src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.82.2.4 and 1.84

version 1.82.2.4, 2002/06/22 07:23:18

version 1.84, 2001/11/17 19:14:34

Line 29

#include "readpass.h"

#ifdef SMARTCARD

#include <sectok.h>

#include <openssl/engine.h>

#include "scard.h"

#endif

Line 71

Line 73

int convert_from_ssh2 = 0;

int print_public = 0;

char *key_type_name = NULL;

/* default to RSA for SSH-1 */

char *key_type_name = "rsa1";

/* argv0 */

extern char *__progname;

Line 84

Line 87

char buf[1024];

char *name = NULL;

if (key_type_name == NULL)

switch (key_type_from_name(key_type_name)) {

case KEY_RSA1:

name = _PATH_SSH_CLIENT_IDENTITY;

break;

case KEY_DSA:

name = _PATH_SSH_CLIENT_ID_DSA;

break;

case KEY_RSA:

name = _PATH_SSH_CLIENT_ID_RSA;

else

break;

switch (key_type_from_name(key_type_name)) {

default:

case KEY_RSA1:

fprintf(stderr, "bad key type");

name = _PATH_SSH_CLIENT_IDENTITY;

exit(1);

break;

case KEY_DSA:

}

name = _PATH_SSH_CLIENT_ID_DSA;

break;

case KEY_RSA:

name = _PATH_SSH_CLIENT_ID_RSA;

break;

default:

fprintf(stderr, "bad key type");

exit(1);

break;

}

snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);

fprintf(stderr, "%s (%s): ", prompt, identity_file);

fflush(stderr);

Line 136

Line 135

}

#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"

#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"

#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"

#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb

Line 144

Line 143

do_convert_to_ssh2(struct passwd *pw)

{

Key *k;

u_int len;

int len;

u_char *blob;

struct stat st;

Line 185

Line 184

if (buffer_len(b) < bytes)

fatal("buffer_get_bignum_bits: input buffer too small: "

"need %d have %d", bytes, buffer_len(b));

BN_bin2bn(buffer_ptr(b), bytes, value);

BN_bin2bn((u_char *)buffer_ptr(b), bytes, value);

buffer_consume(b, bytes);

}

static Key *

do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)

do_convert_private_ssh2_from_blob(u_char *blob, int blen)

{

Buffer b;

Key *key = NULL;

Line 269

Line 268

break;

}

rlen = buffer_len(&b);

if (rlen != 0)

if(rlen != 0)

error("do_convert_private_ssh2_from_blob: "

"remaining bytes in key blob %d", rlen);

buffer_free(&b);

Line 286

Line 285

{

Key *k;

int blen;

u_int len;

char line[1024], *p;

u_char blob[8096];

char encoded[8096];

Line 331

Line 329

*p = '\0';

strlcat(encoded, line, sizeof(encoded));

}

len = strlen(encoded);

blen = uudecode(encoded, (u_char *)blob, sizeof(blob));

if (((len % 4) == 3) &&

(encoded[len-1] == '=') &&

(encoded[len-2] == '=') &&

(encoded[len-3] == '='))

encoded[len-3] = '\0';

blen = uudecode(encoded, blob, sizeof(blob));

if (blen < 0) {

fprintf(stderr, "uudecode failed.\n");

exit(1);

Line 359

Line 351

exit(1);

}

key_free(k);

if (!private)

fprintf(stdout, "\n");

fclose(fp);

exit(0);

}

Line 390

Line 381

}

#ifdef SMARTCARD

#define NUM_RSA_KEY_ELEMENTS 5+1

#define COPY_RSA_KEY(x, i) \

do { \

len = BN_num_bytes(prv->rsa->x); \

elements[i] = xmalloc(len); \

debug("#bytes %d", len); \

if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \

goto done; \

} while(0)

static int

get_AUT0(char *aut0)

{

EVP_MD *evp_md = EVP_sha1();

EVP_MD_CTX md;

char *pass;

pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);

if (pass == NULL)

return -1;

EVP_DigestInit(&md, evp_md);

EVP_DigestUpdate(&md, pass, strlen(pass));

EVP_DigestFinal(&md, aut0, NULL);

memset(pass, 0, strlen(pass));

xfree(pass);

return 0;

}

static void

do_upload(struct passwd *pw, const char *sc_reader_id)

{

Key *prv = NULL;

struct stat st;

int ret;

u_char *elements[NUM_RSA_KEY_ELEMENTS];

u_char key_fid[2];

u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};

u_char AUT0[EVP_MAX_MD_SIZE];

int len, status = 1, i, fd = -1, ret;

int sw = 0, cla = 0x00;

for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)

elements[i] = NULL;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

if (stat(identity_file, &st) < 0) {

perror(identity_file);

exit(1);

goto done;

}

prv = load_identity(identity_file);

if (prv == NULL) {

error("load failed");

exit(1);

goto done;

}

ret = sc_put_key(prv, sc_reader_id);

COPY_RSA_KEY(q, 0);

key_free(prv);

COPY_RSA_KEY(p, 1);

if (ret < 0)

COPY_RSA_KEY(iqmp, 2);

exit(1);

COPY_RSA_KEY(dmq1, 3);

COPY_RSA_KEY(dmp1, 4);

COPY_RSA_KEY(n, 5);

len = BN_num_bytes(prv->rsa->n);

fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);

if (fd < 0) {

error("sectok_open failed: %s", sectok_get_sw(sw));

goto done;

}

if (! sectok_cardpresent(fd)) {

error("smartcard in reader %s not present",

sc_reader_id);

goto done;

}

ret = sectok_reset(fd, 0, NULL, &sw);

if (ret <= 0) {

error("sectok_reset failed: %s", sectok_get_sw(sw));

goto done;

}

if ((cla = cyberflex_inq_class(fd)) < 0) {

error("cyberflex_inq_class failed");

goto done;

}

memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));

if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {

if (get_AUT0(AUT0) < 0 ||

cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {

error("cyberflex_verify_AUT0 failed");

goto done;

}

key_fid[0] = 0x00;

key_fid[1] = 0x12;

if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,

&sw) < 0) {

error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));

goto done;

}

if (!sectok_swOK(sw))

goto done;

log("cyberflex_load_rsa_priv done");

key_fid[0] = 0x73;

key_fid[1] = 0x68;

if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],

&sw) < 0) {

error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));

goto done;

}

if (!sectok_swOK(sw))

goto done;

log("cyberflex_load_rsa_pub done");

status = 0;

log("loading key done");

exit(0);

done:

memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));

memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));

memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));

memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));

memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));

memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));

if (prv)

key_free(prv);

for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)

if (elements[i])

xfree(elements[i]);

if (fd != -1)

sectok_close(fd);

exit(status);

}

static void

do_download(struct passwd *pw, const char *sc_reader_id)

{

Key **keys = NULL;

Key *pub = NULL;

int i;

keys = sc_get_keys(sc_reader_id, NULL);

pub = sc_get_key(sc_reader_id);

if (keys == NULL)

if (pub == NULL)

fatal("cannot read public key from smartcard");

for (i = 0; keys[i]; i++) {

key_write(pub, stdout);

key_write(keys[i], stdout);

key_free(pub);

key_free(keys[i]);

fprintf(stdout, "\n");

}

xfree(keys);

exit(0);

}

#endif /* SMARTCARD */

Line 577

Line 666

read_passphrase("Enter new passphrase (empty for no "

"passphrase): ", RP_ALLOW_STDIN);

passphrase2 = read_passphrase("Enter same passphrase again: ",

RP_ALLOW_STDIN);

/* Verify that they are the same. */

if (strcmp(passphrase1, passphrase2) != 0) {

Line 655

Line 744

fprintf(stderr, "Comments are only supported for RSA1 keys.\n");

key_free(private);

exit(1);

}

printf("Key now has comment '%s'\n", comment);

if (identity_comment) {

Line 742

Line 831

int

main(int ac, char **av)

{

char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;

char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;

char *reader_id = NULL;

Key *private, *public;

struct passwd *pw;

Line 869

Line 958

arc4random_stir();

if (key_type_name == NULL) {

printf("You must specify a key type (-t).\n");

usage();

}

type = key_type_from_name(key_type_name);

if (type == KEY_UNSPEC) {

fprintf(stderr, "unknown key type %s\n", key_type_name);