summaryrefslogtreecommitdiff
path: root/tests/test_pkey.py
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2021-11-27 22:13:23 -0500
committerJeff Forcier <jeff@bitprophet.org>2021-11-28 20:24:17 -0500
commitaca7613171937334c47377faf0cf2e4a9126c0d4 (patch)
tree37d8fa745f98ffeb3efba2ae8c36a6f7046c3b5d /tests/test_pkey.py
parentf4b5ce36e75a2aca2b11ef54b0ce04e1188f667c (diff)
downloadparamiko-aca7613171937334c47377faf0cf2e4a9126c0d4.tar.gz
Pre-patch test proving security flaw re: 32bit key hash comparisons
Diffstat (limited to 'tests/test_pkey.py')
-rw-r--r--tests/test_pkey.py18
1 files changed, 17 insertions, 1 deletions
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 18c27bbe..caa6d7b3 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -31,8 +31,9 @@ from paramiko.py3compat import StringIO, byte_chr, b, bytes, PY2
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateNumbers
from mock import patch
+import pytest
-from .util import _support
+from .util import _support, is_low_entropy
# from openssh's ssh-keygen
@@ -551,6 +552,21 @@ class KeyTest(unittest.TestCase):
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
+ # No point testing on systems that never exhibited the bug originally
+ @pytest.mark.skipif(
+ not is_low_entropy(), reason="Not a low-entropy system"
+ )
+ def test_ed25519_32bit_collision(self):
+ # Re: 2021.10.19 security report email: two different private keys
+ # which Paramiko compared as equal on low-entropy platforms.
+ original = Ed25519Key.from_private_key_file(
+ _support("badhash_key1.ed25519.key")
+ )
+ generated = Ed25519Key.from_private_key_file(
+ _support("badhash_key2.ed25519.key")
+ )
+ assert original != generated
+
def test_ed25519_nonbytes_password(self):
# https://github.com/paramiko/paramiko/issues/1039
Ed25519Key.from_private_key_file(