Add test for rounds conservation when passphrase or comment changes
These test are failing because the rounds number is reset to the default
value when the private is regenerated.
---
regress/keygen-change.sh | 60 ++++++++++++++++++++++++++++++++--------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
index 3863e33b5287..25708d4114e8 100644
--- a/regress/keygen-change.sh
+++ b/regress/keygen-change.sh
@@ -1,22 +1,58 @@
# $OpenBSD: keygen-change.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
-tid="change passphrase for key"
+tid="change passphrase and comment for key"
S1="secret1"
S2="2secret"
+C1="foobar1"
+C2="foobar2"
for t in $SSH_KEYTYPES; do
- trace "generating $t key"
- rm -f $OBJ/$t-key
- ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
- if [ $? -eq 0 ]; then
- ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
- if [ $? -ne 0 ]; then
- fail "ssh-keygen -p failed for $t-key"
+ for rounds in 2 16 18; do
+ trace "generating $t key with $rounds rounds"
+ rm -f $OBJ/$t-key
+ ${SSHKEYGEN} -q -a "${rounds}" -C "${C1}" -N ${S1} -t $t -f
$OBJ/$t-key
+ if [ $? -eq 0 ]; then
+ ${SSHKEYGEN} -y -v -P ${S1} -f $OBJ/$t-key > $OBJ/$t-pubref
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -y failed for $t-key"
+ fi
+ ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -p failed for $t-key"
+ fi
+ # compare the output of -y -v before and after the change
+ # to check that public key, comments, kdf, cypher and
rounds are not changed
+ ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -y failed for $t-key"
+ fi
+ if ! cmp $OBJ/$t-pubref $OBJ/$t-pub > /dev/null 2>&1; then
+ fail "ssh-keygen -p changed the key somehow for $t-key"
+ diff $OBJ/$t-pubref $OBJ/$t-pub
+ fi
+ # Also check that changing the comment doesn't change the
other parameters
+ ${SSHKEYGEN} -c -C ${C2} -P ${S2} -f $OBJ/$t-key > /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -c failed for $t-key"
+ fi
+ # apply the comment change in the reference output
+ if ! sed "1 s/${C1}/${C2}/" $OBJ/$t-pub > $OBJ/$t-pubref2; then
+ fail "sed fail for $t-key"
+ fi
+ ${SSHKEYGEN} -y -v -P ${S2} -f $OBJ/$t-key > $OBJ/$t-pub
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -y failed for $t-key"
+ fi
+ if ! cmp $OBJ/$t-pubref2 $OBJ/$t-pub > /dev/null 2>&1; then
+ fail "ssh-keygen -c changed the key somehow for $t-key"
+ diff $OBJ/$t-pubref2 $OBJ/$t-pub
+ fi
+ rm -f $OBJ/$t-pub $OBJ/$t-pubref
+ else
+ fail "ssh-keygen for $t-key failed"
fi
- else
- fail "ssh-keygen for $t-key failed"
- fi
- rm -f $OBJ/$t-key $OBJ/$t-key.pub
+ rm -f $OBJ/$t-key $OBJ/$t-key.pub
+ done
done
--
2.17.1
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
