diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2021-11-27 22:13:23 -0500 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2021-11-28 20:24:17 -0500 |
| commit | aca7613171937334c47377faf0cf2e4a9126c0d4 (patch) | |
| tree | 37d8fa745f98ffeb3efba2ae8c36a6f7046c3b5d /tests/test_pkey.py | |
| parent | f4b5ce36e75a2aca2b11ef54b0ce04e1188f667c (diff) | |
| download | paramiko-aca7613171937334c47377faf0cf2e4a9126c0d4.tar.gz | |
Pre-patch test proving security flaw re: 32bit key hash comparisons
Diffstat (limited to 'tests/test_pkey.py')
| -rw-r--r-- | tests/test_pkey.py | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 18c27bbe..caa6d7b3 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -31,8 +31,9 @@ from paramiko.py3compat import StringIO, byte_chr, b, bytes, PY2 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateNumbers from mock import patch +import pytest -from .util import _support +from .util import _support, is_low_entropy # from openssh's ssh-keygen @@ -551,6 +552,21 @@ class KeyTest(unittest.TestCase): self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub) + # No point testing on systems that never exhibited the bug originally + @pytest.mark.skipif( + not is_low_entropy(), reason="Not a low-entropy system" + ) + def test_ed25519_32bit_collision(self): + # Re: 2021.10.19 security report email: two different private keys + # which Paramiko compared as equal on low-entropy platforms. + original = Ed25519Key.from_private_key_file( + _support("badhash_key1.ed25519.key") + ) + generated = Ed25519Key.from_private_key_file( + _support("badhash_key2.ed25519.key") + ) + assert original != generated + def test_ed25519_nonbytes_password(self): # https://github.com/paramiko/paramiko/issues/1039 Ed25519Key.from_private_key_file( |