summaryrefslogtreecommitdiffstats
path: root/regress/keygen-comment.sh
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-04-20 06:44:47 +0200
committerDamien Miller <djm@mindrot.org>2020-04-20 06:47:26 +0200
commitd00d07b6744d3b4bb7aca46c734ecd670148da23 (patch)
treefd9b5ff8541752abd12d87488a3e7ecc4742d94d /regress/keygen-comment.sh
parentupstream: fix a bug I introduced in r1.406: when printing private key (diff)
downloadopenssh-d00d07b6744d3b4bb7aca46c734ecd670148da23.tar.xz
openssh-d00d07b6744d3b4bb7aca46c734ecd670148da23.zip
upstream: regression test for printing of private key fingerprints and
key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
Diffstat (limited to 'regress/keygen-comment.sh')
-rw-r--r--regress/keygen-comment.sh52
1 files changed, 52 insertions, 0 deletions
diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh
new file mode 100644
index 000000000..74a734af7
--- /dev/null
+++ b/regress/keygen-comment.sh
@@ -0,0 +1,52 @@
+#    Placed in the Public Domain.
+
+tid="Comment extraction from private key"
+
+S1="secret1"
+
+check_fingerprint () {
+ file="$1"
+ comment="$2"
+ trace "fingerprinting $file"
+ if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
+ fail "ssh-keygen -l failed for $t-key"
+ fi
+ if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \
+ $OBJ/$t-fgp >/dev/null 2>&1 ; then
+ fail "comment is not correctly recovered for $t-key"
+ fi
+ rm -f $OBJ/$t-fgp
+}
+
+for fmt in '' RFC4716 PKCS8 PEM; do
+ for t in $SSH_KEYTYPES; do
+ trace "generating $t key in '$fmt' format"
+ rm -f $OBJ/$t-key*
+ oldfmt=""
+ case "$fmt" in
+ PKCS8|PEM) oldfmt=1 ;;
+ esac
+ # Some key types like ssh-ed25519 and *@openssh.com are never
+ # stored in old formats.
+ case "$t" in
+ ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
+ esac
+ comment="foo bar"
+ fmtarg=""
+ test -z "$fmt" || fmtarg="-m $fmt"
+ ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
+ -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
+ fatal "keygen of $t in format $fmt failed"
+ check_fingerprint $OBJ/$t-key "${comment}"
+ check_fingerprint $OBJ/$t-key.pub "${comment}"
+ # Output fingerprint using only private file
+ trace "fingerprinting $t key using private key file"
+ rm -f $OBJ/$t-key.pub
+ if [ ! -z "$oldfmt" ] ; then
+ # Comment cannot be recovered from old format keys.
+ comment="no comment"
+ fi
+ check_fingerprint $OBJ/$t-key "${comment}"
+ rm -f $OBJ/$t-key*
+ done
+done