diff options
author | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
commit | 874d77bb134a21a5cf625956b60173376a993ba8 (patch) | |
tree | 93dd73b2ff1fbf0ad5f3978a2c4e0d8438a0bf7c /ssh-keygen.c | |
parent | 89d9796fbedef4eed6956a2c095c7cc25330c28d (diff) |
- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 105 |
1 files changed, 94 insertions, 11 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 216a8b6ef..e050f4051 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.31 2000/09/07 20:27:54 deraadt Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -27,6 +27,9 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.31 2000/09/07 20:27:54 deraadt Exp $"); | |||
27 | #include "authfile.h" | 27 | #include "authfile.h" |
28 | #include "uuencode.h" | 28 | #include "uuencode.h" |
29 | 29 | ||
30 | #include "buffer.h" | ||
31 | #include "bufaux.h" | ||
32 | |||
30 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 33 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
31 | int bits = 1024; | 34 | int bits = 1024; |
32 | 35 | ||
@@ -108,8 +111,10 @@ try_load_key(char *filename, Key *k) | |||
108 | return success; | 111 | return success; |
109 | } | 112 | } |
110 | 113 | ||
111 | #define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" | 114 | #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" |
112 | #define SSH_COM_MAGIC_END "---- END SSH2 PUBLIC KEY ----" | 115 | #define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----" |
116 | #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" | ||
117 | #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb | ||
113 | 118 | ||
114 | void | 119 | void |
115 | do_convert_to_ssh2(struct passwd *pw) | 120 | do_convert_to_ssh2(struct passwd *pw) |
@@ -131,19 +136,84 @@ do_convert_to_ssh2(struct passwd *pw) | |||
131 | exit(1); | 136 | exit(1); |
132 | } | 137 | } |
133 | dsa_make_key_blob(k, &blob, &len); | 138 | dsa_make_key_blob(k, &blob, &len); |
134 | fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN); | 139 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); |
135 | fprintf(stdout, | 140 | fprintf(stdout, |
136 | "Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n", | 141 | "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", |
137 | BN_num_bits(k->dsa->p), | 142 | key_size(k), key_type(k), |
138 | pw->pw_name, hostname); | 143 | pw->pw_name, hostname); |
139 | dump_base64(stdout, blob, len); | 144 | dump_base64(stdout, blob, len); |
140 | fprintf(stdout, "%s\n", SSH_COM_MAGIC_END); | 145 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
141 | key_free(k); | 146 | key_free(k); |
142 | xfree(blob); | 147 | xfree(blob); |
143 | exit(0); | 148 | exit(0); |
144 | } | 149 | } |
145 | 150 | ||
146 | void | 151 | void |
152 | buffer_get_bignum_bits(Buffer *b, BIGNUM *value) | ||
153 | { | ||
154 | int bits = buffer_get_int(b); | ||
155 | int bytes = (bits + 7) / 8; | ||
156 | if (buffer_len(b) < bytes) | ||
157 | fatal("buffer_get_bignum_bits: input buffer too small"); | ||
158 | BN_bin2bn((unsigned char *)buffer_ptr(b), bytes, value); | ||
159 | buffer_consume(b, bytes); | ||
160 | } | ||
161 | |||
162 | Key * | ||
163 | do_convert_private_ssh2_from_blob(char *blob, int blen) | ||
164 | { | ||
165 | Buffer b; | ||
166 | DSA *dsa; | ||
167 | Key *key = NULL; | ||
168 | int ignore, magic, rlen; | ||
169 | char *type, *cipher; | ||
170 | |||
171 | buffer_init(&b); | ||
172 | buffer_append(&b, blob, blen); | ||
173 | |||
174 | magic = buffer_get_int(&b); | ||
175 | if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { | ||
176 | error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); | ||
177 | buffer_free(&b); | ||
178 | return NULL; | ||
179 | } | ||
180 | ignore = buffer_get_int(&b); | ||
181 | type = buffer_get_string(&b, NULL); | ||
182 | cipher = buffer_get_string(&b, NULL); | ||
183 | ignore = buffer_get_int(&b); | ||
184 | ignore = buffer_get_int(&b); | ||
185 | ignore = buffer_get_int(&b); | ||
186 | xfree(type); | ||
187 | |||
188 | if (strcmp(cipher, "none") != 0) { | ||
189 | error("unsupported cipher %s", cipher); | ||
190 | xfree(cipher); | ||
191 | buffer_free(&b); | ||
192 | return NULL; | ||
193 | } | ||
194 | xfree(cipher); | ||
195 | |||
196 | key = key_new(KEY_DSA); | ||
197 | dsa = key->dsa; | ||
198 | dsa->priv_key = BN_new(); | ||
199 | if (dsa->priv_key == NULL) { | ||
200 | error("alloc priv_key failed"); | ||
201 | key_free(key); | ||
202 | return NULL; | ||
203 | } | ||
204 | buffer_get_bignum_bits(&b, dsa->p); | ||
205 | buffer_get_bignum_bits(&b, dsa->g); | ||
206 | buffer_get_bignum_bits(&b, dsa->q); | ||
207 | buffer_get_bignum_bits(&b, dsa->pub_key); | ||
208 | buffer_get_bignum_bits(&b, dsa->priv_key); | ||
209 | rlen = buffer_len(&b); | ||
210 | if(rlen != 0) | ||
211 | error("do_convert_private_ssh2_from_blob: remaining bytes in key blob %d", rlen); | ||
212 | buffer_free(&b); | ||
213 | return key; | ||
214 | } | ||
215 | |||
216 | void | ||
147 | do_convert_from_ssh2(struct passwd *pw) | 217 | do_convert_from_ssh2(struct passwd *pw) |
148 | { | 218 | { |
149 | Key *k; | 219 | Key *k; |
@@ -152,7 +222,7 @@ do_convert_from_ssh2(struct passwd *pw) | |||
152 | char blob[8096]; | 222 | char blob[8096]; |
153 | char encoded[8096]; | 223 | char encoded[8096]; |
154 | struct stat st; | 224 | struct stat st; |
155 | int escaped = 0; | 225 | int escaped = 0, private = 0, ok; |
156 | FILE *fp; | 226 | FILE *fp; |
157 | 227 | ||
158 | if (!have_identity) | 228 | if (!have_identity) |
@@ -176,6 +246,8 @@ do_convert_from_ssh2(struct passwd *pw) | |||
176 | escaped++; | 246 | escaped++; |
177 | if (strncmp(line, "----", 4) == 0 || | 247 | if (strncmp(line, "----", 4) == 0 || |
178 | strstr(line, ": ") != NULL) { | 248 | strstr(line, ": ") != NULL) { |
249 | if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) | ||
250 | private = 1; | ||
179 | fprintf(stderr, "ignore: %s", line); | 251 | fprintf(stderr, "ignore: %s", line); |
180 | continue; | 252 | continue; |
181 | } | 253 | } |
@@ -192,9 +264,20 @@ do_convert_from_ssh2(struct passwd *pw) | |||
192 | fprintf(stderr, "uudecode failed.\n"); | 264 | fprintf(stderr, "uudecode failed.\n"); |
193 | exit(1); | 265 | exit(1); |
194 | } | 266 | } |
195 | k = dsa_key_from_blob(blob, blen); | 267 | k = private ? |
196 | if (!key_write(k, stdout)) | 268 | do_convert_private_ssh2_from_blob(blob, blen) : |
197 | fprintf(stderr, "key_write failed"); | 269 | dsa_key_from_blob(blob, blen); |
270 | if (k == NULL) { | ||
271 | fprintf(stderr, "decode blob failed.\n"); | ||
272 | exit(1); | ||
273 | } | ||
274 | ok = private ? | ||
275 | PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : | ||
276 | key_write(k, stdout); | ||
277 | if (!ok) { | ||
278 | fprintf(stderr, "key write failed"); | ||
279 | exit(1); | ||
280 | } | ||
198 | key_free(k); | 281 | key_free(k); |
199 | fprintf(stdout, "\n"); | 282 | fprintf(stdout, "\n"); |
200 | fclose(fp); | 283 | fclose(fp); |