summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c115
1 files changed, 58 insertions, 57 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e050f4051..76edc5301 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $");
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "key.h" 24#include "key.h"
25#include "rsa.h" 25#include "rsa.h"
26#include "dsa.h"
27#include "authfile.h" 26#include "authfile.h"
28#include "uuencode.h" 27#include "uuencode.h"
29 28
@@ -67,7 +66,10 @@ char *identity_comment = NULL;
67int convert_to_ssh2 = 0; 66int convert_to_ssh2 = 0;
68int convert_from_ssh2 = 0; 67int convert_from_ssh2 = 0;
69int print_public = 0; 68int print_public = 0;
70int dsa_mode = 0; 69
70/* key type */
71int dsa_mode = 0; /* compat */
72char *key_type_name = NULL;
71 73
72/* argv0 */ 74/* argv0 */
73#ifdef HAVE___PROGNAME 75#ifdef HAVE___PROGNAME
@@ -130,12 +132,12 @@ do_convert_to_ssh2(struct passwd *pw)
130 perror(identity_file); 132 perror(identity_file);
131 exit(1); 133 exit(1);
132 } 134 }
133 k = key_new(KEY_DSA); 135 k = key_new(KEY_UNSPEC);
134 if (!try_load_key(identity_file, k)) { 136 if (!try_load_key(identity_file, k)) {
135 fprintf(stderr, "load failed\n"); 137 fprintf(stderr, "load failed\n");
136 exit(1); 138 exit(1);
137 } 139 }
138 dsa_make_key_blob(k, &blob, &len); 140 key_to_blob(k, &blob, &len);
139 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); 141 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
140 fprintf(stdout, 142 fprintf(stdout,
141 "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", 143 "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
@@ -266,7 +268,7 @@ do_convert_from_ssh2(struct passwd *pw)
266 } 268 }
267 k = private ? 269 k = private ?
268 do_convert_private_ssh2_from_blob(blob, blen) : 270 do_convert_private_ssh2_from_blob(blob, blen) :
269 dsa_key_from_blob(blob, blen); 271 key_from_blob(blob, blen);
270 if (k == NULL) { 272 if (k == NULL) {
271 fprintf(stderr, "decode blob failed.\n"); 273 fprintf(stderr, "decode blob failed.\n");
272 exit(1); 274 exit(1);
@@ -288,8 +290,6 @@ void
288do_print_public(struct passwd *pw) 290do_print_public(struct passwd *pw)
289{ 291{
290 Key *k; 292 Key *k;
291 int len;
292 unsigned char *blob;
293 struct stat st; 293 struct stat st;
294 294
295 if (!have_identity) 295 if (!have_identity)
@@ -298,16 +298,14 @@ do_print_public(struct passwd *pw)
298 perror(identity_file); 298 perror(identity_file);
299 exit(1); 299 exit(1);
300 } 300 }
301 k = key_new(KEY_DSA); 301 k = key_new(KEY_UNSPEC);
302 if (!try_load_key(identity_file, k)) { 302 if (!try_load_key(identity_file, k)) {
303 fprintf(stderr, "load failed\n"); 303 fprintf(stderr, "load failed\n");
304 exit(1); 304 exit(1);
305 } 305 }
306 dsa_make_key_blob(k, &blob, &len);
307 if (!key_write(k, stdout)) 306 if (!key_write(k, stdout))
308 fprintf(stderr, "key_write failed"); 307 fprintf(stderr, "key_write failed");
309 key_free(k); 308 key_free(k);
310 xfree(blob);
311 fprintf(stdout, "\n"); 309 fprintf(stdout, "\n");
312 exit(0); 310 exit(0);
313} 311}
@@ -315,12 +313,11 @@ do_print_public(struct passwd *pw)
315void 313void
316do_fingerprint(struct passwd *pw) 314do_fingerprint(struct passwd *pw)
317{ 315{
318 /* XXX RSA1 only */
319 316
320 FILE *f; 317 FILE *f;
321 Key *public; 318 Key *public;
322 char *comment = NULL, *cp, *ep, line[16*1024]; 319 char *comment = NULL, *cp, *ep, line[16*1024];
323 int i, skip = 0, num = 1, invalid = 1; 320 int i, skip = 0, num = 1, invalid = 1, success = 0;
324 unsigned int ignore; 321 unsigned int ignore;
325 struct stat st; 322 struct stat st;
326 323
@@ -330,14 +327,27 @@ do_fingerprint(struct passwd *pw)
330 perror(identity_file); 327 perror(identity_file);
331 exit(1); 328 exit(1);
332 } 329 }
333 public = key_new(KEY_RSA); 330 public = key_new(KEY_RSA1);
334 if (load_public_key(identity_file, public, &comment)) { 331 if (load_public_key(identity_file, public, &comment)) {
335 printf("%d %s %s\n", BN_num_bits(public->rsa->n), 332 success = 1;
336 key_fingerprint(public), comment); 333 } else {
334 key_free(public);
335 public = key_new(KEY_UNSPEC);
336 if (try_load_public_key(identity_file, public, &comment))
337 success = 1;
338 else
339 error("try_load_public_key KEY_UNSPEC failed");
340 }
341 if (success) {
342 printf("%d %s %s\n", key_size(public), key_fingerprint(public), comment);
337 key_free(public); 343 key_free(public);
344 xfree(comment);
338 exit(0); 345 exit(0);
339 } 346 }
340 347
348 /* XXX RSA1 only */
349
350 public = key_new(KEY_RSA1);
341 f = fopen(identity_file, "r"); 351 f = fopen(identity_file, "r");
342 if (f != NULL) { 352 if (f != NULL) {
343 while (fgets(line, sizeof(line), f)) { 353 while (fgets(line, sizeof(line), f)) {
@@ -404,7 +414,7 @@ do_change_passphrase(struct passwd *pw)
404 struct stat st; 414 struct stat st;
405 Key *private; 415 Key *private;
406 Key *public; 416 Key *public;
407 int type = dsa_mode ? KEY_DSA : KEY_RSA; 417 int type = KEY_RSA1;
408 418
409 if (!have_identity) 419 if (!have_identity)
410 ask_filename(pw, "Enter file in which the key is"); 420 ask_filename(pw, "Enter file in which the key is");
@@ -412,18 +422,13 @@ do_change_passphrase(struct passwd *pw)
412 perror(identity_file); 422 perror(identity_file);
413 exit(1); 423 exit(1);
414 } 424 }
415 425 public = key_new(type);
416 if (type == KEY_RSA) { 426 if (!load_public_key(identity_file, public, NULL)) {
417 /* XXX this works currently only for RSA */ 427 type = KEY_UNSPEC;
418 public = key_new(type); 428 } else {
419 if (!load_public_key(identity_file, public, NULL)) {
420 printf("%s is not a valid key file.\n", identity_file);
421 exit(1);
422 }
423 /* Clear the public key since we are just about to load the whole file. */ 429 /* Clear the public key since we are just about to load the whole file. */
424 key_free(public); 430 key_free(public);
425 } 431 }
426
427 /* Try to load the file with empty passphrase. */ 432 /* Try to load the file with empty passphrase. */
428 private = key_new(type); 433 private = key_new(type);
429 if (!load_private_key(identity_file, "", private, &comment)) { 434 if (!load_private_key(identity_file, "", private, &comment)) {
@@ -508,13 +513,13 @@ do_change_comment(struct passwd *pw)
508 * Try to load the public key from the file the verify that it is 513 * Try to load the public key from the file the verify that it is
509 * readable and of the proper format. 514 * readable and of the proper format.
510 */ 515 */
511 public = key_new(KEY_RSA); 516 public = key_new(KEY_RSA1);
512 if (!load_public_key(identity_file, public, NULL)) { 517 if (!load_public_key(identity_file, public, NULL)) {
513 printf("%s is not a valid key file.\n", identity_file); 518 printf("%s is not a valid key file.\n", identity_file);
514 exit(1); 519 exit(1);
515 } 520 }
516 521
517 private = key_new(KEY_RSA); 522 private = key_new(KEY_RSA1);
518 if (load_private_key(identity_file, "", private, &comment)) 523 if (load_private_key(identity_file, "", private, &comment))
519 passphrase = xstrdup(""); 524 passphrase = xstrdup("");
520 else { 525 else {
@@ -583,7 +588,7 @@ do_change_comment(struct passwd *pw)
583void 588void
584usage(void) 589usage(void)
585{ 590{
586 printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname); 591 printf("Usage: %s [-lpqxXyc] [-t type] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
587 exit(1); 592 exit(1);
588} 593}
589 594
@@ -598,8 +603,10 @@ main(int ac, char **av)
598 int opt; 603 int opt;
599 struct stat st; 604 struct stat st;
600 FILE *f; 605 FILE *f;
606 int type = KEY_RSA1;
601 Key *private; 607 Key *private;
602 Key *public; 608 Key *public;
609
603 extern int optind; 610 extern int optind;
604 extern char *optarg; 611 extern char *optarg;
605 612
@@ -618,7 +625,7 @@ main(int ac, char **av)
618 exit(1); 625 exit(1);
619 } 626 }
620 627
621 while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) { 628 while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
622 switch (opt) { 629 switch (opt) {
623 case 'b': 630 case 'b':
624 bits = atoi(optarg); 631 bits = atoi(optarg);
@@ -662,10 +669,8 @@ main(int ac, char **av)
662 break; 669 break;
663 670
664 case 'R': 671 case 'R':
665 if (rsa_alive() == 0) 672 /* unused */
666 exit(1); 673 exit(0);
667 else
668 exit(0);
669 break; 674 break;
670 675
671 case 'x': 676 case 'x':
@@ -681,9 +686,15 @@ main(int ac, char **av)
681 break; 686 break;
682 687
683 case 'd': 688 case 'd':
689 key_type_name = "dsa";
684 dsa_mode = 1; 690 dsa_mode = 1;
685 break; 691 break;
686 692
693 case 't':
694 key_type_name = optarg;
695 dsa_mode = (strcmp(optarg, "dsa") == 0);
696 break;
697
687 case '?': 698 case '?':
688 default: 699 default:
689 usage(); 700 usage();
@@ -697,13 +708,6 @@ main(int ac, char **av)
697 printf("Can only have one of -p and -c.\n"); 708 printf("Can only have one of -p and -c.\n");
698 usage(); 709 usage();
699 } 710 }
700 /* check if RSA support is needed and exists */
701 if (dsa_mode == 0 && rsa_alive() == 0) {
702 fprintf(stderr,
703 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
704 __progname);
705 exit(1);
706 }
707 if (print_fingerprint) 711 if (print_fingerprint)
708 do_fingerprint(pw); 712 do_fingerprint(pw);
709 if (change_passphrase) 713 if (change_passphrase)
@@ -719,22 +723,21 @@ main(int ac, char **av)
719 723
720 arc4random_stir(); 724 arc4random_stir();
721 725
722 if (dsa_mode != 0) { 726 if (key_type_name != NULL) {
723 if (!quiet) 727 type = key_type_from_name(key_type_name);
724 printf("Generating DSA parameter and key.\n"); 728 if (type == KEY_UNSPEC) {
725 public = private = dsa_generate_key(bits); 729 fprintf(stderr, "unknown key type %s", key_type_name);
726 if (private == NULL) {
727 fprintf(stderr, "dsa_generate_keys failed");
728 exit(1); 730 exit(1);
729 } 731 }
730 } else {
731 if (quiet)
732 rsa_set_verbose(0);
733 /* Generate the rsa key pair. */
734 public = key_new(KEY_RSA);
735 private = key_new(KEY_RSA);
736 rsa_generate_key(private->rsa, public->rsa, bits);
737 } 732 }
733 if (!quiet)
734 printf("Generating public/private key pair.\n");
735 private = key_generate(type, bits);
736 if (private == NULL) {
737 fprintf(stderr, "key_generate failed");
738 exit(1);
739 }
740 public = key_from_private(private);
738 741
739 if (!have_identity) 742 if (!have_identity)
740 ask_filename(pw, "Enter file in which to save the key"); 743 ask_filename(pw, "Enter file in which to save the key");
@@ -803,9 +806,7 @@ passphrase_again:
803 xfree(passphrase1); 806 xfree(passphrase1);
804 807
805 /* Clear the private key and the random number generator. */ 808 /* Clear the private key and the random number generator. */
806 if (private != public) { 809 key_free(private);
807 key_free(private);
808 }
809 arc4random_stir(); 810 arc4random_stir();
810 811
811 if (!quiet) 812 if (!quiet)