1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-30 19:58:44 +01:00
gnupg/tests/openpgp/ssh-import.scm

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

102 lines
3.6 KiB
Scheme
Raw Normal View History

#!/usr/bin/env gpgscm
;; Copyright (C) 2016 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (in-srcdir "tests" "openpgp" "defs.scm"))
tests: Move environment creation and teardown into each test. * tests/gpgscm/tests.scm (log): New function. * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the startup and teardown scripts. (run-tests-sequential): Likewise. * tests/openpgp/setup.scm: Move all functions... * tests/openpgp/defs.scm: ... here and make them less verbose. (setup-environment): New function. (setup-legacy-environment): Likewise. (start-agent): Make less verbose, run 'stop-agent' at interpreter exit. (stop-agent): Make less verbose. * tests/openpgp/finish.scm: Drop file. * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file. * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or 'setup-legacy-environment' as appropriate. * tests/openpgp/armdetach.scm: Likewise. * tests/openpgp/armdetachm.scm: Likewise. * tests/openpgp/armencrypt.scm: Likewise. * tests/openpgp/armencryptp.scm: Likewise. * tests/openpgp/armor.scm: Likewise. * tests/openpgp/armsignencrypt.scm: Likewise. * tests/openpgp/armsigs.scm: Likewise. * tests/openpgp/clearsig.scm: Likewise. * tests/openpgp/conventional-mdc.scm: Likewise. * tests/openpgp/conventional.scm: Likewise. * tests/openpgp/decrypt-dsa.scm: Likewise. * tests/openpgp/decrypt.scm: Likewise. * tests/openpgp/default-key.scm: Likewise. * tests/openpgp/detach.scm: Likewise. * tests/openpgp/detachm.scm: Likewise. * tests/openpgp/ecc.scm: Likewise. * tests/openpgp/encrypt-dsa.scm: Likewise. * tests/openpgp/encrypt.scm: Likewise. * tests/openpgp/encryptp.scm: Likewise. * tests/openpgp/export.scm: Likewise. * tests/openpgp/finish.scm: Likewise. * tests/openpgp/genkey1024.scm: Likewise. * tests/openpgp/gpgtar.scm: Likewise. * tests/openpgp/gpgv-forged-keyring.scm: Likewise. * tests/openpgp/import.scm: Likewise. * tests/openpgp/issue2015.scm: Likewise. * tests/openpgp/issue2417.scm: Likewise. * tests/openpgp/issue2419.scm: Likewise. * tests/openpgp/key-selection.scm: Likewise. * tests/openpgp/mds.scm: Likewise. * tests/openpgp/multisig.scm: Likewise. * tests/openpgp/quick-key-manipulation.scm: Likewise. * tests/openpgp/seat.scm: Likewise. * tests/openpgp/shell.scm: Likewise. * tests/openpgp/signencrypt-dsa.scm: Likewise. * tests/openpgp/signencrypt.scm: Likewise. * tests/openpgp/sigs-dsa.scm: Likewise. * tests/openpgp/sigs.scm: Likewise. * tests/openpgp/ssh.scm: Likewise. * tests/openpgp/tofu.scm: Likewise. * tests/openpgp/use-exact-key.scm: Likewise. * tests/openpgp/verify.scm: Likewise. * tests/openpgp/version.scm: Likewise. * tests/openpgp/issue2346.scm: Likewise and simplify. -- The previous Bourne Shell-based test suite created the environment before running all tests, and tore it down after executing them. When we created the Scheme-based test suite, we kept this design at first, but introduced a way to run each test in its own environment to prevent tests from interfering with each other. Nevertheless, every test started out with the same environment. Move the creation of the test environment into each test. This gives us finer control over the environment each test is run in. It also makes it possible to run each test by simply executing it using gpgscm without the use of the runner. Furthermore, it has the neat side-effect of speeding up the test suite if run in parallel. Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-07 16:21:21 +01:00
(setup-environment)
(setenv "SSH_AUTH_SOCK"
(call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket))
#t)
(define path (string-split (getenv "PATH") *pathsep*))
(define ssh #f)
(catch (skip "ssh not found") (set! ssh (path-expand "ssh" path)))
(define ssh-add #f)
(catch (skip "ssh-add not found")
(set! ssh-add (path-expand "ssh-add" path)))
(define ssh-keygen #f)
(catch (skip "ssh-keygen not found")
(set! ssh-keygen (path-expand "ssh-keygen" path)))
(define ssh-version-string
(:stderr (call-with-io `(,ssh "-V") "")))
(log "Using" ssh "version:" ssh-version-string)
(define ssh-version
(let ((tmp ssh-version-string)
(prefix "OpenSSH_"))
(unless (string-prefix? tmp prefix)
(skip "This doesn't look like OpenSSH:" tmp))
(string->number (substring tmp (string-length prefix)
(+ 3 (string-length prefix))))))
(define (ssh-supports? algorithm)
;; We exploit ssh-keygen as an oracle to test what algorithms ssh
;; supports.
(cond
((equal? algorithm "ed25519")
;; Unfortunately, our oracle does not work for ed25519 because
;; this is a specific curve and not a family, so the key size
;; parameter is ignored.
(>= ssh-version 6.5))
(else
;; We call ssh-keygen with the algorithm to test, specify an
;; invalid key size, and observe the error message.
(let ((output (:stderr (call-with-io `(,ssh-keygen
-t ,algorithm
-b "1009") ""))))
(log "(ssh-supports?" algorithm "), ssh algorithm oracle replied:" output)
(not (string-contains? output "unknown key type"))))))
(define keys
'(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")
("rsa" "c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
("ecdsa" "93:37:30:a6:4e:e7:6a:22:79:77:8e:bf:ed:14:e9:8e")
("ed25519" "08:df:be:af:d2:f5:32:20:3a:1c:56:06:be:31:0f:bf")))
(for-each-p'
"Importing ssh keys..."
(lambda (key)
(let ((file (path-join (in-srcdir "tests" "openpgp" "samplekeys")
(string-append "ssh-" (car key) ".key")))
(hash (cadr key)))
;; We pipe the key to ssh-add so that it won't complain about
;; file's permissions.
(pipe:do
(pipe:open file (logior O_RDONLY O_BINARY))
(pipe:spawn `(,SSH-ADD -)))
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(fail "key not added"))))
car (filter (lambda (x) (ssh-supports? (car x))) keys))
(info "Checking for issue2316...")
(unlink (path-join GNUPGHOME "sshcontrol"))
(pipe:do
(pipe:open (path-join (in-srcdir "tests" "openpgp" "samplekeys")
(string-append "ssh-rsa.key"))
(logior O_RDONLY O_BINARY))
(pipe:spawn `(,SSH-ADD -)))
(unless
(string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
"c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
(fail "known private key not (re-)added to sshcontrol"))