1#! /bin/csh -f 2# 3# Run OpenSSH import/export tests. 4# 5# Run this from SecurityTests/clxutils/importExport. This 6# uses the importExportOpensshTool subtool to do most of its work. 7# 8 9echo === Begin OpenSSH test === 10 11source setupCommon 12 13set SSHSUBTOOL=./importExportOpensshTool 14 15# 16# this is the wrap/unwrap password; it has to match the password in 17# the importExportOpensshTool tool 18# 19set PASSWORD=password 20 21# file names generated by ssh-keygen 22set SSH_KEY_NAME=sshkeygenKey 23set PRIV_KEY=${LOCAL_BUILD_DIR}/$SSH_KEY_NAME 24set PUB_KEY=${LOCAL_BUILD_DIR}/${SSH_KEY_NAME}.pub 25 26set SSH_KEYGEN=/usr/bin/ssh-keygen 27 28# determine whether to attempt ssh1 key generation and import 29# %%%FIXME this is currently disabled since OpenSSH 5.4 does not support it by default 30set TESTSSH1=NO 31 32# determine whether to attempt ssh2 key generation and import 33# %%%FIXME this is currently disabled due to <rdar://problem/8063663> 34set TESTSSH2=NO 35 36# user specified variables 37set QUIET=NO 38set KEYSIZE=1024 39set NOACL=NO 40set SECURE_PHRASE=NO 41set NOCLEAN=NO 42 43while ( $#argv > 0 ) 44 switch ( "$argv[1]" ) 45 case q: 46 set QUIET=YES 47 shift 48 breaksw 49 case n: 50 set NOACL=YES 51 shift 52 breaksw 53 case s: 54 set SECURE_PHRASE=YES 55 shift 56 breaksw 57 case N: 58 set NOCLEAN=YES 59 shift 60 breaksw 61 default: 62 echo Usage: importExportOpenssh \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\] 63 exit(1) 64 endsw 65end 66 67# delete existing keys - ssh-keygen is cautious about overwriting 68set cmd="rm -f $PRIV_KEY $PUB_KEY" 69if ($QUIET == NO) then 70 echo $cmd 71endif 72$cmd || exit(1) 73 74if ($TESTSSH1 != NO) then 75 # 76 # RSA, SSH1, wrapped private key 77 # 78 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa1 -q" 79 if ($QUIET == NO) then 80 echo $cmd 81 endif 82 $cmd || exit(1) 83 set cmd="$SSHSUBTOOL $PRIV_KEY ssh1Wrap $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 84 if ($QUIET == NO) then 85 echo $cmd 86 endif 87 $cmd || exit(1) 88 89 # delete existing keys 90 set cmd="rm -f $PRIV_KEY $PUB_KEY" 91 if ($QUIET == NO) then 92 echo $cmd 93 endif 94 $cmd || exit(1) 95 96 # 97 # RSA, SSH1, cleartext private key 98 # 99 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa1 -q -N" 100 if ($QUIET == NO) then 101 echo $cmd 102 endif 103 # note the shell hack we're using to insert an empty argument for the null password 104 $cmd "" || exit(1) 105 set cmd="$SSHSUBTOOL $PRIV_KEY ssh1 $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 106 if ($QUIET == NO) then 107 echo $cmd 108 endif 109 $cmd || exit(1) 110 111 # delete existing keys 112 set cmd="rm -f $PRIV_KEY $PUB_KEY" 113 if ($QUIET == NO) then 114 echo $cmd 115 endif 116 $cmd || exit(1) 117 118else 119 echo "WARNING: OpenSSH ssh1 key import tests are DISABLED (<rdar://8063663>)" 120endif 121 122if ($TESTSSH2 != NO) then 123 # 124 # RSA, SSH2, wrapped private key 125 # 126 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa -q" 127 if ($QUIET == NO) then 128 echo $cmd 129 endif 130 $cmd || exit(1) 131 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 132 if ($QUIET == NO) then 133 echo $cmd 134 endif 135 $cmd || exit(1) 136 137 # delete existing keys 138 set cmd="rm -f $PRIV_KEY $PUB_KEY" 139 if ($QUIET == NO) then 140 echo $cmd 141 endif 142 $cmd || exit(1) 143 144 # 145 # RSA, SSH2, cleartext private key 146 # 147 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa -q -N" 148 if ($QUIET == NO) then 149 echo $cmd 150 endif 151 # note the shell hack we're using to insert an empty argument for the null password 152 $cmd "" || exit(1) 153 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 154 if ($QUIET == NO) then 155 echo $cmd 156 endif 157 $cmd || exit(1) 158 159 # delete existing keys 160 set cmd="rm -f $PRIV_KEY $PUB_KEY" 161 if ($QUIET == NO) then 162 echo $cmd 163 endif 164 $cmd || exit(1) 165 166 # 167 # DSA, SSH2, wrapped private key 168 # 169 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t dsa -q" 170 if ($QUIET == NO) then 171 echo $cmd 172 endif 173 $cmd || exit(1) 174 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 175 if ($QUIET == NO) then 176 echo $cmd 177 endif 178 $cmd || exit(1) 179 180 # delete existing keys 181 set cmd="rm -f $PRIV_KEY $PUB_KEY" 182 if ($QUIET == NO) then 183 echo $cmd 184 endif 185 $cmd || exit(1) 186 187 # 188 # DSA, SSH2, cleartext private key 189 # 190 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t dsa -q -N" 191 if ($QUIET == NO) then 192 echo $cmd 193 endif 194 # note the shell hack we're using to insert an empty argument for the null password 195 $cmd "" || exit(1) 196 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN" 197 if ($QUIET == NO) then 198 echo $cmd 199 endif 200 $cmd || exit(1) 201 202else 203 echo "WARNING: OpenSSH ssh2 key import tests are DISABLED (<rdar://8063663>)" 204endif 205 206# 207# cleanup 208# 209if($NOCLEAN == NO) then 210 set cmd="rm -f $PRIV_KEY $PUB_KEY" 211 if ($QUIET == NO) then 212 echo $cmd 213 endif 214 $cmd || exit(1) 215endif 216 217if ($QUIET == NO) then 218 echo === OpenSSH test complete === 219endif 220