upstream: skip security-key key types for tests until we have a

dummy U2F middleware to use.

OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95

regress/cert-hostkey.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.19 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_*
 # Allow all hostkey/pubkey types, prefer certs for the client
 rsa=0
 types=""
-for i in `$SSH -Q key`; do
+for i in `$SSH -Q key | grep -v ^sk-`; do
 	if [ -z "$types" ]; then
 		types="$i"
 		continue
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain
 touch $OBJ/host_revoked_cert
 cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
 
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain  | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
 
 if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
 	PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"

regress/cert-userkey.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.22 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified user keys"
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
 EXTRA_TYPES=""
 rsa=""
 

regress/hostkey-agent.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: hostkey-agent.sh,v 1.7 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: hostkey-agent.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="hostkey agent"
@@ -14,7 +14,7 @@ grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
 echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
 
 trace "load hostkeys"
-for k in `${SSH} -Q key-plain` ; do
+for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do
 	${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
 	(
 		printf 'localhost-with-alias,127.0.0.1,::1 '
@@ -31,7 +31,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
 unset SSH_AUTH_SOCK
 
 for ps in no yes; do
-	for k in `${SSH} -Q key-plain` ; do
+	for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do
 		verbose "key type $k privsep=$ps"
 		cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
 		echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy

regress/hostkey-rotate.sh

@@ -1,10 +1,10 @@
-#	$OpenBSD: hostkey-rotate.sh,v 1.6 2019/08/30 05:08:28 dtucker Exp $
+#	$OpenBSD: hostkey-rotate.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="hostkey rotate"
 
 # Need full names here since they are used in HostKeyAlgorithms
-HOSTKEY_TYPES="`${SSH} -Q key-plain`"
+HOSTKEY_TYPES="`${SSH} -Q key-plain | grep -v ^sk-`"
 
 rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig
 

regress/keygen-change.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: keygen-change.sh,v 1.6 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: keygen-change.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="change passphrase for key"
@@ -6,7 +6,7 @@ tid="change passphrase for key"
 S1="secret1"
 S2="2secret"
 
-KEYTYPES=`${SSH} -Q key-plain`
+KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-`
 
 for t in $KEYTYPES; do
 	# generate user key for agent

regress/keyscan.sh

@@ -1,9 +1,9 @@
-#	$OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $
+#	$OpenBSD: keyscan.sh,v 1.10 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="keyscan"
 
-KEYTYPES=`${SSH} -Q key-plain`
+KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-`
 for i in $KEYTYPES; do
 	if [ -z "$algs" ]; then
 		algs="$i"

regress/krl.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $
+#	$OpenBSD: krl.sh,v 1.9 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="key revocation lists"
@@ -6,7 +6,7 @@ tid="key revocation lists"
 # Use ed25519 by default since it's fast and it's supported when building
 # w/out OpenSSL.  Populate ktype[2-4] with the other types if supported.
 ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519
-for t in `${SSH} -Q key-plain`; do
+for t in `${SSH} -Q key-plain | grep -v ^sk-`; do
 	case "$t" in
 		ecdsa*)		ktype2=ecdsa ;;
 		ssh-rsa)	ktype3=rsa ;;

regress/limit-keytype.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $
+#	$OpenBSD: limit-keytype.sh,v 1.7 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -10,7 +10,7 @@ mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
 
 ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1
-for t in `${SSH} -Q key-plain`; do
+for t in `${SSH} -Q key-plain | grep -v ^sk-`; do
 	case "$t" in
 		ssh-rsa)	ktype2=rsa ;;
 		ecdsa*)		ktype3=ecdsa ;;  # unused

regress/principals-command.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $
+#	$OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="authorized principals command"
@@ -12,7 +12,7 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then
 	exit 0
 fi
 
-case "`${SSH} -Q key-plain`" in
+case "`${SSH} -Q key-plain | grep -v ^sk-`" in
 	*ssh-rsa*)	userkeytype=rsa ;;
 	*)		userkeytype=ed25519 ;;
 esac

regress/test-exec.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.66 2019/07/05 04:12:46 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.67 2019/11/01 01:55:41 djm Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -475,7 +475,7 @@ fi
 
 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
 
-SSH_KEYTYPES=`$SSH -Q key-plain`
+SSH_KEYTYPES=`$SSH -Q key-plain | grep -v ^sk`
 
 for t in ${SSH_KEYTYPES}; do
 	# generate user key