1295367Sdes# $OpenBSD: agent-pkcs11.sh,v 1.2 2015/01/12 11:46:32 djm Exp $ 2204861Sdes# Placed in the Public Domain. 3204861Sdes 4204861Sdestid="pkcs11 agent test" 5204861Sdes 6204861SdesTEST_SSH_PIN="" 7204861SdesTEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 8204861Sdes 9295367Sdestest -f "$TEST_SSH_PKCS11" || fatal "$TEST_SSH_PKCS11 does not exist" 10295367Sdes 11204861Sdes# setup environment for soft-pkcs11 token 12204861SdesSOFTPKCS11RC=$OBJ/pkcs11.info 13204861Sdesexport SOFTPKCS11RC 14204861Sdes# prevent ssh-agent from calling ssh-askpass 15204861SdesSSH_ASKPASS=/usr/bin/true 16204861Sdesexport SSH_ASKPASS 17204861Sdesunset DISPLAY 18204861Sdes 19204861Sdes# start command w/o tty, so ssh-add accepts pin from stdin 20204861Sdesnotty() { 21204861Sdes perl -e 'use POSIX; POSIX::setsid(); 22204861Sdes if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" 23204861Sdes} 24204861Sdes 25204861Sdestrace "start agent" 26204861Sdeseval `${SSHAGENT} -s` > /dev/null 27204861Sdesr=$? 28204861Sdesif [ $r -ne 0 ]; then 29204861Sdes fail "could not start ssh-agent: exit code $r" 30204861Sdeselse 31204861Sdes trace "generating key/cert" 32204861Sdes rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt 33204861Sdes openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 34204861Sdes chmod 600 $OBJ/pkcs11.key 35204861Sdes openssl req -key $OBJ/pkcs11.key -new -x509 \ 36204861Sdes -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null 37204861Sdes printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC 38204861Sdes # add to authorized keys 39204861Sdes ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER 40204861Sdes 41204861Sdes trace "add pkcs11 key to agent" 42204861Sdes echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 43204861Sdes r=$? 44204861Sdes if [ $r -ne 0 ]; then 45204861Sdes fail "ssh-add -s failed: exit code $r" 46204861Sdes fi 47204861Sdes 48204861Sdes trace "pkcs11 list via agent" 49204861Sdes ${SSHADD} -l > /dev/null 2>&1 50204861Sdes r=$? 51204861Sdes if [ $r -ne 0 ]; then 52204861Sdes fail "ssh-add -l failed: exit code $r" 53204861Sdes fi 54204861Sdes 55204861Sdes trace "pkcs11 connect via agent" 56204861Sdes ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 57204861Sdes r=$? 58204861Sdes if [ $r -ne 5 ]; then 59204861Sdes fail "ssh connect failed (exit code $r)" 60204861Sdes fi 61204861Sdes 62204861Sdes trace "remove pkcs11 keys" 63204861Sdes echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 64204861Sdes r=$? 65204861Sdes if [ $r -ne 0 ]; then 66204861Sdes fail "ssh-add -e failed: exit code $r" 67204861Sdes fi 68204861Sdes 69204861Sdes trace "kill agent" 70204861Sdes ${SSHAGENT} -k > /dev/null 71204861Sdesfi 72