upstream: regression test for printing of private key fingerprints and

key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
2020-04-20 04:44:47 +00:00 · 2020-04-20 04:44:47 +00:00 · d00d07b674
parent a98d5ba31e
commit d00d07b674
2 changed files with 55 additions and 3 deletions
--- a/regress/Makefile
+++ b/regress/Makefile
@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.107 2020/04/03 02:33:31 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $

 tests:		prep file-tests t-exec unit

@ -91,8 +91,8 @@ LTESTS= 	connect \
 		servcfginclude \
 		allow-deny-users \
 		authinfo \
-		sshsig
-
+		sshsig \
+		keygen-comment


 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
--- a/regress/keygen-comment.sh
+++ b/regress/keygen-comment.sh
@ -0,0 +1,52 @@
+#    Placed in the Public Domain.
+
+tid="Comment extraction from private key"
+
+S1="secret1"
+
+check_fingerprint () {
+	file="$1"
+	comment="$2"
+	trace "fingerprinting $file"
+	if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
+		fail "ssh-keygen -l failed for $t-key"
+	fi
+	if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)$" \
+	    $OBJ/$t-fgp >/dev/null 2>&1 ; then
+		fail "comment is not correctly recovered for $t-key"
+	fi
+	rm -f $OBJ/$t-fgp
+}
+
+for fmt in '' RFC4716 PKCS8 PEM; do
+	for t in $SSH_KEYTYPES; do
+		trace "generating $t key in '$fmt' format"
+		rm -f $OBJ/$t-key*
+		oldfmt=""
+		case "$fmt" in
+		PKCS8|PEM) oldfmt=1 ;;
+		esac
+		# Some key types like ssh-ed25519 and *@openssh.com are never
+		# stored in old formats.
+		case "$t" in
+		ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
+		esac
+		comment="foo bar"
+		fmtarg=""
+		test -z "$fmt" || fmtarg="-m $fmt"
+		${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
+		    -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
+			fatal "keygen of $t in format $fmt failed"
+		check_fingerprint $OBJ/$t-key "${comment}"
+		check_fingerprint $OBJ/$t-key.pub "${comment}"
+		# Output fingerprint using only private file
+		trace "fingerprinting $t key using private key file"
+		rm -f $OBJ/$t-key.pub
+		if [ ! -z "$oldfmt" ] ; then
+			# Comment cannot be recovered from old format keys.
+			comment="no comment"
+		fi
+		check_fingerprint $OBJ/$t-key "${comment}"
+		rm -f $OBJ/$t-key*
+	done
+done