diff options
Diffstat (limited to 'tests/test_pkey.py')
| -rw-r--r-- | tests/test_pkey.py | 121 |
1 files changed, 16 insertions, 105 deletions
diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 4d74d8aa..d4d193b8 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -45,7 +45,7 @@ from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateNumbers from unittest.mock import patch, Mock import pytest -from .util import _support, is_low_entropy, requires_sha1_signing +from ._util import _support, is_low_entropy, requires_sha1_signing # from openssh's ssh-keygen @@ -138,12 +138,6 @@ TEST_KEY_BYTESTR = "\x00\x00\x00\x07ssh-rsa\x00\x00\x00\x01#\x00\x00\x00\x00ӏV\ class KeyTest(unittest.TestCase): - def setUp(self): - pass - - def tearDown(self): - pass - def assert_keyfile_is_encrypted(self, keyfile): """ A quick check that filename looks like an encrypted key. @@ -161,7 +155,7 @@ class KeyTest(unittest.TestCase): self.assertEqual(exp, key) def test_load_rsa(self): - key = RSAKey.from_private_key_file(_support("test_rsa.key")) + key = RSAKey.from_private_key_file(_support("rsa.key")) self.assertEqual("ssh-rsa", key.get_name()) exp_rsa = b(FINGER_RSA.split()[1].replace(":", "")) my_rsa = hexlify(key.get_fingerprint()) @@ -184,7 +178,7 @@ class KeyTest(unittest.TestCase): ) as loader: loader.side_effect = exception with pytest.raises(SSHException, match=str(exception)): - RSAKey.from_private_key_file(_support("test_rsa.key")) + RSAKey.from_private_key_file(_support("rsa.key")) def test_loading_empty_keys_errors_usefully(self): # #1599 - raise SSHException instead of IndexError @@ -203,7 +197,7 @@ class KeyTest(unittest.TestCase): self.assertEqual(1024, key.get_bits()) def test_load_dss(self): - key = DSSKey.from_private_key_file(_support("test_dss.key")) + key = DSSKey.from_private_key_file(_support("dss.key")) self.assertEqual("ssh-dss", key.get_name()) exp_dss = b(FINGER_DSS.split()[1].replace(":", "")) my_dss = hexlify(key.get_fingerprint()) @@ -231,7 +225,7 @@ class KeyTest(unittest.TestCase): def test_compare_rsa(self): # verify that the private & public keys compare equal - key = RSAKey.from_private_key_file(_support("test_rsa.key")) + key = RSAKey.from_private_key_file(_support("rsa.key")) self.assertEqual(key, key) pub = RSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) @@ -240,7 +234,7 @@ class KeyTest(unittest.TestCase): def test_compare_dss(self): # verify that the private & public keys compare equal - key = DSSKey.from_private_key_file(_support("test_dss.key")) + key = DSSKey.from_private_key_file(_support("dss.key")) self.assertEqual(key, key) pub = DSSKey(data=key.asbytes()) self.assertTrue(key.can_sign()) @@ -248,7 +242,7 @@ class KeyTest(unittest.TestCase): self.assertEqual(key, pub) def _sign_and_verify_rsa(self, algorithm, saved_sig): - key = RSAKey.from_private_key_file(_support("test_rsa.key")) + key = RSAKey.from_private_key_file(_support("rsa.key")) msg = key.sign_ssh_data(b"ice weasels", algorithm) assert isinstance(msg, Message) msg.rewind() @@ -273,7 +267,7 @@ class KeyTest(unittest.TestCase): def test_sign_dss(self): # verify that the dss private key can sign and verify - key = DSSKey.from_private_key_file(_support("test_dss.key")) + key = DSSKey.from_private_key_file(_support("dss.key")) msg = key.sign_ssh_data(b"ice weasels") self.assertTrue(type(msg) is Message) msg.rewind() @@ -329,7 +323,7 @@ class KeyTest(unittest.TestCase): self.assertEqual(key.get_name(), "ecdsa-sha2-nistp521") def test_load_ecdsa_256(self): - key = ECDSAKey.from_private_key_file(_support("test_ecdsa_256.key")) + key = ECDSAKey.from_private_key_file(_support("ecdsa-256.key")) self.assertEqual("ecdsa-sha2-nistp256", key.get_name()) exp_ecdsa = b(FINGER_ECDSA_256.split()[1].replace(":", "")) my_ecdsa = hexlify(key.get_fingerprint()) @@ -357,7 +351,7 @@ class KeyTest(unittest.TestCase): def test_compare_ecdsa_256(self): # verify that the private & public keys compare equal - key = ECDSAKey.from_private_key_file(_support("test_ecdsa_256.key")) + key = ECDSAKey.from_private_key_file(_support("ecdsa-256.key")) self.assertEqual(key, key) pub = ECDSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) @@ -366,7 +360,7 @@ class KeyTest(unittest.TestCase): def test_sign_ecdsa_256(self): # verify that the rsa private key can sign and verify - key = ECDSAKey.from_private_key_file(_support("test_ecdsa_256.key")) + key = ECDSAKey.from_private_key_file(_support("ecdsa-256.key")) msg = key.sign_ssh_data(b"ice weasels") self.assertTrue(type(msg) is Message) msg.rewind() @@ -408,7 +402,7 @@ class KeyTest(unittest.TestCase): self.assertEqual(384, key.get_bits()) def test_load_ecdsa_transmutes_crypto_exceptions(self): - path = _support("test_ecdsa_256.key") + path = _support("ecdsa-256.key") # TODO: nix unittest for pytest for exception in (TypeError("onoz"), UnsupportedAlgorithm("oops")): with patch( @@ -569,12 +563,12 @@ class KeyTest(unittest.TestCase): RSAKey.from_private_key_file(_support("test_rsa_openssh_nopad.key")) def test_stringification(self): - key = RSAKey.from_private_key_file(_support("test_rsa.key")) + key = RSAKey.from_private_key_file(_support("rsa.key")) comparable = TEST_KEY_BYTESTR self.assertEqual(str(key), comparable) def test_ed25519(self): - key1 = Ed25519Key.from_private_key_file(_support("test_ed25519.key")) + key1 = Ed25519Key.from_private_key_file(_support("ed25519.key")) key2 = Ed25519Key.from_private_key_file( _support("test_ed25519_password.key"), b"abc123" ) @@ -594,7 +588,7 @@ class KeyTest(unittest.TestCase): def test_ed25519_compare(self): # verify that the private & public keys compare equal - key = Ed25519Key.from_private_key_file(_support("test_ed25519.key")) + key = Ed25519Key.from_private_key_file(_support("ed25519.key")) self.assertEqual(key, key) pub = Ed25519Key(data=key.asbytes()) self.assertTrue(key.can_sign()) @@ -616,33 +610,6 @@ class KeyTest(unittest.TestCase): ) assert original != generated - def keys(self): - for key_class, filename in [ - (RSAKey, "test_rsa.key"), - (DSSKey, "test_dss.key"), - (ECDSAKey, "test_ecdsa_256.key"), - (Ed25519Key, "test_ed25519.key"), - ]: - key1 = key_class.from_private_key_file(_support(filename)) - key2 = key_class.from_private_key_file(_support(filename)) - yield key1, key2 - - def test_keys_are_comparable(self): - for key1, key2 in self.keys(): - assert key1 == key2 - - def test_keys_are_not_equal_to_other(self): - for value in [None, True, ""]: - for key1, _ in self.keys(): - assert key1 != value - - def test_keys_are_hashable(self): - # NOTE: this isn't a great test due to hashseed randomization under - # Python 3 preventing use of static values, but it does still prove - # that __hash__ is implemented/doesn't explode & works across instances - for key1, key2 in self.keys(): - assert hash(key1) == hash(key2) - def test_ed25519_nonbytes_password(self): # https://github.com/paramiko/paramiko/issues/1039 Ed25519Key.from_private_key_file( @@ -654,7 +621,7 @@ class KeyTest(unittest.TestCase): # No exception -> it's good. Meh. def test_ed25519_load_from_file_obj(self): - with open(_support("test_ed25519.key")) as pkey_fileobj: + with open(_support("ed25519.key")) as pkey_fileobj: key = Ed25519Key.from_private_key(pkey_fileobj) self.assertEqual(key, key) self.assertTrue(key.can_sign()) @@ -674,43 +641,6 @@ class KeyTest(unittest.TestCase): finally: os.remove(newfile) - def test_certificates(self): - # NOTE: we also test 'live' use of cert auth for all key types in - # test_client.py; this and nearby cert tests are more about the gritty - # details. - # PKey.load_certificate - key_path = _support(os.path.join("cert_support", "test_rsa.key")) - key = RSAKey.from_private_key_file(key_path) - self.assertTrue(key.public_blob is None) - cert_path = _support( - os.path.join("cert_support", "test_rsa.key-cert.pub") - ) - key.load_certificate(cert_path) - self.assertTrue(key.public_blob is not None) - self.assertEqual( - key.public_blob.key_type, "ssh-rsa-cert-v01@openssh.com" - ) - self.assertEqual(key.public_blob.comment, "test_rsa.key.pub") - # Delve into blob contents, for test purposes - msg = Message(key.public_blob.key_blob) - self.assertEqual(msg.get_text(), "ssh-rsa-cert-v01@openssh.com") - msg.get_string() - e = msg.get_mpint() - n = msg.get_mpint() - self.assertEqual(e, key.public_numbers.e) - self.assertEqual(n, key.public_numbers.n) - # Serial number - self.assertEqual(msg.get_int64(), 1234) - - # Prevented from loading certificate that doesn't match - key_path = _support(os.path.join("cert_support", "test_ed25519.key")) - key1 = Ed25519Key.from_private_key_file(key_path) - self.assertRaises( - ValueError, - key1.load_certificate, - _support("test_rsa.key-cert.pub"), - ) - @patch("paramiko.pkey.os") def _test_keyfile_race(self, os_, exists): # Re: CVE-2022-24302 @@ -764,22 +694,3 @@ class KeyTest(unittest.TestCase): finally: if os.path.exists(new): os.unlink(new) - - def test_sign_rsa_with_certificate(self): - data = b"ice weasels" - key_path = _support(os.path.join("cert_support", "test_rsa.key")) - key = RSAKey.from_private_key_file(key_path) - msg = key.sign_ssh_data(data, "rsa-sha2-256") - msg.rewind() - assert "rsa-sha2-256" == msg.get_text() - sign = msg.get_binary() - cert_path = _support( - os.path.join("cert_support", "test_rsa.key-cert.pub") - ) - key.load_certificate(cert_path) - msg = key.sign_ssh_data(data, "rsa-sha2-256-cert-v01@openssh.com") - msg.rewind() - assert "rsa-sha2-256" == msg.get_text() - assert sign == msg.get_binary() - msg.rewind() - assert key.verify_ssh_sig(b"ice weasels", msg) |