From afa59e26eeb44a93f36f043f60b936eaddae77c4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 Nov 2019 01:55:41 +0000 Subject: [PATCH] upstream: skip security-key key types for tests until we have a dummy U2F middleware to use. OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95 --- regress/cert-hostkey.sh | 6 +++--- regress/cert-userkey.sh | 4 ++-- regress/hostkey-agent.sh | 6 +++--- regress/hostkey-rotate.sh | 4 ++-- regress/keygen-change.sh | 4 ++-- regress/keyscan.sh | 4 ++-- regress/krl.sh | 4 ++-- regress/limit-keytype.sh | 4 ++-- regress/principals-command.sh | 4 ++-- regress/test-exec.sh | 4 ++-- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 86ea62504..82195b11b 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.19 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_* # Allow all hostkey/pubkey types, prefer certs for the client rsa=0 types="" -for i in `$SSH -Q key`; do +for i in `$SSH -Q key | grep -v ^sk-`; do if [ -z "$types" ]; then types="$i" continue @@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca -PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` +PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 38c14a698..51ac8dcb9 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $ +# $OpenBSD: cert-userkey.sh,v 1.22 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` +PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` EXTRA_TYPES="" rsa="" diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh index 811b6b9ab..c581c7bfd 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: hostkey-agent.sh,v 1.7 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: hostkey-agent.sh,v 1.8 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="hostkey agent" @@ -14,7 +14,7 @@ grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig trace "load hostkeys" -for k in `${SSH} -Q key-plain` ; do +for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" ( printf 'localhost-with-alias,127.0.0.1,::1 ' @@ -31,7 +31,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts unset SSH_AUTH_SOCK for ps in no yes; do - for k in `${SSH} -Q key-plain` ; do + for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do verbose "key type $k privsep=$ps" cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh index cc6bd9cf6..707e32908 100644 --- a/regress/hostkey-rotate.sh +++ b/regress/hostkey-rotate.sh @@ -1,10 +1,10 @@ -# $OpenBSD: hostkey-rotate.sh,v 1.6 2019/08/30 05:08:28 dtucker Exp $ +# $OpenBSD: hostkey-rotate.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="hostkey rotate" # Need full names here since they are used in HostKeyAlgorithms -HOSTKEY_TYPES="`${SSH} -Q key-plain`" +HOSTKEY_TYPES="`${SSH} -Q key-plain | grep -v ^sk-`" rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh index 8b8acd52f..c62f2c17c 100644 --- a/regress/keygen-change.sh +++ b/regress/keygen-change.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keygen-change.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: keygen-change.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="change passphrase for key" @@ -6,7 +6,7 @@ tid="change passphrase for key" S1="secret1" S2="2secret" -KEYTYPES=`${SSH} -Q key-plain` +KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-` for t in $KEYTYPES; do # generate user key for agent diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 8940d24b6..4e16ecd87 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh @@ -1,9 +1,9 @@ -# $OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $ +# $OpenBSD: keyscan.sh,v 1.10 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="keyscan" -KEYTYPES=`${SSH} -Q key-plain` +KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-` for i in $KEYTYPES; do if [ -z "$algs" ]; then algs="$i" diff --git a/regress/krl.sh b/regress/krl.sh index e18d0ec7f..c9b2e67eb 100644 --- a/regress/krl.sh +++ b/regress/krl.sh @@ -1,4 +1,4 @@ -# $OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $ +# $OpenBSD: krl.sh,v 1.9 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="key revocation lists" @@ -6,7 +6,7 @@ tid="key revocation lists" # Use ed25519 by default since it's fast and it's supported when building # w/out OpenSSL. Populate ktype[2-4] with the other types if supported. ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519 -for t in `${SSH} -Q key-plain`; do +for t in `${SSH} -Q key-plain | grep -v ^sk-`; do case "$t" in ecdsa*) ktype2=ecdsa ;; ssh-rsa) ktype3=rsa ;; diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 5c30af006..6eb255c24 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $ +# $OpenBSD: limit-keytype.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="restrict pubkey type" @@ -10,7 +10,7 @@ mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1 -for t in `${SSH} -Q key-plain`; do +for t in `${SSH} -Q key-plain | grep -v ^sk-`; do case "$t" in ssh-rsa) ktype2=rsa ;; ecdsa*) ktype3=ecdsa ;; # unused diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 7d380325b..005c6b7d6 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $ +# $OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. tid="authorized principals command" @@ -12,7 +12,7 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then exit 0 fi -case "`${SSH} -Q key-plain`" in +case "`${SSH} -Q key-plain | grep -v ^sk-`" in *ssh-rsa*) userkeytype=rsa ;; *) userkeytype=ed25519 ;; esac diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 508b93284..3f1685bb0 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.66 2019/07/05 04:12:46 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.67 2019/11/01 01:55:41 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -475,7 +475,7 @@ fi rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER -SSH_KEYTYPES=`$SSH -Q key-plain` +SSH_KEYTYPES=`$SSH -Q key-plain | grep -v ^sk` for t in ${SSH_KEYTYPES}; do # generate user key