version 1.250, 2014/08/21 01:08:52 |
version 1.251, 2014/12/21 22:27:56 |
|
|
#include "ssh2.h" |
#include "ssh2.h" |
#include "atomicio.h" |
#include "atomicio.h" |
#include "krl.h" |
#include "krl.h" |
|
#include "digest.h" |
|
|
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
#include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
|
|
int print_fingerprint = 0; |
int print_fingerprint = 0; |
int print_bubblebabble = 0; |
int print_bubblebabble = 0; |
|
|
|
/* Hash algorithm to use for fingerprints. */ |
|
int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
|
|
/* The identity file name, given on the command line or entered by the user. */ |
/* The identity file name, given on the command line or entered by the user. */ |
char identity_file[1024]; |
char identity_file[1024]; |
int have_identity = 0; |
int have_identity = 0; |
|
|
Key **keys = NULL; |
Key **keys = NULL; |
int i, nkeys; |
int i, nkeys; |
enum fp_rep rep; |
enum fp_rep rep; |
enum fp_type fptype; |
int fptype; |
char *fp, *ra; |
char *fp, *ra; |
|
|
fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
|
|
pkcs11_init(0); |
pkcs11_init(0); |
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
|
|
for (i = 0; i < nkeys; i++) { |
for (i = 0; i < nkeys; i++) { |
if (print_fingerprint) { |
if (print_fingerprint) { |
fp = key_fingerprint(keys[i], fptype, rep); |
fp = key_fingerprint(keys[i], fptype, rep); |
ra = key_fingerprint(keys[i], SSH_FP_MD5, |
ra = key_fingerprint(keys[i], fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), |
printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), |
fp, key_type(keys[i])); |
fp, key_type(keys[i])); |
|
|
char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; |
char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; |
int i, skip = 0, num = 0, invalid = 1; |
int i, skip = 0, num = 0, invalid = 1; |
enum fp_rep rep; |
enum fp_rep rep; |
enum fp_type fptype; |
int fptype; |
struct stat st; |
struct stat st; |
|
|
fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
if (stat(identity_file, &st) < 0) { |
if (stat(identity_file, &st) < 0) { |
|
|
public = key_load_public(identity_file, &comment); |
public = key_load_public(identity_file, &comment); |
if (public != NULL) { |
if (public != NULL) { |
fp = key_fingerprint(public, fptype, rep); |
fp = key_fingerprint(public, fptype, rep); |
ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); |
ra = key_fingerprint(public, fingerprint_hash, |
|
SSH_FP_RANDOMART); |
printf("%u %s %s (%s)\n", key_size(public), fp, comment, |
printf("%u %s %s (%s)\n", key_size(public), fp, comment, |
key_type(public)); |
key_type(public)); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
} |
} |
comment = *cp ? cp : comment; |
comment = *cp ? cp : comment; |
fp = key_fingerprint(public, fptype, rep); |
fp = key_fingerprint(public, fptype, rep); |
ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); |
ra = key_fingerprint(public, fingerprint_hash, |
|
SSH_FP_RANDOMART); |
printf("%u %s %s (%s)\n", key_size(public), fp, |
printf("%u %s %s (%s)\n", key_size(public), fp, |
comment ? comment : "no comment", key_type(public)); |
comment ? comment : "no comment", key_type(public)); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
{ |
{ |
if (print_fingerprint) { |
if (print_fingerprint) { |
enum fp_rep rep; |
enum fp_rep rep; |
enum fp_type fptype; |
int fptype; |
char *fp, *ra; |
char *fp, *ra; |
|
|
fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
fptype = print_bubblebabble ? |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
SSH_DIGEST_SHA1 : fingerprint_hash; |
|
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
fp = key_fingerprint(public, fptype, rep); |
fp = key_fingerprint(public, fptype, rep); |
ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); |
ra = key_fingerprint(public, fingerprint_hash, |
|
SSH_FP_RANDOMART); |
printf("%u %s %s (%s)\n", key_size(public), fp, name, |
printf("%u %s %s (%s)\n", key_size(public), fp, name, |
key_type(public)); |
key_type(public)); |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
fatal("%s is not a certificate", identity_file); |
fatal("%s is not a certificate", identity_file); |
v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; |
v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; |
|
|
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
key_fp = key_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
ca_fp = key_fingerprint(key->cert->signature_key, |
ca_fp = key_fingerprint(key->cert->signature_key, |
SSH_FP_MD5, SSH_FP_HEX); |
fingerprint_hash, SSH_FP_DEFAULT); |
|
|
printf("%s:\n", identity_file); |
printf("%s:\n", identity_file); |
printf(" Type: %s %s certificate\n", key_ssh_name(key), |
printf(" Type: %s %s certificate\n", key_ssh_name(key), |
|
|
" ssh-keygen -e [-m key_format] [-f input_keyfile]\n" |
" ssh-keygen -e [-m key_format] [-f input_keyfile]\n" |
" ssh-keygen -y [-f input_keyfile]\n" |
" ssh-keygen -y [-f input_keyfile]\n" |
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
" ssh-keygen -l [-f input_keyfile]\n" |
" ssh-keygen -l [-E fingerprint_hash] [-f input_keyfile]\n" |
" ssh-keygen -B [-f input_keyfile]\n"); |
" ssh-keygen -B [-f input_keyfile]\n"); |
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
fprintf(stderr, |
fprintf(stderr, |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
/* Remaining characters: EUYdw */ |
/* Remaining characters: UYdw */ |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
"C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" |
|
"a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
switch (opt) { |
switch (opt) { |
case 'A': |
case 'A': |
gen_all_hostkeys = 1; |
gen_all_hostkeys = 1; |
|
|
fatal("Bits has bad value %s (%s)", |
fatal("Bits has bad value %s (%s)", |
optarg, errstr); |
optarg, errstr); |
break; |
break; |
|
case 'E': |
|
fingerprint_hash = ssh_digest_alg_by_name(optarg); |
|
if (fingerprint_hash == -1) |
|
fatal("Invalid hash algorithm \"%s\"", optarg); |
|
break; |
case 'F': |
case 'F': |
find_host = 1; |
find_host = 1; |
rr_hostname = optarg; |
rr_hostname = optarg; |
|
|
fclose(f); |
fclose(f); |
|
|
if (!quiet) { |
if (!quiet) { |
char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); |
char *fp = key_fingerprint(public, fingerprint_hash, |
char *ra = key_fingerprint(public, SSH_FP_MD5, |
SSH_FP_DEFAULT); |
|
char *ra = key_fingerprint(public, fingerprint_hash, |
SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
printf("Your public key has been saved in %s.\n", |
printf("Your public key has been saved in %s.\n", |
identity_file); |
identity_file); |