diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-26 13:44:06 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-26 13:44:06 +0000 |
| commit | d0fca423fcee576f4787d01f8bad3f9c0efd62ab (patch) | |
| tree | 696cb73350804862b8e39ccb53dc4edff2f68976 /ssh-keygen.c | |
| parent | 7bfff36ca3acf469de9fcad98826562ea6c1fbbe (diff) | |
- markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 133 |
1 files changed, 56 insertions, 77 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7d04dd6c1..b3074e8de 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.51 2001/03/21 14:20:45 jakob Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| @@ -111,19 +111,20 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
| 111 | have_identity = 1; | 111 | have_identity = 1; |
| 112 | } | 112 | } |
| 113 | 113 | ||
| 114 | int | 114 | Key * |
| 115 | try_load_key(char *filename, Key *k) | 115 | try_load_pem_key(char *filename) |
| 116 | { | 116 | { |
| 117 | int success = 1; | 117 | char *pass; |
| 118 | if (!load_private_key(filename, "", k, NULL)) { | 118 | Key *prv; |
| 119 | char *pass = read_passphrase("Enter passphrase: ", 1); | 119 | |
| 120 | if (!load_private_key(filename, pass, k, NULL)) { | 120 | prv = key_load_private(filename, "", NULL); |
| 121 | success = 0; | 121 | if (prv == NULL) { |
| 122 | } | 122 | pass = read_passphrase("Enter passphrase: ", 1); |
| 123 | prv = key_load_private(filename, pass, NULL); | ||
| 123 | memset(pass, 0, strlen(pass)); | 124 | memset(pass, 0, strlen(pass)); |
| 124 | xfree(pass); | 125 | xfree(pass); |
| 125 | } | 126 | } |
| 126 | return success; | 127 | return prv; |
| 127 | } | 128 | } |
| 128 | 129 | ||
| 129 | #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" | 130 | #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" |
| @@ -134,7 +135,7 @@ try_load_key(char *filename, Key *k) | |||
| 134 | void | 135 | void |
| 135 | do_convert_to_ssh2(struct passwd *pw) | 136 | do_convert_to_ssh2(struct passwd *pw) |
| 136 | { | 137 | { |
| 137 | Key *k; | 138 | Key *prv; |
| 138 | int len; | 139 | int len; |
| 139 | u_char *blob; | 140 | u_char *blob; |
| 140 | struct stat st; | 141 | struct stat st; |
| @@ -145,20 +146,20 @@ do_convert_to_ssh2(struct passwd *pw) | |||
| 145 | perror(identity_file); | 146 | perror(identity_file); |
| 146 | exit(1); | 147 | exit(1); |
| 147 | } | 148 | } |
| 148 | k = key_new(KEY_UNSPEC); | 149 | prv = try_load_pem_key(identity_file); |
| 149 | if (!try_load_key(identity_file, k)) { | 150 | if (prv == NULL) { |
| 150 | fprintf(stderr, "load failed\n"); | 151 | fprintf(stderr, "load failed\n"); |
| 151 | exit(1); | 152 | exit(1); |
| 152 | } | 153 | } |
| 153 | key_to_blob(k, &blob, &len); | 154 | key_to_blob(prv, &blob, &len); |
| 154 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); | 155 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); |
| 155 | fprintf(stdout, | 156 | fprintf(stdout, |
| 156 | "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", | 157 | "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", |
| 157 | key_size(k), key_type(k), | 158 | key_size(prv), key_type(prv), |
| 158 | pw->pw_name, hostname); | 159 | pw->pw_name, hostname); |
| 159 | dump_base64(stdout, blob, len); | 160 | dump_base64(stdout, blob, len); |
| 160 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); | 161 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
| 161 | key_free(k); | 162 | key_free(prv); |
| 162 | xfree(blob); | 163 | xfree(blob); |
| 163 | exit(0); | 164 | exit(0); |
| 164 | } | 165 | } |
| @@ -302,7 +303,7 @@ do_convert_from_ssh2(struct passwd *pw) | |||
| 302 | void | 303 | void |
| 303 | do_print_public(struct passwd *pw) | 304 | do_print_public(struct passwd *pw) |
| 304 | { | 305 | { |
| 305 | Key *k; | 306 | Key *prv; |
| 306 | struct stat st; | 307 | struct stat st; |
| 307 | 308 | ||
| 308 | if (!have_identity) | 309 | if (!have_identity) |
| @@ -311,14 +312,14 @@ do_print_public(struct passwd *pw) | |||
| 311 | perror(identity_file); | 312 | perror(identity_file); |
| 312 | exit(1); | 313 | exit(1); |
| 313 | } | 314 | } |
| 314 | k = key_new(KEY_UNSPEC); | 315 | prv = try_load_pem_key(identity_file); |
| 315 | if (!try_load_key(identity_file, k)) { | 316 | if (prv == NULL) { |
| 316 | fprintf(stderr, "load failed\n"); | 317 | fprintf(stderr, "load failed\n"); |
| 317 | exit(1); | 318 | exit(1); |
| 318 | } | 319 | } |
| 319 | if (!key_write(k, stdout)) | 320 | if (!key_write(prv, stdout)) |
| 320 | fprintf(stderr, "key_write failed"); | 321 | fprintf(stderr, "key_write failed"); |
| 321 | key_free(k); | 322 | key_free(prv); |
| 322 | fprintf(stdout, "\n"); | 323 | fprintf(stdout, "\n"); |
| 323 | exit(0); | 324 | exit(0); |
| 324 | } | 325 | } |
| @@ -329,11 +330,11 @@ do_fingerprint(struct passwd *pw) | |||
| 329 | FILE *f; | 330 | FILE *f; |
| 330 | Key *public; | 331 | Key *public; |
| 331 | char *comment = NULL, *cp, *ep, line[16*1024], *fp; | 332 | char *comment = NULL, *cp, *ep, line[16*1024], *fp; |
| 332 | int i, skip = 0, num = 1, invalid = 1, success = 0, rep, type; | 333 | int i, skip = 0, num = 1, invalid = 1, rep, fptype; |
| 333 | struct stat st; | 334 | struct stat st; |
| 334 | 335 | ||
| 335 | type = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | 336 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
| 336 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | 337 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
| 337 | 338 | ||
| 338 | if (!have_identity) | 339 | if (!have_identity) |
| 339 | ask_filename(pw, "Enter file in which the key is"); | 340 | ask_filename(pw, "Enter file in which the key is"); |
| @@ -341,26 +342,17 @@ do_fingerprint(struct passwd *pw) | |||
| 341 | perror(identity_file); | 342 | perror(identity_file); |
| 342 | exit(1); | 343 | exit(1); |
| 343 | } | 344 | } |
| 344 | public = key_new(KEY_RSA1); | 345 | public = key_load_public(identity_file, &comment); |
| 345 | if (load_public_key(identity_file, public, &comment)) { | 346 | if (public != NULL) { |
| 346 | success = 1; | 347 | fp = key_fingerprint(public, fptype, rep); |
| 347 | } else { | 348 | printf("%d %s %s\n", key_size(public), fp, comment); |
| 348 | key_free(public); | ||
| 349 | public = key_new(KEY_UNSPEC); | ||
| 350 | if (try_load_public_key(identity_file, public, &comment)) | ||
| 351 | success = 1; | ||
| 352 | else | ||
| 353 | debug("try_load_public_key KEY_UNSPEC failed"); | ||
| 354 | } | ||
| 355 | if (success) { | ||
| 356 | fp = key_fingerprint(public, type, rep); | ||
| 357 | printf("%d %s %s\n", key_size(public), | ||
| 358 | fp, comment); | ||
| 359 | key_free(public); | 349 | key_free(public); |
| 360 | xfree(comment); | 350 | xfree(comment); |
| 361 | xfree(fp); | 351 | xfree(fp); |
| 362 | exit(0); | 352 | exit(0); |
| 363 | } | 353 | } |
| 354 | if (comment) | ||
| 355 | xfree(comment); | ||
| 364 | 356 | ||
| 365 | f = fopen(identity_file, "r"); | 357 | f = fopen(identity_file, "r"); |
| 366 | if (f != NULL) { | 358 | if (f != NULL) { |
| @@ -409,15 +401,15 @@ do_fingerprint(struct passwd *pw) | |||
| 409 | } | 401 | } |
| 410 | } | 402 | } |
| 411 | comment = *cp ? cp : comment; | 403 | comment = *cp ? cp : comment; |
| 412 | fp = key_fingerprint(public, type, rep); | 404 | fp = key_fingerprint(public, fptype, rep); |
| 413 | printf("%d %s %s\n", key_size(public), fp, | 405 | printf("%d %s %s\n", key_size(public), fp, |
| 414 | comment ? comment : "no comment"); | 406 | comment ? comment : "no comment"); |
| 415 | xfree(fp); | 407 | xfree(fp); |
| 408 | key_free(public); | ||
| 416 | invalid = 0; | 409 | invalid = 0; |
| 417 | } | 410 | } |
| 418 | fclose(f); | 411 | fclose(f); |
| 419 | } | 412 | } |
| 420 | key_free(public); | ||
| 421 | if (invalid) { | 413 | if (invalid) { |
| 422 | printf("%s is not a valid key file.\n", identity_file); | 414 | printf("%s is not a valid key file.\n", identity_file); |
| 423 | exit(1); | 415 | exit(1); |
| @@ -436,8 +428,6 @@ do_change_passphrase(struct passwd *pw) | |||
| 436 | char *old_passphrase, *passphrase1, *passphrase2; | 428 | char *old_passphrase, *passphrase1, *passphrase2; |
| 437 | struct stat st; | 429 | struct stat st; |
| 438 | Key *private; | 430 | Key *private; |
| 439 | Key *public; | ||
| 440 | int type = KEY_RSA1; | ||
| 441 | 431 | ||
| 442 | if (!have_identity) | 432 | if (!have_identity) |
| 443 | ask_filename(pw, "Enter file in which the key is"); | 433 | ask_filename(pw, "Enter file in which the key is"); |
| @@ -445,28 +435,20 @@ do_change_passphrase(struct passwd *pw) | |||
| 445 | perror(identity_file); | 435 | perror(identity_file); |
| 446 | exit(1); | 436 | exit(1); |
| 447 | } | 437 | } |
| 448 | public = key_new(type); | ||
| 449 | if (!load_public_key(identity_file, public, NULL)) { | ||
| 450 | type = KEY_UNSPEC; | ||
| 451 | } else { | ||
| 452 | /* Clear the public key since we are just about to load the whole file. */ | ||
| 453 | key_free(public); | ||
| 454 | } | ||
| 455 | /* Try to load the file with empty passphrase. */ | 438 | /* Try to load the file with empty passphrase. */ |
| 456 | private = key_new(type); | 439 | private = key_load_private(identity_file, "", &comment); |
| 457 | if (!load_private_key(identity_file, "", private, &comment)) { | 440 | if (private == NULL) { |
| 458 | if (identity_passphrase) | 441 | if (identity_passphrase) |
| 459 | old_passphrase = xstrdup(identity_passphrase); | 442 | old_passphrase = xstrdup(identity_passphrase); |
| 460 | else | 443 | else |
| 461 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); | 444 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); |
| 462 | if (!load_private_key(identity_file, old_passphrase, private, &comment)) { | 445 | private = key_load_private(identity_file, old_passphrase , &comment); |
| 463 | memset(old_passphrase, 0, strlen(old_passphrase)); | 446 | memset(old_passphrase, 0, strlen(old_passphrase)); |
| 464 | xfree(old_passphrase); | 447 | xfree(old_passphrase); |
| 448 | if (private == NULL) { | ||
| 465 | printf("Bad passphrase.\n"); | 449 | printf("Bad passphrase.\n"); |
| 466 | exit(1); | 450 | exit(1); |
| 467 | } | 451 | } |
| 468 | memset(old_passphrase, 0, strlen(old_passphrase)); | ||
| 469 | xfree(old_passphrase); | ||
| 470 | } | 452 | } |
| 471 | printf("Key has comment '%s'\n", comment); | 453 | printf("Key has comment '%s'\n", comment); |
| 472 | 454 | ||
| @@ -494,7 +476,7 @@ do_change_passphrase(struct passwd *pw) | |||
| 494 | } | 476 | } |
| 495 | 477 | ||
| 496 | /* Save the file using the new passphrase. */ | 478 | /* Save the file using the new passphrase. */ |
| 497 | if (!save_private_key(identity_file, passphrase1, private, comment)) { | 479 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
| 498 | printf("Saving the key failed: %s: %s.\n", | 480 | printf("Saving the key failed: %s: %s.\n", |
| 499 | identity_file, strerror(errno)); | 481 | identity_file, strerror(errno)); |
| 500 | memset(passphrase1, 0, strlen(passphrase1)); | 482 | memset(passphrase1, 0, strlen(passphrase1)); |
| @@ -520,7 +502,8 @@ void | |||
| 520 | do_change_comment(struct passwd *pw) | 502 | do_change_comment(struct passwd *pw) |
| 521 | { | 503 | { |
| 522 | char new_comment[1024], *comment, *passphrase; | 504 | char new_comment[1024], *comment, *passphrase; |
| 523 | Key *private, *public; | 505 | Key *private; |
| 506 | Key *public; | ||
| 524 | struct stat st; | 507 | struct stat st; |
| 525 | FILE *f; | 508 | FILE *f; |
| 526 | int fd; | 509 | int fd; |
| @@ -531,21 +514,8 @@ do_change_comment(struct passwd *pw) | |||
| 531 | perror(identity_file); | 514 | perror(identity_file); |
| 532 | exit(1); | 515 | exit(1); |
| 533 | } | 516 | } |
| 534 | /* | 517 | private = key_load_private(identity_file, "", &comment); |
| 535 | * Try to load the public key from the file the verify that it is | 518 | if (private == NULL) { |
| 536 | * readable and of the proper format. | ||
| 537 | */ | ||
| 538 | public = key_new(KEY_RSA1); | ||
| 539 | if (!load_public_key(identity_file, public, NULL)) { | ||
| 540 | printf("%s is not a valid key file.\n", identity_file); | ||
| 541 | printf("Comments are only supported in RSA1 keys\n"); | ||
| 542 | exit(1); | ||
| 543 | } | ||
| 544 | |||
| 545 | private = key_new(KEY_RSA1); | ||
| 546 | if (load_private_key(identity_file, "", private, &comment)) | ||
| 547 | passphrase = xstrdup(""); | ||
| 548 | else { | ||
| 549 | if (identity_passphrase) | 519 | if (identity_passphrase) |
| 550 | passphrase = xstrdup(identity_passphrase); | 520 | passphrase = xstrdup(identity_passphrase); |
| 551 | else if (identity_new_passphrase) | 521 | else if (identity_new_passphrase) |
| @@ -553,13 +523,21 @@ do_change_comment(struct passwd *pw) | |||
| 553 | else | 523 | else |
| 554 | passphrase = read_passphrase("Enter passphrase: ", 1); | 524 | passphrase = read_passphrase("Enter passphrase: ", 1); |
| 555 | /* Try to load using the passphrase. */ | 525 | /* Try to load using the passphrase. */ |
| 556 | if (!load_private_key(identity_file, passphrase, private, &comment)) { | 526 | private = key_load_private(identity_file, passphrase, &comment); |
| 527 | if (private == NULL) { | ||
| 557 | memset(passphrase, 0, strlen(passphrase)); | 528 | memset(passphrase, 0, strlen(passphrase)); |
| 558 | xfree(passphrase); | 529 | xfree(passphrase); |
| 559 | printf("Bad passphrase.\n"); | 530 | printf("Bad passphrase.\n"); |
| 560 | exit(1); | 531 | exit(1); |
| 561 | } | 532 | } |
| 533 | } else { | ||
| 534 | passphrase = xstrdup(""); | ||
| 562 | } | 535 | } |
| 536 | if (private->type != KEY_RSA1) { | ||
| 537 | fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); | ||
| 538 | key_free(private); | ||
| 539 | exit(1); | ||
| 540 | } | ||
| 563 | printf("Key now has comment '%s'\n", comment); | 541 | printf("Key now has comment '%s'\n", comment); |
| 564 | 542 | ||
| 565 | if (identity_comment) { | 543 | if (identity_comment) { |
| @@ -577,7 +555,7 @@ do_change_comment(struct passwd *pw) | |||
| 577 | } | 555 | } |
| 578 | 556 | ||
| 579 | /* Save the file using the new passphrase. */ | 557 | /* Save the file using the new passphrase. */ |
| 580 | if (!save_private_key(identity_file, passphrase, private, new_comment)) { | 558 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { |
| 581 | printf("Saving the key failed: %s: %s.\n", | 559 | printf("Saving the key failed: %s: %s.\n", |
| 582 | identity_file, strerror(errno)); | 560 | identity_file, strerror(errno)); |
| 583 | memset(passphrase, 0, strlen(passphrase)); | 561 | memset(passphrase, 0, strlen(passphrase)); |
| @@ -588,6 +566,7 @@ do_change_comment(struct passwd *pw) | |||
| 588 | } | 566 | } |
| 589 | memset(passphrase, 0, strlen(passphrase)); | 567 | memset(passphrase, 0, strlen(passphrase)); |
| 590 | xfree(passphrase); | 568 | xfree(passphrase); |
| 569 | public = key_from_private(private); | ||
| 591 | key_free(private); | 570 | key_free(private); |
| 592 | 571 | ||
| 593 | strlcat(identity_file, ".pub", sizeof(identity_file)); | 572 | strlcat(identity_file, ".pub", sizeof(identity_file)); |
| @@ -823,7 +802,7 @@ passphrase_again: | |||
| 823 | } | 802 | } |
| 824 | 803 | ||
| 825 | /* Save the key with the given passphrase and comment. */ | 804 | /* Save the key with the given passphrase and comment. */ |
| 826 | if (!save_private_key(identity_file, passphrase1, private, comment)) { | 805 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
| 827 | printf("Saving the key failed: %s: %s.\n", | 806 | printf("Saving the key failed: %s: %s.\n", |
| 828 | identity_file, strerror(errno)); | 807 | identity_file, strerror(errno)); |
| 829 | memset(passphrase1, 0, strlen(passphrase1)); | 808 | memset(passphrase1, 0, strlen(passphrase1)); |