--- /dev/null
+#! /bin/csh -f
+#
+# Run OpenSSH import/export tests.
+#
+# Run this from SecurityTests/clxutils/importExport. This
+# uses the importExportOpensshTool subtool to do most of its work.
+#
+
+echo === Begin OpenSSH test ===
+
+source setupCommon
+
+set SSHSUBTOOL=./importExportOpensshTool
+
+#
+# this is the wrap/unwrap password; it has to match the password in
+# the importExportOpensshTool tool
+#
+set PASSWORD=password
+
+# file names generated by ssh-keygen
+set SSH_KEY_NAME=sshkeygenKey
+set PRIV_KEY=${LOCAL_BUILD_DIR}/$SSH_KEY_NAME
+set PUB_KEY=${LOCAL_BUILD_DIR}/${SSH_KEY_NAME}.pub
+
+set SSH_KEYGEN=/usr/bin/ssh-keygen
+
+# determine whether to attempt ssh1 key generation and import
+# %%%FIXME this is currently disabled since OpenSSH 5.4 does not support it by default
+set TESTSSH1=NO
+
+# determine whether to attempt ssh2 key generation and import
+# %%%FIXME this is currently disabled due to <rdar://problem/8063663>
+set TESTSSH2=NO
+
+# user specified variables
+set QUIET=NO
+set KEYSIZE=1024
+set NOACL=NO
+set SECURE_PHRASE=NO
+set NOCLEAN=NO
+
+while ( $#argv > 0 )
+ switch ( "$argv[1]" )
+ case q:
+ set QUIET=YES
+ shift
+ breaksw
+ case n:
+ set NOACL=YES
+ shift
+ breaksw
+ case s:
+ set SECURE_PHRASE=YES
+ shift
+ breaksw
+ case N:
+ set NOCLEAN=YES
+ shift
+ breaksw
+ default:
+ echo Usage: importExportOpenssh \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
+ exit(1)
+ endsw
+end
+
+# delete existing keys - ssh-keygen is cautious about overwriting
+set cmd="rm -f $PRIV_KEY $PUB_KEY"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+if ($TESTSSH1 != NO) then
+ #
+ # RSA, SSH1, wrapped private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa1 -q"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh1Wrap $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ # delete existing keys
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ #
+ # RSA, SSH1, cleartext private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa1 -q -N"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ # note the shell hack we're using to insert an empty argument for the null password
+ $cmd "" || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh1 $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ # delete existing keys
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+else
+ echo "WARNING: OpenSSH ssh1 key import tests are DISABLED (<rdar://8063663>)"
+endif
+
+if ($TESTSSH2 != NO) then
+ #
+ # RSA, SSH2, wrapped private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa -q"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ # delete existing keys
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ #
+ # RSA, SSH2, cleartext private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa -q -N"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ # note the shell hack we're using to insert an empty argument for the null password
+ $cmd "" || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ # delete existing keys
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ #
+ # DSA, SSH2, wrapped private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t dsa -q"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ # delete existing keys
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+ #
+ # DSA, SSH2, cleartext private key
+ #
+ set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t dsa -q -N"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ # note the shell hack we're using to insert an empty argument for the null password
+ $cmd "" || exit(1)
+ set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+
+else
+ echo "WARNING: OpenSSH ssh2 key import tests are DISABLED (<rdar://8063663>)"
+endif
+
+#
+# cleanup
+#
+if($NOCLEAN == NO) then
+ set cmd="rm -f $PRIV_KEY $PUB_KEY"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+endif
+
+if ($QUIET == NO) then
+ echo === OpenSSH test complete ===
+endif
projects / apple / security.git / blobdiff