aboutsummaryrefslogtreecommitdiff
path: root/cmd/sigsum/test/ssh.sh
blob: 56cae70f7c6ca6571cef360c271391c63ea5b3b8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash

set -eu
trap cleanup EXIT

priv=keys/ssh
pub=keys/ssh.pub
domain_hint=_sigsum_v0.ssh.test.sigsum.org
msg=msg-$(date +%s)
num_msg=3

function cleanup() {
	set +e

	rm -f sigsum
	for i in $(seq 1 $num_msg); do
		rm -f $msg-$i{,.trunnel,.sig}
	done

	exit
}

go build ../

files=""
for i in $(seq 1 $num_msg); do
    echo $msg-$i > $msg-$i
    if ! openssl dgst -binary $msg-$i | ssh-keygen \
					    -Y sign \
					    -O hashalg=sha256 \
					    -f $priv \
					    -n $(./sigsum namespace) > $msg-$i.sig ; then
	echo "[FAIL] sign for $num_msg ssh message(s)" >&2
	exit 1
    fi
    files=$(echo -n $files $msg-$i)
done

echo "[PASS] sign for $num_msg ssh message(s)" >&2

if ! ./sigsum bundle -t ssh -k $pub -d $domain_hint $files; then
	echo "[FAIL] bundle for $num_msg ssh message(s)" >&2
	exit 1
fi

echo "[PASS] bundle for $num_msg ssh message(s)" >&2

if ! ./sigsum verify -t ssh -k $pub $files; then
	echo "[FAIL] verify for $num_msg ssh message(s)" >&2
	exit 1
fi

echo "[PASS] verify for $num_msg ssh message(s)" >&2