1# $OpenBSD: ssh-pkcs11.sh,v 1.1 2025/10/16 00:01:54 djm Exp $ 2# Placed in the Public Domain. 3 4tid="pkcs11 ssh test" 5 6p11_setup || skip "No PKCS#11 library found" 7 8grep -iv IdentityFile $OBJ/ssh_proxy | 9 grep -vi BatchMode > $OBJ/ssh_proxy.orig 10#echo "IdentitiesOnly=yes" >> $OBJ/ssh_proxy.orig 11echo "PKCS11Provider=${TEST_SSH_PKCS11}" >> $OBJ/ssh_proxy.orig 12 13check_all() { 14 tag="$1" 15 expect_success=$2 16 pinsh="$3" 17 for k in $ED25519 $RSA $EC; do 18 kshort=`basename "$k"` 19 verbose "$tag: $kshort" 20 pub="$k.pub" 21 cp $pub $OBJ/key.pub 22 chmod 0600 $OBJ/key.pub 23 cat $OBJ/key.pub > $OBJ/authorized_keys_$USER 24 cp $OBJ/ssh_proxy.orig $OBJ/ssh_proxy 25 env SSH_ASKPASS="$pinsh" SSH_ASKPASS_REQUIRE=force \ 26 ${SSH} -F $OBJ/ssh_proxy somehost exit 5 >/dev/null 2>&1 27 r=$? 28 if [ "x$expect_success" = "xy" ]; then 29 if [ $r -ne 5 ]; then 30 fail "ssh connect failed (exit code $r)" 31 fi 32 elif [ $r -eq 5 ]; then 33 fail "ssh connect succeeded unexpectedly (exit code $r)" 34 fi 35 done 36} 37 38check_all "correct pin" y $PIN_SH 39check_all "wrong pin" n $WRONGPIN_SH 40check_all "nopin" n `which true` 41