xref: /freebsd/crypto/openssh/regress/keygen-comment.sh (revision 5956d97f4b3204318ceb6aa9c77bd0bc6ea87a41)
1#    Placed in the Public Domain.
2
3tid="Comment extraction from private key"
4
5S1="secret1"
6
7check_fingerprint () {
8	file="$1"
9	comment="$2"
10	trace "fingerprinting $file"
11	if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
12		fail "ssh-keygen -l failed for $t-key"
13	fi
14	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
15	    $OBJ/$t-fgp >/dev/null 2>&1 ; then
16		fail "comment is not correctly recovered for $t-key"
17	fi
18	rm -f $OBJ/$t-fgp
19}
20
21for fmt in '' RFC4716 PKCS8 PEM; do
22	for t in $SSH_KEYTYPES; do
23		trace "generating $t key in '$fmt' format"
24		rm -f $OBJ/$t-key*
25		oldfmt=""
26		case "$fmt" in
27		PKCS8|PEM) oldfmt=1 ;;
28		esac
29		# Some key types like ssh-ed25519 and *@openssh.com are never
30		# stored in old formats.
31		case "$t" in
32		ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
33		esac
34		comment="foo bar"
35		fmtarg=""
36		test -z "$fmt" || fmtarg="-m $fmt"
37		${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
38		    -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
39			fatal "keygen of $t in format $fmt failed"
40		check_fingerprint $OBJ/$t-key "${comment}"
41		check_fingerprint $OBJ/$t-key.pub "${comment}"
42		# Output fingerprint using only private file
43		trace "fingerprinting $t key using private key file"
44		rm -f $OBJ/$t-key.pub
45		if [ ! -z "$oldfmt" ] ; then
46			# Comment cannot be recovered from old format keys.
47			comment="no comment"
48		fi
49		check_fingerprint $OBJ/$t-key "${comment}"
50		rm -f $OBJ/$t-key*
51	done
52done
53