From: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Fri, 23 Jul 2021 04:56:21 +0000 (+0000)
Subject: upstream: Add test for exporting pubkey from a passphrase-protected
X-Git-Tag: V_8_7_P1~86
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b7af02dcf9d2b738787efd27da7ffda9859bed2;p=thirdparty%2Fopenssh-portable.git

upstream: Add test for exporting pubkey from a passphrase-protected

private key.

OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac
---

diff --git a/regress/Makefile b/regress/Makefile
index c4fc50ce9..86f5f9435 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.113 2021/07/19 02:46:34 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.114 2021/07/23 04:56:21 dtucker Exp $
 
 tests:		prep file-tests t-exec unit
 
@@ -117,7 +117,7 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
 		host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
 		host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
 		key.dsa-* key.ecdsa-* key.ed25519-512 \
-		key.ed25519-512.pub key.rsa-* keys-command-args kh.* \
+		key.ed25519-512.pub key.rsa-* keys-command-args kh.* askpass \
 		known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
 		modpipe netcat no_identity_config \
 		pidfile putty.rsa2 ready regress.log remote_pid \
diff --git a/regress/keygen-convert.sh b/regress/keygen-convert.sh
index fce110ea1..776495580 100644
--- a/regress/keygen-convert.sh
+++ b/regress/keygen-convert.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keygen-convert.sh,v 1.2 2019/07/23 07:55:29 dtucker Exp $
+#	$OpenBSD: keygen-convert.sh,v 1.3 2021/07/23 04:56:21 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="convert keys"
@@ -11,6 +11,12 @@ for i in ${SSH_KEYTYPES}; do
 	esac
 done
 
+cat > $OBJ/askpass <<EOD
+#!/bin/sh
+echo hunter2
+EOD
+chmod u+x $OBJ/askpass
+
 for t in $types; do
 	# generate user key for agent
 	trace "generating $t key"
@@ -36,6 +42,16 @@ for t in $types; do
 	cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
 	    fail "$t imported differs from original"
 
+	trace "set passphrase $t"
+	${SSHKEYGEN} -q -p -P '' -N 'hunter2' -f $OBJ/$t-key >/dev/null || \
+	    fail "$t set passphrase failed"
+
+	trace "export $t to public with passphrase"
+	SSH_ASKPASS=$OBJ/askpass SSH_ASKPASS_REQUIRE=force \
+	    ${SSHKEYGEN} -y -f $OBJ/$t-key >$OBJ/$t-key-nocomment.pub
+	cmp $OBJ/$t-key.pub $OBJ/$t-key-nocomment.pub || \
+	    fail "$t exported pubkey differs from generated"
+
 	rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \
 	    $OBJ/$t-rfc-imported $OBJ/$t-key-nocomment.pub
 done