1#!/bin/sh
2# $OpenBSD: mktestdata.sh,v 1.5 2015/07/07 14:53:30 markus Exp $
3
4PW=mekmitasdigoat
5
6rsa1_params() {
7	_in="$1"
8	_outbase="$2"
9	set -e
10	ssh-keygen -f $_in -e -m pkcs8 | \
11	    openssl rsa -noout -text -pubin | \
12	    awk '/^Modulus:$/,/^Exponent:/' | \
13	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.n
14	# XXX need conversion support in ssh-keygen for the other params
15	for x in n ; do
16		echo "" >> ${_outbase}.$x
17		echo ============ ${_outbase}.$x
18		cat ${_outbase}.$x
19		echo ============
20	done
21}
22
23rsa_params() {
24	_in="$1"
25	_outbase="$2"
26	set -e
27	openssl rsa -noout -text -in $_in | \
28	    awk '/^modulus:$/,/^publicExponent:/' | \
29	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.n
30	openssl rsa -noout -text -in $_in | \
31	    awk '/^prime1:$/,/^prime2:/' | \
32	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.p
33	openssl rsa -noout -text -in $_in | \
34	    awk '/^prime2:$/,/^exponent1:/' | \
35	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.q
36	for x in n p q ; do
37		echo "" >> ${_outbase}.$x
38		echo ============ ${_outbase}.$x
39		cat ${_outbase}.$x
40		echo ============
41	done
42}
43
44dsa_params() {
45	_in="$1"
46	_outbase="$2"
47	set -e
48	openssl dsa -noout -text -in $_in | \
49	    awk '/^priv:$/,/^pub:/' | \
50	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.priv
51	openssl dsa -noout -text -in $_in | \
52	    awk '/^pub:/,/^P:/' | #\
53	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.pub
54	openssl dsa -noout -text -in $_in | \
55	    awk '/^G:/,0' | \
56	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.g
57	for x in priv pub g ; do
58		echo "" >> ${_outbase}.$x
59		echo ============ ${_outbase}.$x
60		cat ${_outbase}.$x
61		echo ============
62	done
63}
64
65ecdsa_params() {
66	_in="$1"
67	_outbase="$2"
68	set -e
69	openssl ec -noout -text -in $_in | \
70	    awk '/^priv:$/,/^pub:/' | \
71	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.priv
72	openssl ec -noout -text -in $_in | \
73	    awk '/^pub:/,/^ASN1 OID:/' | #\
74	    grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.pub
75	openssl ec -noout -text -in $_in | \
76	    grep "ASN1 OID:" | tr -d '\n' | \
77	    sed 's/.*: //;s/ *$//' > ${_outbase}.curve
78	for x in priv pub curve ; do
79		echo "" >> ${_outbase}.$x
80		echo ============ ${_outbase}.$x
81		cat ${_outbase}.$x
82		echo ============
83	done
84}
85
86set -ex
87
88cd testdata
89
90rm -f rsa1_1 rsa_1 dsa_1 ecdsa_1 ed25519_1
91rm -f rsa1_2 rsa_2 dsa_2 ecdsa_2 ed25519_2
92rm -f rsa_n dsa_n ecdsa_n # new-format keys
93rm -f rsa1_1_pw rsa_1_pw dsa_1_pw ecdsa_1_pw ed25519_1_pw
94rm -f rsa_n_pw dsa_n_pw ecdsa_n_pw
95rm -f pw *.pub *.bn.* *.param.* *.fp *.fp.bb
96
97ssh-keygen -t rsa1 -b 1024 -C "RSA1 test key #1" -N "" -f rsa1_1
98ssh-keygen -t rsa -b 1024 -C "RSA test key #1" -N "" -f rsa_1
99ssh-keygen -t dsa -b 1024 -C "DSA test key #1" -N "" -f dsa_1
100ssh-keygen -t ecdsa -b 256 -C "ECDSA test key #1" -N "" -f ecdsa_1
101ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_1
102
103ssh-keygen -t rsa1 -b 2048 -C "RSA1 test key #2" -N "" -f rsa1_2
104ssh-keygen -t rsa -b 2048 -C "RSA test key #2" -N "" -f rsa_2
105ssh-keygen -t dsa -b 1024 -C "DSA test key #2" -N "" -f dsa_2
106ssh-keygen -t ecdsa -b 521 -C "ECDSA test key #2" -N "" -f ecdsa_2
107ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_2
108
109cp rsa_1 rsa_n
110cp dsa_1 dsa_n
111cp ecdsa_1 ecdsa_n
112
113cp rsa1_1 rsa1_1_pw
114cp rsa_1 rsa_1_pw
115cp dsa_1 dsa_1_pw
116cp ecdsa_1 ecdsa_1_pw
117cp ed25519_1 ed25519_1_pw
118cp rsa_1 rsa_n_pw
119cp dsa_1 dsa_n_pw
120cp ecdsa_1 ecdsa_n_pw
121
122ssh-keygen -pf rsa1_1_pw -N "$PW"
123ssh-keygen -pf rsa_1_pw -N "$PW"
124ssh-keygen -pf dsa_1_pw -N "$PW"
125ssh-keygen -pf ecdsa_1_pw -N "$PW"
126ssh-keygen -pf ed25519_1_pw -N "$PW"
127ssh-keygen -opf rsa_n_pw -N "$PW"
128ssh-keygen -opf dsa_n_pw -N "$PW"
129ssh-keygen -opf ecdsa_n_pw -N "$PW"
130
131rsa1_params rsa1_1 rsa1_1.param
132rsa1_params rsa1_2 rsa1_2.param
133rsa_params rsa_1 rsa_1.param
134rsa_params rsa_2 rsa_2.param
135dsa_params dsa_1 dsa_1.param
136dsa_params dsa_1 dsa_1.param
137ecdsa_params ecdsa_1 ecdsa_1.param
138ecdsa_params ecdsa_2 ecdsa_2.param
139# XXX ed25519 params
140
141ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
142    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
143    -V 19990101:20110101 -z 1 rsa_1.pub
144ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
145    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
146    -V 19990101:20110101 -z 2 dsa_1.pub
147ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
148    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
149    -V 19990101:20110101 -z 3 ecdsa_1.pub
150ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
151    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
152    -V 19990101:20110101 -z 4 ed25519_1.pub
153
154ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
155    -V 19990101:20110101 -z 5 rsa_1.pub
156ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
157    -V 19990101:20110101 -z 6 dsa_1.pub
158ssh-keygen -s ecdsa_1 -I julius -n host1,host2 -h \
159    -V 19990101:20110101 -z 7 ecdsa_1.pub
160ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
161    -V 19990101:20110101 -z 8 ed25519_1.pub
162
163ssh-keygen -lf rsa1_1 | awk '{print $2}' > rsa1_1.fp
164ssh-keygen -lf rsa_1 | awk '{print $2}' > rsa_1.fp
165ssh-keygen -lf dsa_1 | awk '{print $2}' > dsa_1.fp
166ssh-keygen -lf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp
167ssh-keygen -lf ed25519_1 | awk '{print $2}' > ed25519_1.fp
168ssh-keygen -lf rsa1_2 | awk '{print $2}' > rsa1_2.fp
169ssh-keygen -lf rsa_2 | awk '{print $2}' > rsa_2.fp
170ssh-keygen -lf dsa_2 | awk '{print $2}' > dsa_2.fp
171ssh-keygen -lf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp
172ssh-keygen -lf ed25519_2 | awk '{print $2}' > ed25519_2.fp
173
174ssh-keygen -lf dsa_1-cert.pub  | awk '{print $2}' > dsa_1-cert.fp
175ssh-keygen -lf ecdsa_1-cert.pub  | awk '{print $2}' > ecdsa_1-cert.fp
176ssh-keygen -lf ed25519_1-cert.pub  | awk '{print $2}' > ed25519_1-cert.fp
177ssh-keygen -lf rsa_1-cert.pub  | awk '{print $2}' > rsa_1-cert.fp
178
179ssh-keygen -Bf rsa1_1 | awk '{print $2}' > rsa1_1.fp.bb
180ssh-keygen -Bf rsa_1 | awk '{print $2}' > rsa_1.fp.bb
181ssh-keygen -Bf dsa_1 | awk '{print $2}' > dsa_1.fp.bb
182ssh-keygen -Bf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp.bb
183ssh-keygen -Bf ed25519_1 | awk '{print $2}' > ed25519_1.fp.bb
184ssh-keygen -Bf rsa1_2 | awk '{print $2}' > rsa1_2.fp.bb
185ssh-keygen -Bf rsa_2 | awk '{print $2}' > rsa_2.fp.bb
186ssh-keygen -Bf dsa_2 | awk '{print $2}' > dsa_2.fp.bb
187ssh-keygen -Bf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp.bb
188ssh-keygen -Bf ed25519_2 | awk '{print $2}' > ed25519_2.fp.bb
189
190# XXX Extend ssh-keygen to do detached signatures (better to test/fuzz against)
191
192echo "$PW" > pw
193