xref: /freebsd/crypto/openssh/regress/keygen-comment.sh (revision 19261079b74319502c6ffa1249920079f0f69a72) 
1*19261079SEd Maste#    Placed in the Public Domain.
2*19261079SEd Maste
3*19261079SEd Mastetid="Comment extraction from private key"
4*19261079SEd Maste
5*19261079SEd MasteS1="secret1"
6*19261079SEd Maste
7*19261079SEd Mastecheck_fingerprint () {
8*19261079SEd Maste	file="$1"
9*19261079SEd Maste	comment="$2"
10*19261079SEd Maste	trace "fingerprinting $file"
11*19261079SEd Maste	if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
12*19261079SEd Maste		fail "ssh-keygen -l failed for $t-key"
13*19261079SEd Maste	fi
14*19261079SEd Maste	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
15*19261079SEd Maste	    $OBJ/$t-fgp >/dev/null 2>&1 ; then
16*19261079SEd Maste		fail "comment is not correctly recovered for $t-key"
17*19261079SEd Maste	fi
18*19261079SEd Maste	rm -f $OBJ/$t-fgp
19*19261079SEd Maste}
20*19261079SEd Maste
21*19261079SEd Mastefor fmt in '' RFC4716 PKCS8 PEM; do
22*19261079SEd Maste	for t in $SSH_KEYTYPES; do
23*19261079SEd Maste		trace "generating $t key in '$fmt' format"
24*19261079SEd Maste		rm -f $OBJ/$t-key*
25*19261079SEd Maste		oldfmt=""
26*19261079SEd Maste		case "$fmt" in
27*19261079SEd Maste		PKCS8|PEM) oldfmt=1 ;;
28*19261079SEd Maste		esac
29*19261079SEd Maste		# Some key types like ssh-ed25519 and *@openssh.com are never
30*19261079SEd Maste		# stored in old formats.
31*19261079SEd Maste		case "$t" in
32*19261079SEd Maste		ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
33*19261079SEd Maste		esac
34*19261079SEd Maste		comment="foo bar"
35*19261079SEd Maste		fmtarg=""
36*19261079SEd Maste		test -z "$fmt" || fmtarg="-m $fmt"
37*19261079SEd Maste		${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
38*19261079SEd Maste		    -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
39*19261079SEd Maste			fatal "keygen of $t in format $fmt failed"
40*19261079SEd Maste		check_fingerprint $OBJ/$t-key "${comment}"
41*19261079SEd Maste		check_fingerprint $OBJ/$t-key.pub "${comment}"
42*19261079SEd Maste		# Output fingerprint using only private file
43*19261079SEd Maste		trace "fingerprinting $t key using private key file"
44*19261079SEd Maste		rm -f $OBJ/$t-key.pub
45*19261079SEd Maste		if [ ! -z "$oldfmt" ] ; then
46*19261079SEd Maste			# Comment cannot be recovered from old format keys.
47*19261079SEd Maste			comment="no comment"
48*19261079SEd Maste		fi
49*19261079SEd Maste		check_fingerprint $OBJ/$t-key "${comment}"
50*19261079SEd Maste		rm -f $OBJ/$t-key*
51*19261079SEd Maste	done
52*19261079SEd Mastedone
53