1 # $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $ 2 # Placed in the Public Domain. 3 4 tid="pkcs11 agent test" 5 6 TEST_SSH_PIN="" 7 TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 8 9 # setup environment for soft-pkcs11 token 10 SOFTPKCS11RC=$OBJ/pkcs11.info 11 export SOFTPKCS11RC 12 # prevent ssh-agent from calling ssh-askpass 13 SSH_ASKPASS=/usr/bin/true 14 export SSH_ASKPASS 15 unset DISPLAY 16 17 # start command w/o tty, so ssh-add accepts pin from stdin 18 notty() { 19 perl -e 'use POSIX; POSIX::setsid(); 20 if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" 21 } 22 23 trace "start agent" 24 eval `${SSHAGENT} -s` > /dev/null 25 r=$? 26 if [ $r -ne 0 ]; then 27 fail "could not start ssh-agent: exit code $r" 28 else 29 trace "generating key/cert" 30 rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt 31 openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 32 chmod 600 $OBJ/pkcs11.key 33 openssl req -key $OBJ/pkcs11.key -new -x509 \ 34 -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null 35 printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC 36 # add to authorized keys 37 ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER 38 39 trace "add pkcs11 key to agent" 40 echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 41 r=$? 42 if [ $r -ne 0 ]; then 43 fail "ssh-add -s failed: exit code $r" 44 fi 45 46 trace "pkcs11 list via agent" 47 ${SSHADD} -l > /dev/null 2>&1 48 r=$? 49 if [ $r -ne 0 ]; then 50 fail "ssh-add -l failed: exit code $r" 51 fi 52 53 trace "pkcs11 connect via agent" 54 ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 55 r=$? 56 if [ $r -ne 5 ]; then 57 fail "ssh connect failed (exit code $r)" 58 fi 59 60 trace "remove pkcs11 keys" 61 echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 62 r=$? 63 if [ $r -ne 0 ]; then 64 fail "ssh-add -e failed: exit code $r" 65 fi 66 67 trace "kill agent" 68 ${SSHAGENT} -k > /dev/null 69 fi 70