- markus@cvs.openbsd.org 2010/02/08 10:52:47

[regress/agent-pkcs11.sh] test for PKCS#11 support (currently disabled)
author: Damien Miller <djm@mindrot.org> 2010-02-24 17:31:20 +1100
committer: Damien Miller <djm@mindrot.org> 2010-02-24 17:31:20 +1100
commit: cfa42d2fd2077cce168b81c77f63776bd87a68b3 (patch)
tree: 5646770daad9129ae4e204e8da26467310009bd8 /regress/agent-pkcs11.sh
parent: c1739211a6ce790e72262db90ba4b1d0ce79d1f4 (diff)
1 files changed, 69 insertions, 0 deletions
diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh
new file mode 100644
index 000000000..db33ab37e
--- /dev/null
+++ b/regress/agent-pkcs11.sh
@@ -0,0 +1,69 @@
+#       $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
+#       Placed in the Public Domain.
+tid="pkcs11 agent test"
+TEST_SSH_PIN=""
+TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
+# setup environment for soft-pkcs11 token
+SOFTPKCS11RC=$OBJ/pkcs11.info
+export SOFTPKCS11RC
+# prevent ssh-agent from calling ssh-askpass
+SSH_ASKPASS=/usr/bin/true
+export SSH_ASKPASS
+unset DISPLAY
+# start command w/o tty, so ssh-add accepts pin from stdin
+notty() {
+        perl -e 'use POSIX; POSIX::setsid(); 
+            if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
+}
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+        fail "could not start ssh-agent: exit code $r"
+else
+        trace "generating key/cert"
+        rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
+        openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
+        chmod 600 $OBJ/pkcs11.key 
+        openssl req -key $OBJ/pkcs11.key -new -x509 \
+            -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
+        printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
+        # add to authorized keys
+        ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
+        trace "add pkcs11 key to agent"
+        echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
+        r=$?
+        if [ $r -ne 0 ]; then
+                fail "ssh-add -s failed: exit code $r"
+        fi
+        trace "pkcs11 list via agent"
+        ${SSHADD} -l > /dev/null 2>&1
+        r=$?
+        if [ $r -ne 0 ]; then
+                fail "ssh-add -l failed: exit code $r"
+        fi
+        trace "pkcs11 connect via agent"
+        ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
+        r=$?
+        if [ $r -ne 5 ]; then
+                fail "ssh connect failed (exit code $r)"
+        fi
+        trace "remove pkcs11 keys"
+        echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
+        r=$?
+        if [ $r -ne 0 ]; then
+                fail "ssh-add -e failed: exit code $r"
+        fi
+        trace "kill agent"
+        ${SSHAGENT} -k > /dev/null
+fi
author	Damien Miller <djm@mindrot.org>	2010-02-24 17:31:20 +1100
committer	Damien Miller <djm@mindrot.org>	2010-02-24 17:31:20 +1100
commit	cfa42d2fd2077cce168b81c77f63776bd87a68b3 (patch)
tree	5646770daad9129ae4e204e8da26467310009bd8 /regress/agent-pkcs11.sh
parent	c1739211a6ce790e72262db90ba4b1d0ce79d1f4 (diff)

diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh new file mode 100644 index 000000000..db33ab37e --- /dev/null +++ b/regress/agent-pkcs11.sh
@@ -0,0 +1,69 @@
	1	# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
	2	# Placed in the Public Domain.
	3
	4	tid="pkcs11 agent test"
	5
	6	TEST_SSH_PIN=""
	7	TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
	8
	9	# setup environment for soft-pkcs11 token
	10	SOFTPKCS11RC=$OBJ/pkcs11.info
	11	export SOFTPKCS11RC
	12	# prevent ssh-agent from calling ssh-askpass
	13	SSH_ASKPASS=/usr/bin/true
	14	export SSH_ASKPASS
	15	unset DISPLAY
	16
	17	# start command w/o tty, so ssh-add accepts pin from stdin
	18	notty() {
	19	perl -e 'use POSIX; POSIX::setsid();
	20	if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
	21	}
	22
	23	trace "start agent"
	24	eval `${SSHAGENT} -s` > /dev/null
	25	r=$?
	26	if [ $r -ne 0 ]; then
	27	fail "could not start ssh-agent: exit code $r"
	28	else
	29	trace "generating key/cert"
	30	rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
	31	openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
	32	chmod 600 $OBJ/pkcs11.key
	33	openssl req -key $OBJ/pkcs11.key -new -x509 \
	34	-out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
	35	printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
	36	# add to authorized keys
	37	${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
	38
	39	trace "add pkcs11 key to agent"
	40	echo ${TEST_SSH_PIN} \| notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
	41	r=$?
	42	if [ $r -ne 0 ]; then
	43	fail "ssh-add -s failed: exit code $r"
	44	fi
	45
	46	trace "pkcs11 list via agent"
	47	${SSHADD} -l > /dev/null 2>&1
	48	r=$?
	49	if [ $r -ne 0 ]; then
	50	fail "ssh-add -l failed: exit code $r"
	51	fi
	52
	53	trace "pkcs11 connect via agent"
	54	${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
	55	r=$?
	56	if [ $r -ne 5 ]; then
	57	fail "ssh connect failed (exit code $r)"
	58	fi
	59
	60	trace "remove pkcs11 keys"
	61	echo ${TEST_SSH_PIN} \| notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
	62	r=$?
	63	if [ $r -ne 0 ]; then
	64	fail "ssh-add -e failed: exit code $r"
	65	fi
	66
	67	trace "kill agent"
	68	${SSHAGENT} -k > /dev/null
	69	fi