1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-08 08:58:00 +00:00

cmdgen: support configurable key fingerprint type.

I've added the -E option, similar to ssh-keygen's, and cgtest checks
it against the OpenSSH version to ensure they match.
This commit is contained in:
Simon Tatham 2021-03-13 09:57:02 +00:00
parent 1da353e649
commit ef5540c185
2 changed files with 50 additions and 27 deletions

View File

@ -371,7 +371,7 @@ int main(int argc, char **argv)
char filename[128], osfilename[128], scfilename[128];
char pubfilename[128], tmpfilename1[128], tmpfilename2[128];
char *fp = NULL;
char *fps[SSH_N_FPTYPES];
sprintf(filename, "test-%s.ppk", keytype->name);
sprintf(pubfilename, "test-%s.pub", keytype->name);
@ -391,13 +391,14 @@ int main(int argc, char **argv)
*/
setup_passphrases(NULL);
test(0, "puttygen", "-L", filename, "-o", pubfilename, NULL);
{
for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++) {
const char *fpname = (fptype == SSH_FPTYPE_MD5 ? "md5" : "sha256");
char *cmdbuf;
fp = NULL;
cmdbuf = dupprintf("ssh-keygen -E md5 -l -f '%s' > '%s'",
pubfilename, tmpfilename1);
char *fp = NULL;
cmdbuf = dupprintf("ssh-keygen -E %s -l -f '%s' > '%s'",
fpname, pubfilename, tmpfilename1);
if (cgtest_verbose)
printf("OpenSSH fp check: %s\n", cmdbuf);
printf("OpenSSH %s fp check: %s\n", fpname, cmdbuf);
if (system(cmdbuf) ||
(fp = get_fp(tmpfilename1,
CGT_SSH_KEYGEN | keytype->flags)) == NULL) {
@ -407,10 +408,11 @@ int main(int argc, char **argv)
sfree(cmdbuf);
if (fp && cgtest_verbose) {
char *line = get_line(tmpfilename1);
printf("OpenSSH fp: %s\n", line);
printf("OpenSSH %s fp: %s\n", fpname, line);
printf("Cleaned up: %s\n", fp);
sfree(line);
}
fps[fptype] = fp;
}
/*
@ -423,17 +425,22 @@ int main(int argc, char **argv)
* List the fingerprint of the key.
*/
setup_passphrases(NULL);
test(0, "puttygen", "-l", filename, "-o", tmpfilename1, NULL);
if (!fp) {
/*
* If we can't test fingerprints against OpenSSH, we
* can at the very least test equality of all the
* fingerprints we generate of this key throughout
* testing.
*/
fp = get_fp(tmpfilename1, 0);
} else {
check_fp(tmpfilename1, fp, "%s initial fp", keytype->name);
for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++) {
const char *fpname = (fptype == SSH_FPTYPE_MD5 ? "md5" : "sha256");
test(0, "puttygen", "-E", fpname, "-l", filename,
"-o", tmpfilename1, NULL);
if (!fps[fptype]) {
/*
* If we can't test fingerprints against OpenSSH, we
* can at the very least test equality of all the
* fingerprints we generate of this key throughout
* testing.
*/
fps[fptype] = get_fp(tmpfilename1, 0);
} else {
check_fp(tmpfilename1, fps[fptype], "%s initial %s fp",
keytype->name, fpname);
}
}
/*
@ -486,7 +493,8 @@ int main(int argc, char **argv)
*/
setup_passphrases(NULL);
test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s openssh clear fp", keytype->name);
check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s openssh clear fp", keytype->name);
/*
* List the public half of the OpenSSH-formatted key in
@ -518,7 +526,8 @@ int main(int argc, char **argv)
*/
setup_passphrases(NULL);
test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s ssh.com clear fp", keytype->name);
check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s ssh.com clear fp", keytype->name);
/*
* List the public half of the ssh.com-formatted key in
@ -630,8 +639,8 @@ int main(int argc, char **argv)
*/
setup_passphrases("sponge2", NULL);
test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s openssh encrypted fp",
keytype->name);
check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s openssh encrypted fp", keytype->name);
/*
* List the public half of the OpenSSH-formatted key in
@ -671,8 +680,8 @@ int main(int argc, char **argv)
*/
setup_passphrases("sponge2", NULL);
test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s ssh.com encrypted fp",
keytype->name);
check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s ssh.com encrypted fp", keytype->name);
/*
* List the public half of the ssh.com-formatted key in
@ -762,7 +771,8 @@ int main(int argc, char **argv)
setup_passphrases(NULL);
test(1, "puttygen", "-C", "spurious-new-comment", pubfilename, NULL);
sfree(fp);
for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++)
sfree(fps[fptype]);
if (remove_files) {
remove(filename);

View File

@ -244,6 +244,7 @@ int main(int argc, char **argv)
const PrimeGenerationPolicy *primegen = &primegen_probabilistic;
bool strong_rsa = false;
ppk_save_parameters params = ppk_save_default_parameters;
FingerprintType fptype = SSH_FPTYPE_DEFAULT;
if (is_interactive())
progress_fp = stderr;
@ -507,6 +508,7 @@ int main(int argc, char **argv)
case 'C':
case 'O':
case 'o':
case 'E':
/*
* Option requiring parameter.
*/
@ -575,6 +577,17 @@ int main(int argc, char **argv)
case 'o':
outfile = p;
break;
case 'E':
if (!strcmp(p, "md5"))
fptype = SSH_FPTYPE_MD5;
else if (!strcmp(p, "sha256"))
fptype = SSH_FPTYPE_SHA256;
else {
fprintf(stderr, "puttygen: unknown fingerprint "
"type `%s'\n", p);
errs = true;
}
break;
}
p = NULL; /* prevent continued processing */
break;
@ -1182,11 +1195,11 @@ int main(int argc, char **argv)
fingerprint = rsa_ssh1_fingerprint(ssh1key);
} else {
if (ssh2key) {
fingerprint = ssh2_fingerprint(ssh2key->key, SSH_FPTYPE_DEFAULT);
fingerprint = ssh2_fingerprint(ssh2key->key, fptype);
} else {
assert(ssh2blob);
fingerprint = ssh2_fingerprint_blob(
ptrlen_from_strbuf(ssh2blob), SSH_FPTYPE_DEFAULT);
ptrlen_from_strbuf(ssh2blob), fptype);
}
}