1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 09:27:59 +00:00

cmdgen: support configurable key fingerprint type.

I've added the -E option, similar to ssh-keygen's, and cgtest checks
it against the OpenSSH version to ensure they match.
This commit is contained in:
Simon Tatham 2021-03-13 09:57:02 +00:00
parent 1da353e649
commit ef5540c185
2 changed files with 50 additions and 27 deletions

View File

@ -371,7 +371,7 @@ int main(int argc, char **argv)
char filename[128], osfilename[128], scfilename[128]; char filename[128], osfilename[128], scfilename[128];
char pubfilename[128], tmpfilename1[128], tmpfilename2[128]; char pubfilename[128], tmpfilename1[128], tmpfilename2[128];
char *fp = NULL; char *fps[SSH_N_FPTYPES];
sprintf(filename, "test-%s.ppk", keytype->name); sprintf(filename, "test-%s.ppk", keytype->name);
sprintf(pubfilename, "test-%s.pub", keytype->name); sprintf(pubfilename, "test-%s.pub", keytype->name);
@ -391,13 +391,14 @@ int main(int argc, char **argv)
*/ */
setup_passphrases(NULL); setup_passphrases(NULL);
test(0, "puttygen", "-L", filename, "-o", pubfilename, NULL); test(0, "puttygen", "-L", filename, "-o", pubfilename, NULL);
{ for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++) {
const char *fpname = (fptype == SSH_FPTYPE_MD5 ? "md5" : "sha256");
char *cmdbuf; char *cmdbuf;
fp = NULL; char *fp = NULL;
cmdbuf = dupprintf("ssh-keygen -E md5 -l -f '%s' > '%s'", cmdbuf = dupprintf("ssh-keygen -E %s -l -f '%s' > '%s'",
pubfilename, tmpfilename1); fpname, pubfilename, tmpfilename1);
if (cgtest_verbose) if (cgtest_verbose)
printf("OpenSSH fp check: %s\n", cmdbuf); printf("OpenSSH %s fp check: %s\n", fpname, cmdbuf);
if (system(cmdbuf) || if (system(cmdbuf) ||
(fp = get_fp(tmpfilename1, (fp = get_fp(tmpfilename1,
CGT_SSH_KEYGEN | keytype->flags)) == NULL) { CGT_SSH_KEYGEN | keytype->flags)) == NULL) {
@ -407,10 +408,11 @@ int main(int argc, char **argv)
sfree(cmdbuf); sfree(cmdbuf);
if (fp && cgtest_verbose) { if (fp && cgtest_verbose) {
char *line = get_line(tmpfilename1); char *line = get_line(tmpfilename1);
printf("OpenSSH fp: %s\n", line); printf("OpenSSH %s fp: %s\n", fpname, line);
printf("Cleaned up: %s\n", fp); printf("Cleaned up: %s\n", fp);
sfree(line); sfree(line);
} }
fps[fptype] = fp;
} }
/* /*
@ -423,17 +425,22 @@ int main(int argc, char **argv)
* List the fingerprint of the key. * List the fingerprint of the key.
*/ */
setup_passphrases(NULL); setup_passphrases(NULL);
test(0, "puttygen", "-l", filename, "-o", tmpfilename1, NULL); for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++) {
if (!fp) { const char *fpname = (fptype == SSH_FPTYPE_MD5 ? "md5" : "sha256");
/* test(0, "puttygen", "-E", fpname, "-l", filename,
* If we can't test fingerprints against OpenSSH, we "-o", tmpfilename1, NULL);
* can at the very least test equality of all the if (!fps[fptype]) {
* fingerprints we generate of this key throughout /*
* testing. * If we can't test fingerprints against OpenSSH, we
*/ * can at the very least test equality of all the
fp = get_fp(tmpfilename1, 0); * fingerprints we generate of this key throughout
} else { * testing.
check_fp(tmpfilename1, fp, "%s initial fp", keytype->name); */
fps[fptype] = get_fp(tmpfilename1, 0);
} else {
check_fp(tmpfilename1, fps[fptype], "%s initial %s fp",
keytype->name, fpname);
}
} }
/* /*
@ -486,7 +493,8 @@ int main(int argc, char **argv)
*/ */
setup_passphrases(NULL); setup_passphrases(NULL);
test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL); test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s openssh clear fp", keytype->name); check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s openssh clear fp", keytype->name);
/* /*
* List the public half of the OpenSSH-formatted key in * List the public half of the OpenSSH-formatted key in
@ -518,7 +526,8 @@ int main(int argc, char **argv)
*/ */
setup_passphrases(NULL); setup_passphrases(NULL);
test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL); test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s ssh.com clear fp", keytype->name); check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
"%s ssh.com clear fp", keytype->name);
/* /*
* List the public half of the ssh.com-formatted key in * List the public half of the ssh.com-formatted key in
@ -630,8 +639,8 @@ int main(int argc, char **argv)
*/ */
setup_passphrases("sponge2", NULL); setup_passphrases("sponge2", NULL);
test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL); test(0, "puttygen", "-l", osfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s openssh encrypted fp", check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
keytype->name); "%s openssh encrypted fp", keytype->name);
/* /*
* List the public half of the OpenSSH-formatted key in * List the public half of the OpenSSH-formatted key in
@ -671,8 +680,8 @@ int main(int argc, char **argv)
*/ */
setup_passphrases("sponge2", NULL); setup_passphrases("sponge2", NULL);
test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL); test(0, "puttygen", "-l", scfilename, "-o", tmpfilename1, NULL);
check_fp(tmpfilename1, fp, "%s ssh.com encrypted fp", check_fp(tmpfilename1, fps[SSH_FPTYPE_DEFAULT],
keytype->name); "%s ssh.com encrypted fp", keytype->name);
/* /*
* List the public half of the ssh.com-formatted key in * List the public half of the ssh.com-formatted key in
@ -762,7 +771,8 @@ int main(int argc, char **argv)
setup_passphrases(NULL); setup_passphrases(NULL);
test(1, "puttygen", "-C", "spurious-new-comment", pubfilename, NULL); test(1, "puttygen", "-C", "spurious-new-comment", pubfilename, NULL);
sfree(fp); for (FingerprintType fptype = 0; fptype < SSH_N_FPTYPES; fptype++)
sfree(fps[fptype]);
if (remove_files) { if (remove_files) {
remove(filename); remove(filename);

View File

@ -244,6 +244,7 @@ int main(int argc, char **argv)
const PrimeGenerationPolicy *primegen = &primegen_probabilistic; const PrimeGenerationPolicy *primegen = &primegen_probabilistic;
bool strong_rsa = false; bool strong_rsa = false;
ppk_save_parameters params = ppk_save_default_parameters; ppk_save_parameters params = ppk_save_default_parameters;
FingerprintType fptype = SSH_FPTYPE_DEFAULT;
if (is_interactive()) if (is_interactive())
progress_fp = stderr; progress_fp = stderr;
@ -507,6 +508,7 @@ int main(int argc, char **argv)
case 'C': case 'C':
case 'O': case 'O':
case 'o': case 'o':
case 'E':
/* /*
* Option requiring parameter. * Option requiring parameter.
*/ */
@ -575,6 +577,17 @@ int main(int argc, char **argv)
case 'o': case 'o':
outfile = p; outfile = p;
break; break;
case 'E':
if (!strcmp(p, "md5"))
fptype = SSH_FPTYPE_MD5;
else if (!strcmp(p, "sha256"))
fptype = SSH_FPTYPE_SHA256;
else {
fprintf(stderr, "puttygen: unknown fingerprint "
"type `%s'\n", p);
errs = true;
}
break;
} }
p = NULL; /* prevent continued processing */ p = NULL; /* prevent continued processing */
break; break;
@ -1182,11 +1195,11 @@ int main(int argc, char **argv)
fingerprint = rsa_ssh1_fingerprint(ssh1key); fingerprint = rsa_ssh1_fingerprint(ssh1key);
} else { } else {
if (ssh2key) { if (ssh2key) {
fingerprint = ssh2_fingerprint(ssh2key->key, SSH_FPTYPE_DEFAULT); fingerprint = ssh2_fingerprint(ssh2key->key, fptype);
} else { } else {
assert(ssh2blob); assert(ssh2blob);
fingerprint = ssh2_fingerprint_blob( fingerprint = ssh2_fingerprint_blob(
ptrlen_from_strbuf(ssh2blob), SSH_FPTYPE_DEFAULT); ptrlen_from_strbuf(ssh2blob), fptype);
} }
} }