xref: /freebsd/crypto/openssh/regress/keygen-sshfp.sh (revision 4d3fc8b0570b29fb0d6ee9525f104d52176ff0d4) 
1*4d3fc8b0SEd Maste#	$OpenBSD: keygen-sshfp.sh,v 1.3 2023/02/10 05:06:03 djm Exp $
219261079SEd Maste#	Placed in the Public Domain.
319261079SEd Maste
419261079SEd Mastetid="keygen-sshfp"
519261079SEd Maste
619261079SEd Mastetrace "keygen fingerprints"
719261079SEd Mastefp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
819261079SEd Maste    awk '$5=="1"{print $6}'`
919261079SEd Masteif [ "$fp" != "8a8647a7567e202ce317e62606c799c53d4c121f" ]; then
1019261079SEd Maste	fail "keygen fingerprint sha1"
1119261079SEd Mastefi
1219261079SEd Mastefp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
1319261079SEd Maste    awk '$5=="2"{print $6}'`
1419261079SEd Masteif [ "$fp" != \
1519261079SEd Maste    "54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" ]; then
1619261079SEd Maste	fail "keygen fingerprint sha256"
1719261079SEd Mastefi
1819261079SEd Maste
19*4d3fc8b0SEd Maste# Expect two lines of output without an explicit algorithm
20*4d3fc8b0SEd Mastefp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | wc -l`
21*4d3fc8b0SEd Masteif [ $(($fp + 0)) -ne 2 ] ; then
22*4d3fc8b0SEd Maste	fail "incorrect number of SSHFP records $fp (expected 2)"
23*4d3fc8b0SEd Mastefi
24*4d3fc8b0SEd Maste
25*4d3fc8b0SEd Maste# Test explicit algorithm selection
26*4d3fc8b0SEd Masteexp="test IN SSHFP 4 1 8a8647a7567e202ce317e62606c799c53d4c121f"
27*4d3fc8b0SEd Mastefp=`${SSHKEYGEN} -Ohashalg=sha1 -r test -f ${SRC}/ed25519_openssh.pub`
28*4d3fc8b0SEd Masteif [ "x$exp" != "x$fp" ] ; then
29*4d3fc8b0SEd Maste	fail "incorrect SHA1 SSHFP output"
30*4d3fc8b0SEd Mastefi
31*4d3fc8b0SEd Maste
32*4d3fc8b0SEd Masteexp="test IN SSHFP 4 2 54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f"
33*4d3fc8b0SEd Mastefp=`${SSHKEYGEN} -Ohashalg=sha256 -r test -f ${SRC}/ed25519_openssh.pub`
34*4d3fc8b0SEd Masteif [ "x$exp" != "x$fp" ] ; then
35*4d3fc8b0SEd Maste	fail "incorrect SHA256 SSHFP output"
36*4d3fc8b0SEd Mastefi
37*4d3fc8b0SEd Maste
3819261079SEd Masteif ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
3919261079SEd Maste	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'`
4019261079SEd Maste	if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then
4119261079SEd Maste		fail "keygen fingerprint sha1"
4219261079SEd Maste	fi
4319261079SEd Maste	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'`
4419261079SEd Maste	if [ "$fp" != \
4519261079SEd Maste	    "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then
4619261079SEd Maste		fail "keygen fingerprint sha256"
4719261079SEd Maste	fi
4819261079SEd Mastefi
49*4d3fc8b0SEd Maste
50