Cross Reference: /freebsd-9.3-release/crypto/openssh/regress/cert-hostkey.sh

Deleted Added

sdiff udiff text old ( 225825 ) new ( 255670 )

full compact

cert-hostkey.sh (225825)	cert-hostkey.sh (255670)
1# $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $	1# $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $
2# Placed in the Public Domain. 3 4tid="certified host keys" 5 6# used to disable ECC based tests on platforms without ECC 7ecdsa="" 8if test "x$TEST_SSH_ECC" = "xyes"; then 9 ecdsa=ecdsa 10fi 11 12rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* 13cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 14 15HOSTS='localhost-with-alias,127.0.0.1,::1' 16 17# Create a CA key and add it to known hosts 18${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key \|\|\ 19 fail "ssh-keygen of host_ca_key failed" 20(	2# Placed in the Public Domain. 3 4tid="certified host keys" 5 6# used to disable ECC based tests on platforms without ECC 7ecdsa="" 8if test "x$TEST_SSH_ECC" = "xyes"; then 9 ecdsa=ecdsa 10fi 11 12rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* 13cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 14 15HOSTS='localhost-with-alias,127.0.0.1,::1' 16 17# Create a CA key and add it to known hosts 18${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key \|\|\ 19 fail "ssh-keygen of host_ca_key failed" 20(
21 echon '@cert-authority ' 22 echon "$HOSTS "	21 printf '@cert-authority ' 22 printf "$HOSTS "
23 cat $OBJ/host_ca_key.pub 24) > $OBJ/known_hosts-cert 25 26# Generate and sign host keys 27for ktype in rsa dsa $ecdsa ; do 28 verbose "$tid: sign host ${ktype} cert" 29 # Generate and sign a host key 30 ${SSHKEYGEN} -q -N '' -t ${ktype} \ --- 30 unchanged lines hidden (view full) --- 61 if [ $? -ne 0 ]; then 62 fail "ssh cert connect failed" 63 fi 64 done 65done 66 67# Revoked certificates with key present 68(	23 cat $OBJ/host_ca_key.pub 24) > $OBJ/known_hosts-cert 25 26# Generate and sign host keys 27for ktype in rsa dsa $ecdsa ; do 28 verbose "$tid: sign host ${ktype} cert" 29 # Generate and sign a host key 30 ${SSHKEYGEN} -q -N '' -t ${ktype} \ --- 30 unchanged lines hidden (view full) --- 61 if [ $? -ne 0 ]; then 62 fail "ssh cert connect failed" 63 fi 64 done 65done 66 67# Revoked certificates with key present 68(
69 echon '@cert-authority ' 70 echon "$HOSTS "	69 printf '@cert-authority ' 70 printf "$HOSTS "
71 cat $OBJ/host_ca_key.pub	71 cat $OBJ/host_ca_key.pub
72 echon '@revoked ' 73 echon "* "	72 printf '@revoked ' 73 printf "* "
74 cat $OBJ/cert_host_key_rsa.pub 75 if test "x$TEST_SSH_ECC" = "xyes"; then	74 cat $OBJ/cert_host_key_rsa.pub 75 if test "x$TEST_SSH_ECC" = "xyes"; then
76 echon '@revoked ' 77 echon "* "	76 printf '@revoked ' 77 printf "* "
78 cat $OBJ/cert_host_key_ecdsa.pub 79 fi	78 cat $OBJ/cert_host_key_ecdsa.pub 79 fi
80 echon '@revoked ' 81 echon "* "	80 printf '@revoked ' 81 printf "* "
82 cat $OBJ/cert_host_key_dsa.pub	82 cat $OBJ/cert_host_key_dsa.pub
83 echon '@revoked ' 84 echon "* "	83 printf '@revoked ' 84 printf "* "
85 cat $OBJ/cert_host_key_rsa_v00.pub	85 cat $OBJ/cert_host_key_rsa_v00.pub
86 echon '@revoked ' 87 echon "* "	86 printf '@revoked ' 87 printf "* "
88 cat $OBJ/cert_host_key_dsa_v00.pub 89) > $OBJ/known_hosts-cert 90for privsep in yes no ; do 91 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 92 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 93 ( 94 cat $OBJ/sshd_proxy_bak 95 echo HostKey $OBJ/cert_host_key_${ktype} --- 7 unchanged lines hidden (view full) --- 103 if [ $? -eq 0 ]; then 104 fail "ssh cert connect succeeded unexpectedly" 105 fi 106 done 107done 108 109# Revoked CA 110(	88 cat $OBJ/cert_host_key_dsa_v00.pub 89) > $OBJ/known_hosts-cert 90for privsep in yes no ; do 91 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 92 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 93 ( 94 cat $OBJ/sshd_proxy_bak 95 echo HostKey $OBJ/cert_host_key_${ktype} --- 7 unchanged lines hidden (view full) --- 103 if [ $? -eq 0 ]; then 104 fail "ssh cert connect succeeded unexpectedly" 105 fi 106 done 107done 108 109# Revoked CA 110(
111 echon '@cert-authority ' 112 echon "$HOSTS "	111 printf '@cert-authority ' 112 printf "$HOSTS "
113 cat $OBJ/host_ca_key.pub	113 cat $OBJ/host_ca_key.pub
114 echon '@revoked ' 115 echon "* "	114 printf '@revoked ' 115 printf "* "
116 cat $OBJ/host_ca_key.pub 117) > $OBJ/known_hosts-cert 118for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do 119 verbose "$tid: host ${ktype} revoked cert" 120 ( 121 cat $OBJ/sshd_proxy_bak 122 echo HostKey $OBJ/cert_host_key_${ktype} 123 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub 124 ) > $OBJ/sshd_proxy 125 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 126 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 127 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 128 if [ $? -eq 0 ]; then 129 fail "ssh cert connect succeeded unexpectedly" 130 fi 131done 132 133# Create a CA key and add it to known hosts 134(	116 cat $OBJ/host_ca_key.pub 117) > $OBJ/known_hosts-cert 118for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do 119 verbose "$tid: host ${ktype} revoked cert" 120 ( 121 cat $OBJ/sshd_proxy_bak 122 echo HostKey $OBJ/cert_host_key_${ktype} 123 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub 124 ) > $OBJ/sshd_proxy 125 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 126 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 127 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 128 if [ $? -eq 0 ]; then 129 fail "ssh cert connect succeeded unexpectedly" 130 fi 131done 132 133# Create a CA key and add it to known hosts 134(
135 echon '@cert-authority ' 136 echon "$HOSTS "	135 printf '@cert-authority ' 136 printf "$HOSTS "
137 cat $OBJ/host_ca_key.pub 138) > $OBJ/known_hosts-cert 139 140test_one() { 141 ident=$1 142 result=$2 143 sign_opts=$3 144 --- 50 unchanged lines hidden (view full) --- 195 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 196 -f $OBJ/cert_host_key_${ktype} \|\| \ 197 fail "ssh-keygen of cert_host_key_${ktype} failed" 198 ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ 199 -I "regress host key for $USER" \ 200 -n $HOSTS $OBJ/cert_host_key_${ktype} \|\| 201 fail "couldn't sign cert_host_key_${ktype}" 202 (	137 cat $OBJ/host_ca_key.pub 138) > $OBJ/known_hosts-cert 139 140test_one() { 141 ident=$1 142 result=$2 143 sign_opts=$3 144 --- 50 unchanged lines hidden (view full) --- 195 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 196 -f $OBJ/cert_host_key_${ktype} \|\| \ 197 fail "ssh-keygen of cert_host_key_${ktype} failed" 198 ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ 199 -I "regress host key for $USER" \ 200 -n $HOSTS $OBJ/cert_host_key_${ktype} \|\| 201 fail "couldn't sign cert_host_key_${ktype}" 202 (
203 echon "$HOSTS "	203 printf "$HOSTS "
204 cat $OBJ/cert_host_key_${ktype}.pub 205 ) > $OBJ/known_hosts-cert 206 ( 207 cat $OBJ/sshd_proxy_bak 208 echo HostKey $OBJ/cert_host_key_${ktype} 209 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub 210 ) > $OBJ/sshd_proxy 211 212 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 213 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 214 -F $OBJ/ssh_proxy somehost true 215 if [ $? -ne 0 ]; then 216 fail "ssh cert connect failed" 217 fi 218 done 219done 220 221# Wrong certificate 222(	204 cat $OBJ/cert_host_key_${ktype}.pub 205 ) > $OBJ/known_hosts-cert 206 ( 207 cat $OBJ/sshd_proxy_bak 208 echo HostKey $OBJ/cert_host_key_${ktype} 209 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub 210 ) > $OBJ/sshd_proxy 211 212 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 213 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 214 -F $OBJ/ssh_proxy somehost true 215 if [ $? -ne 0 ]; then 216 fail "ssh cert connect failed" 217 fi 218 done 219done 220 221# Wrong certificate 222(
223 echon '@cert-authority ' 224 echon "$HOSTS "	223 printf '@cert-authority ' 224 printf "$HOSTS "
225 cat $OBJ/host_ca_key.pub 226) > $OBJ/known_hosts-cert 227for v in v01 v00 ; do 228 for kt in rsa dsa $ecdsa ; do 229 # v00 ecdsa certs do not exist. 230 test "${v}${ktype}" = "v00ecdsa" && continue 231 rm -f $OBJ/cert_host_key* 232 # Self-sign key --- 24 unchanged lines hidden ---	225 cat $OBJ/host_ca_key.pub 226) > $OBJ/known_hosts-cert 227for v in v01 v00 ; do 228 for kt in rsa dsa $ecdsa ; do 229 # v00 ecdsa certs do not exist. 230 test "${v}${ktype}" = "v00ecdsa" && continue 231 rm -f $OBJ/cert_host_key* 232 # Self-sign key --- 24 unchanged lines hidden ---