| version 1.356, 2019/10/16 06:03:30 |
version 1.357, 2019/10/31 21:17:09 |
|
|
| #include "utf8.h" |
#include "utf8.h" |
| #include "authfd.h" |
#include "authfd.h" |
| #include "sshsig.h" |
#include "sshsig.h" |
| |
#include "ssh-sk.h" |
| |
#include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */ |
| |
|
| #ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
| #include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
|
|
| /* Load key from this PKCS#11 provider */ |
/* Load key from this PKCS#11 provider */ |
| static char *pkcs11provider = NULL; |
static char *pkcs11provider = NULL; |
| |
|
| |
/* FIDO/U2F provider to use */ |
| |
static char *sk_provider = NULL; |
| |
|
| /* Format for writing private keys */ |
/* Format for writing private keys */ |
| static int private_key_format = SSHKEY_PRIVATE_OPENSSH; |
static int private_key_format = SSHKEY_PRIVATE_OPENSSH; |
| |
|
|
|
| case KEY_ECDSA: |
case KEY_ECDSA: |
| name = _PATH_SSH_CLIENT_ID_ECDSA; |
name = _PATH_SSH_CLIENT_ID_ECDSA; |
| break; |
break; |
| |
case KEY_ECDSA_SK_CERT: |
| |
case KEY_ECDSA_SK: |
| |
name = _PATH_SSH_CLIENT_ID_ECDSA_SK; |
| |
break; |
| case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
| case KEY_RSA: |
case KEY_RSA: |
| name = _PATH_SSH_CLIENT_ID_RSA; |
name = _PATH_SSH_CLIENT_ID_RSA; |
|
|
| int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
| int prefer_agent = 0, convert_to = 0, convert_from = 0; |
int prefer_agent = 0, convert_to = 0, convert_from = 0; |
| int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; |
int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; |
| unsigned long long cert_serial = 0; |
unsigned long long ull, cert_serial = 0; |
| char *identity_comment = NULL, *ca_key_path = NULL; |
char *identity_comment = NULL, *ca_key_path = NULL; |
| u_int32_t bits = 0; |
u_int32_t bits = 0; |
| |
uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD; |
| FILE *f; |
FILE *f; |
| const char *errstr; |
const char *errstr; |
| int log_level = SYSLOG_LEVEL_INFO; |
int log_level = SYSLOG_LEVEL_INFO; |
|
|
| if (gethostname(hostname, sizeof(hostname)) == -1) |
if (gethostname(hostname, sizeof(hostname)) == -1) |
| fatal("gethostname: %s", strerror(errno)); |
fatal("gethostname: %s", strerror(errno)); |
| |
|
| /* Remaining characters: dw */ |
sk_provider = getenv("SSH_SK_PROVIDER"); |
| |
|
| |
/* Remaining character: d */ |
| while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" |
while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" |
| "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:" |
"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:" |
| "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
"a:b:f:g:j:m:n:r:s:t:w:x:z:")) != -1) { |
| switch (opt) { |
switch (opt) { |
| case 'A': |
case 'A': |
| gen_all_hostkeys = 1; |
gen_all_hostkeys = 1; |
|
|
| quiet = 1; |
quiet = 1; |
| break; |
break; |
| case 'e': |
case 'e': |
| case 'x': |
|
| /* export key */ |
/* export key */ |
| convert_to = 1; |
convert_to = 1; |
| break; |
break; |
|
|
| break; |
break; |
| case 'Y': |
case 'Y': |
| sign_op = optarg; |
sign_op = optarg; |
| |
case 'w': |
| |
sk_provider = optarg; |
| break; |
break; |
| |
case 'x': |
| |
if (*optarg == '\0') |
| |
fatal("Missing security key flags"); |
| |
ull = strtoull(optarg, &ep, 0); |
| |
if (*ep != '\0') |
| |
fatal("Security key flags \"%s\" is not a " |
| |
"number", optarg); |
| |
if (ull > 0xff) |
| |
fatal("Invalid security key flags 0x%llx", ull); |
| |
sk_flags = (uint8_t)ull; |
| |
break; |
| case 'z': |
case 'z': |
| errno = 0; |
errno = 0; |
| if (*optarg == '+') { |
if (*optarg == '+') { |
|
|
| if (!quiet) |
if (!quiet) |
| printf("Generating public/private %s key pair.\n", |
printf("Generating public/private %s key pair.\n", |
| key_type_name); |
key_type_name); |
| if ((r = sshkey_generate(type, bits, &private)) != 0) |
if (type == KEY_ECDSA_SK) { |
| |
if (sshsk_enroll(sk_provider, |
| |
cert_key_id == NULL ? "ssh:" : cert_key_id, |
| |
sk_flags, NULL, &private, NULL) != 0) |
| |
exit(1); /* error message already printed */ |
| |
} else if ((r = sshkey_generate(type, bits, &private)) != 0) |
| fatal("sshkey_generate failed"); |
fatal("sshkey_generate failed"); |
| if ((r = sshkey_from_private(private, &public)) != 0) |
if ((r = sshkey_from_private(private, &public)) != 0) |
| fatal("sshkey_from_private failed: %s\n", ssh_err(r)); |
fatal("sshkey_from_private failed: %s\n", ssh_err(r)); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh