diff options
author | Miklós Fazekas <mfazekas@szemafor.com> | 2023-01-24 04:28:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-24 04:28:14 +0100 |
commit | c8b740b0cd37b4df0987107f5eaafce4f2db4f03 (patch) | |
tree | 984254c50f71834c1d01c0fc540b246e7bef0f2f | |
parent | 4922d2bc3a52f1ad3db02336602fd3733cb804b2 (diff) | |
parent | 6792bebca7c4a92f7145811fc0cd3ba8551cb8a4 (diff) | |
download | net-ssh-c8b740b0cd37b4df0987107f5eaafce4f2db4f03.tar.gz |
Merge pull request #876 from bschmeck/raise-on-nil-pbkdf
Raise error when BCryptPbkdf fails
-rw-r--r-- | lib/net/ssh/authentication/ed25519.rb | 1 | ||||
-rw-r--r-- | test/authentication/test_ed25519.rb | 26 |
2 files changed, 27 insertions, 0 deletions
diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb index dccc64f..892000a 100644 --- a/lib/net/ssh/authentication/ed25519.rb +++ b/lib/net/ssh/authentication/ed25519.rb @@ -77,6 +77,7 @@ module Net raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java" key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds) + raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key else key = '\x00' * (keylen + ivlen) end diff --git a/test/authentication/test_ed25519.rb b/test/authentication/test_ed25519.rb index d0d0e9e..e4f347a 100644 --- a/test/authentication/test_ed25519.rb +++ b/test/authentication/test_ed25519.rb @@ -92,6 +92,18 @@ unless ENV['NET_SSH_NO_ED25519'] self.assert_equal(pub_key.fingerprint('sha256'), key_fingerprint_sha256_pwd) end + def test_pwd_key_blank + self.assert_raises(Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError) do + Net::SSH::Authentication::ED25519::PrivKey.read(private_key_no_rounds, '') + end + end + + def test_priv_key_no_rounds_should_raise + self.assert_raises(Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError) do + Net::SSH::Authentication::ED25519::PrivKey.read(private_key_no_rounds, 'pwd') + end + end + def private_key_pwd @pwd_key = <<~EOF -----BEGIN OPENSSH PRIVATE KEY----- @@ -105,6 +117,20 @@ unless ENV['NET_SSH_NO_ED25519'] EOF end + def private_key_no_rounds + @private_key_no_rounds = <<~EOF + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAA + ABBxwCvr3V/8pWhC/xvTnGJhAAAAAAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5 + AAAAICaHkFaGXqYhUVFcaZ10TPUbkIvmaFXwYRoOS5qE8MciAAAAsNUAhbNQ + KwNcOr0eNq3nhtjoyeVyH8hRrpWsiY46vPiECi6R6OdYGSd7W3fdzUDeyOYC + Y9ZVIjAzENG+9FsygYzMi6XCuw00OuDFLUp4fL4Ki/coUIVqouB4TPQAmsCV + XiIRVTWQtRG0kWfFaV3qRt/bc22ZCvCT6ZZ1UmtulqqfUhSlKMoPcTikV1iW + H5Xc+GxRFRRGTN/6HvBf0AKDB1kMXlDhGnBnHGeNH1pk44xG + -----END OPENSSH PRIVATE KEY----- + EOF + end + def public_key_pwd 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaHkFaGXqYhUVFcaZ10TPUbkIvmaFXwYRoOS5qE8Mci vagrant@vagrant-ubuntu-trusty-64' end |