summaryrefslogtreecommitdiff
path: root/regress/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2023-10-06 03:25:15 +0000
committerDamien Miller <djm@cvs.openbsd.org>2023-10-06 03:25:15 +0000
commit01c8d4be1d2fa1053b3dd6fcc2f46fa8c279f80d (patch)
tree61876ce61d7e61095f8f893d337bea6b7a81178c /regress/usr.bin
parentef74cb78e3ee51a42422b1112e44eeec904eb9fe (diff)
Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when it breaks.
Diffstat (limited to 'regress/usr.bin')
-rw-r--r--regress/usr.bin/ssh/agent-pkcs11.sh27
1 files changed, 17 insertions, 10 deletions
diff --git a/regress/usr.bin/ssh/agent-pkcs11.sh b/regress/usr.bin/ssh/agent-pkcs11.sh
index 91674c3a686..7a5664542b0 100644
--- a/regress/usr.bin/ssh/agent-pkcs11.sh
+++ b/regress/usr.bin/ssh/agent-pkcs11.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: agent-pkcs11.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $
+# $OpenBSD: agent-pkcs11.sh,v 1.10 2023/10/06 03:25:14 djm Exp $
# Placed in the Public Domain.
tid="pkcs11 agent test"
@@ -38,6 +38,7 @@ export SSH_ASKPASS
unset DISPLAY
# start command w/o tty, so ssh-add accepts pin from stdin
+# XXX could force askpass instead
notty() {
perl -e 'use POSIX; POSIX::setsid();
if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
@@ -45,18 +46,23 @@ notty() {
trace "generating keys"
RSA=${DIR}/RSA
+RSAP8=${DIR}/RSAP8
+ECPARAM=${DIR}/ECPARAM
EC=${DIR}/EC
-$OPENSSL_BIN genpkey -algorithm rsa > $RSA
-$OPENSSL_BIN pkcs8 -nocrypt -in $RSA |\
- softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin
+ECP8=${DIR}/ECP8
+$OPENSSL_BIN genpkey -algorithm rsa > $RSA || fatal "genpkey RSA fail"
+$OPENSSL_BIN pkcs8 -nocrypt -in $RSA > $RSAP8 || fatal "pkcs8 RSA fail"
+softhsm2-util --slot "$slot" --label 01 --id 01 \
+ --pin "$TEST_SSH_PIN" --import $RSAP8 || fatal "softhsm import RSA fail"
+
$OPENSSL_BIN genpkey \
-genparam \
-algorithm ec \
- -pkeyopt ec_paramgen_curve:prime256v1 |\
- $OPENSSL_BIN genpkey \
- -paramfile /dev/stdin > $EC
-$OPENSSL_BIN pkcs8 -nocrypt -in $EC |\
- softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin
+ -pkeyopt ec_paramgen_curve:prime256v1 > $ECPARAM || fatal "param EC fail"
+$OPENSSL_BIN genpkey -paramfile $ECPARAM > $EC || fatal "genpkey EC fail"
+$OPENSSL_BIN pkcs8 -nocrypt -in $EC > $ECP8 || fatal "pkcs8 EC fail"
+softhsm2-util --slot "$slot" --label 02 --id 02 \
+ --pin "$TEST_SSH_PIN" --import $ECP8 || fatal "softhasm import EC fail"
trace "start agent"
eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
@@ -83,7 +89,8 @@ else
chmod 600 $k
ssh-keygen -y -f $k > $k.pub
pub=$(cat $k.pub)
- ${SSHADD} -L | grep -q "$pub" || fail "key $k missing in ssh-add -L"
+ ${SSHADD} -L | grep -q "$pub" || \
+ fail "key $k missing in ssh-add -L"
${SSHADD} -T $k.pub || fail "ssh-add -T with $k failed"
# add to authorized keys