=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.52 retrieving revision 1.61 diff -u -r1.52 -r1.61 --- src/usr.bin/ssh/ssh-keygen.c 2001/03/26 08:07:09 1.52 +++ src/usr.bin/ssh/ssh-keygen.c 2001/05/25 14:37:32 1.61 @@ -12,13 +12,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.61 2001/05/25 14:37:32 markus Exp $"); #include #include #include "xmalloc.h" #include "key.h" +#include "rsa.h" #include "authfile.h" #include "uuencode.h" #include "buffer.h" @@ -108,14 +109,17 @@ } Key * -try_load_pem_key(char *filename) +load_identity(char *filename) { char *pass; Key *prv; - prv = key_load_private(filename, "", NULL); + prv = key_load_private(filename, "", NULL); if (prv == NULL) { - pass = read_passphrase("Enter passphrase: ", 1); + if (identity_passphrase) + pass = xstrdup(identity_passphrase); + else + pass = read_passphrase("Enter passphrase: ", 1); prv = key_load_private(filename, pass, NULL); memset(pass, 0, strlen(pass)); xfree(pass); @@ -131,7 +135,7 @@ void do_convert_to_ssh2(struct passwd *pw) { - Key *prv; + Key *k; int len; u_char *blob; struct stat st; @@ -142,20 +146,21 @@ perror(identity_file); exit(1); } - prv = try_load_pem_key(identity_file); - if (prv == NULL) { - fprintf(stderr, "load failed\n"); - exit(1); + if ((k = key_load_public(identity_file, NULL)) == NULL) { + if ((k = load_identity(identity_file)) == NULL) { + fprintf(stderr, "load failed\n"); + exit(1); + } } - key_to_blob(prv, &blob, &len); + key_to_blob(k, &blob, &len); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); fprintf(stdout, "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", - key_size(prv), key_type(prv), + key_size(k), key_type(k), pw->pw_name, hostname); dump_base64(stdout, blob, len); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); - key_free(prv); + key_free(k); xfree(blob); exit(0); } @@ -165,8 +170,10 @@ { int bits = buffer_get_int(b); int bytes = (bits + 7) / 8; + if (buffer_len(b) < bytes) - fatal("buffer_get_bignum_bits: input buffer too small"); + fatal("buffer_get_bignum_bits: input buffer too small: " + "need %d have %d", bytes, buffer_len(b)); BN_bin2bn((u_char *)buffer_ptr(b), bytes, value); buffer_consume(b, bytes); } @@ -175,9 +182,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen) { Buffer b; - DSA *dsa; Key *key = NULL; - int ignore, magic, rlen; + int ignore, magic, rlen, ktype; char *type, *cipher; buffer_init(&b); @@ -195,33 +201,64 @@ ignore = buffer_get_int(&b); ignore = buffer_get_int(&b); ignore = buffer_get_int(&b); - xfree(type); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); xfree(cipher); buffer_free(&b); + xfree(type); return NULL; } xfree(cipher); - key = key_new(KEY_DSA); - dsa = key->dsa; - dsa->priv_key = BN_new(); - if (dsa->priv_key == NULL) { - error("alloc priv_key failed"); - key_free(key); + if (strstr(type, "dsa")) { + ktype = KEY_DSA; + } else if (strstr(type, "rsa")) { + ktype = KEY_RSA; + } else { + xfree(type); return NULL; } - buffer_get_bignum_bits(&b, dsa->p); - buffer_get_bignum_bits(&b, dsa->g); - buffer_get_bignum_bits(&b, dsa->q); - buffer_get_bignum_bits(&b, dsa->pub_key); - buffer_get_bignum_bits(&b, dsa->priv_key); + key = key_new_private(ktype); + xfree(type); + + switch (key->type) { + case KEY_DSA: + buffer_get_bignum_bits(&b, key->dsa->p); + buffer_get_bignum_bits(&b, key->dsa->g); + buffer_get_bignum_bits(&b, key->dsa->q); + buffer_get_bignum_bits(&b, key->dsa->pub_key); + buffer_get_bignum_bits(&b, key->dsa->priv_key); + break; + case KEY_RSA: + if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) { + buffer_free(&b); + key_free(key); + return NULL; + } + buffer_get_bignum_bits(&b, key->rsa->d); + buffer_get_bignum_bits(&b, key->rsa->n); + buffer_get_bignum_bits(&b, key->rsa->iqmp); + buffer_get_bignum_bits(&b, key->rsa->q); + buffer_get_bignum_bits(&b, key->rsa->p); + generate_additional_parameters(key->rsa); + break; + } rlen = buffer_len(&b); if(rlen != 0) - error("do_convert_private_ssh2_from_blob: remaining bytes in key blob %d", rlen); + error("do_convert_private_ssh2_from_blob: " + "remaining bytes in key blob %d", rlen); buffer_free(&b); +#ifdef DEBUG_PK + { + u_int slen; + u_char *sig, data[10] = "abcde12345"; + + key_sign(key, &sig, &slen, data, sizeof data); + key_verify(key, sig, slen, data, sizeof data); + xfree(sig); + } +#endif return key; } @@ -260,12 +297,12 @@ strstr(line, ": ") != NULL) { if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) private = 1; - fprintf(stderr, "ignore: %s", line); + /* fprintf(stderr, "ignore: %s", line); */ continue; } if (escaped) { escaped--; - fprintf(stderr, "escaped: %s", line); + /* fprintf(stderr, "escaped: %s", line); */ continue; } *p = '\0'; @@ -284,7 +321,9 @@ exit(1); } ok = private ? - PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : + (k->type == KEY_DSA ? + PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : + PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : key_write(k, stdout); if (!ok) { fprintf(stderr, "key write failed"); @@ -308,7 +347,7 @@ perror(identity_file); exit(1); } - prv = try_load_pem_key(identity_file); + prv = load_identity(identity_file); if (prv == NULL) { fprintf(stderr, "load failed\n"); exit(1); @@ -473,8 +512,7 @@ /* Save the file using the new passphrase. */ if (!key_save_private(private, identity_file, passphrase1, comment)) { - printf("Saving the key failed: %s: %s.\n", - identity_file, strerror(errno)); + printf("Saving the key failed: %s.\n", identity_file); memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); key_free(private); @@ -552,8 +590,7 @@ /* Save the file using the new passphrase. */ if (!key_save_private(private, identity_file, passphrase, new_comment)) { - printf("Saving the key failed: %s: %s.\n", - identity_file, strerror(errno)); + printf("Saving the key failed: %s.\n", identity_file); memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); key_free(private); @@ -591,7 +628,7 @@ void usage(void) { - printf("Usage: %s [-lBpqxXyc] [-t type] [-b bits] [-f file] [-C comment] " + printf("Usage: %s [-ceilpqyB] [-t type] [-b bits] [-f file] [-C comment] " "[-N new-pass] [-P pass]\n", __progname); exit(1); } @@ -625,7 +662,7 @@ exit(1); } - while ((opt = getopt(ac, av, "dqpclBRxXyb:f:t:P:N:C:")) != -1) { + while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:P:N:C:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -677,11 +714,15 @@ exit(0); break; + case 'e': case 'x': + /* export key */ convert_to_ssh2 = 1; break; + case 'i': case 'X': + /* import key */ convert_from_ssh2 = 1; break; @@ -795,8 +836,7 @@ /* Save the key with the given passphrase and comment. */ if (!key_save_private(private, identity_file, passphrase1, comment)) { - printf("Saving the key failed: %s: %s.\n", - identity_file, strerror(errno)); + printf("Saving the key failed: %s.\n", identity_file); memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); exit(1);