xref: /freebsd/crypto/openssh/regress/agent-pkcs11.sh (revision ce3adf4362fcca6a43e500b2531f0038adbfbd21)
1*ce3adf43SDag-Erling Smørgrav#	$OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
2*ce3adf43SDag-Erling Smørgrav#	Placed in the Public Domain.
3*ce3adf43SDag-Erling Smørgrav
4*ce3adf43SDag-Erling Smørgravtid="pkcs11 agent test"
5*ce3adf43SDag-Erling Smørgrav
6*ce3adf43SDag-Erling SmørgravTEST_SSH_PIN=""
7*ce3adf43SDag-Erling SmørgravTEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
8*ce3adf43SDag-Erling Smørgrav
9*ce3adf43SDag-Erling Smørgrav# setup environment for soft-pkcs11 token
10*ce3adf43SDag-Erling SmørgravSOFTPKCS11RC=$OBJ/pkcs11.info
11*ce3adf43SDag-Erling Smørgravexport SOFTPKCS11RC
12*ce3adf43SDag-Erling Smørgrav# prevent ssh-agent from calling ssh-askpass
13*ce3adf43SDag-Erling SmørgravSSH_ASKPASS=/usr/bin/true
14*ce3adf43SDag-Erling Smørgravexport SSH_ASKPASS
15*ce3adf43SDag-Erling Smørgravunset DISPLAY
16*ce3adf43SDag-Erling Smørgrav
17*ce3adf43SDag-Erling Smørgrav# start command w/o tty, so ssh-add accepts pin from stdin
18*ce3adf43SDag-Erling Smørgravnotty() {
19*ce3adf43SDag-Erling Smørgrav	perl -e 'use POSIX; POSIX::setsid();
20*ce3adf43SDag-Erling Smørgrav	    if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
21*ce3adf43SDag-Erling Smørgrav}
22*ce3adf43SDag-Erling Smørgrav
23*ce3adf43SDag-Erling Smørgravtrace "start agent"
24*ce3adf43SDag-Erling Smørgraveval `${SSHAGENT} -s` > /dev/null
25*ce3adf43SDag-Erling Smørgravr=$?
26*ce3adf43SDag-Erling Smørgravif [ $r -ne 0 ]; then
27*ce3adf43SDag-Erling Smørgrav	fail "could not start ssh-agent: exit code $r"
28*ce3adf43SDag-Erling Smørgravelse
29*ce3adf43SDag-Erling Smørgrav	trace "generating key/cert"
30*ce3adf43SDag-Erling Smørgrav	rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
31*ce3adf43SDag-Erling Smørgrav	openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
32*ce3adf43SDag-Erling Smørgrav	chmod 600 $OBJ/pkcs11.key
33*ce3adf43SDag-Erling Smørgrav	openssl req -key $OBJ/pkcs11.key -new -x509 \
34*ce3adf43SDag-Erling Smørgrav	    -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
35*ce3adf43SDag-Erling Smørgrav	printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
36*ce3adf43SDag-Erling Smørgrav	# add to authorized keys
37*ce3adf43SDag-Erling Smørgrav	${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
38*ce3adf43SDag-Erling Smørgrav
39*ce3adf43SDag-Erling Smørgrav	trace "add pkcs11 key to agent"
40*ce3adf43SDag-Erling Smørgrav	echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
41*ce3adf43SDag-Erling Smørgrav	r=$?
42*ce3adf43SDag-Erling Smørgrav	if [ $r -ne 0 ]; then
43*ce3adf43SDag-Erling Smørgrav		fail "ssh-add -s failed: exit code $r"
44*ce3adf43SDag-Erling Smørgrav	fi
45*ce3adf43SDag-Erling Smørgrav
46*ce3adf43SDag-Erling Smørgrav	trace "pkcs11 list via agent"
47*ce3adf43SDag-Erling Smørgrav	${SSHADD} -l > /dev/null 2>&1
48*ce3adf43SDag-Erling Smørgrav	r=$?
49*ce3adf43SDag-Erling Smørgrav	if [ $r -ne 0 ]; then
50*ce3adf43SDag-Erling Smørgrav		fail "ssh-add -l failed: exit code $r"
51*ce3adf43SDag-Erling Smørgrav	fi
52*ce3adf43SDag-Erling Smørgrav
53*ce3adf43SDag-Erling Smørgrav	trace "pkcs11 connect via agent"
54*ce3adf43SDag-Erling Smørgrav	${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
55*ce3adf43SDag-Erling Smørgrav	r=$?
56*ce3adf43SDag-Erling Smørgrav	if [ $r -ne 5 ]; then
57*ce3adf43SDag-Erling Smørgrav		fail "ssh connect failed (exit code $r)"
58*ce3adf43SDag-Erling Smørgrav	fi
59*ce3adf43SDag-Erling Smørgrav
60*ce3adf43SDag-Erling Smørgrav	trace "remove pkcs11 keys"
61*ce3adf43SDag-Erling Smørgrav	echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
62*ce3adf43SDag-Erling Smørgrav	r=$?
63*ce3adf43SDag-Erling Smørgrav	if [ $r -ne 0 ]; then
64*ce3adf43SDag-Erling Smørgrav		fail "ssh-add -e failed: exit code $r"
65*ce3adf43SDag-Erling Smørgrav	fi
66*ce3adf43SDag-Erling Smørgrav
67*ce3adf43SDag-Erling Smørgrav	trace "kill agent"
68*ce3adf43SDag-Erling Smørgrav	${SSHAGENT} -k > /dev/null
69*ce3adf43SDag-Erling Smørgravfi
70