[openssh-commits] [openssh] 02/02: upstream: regression test for printing of private key fingerprints and

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Apr 20 14:47:33 AEST 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d00d07b6744d3b4bb7aca46c734ecd670148da23
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Apr 20 04:44:47 2020 +0000

    upstream: regression test for printing of private key fingerprints and
    
    key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
    ok dtucker@
    
    OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
---
 regress/Makefile          |  6 +++---
 regress/keygen-comment.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/regress/Makefile b/regress/Makefile
index 8f7b5aa9..62794d25 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.107 2020/04/03 02:33:31 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $
 
 tests:		prep file-tests t-exec unit
 
@@ -91,8 +91,8 @@ LTESTS= 	connect \
 		servcfginclude \
 		allow-deny-users \
 		authinfo \
-		sshsig
-
+		sshsig \
+		keygen-comment
 
 
 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh
new file mode 100644
index 00000000..74a734af
--- /dev/null
+++ b/regress/keygen-comment.sh
@@ -0,0 +1,52 @@
+#    Placed in the Public Domain.
+
+tid="Comment extraction from private key"
+
+S1="secret1"
+
+check_fingerprint () {
+	file="$1"
+	comment="$2"
+	trace "fingerprinting $file"
+	if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
+		fail "ssh-keygen -l failed for $t-key"
+	fi
+	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \
+	    $OBJ/$t-fgp >/dev/null 2>&1 ; then
+		fail "comment is not correctly recovered for $t-key"
+	fi
+	rm -f $OBJ/$t-fgp
+}
+
+for fmt in '' RFC4716 PKCS8 PEM; do
+	for t in $SSH_KEYTYPES; do
+		trace "generating $t key in '$fmt' format"
+		rm -f $OBJ/$t-key*
+		oldfmt=""
+		case "$fmt" in
+		PKCS8|PEM) oldfmt=1 ;;
+		esac
+		# Some key types like ssh-ed25519 and *@openssh.com are never
+		# stored in old formats.
+		case "$t" in
+		ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
+		esac
+		comment="foo bar"
+		fmtarg=""
+		test -z "$fmt" || fmtarg="-m $fmt"
+		${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
+		    -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
+			fatal "keygen of $t in format $fmt failed"
+		check_fingerprint $OBJ/$t-key "${comment}"
+		check_fingerprint $OBJ/$t-key.pub "${comment}"
+		# Output fingerprint using only private file
+		trace "fingerprinting $t key using private key file"
+		rm -f $OBJ/$t-key.pub
+		if [ ! -z "$oldfmt" ] ; then
+			# Comment cannot be recovered from old format keys.
+			comment="no comment"
+		fi
+		check_fingerprint $OBJ/$t-key "${comment}"
+		rm -f $OBJ/$t-key*
+	done
+done

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list