From f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 19 Jul 2021 02:29:28 +0000 Subject: [PATCH] upstream: Add ed25519 key and test SSHFP export of it. Only test RSA SSHFP export if we have RSA functionality compiled in. OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af --- regress/ed25519_openssh.prv | 7 +++++++ regress/ed25519_openssh.pub | 1 + regress/keygen-sshfp.sh | 24 +++++++++++++++++++----- 3 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 regress/ed25519_openssh.prv create mode 100644 regress/ed25519_openssh.pub diff --git a/regress/ed25519_openssh.prv b/regress/ed25519_openssh.prv new file mode 100644 index 000000000..9f191b778 --- /dev/null +++ b/regress/ed25519_openssh.prv @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDE8/0FM7Yw6xc53QpiZUQAh/LK2mEAwNDNYdSR6GIGIwAAAKC+Cfdzvgn3 +cwAAAAtzc2gtZWQyNTUxOQAAACDE8/0FM7Yw6xc53QpiZUQAh/LK2mEAwNDNYdSR6GIGIw +AAAEBm+60DgH0WMW7Z5oyvu1dxo7MaXe5RRMWTMJCfLkHexMTz/QUztjDrFzndCmJlRACH +8sraYQDA0M1h1JHoYgYjAAAAGWR0dWNrZXJAcXVvbGwuZHR1Y2tlci5uZXQBAgME +-----END OPENSSH PRIVATE KEY----- diff --git a/regress/ed25519_openssh.pub b/regress/ed25519_openssh.pub new file mode 100644 index 000000000..910363138 --- /dev/null +++ b/regress/ed25519_openssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTz/QUztjDrFzndCmJlRACH8sraYQDA0M1h1JHoYgYj diff --git a/regress/keygen-sshfp.sh b/regress/keygen-sshfp.sh index 2fbfee4fa..2abf9adec 100644 --- a/regress/keygen-sshfp.sh +++ b/regress/keygen-sshfp.sh @@ -1,15 +1,29 @@ -# $OpenBSD: keygen-sshfp.sh,v 1.1 2021/07/18 23:10:10 dtucker Exp $ +# $OpenBSD: keygen-sshfp.sh,v 1.2 2021/07/19 02:29:28 dtucker Exp $ # Placed in the Public Domain. tid="keygen-sshfp" trace "keygen fingerprints" -fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'` -if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then +fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \ + awk '$5=="1"{print $6}'` +if [ "$fp" != "8a8647a7567e202ce317e62606c799c53d4c121f" ]; then fail "keygen fingerprint sha1" fi -fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'` +fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \ + awk '$5=="2"{print $6}'` if [ "$fp" != \ - "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then + "54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" ]; then fail "keygen fingerprint sha256" fi + +if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then + fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'` + if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then + fail "keygen fingerprint sha1" + fi + fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'` + if [ "$fp" != \ + "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then + fail "keygen fingerprint sha256" + fi +fi