importExportOpenssh   [plain text]

#! /bin/csh -f
#
# Run OpenSSH import/export tests.
#
# Run this from SecurityTests/clxutils/importExport. This
# uses the importExportOpensshTool subtool to do most of its work.
#

echo === Begin OpenSSH test ===

source setupCommon

set SSHSUBTOOL=./importExportOpensshTool

#
# this is the wrap/unwrap password; it has to match the password in 
# the importExportOpensshTool tool
#
set PASSWORD=password

# file names generated by ssh-keygen
set SSH_KEY_NAME=sshkeygenKey
set PRIV_KEY=${LOCAL_BUILD_DIR}/$SSH_KEY_NAME
set PUB_KEY=${LOCAL_BUILD_DIR}/${SSH_KEY_NAME}.pub

set SSH_KEYGEN=/usr/bin/ssh-keygen

# determine whether to attempt ssh1 key generation and import
# %%%FIXME this is currently disabled since OpenSSH 5.4 does not support it by default
set TESTSSH1=NO

# determine whether to attempt ssh2 key generation and import
# %%%FIXME this is currently disabled due to <rdar://problem/8063663>
set TESTSSH2=NO

# user specified variables
set QUIET=NO
set KEYSIZE=1024
set NOACL=NO
set SECURE_PHRASE=NO
set NOCLEAN=NO

while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case q:
            set QUIET=YES
            shift
            breaksw
        case n:
            set NOACL=YES
            shift
            breaksw
        case s:
            set SECURE_PHRASE=YES
            shift
            breaksw
		case N:
			set NOCLEAN=YES
            shift
            breaksw
        default:
            echo Usage: importExportOpenssh \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\]  \[N\(oClean\)\]
            exit(1)
    endsw
end

# delete existing keys - ssh-keygen is cautious about overwriting
set cmd="rm -f $PRIV_KEY $PUB_KEY"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

if ($TESTSSH1 != NO) then
	#
	# RSA, SSH1, wrapped private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa1 -q"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh1Wrap $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	# delete existing keys
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)

	#
	# RSA, SSH1, cleartext private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa1 -q -N"
	if ($QUIET == NO) then
		echo $cmd
	endif
	# note the shell hack we're using to insert an empty argument for the null password
	$cmd "" || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh1 $PUB_KEY ssh1 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	# delete existing keys
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)

else
	echo "WARNING: OpenSSH ssh1 key import tests are DISABLED (<rdar://8063663>)"
endif

if ($TESTSSH2 != NO) then
	#
	# RSA, SSH2, wrapped private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t rsa -q"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	# delete existing keys
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	#
	# RSA, SSH2, cleartext private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t rsa -q -N"
	if ($QUIET == NO) then
		echo $cmd
	endif
	# note the shell hack we're using to insert an empty argument for the null password
	$cmd "" || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 rsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	# delete existing keys
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	#
	# DSA, SSH2, wrapped private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -N $PASSWORD -f $PRIV_KEY -t dsa -q"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2Wrap $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	# delete existing keys
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
	
	#
	# DSA, SSH2, cleartext private key
	#
	set cmd="$SSH_KEYGEN -b $KEYSIZE -C someOldComment -f $PRIV_KEY -t dsa -q -N"
	if ($QUIET == NO) then
		echo $cmd
	endif
	# note the shell hack we're using to insert an empty argument for the null password
	$cmd "" || exit(1)
	set cmd="$SSHSUBTOOL $PRIV_KEY ssh2 $PUB_KEY ssh2 dsa $QUIET $NOACL $SECURE_PHRASE $NOCLEAN"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)

else
	echo "WARNING: OpenSSH ssh2 key import tests are DISABLED (<rdar://8063663>)"
endif

# 
# cleanup
#
if($NOCLEAN == NO) then
	set cmd="rm -f $PRIV_KEY $PUB_KEY"
	if ($QUIET == NO) then
		echo $cmd
	endif
	$cmd || exit(1)
endif

if ($QUIET == NO) then
	echo === OpenSSH test complete ===
endif