diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2023-10-06 03:25:15 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2023-10-06 03:25:15 +0000 |
commit | 01c8d4be1d2fa1053b3dd6fcc2f46fa8c279f80d (patch) | |
tree | 61876ce61d7e61095f8f893d337bea6b7a81178c /regress/usr.bin | |
parent | ef74cb78e3ee51a42422b1112e44eeec904eb9fe (diff) |
Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.
Diffstat (limited to 'regress/usr.bin')
-rw-r--r-- | regress/usr.bin/ssh/agent-pkcs11.sh | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/regress/usr.bin/ssh/agent-pkcs11.sh b/regress/usr.bin/ssh/agent-pkcs11.sh index 91674c3a686..7a5664542b0 100644 --- a/regress/usr.bin/ssh/agent-pkcs11.sh +++ b/regress/usr.bin/ssh/agent-pkcs11.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-pkcs11.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $ +# $OpenBSD: agent-pkcs11.sh,v 1.10 2023/10/06 03:25:14 djm Exp $ # Placed in the Public Domain. tid="pkcs11 agent test" @@ -38,6 +38,7 @@ export SSH_ASKPASS unset DISPLAY # start command w/o tty, so ssh-add accepts pin from stdin +# XXX could force askpass instead notty() { perl -e 'use POSIX; POSIX::setsid(); if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" @@ -45,18 +46,23 @@ notty() { trace "generating keys" RSA=${DIR}/RSA +RSAP8=${DIR}/RSAP8 +ECPARAM=${DIR}/ECPARAM EC=${DIR}/EC -$OPENSSL_BIN genpkey -algorithm rsa > $RSA -$OPENSSL_BIN pkcs8 -nocrypt -in $RSA |\ - softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin +ECP8=${DIR}/ECP8 +$OPENSSL_BIN genpkey -algorithm rsa > $RSA || fatal "genpkey RSA fail" +$OPENSSL_BIN pkcs8 -nocrypt -in $RSA > $RSAP8 || fatal "pkcs8 RSA fail" +softhsm2-util --slot "$slot" --label 01 --id 01 \ + --pin "$TEST_SSH_PIN" --import $RSAP8 || fatal "softhsm import RSA fail" + $OPENSSL_BIN genpkey \ -genparam \ -algorithm ec \ - -pkeyopt ec_paramgen_curve:prime256v1 |\ - $OPENSSL_BIN genpkey \ - -paramfile /dev/stdin > $EC -$OPENSSL_BIN pkcs8 -nocrypt -in $EC |\ - softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin + -pkeyopt ec_paramgen_curve:prime256v1 > $ECPARAM || fatal "param EC fail" +$OPENSSL_BIN genpkey -paramfile $ECPARAM > $EC || fatal "genpkey EC fail" +$OPENSSL_BIN pkcs8 -nocrypt -in $EC > $ECP8 || fatal "pkcs8 EC fail" +softhsm2-util --slot "$slot" --label 02 --id 02 \ + --pin "$TEST_SSH_PIN" --import $ECP8 || fatal "softhasm import EC fail" trace "start agent" eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null @@ -83,7 +89,8 @@ else chmod 600 $k ssh-keygen -y -f $k > $k.pub pub=$(cat $k.pub) - ${SSHADD} -L | grep -q "$pub" || fail "key $k missing in ssh-add -L" + ${SSHADD} -L | grep -q "$pub" || \ + fail "key $k missing in ssh-add -L" ${SSHADD} -T $k.pub || fail "ssh-add -T with $k failed" # add to authorized keys |