSHTransportTests.test_service�s���
�-���
�
���g�&�������+�+�W�5�������(��
�
�"�"�4��1��������'8�9��=���
�
���h�'�����(�(�)�������(��
�
�!�!�$�'�����(�(�)r/c���dg��fd�}||j_d|j_|jjd�|j	�d�y)zP
        Test that the transport notifies the avatar of disconnections.
        Fc���d�d<yr�r.r�s�r0�logoutz1BaseSSHTransportTests.test_avatar.<locals>.logoutr�r/TNr)r
�logoutFunction�avatarr�rV)r?r�r�s  @r0�test_avatarz!BaseSSHTransportTests.test_avatar�sM����w��	#�%+��
�
�!� ��
�
���
�
�!�!�$�'�����Q��(r/c���|j|jjd��|j|jjd��|j|jjd��t�|j_|j|jjd��|j|jjd��|j|jjd��t
jdddd�|j_|j|jjd��|j|jjd��|j|jjd��|jt|jjd�y)zS
        Test that the transport accurately reflects its encrypted status.
        �in�out�bothr8�badN)
rTr
�isEncryptedrqrcrVr%r�r��	TypeErrorrYs r0�test_isEncryptedz&BaseSSHTransportTests.test_isEncrypted
sO��	
������/�/��5�6�������/�/��6�7�������/�/��7�8�(2���
�
�%�����
�
�.�.�t�4�5�����
�
�.�.�u�5�6�����
�
�.�.�v�6�7�(1�(<�(<��W�g�w�)
��
�
�%�	
������/�/��5�6�������/�/��6�7�������/�/��7�8����)�T�Z�Z�%;�%;�U�Cr/c���|j|jjd��|j|jjd��|j|jjd��t�|j_|j|jjd��|j|jjd��|j|jjd��t
jdddd�|j_|j|jjd��|j|jjd��|j|jjd��|jt|jjd�y)zR
        Test that the transport accurately reflects its verified status.
        r�r�r�r8rN)
rTr
�
isVerifiedrqrcrVr%r�r�rrYs r0�test_isVerifiedz%BaseSSHTransportTests.test_isVerifiedsO��	
������.�.�t�4�5�������.�.�u�5�6�������.�.�v�6�7�(2���
�
�%�����
�
�-�-�d�3�4�����
�
�-�-�e�4�5�����
�
�-�-�f�5�6�(1�(<�(<��W�g�w�)
��
�
�%�	
������.�.�t�4�5�������.�.�u�5�6�������.�.�v�6�7����)�T�Z�Z�%:�%:�E�Br/c�F��dg��fd�}||j_|jj�|j|jddtj
�|j|jddddt
tjf��y)zh
        Test that loseConnection sends a disconnect message and closes the
        connection.
        Fc���d�d<yr�r.r�s�r0r�zEBaseSSHTransportTests.test_loseConnection.<locals>.stubLoseConnection9r�r/rrtr�r�N)r%r�r
rGrr�r��DISCONNECT_CONNECTION_LOSTr�s  @r0�test_loseConnectionz)BaseSSHTransportTests.test_loseConnection2s����
�w��	#�);����%��
�
�!�!�#�������a���+�Y�-E�-E�F�����L�L��O�A��q��#�U�I�,P�,P�+R�%S�	
r/c�@���fd�}|d�|d�|d�y)zU
        Test that the transport disconnects when it receives a bad version.
        c�����g�_d�j_dg��fd�}|�j_t|dz�D]}�jj
|���j�d��j�jddtj��j�jddddttjf��y)NFc���d�d<yr�r.r�s�r0r�zRBaseSSHTransportTests.test_badVersion.<locals>.testBad.<locals>.stubLoseConnectionMs���"&��Q�r/r<rrtr�r�)rr
r�r%r�rrrVrGr�r��)DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED)rOr�rDr�r?s   @�r0�testBadz6BaseSSHTransportTests.test_badVersion.<locals>.testBadHs�����D�L�$)�D�J�J�!�!�7�L�
'�-?�D�N�N�)��w��0�1�
+���
�
�'�'��*�
+��O�O�L��O�,����T�\�\�!�_�Q�/��1I�1I�J�������Q���"�1�Q�'��y�J�J�L�M�
r/sSSH-1.5-OpenSSHsSSH-3.0-TwistedsGET / HTTP/1.1Nr.)r?rs` r0�test_badVersionz%BaseSSHTransportTests.test_badVersionCs%���
	�$	�"�#��"�#��!�"r/c�^�t�}|jtj��d|jzdz}t|�D�cgc]}|j
|���c}|j|j�|j|j|j�ycc}w)zV
        Test that the transport ignores data sent before the version string.
        s5here's some stuff beforehand
here's some other stuff
r<N)rQrrr	r�rrrVr�rGr�)r?r
�datarDs    r0�test_dataBeforeVersionz,BaseSSHTransportTests.test_dataBeforeVersion^s���"�#��
���]�:�:�<�=�
��$�$�
%��	
�	
�)2�$��8�1��	�	�A�	�8�����(�(�)�����1�1�5�3I�3I�J��	9s�
B*c���t�}|jtj��|j	d�|j|j�|j|jd�y)zw
        Test that the transport treats the compatibility version (1.99)
        as equivalent to version 2.0.
        sSSH-1.99-OpenSSH
sSSH-1.99-OpenSSHN�	rQrrr	rrVr�rGr�rs  r0�test_compatabilityVersionz/BaseSSHTransportTests.test_compatabilityVersionos[��
"�#��
���]�:�:�<�=�
���0�1�����(�(�)�����1�1�3F�Gr/c���t�}|jtj��|j	d�|j|j�|j|jd�y)z�
        It can parse the SSH version string even when it ends only in
        Unix newlines (CR) and does not follows the RFC 4253 to use
        network newlines (CR LF).
        s,SSH-2.0-PoorSSHD Some-comment here
more-datas"SSH-2.0-PoorSSHD Some-comment hereNrrXs  r0�&test_dataReceivedSSHVersionUnixNewlinez<BaseSSHTransportTests.test_dataReceivedSSHVersionUnixNewlinezsY�� �!�����=�8�8�:�;����M�N�������'�����/�/�1V�Wr/c���t�}|jtj��|j	d�|j|j�|j|jd�y)a9
        The trailing spaces from SSH version comment are not removed.

        The SSH version string needs to be kept as received
        (without CR LF end of line) as they are used in the host
        authentication process.

        This can happen with a Bitvise SSH server which hides its version.
        s>SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) 
more-datas3SSH-2.0-9.99 FlowSsh: Bitvise SSH Server (WinSSHD) NrrXs  r0�)test_dataReceivedSSHVersionTrailingSpacesz?BaseSSHTransportTests.test_dataReceivedSSHVersionTrailingSpaces�s`�� �!�����=�8�8�:�;����S�	
�	
������'�����"�"�B�	
r/c���t�}d|_|jtj��|jd�|j
|j�y)z�
        If an unusual SSH version is received and is included in
        C{supportedVersions}, an unsupported version error is not emitted.
        )�9.99�SSH-9.99-OpenSSH
N)rQ�supportedVersionsrrr	rrTrXrs  r0� test_supportedVersionsAreAllowedz6BaseSSHTransportTests.test_supportedVersionsAreAllowed�sN��
"�#��",���
���]�:�:�<�=�
���0�1�����4�4�5r/c���t�}d|_|jtj��|jd�|j
d|j�y)z�
        If an unusual SSH version is received and is not included in
        C{supportedVersions}, an unsupported version error is emitted.
        )s2.0rrN)rQrrrr	rrGrXrs  r0�6test_unsupportedVersionsCallUnsupportedVersionReceivedzLBaseSSHTransportTests.test_unsupportedVersionsCallUnsupportedVersionReceived�sP��
"�#��"+���
���]�:�:�<�=�
���0�1�����%�"=�"=�>r/c���tjf�fd�	}|d�|d��jj}t	��j_|dtj
�d��jj_|d�|�j_t��j_d�}|�jj_	|dtj��j�y	)
zi
        Test that the transport disconnects with an error when it receives
        bad packets.
        c���g�_|�j_�j�jj	���jt
�j�d��j�jddtj��j�jddddt|f��y)Nrtrr�r�)
rr
rnrxrorGrxr%r�r�)rm�errorr?s  �r0rz6BaseSSHTransportTests.test_badPackets.<locals>.testBad�s�����D�L�#�D�J�J�N����d�j�j�2�2�4�5����S����.��2����T�\�\�!�_�Q�/��1I�1I�J����T�\�\�!�_�Q�/��!�4�e�U�H�o�Fr/s��������s	BCDEs
AB123456c��|ddSr�r.)rLs r0rsz7BaseSSHTransportTests.test_badPackets.<locals>.<lambda>�s��!�C�R�&�r/sBCDEFGHIJKc��td��)Nzbad compression)�	Exception)r�s r0�stubDecompressz=BaseSSHTransportTests.test_badPackets.<locals>.stubDecompress�s���-�.�.r/s	BCDEN)r%�DISCONNECT_PROTOCOL_ERRORr
rcrq�DISCONNECT_MAC_ERRORr�r�r|r��DISCONNECT_COMPRESSION_ERROR�flushLoggedErrors)r?r�oldEncryptionsr(s`   r0�test_badPacketsz%BaseSSHTransportTests.test_badPackets�s����#,�"E�"E�	G�	����+�,����6�6��(2���
�
�%��+�Y�-K�-K�	
�1A��
�
�%�%�-��1�2�(6��
�
�%�)8�):��
�
�&�	/�5C��
�
�&�&�1��'��2�2�	
�	
��� r/c�
���jj}|f�fd�	}�jjdd�|�dtjd<�jjdd�|��jjdd�|��jjt
���jjdd�|��jjdd�|�y	)
zj
        Test that unimplemented packet types cause MSG_UNIMPLEMENTED packets
        to be sent.
        c�����j�jddtj��j�jddddt	|f��g�j
_|dz
}y)Nrrtr�r�)rGrr%r�r�r
)rdr?s �r0�checkUnimplementedzKBaseSSHTransportTests.test_unimplementedPackets.<locals>.checkUnimplemented�sf������T�\�\�!�_�Q�/��1L�1L�M����T�\�\�!�_�Q�/��!�4�e�V�I�6F�G�!#�D�J�J���a�K�Fr/�(r/sMSG_fiction�)�<�Fr�N)r
r�rr%�messagesr�r�)r?rdr1s`  r0�test_unimplementedPacketsz/BaseSSHTransportTests.test_unimplementedPackets�s����
���2�2��&,�	�	
�
�
�"�"�2�s�+���!/�	���2���
�
�"�"�2�s�+����
�
�"�"�2�s�+����
�
���k�m�,��
�
�"�"�2�s�+����
�
�"�"�2�s�+��r/c�>�|j}|j|jj��t	�|_t
�|_t
�|_|jt��t�}|jtj��|jd�|j!|j"|j"�|j!|j|j�|j!|j$|j$�|j!|j&|j&�|j!|j
|j
�|j!|j(|j(�y)zD
        Test that multiple instances have distinct states.
        r/N)r
rr%rErqrcr�rir|r�r�rQrrr	r��assertNotEqualr�r�r�r)r?r
�proto2s   r0�test_multipleClassesz*BaseSSHTransportTests.test_multipleClasses�s'���
�
��
���4�>�>�/�/�1�2�#-�<�� �$3�$5��!�$3�$5��!�
�����'�"�$�����m�;�;�=�>����#�����E�,�,�f�.?�.?�@����E�O�O�V�-=�-=�>����E�8�8�&�:W�:W�X����E�8�8�&�:W�:W�X����E�4�4�f�6O�6O�P����E�M�M�6�>�>�:r/N)4r+r,r-rorrEr"rArrRrZr`rfrjrlrprzr}r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrr
rrrrrrr!r.r7r;r.r/r0r4r4�s����
���	�
�&�)�)�2�
3�	4�
�&�)�)�J�
�	 ��&�)�)�M�
"�	#��&�)�)�M�
"�		#�
�&�)�)�L�
!�	"��&�)�)�L�
!�
	"��&�)�)�G�
�	��&�)�)�G�
�	��&�)�)�C�.�		��&�)�)�C�.�
	��	��	�� @�.X�,P�(
�:
� 
�>.�)�(
5�8� B�/+�b+�
D�@�"B�H
�4+�
�*
�
�
�9�
�;�)�2)�"$� *�(
)�D�(C�(
�"#�6K�"	H�X�
�.	6�	?�"!�H�4;r/r4c��eZdZdZd�Zy)�'BaseSSHTransportDHGroupExchangeBaseCasez@
    Diffie-Hellman group exchange tests for TransportBase.
    c��|j|j_d|j_|j	d|jjz�j�}|j	d|z�j�}|j	d|z|z�j�}|j	d|z|z|z�j�}|j
|jjddd�||z|z|z�y)z?
        Test that _getKey generates the correct keys.
        �EFsABCDKrv�K�AB�CDN)r&r
�kexAlg�	sessionIDr'�digestrG�_getKey)r?�k1�k2�k3�k4s     r0�test_getKeyz3BaseSSHTransportDHGroupExchangeBaseCase.test_getKey
s���!�-�-��
�
��$��
�
��
�
�
� 4�t�z�z�7K�7K� K�
L�
S�
S�
U��
�
�
��"��
-�
4�
4�
6��
�
�
��"��r� 1�
2�
9�
9�
;��
�
�
��"��r� 1�B� 6�
7�
>�
>�
@��������+�+�D�%��?��b��2��PR�AR�Sr/N)r+r,r-rorKr.r/r0r=r=s
���Tr/r=c��eZdZdZy)�(BaseSSHTransportDHGroupExchangeSHA1TestszE
    diffie-hellman-group-exchange-sha1 tests for TransportBase.
    N�r+r,r-ror.r/r0rMrM���r/rMc��eZdZdZy)�*BaseSSHTransportDHGroupExchangeSHA256TestszG
    diffie-hellman-group-exchange-sha256 tests for TransportBase.
    NrNr.r/r0rQrQ#���
r/rQc��eZdZdZy)�"BaseSSHTransportEllipticCurveTestsz4
    ecdh-sha2-nistp256 tests for TransportBase
    NrNr.r/r0rTrT-rOr/rTc��eZdZdZy)�%BaseSSHTransportCurve25519SHA256Testsz3
    curve25519-sha256 tests for TransportBase
    NrNr.r/r0rVrV5���r/rVc�J�eZdZdZdd�Zdd�Zd�Zd�Zd�Zd�Z	d	�Z
d
�Zd�Zy)
�#ServerAndClientSSHTransportBaseCasezF
    Tests that need to be run on both the server and the client.
    Nc���|�tj}|j|jddtj�|j|jddddt|f��y)zI
        Helper function to check if the transport disconnected.
        Nr�rrtr�r�)r%r)rGrr�r�r�s  r0�checkDisconnectedz5ServerAndClientSSHTransportBaseCase.checkDisconnectedCsc���<��6�6�D�������b�)�!�,�i�.F�.F�G�������b�)�!�,�Q�q�1�5�$��>�Br/c�,�|�tj}|j�}||�|jt	j
��|jj|jj��|r|j|�|S)zy
        Helper function to connect a modified protocol to the test protocol
        and test for disconnection.
        )
r%�DISCONNECT_KEY_EXCHANGE_FAILEDr�rrr	r
rrEr[)r?�protoModificationr�r:s    r0�connectModifiedProtocolz;ServerAndClientSSHTransportBaseCase.connectModifiedProtocolLsu��
�<��;�;�D�������&�!����m�;�;�=�>��
�
���� 0� 0� 6� 6� 8�9���"�"�4�(��
r/c�,�d�}|j|�y)z`
        Test that the transport disconnects if it can't match the key
        exchange
        c��g|_yr�r��r:s r0�blankKeyExchangesz\ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex.<locals>.blankKeyExchangesa�
��+-�F�(r/N�r_)r?rds  r0�test_disconnectIfCantMatchKexzAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKex[s��	.�	
�$�$�%6�7r/c�,�d�}|j|�y)zP
        Like test_disconnectIfCantMatchKex, but for the key algorithm.
        c��g|_yr)r�rcs r0�blankPublicKeysz]ServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlg.<locals>.blankPublicKeysks
��)+�F�&r/Nrf)r?rjs  r0� test_disconnectIfCantMatchKeyAlgzDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchKeyAlgfs��
	,�	
�$�$�_�5r/c�,�d�}|j|�y)zN
        Like test_disconnectIfCantMatchKex, but for the compression.
        c��g|_yr�r�rcs r0�blankCompressionszdServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompression.<locals>.blankCompressionsurer/Nrf)r?ros  r0�%test_disconnectIfCantMatchCompressionzIServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCompressionps��
	.�	
�$�$�%6�7r/c�,�d�}|j|�y)zM
        Like test_disconnectIfCantMatchKex, but for the encryption.
        c��g|_yr�r�rcs r0�blankCipherszZServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipher.<locals>.blankCipherss
��&(�F�#r/Nrf)r?rts  r0� test_disconnectIfCantMatchCipherzDServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchCipherzs��
	)�	
�$�$�\�2r/c�,�d�}|j|�y)zF
        Like test_disconnectIfCantMatchKex, but for the MAC.
        c��g|_yr�r�rcs r0�	blankMACszTServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMAC.<locals>.blankMACs�s
��#%�F� r/Nrf)r?rys  r0�test_disconnectIfCantMatchMACzAServerAndClientSSHTransportBaseCase.test_disconnectIfCantMatchMAC�s��
	&�	
�$�$�Y�/r/c���|j|jj�tj|jj
j���y)z�
        Test that the transport's L{getPeer} method returns an
        L{SSHTransportAddress} with the L{IAddress} of the peer.
        N)rGr
�getPeerr�SSHTransportAddressr%rYs r0�test_getPeerz0ServerAndClientSSHTransportBaseCase.test_getPeer��C��
	
����J�J��� ��'�'��
�
�(<�(<�(D�(D�(F�G�	
r/c���|j|jj�tj|jj
j���y)z�
        Test that the transport's L{getHost} method returns an
        L{SSHTransportAddress} with the L{IAddress} of the host.
        N)rGr
�getHostrr}r%rYs r0�test_getHostz0ServerAndClientSSHTransportBaseCase.test_getHost�rr/r)
r+r,r-ror[r_rgrkrprurzr~r�r.r/r0rYrY>s5���C�
�	8�6�8�3�0�
�
r/rYc�`�eZdZUdZej
Zeeeje
d<d�Zd�Zy)�ServerSSHTransportBaseCasez1
    Base case for SSHServerTransport tests.
    r�c��tj|�t�|j_|jjj�yr)r�rr�r
r#�startFactoryrYs r0rz ServerSSHTransportBaseCase.setUp�s4������%�(�]��
�
���
�
���'�'�)r/c��tj|�|jjj	�|j`yr)r��tearDownr
r#�stopFactoryrYs r0r�z#ServerSSHTransportBaseCase.tearDown�s0���"�"�4�(��
�
���&�&�(��J�J�r/N)
r+r,r-ror%r5r�r
rr1r"rr�r.r/r0r�r��s4���9B�8T�8T�E�8�D��3�3�4�5�T�*�
r/r�c�|�eZdZdZd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�Zy)�ServerSSHTransportTestsz'
    Tests for SSHServerTransport.
    c��tjjtj�tjjtj
�tjjtj�tjjtj�d�|jj_
tjjtj�tjjtj�tjjtj�tjjtj�d�|jj_|j!|jj#d�|jjjd|jjjdf�|j!|jj#d�|jjjd|jjjdf�|j!|jj#d�|jjjd|jjjdf�|j!|jj#d�|jjjd|jjjdf�|j!|jj#d�|jjjd|jjjdf�|j!|jj#d�|jjjd|jjjdf�|j%t&|jj"d�y	)
z�
        L{transport.SSHServerTransport._getHostKeys} returns host keys from
        the factory, looked up by public key signature algorithm.
        )r��ssh-dss�ecdsa-sha2-nistp256�ssh-ed25519r��rsa-sha2-256�rsa-sha2-512r�r�r�secdsa-sha2-nistp384N)r$r�r�r&r�r��publicECDSA_openssh�publicEd25519_opensshr
r#�
publicKeysr�r��privateECDSA_openssh�privateEd25519_openssh_new�privateKeysrG�_getHostKeysr��KeyErrorrYs r0�test__getHostKeysz)ServerSSHTransportTests.test__getHostKeys�s�����+�+�G�,E�,E�F����+�+�G�,E�,E�F�$(�H�H�$7�$7��8S�8S�$T� �H�H�/�/��0M�0M�N�	)
��
�
���%����+�+�G�,F�,F�G����+�+�G�,F�,F�G�$(�H�H�$7�$7��8T�8T�$U� �H�H�/�/��0R�0R�S�	*
��
�
���&�	
����J�J�#�#�J�/��
�
�"�"�-�-�j�9��
�
�"�"�.�.�z�:�
�	
�	
����J�J�#�#�O�4��
�
�"�"�-�-�j�9��
�
�"�"�.�.�z�:�
�	
�	
����J�J�#�#�O�4��
�
�"�"�-�-�j�9��
�
�"�"�.�.�z�:�
�	
�	
����J�J�#�#�J�/��
�
�"�"�-�-�j�9��
�
�"�"�.�.�z�:�
�	
�	
����J�J�#�#�$:�;��
�
�"�"�-�-�.D�E��
�
�"�"�.�.�/E�F�
�	
�	
����J�J�#�#�N�3��
�
�"�"�-�-�n�=��
�
�"�"�.�.�~�>�
�	
�	
���(�D�J�J�$;�$;�=S�Tr/c��|jjd�|j|jjd�|j|jjd�|j|jj
d�|j|jjd�|j|jj�|jj}|j|jd�|j|jd�|j|jd�|j|jd�y)z�
        Receiving a KEXINIT packet listing multiple supported algorithms will
        set up the first common algorithm found in the client's preference
        list.
        s	SSH-2.0-Twisted
�����������������bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256ssh-dss,ssh-rsa�aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc�aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbchmac-md5,hmac-sha1hmac-md5,hmac-sha1	none,zlib	none,zlib����r%r�r8s
aes128-ctr�hmac-md5N)r
rrGrC�keyAlg�outgoingCompressionType�incomingCompressionTyperTr�r�r�r�r�r��r?�nes  r0�test_KEXINITMultipleAlgorithmsz6ServerSSHTransportTests.test_KEXINITMultipleAlgorithms�s���	
�
�
���
(�	
�$	
������*�*�,Q�R�������*�*�J�7�������;�;�W�E�������;�;�W�E�������;�;�<�
�Z�Z�
'�
'��������
�6�������}�5��������4�������{�3r/c��dtjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�zdzd	z}|jj|�|j	|jj
d
�|j
|jj�y)z�
        If the client sends "ext-info-c" in its key exchange algorithms,
        then the server notes that the client supports extension
        negotiation.  See RFC 8308, section 2.1.
        r�s/diffie-hellman-group-exchange-sha256,ext-info-cr�r6r7r8r/r9r:r*N)r"rAr
r�rGrCrVr��r?�
kexInitPackets  r0� test_KEXINITExtensionNegotiationz8ServerSSHTransportTests.test_KEXINITExtensionNegotiations��
��i�i�J�K�
L��i�i�
�#�
$��i�i�
�&�
'��i�i�
�&�	
'�
�i�i��%�
&��i�i��%�

&��i�i�� �
!��i�i�� �
!��i�i��n�	
��i�i��n�

��
�"�
"�	�	
�
�
���}�-�������*�*�,S�T�����
�
�:�:�;r/c
��ddj|jjddd�|jj|jj|jj|jj
|jj
|jj|jj|jj|jjf
D�cgc]}dj|���c}D�cgc]}tj|���c}�zdz}|jj|�|j|jj�|jjd�|j|jj�|jjd�|j|jj�|j!|j"g�d	|j_|jj%d
�|j|jj�|j!|j"g�ycc}wcc}w)a<
        The client is allowed to send a guessed key exchange packet
        after it sends the KEXINIT packet.  However, if the key exchanges
        do not match, that guess packet must be ignored.  This tests that
        the packet is ignored in the case of the key exchange method not
        matching.
        r�r/Nr�r����
test�T��rKr
r�r�r�r�r�r�r"rAr�rV�ignoreNextPacket�	ssh_DEBUG�ssh_KEX_DH_GEX_REQUEST_OLDrTrGr�ssh_KEX_DH_GEX_REQUEST�r?rMrLr�s    r0�test_ignoreGuessPacketKexz1ServerSSHTransportTests.test_ignoreGuessPacketKex3s���
����!%�
�
� @� @��2�� F� $�
�
� >� >� $�
�
� ;� ;� $�
�
� ;� ;� $�
�
� 8� 8� $�
�
� 8� 8� $�
�
� @� @� $�
�
� @� @� $�
�
� =� =� $�
�
� =� =�&�"� !�!�I�I�a�L�"����	�	�!����
�.'�/
(�	�4	
�
�
���}�-�����
�
�3�3�4��
�
���H�I�����
�
�3�3�4��
�
�-�-�.A�B�������4�4�5�������r�*�&*��
�
�#��
�
�)�)�*A�B�������4�4�5�������r�*��A"����)I8
�I=
c
��ddj|jj|jjddd�|jj|jj|jj
|jj
|jj|jj|jj|jjf
D�cgc]}dj|���c}D�cgc]}tj|���c}�zdz}|jj|�|j|jj�|jjd�|j|jj�|jjd�|j|jj�|j!|j"g�d	|j_|jj%d
�|j|jj�|j!|j"g�ycc}wcc}w)zk
        Like test_ignoreGuessPacketKex, but for an incorrectly guessed
        public key format.
        r�r/Nr�r�r�r�r�Tr�r�r�s    r0�test_ignoreGuessPacketKeyz1ServerSSHTransportTests.test_ignoreGuessPacketKeycs���
����!%�
�
� @� @� $�
�
� >� >�t��t� D� $�
�
� ;� ;� $�
�
� ;� ;� $�
�
� 8� 8� $�
�
� 8� 8� $�
�
� @� @� $�
�
� @� @� $�
�
� =� =� $�
�
� =� =�&�"� !�!�I�I�a�L�"����	�	�!����
�.'�/
(�	�4	
�
�
���}�-�����
�
�3�3�4��
�
���H�I�����
�
�3�3�4��
�
�-�-�.A�B�������4�4�5�������r�*�&*��
�
�#��
�
�)�)�*A�B�������4�4�5�������r�*��A"��r�c��|g|j_|g|j_|jj|jj��|jj
|�\}}tj|�\}}t|d|�}|jjtj|��tjtjd|dzz��d}	t|jj |	|jj"�}
|j%|jj&|
�t||	|jj"�}t)�}|j+tj|jj,�dz�|j+tj|jj.�dz�|j+tj|j1���|j+tj|��|j+|
�|j+|�|j3�}
|j5|
|��}|j%|j6tj8tj|j1��|
ztj|�zftj:dfg�y)	a�
        Test that the KEXDH_INIT packet causes the server to send a
        KEXDH_REPLY with the server's public key and a signature.

        @param kexAlgorithm: The key exchange algorithm to use.
        @type kexAlgorithm: L{bytes}

        @param keyAlgorithm: The public key signature algorithm to use.
        @type keyAlgorithm: L{bytes}

        @param bits: The bit length of the DH modulus.
        @type bits: L{int}
        i�r�rr���
signatureTyper/N)r
r�r�rr%rEr�rr�rKr�r"rJ�getMPrArOr�r�rGr�r�updater��ourKexInitPayloadr�rE�signr�MSG_KEXDH_REPLY�MSG_NEWKEYS)r?r&�keyAlgorithmr��
pubHostKey�privHostKeyr�r��erMrGr�hr �	signatures               r0�assertKexDHInitResponsez/ServerSSHTransportTests.assertKexDHInitResponse�s��-9�>��
�
�(�*6���
�
�&��
�
������ 4� 4� 6�7�"&�*�*�"9�"9�,�"G��
�K��*�*�<�8���1���4��O���
�
�-�-�f�i�i��l�;��L�L����7�d�a�i�#8�9�:�1�=���4�:�:�<�<��D�J�J�L�L�1��������7�7��;��a��D�J�J�L�L�1���F��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������:�?�?�,�-�.�	������1���	�����	������x�x�z���$�$�\��$�N�	�����L�L��-�-��I�I�j�o�o�/�0�1�4�v�y�y��7K�K���&�&��,�
�		
r/c���d|j_d|j_|jt|jj
t
jd��y)��
        Test that if the server receives a KEX_DH_GEX_REQUEST_OLD message
        and the key exchange algorithm is not set, we raise a ConchError.
        s	bad-curver�s
unused-keyN)r
rCr�r�r�_ssh_KEX_ECDH_INITr"rArYs r0�%test_checkBad_KEX_ECDH_INIT_CurveNamez=ServerSSHTransportTests.test_checkBad_KEX_ECDH_INIT_CurveName�sF��
)��
�
��&��
�
����� ��J�J�)�)��I�I�m�$�	
r/c�V�dtjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�zdzd	z}|jj|�|j	t
�|j	t�y
)zy
        Test that if the server received a bad name for a curve
        we raise an UnsupportedAlgorithm error.
        r5r.r�r6r7r8r/r9r:N)r"rAr
r�r��AttributeErrorr)r?�kexmsgs  r0� test_checkBad_KEX_INIT_CurveNamez8ServerSSHTransportTests.test_checkBad_KEX_INIT_CurveName�s
��
��i�i�-�.�
/��i�i�
�#�
$��i�i�
�&�
'��i�i�
�&�	
'�
�i�i��%�
&��i�i��%�

&��i�i�� �
!��i�i�� �
!��i�i��n�	
��i�i��n�

��
�"�
"�	� 	
�
�
���v�&����.�)����.�/r/c�*�|jddd�y)z�
        KEXDH_INIT messages are processed when the
        diffie-hellman-group14-sha1 key exchange algorithm and the ssh-rsa
        public key signature algorithm are requested.
        r�r�r�N�r�rYs r0�test_KEXDH_INIT_GROUP14z/ServerSSHTransportTests.test_KEXDH_INIT_GROUP14�s��	
�$�$�%C�Z�QU�Vr/c�*�|jddd�y)��
        KEXDH_INIT messages are processed when the
        diffie-hellman-group14-sha1 key exchange algorithm and the
        rsa-sha2-256 public key signature algorithm are requested.
        r�r�r�Nr�rYs r0�$test_KEXDH_INIT_GROUP14_rsa_sha2_256z<ServerSSHTransportTests.test_KEXDH_INIT_GROUP14_rsa_sha2_256����	
�$�$�*�O�T�	
r/c�*�|jddd�y)r�r�r�r�Nr�rYs r0�$test_KEXDH_INIT_GROUP14_rsa_sha2_512z<ServerSSHTransportTests.test_KEXDH_INIT_GROUP14_rsa_sha2_512�r�r/c
��d|j_t�|j_|j	dd�|j|jjd�|j	dd�|j|jjd�|j|jdtjdf�td�D�cgc]}|jj|dd���!}}|j|jjj|d|d	|d
|d|d|d
f�ycc}w)�G
        Test that _keySetup sets up the next encryption keys.
        r�rArBr?r�r/�ABCDEFrtr�rr�r�r�N�
r
rCrqr�r!rGrDrr%r�rrFr$�r?rD�newKeyss   r0�
test_keySetupz%ServerSSHTransportTests.test_keySetup���;��
�
��%/�\��
�
�"�� � ���.�������-�-�u�5�� � ���.�������-�-�u�5�������b�)�I�,A�,A�3�+G�H�@I�)�@T�U�1�4�:�:�%�%�a���6�U��U�����J�J�&�&�+�+�
�Q�Z����W�Q�Z����W�Q�Z��QR��T�	
��V��$Ec�Z�gd�|j_d|j_t�|j_d|j_|j
dd�|j|jdtjdf�|j|jdtjd	tjd
�ztjd�zf�|j
dd�|j|jdtjdf�y
)a
        If the client advertised support for extension negotiation, then
        _keySetup sends SSH_MSG_EXT_INFO with the "server-sig-algs"
        extension as the next packet following the server's first
        SSH_MSG_NEWKEYS.  See RFC 8308, sections 2.4 and 3.1.
        )r�r�r�r�TrArB���r/r�sr�r�r?N)r
r�rCrqr�r�r!rGrr%r�r�r"rArYs r0�test_keySetupWithExtInfoz0ServerSSHTransportTests.test_keySetupWithExtInfos���*X��
�
�&�:��
�
��%/�\��
�
�"�-1��
�
�*�� � ���.�������b�)�I�,A�,A�3�+G�H�����L�L����&�&�#��)�)�.�/�0��)�)�@�A�B�
�	
�	
� � ���.�������b�)�I�,A�,A�3�+G�Hr/c
��d|j_t�|j_|j	dd�|j|jjd�|j	dd�|j|jjd�|j|jdtjdf�td�D�cgc]}|jj|dd���!}}|j|jjj|d|d	|d
|d|d|d
f�ycc}w)r�r.rArBr?r�r/r�rtr�rr�r�r�Nr�r�s   r0�test_ECDH_keySetupz*ServerSSHTransportTests.test_ECDH_keySetup.s��2��
�
��%/�\��
�
�"�� � ���.�������-�-�u�5�� � ���.�������-�-�u�5�������b�)�I�,A�,A�3�+G�H�@I�)�@T�U�1�4�:�:�%�%�a���6�U��U�����J�J�&�&�+�+�
�Q�Z����W�Q�Z����W�Q�Z��QR��T�	
��Vr�c�<�|j�tjdddd�|j_|jjd�|j
|jj|jj�|j|jj�|j|jj�d|j_|jdd�|jjd�|j|jj�d|j_|jdd�|jjd�|j|jj�y)zj
        Test that NEWKEYS transitions the keys in nextEncryptions to
        currentEncryptions.
        r8r/�zlibrArBr?N)r�r%r�r
r��ssh_NEWKEYS�assertIsrcrxrir|r�r!�assertIsNotNoner�rYs r0�test_NEWKEYSz$ServerSSHTransportTests.test_NEWKEYS?s"��
	
�+�+�-�%.�%9�%9��W�g�w�&
��
�
�"�	
�
�
���s�#��
�
�d�j�j�3�3�T�Z�Z�5O�5O�P����$�*�*�8�8�9����$�*�*�8�8�9�-4��
�
�*�� � ���.��
�
���s�#����T�Z�Z�;�;�<�-4��
�
�*�� � ���.��
�
���s�#����T�Z�Z�;�;�<r/c�@�|jjtjd��|j	|j
tjtjd�fg�|j	|jjjd�y)z^
        Test that the SERVICE_REQUEST message requests and starts a
        service.
        r�r�N)
r
�ssh_SERVICE_REQUESTr"rArGrr%�MSG_SERVICE_ACCEPTrr�rYs r0�test_SERVICE_REQUESTz,ServerSSHTransportTests.test_SERVICE_REQUESTVso��
	
�
�
�&�&�v�y�y��'A�B�����L�L�I�8�8�&�)�)�O�:T�U�V�	
�	
������+�+�0�0�.�Ar/c�Z�|jjd�|j�y�zD
        Test that NEWKEYS disconnects if it receives data.
        s
bad packetN�r
r�r[rYs r0�test_disconnectNEWKEYSDataz2ServerSSHTransportTests.test_disconnectNEWKEYSDataa�"��	
�
�
���}�-���� r/c��|jjtjd��|j	t
j�y)zd
        Test that SERVICE_REQUESTS disconnects if an unknown service is
        requested.
        s
no serviceN)r
r�r"rAr[r%� DISCONNECT_SERVICE_NOT_AVAILABLErYs r0�(test_disconnectSERVICE_REQUESTBadServicez@ServerSSHTransportTests.test_disconnectSERVICE_REQUESTBadServicehs3��
	
�
�
�&�&�v�y�y��'?�@����y�I�I�Jr/N)r+r,r-ror�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r.r/r0r�r��sk���;U�z!4�F<�2.+�`++�Z0
�d
�0�2W�
�
�
�"I�2
�"=�.	B�!�Kr/r�c�6�eZdZdZd�Zd�Zd	d�Zd�Zd�Zd�Z	y)
�)ServerSSHTransportDHGroupExchangeBaseCasezE
    Diffie-Hellman group exchange tests for SSHServerTransport.
    c��|jg|j_dg|j_|jj	|j
j
��|jjd�|jjj�jd�d\}}|j|jt
jtj|�dzfg�|j|jj d�|j|jj"|�y)z�
        Test that the KEX_DH_GEX_REQUEST_OLD message causes the server
        to reply with a KEX_DH_GEX_GROUP message with the correct
        Diffie-Hellman group.
        r��r�r�r�N)r&r
r�r�rr%rEr�r#r��getrGr�MSG_KEX_DH_GEX_GROUPr"rJr�r�)r?�dhGenerator�dhPrimes   r0�test_KEX_DH_GEX_REQUEST_OLDzEServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLDvs���-1�,=�,=�+>��
�
�(�*4���
�
�&��
�
������ 4� 4� 6�7��
�
�-�-�.A�B�#�z�z�1�1�;�;�=�A�A�$�G��J���W�����L�L��2�2��I�I�g�&�)@�@��
�	
�	
��������q�)���������w�/r/c�|�d|j_|jt|jjd�y)r�N)r
rCr�rr�rYs r0�%test_KEX_DH_GEX_REQUEST_OLD_badKexAlgzOServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST_OLD_badKexAlg�s,��
!��
�
�����*�d�j�j�&K�&K�T�Rr/c��|jg|j_|g|j_|jj	|j
j
��|jjd�|jjj�jd�d\}}|j|jt
jtj|�dzfg�|j|jj d�|j|jj"|�y)z�
        Test that the KEX_DH_GEX_REQUEST message causes the server to reply
        with a KEX_DH_GEX_GROUP message with the correct Diffie-Hellman
        group.
        �r�rr�r�N)r&r
r�r�rr%rEr�r#r�r�rGrr�r"rJr�r�)r?r�r�rs    r0�test_KEX_DH_GEX_REQUESTzAServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REQUEST�s���-1�,=�,=�+>��
�
�(�*6���
�
�&��
�
������ 4� 4� 6�7��
�
�)�)�E�	
� $�z�z�1�1�;�;�=�A�A�$�G��J���W�����L�L��2�2��I�I�g�&�)@�@��
�	
�	
��������q�)���������w�/r/c
��|j�|jjd�\}}t|jjd|jj
�}t
jd�d}|j|jjj�j|�t|jj||jj
�}|j|jj|�t|||jj
�}|j�}|jt
j |jj"�dz�|jt
j |jj$�dz�|jt
j |j'���|jd�|jt
j(|jj
��|jt
j(|jj��|jt
j(|��|j|�|j|�|j+�}|jj-t
j(|��|j|j.ddt0j2t
j |j'��|zt
j |j5|��zft0j6d	fg�y)
z�
        Test that the KEX_DH_GEX_INIT message after the client sends
        KEX_DH_GEX_REQUEST_OLD causes the server to send a KEX_DH_GEX_INIT
        message with a public key and signature.
        r�r�s��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rr�r�rtNr/)rr
r�rKr�r�r"r�rGr��private_numbersrLrOr�r'r�rAr�r�r�rJrE�ssh_KEX_DH_GEX_INITrr%�MSG_KEX_DH_GEX_REPLYr�r��	r?r�r�r�rMrGrr�r s	         r0�&test_KEX_DH_GEX_INIT_after_REQUEST_OLDzPServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_OLD�sT��	
�(�(�*�"&�*�*�"9�"9�*�"E��
�K���
�
���a������.���L�L�<�=�a�@��������/�/�?�?�A�C�C�Q�G��4�:�:�<�<��D�J�J�L�L�1��������7�7��;��a��D�J�J�L�L�1����� ��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������:�?�?�,�-�.�	���$�%�	������4�:�:�<�<�(�)�	������4�:�:�<�<�(�)�	������1���	�����	������x�x�z���
�
�&�&�v�y�y��|�4�����L�L�����2�2��I�I�j�o�o�/�0����i�i�� 0� 0�� >�?�@���&�&��,�
�	
r/c
��|j�|jjd�\}}t|jjd|jj
�}t
jd�d}t|jj||jj
�}t|||jj
�}|j�}|jt
j|jj�dz�|jt
j|jj�dz�|jt
j|j���|jd�|jt
j|jj
��|jt
j|jj��|jt
j|��|j|�|j|�|j!�}|jj#t
j|��|j%|j&dt(j*t
j|j��|zt
j|j-|��zf�y)	z�
        Test that the KEX_DH_GEX_INIT message after the client sends
        KEX_DH_GEX_REQUEST causes the server to send a KEX_DH_GEX_INIT message
        with a public key and signature.
        r�r������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rr�rrtN�rr
r�rKr�r�r"r�rOr'r�rAr�r�r�rJrEr	rGrr%r
r�rs	         r0�"test_KEX_DH_GEX_INIT_after_REQUESTzLServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST�s���	
�$�$�&�"&�*�*�"9�"9�*�"E��
�K���
�
���a������.���L�L�<�=�a�@���4�:�:�<�<��D�J�J�L�L�1���a��D�J�J�L�L�1����� ��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������:�?�?�,�-�.�	���D�E�	������4�:�:�<�<�(�)�	������4�:�:�<�<�(�)�	������1���	�����	������x�x�z���
�
�&�&�v�y�y��|�4�����L�L��O��.�.��	�	�*�/�/�+�,����)�)�K�,�,�\�:�;�<�
�	
r/c��|jd��|jjd�\}}t|jjd|jj
�}t
jd�d}t|jj||jj
�}t|||jj
�}|j�}|jt
j|jj�dz�|jt
j|jj�dz�|jt
j|j���|jd�|jt
j|jj
��|jt
j|jj��|jt
j|��|j|�|j|�|j!�}|jj#t
j|��|j%|j&dt(j*t
j|j��|zt
j|j-|d�	��zf�y
)a&
        Test that the KEX_DH_GEX_INIT message after the client sends
        KEX_DH_GEX_REQUEST using a public key signature algorithm other than
        the default for the public key format causes the server to send a
        KEX_DH_GEX_INIT message with a public key and signature.
        r�)r�r�rrr�rrtr�Nrrs	         r0�/test_KEX_DH_GEX_INIT_after_REQUEST_rsa_sha2_512zYServerSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_INIT_after_REQUEST_rsa_sha2_512�s��	
�$�$�/�$�B�"&�*�*�"9�"9�/�"J��
�K���
�
���a������.���L�L�<�=�a�@���4�:�:�<�<��D�J�J�L�L�1���a��D�J�J�L�L�1����� ��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������:�?�?�,�-�.�	���D�E�	������4�:�:�<�<�(�)�	������4�:�:�<�<�(�)�	������1���	�����	������x�x�z���
�
�&�&�v�y�y��|�4�����L�L��O��.�.��	�	�*�/�/�+�,����)�)��$�$�\��$�Q���
�
	
r/N)r�)
r+r,r-rorrrrrrr.r/r0r�r�qs(���0�.S�0�2%
�N"
�H%
r/r�c��eZdZdZy)�*ServerSSHTransportDHGroupExchangeSHA1TestszJ
    diffie-hellman-group-exchange-sha1 tests for SSHServerTransport.
    NrNr.r/r0rr!rRr/rc��eZdZdZy)�,ServerSSHTransportDHGroupExchangeSHA256TestszL
    diffie-hellman-group-exchange-sha256 tests for SSHServerTransport.
    NrNr.r/r0rr+rRr/rc��eZdZdZd�Zy)�ServerSSHTransportECDHBaseCasezE
    Elliptic Curve Diffie-Hellman tests for SSHServerTransport.
    c
�|�|jg|j_dg|j_|jj	|j
j
��|jjd�\}}|jj�}|j�}|jj|�}|jjtj|��|jj||jj|jj��}|j!�}|j#tj|jj$��|j#tj|jj&��|j#tj|jj(��|j#tj|jj*��|j#tj|j-���|j#tj|��|j#tj|jj|jj���|j#|�|j/�}|j1|�}	|j3|j4t
j6tj|j-��tj|jj|jj��ztj|	�zft
j8dfg�y)z�
        Test that the KEXDH_INIT message causes the server to send a
        KEXDH_REPLY with the server's public key and a signature.
        r�r/N)r&r
r�r�rr%rEr��_generateECPrivateKeyr��_encodeECPublicKeyr�r"rA�_generateECSharedSecret�ecPubr'r�r�r��otherKexInitPayloadr�r�rEr�rGrr�r�)
r?r�r��ecPrivr�encPubrr�r r�s
          r0�test_KEX_ECDH_INITz1ServerSSHTransportECDHBaseCase.test_KEX_ECDH_INIT:s{��
-1�,=�,=�+>��
�
�(�*4���
�
�&��
�
������ 4� 4� 6�7�"&�*�*�"9�"9�*�"E��
�K����1�1�3���!�!�#�����.�.�u�5���
�
�-�-�f�i�i��.?�@��z�z�9�9��D�J�J�1�1�$�*�*�2B�2B�C�
��
��� ��	������4�:�:�8�8�9�:�	������4�:�:�6�6�7�8�	������4�:�:�9�9�:�;�	������4�:�:�7�7�8�9�	������:�?�?�,�-�.�	������6�"�#�	������4�:�:�8�8����9I�9I�J�K�L�	������x�x�z���$�$�\�2�	�����L�L��-�-��I�I�j�o�o�/�0��i�i��
�
� =� =�d�j�j�>N�>N� O�P�Q��i�i�	�*�+���&�&��,�
�	
r/N)r+r,r-ror!r.r/r0rr5s���,
r/rc��eZdZdZy)�ServerSSHTransportECDHTestsz:
    ecdh-sha2-nistp256 tests for SSHServerTransport.
    NrNr.r/r0r#r#irOr/r#c��eZdZdZy)�'ServerSSHTransportCurve25519SHA256Testsz9
    curve25519-sha256 tests for SSHServerTransport.
    NrNr.r/r0r%r%qrWr/r%c�`�eZdZUdZej
Zeeeje
d<d�Zd�Zy)�ClientSSHTransportBaseCasez1
    Base case for SSHClientTransport tests.
    r�c�
�d|_|j||j�|j|jdd�t	j
t
|�j���tjd�S)zC
        Mock version of SSHClientTransport.verifyHostKey.
        T�:r/)
�calledVerifyHostKeyrGr��replace�binascii�hexlifyrrEr�succeed)r?�pubKey�fingerprints   r0�
verifyHostKeyz(ClientSSHTransportBaseCase.verifyHostKey�si��$(�� ��������+��������c�*�H�,<�,<�S��[�=O�=O�=Q�,R�	
��}�}�T�"�"r/c�V�tj|�tjj	t
j�j�|_tjj	t
j�|_	d|_
|j|j_y)NF)
r�rr$r�r�r&r�r�r��privObjr*r1r
rYs r0rz ClientSSHTransportBaseCase.setUp�sk������%��H�H�'�'��(A�(A�B�G�G�I��	��x�x�*�*�7�+E�+E�F���#(�� �#'�#5�#5��
�
� r/N)
r+r,r-ror%r8r�r
rr1r"r1rr.r/r0r'r'zs4���9B�8T�8T�E�8�D��3�3�4�5�T�	#�6r/r'c�v�eZdZdZd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zy)�ClientSSHTransportTestsz'
    Tests for SSHClientTransport.
    c�v�|jjd�|j|jjd�|j|jjd�|j|jj
d�|j|jjd�|jj}|j|jd�|j|jd�|j|jd�|j|jd�y)z�
        Receiving a KEXINIT packet listing multiple supported
        algorithms will set up the first common algorithm, ordered after our
        preference.
        s	SSH-2.0-Twisted
�����������������bdiffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256ssh-dss,ssh-rsa�aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc�aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,cast128-ctr,cast128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbchmac-md5,hmac-sha1hmac-md5,hmac-sha1	zlib,none	zlib,none����r*r�r8r6r7N)r
rrGrCr�r�r�r�r�r�r�r�r�s  r0r�z6ClientSSHTransportTests.test_KEXINITMultipleAlgorithms�s���	
�
�
���
(�	
�$	
������*�*�,S�T�������*�*�J�7�������;�;�W�E�������;�;�W�E�
�Z�Z�
'�
'��������
�6�������}�5��������5�������|�4r/c��|jt|j�j�d�}|j�j	dd�}|j|j�j|�S)z�
        verifyHostKey() should return a Deferred which fails with a
        NotImplementedError exception.  connectionSecure() should raise
        NotImplementedError().
        c�.�|jt�yr)�trap�NotImplementedErrorrFs r0�_checkRaiseszNClientSSHTransportTests.test_notImplementedClientMethods.<locals>._checkRaises�s��
�F�F�&�'r/N)r�r:r��connectionSecurer1�addCallback�fail�
addErrback)r?r;�ds   r0� test_notImplementedClientMethodsz8ClientSSHTransportTests.test_notImplementedClientMethods�s^��	
���-�t�z�z�|�/L�/L�M�	(�
�J�J�L�&�&�t�T�2���}�}�T�Y�Y�'�2�2�<�@�@r/c���|g|j_|jj|jj	��|jj
j
�j}|jtj|�ddd|dzz�|j|jtj|jjfg�y)z�
        Test that a KEXINIT packet with a group1 or group14 key exchange
        results in a correct KEXDH_INIT response.

        @param kexAlgorithm: The key exchange algorithm to use
        @type kexAlgorithm: L{str}
        r�Nrr�)r
r�rr%rEr�rrLrGr"rJr�MSG_KEXDH_INITr�)r?r&r�rLs    r0�assertKexInitResponseForDHz2ClientSSHTransportTests.assertKexInitResponseForDH�s���-9�>��
�
�(�	
�
�
������ 4� 4� 6�7��J�J�"�"�2�2�4�6�6��������1��a�b�)�7�d�a�i�+@�A�	
����L�L�I�4�4�d�j�j�6T�6T�U�V�	
r/c�(�|jdd�y)zq
        KEXINIT messages requesting diffie-hellman-group14-sha1 result in
        KEXDH_INIT responses.
        r�r�N)rDrYs r0�test_KEXINIT_group14z,ClientSSHTransportTests.test_KEXINIT_group14�s��
	
�'�'�(F��Mr/c���dg|j_|jj�j	dd�}|jt|jj|�y)z�
        Test that the client raises a ConchError if it receives a
        KEXINIT message but doesn't have a key exchange algorithm that we
        understand.
        sdiffie-hellman-group24-sha1sgroup14sgroup24N)r
r�r%rEr+r�rr)r?rs  r0�test_KEXINIT_badKexAlgz.ClientSSHTransportTests.test_KEXINIT_badKexAlg�sO��-K�+K��
�
�(��~�~�#�#�%�-�-�j�*�E�����*�d�j�j�&=�&=�t�Dr/c�L�dtjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�zdzd	z}|jj|�|j	|jj
�y
)z�
        If the server sends "ext-info-s" in its key exchange algorithms,
        then the client notes that the server supports extension
        negotiation.  See RFC 8308, section 2.1.
        r�s/diffie-hellman-group-exchange-sha256,ext-info-sr�r6r7r8r/r9r:N)r"rAr
r�rVr�r�s  r0r�z8ClientSSHTransportTests.test_KEXINITExtensionNegotiation�s��
��i�i�J�K�
L��i�i�
�#�
$��i�i�
�&�
'��i�i�
�&�	
'�
�i�i��%�
&��i�i��%�

&��i�i�� �
!��i�i�� �
!��i�i��n�	
��i�i��n�

��
�"�
"�	�	
�
�
���}�-�����
�
�:�:�;r/c�|�|j�d}tj|�}|jjj�j}|jj}t|||�}t�}|jtj|jj�dz�|jtj|jj�dz�|jtj|j��|j|jj�|j|�|j|�|j!�}|j"j%|�}||tj|j�|zfS)a
        Utility for test_KEXDH_REPLY and
        test_disconnectKEXDH_REPLYBadSignature.

        Begins a Diffie-Hellman key exchange in the named group
        Group-14 and computes information needed to return either a
        correct or incorrect signature.

        r�)rFr"rJr
r�rrLr�rOrr�rAr�r�r�r�rEr3r�)	r?rG�fMPrLr�rr�r r�s	         r0�begin_KEXDH_REPLYz)ClientSSHTransportTests.begin_KEXDH_REPLY		s-��	
�!�!�#�
���i�i��l���J�J�"�"�2�2�4�6�6���J�J�L�L���a��A����F��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������4�9�9�%�&�	������/�/�0�	����
�	������x�x�z���L�L�%�%�l�3�	��i����4�9�9�)=��)C�D�Dr/c������j�\�}}��fd�}�jj|tj|�z�}|j|�|S)zH
        Test that the KEXDH_REPLY message verifies the server.
        c����j|��j�j��j�jj
��yr�rxrVr*rGr
rD�rEr r?s ��r0�_cbTestKEXDH_REPLYzDClientSSHTransportTests.test_KEXDH_REPLY.<locals>._cbTestKEXDH_REPLY-	�=������e�$��O�O�D�4�4�5����T�Z�Z�1�1�<�@r/�rLr
�ssh_KEX_DH_GEX_GROUPr"rAr=�r?r��packetStartrQr@r s`    @r0�test_KEXDH_REPLYz(ClientSSHTransportTests.test_KEXDH_REPLY'	sV���26�1G�1G�1I�.��y�+�	A�

�J�J�+�+�K�&�)�)�I�:N�,N�O��	�
�
�(�)��r/c
��d|j_t�|j_|j	dd�|j|jjd�|j	dd�|j|jjd�|j|jdtjdf�td�D�cgc]}|jj|dd���!}}|j|jjj|d|d	|d
|d|d|d
f�ycc}w)r�r�rArBr?r�r/r�rr�rtr�r�r�Nr�r�s   r0r�z%ClientSSHTransportTests.test_keySetup7	r�r�c�b��|j�dg��fd�}||j_tjdddd�|j_|j
dd�|j|jj|jj
�t�|j_|jjd�|j|jj�|j|jj�|j|jj|jj
�|j�d�d|j_|j
dd	�|jjd�|j#|jj�d|j_|j
dd
�|jjd�|j#|jj�y)zl
        Test that NEWKEYS transitions the keys from nextEncryptions to
        currentEncryptions.
        Fc���d�d<yr�r.)�secures�r0�stubConnectionSecurezBClientSSHTransportTests.test_NEWKEYS.<locals>.stubConnectionSecureP	s����F�1�Ir/r8rArBr/rr�sGHsIJN)r�r
r<r%r�r�r!�assertIsNotrcrqr�rxrir|r�rVr�r�r�)r?r\r[s  @r0r�z$ClientSSHTransportTests.test_NEWKEYSH	s����
	
�+�+�-����	�';��
�
�#�%.�%9�%9��W�g�w�&
��
�
�"�	
� � ���.�������6�6��
�
�8R�8R�S�%/�\��
�
�"��
�
���s�#����$�*�*�8�8�9����$�*�*�8�8�9��
�
�d�j�j�3�3�T�Z�Z�5O�5O�P�����q�	�"�-4��
�
�*�� � ���.��
�
���s�#����T�Z�Z�;�;�<�-4��
�
�*�� � ���.��
�
���s�#����T�Z�Z�;�;�<r/c���t�|j_|jjd�|j	|jjj
�y)zS
        Test that the SERVICE_ACCEPT packet starts the requested service.
        �MockServiceN)r�r
�instance�ssh_SERVICE_ACCEPTrVr�rYs r0�test_SERVICE_ACCEPTz+ClientSSHTransportTests.test_SERVICE_ACCEPTj	sA��*�m��
�
���
�
�%�%�&D�E�����
�
�+�+�3�3�4r/c��|jjt��|j|jt
jdfg�y)zP
        Test that requesting a service sends a SERVICE_REQUEST packet.
        r_N)r
�requestServicer�rGrr%r�rYs r0�test_requestServicez+ClientSSHTransportTests.test_requestServicer	s?��	
�
�
�!�!�+�-�0�����L�L��+�+�-K�
L�M�	
r/c����j�\}}}�jj|tjd�z�}|j�fd��S)zL
        Test that KEXDH_REPLY disconnects if the signature is bad.
        �
bad signaturec�B���jtj�Sr�r[r%r]��_r?s �r0rszPClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignature.<locals>.<lambda>�	����d�,�,�Y�-U�-U�V�r/rS�r?r r�rVr@s`    r0�&test_disconnectKEXDH_REPLYBadSignaturez>ClientSSHTransportTests.test_disconnectKEXDH_REPLYBadSignature|	�Q���26�1G�1G�1I�.��y�+��J�J�+�+�K�&�)�)�DT�:U�,U�V���}�}�V�
�	
r/c���dtjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�zdzd	z}|jj|�|jj	d
�tjtj�t��|j_	|jjj�|j_tjtj�t��}|j�}|jtjjtj j"�}tj�|j_d|j_|jj)tjt+�j-�dj/��tj|�ztjd�z�|j1t2j4�y�
�O
        Test that KEX_ECDH_REPLY disconnects if the signature is bad.
        r5r.r�r6r7r8r/r9r:sSSH-2.0-OpenSSH
s
bad-signatureN�r"rAr
r�rr!�generate_private_key�	SECP256R1rrr�r�public_bytesr�Encoding�X962�PublicFormat�UncompressedPoint�curverC�_ssh_KEX_ECDH_REPLYr�r�r�r[r%r]�r?r��thisPriv�thisPubr s     r0�)test_disconnectKEX_ECDH_REPLYBadSignaturezAClientSSHTransportTests.test_disconnectKEX_ECDH_REPLYBadSignature�	�)��

��i�i�-�.�
/��i�i�
�#�
$��i�i�
�&�
'��i�i�
�&�	
'�
�i�i��%�
&��i�i��%�

&��i�i�� �
!��i�i�� �
!��i�i��n�	
��i�i��n�

��
�"�
"�	� 	
�
�
���v�&��
�
��� 6�7��3�3�B�L�L�N�O�DU�V��
�
���:�:�,�,�7�7�9��
�
���*�*�2�<�<�>�?�;L�M���%�%�'���%�%��"�"�'�'��)C�)C�)U�)U�
���<�<�>��
�
��1��
�
���
�
�&�&��I�I�k�m�1�1�3�J�?�D�D�F�G��i�i���
 ��i�i�(�)�
*�	
�	
���y�G�G�Hr/c�Z�|jjd�|j�yr�r�rYs r0r�z2ClientSSHTransportTests.test_disconnectNEWKEYSData�	r�r/c��t�|j_|jjd�|j	�y)z�
        Test that SERVICE_ACCEPT disconnects if the accepted protocol is
        differet from the asked-for protocol.
        sbadN)r�r
r`rar[rYs r0�test_disconnectSERVICE_ACCEPTz5ClientSSHTransportTests.test_disconnectSERVICE_ACCEPT�	s1��
*�m��
�
���
�
�%�%�&<�=���� r/c��t�|j_|jjd�|j	|jjj
�|j
t|j�d�y)z�
        Some commercial SSH servers don't send a payload with the
        SERVICE_ACCEPT message.  Conch pretends that it got the correct
        name of the service.
        r/rN)	r�r
r`rarVr�rGrxrrYs r0�test_noPayloadSERVICE_ACCEPTz4ClientSSHTransportTests.test_noPayloadSERVICE_ACCEPT�	sY��*�m��
�
���
�
�%�%�c�*�����
�
�+�+�3�3�4�����T�\�\�*�A�.r/N)r+r,r-ror�rArDrFrHr�rLrWr�r�rbrernr�r�r�r�r.r/r0r5r5�sd��� 5�DA�
�.N�E�<�0E�<� 
�" =�D5�
�	
�,I�\!�!�	/r/r5c�H�eZdZdZ	edd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zy
)�)ClientSSHTransportDHGroupExchangeBaseCasezE
    Diffie-Hellman group exchange tests for SSHClientTransport.
    ��FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF�c��|jg|j_|jj|jj��|j
|jtjdfg�y)zt
        KEXINIT packet with a group-exchange key exchange results
        in a KEX_DH_GEX_REQUEST message.
        � N)	r&r
r�rr%rErGr�MSG_KEX_DH_GEX_REQUESTrYs r0�test_KEXINIT_groupexchangezDClientSSHTransportDHGroupExchangeBaseCase.test_KEXINIT_groupexchange�	se��
-1�,=�,=�+>��
�
�(��
�
������ 4� 4� 6�7�����L�L��4�4�G��
�	
r/c
�<�|j�|jjtj|j
�tjd�z�|j
|jj|j
�|j
|jjd�|jjj�j}|j
tj|�ddd�|j
|jjtjtd||j
���|j
|jddtj |jjfg�y)z�
        Test that the KEX_DH_GEX_GROUP message results in a
        KEX_DH_GEX_INIT message with the client's Diffie-Hellman public key.
        r�r�Ns�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rt)r�r
rTr"rJ�P1536rGr�r�r�rrLr�rKrr%�MSG_KEX_DH_GEX_INITr{s  r0�test_KEX_DH_GEX_GROUPz?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_GROUP�	s��
	
�'�'�)��
�
�'�'��	�	�$�*�*�(=��	�	�!��(L�M���������t�z�z�2���������q�)��J�J�"�"�2�2�4�6�6��������1��a�b�)�=�9�����J�J�*�*�F�I�I�c�!�Q��
�
�6K�,L�	
�	
����L�L�����+�+�T�Z�Z�-K�-K�
L�M�	
r/c�.�|j�|jj}d}tj|�}t||jjj�j|�}|j�}|jtj|jj�dz�|jtj|jj�dz�|jtj|j��|jd�|jtj|j�tjd�z�|j|jj �|j|�|j|�|j#�}|j$j'|�}||tj|j�|zfS)a
        Utility for test_KEX_DH_GEX_REPLY and
        test_disconnectGEX_REPLYBadSignature.

        Begins a Diffie-Hellman key exchange in an unnamed
        (server-specified) group and computes information needed to
        return either a correct or incorrect signature.
        r�r�r�)r�r
r�r"rJrOr�rrLr'r�rAr�r�r�r�r�rEr3r�)r?r�rGrKrr�r r�s        r0�begin_KEX_DH_GEX_REPLYz@ClientSSHTransportDHGroupExchangeBaseCase.begin_KEX_DH_GEX_REPLY

sc��	
�"�"�$��J�J�L�L��
���i�i��l���a����!7�!7�!G�!G�!I�!K�!K�Q�O����� ��	������4�:�:�6�6�7�!�;�<�	������4�:�:�7�7�8�1�<�=�	������4�9�9�%�&�	���D�E�	������4�:�:�&����1��5�6�	������/�/�0�	����
�	������x�x�z���L�L�%�%�l�3�	��i����4�9�9�)=��)C�D�Dr/c������j�\�}}��fd�}�jj|tj|�z�}|j|�|S)z^
        Test that the KEX_DH_GEX_REPLY message results in a verified
        server.
        c����j|��j�j��j�jj
��yrrOrPs ��r0�_cbTestKEX_DH_GEX_REPLYz`ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY.<locals>._cbTestKEX_DH_GEX_REPLY0
rRr/�r�r
�ssh_KEX_DH_GEX_REPLYr"rAr=)r?r�rVr�r@r s`    @r0�test_KEX_DH_GEX_REPLYz?ClientSSHTransportDHGroupExchangeBaseCase.test_KEX_DH_GEX_REPLY)
sV���
26�1L�1L�1N�.��y�+�	A�

�J�J�+�+�K�&�)�)�I�:N�,N�O��	�
�
�-�.��r/c����j�\}}}�jj|tjd�z�}|j�fd��S)zQ
        Test that KEX_DH_GEX_REPLY disconnects if the signature is bad.
        rgc�B���jtj�Srrirjs �r0rsz`ClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignature.<locals>.<lambda>A
rlr/r�rms`    r0�$test_disconnectGEX_REPLYBadSignaturezNClientSSHTransportDHGroupExchangeBaseCase.test_disconnectGEX_REPLYBadSignature9
sQ���26�1L�1L�1N�.��y�+��J�J�+�+�K�&�)�)�DT�:U�,U�V���}�}�V�
�	
r/c���dtjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�ztjd�zdzd	z}|jj|�|jj	d
�tjtj�t��|j_	|jjj�|j_tjtj�t��}|j�}|jtjjtj j"�}tj�|j_d|j_|jj)tjt+�j-�dj/��tj|�ztjd�z�|j1t2j4�yrqrsr}s     r0r�zSClientSSHTransportDHGroupExchangeBaseCase.test_disconnectKEX_ECDH_REPLYBadSignatureD
r�r/N)r+r,r-ror�r�r�r�r�r�r�r�r.r/r0r�r��	sB����
�	;�	�

�E�
�$
�&E�>� 	
�,Ir/r�c��eZdZdZy)�*ClientSSHTransportDHGroupExchangeSHA1TestszJ
    diffie-hellman-group-exchange-sha1 tests for SSHClientTransport.
    NrNr.r/r0r�r�s
rRr/r�c��eZdZdZy)�,ClientSSHTransportDHGroupExchangeSHA256TestszL
    diffie-hellman-group-exchange-sha256 tests for SSHClientTransport.
    NrNr.r/r0r�r�}
rRr/r�c�(�eZdZdZd�Zd�Zd�Zd�Zy)�ClientSSHTransportECDHBaseCasezE
    Elliptic Curve Diffie-Hellman tests for SSHClientTransport.
    c	�|�|jg|j_|jj|jj��|j
|jtjtj|jj|jj��fg�y)zm
        KEXINIT packet with an elliptic curve key exchange results
        in a KEXDH_INIT message.
        N)
r&r
r�rr%rErGrrCr"rArrrYs r0�test_KEXINITz+ClientSSHTransportECDHBaseCase.test_KEXINIT�
s���
-1�,=�,=�+>��
�
�(��
�
������ 4� 4� 6�7�����L�L��,�,��I�I�d�j�j�;�;�D�J�J�<L�<L�M�N��
�	
r/c��|j�t�j�d}t�j�d}|jj�}|j
�}|jj|�}|jj||jj|jj��}|j�}|jtj|jj��|jtj|jj��|jtj|jj ��|jtj|jj"��|jtj|j%���|jtj|jj|jj���|jtj|��|j|�|j'�}|j)|�}	||	tj|j%��tj|�zfS)a
        Utility for test_KEXDH_REPLY and
        test_disconnectKEXDH_REPLYBadSignature.

        Begins an Elliptic Curve Diffie-Hellman key exchange and computes
        information needed to return either a correct or incorrect
        signature.
        r�)r�r�r�r�r
rr�rrrr'r�r"rAr�r�r�rr�rEr�)
r?�privKeyr/rrr rr�r r�s
          r0rLz0ClientSSHTransportECDHBaseCase.begin_KEXDH_REPLY�
s���	
�����-�.�.�0��<����,�,�.�z�:�����1�1�3���!�!�#�����.�.�u�5���z�z�9�9��D�J�J�1�1�$�*�*�2B�2B�C�
��
��� ��	������4�:�:�6�6�7�8�	������4�:�:�8�8�9�:�	������4�:�:�7�7�8�9�	������4�:�:�9�9�:�;�	������6�;�;�=�)�*�	������4�:�:�8�8����9I�9I�J�K�L�	������6�"�#�	������x�x�z���L�L��.�	��i����6�;�;�=�)A�F�I�I�f�DU�)U�V�Vr/c������j�\�}}��fd�}�jj|tj|�z�}|j|�|S)zO
        Test that the KEXDH_REPLY message completes the key exchange.
        c����j|��j�j��j�jj
��yrrOrPs ��r0rQzKClientSSHTransportECDHBaseCase.test_KEXDH_REPLY.<locals>._cbTestKEXDH_REPLY�
rRr/rSrUs`    @r0rWz/ClientSSHTransportECDHBaseCase.test_KEXDH_REPLY�
sV���26�1G�1G�1I�.��y�+�	A�

�J�J�+�+�K�&�)�)�I�:N�,N�O��	�
�
�(�)��r/c����j�\}}}�jj|tjd�z�}|j�fd��S)rrrgc�B���jtj�Srrirjs �r0rszWClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignature.<locals>.<lambda>�
rlr/rSrms`    r0rnzEClientSSHTransportECDHBaseCase.test_disconnectKEXDH_REPLYBadSignature�
ror/N)r+r,r-ror�rLrWrnr.r/r0r�r��
s���
�$"W�H
�	
r/r�c��eZdZdZy)�ClientSSHTransportECDHTestsz:
    ecdh-sha2-nistp256 tests for SSHClientTransport.
    NrNr.r/r0r�r��
rOr/r�c��eZdZdZy)�'ClientSSHTransportCurve25519SHA256Testsz9
    curve25519-sha256 tests for SSHClientTransport.
    NrNr.r/r0r�r��
rWr/r�c�N�eZdZdZereZd�Zd�Zd�Zd�Z	d�Z
d�Zd�Zd	�Z
d
�Zy)�GetMACTestsz*
    Tests for L{SSHCiphers._getMAC}.
    c�>�tjdddd�|_y)Nr�rhr�r�)r%r�r�rYs r0rzGetMACTests.setUp�
s�� �+�+�D�$��d�C��r/c��td�S)z�
        Generate a new shared secret to be used with the tests.

        @return: A new secret.
        @rtype: L{bytes}
        �@rrYs r0�getSharedSecretzGetMACTests.getSharedSecret�
s���b�!�!r/c�B�|j�}|jj||�}|d|d|zz}td�t	|�D��}td�t	|�D��}	|j|||	|f|�|j||j�y)a�
        Check that when L{SSHCiphers._getMAC} is called with a supportd HMAC
        algorithm name it returns a tuple of
        (digest object, inner pad, outer pad, digest size) with a C{key}
        attribute set to the value of the key supplied.

        @param hmacName: Identifier of HMAC algorithm.
        @type hmacName: L{bytes}

        @param hashProcessor: Callable for the hash algorithm.
        @type hashProcessor: C{callable}

        @param digestSize: Size of the digest for algorithm.
        @type digestSize: L{int}

        @param blockPadSize: Size of padding applied to the shared secret to
            match the block size.
        @type blockPadSize: L{int}
        Nr9c3�8K�|]}t|�dz���y�w)�6N�r_�r��bs  r0r�z+GetMACTests.assertGetMAC.<locals>.<genexpr>�����?�1��Q��$��?���c3�8K�|]}t|�dz���y�w)�\Nr�r�s  r0r�z+GetMACTests.assertGetMAC.<locals>.<genexpr>r�r�)r�r��_getMACr�rrGr�)
r?�hmacNamer'�
digestSize�blockPadSize�secret�paramsr��innerPad�outerPads
          r0�assertGetMACzGetMACTests.assertGetMACs���(�%�%�'�����%�%�h��7���[�j�!�G�l�$:�:���?�	�#��?�?���?�	�#��?�?�����-��8�Z�H�&�Q�����f�j�j�)r/c�6�|jdtdd��y)a
        When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-512"} MAC
        algorithm name it returns a tuple of (sha512 digest object, inner pad,
        outer pad, sha512 digest size) with a C{key} attribute set to the
        value of the key supplied.
        s
hmac-sha2-512r��r�r�N)r�rrYs r0�test_hmacsha2512zGetMACTests.test_hmacsha2512 ���	
���*�F�r�PR��Sr/c�6�|jdtdd��y)a
        When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-384"} MAC
        algorithm name it returns a tuple of (sha384 digest object, inner pad,
        outer pad, sha384 digest size) with a C{key} attribute set to the
        value of the key supplied.
        s
hmac-sha2-384�0�Pr�N)r�rrYs r0�test_hmacsha2384zGetMACTests.test_hmacsha2384)r�r/c�6�|jdtdd��y)a
        When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha2-256"} MAC
        algorithm name it returns a tuple of (sha256 digest object, inner pad,
        outer pad, sha256 digest size) with a C{key} attribute set to the
        value of the key supplied.
        s
hmac-sha2-256� r�N)r�rrYs r0�test_hmacsha2256zGetMACTests.test_hmacsha22562r�r/c�6�|jdtdd��y)a
        When L{SSHCiphers._getMAC} is called with the C{b"hmac-sha1"} MAC
        algorithm name it returns a tuple of (sha1 digest object, inner pad,
        outer pad, sha1 digest size) with a C{key} attribute set to the value
        of the key supplied.
        r7��,r�N)r�rrYs r0�
test_hmacsha1zGetMACTests.test_hmacsha1;s��	
���,���"��Mr/c�6�|jdtdd��y)a
        When L{SSHCiphers._getMAC} is called with the C{b"hmac-md5"} MAC
        algorithm name it returns a tuple of (md5 digest object, inner pad,
        outer pad, md5 digest size) with a C{key} attribute set to the value of
        the key supplied.
        r�r�r�r�N)r�rrYs r0�test_hmacmd5zGetMACTests.test_hmacmd5Ds��	
���+�s�r���Kr/c��|j�}|jjd|�}|jd|�y)z�
        When L{SSHCiphers._getMAC} is called with the C{b"none"} MAC algorithm
        name it returns a tuple of (None, "", "", 0).
        r8)Nr/r/rN)r�r�r�rG)r?r�r�s   r0�	test_nonezGetMACTests.test_noneMs9��
�"�"�$�����%�%�g�s�3�����,�f�5r/N)r+r,r-rorrErr�r�r�r�r�r�r�r�r.r/r0r�r��
sD������D�"�*�<T�T�T�N�L�	6r/r�c�6�eZdZdZereZd�Zd�Zd�Zd�Z	d�Z
y)�SSHCiphersTestsz0
    Tests for the SSHCiphers helper class.
    c��tjdddd�}|j|jd�|j|jd�|j|j
d�|j|jd�y)zJ
        Test that the initializer sets up the SSHCiphers object.
        r�rhr�r�N)r%r�rGr�r�r�r�)r?r�s  r0�	test_initzSSHCiphersTests.test_initasr���&�&�t�T�4��>������+�+�T�2�����*�*�D�1�����+�+�T�2�����*�*�D�1r/c�2�tjdddd�}dx}}|jj�D]^\}\}}}|j	|||�}|dk(r!|j|tj��C|j|j|��`y)zM
        Test that the _getCipher method returns the correct cipher.
        r�rhr�r�r�r8N)r%r��	cipherMapr�r��assertIsInstance�_DummyCipher�	algorithm)	r?r�r�r�r��algClass�keySize�counter�cips	         r0�test_getCipherzSSHCiphersTests.test_getCipherks����&�&�t�T�4��>�����S�5<�5F�5F�5L�5L�5N�	?�1�G�1�h����$�$�W�b�#�6�C��'�!��%�%�c�9�+A�+A�B��%�%�c�m�m�X�>�	?r/c	��d}tjjD�]�}tjj|\}}}tj|ddd�}tjd|dd�}|j|||�}|jjdz}	|j||dddd�|jdd||dd�|j|j|	�|j|j|	�|j�}
|
j|d|	�}|
j|d|	�}|j|j|d|	�|�|j|j|d|	�|�|j|j|�|d|	�|j|j|�|d|	����y)z8
        Test that setKeys sets up the ciphers.
        �@r8r�r/N)r%r1r�r�r�r�r��
block_sizer�rGryr��	encryptorr�r|r�)
r?r�r��modNamer�r��	encCipher�	decCipherr��bsr��enc�enc2s
             r0�test_setKeysCiphersz#SSHCiphersTests.test_setKeysCiphersxs����� �1�1�B�B�	@�G�(1�(<�(<�(F�(F�w�(O�%�G�W�g�!�,�,�W�g�w��P�I�!�,�,�W�g�w��P�I��&�&�w��S�9�C����)�)�Q�.�B����c�3��S�#�s�;����c�3��S�#�s�;����Y�3�3�R�8����Y�3�3�R�8��
�
��I��"�"�3�s��8�,�C��#�#�C���H�-�D����Y�.�.�s�3�B�x�8�#�>����Y�.�.�s�3�B�x�8�$�?����Y�.�.�s�3�S��"�X�>����Y�.�.�t�4�c�#�2�h�?�!	@r/c	��d}tjjj�D�]/\}}tjdd|d�}tjddd|�}|j	dddd|d�|j	ddddd|�|r|�j
}nd}|j
|j|�|r|j||�\}}}}d}	|}
d|z}|r1|||z�j�z�j�}nd}|j
|j|	|
�|�|j|j|	|
|����2y)z5
        Test that setKeys sets up the MACs.
        r�r8r/rr:N)
r%r��macMapr�r��digest_sizerGr�r�rEr�rVr�)
r?r��macName�mod�outMac�inMac�ds�i�o�seqidrrm�macs
             r0�test_setKeysMACsz SSHCiphersTests.test_setKeysMACs�sH����%�0�0�7�7�=�=�?�	<�L�G�S��)�)�'�7�G�W�M�F��(�(��'�7�G�L�E��N�N�3��S�#�s�C�8��M�M�#�s�C��c�3�7���U�&�&�������U�3�3�R�8�� &���w�� <�
��Q��2��E��D� �3�&�F���!�c�!�f�*�o�4�4�6�6�7�>�>�@�������V�^�^�E�4�8�#�>��O�O�E�L�L���c�:�;�)	<r/c
�8�gd�}|D]�\}}}tjdddd�}|jd|�|_t	j
d|dd�\}|dd}|j
|tj|j||��d|�d|�����y)	z�
        L{SSHCiphers.makeMAC} computes the HMAC of an outgoing SSH message with
        a particular sequence id and content data.
        ))ssHi Theres 9294727a3638bb1c13f48ef8158bfc9d)sJefeswhat do ya want for nothing?s 750c783e6ab0b503eaa86e310a5db738)r5s2��������������������������������������������������s 56be34521d144c88dbb8c733f0e8b3f6r8r�z>LNr�zFailed HMAC test vector; key=z data=)
r%r�r�r��struct�unpackrGr,r-r�)r?�vectorsr�rrr�r�	shorteneds        r0�test_makeMACzSSHCiphersTests.test_makeMAC�s���
��&�		�N�C��s��)�)�'�7�K��Q�F�"�N�N�;��<�F�M��}�}�T�4���8�4�H�U��Q�R��I������ � �����y�!A�B�/��w�f�T�H�E�
�		r/N)r+r,r-rorrEr�r�r�rrr.r/r0r�r�Ys+������2�?�@�.<�6r/r�c�6�eZdZdZereZd�Zd�Zd�Zd�Z	d�Z
y)�TransportLoopbackTestszL
    Test the server transport and client transport against each other,
    c������t�}tj��|�_|j�g�_�fd��_tj��d��_g�_�fd��_�fd��_	t�jj�j���_
|���|����fd�}tj���}|j!|���|S)z�
        Run an async client and server, modifying each using the mod function
        provided.  Returns a Deferred called back when both Protocols have
        disconnected.

        @type mod: C{func}
        @rtype: C{defer.Deferred}
        c�>���jj||f�Srr^)�code�desc�servers  �r0rsz9TransportLoopbackTests._runClientServer.<locals>.<lambda>��������1E�1E�t�T�l�1S�r/c�,�tjd�Sr)rr.)rLrMs  r0rsz9TransportLoopbackTests._runClientServer.<locals>.<lambda>�s��E�M�M�$�,?�r/c�>���jj||f�Srr^)r
r�clients  �r0rsz9TransportLoopbackTests._runClientServer.<locals>.<lambda>�rr/c�$���j�Sr)r�)rs�r0rsz9TransportLoopbackTests._runClientServer.<locals>.<lambda>�s���&�*?�*?�*A�r/c�j��t|jd|jd|jd|jdg�}�j|jg��j|jtjdfg�|jddk(rA�j|j�|��j|j�|�n@�j|j�|��j|j�|�|jddk(rA�j|j�|��j|j�|�y�j|j�|��j|j�|�y)Nrsuser closed connectionr8)
�reprr�r�r�r�rGrTr%r	rTrrVr)�ignoredrrr�r?s    �r0�checkz6TransportLoopbackTests._runClientServer.<locals>.check�so�����+�+�A�.��(�(��+��0�0��3��0�0��3�	��D�
���V�]�]�B�/�����
�
��6�6�8Q�R�S�
��&�&�q�)�W�4�� � ��!3�!3�!5�t�<�� � ��!3�!3�!5�t�<����� 2� 2� 4�d�;����� 2� 2� 4�d�;��#�#�A�&�'�1�� � ��!2�!2�!4�d�;�� � ��!2�!2�!4�d�;����� 1� 1� 3�T�:����� 1� 1� 3�T�:r/)r�r%r5r#r�rTrbr8r1r<�listr�r$r�r�
loopbackAsyncr=)r?r�r#rr@rrs`    @@r0�_runClientServerz'TransportLoopbackTests._runClientServer�s�����-���-�-�/�� ����������
�S����-�-�/��?�����
�S���"A���%)�&�.�.�*F�*F�*H�*M�*M�*O�%P��"��V����V���	;�6
�"�"�6�6�2��	�
�
�e�V�V�,��r/c����g}tjjdgzD]'��fd�}|j|j	|���)tj|d��S)z{
        Test that the client and server play nicely together, in all
        the various combinations of ciphers.
        r8c����g|_|Srrs)r
�ciphers �r0�	setCipherz6TransportLoopbackTests.test_ciphers.<locals>.setCipher
s���*0���&��r/T��fireOnOneErrback)r%r1r�r_rr�DeferredList)r?�	deferredsrrs   @r0�test_ciphersz#TransportLoopbackTests.test_cipherssa���
�	��0�0�A�A�W�I�M�	?�F�
�
���T�2�2�9�=�>�
	?��!�!�)�d�C�Cr/c����g}tjjdgzD]'��fd�}|j|j	|���)tj|d��S)z>
        Like test_ciphers, but for the various MACs.
        r8c����g|_|Srrx)r
rs �r0�setMACz0TransportLoopbackTests.test_macs.<locals>.setMACs���'*�e��#��r/Tr )r%r1r�r_rrr")r?r#r'rs   @r0�	test_macsz TransportLoopbackTests.test_macssa����	��-�-�;�;�w�i�G�	<�C�
�
���T�2�2�6�:�;�
	<��!�!�)�d�C�Cr/c���g}tjjD]'��fd�}|j|j	|���)tj|d��S)zG
        Like test_ciphers, but for the various key exchanges.
        c����g|_|Srrb)r
r&s �r0�setKeyExchangez@TransportLoopbackTests.test_keyexchanges.<locals>.setKeyExchange)s���/;�n��+��r/Tr )r%r1r�r_rrr")r?r#r+r&s   @r0�test_keyexchangesz(TransportLoopbackTests.test_keyexchanges"s\����	�%�6�6�L�L�	D�L�
�
���T�2�2�>�B�C�
	D��!�!�)�d�C�Cr/c���g}tjjD]'��fd�}|j|j	|���)tj|d��S)zF
        Like test_ciphers, but for the various compressions.
        c����g|_|Srrn)r
�compressions �r0�setCompressionz@TransportLoopbackTests.test_compressions.<locals>.setCompression7s���/:�m��+��r/Tr )r%r1r�r_rrr")r?r#r0r/s   @r0�test_compressionsz(TransportLoopbackTests.test_compressions0s\����	�$�5�5�K�K�	D�K�
�
���T�2�2�>�B�C�
	D��!�!�)�d�C�Cr/N)r+r,r-rorrErr$r(r,r1r.r/r0r
r
�s/������5�n
D�D�D�Dr/r
)mror,rBrLrr�hashlibrrrrr�typingrr	r
rr�twistedr
rH�twisted.conch.errorr�twisted.conch.sshrrr�twisted.internetr�twisted.protocolsr�twisted.pythonr�twisted.python.compatr�twisted.python.randbytesr�twisted.python.reflectr�twisted.testr�twisted.trial.unittestrr�strr"r�cryptography.exceptionsr�cryptography.hazmat.backendsr�cryptography.hazmat.primitivesr�)cryptography.hazmat.primitives.asymmetricr r!r"r#r$r%�twisted.conch.testr&�x25519_supportedrDrHrOr1rQrqr��
SSHServicer�r<r�r�r�r�r�r$r)r-r0r2r4r=rMrQrTrVrYr�r�r�rrrr#r%r'r5r�r�r�r�r�r�r�r�r
r.r/r0�<module>rGsa���
�	�
�
��5�5�4�4�2�*�4�4�"�&�$�+�3�0�&�+��^�,����
����N�<�<�<�@�B�B�*�&�(�9�9�;���9����������
�#�B%�	�2�2�B%�J>@�>@�B
�
�  0�'�$�$� 0�F(1�'�$�$�(1�V
�{�
� 
��
� �(:9��:9�z��������J�J�r;�4�6G�r;�jT�.F�T�&�+�-E�GX���+�����+�Y�8I����+�-B�DU����b
�b
�J�!D��$yK�8�:K�yK�x
m
�0J�m
�`�-�����-����1
�%?�1
�h�"�I�/@����"�$9�;L����6�!D�6�4z/�8�:K�z/�z	_I�0J�_I�D�-�����-����S
�%?�S
�l�"�I�/@����"�$9�;L����h6�(�h6�Vj�h�j�ZvD�X�vDr/

Zerion Mini Shell 1.0