1#! /bin/csh -f
2#
3# Run OpenSSH import/export tests.
4#
5# Run this from SecurityTests/clxutils/importExport. This
6# uses the importExportOpensshTool subtool to do most of its work.
7#
8
9echo === Begin OpenSSH test ===
10
11source setupCommon
12
13set SSHSUBTOOL=./importExportOpensshTool
14
15#
16# this is the wrap/unwrap password; it has to match the password in 
17# the importExportOpensshTool tool
18#
19set PASSWORD=password
20
21# file names generated by ssh-keygen
22set SSH_KEY_NAME=sshkeygenKey
23set PRIV_KEY=${LOCAL_BUILD_DIR}/$SSH_KEY_NAME
24set PUB_KEY=${LOCAL_BUILD_DIR}/${SSH_KEY_NAME}.pub
25
26set SSH_KEYGEN=/usr/bin/ssh-keygen
27
28# determine whether to attempt ssh1 key generation and import
29# %%%FIXME this is currently disabled since OpenSSH 5.4 does not support it by default
30set TESTSSH1=NO
31
32# determine whether to attempt ssh2 key generation and import
33# %%%FIXME this is currently disabled due to <rdar://problem/8063663>
34set TESTSSH2=NO
35
36# user specified variables
37set QUIET=NO
38set KEYSIZE=1024
39set NOACL=NO
40set SECURE_PHRASE=NO
41set NOCLEAN=NO
42
43while ( $#argv > 0 )
44    switch ( "$argv[1]" )
45        case q:
46            set QUIET=YES
47            shift
48            breaksw
49        case n:
50            set NOACL=YES
51            shift
52            breaksw
53        case s:
54            set SECURE_PHRASE=YES
55            shift
56            breaksw
57		case N:
58			set NOCLEAN=YES
59            shift
60            breaksw
61        default:
62            echo Usage: importExportOpenssh \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\]  \[N\(oClean\)\]
63            exit(1)
64    endsw
65end
66
67# delete existing keys - ssh-keygen is cautious about overwriting
68set cmd="rm -f $PRIV_KEY $PUB_KEY"
69if ($QUIET == NO) then
70	echo $cmd
71endif
72$cmd || exit(1)
73
74if ($TESTSSH1 != NO) then
75	#
76	# RSA, SSH1, wrapped private key
77	#
78	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa1 -q"
79	if ($QUIET == NO) then
80		echo $cmd
81	endif
82	$cmd || exit(1)
83	set cmd="$SSHSUBTOOL $PRIV_KEY ssh1Wrap $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
84	if ($QUIET == NO) then
85		echo $cmd
86	endif
87	$cmd || exit(1)
88	
89	# delete existing keys
90	set cmd="rm -f $PRIV_KEY $PUB_KEY"
91	if ($QUIET == NO) then
92		echo $cmd
93	endif
94	$cmd || exit(1)
95
96	#
97	# RSA, SSH1, cleartext private key
98	#
99	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa1 -q -N"
100	if ($QUIET == NO) then
101		echo $cmd
102	endif
103	# note the shell hack we're using to insert an empty argument for the null password
104	$cmd "" || exit(1)
105	set cmd="$SSHSUBTOOL $PRIV_KEY ssh1 $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
106	if ($QUIET == NO) then
107		echo $cmd
108	endif
109	$cmd || exit(1)
110	
111	# delete existing keys
112	set cmd="rm -f $PRIV_KEY $PUB_KEY"
113	if ($QUIET == NO) then
114		echo $cmd
115	endif
116	$cmd || exit(1)
117
118else
119	echo "WARNING: OpenSSH ssh1 key import tests are DISABLED (<rdar://8063663>)"
120endif
121
122if ($TESTSSH2 != NO) then
123	#
124	# RSA, SSH2, wrapped private key
125	#
126	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa -q"
127	if ($QUIET == NO) then
128		echo $cmd
129	endif
130	$cmd || exit(1)
131	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
132	if ($QUIET == NO) then
133		echo $cmd
134	endif
135	$cmd || exit(1)
136	
137	# delete existing keys
138	set cmd="rm -f $PRIV_KEY $PUB_KEY"
139	if ($QUIET == NO) then
140		echo $cmd
141	endif
142	$cmd || exit(1)
143	
144	#
145	# RSA, SSH2, cleartext private key
146	#
147	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa -q -N"
148	if ($QUIET == NO) then
149		echo $cmd
150	endif
151	# note the shell hack we're using to insert an empty argument for the null password
152	$cmd "" || exit(1)
153	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
154	if ($QUIET == NO) then
155		echo $cmd
156	endif
157	$cmd || exit(1)
158	
159	# delete existing keys
160	set cmd="rm -f $PRIV_KEY $PUB_KEY"
161	if ($QUIET == NO) then
162		echo $cmd
163	endif
164	$cmd || exit(1)
165	
166	#
167	# DSA, SSH2, wrapped private key
168	#
169	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t dsa -q"
170	if ($QUIET == NO) then
171		echo $cmd
172	endif
173	$cmd || exit(1)
174	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
175	if ($QUIET == NO) then
176		echo $cmd
177	endif
178	$cmd || exit(1)
179	
180	# delete existing keys
181	set cmd="rm -f $PRIV_KEY $PUB_KEY"
182	if ($QUIET == NO) then
183		echo $cmd
184	endif
185	$cmd || exit(1)
186	
187	#
188	# DSA, SSH2, cleartext private key
189	#
190	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t dsa -q -N"
191	if ($QUIET == NO) then
192		echo $cmd
193	endif
194	# note the shell hack we're using to insert an empty argument for the null password
195	$cmd "" || exit(1)
196	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
197	if ($QUIET == NO) then
198		echo $cmd
199	endif
200	$cmd || exit(1)
201
202else
203	echo "WARNING: OpenSSH ssh2 key import tests are DISABLED (<rdar://8063663>)"
204endif
205
206# 
207# cleanup
208#
209if($NOCLEAN == NO) then
210	set cmd="rm -f $PRIV_KEY $PUB_KEY"
211	if ($QUIET == NO) then
212		echo $cmd
213	endif
214	$cmd || exit(1)
215endif
216
217if ($QUIET == NO) then
218	echo === OpenSSH test complete ===
219endif
220