Loïc
2020-Apr-25 00:59 UTC
[PATCH 2/3] Add test for rounds conservation when passphrase or comment changes
Add test for rounds conservation when passphrase or comment changes These test are failing because the rounds number is reset to the default value when the private is regenerated. --- ?regress/keygen-change.sh | 60 ++++++++++++++++++++++++++++++++-------- ?1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh index 3863e33b5287..25708d4114e8 100644 --- a/regress/keygen-change.sh +++ b/regress/keygen-change.sh @@ -1,22 +1,58 @@ ?#??? $OpenBSD: keygen-change.sh,v 1.9 2019/12/16 02:39:05 djm Exp $ ?#??? Placed in the Public Domain. ? -tid="change passphrase for key" +tid="change passphrase and comment for key" ? ?S1="secret1" ?S2="2secret" +C1="foobar1" +C2="foobar2" ? ?for t in $SSH_KEYTYPES; do -??? trace "generating $t key" -??? rm -f $OBJ/$t-key -??? ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key -??? if [ $? -eq 0 ]; then -??? ??? ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null -??? ??? if [ $? -ne 0 ]; then -??? ??? ??? fail "ssh-keygen -p failed for $t-key" +??? for rounds in 2 16 18; do +??? ??? trace "generating $t key with $rounds rounds" +??? ??? rm -f $OBJ/$t-key +??? ??? ${SSHKEYGEN} -q -a "${rounds}" -C "${C1}" -N ${S1} -t $t -f $OBJ/$t-key +??? ??? if [ $? -eq 0 ]; then +??? ??? ??? ${SSHKEYGEN} -y -v -P ${S1} -f $OBJ/$t-key > $OBJ/$t-pubref +??? ??? ??? if [ $? -ne 0 ]; then +??? ??? ??? ??? fail "ssh-keygen -y failed for $t-key" +??? ??? ??? fi +??? ??? ??? ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null +??? ??? ??? if [ $? -ne 0 ]; then +??? ??? ??? ??? fail "ssh-keygen -p failed for $t-key" +??? ??? ??? fi +??? ??? ??? # compare the output of -y -v before and after the change +??? ??? ??? # to check that public key, comments, kdf, cypher and rounds are not changed +??? ??? ??? ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub +??? ??? ??? if [ $? -ne 0 ]; then +??? ??? ??? ??? fail "ssh-keygen -y failed for $t-key" +??? ??? ??? fi +??? ??? ??? if ! cmp $OBJ/$t-pubref $OBJ/$t-pub > /dev/null 2>&1; then +??? ??? ??? ??? fail "ssh-keygen -p changed the key somehow for $t-key" +??? ??? ??? ??? diff $OBJ/$t-pubref $OBJ/$t-pub +??? ??? ??? fi +??? ??? ??? # Also check that changing the comment doesn't change the other parameters +??? ??? ??? ${SSHKEYGEN} -c -C ${C2} -P ${S2} -f $OBJ/$t-key > /dev/null +??? ??? ??? if [ $? -ne 0 ]; then +??? ??? ??? ??? fail "ssh-keygen -c failed for $t-key" +??? ??? ??? fi +??? ??? ??? # apply the comment change in the reference output +??? ??? ??? if ! sed "1 s/${C1}/${C2}/" $OBJ/$t-pub > $OBJ/$t-pubref2; then +??? ??? ??? ??? fail "sed fail for $t-key" +??? ??? ??? fi +??? ??? ??? ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub +??? ??? ??? if [ $? -ne 0 ]; then +??? ??? ??? ??? fail "ssh-keygen -y failed for $t-key" +??? ??? ??? fi +??? ??? ??? if ! cmp $OBJ/$t-pubref2 $OBJ/$t-pub > /dev/null 2>&1; then +??? ??? ??? ??? fail "ssh-keygen -c changed the key somehow for $t-key" +??? ??? ??? ??? diff $OBJ/$t-pubref2 $OBJ/$t-pub +??? ??? ??? fi +??? ??? ??? rm -f $OBJ/$t-pub $OBJ/$t-pubref +??? ??? else +??? ??? ??? fail "ssh-keygen for $t-key failed" ???? ??? fi -??? else -??? ??? fail "ssh-keygen for $t-key failed" -??? fi -??? rm -f $OBJ/$t-key $OBJ/$t-key.pub +??? ??? rm -f $OBJ/$t-key $OBJ/$t-key.pub +??? done ?done -- 2.17.1