dropbear: test/test_dropbearconvert.py annotate

annotate test/test_dropbearconvert.py @ 1909:43ebe0028187

Add tests for dropbearconvert

author	Matt Johnston <matt@ucc.asn.au>
date	Tue, 29 Mar 2022 22:29:17 +0800
parents
children	ced53051e200

rev	line source
1909 43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 import subprocess
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 import tempfile
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 import pytest
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 keytypes = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 "rsa", "rsa-4096",
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 "ed25519",
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 "ecdsa", "ecdsa-256", "ecdsa-384", "ecdsa-521",
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 "dss",
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 def parse_keytype(kt):
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 if '-' in kt:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 return kt.split('-')
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 else:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 return (kt, None)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 @pytest.mark.parametrize("keytype", keytypes)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 @pytest.mark.parametrize("keyformat", [None, "PEM"])
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 def test_from_openssh(request, tmp_path, keytype, keyformat):
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 """
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 Convert OpenSSH to Dropbear format,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 PEM and OpenSSH internal
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 """
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 opt = request.config.option
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 kt, keybits = parse_keytype(keytype)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 if kt == 'dss' and keyformat is None:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 pytest.xfail("dss doesn't support openssh format")
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 if kt == 'ecdsa' and keyformat is None:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 pytest.skip("ecdsa doesn't support openssh format yet")
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 os_kt = kt
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 if os_kt == 'dss':
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 # OpenSSH calls it 'dsa', Dropbear calls it 'dss'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 os_kt = 'dsa'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40 os_key = tmp_path / 'oskey1'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	41 db_key = tmp_path / 'dbkey1'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 # Generate an OpenSSH key
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 opt.ssh_keygen,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 '-f', os_key,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 '-t', os_kt,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 '-N', '', # no password
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 if keybits is not None:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 args += ['-b', keybits]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 if keyformat:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 args += ['-m', keyformat]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 p = subprocess.run(args, check=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 # Convert to dropbear format
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 opt.dropbearconvert,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 'openssh', 'dropbear',
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 os_key, db_key,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 p = subprocess.run(args, check=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 # Compare pubkeys
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 opt.dropbearkey,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 '-f', db_key,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 '-y'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 p = subprocess.run(args, check=True, stdout=subprocess.PIPE, text=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 db_pubkey = p.stdout.splitlines()[1].strip()
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 os_pubkey = os_key.with_suffix('.pub').open().read().strip()
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 # we compare the whole key including comment since it currently matches
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 assert db_pubkey == os_pubkey
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 @pytest.mark.parametrize("keytype", keytypes)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77 def test_roundtrip(request, tmp_path, keytype):
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 """
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 Dropbear's private key format is deterministic so
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 we can compare round trip conversion. (OpenSSH's
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81 format has more variable comments and other fields).
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82 """
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83 opt = request.config.option
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 kt, keybits = parse_keytype(keytype)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 os_key = tmp_path / 'oskey1'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87 db_key1 = tmp_path / 'dbkey1'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88 db_key2 = tmp_path / 'dbkey2'
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 # generate a key
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 opt.dropbearkey,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 '-t', kt,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94 '-f', db_key1,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	96 if keybits is not None:
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97 args += ['-s', keybits]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98 p = subprocess.run(args, check=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	99
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100 # convert to openssh
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 opt.dropbearconvert,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 'dropbear', 'openssh',
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104 db_key1, os_key,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 p = subprocess.run(args, check=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 # Check ssh-keygen can read it
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	109 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110 opt.ssh_keygen,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111 '-f', os_key,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112 '-y',
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	113 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114 p = subprocess.run(args, check=True, text=True, stdout=subprocess.PIPE)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 os_pubkey = p.stdout.strip()
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	117 # Compare public keys
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 opt.dropbearkey,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 '-f', db_key1,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121 '-y',
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 p = subprocess.run(args, check=True, text=True, stdout=subprocess.PIPE)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124 db_pubkey = p.stdout.splitlines()[1].strip()
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 # comment may differ
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126 db_pubkey = db_pubkey.split(' ')[:2]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127 os_pubkey = os_pubkey.split(' ')[:2]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128 assert db_pubkey == os_pubkey
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130 # convert back to dropbear
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	131 args = [
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	132 opt.dropbearconvert,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 'openssh', 'dropbear',
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134 os_key, db_key2,
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 ]
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 p = subprocess.run(args, check=True)
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 # check the round trip is identical
43ebe0028187 Add tests for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 assert db_key1.open('rb').read() == db_key2.open('rb').read()

Mercurial > dropbear

annotate test/test_dropbearconvert.py @ 1909:43ebe0028187