diff options
| author | commonism <commonism@users.noreply.github.com> | 2024-03-22 04:24:22 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-22 03:24:22 +0000 |
| commit | 51a6dd28ccbb7587fff9e951299b17aac39ee5cc (patch) | |
| tree | fe6f80a8798c7d251876213ff20516852ff6180b /tests | |
| parent | 089039d0f6bb34d6a8b4dcdb04265547abc74c1d (diff) | |
| download | pyca-cryptography-51a6dd28ccbb7587fff9e951299b17aac39ee5cc.zip pyca-cryptography-51a6dd28ccbb7587fff9e951299b17aac39ee5cc.tar.gz pyca-cryptography-51a6dd28ccbb7587fff9e951299b17aac39ee5cc.tar.bz2 | |
Adding support for OpenSSH ecdsa-sk & ed25519-sk public keys (#10608)
* Adding support for OpenSSH ecdsa-sk & ed25519-sk public keys
fixes #10604
* Revert changing the keygen
* Add application string to sk key generation
* Typing - fix load_application return value annotation
* fix sk keys skipping loading in the tests
* fix ruff E509
* Fix ruff …
* comment wording
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* requested changes
* no subclassing
* fix SyntaxError: annotated name '_KEY_FORMATS' can't be global
in python 3.7
c.f. https://github.com/python/cpython/issues/79120
* typo
* Update src/cryptography/hazmat/primitives/serialization/ssh.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Update src/cryptography/hazmat/primitives/serialization/ssh.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hazmat/primitives/test_ssh.py | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/tests/hazmat/primitives/test_ssh.py b/tests/hazmat/primitives/test_ssh.py index cda2aad..82f3983 100644 --- a/tests/hazmat/primitives/test_ssh.py +++ b/tests/hazmat/primitives/test_ssh.py @@ -55,6 +55,10 @@ class TestOpenSSHSerialization: ("ecdsa-nopsw.key.pub", "ecdsa-nopsw.key-cert.pub"), ("ed25519-psw.key.pub", None), ("ed25519-nopsw.key.pub", "ed25519-nopsw.key-cert.pub"), + ("sk-ecdsa-psw.key.pub", None), + ("sk-ecdsa-nopsw.key.pub", None), + ("sk-ed25519-psw.key.pub", None), + ("sk-ed25519-nopsw.key.pub", None), ], ) def test_load_ssh_public_key(self, key_file, cert_file, backend): @@ -80,10 +84,14 @@ class TestOpenSSHSerialization: ) else: public_key = load_ssh_public_key(pub_data, backend) - assert ( - public_key.public_bytes(Encoding.OpenSSH, PublicFormat.OpenSSH) - == nocomment_data - ) + if not key_file.startswith("sk-"): + # SK keys do not round-trip + assert ( + public_key.public_bytes( + Encoding.OpenSSH, PublicFormat.OpenSSH + ) + == nocomment_data + ) self.run_partial_pubkey(pub_data, backend) @@ -1800,3 +1808,20 @@ class TestSSHCertificateBuilder: b"t8yRa8IRbxvOyA9TZYDGG1dRE3DiR0fuudU20v6vqfTd1gx0S5QyEdECXLl9ZI3" b"AwZgc=" ) + + +class TestSSHSK: + @staticmethod + def ssh_str(application): + data = ( + len(application).to_bytes(length=4, byteorder="big") + + application.encode() + ) + return memoryview(data) + + def test_load_application(self): + ssh.load_application(self.ssh_str("ssh:test")) + + def test_load_application_valueerror(self): + with pytest.raises(ValueError): + ssh.load_application(self.ssh_str("hss:test")) |