upstream: regression test for printing of private key fingerprints and

key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
ok dtucker@

OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004

diff --git a/regress/Makefile b/regress/Makefile
index 8f7b5aa99fefa0162c133ef557ab90427a104a1d..62794d25fc421ffe67062a10394207968f6aa58f 100644 (file)
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.107 2020/04/03 02:33:31 dtucker Exp $
+#      $OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $
 
 tests:         prep file-tests t-exec unit
 
@@ -91,8 +91,8 @@ LTESTS=       connect \
                servcfginclude \
                allow-deny-users \
                authinfo \
-               sshsig
-
+               sshsig \
+               keygen-comment
 
 
 INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers

diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh
new file mode 100644 (file)
index 0000000..74a734a
--- /dev/null
+++ b/regress/keygen-comment.sh
@@ -0,0 +1,52 @@
+#    Placed in the Public Domain.
+
+tid="Comment extraction from private key"
+
+S1="secret1"
+
+check_fingerprint () {
+       file="$1"
+       comment="$2"
+       trace "fingerprinting $file"
+       if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
+               fail "ssh-keygen -l failed for $t-key"
+       fi
+       if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \
+           $OBJ/$t-fgp >/dev/null 2>&1 ; then
+               fail "comment is not correctly recovered for $t-key"
+       fi
+       rm -f $OBJ/$t-fgp
+}
+
+for fmt in '' RFC4716 PKCS8 PEM; do
+       for t in $SSH_KEYTYPES; do
+               trace "generating $t key in '$fmt' format"
+               rm -f $OBJ/$t-key*
+               oldfmt=""
+               case "$fmt" in
+               PKCS8|PEM) oldfmt=1 ;;
+               esac
+               # Some key types like ssh-ed25519 and *@openssh.com are never
+               # stored in old formats.
+               case "$t" in
+               ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
+               esac
+               comment="foo bar"
+               fmtarg=""
+               test -z "$fmt" || fmtarg="-m $fmt"
+               ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
+                   -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
+                       fatal "keygen of $t in format $fmt failed"
+               check_fingerprint $OBJ/$t-key "${comment}"
+               check_fingerprint $OBJ/$t-key.pub "${comment}"
+               # Output fingerprint using only private file
+               trace "fingerprinting $t key using private key file"
+               rm -f $OBJ/$t-key.pub
+               if [ ! -z "$oldfmt" ] ; then
+                       # Comment cannot be recovered from old format keys.
+                       comment="no comment"
+               fi
+               check_fingerprint $OBJ/$t-key "${comment}"
+               rm -f $OBJ/$t-key*
+       done
+done