1*ce3adf43SDag-Erling Smørgrav# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $ 2*ce3adf43SDag-Erling Smørgrav# Placed in the Public Domain. 3*ce3adf43SDag-Erling Smørgrav 4*ce3adf43SDag-Erling Smørgravtid="pkcs11 agent test" 5*ce3adf43SDag-Erling Smørgrav 6*ce3adf43SDag-Erling SmørgravTEST_SSH_PIN="" 7*ce3adf43SDag-Erling SmørgravTEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 8*ce3adf43SDag-Erling Smørgrav 9*ce3adf43SDag-Erling Smørgrav# setup environment for soft-pkcs11 token 10*ce3adf43SDag-Erling SmørgravSOFTPKCS11RC=$OBJ/pkcs11.info 11*ce3adf43SDag-Erling Smørgravexport SOFTPKCS11RC 12*ce3adf43SDag-Erling Smørgrav# prevent ssh-agent from calling ssh-askpass 13*ce3adf43SDag-Erling SmørgravSSH_ASKPASS=/usr/bin/true 14*ce3adf43SDag-Erling Smørgravexport SSH_ASKPASS 15*ce3adf43SDag-Erling Smørgravunset DISPLAY 16*ce3adf43SDag-Erling Smørgrav 17*ce3adf43SDag-Erling Smørgrav# start command w/o tty, so ssh-add accepts pin from stdin 18*ce3adf43SDag-Erling Smørgravnotty() { 19*ce3adf43SDag-Erling Smørgrav perl -e 'use POSIX; POSIX::setsid(); 20*ce3adf43SDag-Erling Smørgrav if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" 21*ce3adf43SDag-Erling Smørgrav} 22*ce3adf43SDag-Erling Smørgrav 23*ce3adf43SDag-Erling Smørgravtrace "start agent" 24*ce3adf43SDag-Erling Smørgraveval `${SSHAGENT} -s` > /dev/null 25*ce3adf43SDag-Erling Smørgravr=$? 26*ce3adf43SDag-Erling Smørgravif [ $r -ne 0 ]; then 27*ce3adf43SDag-Erling Smørgrav fail "could not start ssh-agent: exit code $r" 28*ce3adf43SDag-Erling Smørgravelse 29*ce3adf43SDag-Erling Smørgrav trace "generating key/cert" 30*ce3adf43SDag-Erling Smørgrav rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt 31*ce3adf43SDag-Erling Smørgrav openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 32*ce3adf43SDag-Erling Smørgrav chmod 600 $OBJ/pkcs11.key 33*ce3adf43SDag-Erling Smørgrav openssl req -key $OBJ/pkcs11.key -new -x509 \ 34*ce3adf43SDag-Erling Smørgrav -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null 35*ce3adf43SDag-Erling Smørgrav printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC 36*ce3adf43SDag-Erling Smørgrav # add to authorized keys 37*ce3adf43SDag-Erling Smørgrav ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER 38*ce3adf43SDag-Erling Smørgrav 39*ce3adf43SDag-Erling Smørgrav trace "add pkcs11 key to agent" 40*ce3adf43SDag-Erling Smørgrav echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 41*ce3adf43SDag-Erling Smørgrav r=$? 42*ce3adf43SDag-Erling Smørgrav if [ $r -ne 0 ]; then 43*ce3adf43SDag-Erling Smørgrav fail "ssh-add -s failed: exit code $r" 44*ce3adf43SDag-Erling Smørgrav fi 45*ce3adf43SDag-Erling Smørgrav 46*ce3adf43SDag-Erling Smørgrav trace "pkcs11 list via agent" 47*ce3adf43SDag-Erling Smørgrav ${SSHADD} -l > /dev/null 2>&1 48*ce3adf43SDag-Erling Smørgrav r=$? 49*ce3adf43SDag-Erling Smørgrav if [ $r -ne 0 ]; then 50*ce3adf43SDag-Erling Smørgrav fail "ssh-add -l failed: exit code $r" 51*ce3adf43SDag-Erling Smørgrav fi 52*ce3adf43SDag-Erling Smørgrav 53*ce3adf43SDag-Erling Smørgrav trace "pkcs11 connect via agent" 54*ce3adf43SDag-Erling Smørgrav ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 55*ce3adf43SDag-Erling Smørgrav r=$? 56*ce3adf43SDag-Erling Smørgrav if [ $r -ne 5 ]; then 57*ce3adf43SDag-Erling Smørgrav fail "ssh connect failed (exit code $r)" 58*ce3adf43SDag-Erling Smørgrav fi 59*ce3adf43SDag-Erling Smørgrav 60*ce3adf43SDag-Erling Smørgrav trace "remove pkcs11 keys" 61*ce3adf43SDag-Erling Smørgrav echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 62*ce3adf43SDag-Erling Smørgrav r=$? 63*ce3adf43SDag-Erling Smørgrav if [ $r -ne 0 ]; then 64*ce3adf43SDag-Erling Smørgrav fail "ssh-add -e failed: exit code $r" 65*ce3adf43SDag-Erling Smørgrav fi 66*ce3adf43SDag-Erling Smørgrav 67*ce3adf43SDag-Erling Smørgrav trace "kill agent" 68*ce3adf43SDag-Erling Smørgrav ${SSHAGENT} -k > /dev/null 69*ce3adf43SDag-Erling Smørgravfi 70