diff options
Diffstat (limited to 'spec/lib/gitlab/ssh_public_key_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ssh_public_key_spec.rb | 74 |
1 files changed, 73 insertions, 1 deletions
diff --git a/spec/lib/gitlab/ssh_public_key_spec.rb b/spec/lib/gitlab/ssh_public_key_spec.rb index cf5d2c3b455..422b6f925a1 100644 --- a/spec/lib/gitlab/ssh_public_key_spec.rb +++ b/spec/lib/gitlab/ssh_public_key_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::SSHPublicKey, lib: true do +RSpec.describe Gitlab::SSHPublicKey, lib: true, fips_mode: false do let(:key) { attributes_for(:rsa_key_2048)[:key] } let(:public_key) { described_class.new(key) } @@ -19,6 +19,17 @@ RSpec.describe Gitlab::SSHPublicKey, lib: true do it { expect(described_class.technology(name).name).to eq(name) } it { expect(described_class.technology(name.to_s).name).to eq(name) } end + + context 'FIPS mode', :fips_mode do + where(:name) do + [:rsa, :ecdsa, :ed25519, :ecdsa_sk, :ed25519_sk] + end + + with_them do + it { expect(described_class.technology(name).name).to eq(name) } + it { expect(described_class.technology(name.to_s).name).to eq(name) } + end + end end describe '.supported_types' do @@ -27,6 +38,14 @@ RSpec.describe Gitlab::SSHPublicKey, lib: true do [:rsa, :dsa, :ecdsa, :ed25519, :ecdsa_sk, :ed25519_sk] ) end + + context 'FIPS mode', :fips_mode do + it 'returns array with the names of supported technologies' do + expect(described_class.supported_types).to eq( + [:rsa, :dsa, :ecdsa, :ed25519, :ecdsa_sk, :ed25519_sk] + ) + end + end end describe '.supported_sizes(name)' do @@ -45,6 +64,24 @@ RSpec.describe Gitlab::SSHPublicKey, lib: true do it { expect(described_class.supported_sizes(name)).to eq(sizes) } it { expect(described_class.supported_sizes(name.to_s)).to eq(sizes) } end + + context 'FIPS mode', :fips_mode do + where(:name, :sizes) do + [ + [:rsa, [3072, 4096]], + [:dsa, []], + [:ecdsa, [256, 384, 521]], + [:ed25519, [256]], + [:ecdsa_sk, [256]], + [:ed25519_sk, [256]] + ] + end + + with_them do + it { expect(described_class.supported_sizes(name)).to eq(sizes) } + it { expect(described_class.supported_sizes(name.to_s)).to eq(sizes) } + end + end end describe '.supported_algorithms' do @@ -60,6 +97,21 @@ RSpec.describe Gitlab::SSHPublicKey, lib: true do ) ) end + + context 'FIPS mode', :fips_mode do + it 'returns all supported algorithms' do + expect(described_class.supported_algorithms).to eq( + %w( + ssh-rsa + ssh-dss + ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 + ssh-ed25519 + sk-ecdsa-sha2-nistp256@openssh.com + sk-ssh-ed25519@openssh.com + ) + ) + end + end end describe '.supported_algorithms_for_name' do @@ -80,6 +132,26 @@ RSpec.describe Gitlab::SSHPublicKey, lib: true do expect(described_class.supported_algorithms_for_name(name.to_s)).to eq(algorithms) end end + + context 'FIPS mode', :fips_mode do + where(:name, :algorithms) do + [ + [:rsa, %w(ssh-rsa)], + [:dsa, %w(ssh-dss)], + [:ecdsa, %w(ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521)], + [:ed25519, %w(ssh-ed25519)], + [:ecdsa_sk, %w(sk-ecdsa-sha2-nistp256@openssh.com)], + [:ed25519_sk, %w(sk-ssh-ed25519@openssh.com)] + ] + end + + with_them do + it "returns all supported algorithms for #{params[:name]}" do + expect(described_class.supported_algorithms_for_name(name)).to eq(algorithms) + expect(described_class.supported_algorithms_for_name(name.to_s)).to eq(algorithms) + end + end + end end describe '.sanitize(key_content)' do |