1 # $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
2 # Placed in the Public Domain.
4 tid
="pkcs11 agent test"
7 TEST_SSH_PKCS11
=/usr
/local
/lib
/soft-pkcs11.so
.0.0
9 # setup environment for soft-pkcs11 token
10 SOFTPKCS11RC
=$OBJ/pkcs11.info
12 # prevent ssh-agent from calling ssh-askpass
13 SSH_ASKPASS
=/usr
/bin
/true
17 # start command w/o tty, so ssh-add accepts pin from stdin
19 perl
-e 'use POSIX; POSIX::setsid();
20 if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
24 eval `${SSHAGENT} -s` > /dev
/null
27 fail
"could not start ssh-agent: exit code $r"
29 trace
"generating key/cert"
30 rm -f $OBJ/pkcs11.key
$OBJ/pkcs11.crt
31 openssl genrsa
-out $OBJ/pkcs11.key
2048 > /dev
/null
2>&1
32 chmod 600 $OBJ/pkcs11.key
33 openssl req
-key $OBJ/pkcs11.key
-new -x509 \
34 -out $OBJ/pkcs11.crt
-text -subj '/CN=pkcs11 test' > /dev
/null
35 printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
36 # add to authorized keys
37 ${SSHKEYGEN} -y -f $OBJ/pkcs11.key
> $OBJ/authorized_keys_
$USER
39 trace
"add pkcs11 key to agent"
40 echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev
/null
2>&1
43 fail
"ssh-add -s failed: exit code $r"
46 trace
"pkcs11 list via agent"
47 ${SSHADD} -l > /dev
/null
2>&1
50 fail
"ssh-add -l failed: exit code $r"
53 trace
"pkcs11 connect via agent"
54 ${SSH} -2 -F $OBJ/ssh_proxy somehost
exit 5
57 fail
"ssh connect failed (exit code $r)"
60 trace
"remove pkcs11 keys"
61 echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev
/null
2>&1
64 fail
"ssh-add -e failed: exit code $r"
68 ${SSHAGENT} -k > /dev
/null