-
Notifications
You must be signed in to change notification settings - Fork 268
/
Copy pathsshutil_test.go
119 lines (92 loc) · 3.04 KB
/
sshutil_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package sshutil
import (
"bytes"
"crypto/ecdsa"
"crypto/elliptic"
"testing"
"github.com/stretchr/testify/require"
"golang.org/x/crypto/ssh"
"go.step.sm/crypto/keyutil"
)
func Test_parseECDSA(t *testing.T) {
t.Run("p256", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-256", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp256", pub.Type())
got, err := parseECDSA(pub.Marshal())
require.NoError(t, err)
require.Equal(t, elliptic.P256(), got.Curve)
require.True(t, got.Equal(ek.Public()))
})
t.Run("p384", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-384", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp384", pub.Type())
got, err := parseECDSA(pub.Marshal())
require.NoError(t, err)
require.Equal(t, elliptic.P384(), got.Curve)
require.True(t, got.Equal(ek.Public()))
})
t.Run("p521", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-521", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp521", pub.Type())
got, err := parseECDSA(pub.Marshal())
require.NoError(t, err)
require.Equal(t, elliptic.P521(), got.Curve)
require.True(t, got.Equal(ek.Public()))
})
t.Run("unmarshal-error", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-256", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp256", pub.Type())
b := pub.Marshal()
b = b[:len(b)-10] // shorter than expected key
got, err := parseECDSA(b)
require.Error(t, err)
require.EqualError(t, err, "error unmarshaling public key: ssh: short read")
require.Nil(t, got)
})
t.Run("invalid-curve", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-256", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp256", pub.Type())
b := pub.Marshal()
b = bytes.ReplaceAll(b, []byte("nistp256"), []byte("nistp255")) // set unknown curve
got, err := parseECDSA(b)
require.Error(t, err)
require.EqualError(t, err, "unsupported curve nistp255")
require.Nil(t, got)
})
t.Run("invalid-key", func(t *testing.T) {
k, err := keyutil.GenerateKey("EC", "P-256", 0)
require.NoError(t, err)
ek := k.(*ecdsa.PrivateKey)
pub, err := ssh.NewPublicKey(ek.Public())
require.NoError(t, err)
require.Equal(t, "ecdsa-sha2-nistp256", pub.Type())
b := pub.Marshal()
start, end := len(b)-65, len(b)
zeroes := make([]byte, end-start)
copy(b[start:end], zeroes) // zeroize the key
got, err := parseECDSA(b)
require.Error(t, err)
require.EqualError(t, err, "failed to create key: crypto/ecdh: invalid public key")
require.Nil(t, got)
})
}