summaryrefslogtreecommitdiffstats
path: root/tests/openpgp/ssh-import.scm
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xtests/openpgp/ssh-import.scm101
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/openpgp/ssh-import.scm b/tests/openpgp/ssh-import.scm
new file mode 100755
index 0000000..555f198
--- /dev/null
+++ b/tests/openpgp/ssh-import.scm
@@ -0,0 +1,101 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+(setenv "SSH_AUTH_SOCK"
+ (call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket))
+ #t)
+
+(define path (string-split (getenv "PATH") *pathsep*))
+(define ssh #f)
+(catch (skip "ssh not found") (set! ssh (path-expand "ssh" path)))
+
+(define ssh-add #f)
+(catch (skip "ssh-add not found")
+ (set! ssh-add (path-expand "ssh-add" path)))
+
+(define ssh-keygen #f)
+(catch (skip "ssh-keygen not found")
+ (set! ssh-keygen (path-expand "ssh-keygen" path)))
+
+(define ssh-version-string
+ (:stderr (call-with-io `(,ssh "-V") "")))
+
+(log "Using" ssh "version:" ssh-version-string)
+
+(define ssh-version
+ (let ((tmp ssh-version-string)
+ (prefix "OpenSSH_"))
+ (unless (string-prefix? tmp prefix)
+ (skip "This doesn't look like OpenSSH:" tmp))
+ (string->number (substring tmp (string-length prefix)
+ (+ 3 (string-length prefix))))))
+
+(define (ssh-supports? algorithm)
+ ;; We exploit ssh-keygen as an oracle to test what algorithms ssh
+ ;; supports.
+ (cond
+ ((equal? algorithm "ed25519")
+ ;; Unfortunately, our oracle does not work for ed25519 because
+ ;; this is a specific curve and not a family, so the key size
+ ;; parameter is ignored.
+ (>= ssh-version 6.5))
+ (else
+ ;; We call ssh-keygen with the algorithm to test, specify an
+ ;; invalid key size, and observe the error message.
+ (let ((output (:stderr (call-with-io `(,ssh-keygen
+ -t ,algorithm
+ -b "1009") ""))))
+ (log "(ssh-supports?" algorithm "), ssh algorithm oracle replied:" output)
+ (not (string-contains? output "unknown key type"))))))
+
+(define keys
+ '(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")
+ ("rsa" "c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ ("ecdsa" "93:37:30:a6:4e:e7:6a:22:79:77:8e:bf:ed:14:e9:8e")
+ ("ed25519" "08:df:be:af:d2:f5:32:20:3a:1c:56:06:be:31:0f:bf")))
+
+(for-each-p'
+ "Importing ssh keys..."
+ (lambda (key)
+ (let ((file (path-join (in-srcdir "tests" "openpgp" "samplekeys")
+ (string-append "ssh-" (car key) ".key")))
+ (hash (cadr key)))
+ ;; We pipe the key to ssh-add so that it won't complain about
+ ;; file's permissions.
+ (pipe:do
+ (pipe:open file (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+ (unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
+ (fail "key not added"))))
+ car (filter (lambda (x) (ssh-supports? (car x))) keys))
+
+(info "Checking for issue2316...")
+(unlink (path-join GNUPGHOME "sshcontrol"))
+(pipe:do
+ (pipe:open (path-join (in-srcdir "tests" "openpgp" "samplekeys")
+ (string-append "ssh-rsa.key"))
+ (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+(unless
+ (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
+ "c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ (fail "known private key not (re-)added to sshcontrol"))