upstream: skip security-key key types for tests until we have a

dummy U2F middleware to use.

OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 86ea62504061440d531e85387f391da90254e335..82195b11bd92428f8897006da06a65bfa1266c5e 100644 (file)
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $
+#      $OpenBSD: cert-hostkey.sh,v 1.19 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="certified host keys"
@@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_*
 # Allow all hostkey/pubkey types, prefer certs for the client
 rsa=0
 types=""
-for i in `$SSH -Q key`; do
+for i in `$SSH -Q key | grep -v ^sk-`; do
        if [ -z "$types" ]; then
                types="$i"
                continue
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain
 touch $OBJ/host_revoked_cert
 cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
 
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain  | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
 
 if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
        PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 38c14a698092398a7362a668b92f8449b71f2611..51ac8dcb9e1290a7fcf61f35cee36229ed32b9de 100644 (file)
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $
+#      $OpenBSD: cert-userkey.sh,v 1.22 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="certified user keys"
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
 EXTRA_TYPES=""
 rsa=""
 

diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 811b6b9ab25a56cdd0303cf04f8d37757089d0d5..c581c7bfdd49b623fae662c5691cf4f9a10599f2 100644 (file)
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: hostkey-agent.sh,v 1.7 2017/04/30 23:34:55 djm Exp $
+#      $OpenBSD: hostkey-agent.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="hostkey agent"
@@ -14,7 +14,7 @@ grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
 echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
 
 trace "load hostkeys"
-for k in `${SSH} -Q key-plain` ; do
+for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do
        ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
        (
                printf 'localhost-with-alias,127.0.0.1,::1 '
@@ -31,7 +31,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
 unset SSH_AUTH_SOCK
 
 for ps in no yes; do
-       for k in `${SSH} -Q key-plain` ; do
+       for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do
                verbose "key type $k privsep=$ps"
                cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
                echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy

diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh
index cc6bd9cf6f79c0f0615901c1628983dc1e3ce9ad..707e32908e6aeb7f008249039f7924dfeafb2aad 100644 (file)
--- a/regress/hostkey-rotate.sh
+++ b/regress/hostkey-rotate.sh
@@ -1,10 +1,10 @@
-#      $OpenBSD: hostkey-rotate.sh,v 1.6 2019/08/30 05:08:28 dtucker Exp $
+#      $OpenBSD: hostkey-rotate.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="hostkey rotate"
 
 # Need full names here since they are used in HostKeyAlgorithms
-HOSTKEY_TYPES="`${SSH} -Q key-plain`"
+HOSTKEY_TYPES="`${SSH} -Q key-plain | grep -v ^sk-`"
 
 rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig
 

diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
index 8b8acd52fb9fbcd659b0f0962739ef17164090af..c62f2c17c78d73ab786b15558d891874a8581607 100644 (file)
--- a/regress/keygen-change.sh
+++ b/regress/keygen-change.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: keygen-change.sh,v 1.6 2017/04/30 23:34:55 djm Exp $
+#      $OpenBSD: keygen-change.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="change passphrase for key"
@@ -6,7 +6,7 @@ tid="change passphrase for key"
 S1="secret1"
 S2="2secret"
 
-KEYTYPES=`${SSH} -Q key-plain`
+KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-`
 
 for t in $KEYTYPES; do
        # generate user key for agent

diff --git a/regress/keyscan.sh b/regress/keyscan.sh
index 8940d24b6391ab84d9705409c5c211372d62e71b..4e16ecd8742fb2ffcd527aeebf8e957893436f87 100644 (file)
--- a/regress/keyscan.sh
+++ b/regress/keyscan.sh
@@ -1,9 +1,9 @@
-#      $OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $
+#      $OpenBSD: keyscan.sh,v 1.10 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="keyscan"
 
-KEYTYPES=`${SSH} -Q key-plain`
+KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-`
 for i in $KEYTYPES; do
        if [ -z "$algs" ]; then
                algs="$i"

diff --git a/regress/krl.sh b/regress/krl.sh
index e18d0ec7f679e2c1863a558f930525ddd3f5af9f..c9b2e67eb3f7b5877313fbc6ba71544c6bbced10 100644 (file)
--- a/regress/krl.sh
+++ b/regress/krl.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $
+#      $OpenBSD: krl.sh,v 1.9 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="key revocation lists"
@@ -6,7 +6,7 @@ tid="key revocation lists"
 # Use ed25519 by default since it's fast and it's supported when building
 # w/out OpenSSL.  Populate ktype[2-4] with the other types if supported.
 ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519
-for t in `${SSH} -Q key-plain`; do
+for t in `${SSH} -Q key-plain | grep -v ^sk-`; do
        case "$t" in
                ecdsa*)         ktype2=ecdsa ;;
                ssh-rsa)        ktype3=rsa ;;

diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh
index 5c30af0063a68bff8a2687920ea04de1f91ec562..6eb255c24024c081dee98a10ba40bb460200ea54 100644 (file)
--- a/regress/limit-keytype.sh
+++ b/regress/limit-keytype.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $
+#      $OpenBSD: limit-keytype.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -10,7 +10,7 @@ mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
 
 ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1
-for t in `${SSH} -Q key-plain`; do
+for t in `${SSH} -Q key-plain | grep -v ^sk-`; do
        case "$t" in
                ssh-rsa)        ktype2=rsa ;;
                ecdsa*)         ktype3=ecdsa ;;  # unused

diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index 7d380325bb26238c54f2f9fdf5b5ae41a8319e7b..005c6b7d6b278e3157196521f42b91a230345068 100644 (file)
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $
+#      $OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 tid="authorized principals command"
@@ -12,7 +12,7 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then
        exit 0
 fi
 
-case "`${SSH} -Q key-plain`" in
+case "`${SSH} -Q key-plain | grep -v ^sk-`" in
        *ssh-rsa*)      userkeytype=rsa ;;
        *)              userkeytype=ed25519 ;;
 esac

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 508b93284a287bd4af66310bec8e2ac08796f6d0..3f1685bb099d1319b2872a3606f57de87d49acbd 100644 (file)
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: test-exec.sh,v 1.66 2019/07/05 04:12:46 dtucker Exp $
+#      $OpenBSD: test-exec.sh,v 1.67 2019/11/01 01:55:41 djm Exp $
 #      Placed in the Public Domain.
 
 #SUDO=sudo
@@ -475,7 +475,7 @@ fi
 
 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
 
-SSH_KEYTYPES=`$SSH -Q key-plain`
+SSH_KEYTYPES=`$SSH -Q key-plain | grep -v ^sk`
 
 for t in ${SSH_KEYTYPES}; do
        # generate user key