diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-26 13:44:06 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-26 13:44:06 +0000 |
commit | d0fca423fcee576f4787d01f8bad3f9c0efd62ab (patch) | |
tree | 696cb73350804862b8e39ccb53dc4edff2f68976 /ssh-keygen.c | |
parent | 7bfff36ca3acf469de9fcad98826562ea6c1fbbe (diff) |
- markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 133 |
1 files changed, 56 insertions, 77 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7d04dd6c1..b3074e8de 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.51 2001/03/21 14:20:45 jakob Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -111,19 +111,20 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
111 | have_identity = 1; | 111 | have_identity = 1; |
112 | } | 112 | } |
113 | 113 | ||
114 | int | 114 | Key * |
115 | try_load_key(char *filename, Key *k) | 115 | try_load_pem_key(char *filename) |
116 | { | 116 | { |
117 | int success = 1; | 117 | char *pass; |
118 | if (!load_private_key(filename, "", k, NULL)) { | 118 | Key *prv; |
119 | char *pass = read_passphrase("Enter passphrase: ", 1); | 119 | |
120 | if (!load_private_key(filename, pass, k, NULL)) { | 120 | prv = key_load_private(filename, "", NULL); |
121 | success = 0; | 121 | if (prv == NULL) { |
122 | } | 122 | pass = read_passphrase("Enter passphrase: ", 1); |
123 | prv = key_load_private(filename, pass, NULL); | ||
123 | memset(pass, 0, strlen(pass)); | 124 | memset(pass, 0, strlen(pass)); |
124 | xfree(pass); | 125 | xfree(pass); |
125 | } | 126 | } |
126 | return success; | 127 | return prv; |
127 | } | 128 | } |
128 | 129 | ||
129 | #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" | 130 | #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" |
@@ -134,7 +135,7 @@ try_load_key(char *filename, Key *k) | |||
134 | void | 135 | void |
135 | do_convert_to_ssh2(struct passwd *pw) | 136 | do_convert_to_ssh2(struct passwd *pw) |
136 | { | 137 | { |
137 | Key *k; | 138 | Key *prv; |
138 | int len; | 139 | int len; |
139 | u_char *blob; | 140 | u_char *blob; |
140 | struct stat st; | 141 | struct stat st; |
@@ -145,20 +146,20 @@ do_convert_to_ssh2(struct passwd *pw) | |||
145 | perror(identity_file); | 146 | perror(identity_file); |
146 | exit(1); | 147 | exit(1); |
147 | } | 148 | } |
148 | k = key_new(KEY_UNSPEC); | 149 | prv = try_load_pem_key(identity_file); |
149 | if (!try_load_key(identity_file, k)) { | 150 | if (prv == NULL) { |
150 | fprintf(stderr, "load failed\n"); | 151 | fprintf(stderr, "load failed\n"); |
151 | exit(1); | 152 | exit(1); |
152 | } | 153 | } |
153 | key_to_blob(k, &blob, &len); | 154 | key_to_blob(prv, &blob, &len); |
154 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); | 155 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); |
155 | fprintf(stdout, | 156 | fprintf(stdout, |
156 | "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", | 157 | "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", |
157 | key_size(k), key_type(k), | 158 | key_size(prv), key_type(prv), |
158 | pw->pw_name, hostname); | 159 | pw->pw_name, hostname); |
159 | dump_base64(stdout, blob, len); | 160 | dump_base64(stdout, blob, len); |
160 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); | 161 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
161 | key_free(k); | 162 | key_free(prv); |
162 | xfree(blob); | 163 | xfree(blob); |
163 | exit(0); | 164 | exit(0); |
164 | } | 165 | } |
@@ -302,7 +303,7 @@ do_convert_from_ssh2(struct passwd *pw) | |||
302 | void | 303 | void |
303 | do_print_public(struct passwd *pw) | 304 | do_print_public(struct passwd *pw) |
304 | { | 305 | { |
305 | Key *k; | 306 | Key *prv; |
306 | struct stat st; | 307 | struct stat st; |
307 | 308 | ||
308 | if (!have_identity) | 309 | if (!have_identity) |
@@ -311,14 +312,14 @@ do_print_public(struct passwd *pw) | |||
311 | perror(identity_file); | 312 | perror(identity_file); |
312 | exit(1); | 313 | exit(1); |
313 | } | 314 | } |
314 | k = key_new(KEY_UNSPEC); | 315 | prv = try_load_pem_key(identity_file); |
315 | if (!try_load_key(identity_file, k)) { | 316 | if (prv == NULL) { |
316 | fprintf(stderr, "load failed\n"); | 317 | fprintf(stderr, "load failed\n"); |
317 | exit(1); | 318 | exit(1); |
318 | } | 319 | } |
319 | if (!key_write(k, stdout)) | 320 | if (!key_write(prv, stdout)) |
320 | fprintf(stderr, "key_write failed"); | 321 | fprintf(stderr, "key_write failed"); |
321 | key_free(k); | 322 | key_free(prv); |
322 | fprintf(stdout, "\n"); | 323 | fprintf(stdout, "\n"); |
323 | exit(0); | 324 | exit(0); |
324 | } | 325 | } |
@@ -329,11 +330,11 @@ do_fingerprint(struct passwd *pw) | |||
329 | FILE *f; | 330 | FILE *f; |
330 | Key *public; | 331 | Key *public; |
331 | char *comment = NULL, *cp, *ep, line[16*1024], *fp; | 332 | char *comment = NULL, *cp, *ep, line[16*1024], *fp; |
332 | int i, skip = 0, num = 1, invalid = 1, success = 0, rep, type; | 333 | int i, skip = 0, num = 1, invalid = 1, rep, fptype; |
333 | struct stat st; | 334 | struct stat st; |
334 | 335 | ||
335 | type = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | 336 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
336 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | 337 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
337 | 338 | ||
338 | if (!have_identity) | 339 | if (!have_identity) |
339 | ask_filename(pw, "Enter file in which the key is"); | 340 | ask_filename(pw, "Enter file in which the key is"); |
@@ -341,26 +342,17 @@ do_fingerprint(struct passwd *pw) | |||
341 | perror(identity_file); | 342 | perror(identity_file); |
342 | exit(1); | 343 | exit(1); |
343 | } | 344 | } |
344 | public = key_new(KEY_RSA1); | 345 | public = key_load_public(identity_file, &comment); |
345 | if (load_public_key(identity_file, public, &comment)) { | 346 | if (public != NULL) { |
346 | success = 1; | 347 | fp = key_fingerprint(public, fptype, rep); |
347 | } else { | 348 | printf("%d %s %s\n", key_size(public), fp, comment); |
348 | key_free(public); | ||
349 | public = key_new(KEY_UNSPEC); | ||
350 | if (try_load_public_key(identity_file, public, &comment)) | ||
351 | success = 1; | ||
352 | else | ||
353 | debug("try_load_public_key KEY_UNSPEC failed"); | ||
354 | } | ||
355 | if (success) { | ||
356 | fp = key_fingerprint(public, type, rep); | ||
357 | printf("%d %s %s\n", key_size(public), | ||
358 | fp, comment); | ||
359 | key_free(public); | 349 | key_free(public); |
360 | xfree(comment); | 350 | xfree(comment); |
361 | xfree(fp); | 351 | xfree(fp); |
362 | exit(0); | 352 | exit(0); |
363 | } | 353 | } |
354 | if (comment) | ||
355 | xfree(comment); | ||
364 | 356 | ||
365 | f = fopen(identity_file, "r"); | 357 | f = fopen(identity_file, "r"); |
366 | if (f != NULL) { | 358 | if (f != NULL) { |
@@ -409,15 +401,15 @@ do_fingerprint(struct passwd *pw) | |||
409 | } | 401 | } |
410 | } | 402 | } |
411 | comment = *cp ? cp : comment; | 403 | comment = *cp ? cp : comment; |
412 | fp = key_fingerprint(public, type, rep); | 404 | fp = key_fingerprint(public, fptype, rep); |
413 | printf("%d %s %s\n", key_size(public), fp, | 405 | printf("%d %s %s\n", key_size(public), fp, |
414 | comment ? comment : "no comment"); | 406 | comment ? comment : "no comment"); |
415 | xfree(fp); | 407 | xfree(fp); |
408 | key_free(public); | ||
416 | invalid = 0; | 409 | invalid = 0; |
417 | } | 410 | } |
418 | fclose(f); | 411 | fclose(f); |
419 | } | 412 | } |
420 | key_free(public); | ||
421 | if (invalid) { | 413 | if (invalid) { |
422 | printf("%s is not a valid key file.\n", identity_file); | 414 | printf("%s is not a valid key file.\n", identity_file); |
423 | exit(1); | 415 | exit(1); |
@@ -436,8 +428,6 @@ do_change_passphrase(struct passwd *pw) | |||
436 | char *old_passphrase, *passphrase1, *passphrase2; | 428 | char *old_passphrase, *passphrase1, *passphrase2; |
437 | struct stat st; | 429 | struct stat st; |
438 | Key *private; | 430 | Key *private; |
439 | Key *public; | ||
440 | int type = KEY_RSA1; | ||
441 | 431 | ||
442 | if (!have_identity) | 432 | if (!have_identity) |
443 | ask_filename(pw, "Enter file in which the key is"); | 433 | ask_filename(pw, "Enter file in which the key is"); |
@@ -445,28 +435,20 @@ do_change_passphrase(struct passwd *pw) | |||
445 | perror(identity_file); | 435 | perror(identity_file); |
446 | exit(1); | 436 | exit(1); |
447 | } | 437 | } |
448 | public = key_new(type); | ||
449 | if (!load_public_key(identity_file, public, NULL)) { | ||
450 | type = KEY_UNSPEC; | ||
451 | } else { | ||
452 | /* Clear the public key since we are just about to load the whole file. */ | ||
453 | key_free(public); | ||
454 | } | ||
455 | /* Try to load the file with empty passphrase. */ | 438 | /* Try to load the file with empty passphrase. */ |
456 | private = key_new(type); | 439 | private = key_load_private(identity_file, "", &comment); |
457 | if (!load_private_key(identity_file, "", private, &comment)) { | 440 | if (private == NULL) { |
458 | if (identity_passphrase) | 441 | if (identity_passphrase) |
459 | old_passphrase = xstrdup(identity_passphrase); | 442 | old_passphrase = xstrdup(identity_passphrase); |
460 | else | 443 | else |
461 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); | 444 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); |
462 | if (!load_private_key(identity_file, old_passphrase, private, &comment)) { | 445 | private = key_load_private(identity_file, old_passphrase , &comment); |
463 | memset(old_passphrase, 0, strlen(old_passphrase)); | 446 | memset(old_passphrase, 0, strlen(old_passphrase)); |
464 | xfree(old_passphrase); | 447 | xfree(old_passphrase); |
448 | if (private == NULL) { | ||
465 | printf("Bad passphrase.\n"); | 449 | printf("Bad passphrase.\n"); |
466 | exit(1); | 450 | exit(1); |
467 | } | 451 | } |
468 | memset(old_passphrase, 0, strlen(old_passphrase)); | ||
469 | xfree(old_passphrase); | ||
470 | } | 452 | } |
471 | printf("Key has comment '%s'\n", comment); | 453 | printf("Key has comment '%s'\n", comment); |
472 | 454 | ||
@@ -494,7 +476,7 @@ do_change_passphrase(struct passwd *pw) | |||
494 | } | 476 | } |
495 | 477 | ||
496 | /* Save the file using the new passphrase. */ | 478 | /* Save the file using the new passphrase. */ |
497 | if (!save_private_key(identity_file, passphrase1, private, comment)) { | 479 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
498 | printf("Saving the key failed: %s: %s.\n", | 480 | printf("Saving the key failed: %s: %s.\n", |
499 | identity_file, strerror(errno)); | 481 | identity_file, strerror(errno)); |
500 | memset(passphrase1, 0, strlen(passphrase1)); | 482 | memset(passphrase1, 0, strlen(passphrase1)); |
@@ -520,7 +502,8 @@ void | |||
520 | do_change_comment(struct passwd *pw) | 502 | do_change_comment(struct passwd *pw) |
521 | { | 503 | { |
522 | char new_comment[1024], *comment, *passphrase; | 504 | char new_comment[1024], *comment, *passphrase; |
523 | Key *private, *public; | 505 | Key *private; |
506 | Key *public; | ||
524 | struct stat st; | 507 | struct stat st; |
525 | FILE *f; | 508 | FILE *f; |
526 | int fd; | 509 | int fd; |
@@ -531,21 +514,8 @@ do_change_comment(struct passwd *pw) | |||
531 | perror(identity_file); | 514 | perror(identity_file); |
532 | exit(1); | 515 | exit(1); |
533 | } | 516 | } |
534 | /* | 517 | private = key_load_private(identity_file, "", &comment); |
535 | * Try to load the public key from the file the verify that it is | 518 | if (private == NULL) { |
536 | * readable and of the proper format. | ||
537 | */ | ||
538 | public = key_new(KEY_RSA1); | ||
539 | if (!load_public_key(identity_file, public, NULL)) { | ||
540 | printf("%s is not a valid key file.\n", identity_file); | ||
541 | printf("Comments are only supported in RSA1 keys\n"); | ||
542 | exit(1); | ||
543 | } | ||
544 | |||
545 | private = key_new(KEY_RSA1); | ||
546 | if (load_private_key(identity_file, "", private, &comment)) | ||
547 | passphrase = xstrdup(""); | ||
548 | else { | ||
549 | if (identity_passphrase) | 519 | if (identity_passphrase) |
550 | passphrase = xstrdup(identity_passphrase); | 520 | passphrase = xstrdup(identity_passphrase); |
551 | else if (identity_new_passphrase) | 521 | else if (identity_new_passphrase) |
@@ -553,13 +523,21 @@ do_change_comment(struct passwd *pw) | |||
553 | else | 523 | else |
554 | passphrase = read_passphrase("Enter passphrase: ", 1); | 524 | passphrase = read_passphrase("Enter passphrase: ", 1); |
555 | /* Try to load using the passphrase. */ | 525 | /* Try to load using the passphrase. */ |
556 | if (!load_private_key(identity_file, passphrase, private, &comment)) { | 526 | private = key_load_private(identity_file, passphrase, &comment); |
527 | if (private == NULL) { | ||
557 | memset(passphrase, 0, strlen(passphrase)); | 528 | memset(passphrase, 0, strlen(passphrase)); |
558 | xfree(passphrase); | 529 | xfree(passphrase); |
559 | printf("Bad passphrase.\n"); | 530 | printf("Bad passphrase.\n"); |
560 | exit(1); | 531 | exit(1); |
561 | } | 532 | } |
533 | } else { | ||
534 | passphrase = xstrdup(""); | ||
562 | } | 535 | } |
536 | if (private->type != KEY_RSA1) { | ||
537 | fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); | ||
538 | key_free(private); | ||
539 | exit(1); | ||
540 | } | ||
563 | printf("Key now has comment '%s'\n", comment); | 541 | printf("Key now has comment '%s'\n", comment); |
564 | 542 | ||
565 | if (identity_comment) { | 543 | if (identity_comment) { |
@@ -577,7 +555,7 @@ do_change_comment(struct passwd *pw) | |||
577 | } | 555 | } |
578 | 556 | ||
579 | /* Save the file using the new passphrase. */ | 557 | /* Save the file using the new passphrase. */ |
580 | if (!save_private_key(identity_file, passphrase, private, new_comment)) { | 558 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { |
581 | printf("Saving the key failed: %s: %s.\n", | 559 | printf("Saving the key failed: %s: %s.\n", |
582 | identity_file, strerror(errno)); | 560 | identity_file, strerror(errno)); |
583 | memset(passphrase, 0, strlen(passphrase)); | 561 | memset(passphrase, 0, strlen(passphrase)); |
@@ -588,6 +566,7 @@ do_change_comment(struct passwd *pw) | |||
588 | } | 566 | } |
589 | memset(passphrase, 0, strlen(passphrase)); | 567 | memset(passphrase, 0, strlen(passphrase)); |
590 | xfree(passphrase); | 568 | xfree(passphrase); |
569 | public = key_from_private(private); | ||
591 | key_free(private); | 570 | key_free(private); |
592 | 571 | ||
593 | strlcat(identity_file, ".pub", sizeof(identity_file)); | 572 | strlcat(identity_file, ".pub", sizeof(identity_file)); |
@@ -823,7 +802,7 @@ passphrase_again: | |||
823 | } | 802 | } |
824 | 803 | ||
825 | /* Save the key with the given passphrase and comment. */ | 804 | /* Save the key with the given passphrase and comment. */ |
826 | if (!save_private_key(identity_file, passphrase1, private, comment)) { | 805 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
827 | printf("Saving the key failed: %s: %s.\n", | 806 | printf("Saving the key failed: %s: %s.\n", |
828 | identity_file, strerror(errno)); | 807 | identity_file, strerror(errno)); |
829 | memset(passphrase1, 0, strlen(passphrase1)); | 808 | memset(passphrase1, 0, strlen(passphrase1)); |