diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-26 23:43:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-27 11:02:49 +1100 |
commit | ad44ca81bea83657d558aaef5a1d789a9032bac3 (patch) | |
tree | c4143c62227e817790c3362d409cdef93b5b52da /regress/keytype.sh | |
parent | c6efa8a91af1d4fdb43909a23a0a4ffa012155ad (diff) |
upstream: test FIDO2/U2F key types; ok markus@
OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474
Diffstat (limited to 'regress/keytype.sh')
-rw-r--r-- | regress/keytype.sh | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/regress/keytype.sh b/regress/keytype.sh index 13095088e..91c5aca1b 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keytype.sh,v 1.8 2019/07/23 13:49:14 dtucker Exp $ | 1 | # $OpenBSD: keytype.sh,v 1.9 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="login with different key types" | 4 | tid="login with different key types" |
@@ -16,43 +16,60 @@ for i in ${SSH_KEYTYPES}; do | |||
16 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; | 16 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; |
17 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; | 17 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; |
18 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; | 18 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; |
19 | sk-ssh-ed25519*) ktypes="$ktypes ed25519-sk" ;; | ||
20 | sk-ecdsa-sha2-nistp256*) ktypes="$ktypes ecdsa-sk" ;; | ||
19 | esac | 21 | esac |
20 | done | 22 | done |
21 | 23 | ||
22 | for kt in $ktypes; do | 24 | for kt in $ktypes; do |
23 | rm -f $OBJ/key.$kt | 25 | rm -f $OBJ/key.$kt |
24 | bits=`echo ${kt} | awk -F- '{print $2}'` | 26 | xbits=`echo ${kt} | awk -F- '{print $2}'` |
25 | type=`echo ${kt} | awk -F- '{print $1}'` | 27 | xtype=`echo ${kt} | awk -F- '{print $1}'` |
28 | case "$kt" in | ||
29 | *sk) type="$kt"; bits="n/a"; bits_arg="";; | ||
30 | *) type=$xtype; bits=$xbits; bits_arg="-b $bits";; | ||
31 | esac | ||
26 | verbose "keygen $type, $bits bits" | 32 | verbose "keygen $type, $bits bits" |
27 | ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ | 33 | ${SSHKEYGEN} $bits_arg -q -N '' -t $type -f $OBJ/key.$kt || \ |
28 | fail "ssh-keygen for type $type, $bits bits failed" | 34 | fail "ssh-keygen for type $type, $bits bits failed" |
29 | done | 35 | done |
30 | 36 | ||
37 | kname_to_ktype() { | ||
38 | case $1 in | ||
39 | dsa-1024) echo ssh-dss;; | ||
40 | ecdsa-256) echo ecdsa-sha2-nistp256;; | ||
41 | ecdsa-384) echo ecdsa-sha2-nistp384;; | ||
42 | ecdsa-521) echo ecdsa-sha2-nistp521;; | ||
43 | ed25519-512) echo ssh-ed25519;; | ||
44 | rsa-*) echo rsa-sha2-512,rsa-sha2-256,ssh-rsa;; | ||
45 | ed25519-sk) echo sk-ssh-ed25519@openssh.com;; | ||
46 | ecdsa-sk) echo sk-ecdsa-sha2-nistp256@openssh.com;; | ||
47 | esac | ||
48 | } | ||
49 | |||
31 | tries="1 2 3" | 50 | tries="1 2 3" |
32 | for ut in $ktypes; do | 51 | for ut in $ktypes; do |
33 | htypes=$ut | 52 | user_type=`kname_to_ktype "$ut"` |
53 | # SK keys are not supported for hostkeys. | ||
54 | case "$ut" in | ||
55 | *sk) htypes=ed25519-512;; | ||
56 | *) htypes="$ut";; | ||
57 | esac | ||
34 | #htypes=$ktypes | 58 | #htypes=$ktypes |
35 | for ht in $htypes; do | 59 | for ht in $htypes; do |
36 | case $ht in | 60 | host_type=`kname_to_ktype "$ht"` |
37 | dsa-1024) t=ssh-dss;; | ||
38 | ecdsa-256) t=ecdsa-sha2-nistp256;; | ||
39 | ecdsa-384) t=ecdsa-sha2-nistp384;; | ||
40 | ecdsa-521) t=ecdsa-sha2-nistp521;; | ||
41 | ed25519-512) t=ssh-ed25519;; | ||
42 | rsa-*) t=rsa-sha2-512,rsa-sha2-256,ssh-rsa;; | ||
43 | esac | ||
44 | trace "ssh connect, userkey $ut, hostkey $ht" | 61 | trace "ssh connect, userkey $ut, hostkey $ht" |
45 | ( | 62 | ( |
46 | grep -v HostKey $OBJ/sshd_proxy_bak | 63 | grep -v HostKey $OBJ/sshd_proxy_bak |
47 | echo HostKey $OBJ/key.$ht | 64 | echo HostKey $OBJ/key.$ht |
48 | echo PubkeyAcceptedKeyTypes $t | 65 | echo PubkeyAcceptedKeyTypes $user_type |
49 | echo HostKeyAlgorithms $t | 66 | echo HostKeyAlgorithms $host_type |
50 | ) > $OBJ/sshd_proxy | 67 | ) > $OBJ/sshd_proxy |
51 | ( | 68 | ( |
52 | grep -v IdentityFile $OBJ/ssh_proxy_bak | 69 | grep -v IdentityFile $OBJ/ssh_proxy_bak |
53 | echo IdentityFile $OBJ/key.$ut | 70 | echo IdentityFile $OBJ/key.$ut |
54 | echo PubkeyAcceptedKeyTypes $t | 71 | echo PubkeyAcceptedKeyTypes $user_type |
55 | echo HostKeyAlgorithms $t | 72 | echo HostKeyAlgorithms $host_type |
56 | ) > $OBJ/ssh_proxy | 73 | ) > $OBJ/ssh_proxy |
57 | ( | 74 | ( |
58 | printf 'localhost-with-alias,127.0.0.1,::1 ' | 75 | printf 'localhost-with-alias,127.0.0.1,::1 ' |