version 1.122.2.2, 2006/02/03 02:53:45 |
version 1.123, 2005/04/05 13:45:31 |
|
|
#endif |
#endif |
#include "dns.h" |
#include "dns.h" |
|
|
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
#define DEFAULT_BITS 2048 |
int bits = 1024; |
#define DEFAULT_BITS_DSA 1024 |
|
u_int32_t bits = 0; |
|
|
|
/* |
/* |
* Flag indicating that we just want to change the passphrase. This can be |
* Flag indicating that we just want to change the passphrase. This can be |
|
|
char hostname[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN]; |
|
|
/* moduli.c */ |
/* moduli.c */ |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
int gen_candidates(FILE *, int, int, BIGNUM *); |
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); |
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); |
|
|
static void |
static void |
|
|
fprintf(stderr, "WARNING: %s contains unhashed " |
fprintf(stderr, "WARNING: %s contains unhashed " |
"entries\n", old); |
"entries\n", old); |
fprintf(stderr, "Delete this file to ensure privacy " |
fprintf(stderr, "Delete this file to ensure privacy " |
"of hostnames\n"); |
"of hostnames\n"); |
} |
} |
} |
} |
|
|
|
|
Key *private, *public; |
Key *private, *public; |
struct passwd *pw; |
struct passwd *pw; |
struct stat st; |
struct stat st; |
int opt, type, fd, download = 0; |
int opt, type, fd, download = 0, memory = 0; |
u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
int generator_wanted = 0, trials = 100; |
int do_gen_candidates = 0, do_screen_candidates = 0; |
int do_gen_candidates = 0, do_screen_candidates = 0; |
int log_level = SYSLOG_LEVEL_INFO; |
int log_level = SYSLOG_LEVEL_INFO; |
BIGNUM *start = NULL; |
BIGNUM *start = NULL; |
FILE *f; |
FILE *f; |
const char *errstr; |
|
|
|
extern int optind; |
extern int optind; |
extern char *optarg; |
extern char *optarg; |
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
sanitise_stdfd(); |
|
|
|
SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
|
|
|
|
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
switch (opt) { |
switch (opt) { |
case 'b': |
case 'b': |
bits = strtonum(optarg, 768, 32768, &errstr); |
bits = atoi(optarg); |
if (errstr) |
if (bits < 512 || bits > 32768) { |
fatal("Bits has bad value %s (%s)", |
printf("Bits has bad value.\n"); |
optarg, errstr); |
exit(1); |
|
} |
break; |
break; |
case 'F': |
case 'F': |
find_host = 1; |
find_host = 1; |
|
|
change_comment = 1; |
change_comment = 1; |
break; |
break; |
case 'f': |
case 'f': |
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= |
strlcpy(identity_file, optarg, sizeof(identity_file)); |
sizeof(identity_file)) |
|
fatal("Identity filename too long"); |
|
have_identity = 1; |
have_identity = 1; |
break; |
break; |
case 'g': |
case 'g': |
|
|
rr_hostname = optarg; |
rr_hostname = optarg; |
break; |
break; |
case 'W': |
case 'W': |
generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); |
generator_wanted = atoi(optarg); |
if (errstr) |
if (generator_wanted < 1) |
fatal("Desired generator has bad value: %s (%s)", |
fatal("Desired generator has bad value."); |
optarg, errstr); |
|
break; |
break; |
case 'a': |
case 'a': |
trials = strtonum(optarg, 1, UINT_MAX, &errstr); |
trials = atoi(optarg); |
if (errstr) |
|
fatal("Invalid number of trials: %s (%s)", |
|
optarg, errstr); |
|
break; |
break; |
case 'M': |
case 'M': |
memory = strtonum(optarg, 1, UINT_MAX, &errstr); |
memory = atoi(optarg); |
if (errstr) { |
|
fatal("Memory limit is %s: %s", errstr, optarg); |
|
} |
|
break; |
break; |
case 'G': |
case 'G': |
do_gen_candidates = 1; |
do_gen_candidates = 1; |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
strlcpy(out_file, optarg, sizeof(out_file)); |
sizeof(out_file)) |
|
fatal("Output filename too long"); |
|
break; |
break; |
case 'T': |
case 'T': |
do_screen_candidates = 1; |
do_screen_candidates = 1; |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
strlcpy(out_file, optarg, sizeof(out_file)); |
sizeof(out_file)) |
|
fatal("Output filename too long"); |
|
break; |
break; |
case 'S': |
case 'S': |
/* XXX - also compare length against bits */ |
/* XXX - also compare length against bits */ |
|
|
out_file, strerror(errno)); |
out_file, strerror(errno)); |
return (1); |
return (1); |
} |
} |
if (bits == 0) |
|
bits = DEFAULT_BITS; |
|
if (gen_candidates(out, memory, bits, start) != 0) |
if (gen_candidates(out, memory, bits, start) != 0) |
fatal("modulus candidate generation failed"); |
fatal("modulus candidate generation failed\n"); |
|
|
return (0); |
return (0); |
} |
} |
|
|
out_file, strerror(errno)); |
out_file, strerror(errno)); |
} |
} |
if (prime_test(in, out, trials, generator_wanted) != 0) |
if (prime_test(in, out, trials, generator_wanted) != 0) |
fatal("modulus screening failed"); |
fatal("modulus screening failed\n"); |
return (0); |
return (0); |
} |
} |
|
|
arc4random_stir(); |
arc4random_stir(); |
|
|
if (key_type_name == NULL) |
if (key_type_name == NULL) { |
key_type_name = "rsa"; |
printf("You must specify a key type (-t).\n"); |
|
usage(); |
|
} |
type = key_type_from_name(key_type_name); |
type = key_type_from_name(key_type_name); |
if (type == KEY_UNSPEC) { |
if (type == KEY_UNSPEC) { |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
exit(1); |
exit(1); |
} |
} |
if (bits == 0) |
|
bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; |
|
if (type == KEY_DSA && bits != 1024) |
|
fatal("DSA keys must be 1024 bits"); |
|
if (!quiet) |
if (!quiet) |
printf("Generating public/private %s key pair.\n", key_type_name); |
printf("Generating public/private %s key pair.\n", key_type_name); |
private = key_generate(type, bits); |
private = key_generate(type, bits); |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which to save the key"); |
ask_filename(pw, "Enter file in which to save the key"); |
|
|
/* Create ~/.ssh directory if it doesn't already exist. */ |
/* Create ~/.ssh directory if it doesn\'t already exist. */ |
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); |
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); |
if (strstr(identity_file, dotsshdir) != NULL && |
if (strstr(identity_file, dotsshdir) != NULL && |
stat(dotsshdir, &st) < 0) { |
stat(dotsshdir, &st) < 0) { |