diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-04-20 04:44:47 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-04-20 14:47:26 +1000 |
| commit | d00d07b6744d3b4bb7aca46c734ecd670148da23 (patch) | |
| tree | fd9b5ff8541752abd12d87488a3e7ecc4742d94d | |
| parent | a98d5ba31e5e7e01317352f85fa63b846a960f8c (diff) | |
upstream: regression test for printing of private key fingerprints and
key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
ok dtucker@
OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
| -rw-r--r-- | regress/Makefile | 6 | ||||
| -rw-r--r-- | regress/keygen-comment.sh | 52 |
2 files changed, 55 insertions, 3 deletions
diff --git a/regress/Makefile b/regress/Makefile index 8f7b5aa99..62794d25f 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.107 2020/04/03 02:33:31 dtucker Exp $ | 1 | # $OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $ |
| 2 | 2 | ||
| 3 | tests: prep file-tests t-exec unit | 3 | tests: prep file-tests t-exec unit |
| 4 | 4 | ||
| @@ -91,8 +91,8 @@ LTESTS= connect \ | |||
| 91 | servcfginclude \ | 91 | servcfginclude \ |
| 92 | allow-deny-users \ | 92 | allow-deny-users \ |
| 93 | authinfo \ | 93 | authinfo \ |
| 94 | sshsig | 94 | sshsig \ |
| 95 | 95 | keygen-comment | |
| 96 | 96 | ||
| 97 | 97 | ||
| 98 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers | 98 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers |
diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh new file mode 100644 index 000000000..74a734af7 --- /dev/null +++ b/regress/keygen-comment.sh | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | # Placed in the Public Domain. | ||
| 2 | |||
| 3 | tid="Comment extraction from private key" | ||
| 4 | |||
| 5 | S1="secret1" | ||
| 6 | |||
| 7 | check_fingerprint () { | ||
| 8 | file="$1" | ||
| 9 | comment="$2" | ||
| 10 | trace "fingerprinting $file" | ||
| 11 | if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then | ||
| 12 | fail "ssh-keygen -l failed for $t-key" | ||
| 13 | fi | ||
| 14 | if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \ | ||
| 15 | $OBJ/$t-fgp >/dev/null 2>&1 ; then | ||
| 16 | fail "comment is not correctly recovered for $t-key" | ||
| 17 | fi | ||
| 18 | rm -f $OBJ/$t-fgp | ||
| 19 | } | ||
| 20 | |||
| 21 | for fmt in '' RFC4716 PKCS8 PEM; do | ||
| 22 | for t in $SSH_KEYTYPES; do | ||
| 23 | trace "generating $t key in '$fmt' format" | ||
| 24 | rm -f $OBJ/$t-key* | ||
| 25 | oldfmt="" | ||
| 26 | case "$fmt" in | ||
| 27 | PKCS8|PEM) oldfmt=1 ;; | ||
| 28 | esac | ||
| 29 | # Some key types like ssh-ed25519 and *@openssh.com are never | ||
| 30 | # stored in old formats. | ||
| 31 | case "$t" in | ||
| 32 | ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;; | ||
| 33 | esac | ||
| 34 | comment="foo bar" | ||
| 35 | fmtarg="" | ||
| 36 | test -z "$fmt" || fmtarg="-m $fmt" | ||
| 37 | ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \ | ||
| 38 | -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \ | ||
| 39 | fatal "keygen of $t in format $fmt failed" | ||
| 40 | check_fingerprint $OBJ/$t-key "${comment}" | ||
| 41 | check_fingerprint $OBJ/$t-key.pub "${comment}" | ||
| 42 | # Output fingerprint using only private file | ||
| 43 | trace "fingerprinting $t key using private key file" | ||
| 44 | rm -f $OBJ/$t-key.pub | ||
| 45 | if [ ! -z "$oldfmt" ] ; then | ||
| 46 | # Comment cannot be recovered from old format keys. | ||
| 47 | comment="no comment" | ||
| 48 | fi | ||
| 49 | check_fingerprint $OBJ/$t-key "${comment}" | ||
| 50 | rm -f $OBJ/$t-key* | ||
| 51 | done | ||
| 52 | done | ||