]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/importExportOpenssh
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.30.12.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / importExportOpenssh
1 #! /bin/csh -f
2 #
3 # Run OpenSSH import/export tests.
4 #
5 # Run this from SecurityTests/clxutils/importExport. This
6 # uses the importExportOpensshTool subtool to do most of its work.
7 #
8
9 echo === Begin OpenSSH test ===
10
11 source setupCommon
12
13 set SSHSUBTOOL=./importExportOpensshTool
14
15 #
16 # this is the wrap/unwrap password; it has to match the password in
17 # the importExportOpensshTool tool
18 #
19 set PASSWORD=password
20
21 # file names generated by ssh-keygen
22 set SSH_KEY_NAME=sshkeygenKey
23 set PRIV_KEY=${LOCAL_BUILD_DIR}/$SSH_KEY_NAME
24 set PUB_KEY=${LOCAL_BUILD_DIR}/${SSH_KEY_NAME}.pub
25
26 set SSH_KEYGEN=/usr/bin/ssh-keygen
27
28 # determine whether to attempt ssh1 key generation and import
29 # %%%FIXME this is currently disabled since OpenSSH 5.4 does not support it by default
30 set TESTSSH1=NO
31
32 # determine whether to attempt ssh2 key generation and import
33 # %%%FIXME this is currently disabled due to <rdar://problem/8063663>
34 set TESTSSH2=NO
35
36 # user specified variables
37 set QUIET=NO
38 set KEYSIZE=1024
39 set NOACL=NO
40 set SECURE_PHRASE=NO
41 set NOCLEAN=NO
42
43 while ( $#argv > 0 )
44 switch ( "$argv[1]" )
45 case q:
46 set QUIET=YES
47 shift
48 breaksw
49 case n:
50 set NOACL=YES
51 shift
52 breaksw
53 case s:
54 set SECURE_PHRASE=YES
55 shift
56 breaksw
57 case N:
58 set NOCLEAN=YES
59 shift
60 breaksw
61 default:
62 echo Usage: importExportOpenssh \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
63 exit(1)
64 endsw
65 end
66
67 # delete existing keys - ssh-keygen is cautious about overwriting
68 set cmd="rm -f $PRIV_KEY $PUB_KEY"
69 if ($QUIET == NO) then
70 echo $cmd
71 endif
72 $cmd || exit(1)
73
74 if ($TESTSSH1 != NO) then
75 #
76 # RSA, SSH1, wrapped private key
77 #
78 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa1 -q"
79 if ($QUIET == NO) then
80 echo $cmd
81 endif
82 $cmd || exit(1)
83 set cmd="$SSHSUBTOOL $PRIV_KEY ssh1Wrap $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
84 if ($QUIET == NO) then
85 echo $cmd
86 endif
87 $cmd || exit(1)
88
89 # delete existing keys
90 set cmd="rm -f $PRIV_KEY $PUB_KEY"
91 if ($QUIET == NO) then
92 echo $cmd
93 endif
94 $cmd || exit(1)
95
96 #
97 # RSA, SSH1, cleartext private key
98 #
99 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa1 -q -N"
100 if ($QUIET == NO) then
101 echo $cmd
102 endif
103 # note the shell hack we're using to insert an empty argument for the null password
104 $cmd "" || exit(1)
105 set cmd="$SSHSUBTOOL $PRIV_KEY ssh1 $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
106 if ($QUIET == NO) then
107 echo $cmd
108 endif
109 $cmd || exit(1)
110
111 # delete existing keys
112 set cmd="rm -f $PRIV_KEY $PUB_KEY"
113 if ($QUIET == NO) then
114 echo $cmd
115 endif
116 $cmd || exit(1)
117
118 else
119 echo "WARNING: OpenSSH ssh1 key import tests are DISABLED (<rdar://8063663>)"
120 endif
121
122 if ($TESTSSH2 != NO) then
123 #
124 # RSA, SSH2, wrapped private key
125 #
126 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa -q"
127 if ($QUIET == NO) then
128 echo $cmd
129 endif
130 $cmd || exit(1)
131 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
132 if ($QUIET == NO) then
133 echo $cmd
134 endif
135 $cmd || exit(1)
136
137 # delete existing keys
138 set cmd="rm -f $PRIV_KEY $PUB_KEY"
139 if ($QUIET == NO) then
140 echo $cmd
141 endif
142 $cmd || exit(1)
143
144 #
145 # RSA, SSH2, cleartext private key
146 #
147 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa -q -N"
148 if ($QUIET == NO) then
149 echo $cmd
150 endif
151 # note the shell hack we're using to insert an empty argument for the null password
152 $cmd "" || exit(1)
153 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
154 if ($QUIET == NO) then
155 echo $cmd
156 endif
157 $cmd || exit(1)
158
159 # delete existing keys
160 set cmd="rm -f $PRIV_KEY $PUB_KEY"
161 if ($QUIET == NO) then
162 echo $cmd
163 endif
164 $cmd || exit(1)
165
166 #
167 # DSA, SSH2, wrapped private key
168 #
169 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t dsa -q"
170 if ($QUIET == NO) then
171 echo $cmd
172 endif
173 $cmd || exit(1)
174 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
175 if ($QUIET == NO) then
176 echo $cmd
177 endif
178 $cmd || exit(1)
179
180 # delete existing keys
181 set cmd="rm -f $PRIV_KEY $PUB_KEY"
182 if ($QUIET == NO) then
183 echo $cmd
184 endif
185 $cmd || exit(1)
186
187 #
188 # DSA, SSH2, cleartext private key
189 #
190 set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t dsa -q -N"
191 if ($QUIET == NO) then
192 echo $cmd
193 endif
194 # note the shell hack we're using to insert an empty argument for the null password
195 $cmd "" || exit(1)
196 set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
197 if ($QUIET == NO) then
198 echo $cmd
199 endif
200 $cmd || exit(1)
201
202 else
203 echo "WARNING: OpenSSH ssh2 key import tests are DISABLED (<rdar://8063663>)"
204 endif
205
206 #
207 # cleanup
208 #
209 if($NOCLEAN == NO) then
210 set cmd="rm -f $PRIV_KEY $PUB_KEY"
211 if ($QUIET == NO) then
212 echo $cmd
213 endif
214 $cmd || exit(1)
215 endif
216
217 if ($QUIET == NO) then
218 echo === OpenSSH test complete ===
219 endif
mirror of Security