[PATCH 5/3] ssh-keygen: -Z cipher can be "none" test it in regression and, report it correctly in -yv option

Sun Apr 26 07:48:58 AEST 2020

On 25/04/2020 at 23:35, Loïc wrote :
> On 25/04/2020 at 02:58, Loïc wrote :
>> Add private key protection information extraction to shh-keygen using -v
>> option on top of -y option which is already parsing the private key.
>>
>> Technically, the passphrase isn't necessary to do this, but it is the
>> most logical thing to do for me.
>>
>> Adding this to -l option is not appropriate because fingerprinting is
>> using the .pub file when available.
>>
>> An other idea is to add a new option, I can do it if you prefer.
>>
>> Also, I'm laking information for information extraction from PEM and
>> PKCS8 file format, I'm OK to have a pointer to implement this correctly.
>>
>> This patch is also adding a regression test for the functionnality.
>>
>> ---
>>
>>  authfile.c                            |  16 ++--
>>  authfile.h                            |   7 +-
>>  regress/Makefile                      |   3 +-
>>  regress/keygen-private-information.sh |  81 +++++++++++++++++++++
>>  ssh-keygen.c                          |  44 +++++++----
>>  ssh-keysign.c                         |   2 +-
>>  sshconnect2.c                         |   2 +-
>>  sshd.c                                |   2 +-
>>  sshkey.c                              | 101 +++++++++++++++++++++++---
>>  sshkey.h                              |  14 +++-
>>  10 files changed, 234 insertions(+), 38 deletions(-)
>>  create mode 100644 regress/keygen-private-information.sh
>>
> In since I discovered the -Z option, I'm adding here a regression test
> for this option, the patch below applies on top on the upper one I'm
> replying to.
>
In fact "none" cypher is allowed here is a patch to test it in
regression and report it correctly in -yv option

---
 regress/keygen-private-information.sh | 2 +-
 ssh-keygen.c                          | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/regress/keygen-private-information.sh
b/regress/keygen-private-information.sh
index ddf74eb95c3c..22ad6429a079 100644
--- a/regress/keygen-private-information.sh
+++ b/regress/keygen-private-information.sh
@@ -48,7 +48,7 @@ EOF
 for fmt in '' RFC4716 PKCS8 PEM ; do
     for secret in '' 'secret1'; do
         cipher_list="default"
-        test -n "$secret" -a -z "$fmt" && cipher_list=`${SSH} -Q cipher`
+        test -n "$secret" -a -z "$fmt" && cipher_list=`${SSH} -Q
cipher`" none"
         for cipher in $cipher_list; do
             rounds_list="default"
             test -n "$secret" -a -z "$fmt" && rounds_list="2 16"
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a848edc33b5d..030b12e5b897 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -824,8 +824,7 @@ do_print_public(struct passwd *pw)
     if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) {
         printf("Key protection details:\n");
         printf("File format: %s\n",
sshkey_format_name(vault_info->format));
-        if ( (vault_info->ciphername == NULL ||
strcmp(vault_info->ciphername, "none") == 0)
-          || (vault_info->kdfname == NULL ||
strcmp(vault_info->kdfname, "none") == 0)) {
+        if (vault_info->kdfname == NULL || strcmp(vault_info->kdfname,
"none") == 0) {
             printf("no passphrase\n");
         } else {
             printf("cipher: %s\n", vault_info->ciphername);
-- 
2.17.1

