Lines Matching full:key
9 rm -f $OBJ/sshsig-*.sig $OBJ/wrong-key* $OBJ/sigca-key*
14 # Make a "wrong key"
15 ${SSHKEYGEN} -q -t ed25519 -f $OBJ/wrong-key \
17 || fatal "couldn't generate key"
18 WRONG=$OBJ/wrong-key.pub
20 # Make a CA key.
21 ${SSHKEYGEN} -q -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
22 || fatal "couldn't generate key"
23 CA_PRIV=$OBJ/sigca-key
24 CA_PUB=$OBJ/sigca-key.pub
37 -I "regress signature key for $USER" \
54 trace "$tid: key type $t check bad hashlg"
64 trace "$tid: key type $t sign with hash $h"
69 trace "$tid: key type $t verify with hash $h"
73 fail "failed signature for $t / $h key"
76 trace "$tid: key type $t verify with limited namespace"
82 fail "failed signature for $t key w/ limited namespace"
84 trace "$tid: key type $t print-pubkey"
91 fail "failed signature for $t key w/ print-pubkey"
94 fail "print-pubkey differs from signature key"
97 trace "$tid: key type $t verify with bad signers"
102 fail "accepted signature for $t key with bad signers option"
104 # Wrong key trusted.
105 trace "$tid: key type $t verify with wrong key"
110 fail "accepted signature for $t key with wrong key trusted"
113 trace "$tid: key type $t verify with wrong data"
118 fail "passed signature for wrong data with $t key"
121 trace "$tid: key type $t verify with wrong principal"
126 fail "accepted signature for $t key with wrong principal"
129 trace "$tid: key type $t verify with wrong namespace"
134 fail "accepted signature for $t key with wrong namespace"
137 trace "$tid: key type $t verify with excluded namespace"
143 fail "accepted signature for $t key with excluded namespace"
149 # key lifespan valid
150 trace "$tid: key type $t verify with valid lifespan"
155 fail "failed signature for $t key with valid expiry interval"
156 # key not yet valid
157 trace "$tid: key type $t verify with not-yet-valid lifespan"
162 fail "failed signature for $t not-yet-valid key"
163 # key expired
164 trace "$tid: key type $t verify with expired lifespan"
169 fail "failed signature for $t with expired key"
171 trace "$tid: key type $t verify with expired lifespan (now)"
175 fail "failed signature for $t with expired key"
177 # key lifespan valid
178 trace "$tid: key type $t find-principals with valid lifespan"
182 fail "failed find-principals for $t key with valid expiry interval"
183 # key not yet valid
184 trace "$tid: key type $t find principals with not-yet-valid lifespan"
188 fail "failed find-principals for $t not-yet-valid key"
189 # key expired
190 trace "$tid: key type $t find-principals with expired lifespan"
194 fail "failed find-principals for $t with expired key"
196 trace "$tid: key type $t find-principals with expired lifespan (now)"
199 fail "failed find-principals for $t with expired key"
201 # public key in revoked keys file
202 trace "$tid: key type $t verify with revoked key"
210 fail "accepted signature for $t key, but key is in revoked_keys"
212 # public key not revoked, but others are present in revoked_keysfile
213 trace "$tid: key type $t verify with unrevoked key"
220 fail "couldn't verify signature for $t key, but key not in revoked_keys"
223 trace "$tid: key type $t check-novalidate with valid data"
226 fail "failed to check valid signature for $t key"
229 trace "$tid: key type $t check-novalidate with invalid data"
232 fail "succeeded checking signature for $t key with invalid data"
234 # find-principals with valid public key
235 trace "$tid: key type $t find-principals with valid key"
240 # find-principals with wrong key not in allowed_signers
241 trace "$tid: key type $t find-principals with wrong key"
247 trace "$tid: key type $t find-principals with missing namespace"
256 trace "$tid: key type $t prepare agent"
260 # Move private key to ensure agent key is used
263 trace "$tid: key type $t sign with agent"
267 trace "$tid: key type $t check signature w/ agent"
270 fail "failed to check valid signature for $t key"
276 fail "failed signature for $t key w/ limited namespace"
278 # Move private key back
290 trace "$tid: key type $t find principals outside multiple validities"
296 trace "$tid: key type $t find principals matching one validity (1st)"
302 trace "$tid: key type $t find principals matching two validities"
308 trace "$tid: key type $t find principals matching one validity (2nd)"
315 trace "$tid: key type $t verify outside multiple validities"
322 trace "$tid: key type $t verify matching one validity (1st)"
329 trace "$tid: key type $t verify matching two validities"
336 trace "$tid: key type $t verify matching one validity (2nd)"
349 # Check key lifespan on find-principals when using the CA
353 # key lifespan valid
354 trace "$tid: key type $t find-principals cert lifetime valid"
358 fail "failed find-principals for $t key with valid expiry interval"
359 # key not yet valid
360 trace "$tid: key type $t find-principals cert lifetime not-yet-valid"
364 fail "failed find-principals for $t not-yet-valid key"
365 # key expired
366 trace "$tid: key type $t find-principals cert lifetime expired"
370 fail "failed find-principals for $t with expired key"
372 trace "$tid: key type $t find-principals cert lifetime expired (now)"
375 fail "failed find-principals for $t with expired key"
377 # correct CA key
378 trace "$tid: key type $t verify cert good CA"
388 trace "$tid: key type $t find-principals cert good CA"
392 fail "failed find-principals for $t with ca key"
395 trace "$tid: key type $t find-principals cert good wildcard CA"
403 fail "failed find-principals for $t with ca key using wildcard principal"
406 trace "$tid: key type $t verify cert good wildcard CA"
413 # signing key listed as cert-authority
414 trace "$tid: key type $t verify signing key listed as CA"
420 fail "accepted signature with $t key listed as CA"
422 # CA key not flagged cert-authority
423 trace "$tid: key type $t verify key not marked as CA"
431 trace "$tid: key type $t verify cert with wrong principal"
440 trace "$tid: key type $t verify cert with revoked CA"
447 fail "accepted signature for $t key, but CA key in revoked_keys"
449 # Set lifespan of CA key and verify signed user certs behave accordingly
454 # CA key lifespan valid
455 trace "$tid: key type $t verify cert valid CA lifespan"
460 fail "failed signature for $t key with valid CA expiry interval"
461 # CA lifespan is valid but user key not yet valid
462 trace "$tid: key type $t verify cert valid CA lifespan, not-yet-valid cert"
467 fail "accepted signature for $t key with valid CA expiry interval but not yet valid cert"
468 # CA lifespan is valid but user key expired
469 trace "$tid: key type $t verify cert valid CA lifespan, expired cert"
474 fail "accepted signature for $t key with valid CA expiry interval but expired cert"
475 # CA key not yet valid
476 trace "$tid: key type $t verify cert CA not-yet-valid"
481 fail "accepted signature for $t not-yet-valid CA key"
482 # CA key expired
483 trace "$tid: key type $t verify cert CA expired"
488 fail "accepted signature for $t with expired CA key"
490 trace "$tid: key type $t verify cert CA expired (now)"
494 fail "accepted signature for $t with expired CA key"
497 trace "$tid: key type $t verify CA/cert lifespan mismatch"
506 fail "accepted signature for $t key with expired CA but valid cert"
510 # Test key independant match-principals