Bugzilla – Attachment 3425 Details for
Bug 3190
Inconsistent handling of private keys without accompanying public keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
regression test + getting public key from PEM
sshkey.patch (text/plain), 6.84 KB, created by
Jakub Jelen
on 2020-07-03 17:48:48 AEST
(
hide
)
Description:
regression test + getting public key from PEM
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2020-07-03 17:48:48 AEST
Size:
6.84 KB
patch
obsolete
>From 8fe14f06b9b4c7d53dc963a9b18809ddf807b62b Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jjelen@redhat.com> >Date: Fri, 3 Jul 2020 09:44:12 +0200 >Subject: [PATCH 1/2] sshkey: Allow reading public key from unencrypted private > PEM > >--- > sshkey.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > >diff --git a/sshkey.c b/sshkey.c >index 10b9e467..a0cd727e 100644 >--- a/sshkey.c >+++ b/sshkey.c >@@ -4685,10 +4685,15 @@ sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob, int type, > > if (pubkeyp != NULL) > *pubkeyp = NULL; >- /* only new-format private keys bundle a public key inside */ >- if ((r = sshkey_parse_private2_pubkey(blob, type, pubkeyp)) != 0) >- return r; >- return 0; >+ /* new-format private keys bundle a public key inside */ >+ if ((r = sshkey_parse_private2_pubkey(blob, type, pubkeyp)) == 0) >+ return 0; >+#ifdef WITH_OPENSSL >+ /* We can derive public key from unencrypted PEM files too */ >+ if ((r = sshkey_parse_private_pem_fileblob(blob, type, "", pubkeyp)) == 0) >+ return 0; >+#endif /* WITH_OPENSSL */ >+ return r; > } > > #ifdef WITH_XMSS >-- >2.25.4 > > >From 565fe480719283ec745b81cae2f0fe241da87ae9 Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jjelen@redhat.com> >Date: Fri, 3 Jul 2020 09:44:49 +0200 >Subject: [PATCH 2/2] regress: Verify we can get public key from private ones > where possible > >--- > regress/unittests/sshkey/test_file.c | 96 ++++++++++++++++++++++++++++ > 1 file changed, 96 insertions(+) > >diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c >index 7d767336..b92c7687 100644 >--- a/regress/unittests/sshkey/test_file.c >+++ b/regress/unittests/sshkey/test_file.c >@@ -73,6 +73,16 @@ sshkey_file_tests(void) > BN_free(c); > TEST_DONE(); > >+ TEST_START("parse RSA public from private"); >+ buf = load_file("rsa_1"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("parse RSA from private w/ passphrase"); > buf = load_file("rsa_1_pw"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, >@@ -83,6 +93,14 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse RSA public from private w/ passphrase should fail"); >+ buf = load_file("rsa_1_pw"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), SSH_ERR_KEY_WRONG_PASSPHRASE); >+ sshbuf_free(buf); >+ ASSERT_PTR_EQ(k2, NULL); >+ TEST_DONE(); >+ > TEST_START("parse RSA from new-format"); > buf = load_file("rsa_n"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); >@@ -92,6 +110,16 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse RSA public from private new-format"); >+ buf = load_file("rsa_n"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("parse RSA from new-format w/ passphrase"); > buf = load_file("rsa_n_pw"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, >@@ -102,6 +130,16 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse RSA public from private new-format w/ passphrase"); >+ buf = load_file("rsa_n_pw"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("load RSA from public"); > ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, > NULL), 0); >@@ -280,6 +318,16 @@ sshkey_file_tests(void) > BN_free(c); > TEST_DONE(); > >+ TEST_START("parse ECDSA public from private"); >+ buf = load_file("ecdsa_1"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("parse ECDSA from private w/ passphrase"); > buf = load_file("ecdsa_1_pw"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, >@@ -290,6 +338,14 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse ECDSA public from private w/ passphrase should fail"); >+ buf = load_file("ecdsa_1_pw"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), SSH_ERR_KEY_WRONG_PASSPHRASE); >+ sshbuf_free(buf); >+ ASSERT_PTR_EQ(k2, NULL); >+ TEST_DONE(); >+ > TEST_START("parse ECDSA from new-format"); > buf = load_file("ecdsa_n"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); >@@ -299,6 +355,16 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse ECDSA public from private new-format"); >+ buf = load_file("ecdsa_n"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("parse ECDSA from new-format w/ passphrase"); > buf = load_file("ecdsa_n_pw"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, >@@ -309,6 +375,16 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse ECDSA public from private new-format w/ passphrase"); >+ buf = load_file("ecdsa_n_pw"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("load ECDSA from public"); > ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, > NULL), 0); >@@ -366,6 +442,16 @@ sshkey_file_tests(void) > /* XXX check key contents */ > TEST_DONE(); > >+ TEST_START("parse Ed25519 pubkey from private"); >+ buf = load_file("ed25519_1"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(k2->type, KEY_ED25519); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ TEST_DONE(); >+ > TEST_START("parse Ed25519 from private w/ passphrase"); > buf = load_file("ed25519_1_pw"); > ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, >@@ -376,6 +462,16 @@ sshkey_file_tests(void) > sshkey_free(k2); > TEST_DONE(); > >+ TEST_START("parse Ed25519 pubkey from private w/ passphrase"); >+ buf = load_file("ed25519_1_pw"); >+ ASSERT_INT_EQ(sshkey_parse_pubkey_from_private_fileblob_type(buf, >+ KEY_UNSPEC, &k2), 0); >+ sshbuf_free(buf); >+ ASSERT_PTR_NE(k2, NULL); >+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); >+ sshkey_free(k2); >+ TEST_DONE(); >+ > TEST_START("load Ed25519 from public"); > ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, > NULL), 0); >-- >2.25.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3425">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3190
:
3424
| 3425 |
3428