1204861Sdes# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $ 2204861Sdes# Placed in the Public Domain. 3204861Sdes 4204861Sdestid="pkcs11 agent test" 5204861Sdes 6204861SdesTEST_SSH_PIN="" 7204861SdesTEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 8204861Sdes 9204861Sdes# setup environment for soft-pkcs11 token 10204861SdesSOFTPKCS11RC=$OBJ/pkcs11.info 11204861Sdesexport SOFTPKCS11RC 12204861Sdes# prevent ssh-agent from calling ssh-askpass 13204861SdesSSH_ASKPASS=/usr/bin/true 14204861Sdesexport SSH_ASKPASS 15204861Sdesunset DISPLAY 16204861Sdes 17204861Sdes# start command w/o tty, so ssh-add accepts pin from stdin 18204861Sdesnotty() { 19204861Sdes perl -e 'use POSIX; POSIX::setsid(); 20204861Sdes if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" 21204861Sdes} 22204861Sdes 23204861Sdestrace "start agent" 24204861Sdeseval `${SSHAGENT} -s` > /dev/null 25204861Sdesr=$? 26204861Sdesif [ $r -ne 0 ]; then 27204861Sdes fail "could not start ssh-agent: exit code $r" 28204861Sdeselse 29204861Sdes trace "generating key/cert" 30204861Sdes rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt 31204861Sdes openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 32204861Sdes chmod 600 $OBJ/pkcs11.key 33204861Sdes openssl req -key $OBJ/pkcs11.key -new -x509 \ 34204861Sdes -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null 35204861Sdes printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC 36204861Sdes # add to authorized keys 37204861Sdes ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER 38204861Sdes 39204861Sdes trace "add pkcs11 key to agent" 40204861Sdes echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 41204861Sdes r=$? 42204861Sdes if [ $r -ne 0 ]; then 43204861Sdes fail "ssh-add -s failed: exit code $r" 44204861Sdes fi 45204861Sdes 46204861Sdes trace "pkcs11 list via agent" 47204861Sdes ${SSHADD} -l > /dev/null 2>&1 48204861Sdes r=$? 49204861Sdes if [ $r -ne 0 ]; then 50204861Sdes fail "ssh-add -l failed: exit code $r" 51204861Sdes fi 52204861Sdes 53204861Sdes trace "pkcs11 connect via agent" 54204861Sdes ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 55204861Sdes r=$? 56204861Sdes if [ $r -ne 5 ]; then 57204861Sdes fail "ssh connect failed (exit code $r)" 58204861Sdes fi 59204861Sdes 60204861Sdes trace "remove pkcs11 keys" 61204861Sdes echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 62204861Sdes r=$? 63204861Sdes if [ $r -ne 0 ]; then 64204861Sdes fail "ssh-add -e failed: exit code $r" 65204861Sdes fi 66204861Sdes 67204861Sdes trace "kill agent" 68204861Sdes ${SSHAGENT} -k > /dev/null 69204861Sdesfi 70