diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2023-07-08 15:39:11 +0200 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-09-20 18:10:30 +0000 |
| commit | 28c53ff63c09fc7df7793600caa30989bc69e194 (patch) | |
| tree | 324779d684486b7ec20c87a01acaf41e3a650c11 /ssh/keys_test.go | |
| parent | 3f0842a46434ea6f56bf6e684c2b83d90e9cff07 (diff) | |
| download | go-x-crypto-28c53ff63c09fc7df7793600caa30989bc69e194.tar.xz | |
ssh: add MultiAlgorithmSigner
MultiAlgorithmSigner allows to restrict client-side, server-side and
certificate signing algorithms.
Fixes golang/go#52132
Fixes golang/go#36261
Change-Id: I295092f1bba647327aaaf294f110e9157d294159
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508398
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Diffstat (limited to 'ssh/keys_test.go')
| -rw-r--r-- | ssh/keys_test.go | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/ssh/keys_test.go b/ssh/keys_test.go index a8e216e..365d93d 100644 --- a/ssh/keys_test.go +++ b/ssh/keys_test.go @@ -111,9 +111,9 @@ func TestKeySignVerify(t *testing.T) { } func TestKeySignWithAlgorithmVerify(t *testing.T) { - for _, priv := range testSigners { - if algorithmSigner, ok := priv.(AlgorithmSigner); !ok { - t.Errorf("Signers constructed by ssh package should always implement the AlgorithmSigner interface: %T", priv) + for k, priv := range testSigners { + if algorithmSigner, ok := priv.(MultiAlgorithmSigner); !ok { + t.Errorf("Signers %q constructed by ssh package should always implement the MultiAlgorithmSigner interface: %T", k, priv) } else { pub := priv.PublicKey() data := []byte("sign me") @@ -684,3 +684,34 @@ func TestSKKeys(t *testing.T) { } } } + +func TestNewSignerWithAlgos(t *testing.T) { + algorithSigner, ok := testSigners["rsa"].(AlgorithmSigner) + if !ok { + t.Fatal("rsa test signer does not implement the AlgorithmSigner interface") + } + _, err := NewSignerWithAlgorithms(algorithSigner, nil) + if err == nil { + t.Error("signer with algos created with no algorithms") + } + + _, err = NewSignerWithAlgorithms(algorithSigner, []string{KeyAlgoED25519}) + if err == nil { + t.Error("signer with algos created with invalid algorithms") + } + + _, err = NewSignerWithAlgorithms(algorithSigner, []string{CertAlgoRSASHA256v01}) + if err == nil { + t.Error("signer with algos created with certificate algorithms") + } + + mas, err := NewSignerWithAlgorithms(algorithSigner, []string{KeyAlgoRSASHA256, KeyAlgoRSASHA512}) + if err != nil { + t.Errorf("unable to create signer with valid algorithms: %v", err) + } + + _, err = NewSignerWithAlgorithms(mas, []string{KeyAlgoRSA}) + if err == nil { + t.Error("signer with algos created with restricted algorithms") + } +} |