xref: /freebsd/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1#!/bin/sh
2# $OpenBSD: mktestdata.sh,v 1.1 2015/02/16 22:18:34 djm Exp $
3
4set -ex
5
6cd testdata
7
8rm -f rsa1* rsa* dsa* ecdsa* ed25519*
9rm -f known_hosts*
10
11gen_all() {
12	_n=$1
13	_ecdsa_bits=256
14	test "x$_n" = "x1" && _ecdsa_bits=384
15	test "x$_n" = "x2" && _ecdsa_bits=521
16	ssh-keygen -qt rsa1 -b 1024 -C "RSA1 #$_n" -N "" -f rsa1_$_n
17	ssh-keygen -qt rsa -b 1024 -C "RSA #$_n" -N "" -f rsa_$_n
18	ssh-keygen -qt dsa -b 1024 -C "DSA #$_n" -N "" -f dsa_$_n
19	ssh-keygen -qt ecdsa -b $_ecdsa_bits -C "ECDSA #$_n" -N "" -f ecdsa_$_n
20	ssh-keygen -qt ed25519 -C "ED25519 #$_n" -N "" -f ed25519_$_n
21	# Don't need private keys
22	rm -f rsa1_$_n  rsa_$_n dsa_$_n ecdsa_$_n ed25519_$_n
23}
24
25hentries() {
26	_preamble=$1
27	_kspec=$2
28	for k in `ls -1 $_kspec | sort` ; do
29		printf "$_preamble "
30		cat $k
31	done
32	echo
33}
34
35gen_all 1
36gen_all 2
37gen_all 3
38gen_all 4
39gen_all 5
40gen_all 6
41
42# A section of known_hosts with hashed hostnames.
43(
44	hentries "sisyphus.example.com" "*_5.pub"
45	hentries "prometheus.example.com,192.0.2.1,2001:db8::1" "*_6.pub"
46) > known_hosts_hash_frag
47ssh-keygen -Hf known_hosts_hash_frag
48rm -f known_hosts_hash_frag.old
49
50# Populated known_hosts, including comments, hashed names and invalid lines
51(
52	echo "# Plain host keys, plain host names"
53	hentries "sisyphus.example.com" "*_1.pub"
54
55	echo "# Plain host keys, hostnames + addresses"
56	hentries "prometheus.example.com,192.0.2.1,2001:db8::1" "*_2.pub"
57
58	echo "# Some hosts with wildcard names / IPs"
59	hentries "*.example.com,192.0.2.*,2001:*" "*_3.pub"
60
61	echo "# Hashed hostname and address entries"
62	cat known_hosts_hash_frag
63	rm -f known_hosts_hash_frag
64	echo
65
66	echo "# Revoked and CA keys"
67	printf "@revoked sisyphus.example.com " ; cat rsa1_4.pub
68	printf "@revoked sisyphus.example.com " ; cat ed25519_4.pub
69	printf "@cert-authority prometheus.example.com " ; cat ecdsa_4.pub
70	printf "@cert-authority *.example.com " ; cat dsa_4.pub
71
72	printf "\n"
73	echo "# Some invalid lines"
74	# Invalid marker
75	printf "@what sisyphus.example.com " ; cat rsa1_1.pub
76	# Key missing
77	echo "sisyphus.example.com      "
78	# Key blob missing
79	echo "prometheus.example.com ssh-ed25519 "
80	# Key blob truncated
81	echo "sisyphus.example.com ssh-dsa AAAATgAAAAdz"
82	# RSA1 key truncated after key bits
83	echo "prometheus.example.com 1024   "
84	# RSA1 key truncated after exponent
85	echo "sisyphus.example.com 1024 65535   "
86	# RSA1 key incorrect key bits
87	printf "prometheus.example.com 1025 " ; cut -d' ' -f2- < rsa1_1.pub
88	# Invalid type
89	echo "sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
90	# Type mismatch with blob
91	echo "prometheus.example.com ssh-rsa AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
92) > known_hosts
93
94echo OK
95