unittests/hostkeys/mktestdata.sh

*fd82196bSdjm#!/bin/sh
*fd82196bSdjm# $OpenBSD: mktestdata.sh,v 1.1 2015/02/16 22:18:34 djm Exp $
*fd82196bSdjm
*fd82196bSdjmset -ex
*fd82196bSdjm
*fd82196bSdjmcd testdata
*fd82196bSdjm
*fd82196bSdjmrm -f rsa1* rsa* dsa* ecdsa* ed25519*
*fd82196bSdjmrm -f known_hosts*
*fd82196bSdjm
*fd82196bSdjmgen_all() {
*fd82196bSdjm	_n=$1
*fd82196bSdjm	_ecdsa_bits=256
*fd82196bSdjm	test "x$_n" = "x1" && _ecdsa_bits=384
*fd82196bSdjm	test "x$_n" = "x2" && _ecdsa_bits=521
*fd82196bSdjm	ssh-keygen -qt rsa1 -b 1024 -C "RSA1 #$_n" -N "" -f rsa1_$_n
*fd82196bSdjm	ssh-keygen -qt rsa -b 1024 -C "RSA #$_n" -N "" -f rsa_$_n
*fd82196bSdjm	ssh-keygen -qt dsa -b 1024 -C "DSA #$_n" -N "" -f dsa_$_n
*fd82196bSdjm	ssh-keygen -qt ecdsa -b $_ecdsa_bits -C "ECDSA #$_n" -N "" -f ecdsa_$_n
*fd82196bSdjm	ssh-keygen -qt ed25519 -C "ED25519 #$_n" -N "" -f ed25519_$_n
*fd82196bSdjm	# Don't need private keys
*fd82196bSdjm	rm -f rsa1_$_n  rsa_$_n dsa_$_n ecdsa_$_n ed25519_$_n
*fd82196bSdjm}
*fd82196bSdjm
*fd82196bSdjmhentries() {
*fd82196bSdjm	_preamble=$1
*fd82196bSdjm	_kspec=$2
*fd82196bSdjm	for k in `ls -1 $_kspec | sort` ; do
*fd82196bSdjm		printf "$_preamble "
*fd82196bSdjm		cat $k
*fd82196bSdjm	done
*fd82196bSdjm	echo
*fd82196bSdjm}
*fd82196bSdjm
*fd82196bSdjmgen_all 1
*fd82196bSdjmgen_all 2
*fd82196bSdjmgen_all 3
*fd82196bSdjmgen_all 4
*fd82196bSdjmgen_all 5
*fd82196bSdjmgen_all 6
*fd82196bSdjm
*fd82196bSdjm# A section of known_hosts with hashed hostnames.
*fd82196bSdjm(
*fd82196bSdjm	hentries "sisyphus.example.com" "*_5.pub"
*fd82196bSdjm	hentries "prometheus.example.com,192.0.2.1,2001:db8::1" "*_6.pub"
*fd82196bSdjm) > known_hosts_hash_frag
*fd82196bSdjmssh-keygen -Hf known_hosts_hash_frag
*fd82196bSdjmrm -f known_hosts_hash_frag.old
*fd82196bSdjm
*fd82196bSdjm# Populated known_hosts, including comments, hashed names and invalid lines
*fd82196bSdjm(
*fd82196bSdjm	echo "# Plain host keys, plain host names"
*fd82196bSdjm	hentries "sisyphus.example.com" "*_1.pub"
*fd82196bSdjm
*fd82196bSdjm	echo "# Plain host keys, hostnames + addresses"
*fd82196bSdjm	hentries "prometheus.example.com,192.0.2.1,2001:db8::1" "*_2.pub"
*fd82196bSdjm
*fd82196bSdjm	echo "# Some hosts with wildcard names / IPs"
*fd82196bSdjm	hentries "*.example.com,192.0.2.*,2001:*" "*_3.pub"
*fd82196bSdjm
*fd82196bSdjm	echo "# Hashed hostname and address entries"
*fd82196bSdjm	cat known_hosts_hash_frag
*fd82196bSdjm	rm -f known_hosts_hash_frag
*fd82196bSdjm	echo
*fd82196bSdjm
*fd82196bSdjm	echo "# Revoked and CA keys"
*fd82196bSdjm	printf "@revoked sisyphus.example.com " ; cat rsa1_4.pub
*fd82196bSdjm	printf "@revoked sisyphus.example.com " ; cat ed25519_4.pub
*fd82196bSdjm	printf "@cert-authority prometheus.example.com " ; cat ecdsa_4.pub
*fd82196bSdjm	printf "@cert-authority *.example.com " ; cat dsa_4.pub
*fd82196bSdjm
*fd82196bSdjm	printf "\n"
*fd82196bSdjm	echo "# Some invalid lines"
*fd82196bSdjm	# Invalid marker
*fd82196bSdjm	printf "@what sisyphus.example.com " ; cat rsa1_1.pub
*fd82196bSdjm	# Key missing
*fd82196bSdjm	echo "sisyphus.example.com      "
*fd82196bSdjm	# Key blob missing
*fd82196bSdjm	echo "prometheus.example.com ssh-ed25519 "
*fd82196bSdjm	# Key blob truncated
*fd82196bSdjm	echo "sisyphus.example.com ssh-dsa AAAATgAAAAdz"
*fd82196bSdjm	# RSA1 key truncated after key bits
*fd82196bSdjm	echo "prometheus.example.com 1024   "
*fd82196bSdjm	# RSA1 key truncated after exponent
*fd82196bSdjm	echo "sisyphus.example.com 1024 65535   "
*fd82196bSdjm	# RSA1 key incorrect key bits
*fd82196bSdjm	printf "prometheus.example.com 1025 " ; cut -d' ' -f2- < rsa1_1.pub
*fd82196bSdjm	# Invalid type
*fd82196bSdjm	echo "sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
*fd82196bSdjm	# Type mismatch with blob
*fd82196bSdjm	echo "prometheus.example.com ssh-rsa AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
*fd82196bSdjm) > known_hosts
*fd82196bSdjm
*fd82196bSdjmecho OK