diff options
Diffstat (limited to 'regress/cert-userkey.sh')
| -rw-r--r-- | regress/cert-userkey.sh | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index a41a9a9c0..01f3b40a4 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.7 2010/08/31 12:24:09 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="certified user keys" | 4 | tid="certified user keys" |
| @@ -11,7 +11,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\ | |||
| 11 | fail "ssh-keygen of user_ca_key failed" | 11 | fail "ssh-keygen of user_ca_key failed" |
| 12 | 12 | ||
| 13 | # Generate and sign user keys | 13 | # Generate and sign user keys |
| 14 | for ktype in rsa dsa ; do | 14 | for ktype in rsa dsa ecdsa ; do |
| 15 | verbose "$tid: sign user ${ktype} cert" | 15 | verbose "$tid: sign user ${ktype} cert" |
| 16 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ | 16 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ |
| 17 | -f $OBJ/cert_user_key_${ktype} || \ | 17 | -f $OBJ/cert_user_key_${ktype} || \ |
| @@ -20,6 +20,8 @@ for ktype in rsa dsa ; do | |||
| 20 | "regress user key for $USER" \ | 20 | "regress user key for $USER" \ |
| 21 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || | 21 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || |
| 22 | fail "couldn't sign cert_user_key_${ktype}" | 22 | fail "couldn't sign cert_user_key_${ktype}" |
| 23 | # v00 ecdsa certs do not exist | ||
| 24 | test "{ktype}" = "ecdsa" && continue | ||
| 23 | cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 | 25 | cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 |
| 24 | cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub | 26 | cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub |
| 25 | ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ | 27 | ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ |
| @@ -29,7 +31,7 @@ for ktype in rsa dsa ; do | |||
| 29 | done | 31 | done |
| 30 | 32 | ||
| 31 | # Test explicitly-specified principals | 33 | # Test explicitly-specified principals |
| 32 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do | 34 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do |
| 33 | for privsep in yes no ; do | 35 | for privsep in yes no ; do |
| 34 | _prefix="${ktype} privsep $privsep" | 36 | _prefix="${ktype} privsep $privsep" |
| 35 | 37 | ||
| @@ -155,7 +157,7 @@ basic_tests() { | |||
| 155 | extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" | 157 | extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" |
| 156 | fi | 158 | fi |
| 157 | 159 | ||
| 158 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do | 160 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do |
| 159 | for privsep in yes no ; do | 161 | for privsep in yes no ; do |
| 160 | _prefix="${ktype} privsep $privsep $auth" | 162 | _prefix="${ktype} privsep $privsep $auth" |
| 161 | # Simple connect | 163 | # Simple connect |
| @@ -230,6 +232,11 @@ test_one() { | |||
| 230 | 232 | ||
| 231 | for auth in $auth_choice ; do | 233 | for auth in $auth_choice ; do |
| 232 | for ktype in rsa rsa_v00 ; do | 234 | for ktype in rsa rsa_v00 ; do |
| 235 | case $ktype in | ||
| 236 | *_v00) keyv="-t v00" ;; | ||
| 237 | *) keyv="" ;; | ||
| 238 | esac | ||
| 239 | |||
| 233 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | 240 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy |
| 234 | if test "x$auth" = "xauthorized_keys" ; then | 241 | if test "x$auth" = "xauthorized_keys" ; then |
| 235 | # Add CA to authorized_keys | 242 | # Add CA to authorized_keys |
| @@ -249,7 +256,7 @@ test_one() { | |||
| 249 | verbose "$tid: $ident auth $auth expect $result $ktype" | 256 | verbose "$tid: $ident auth $auth expect $result $ktype" |
| 250 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ | 257 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ |
| 251 | -I "regress user key for $USER" \ | 258 | -I "regress user key for $USER" \ |
| 252 | $sign_opts \ | 259 | $sign_opts $keyv \ |
| 253 | $OBJ/cert_user_key_${ktype} || | 260 | $OBJ/cert_user_key_${ktype} || |
| 254 | fail "couldn't sign cert_user_key_${ktype}" | 261 | fail "couldn't sign cert_user_key_${ktype}" |
| 255 | 262 | ||
| @@ -302,7 +309,7 @@ test_one "principals key option no principals" failure "" \ | |||
| 302 | 309 | ||
| 303 | # Wrong certificate | 310 | # Wrong certificate |
| 304 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | 311 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy |
| 305 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do | 312 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do |
| 306 | case $ktype in | 313 | case $ktype in |
| 307 | *_v00) args="-t v00" ;; | 314 | *_v00) args="-t v00" ;; |
| 308 | *) args="" ;; | 315 | *) args="" ;; |