[PATCH 2/3] Add test for rounds conservation when passphrase or comment changes

[Loïc]

Add test for rounds conservation when passphrase or comment changes

These test are failing because the rounds number is reset to the default
value when the private is regenerated.


---
 regress/keygen-change.sh | 60 ++++++++++++++++++++++++++++++++--------
 1 file changed, 48 insertions(+), 12 deletions(-)

diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
index 3863e33b5287..25708d4114e8 100644
--- a/regress/keygen-change.sh
+++ b/regress/keygen-change.sh
@@ -1,22 +1,58 @@
 #    $OpenBSD: keygen-change.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
 #    Placed in the Public Domain.
 
-tid="change passphrase for key"
+tid="change passphrase and comment for key"
 
 S1="secret1"
 S2="2secret"
+C1="foobar1"
+C2="foobar2"
 
 for t in $SSH_KEYTYPES; do
-    trace "generating $t key"
-    rm -f $OBJ/$t-key
-    ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
-    if [ $? -eq 0 ]; then
-        ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
-        if [ $? -ne 0 ]; then
-            fail "ssh-keygen -p failed for $t-key"
+    for rounds in 2 16 18; do
+        trace "generating $t key with $rounds rounds"
+        rm -f $OBJ/$t-key
+        ${SSHKEYGEN} -q -a "${rounds}" -C "${C1}" -N ${S1} -t $t -f
$OBJ/$t-key
+        if [ $? -eq 0 ]; then
+            ${SSHKEYGEN} -y -v -P ${S1} -f $OBJ/$t-key > $OBJ/$t-pubref
+            if [ $? -ne 0 ]; then
+                fail "ssh-keygen -y failed for $t-key"
+            fi
+            ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+            if [ $? -ne 0 ]; then
+                fail "ssh-keygen -p failed for $t-key"
+            fi
+            # compare the output of -y -v before and after the change
+            # to check that public key, comments, kdf, cypher and
rounds are not changed
+            ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub
+            if [ $? -ne 0 ]; then
+                fail "ssh-keygen -y failed for $t-key"
+            fi
+            if ! cmp $OBJ/$t-pubref $OBJ/$t-pub > /dev/null 2>&1; then
+                fail "ssh-keygen -p changed the key somehow for $t-key"
+                diff $OBJ/$t-pubref $OBJ/$t-pub
+            fi
+            # Also check that changing the comment doesn't change the
other parameters
+            ${SSHKEYGEN} -c -C ${C2} -P ${S2} -f $OBJ/$t-key > /dev/null
+            if [ $? -ne 0 ]; then
+                fail "ssh-keygen -c failed for $t-key"
+            fi
+            # apply the comment change in the reference output
+            if ! sed "1 s/${C1}/${C2}/" $OBJ/$t-pub > $OBJ/$t-pubref2; then
+                fail "sed fail for $t-key"
+            fi
+            ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub
+            if [ $? -ne 0 ]; then
+                fail "ssh-keygen -y failed for $t-key"
+            fi
+            if ! cmp $OBJ/$t-pubref2 $OBJ/$t-pub > /dev/null 2>&1; then
+                fail "ssh-keygen -c changed the key somehow for $t-key"
+                diff $OBJ/$t-pubref2 $OBJ/$t-pub
+            fi
+            rm -f $OBJ/$t-pub $OBJ/$t-pubref
+        else
+            fail "ssh-keygen for $t-key failed"
         fi
-    else
-        fail "ssh-keygen for $t-key failed"
-    fi
-    rm -f $OBJ/$t-key $OBJ/$t-key.pub
+        rm -f $OBJ/$t-key $OBJ/$t-key.pub
+    done
 done
-- 
2.17.1