1# $OpenBSD: keygen-sshfp.sh,v 1.3 2023/02/10 05:06:03 djm Exp $ 2# Placed in the Public Domain. 3 4tid="keygen-sshfp" 5 6trace "keygen fingerprints" 7fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \ 8 awk '$5=="1"{print $6}'` 9if [ "$fp" != "8a8647a7567e202ce317e62606c799c53d4c121f" ]; then 10 fail "keygen fingerprint sha1" 11fi 12fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \ 13 awk '$5=="2"{print $6}'` 14if [ "$fp" != \ 15 "54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" ]; then 16 fail "keygen fingerprint sha256" 17fi 18 19# Expect two lines of output without an explicit algorithm 20fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | wc -l` 21if [ $(($fp + 0)) -ne 2 ] ; then 22 fail "incorrect number of SSHFP records $fp (expected 2)" 23fi 24 25# Test explicit algorithm selection 26exp="test IN SSHFP 4 1 8a8647a7567e202ce317e62606c799c53d4c121f" 27fp=`${SSHKEYGEN} -Ohashalg=sha1 -r test -f ${SRC}/ed25519_openssh.pub` 28if [ "x$exp" != "x$fp" ] ; then 29 fail "incorrect SHA1 SSHFP output" 30fi 31 32exp="test IN SSHFP 4 2 54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" 33fp=`${SSHKEYGEN} -Ohashalg=sha256 -r test -f ${SRC}/ed25519_openssh.pub` 34if [ "x$exp" != "x$fp" ] ; then 35 fail "incorrect SHA256 SSHFP output" 36fi 37 38if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then 39 fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'` 40 if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then 41 fail "keygen fingerprint sha1" 42 fi 43 fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'` 44 if [ "$fp" != \ 45 "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then 46 fail "keygen fingerprint sha256" 47 fi 48fi 49 50