Lines Matching +full:touch +full:- +full:keys
7 # w/out OpenSSL. Populate ktype[2-4] with the other types if supported.
13 ssh-rsa) ktype3=rsa ;;
14 ssh-dss) ktype4=dsa ;;
15 sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
16 sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
20 # Do most testing with ssh-keygen; it uses the same verification code as sshd.
22 # Old keys will interfere with ssh-keygen.
23 rm -f $OBJ/revoked-* $OBJ/krl-*
26 $SSHKEYGEN -t $ktype1 -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
28 $SSHKEYGEN -t $ktype2 -f $OBJ/revoked-ca2 -C "" -N "" > /dev/null ||
34 cat << EOF >> $OBJ/revoked-serials
35 serial: 1-4
42 # The following sum to 500-799
46 serial: 503-600
47 serial: 700-797
50 serial: 599-701
52 serial: 10000-20000
53 serial: 30000-40000
57 touch $OBJ/revoked-keyid
60 # Fill in by-ID revocation spec.
61 echo "id: revoked $n" >> $OBJ/revoked-keyid
66 f=$OBJ/revoked-`printf "%04d" $N`
77 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
80 $SSHKEYGEN -s $OBJ/revoked-ca -z $n -I "revoked $N" $f >/dev/null 2>&1 \
85 # Generate some keys.
86 verbose "$tid: generating test keys"
91 RCERTS="$RCERTS ${f}-cert.pub"
98 UCERTS="$UCERTS ${f}-cert.pub"
101 # Specifications that revoke keys by hash.
102 touch $OBJ/revoked-sha1 $OBJ/revoked-sha256 $OBJ/revoked-hash
104 (printf "sha1: "; cat $rkey) >> $OBJ/revoked-sha1
105 (printf "sha256: "; cat $rkey) >> $OBJ/revoked-sha256
106 (printf "hash: "; $SSHKEYGEN -lf $rkey | \
107 awk '{ print $2 }') >> $OBJ/revoked-hash
112 $SSHKEYGEN $OPTS -kf $OBJ/krl-empty - </dev/null \
114 $SSHKEYGEN $OPTS -kf $OBJ/krl-keys $RKEYS \
116 $SSHKEYGEN $OPTS -kf $OBJ/krl-cert $RCERTS \
118 $SSHKEYGEN $OPTS -kf $OBJ/krl-all $RKEYS $RCERTS \
120 $SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \
122 $SSHKEYGEN $OPTS -kf $OBJ/krl-sha1 $OBJ/revoked-sha1 \
124 $SSHKEYGEN $OPTS -kf $OBJ/krl-sha256 $OBJ/revoked-sha256 \
126 $SSHKEYGEN $OPTS -kf $OBJ/krl-hash $OBJ/revoked-hash \
128 # This should fail as KRLs from serial/key-id spec need the CA specified.
129 $SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \
131 $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \
134 $SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca \
135 $OBJ/revoked-serials >/dev/null || fatal "$SSHKEYGEN KRL failed"
136 $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub \
137 $OBJ/revoked-keyid >/dev/null || fatal "$SSHKEYGEN KRL failed"
139 $SSHKEYGEN $OPTS -kf $OBJ/krl-serial-wild -s NONE $OBJ/revoked-serials \
141 $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid-wild -s NONE $OBJ/revoked-keyid \
143 # Revoke the same serials with the second CA key to ensure a multi-CA
145 $SSHKEYGEN $OPTS -kf $OBJ/krl-serial -u -s $OBJ/revoked-ca2 \
146 $OBJ/revoked-serials >/dev/null || fatal "$SSHKEYGEN KRL failed"
150 ## XXX test ranges near (u64)-1, etc.
160 $SSHKEYGEN -Qf $KRL $KEY >/dev/null
162 if test "x$EXPECT_REVOKED" = "xy" -a $result -eq 0 ; then
164 elif test "x$EXPECT_REVOKED" = "xn" -a $result -ne 0 ; then
182 check_krl $f $OBJ/krl-empty no "$TAG"
183 check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG"
184 check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG"
185 check_krl $f $OBJ/krl-sha1 $HASH_RESULT "$TAG"
186 check_krl $f $OBJ/krl-sha256 $HASH_RESULT "$TAG"
187 check_krl $f $OBJ/krl-hash $HASH_RESULT "$TAG"
188 check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG"
189 check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG"
190 check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG"
191 check_krl $f $OBJ/krl-ca $CA_RESULT "$TAG"
192 check_krl $f $OBJ/krl-serial-wild $SERIAL_WRESULT "$TAG"
193 check_krl $f $OBJ/krl-keyid-wild $KEYID_WRESULT "$TAG"
199 # keys all hash sr# ID cert CA srl ID
200 test_rev "$RKEYS" "revoked keys" y y y n n n n n n
201 test_rev "$UKEYS" "unrevoked keys" n n n n n n n n n
210 for f in $OBJ/krl-keys $OBJ/krl-cert $OBJ/krl-all \
211 $OBJ/krl-ca $OBJ/krl-serial $OBJ/krl-keyid \
212 $OBJ/krl-serial-wild $OBJ/krl-keyid-wild; do
213 cp -f $OBJ/krl-empty $f
214 genkrls -u