diff options
Diffstat (limited to 'regress')
-rw-r--r-- | regress/Makefile | 6 | ||||
-rw-r--r-- | regress/keygen-comment.sh | 52 |
2 files changed, 55 insertions, 3 deletions
diff --git a/regress/Makefile b/regress/Makefile index 8f7b5aa99..62794d25f 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.107 2020/04/03 02:33:31 dtucker Exp $ | 1 | # $OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $ |
2 | 2 | ||
3 | tests: prep file-tests t-exec unit | 3 | tests: prep file-tests t-exec unit |
4 | 4 | ||
@@ -91,8 +91,8 @@ LTESTS= connect \ | |||
91 | servcfginclude \ | 91 | servcfginclude \ |
92 | allow-deny-users \ | 92 | allow-deny-users \ |
93 | authinfo \ | 93 | authinfo \ |
94 | sshsig | 94 | sshsig \ |
95 | 95 | keygen-comment | |
96 | 96 | ||
97 | 97 | ||
98 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers | 98 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers |
diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh new file mode 100644 index 000000000..74a734af7 --- /dev/null +++ b/regress/keygen-comment.sh | |||
@@ -0,0 +1,52 @@ | |||
1 | # Placed in the Public Domain. | ||
2 | |||
3 | tid="Comment extraction from private key" | ||
4 | |||
5 | S1="secret1" | ||
6 | |||
7 | check_fingerprint () { | ||
8 | file="$1" | ||
9 | comment="$2" | ||
10 | trace "fingerprinting $file" | ||
11 | if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then | ||
12 | fail "ssh-keygen -l failed for $t-key" | ||
13 | fi | ||
14 | if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \ | ||
15 | $OBJ/$t-fgp >/dev/null 2>&1 ; then | ||
16 | fail "comment is not correctly recovered for $t-key" | ||
17 | fi | ||
18 | rm -f $OBJ/$t-fgp | ||
19 | } | ||
20 | |||
21 | for fmt in '' RFC4716 PKCS8 PEM; do | ||
22 | for t in $SSH_KEYTYPES; do | ||
23 | trace "generating $t key in '$fmt' format" | ||
24 | rm -f $OBJ/$t-key* | ||
25 | oldfmt="" | ||
26 | case "$fmt" in | ||
27 | PKCS8|PEM) oldfmt=1 ;; | ||
28 | esac | ||
29 | # Some key types like ssh-ed25519 and *@openssh.com are never | ||
30 | # stored in old formats. | ||
31 | case "$t" in | ||
32 | ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;; | ||
33 | esac | ||
34 | comment="foo bar" | ||
35 | fmtarg="" | ||
36 | test -z "$fmt" || fmtarg="-m $fmt" | ||
37 | ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \ | ||
38 | -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \ | ||
39 | fatal "keygen of $t in format $fmt failed" | ||
40 | check_fingerprint $OBJ/$t-key "${comment}" | ||
41 | check_fingerprint $OBJ/$t-key.pub "${comment}" | ||
42 | # Output fingerprint using only private file | ||
43 | trace "fingerprinting $t key using private key file" | ||
44 | rm -f $OBJ/$t-key.pub | ||
45 | if [ ! -z "$oldfmt" ] ; then | ||
46 | # Comment cannot be recovered from old format keys. | ||
47 | comment="no comment" | ||
48 | fi | ||
49 | check_fingerprint $OBJ/$t-key "${comment}" | ||
50 | rm -f $OBJ/$t-key* | ||
51 | done | ||
52 | done | ||