1*25749746SEd Maste# $OpenBSD: ssh-pkcs11.sh,v 1.1 2025/10/16 00:01:54 djm Exp $ 2*25749746SEd Maste# Placed in the Public Domain. 3*25749746SEd Maste 4*25749746SEd Mastetid="pkcs11 ssh test" 5*25749746SEd Maste 6*25749746SEd Mastep11_setup || skip "No PKCS#11 library found" 7*25749746SEd Maste 8*25749746SEd Mastegrep -iv IdentityFile $OBJ/ssh_proxy | 9*25749746SEd Maste grep -vi BatchMode > $OBJ/ssh_proxy.orig 10*25749746SEd Maste#echo "IdentitiesOnly=yes" >> $OBJ/ssh_proxy.orig 11*25749746SEd Masteecho "PKCS11Provider=${TEST_SSH_PKCS11}" >> $OBJ/ssh_proxy.orig 12*25749746SEd Maste 13*25749746SEd Mastecheck_all() { 14*25749746SEd Maste tag="$1" 15*25749746SEd Maste expect_success=$2 16*25749746SEd Maste pinsh="$3" 17*25749746SEd Maste for k in $ED25519 $RSA $EC; do 18*25749746SEd Maste kshort=`basename "$k"` 19*25749746SEd Maste verbose "$tag: $kshort" 20*25749746SEd Maste pub="$k.pub" 21*25749746SEd Maste cp $pub $OBJ/key.pub 22*25749746SEd Maste chmod 0600 $OBJ/key.pub 23*25749746SEd Maste cat $OBJ/key.pub > $OBJ/authorized_keys_$USER 24*25749746SEd Maste cp $OBJ/ssh_proxy.orig $OBJ/ssh_proxy 25*25749746SEd Maste env SSH_ASKPASS="$pinsh" SSH_ASKPASS_REQUIRE=force \ 26*25749746SEd Maste ${SSH} -F $OBJ/ssh_proxy somehost exit 5 >/dev/null 2>&1 27*25749746SEd Maste r=$? 28*25749746SEd Maste if [ "x$expect_success" = "xy" ]; then 29*25749746SEd Maste if [ $r -ne 5 ]; then 30*25749746SEd Maste fail "ssh connect failed (exit code $r)" 31*25749746SEd Maste fi 32*25749746SEd Maste elif [ $r -eq 5 ]; then 33*25749746SEd Maste fail "ssh connect succeeded unexpectedly (exit code $r)" 34*25749746SEd Maste fi 35*25749746SEd Maste done 36*25749746SEd Maste} 37*25749746SEd Maste 38*25749746SEd Mastecheck_all "correct pin" y $PIN_SH 39*25749746SEd Mastecheck_all "wrong pin" n $WRONGPIN_SH 40*25749746SEd Mastecheck_all "nopin" n `which true` 41