diff options
Diffstat (limited to 'regress/krl.sh')
| -rw-r--r-- | regress/krl.sh | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/regress/krl.sh b/regress/krl.sh index e18d0ec7f..c381225ed 100644 --- a/regress/krl.sh +++ b/regress/krl.sh | |||
| @@ -1,16 +1,19 @@ | |||
| 1 | # $OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $ | 1 | # $OpenBSD: krl.sh,v 1.11 2019/12/16 02:39:05 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="key revocation lists" | 4 | tid="key revocation lists" |
| 5 | 5 | ||
| 6 | # Use ed25519 by default since it's fast and it's supported when building | 6 | # Use ed25519 by default since it's fast and it's supported when building |
| 7 | # w/out OpenSSL. Populate ktype[2-4] with the other types if supported. | 7 | # w/out OpenSSL. Populate ktype[2-4] with the other types if supported. |
| 8 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519 | 8 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; |
| 9 | for t in `${SSH} -Q key-plain`; do | 9 | ktype4=ed25519; ktype5=ed25519; ktype6=ed25519; |
| 10 | for t in $SSH_KEYTYPES; do | ||
| 10 | case "$t" in | 11 | case "$t" in |
| 11 | ecdsa*) ktype2=ecdsa ;; | 12 | ecdsa*) ktype2=ecdsa ;; |
| 12 | ssh-rsa) ktype3=rsa ;; | 13 | ssh-rsa) ktype3=rsa ;; |
| 13 | ssh-dss) ktype4=dsa ;; | 14 | ssh-dss) ktype4=dsa ;; |
| 15 | sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;; | ||
| 16 | sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;; | ||
| 14 | esac | 17 | esac |
| 15 | done | 18 | done |
| 16 | 19 | ||
| @@ -34,6 +37,7 @@ serial: 10 | |||
| 34 | serial: 15 | 37 | serial: 15 |
| 35 | serial: 30 | 38 | serial: 30 |
| 36 | serial: 50 | 39 | serial: 50 |
| 40 | serial: 90 | ||
| 37 | serial: 999 | 41 | serial: 999 |
| 38 | # The following sum to 500-799 | 42 | # The following sum to 500-799 |
| 39 | serial: 500 | 43 | serial: 500 |
| @@ -51,7 +55,7 @@ EOF | |||
| 51 | 55 | ||
| 52 | # A specification that revokes some certificated by key ID. | 56 | # A specification that revokes some certificated by key ID. |
| 53 | touch $OBJ/revoked-keyid | 57 | touch $OBJ/revoked-keyid |
| 54 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do | 58 | for n in 1 2 3 4 10 15 30 50 90 `jot 500 300` 999 1000 1001 1002; do |
| 55 | test "x$n" = "x499" && continue | 59 | test "x$n" = "x499" && continue |
| 56 | # Fill in by-ID revocation spec. | 60 | # Fill in by-ID revocation spec. |
| 57 | echo "id: revoked $n" >> $OBJ/revoked-keyid | 61 | echo "id: revoked $n" >> $OBJ/revoked-keyid |
| @@ -64,9 +68,11 @@ keygen() { | |||
| 64 | # supported. | 68 | # supported. |
| 65 | keytype=$ktype1 | 69 | keytype=$ktype1 |
| 66 | case $N in | 70 | case $N in |
| 67 | 2 | 10 | 510 | 1001) keytype=$ktype2 ;; | 71 | 2 | 10 | 510 | 1001) keytype=$ktype2 ;; |
| 68 | 4 | 30 | 520 | 1002) keytype=$ktype3 ;; | 72 | 4 | 30 | 520 | 1002) keytype=$ktype3 ;; |
| 69 | 8 | 50 | 530 | 1003) keytype=$ktype4 ;; | 73 | 8 | 50 | 530 | 1003) keytype=$ktype4 ;; |
| 74 | 16 | 70 | 540 | 1004) keytype=$ktype5 ;; | ||
| 75 | 32 | 90 | 550 | 1005) keytype=$ktype6 ;; | ||
| 70 | esac | 76 | esac |
| 71 | $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ | 77 | $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ |
| 72 | || fatal "$SSHKEYGEN failed" | 78 | || fatal "$SSHKEYGEN failed" |
| @@ -78,7 +84,7 @@ keygen() { | |||
| 78 | 84 | ||
| 79 | # Generate some keys. | 85 | # Generate some keys. |
| 80 | verbose "$tid: generating test keys" | 86 | verbose "$tid: generating test keys" |
| 81 | REVOKED_SERIALS="1 4 10 50 500 510 520 799 999" | 87 | REVOKED_SERIALS="1 4 10 50 90 500 510 520 550 799 999" |
| 82 | for n in $REVOKED_SERIALS ; do | 88 | for n in $REVOKED_SERIALS ; do |
| 83 | f=`keygen $n` | 89 | f=`keygen $n` |
| 84 | RKEYS="$RKEYS ${f}.pub" | 90 | RKEYS="$RKEYS ${f}.pub" |