aboutsummaryrefslogtreecommitdiff
path: root/cmd/sigsum/test/ssh.sh
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2022-03-28 15:45:33 +0200
committerLinus Nordberg <linus@nordberg.se>2022-03-28 15:45:33 +0200
commit0a11cb0cb7953facd6393e0f5189164f112ade1c (patch)
tree3feef3420147ce645f826a1a2a0115b174e9844f /cmd/sigsum/test/ssh.sh
parent468b097a63c52fbf851c4cc99d8b716a13c19aa9 (diff)
sign using SSHSIG; add test using ssh-keygen -Y sign
Diffstat (limited to 'cmd/sigsum/test/ssh.sh')
-rwxr-xr-xcmd/sigsum/test/ssh.sh53
1 files changed, 53 insertions, 0 deletions
diff --git a/cmd/sigsum/test/ssh.sh b/cmd/sigsum/test/ssh.sh
new file mode 100755
index 0000000..56cae70
--- /dev/null
+++ b/cmd/sigsum/test/ssh.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -eu
+trap cleanup EXIT
+
+priv=keys/ssh
+pub=keys/ssh.pub
+domain_hint=_sigsum_v0.ssh.test.sigsum.org
+msg=msg-$(date +%s)
+num_msg=3
+
+function cleanup() {
+ set +e
+
+ rm -f sigsum
+ for i in $(seq 1 $num_msg); do
+ rm -f $msg-$i{,.trunnel,.sig}
+ done
+
+ exit
+}
+
+go build ../
+
+files=""
+for i in $(seq 1 $num_msg); do
+ echo $msg-$i > $msg-$i
+ if ! openssl dgst -binary $msg-$i | ssh-keygen \
+ -Y sign \
+ -O hashalg=sha256 \
+ -f $priv \
+ -n $(./sigsum namespace) > $msg-$i.sig ; then
+ echo "[FAIL] sign for $num_msg ssh message(s)" >&2
+ exit 1
+ fi
+ files=$(echo -n $files $msg-$i)
+done
+
+echo "[PASS] sign for $num_msg ssh message(s)" >&2
+
+if ! ./sigsum bundle -t ssh -k $pub -d $domain_hint $files; then
+ echo "[FAIL] bundle for $num_msg ssh message(s)" >&2
+ exit 1
+fi
+
+echo "[PASS] bundle for $num_msg ssh message(s)" >&2
+
+if ! ./sigsum verify -t ssh -k $pub $files; then
+ echo "[FAIL] verify for $num_msg ssh message(s)" >&2
+ exit 1
+fi
+
+echo "[PASS] verify for $num_msg ssh message(s)" >&2