diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/openpgp/ssh-import.scm | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/openpgp/ssh-import.scm b/tests/openpgp/ssh-import.scm new file mode 100755 index 0000000..555f198 --- /dev/null +++ b/tests/openpgp/ssh-import.scm @@ -0,0 +1,101 @@ +#!/usr/bin/env gpgscm + +;; Copyright (C) 2016 g10 Code GmbH +;; +;; This file is part of GnuPG. +;; +;; GnuPG is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation; either version 3 of the License, or +;; (at your option) any later version. +;; +;; GnuPG is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program; if not, see <http://www.gnu.org/licenses/>. + +(load (in-srcdir "tests" "openpgp" "defs.scm")) +(setup-environment) + +(setenv "SSH_AUTH_SOCK" + (call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket)) + #t) + +(define path (string-split (getenv "PATH") *pathsep*)) +(define ssh #f) +(catch (skip "ssh not found") (set! ssh (path-expand "ssh" path))) + +(define ssh-add #f) +(catch (skip "ssh-add not found") + (set! ssh-add (path-expand "ssh-add" path))) + +(define ssh-keygen #f) +(catch (skip "ssh-keygen not found") + (set! ssh-keygen (path-expand "ssh-keygen" path))) + +(define ssh-version-string + (:stderr (call-with-io `(,ssh "-V") ""))) + +(log "Using" ssh "version:" ssh-version-string) + +(define ssh-version + (let ((tmp ssh-version-string) + (prefix "OpenSSH_")) + (unless (string-prefix? tmp prefix) + (skip "This doesn't look like OpenSSH:" tmp)) + (string->number (substring tmp (string-length prefix) + (+ 3 (string-length prefix)))))) + +(define (ssh-supports? algorithm) + ;; We exploit ssh-keygen as an oracle to test what algorithms ssh + ;; supports. + (cond + ((equal? algorithm "ed25519") + ;; Unfortunately, our oracle does not work for ed25519 because + ;; this is a specific curve and not a family, so the key size + ;; parameter is ignored. + (>= ssh-version 6.5)) + (else + ;; We call ssh-keygen with the algorithm to test, specify an + ;; invalid key size, and observe the error message. + (let ((output (:stderr (call-with-io `(,ssh-keygen + -t ,algorithm + -b "1009") "")))) + (log "(ssh-supports?" algorithm "), ssh algorithm oracle replied:" output) + (not (string-contains? output "unknown key type")))))) + +(define keys + '(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58") + ("rsa" "c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22") + ("ecdsa" "93:37:30:a6:4e:e7:6a:22:79:77:8e:bf:ed:14:e9:8e") + ("ed25519" "08:df:be:af:d2:f5:32:20:3a:1c:56:06:be:31:0f:bf"))) + +(for-each-p' + "Importing ssh keys..." + (lambda (key) + (let ((file (path-join (in-srcdir "tests" "openpgp" "samplekeys") + (string-append "ssh-" (car key) ".key"))) + (hash (cadr key))) + ;; We pipe the key to ssh-add so that it won't complain about + ;; file's permissions. + (pipe:do + (pipe:open file (logior O_RDONLY O_BINARY)) + (pipe:spawn `(,SSH-ADD -))) + (unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash) + (fail "key not added")))) + car (filter (lambda (x) (ssh-supports? (car x))) keys)) + +(info "Checking for issue2316...") +(unlink (path-join GNUPGHOME "sshcontrol")) +(pipe:do + (pipe:open (path-join (in-srcdir "tests" "openpgp" "samplekeys") + (string-append "ssh-rsa.key")) + (logior O_RDONLY O_BINARY)) + (pipe:spawn `(,SSH-ADD -))) +(unless + (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") + "c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22") + (fail "known private key not (re-)added to sshcontrol")) |