Vary cmdgen's default key size based on key type.

[PuTTY.git] / cmdgen.c

diff --git a/cmdgen.c b/cmdgen.c
index 80e69b5a7eaf331ef68232626a10009c6f5fbabd..1331adcad6f3af6235f212f0cd8f225b76ec37b5 100644 (file)
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -160,6 +160,10 @@ void help(void)
            "  -O    specify output type:\n"
            "           private             output PuTTY private key format\n"
            "           private-openssh     export OpenSSH private key\n"
+           "           private-openssh-pem export OpenSSH private key "
+                                             "(force old PEM format)\n"
+           "           private-openssh-new export OpenSSH private key "
+                                             "(force new format)\n"
            "           private-sshcom      export ssh.com private key\n"
            "           public              standard / ssh.com public key\n"
            "           public-openssh      OpenSSH public key\n"
@@ -267,8 +271,9 @@ int main(int argc, char **argv)
     Filename *infilename = NULL, *outfilename = NULL;
     enum { NOKEYGEN, RSA1, RSA2, DSA, ECDSA } keytype = NOKEYGEN;
     char *outfile = NULL, *outfiletmp = NULL;
-    enum { PRIVATE, PUBLIC, PUBLICO, FP, OPENSSH, SSHCOM } outtype = PRIVATE;
-    int bits = 2048;
+    enum { PRIVATE, PUBLIC, PUBLICO, FP, OPENSSH_PEM,
+           OPENSSH_NEW, SSHCOM } outtype = PRIVATE;
+    int bits = -1;
     char *comment = NULL, *origcomment = NULL;
     int change_passphrase = FALSE;
     int errs = FALSE, nogo = FALSE;
@@ -460,8 +465,11 @@ int main(int argc, char **argv)
                            outtype = PRIVATE;
                        else if (!strcmp(p, "fingerprint"))
                            outtype = FP;
-                       else if (!strcmp(p, "private-openssh"))
-                           outtype = OPENSSH, sshver = 2;
+                       else if (!strcmp(p, "private-openssh") ||
+                                 !strcmp(p, "private-openssh-pem"))
+                           outtype = OPENSSH_PEM, sshver = 2;
+                       else if (!strcmp(p, "private-openssh-new"))
+                           outtype = OPENSSH_NEW, sshver = 2;
                        else if (!strcmp(p, "private-sshcom"))
                            outtype = SSHCOM, sshver = 2;
                        else {
@@ -499,6 +507,21 @@ int main(int argc, char **argv)
        }
     }
 
+    if (bits == -1) {
+        /*
+         * No explicit key size was specified. Default varies
+         * depending on key type.
+         */
+        switch (keytype) {
+          case ECDSA:
+            bits = 384;
+            break;
+          default:
+            bits = 2048;
+            break;
+        }
+    }
+
     if (keytype == ECDSA && (bits != 256 && bits != 384 && bits != 521)) {
         fprintf(stderr, "puttygen: invalid bits for ECDSA, choose 256, 384 or 521\n");
         errs = TRUE;
@@ -536,7 +559,8 @@ int main(int argc, char **argv)
      * We must save the private part when generating a new key.
      */
     if (keytype != NOKEYGEN &&
-       (outtype != PRIVATE && outtype != OPENSSH && outtype != SSHCOM)) {
+       (outtype != PRIVATE && outtype != OPENSSH_PEM &&
+         outtype != OPENSSH_NEW && outtype != SSHCOM)) {
        fprintf(stderr, "puttygen: this would generate a new key but "
                "discard the private part\n");
        return 1;
@@ -590,7 +614,8 @@ int main(int argc, char **argv)
            break;
 
          case SSH_KEYTYPE_SSH2:
-         case SSH_KEYTYPE_OPENSSH:
+         case SSH_KEYTYPE_OPENSSH_PEM:
+         case SSH_KEYTYPE_OPENSSH_NEW:
          case SSH_KEYTYPE_SSHCOM:
            if (sshver == 1) {
                fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
@@ -614,7 +639,8 @@ int main(int argc, char **argv)
      */
     if ((intype == SSH_KEYTYPE_SSH1 && outtype == PRIVATE) ||
        (intype == SSH_KEYTYPE_SSH2 && outtype == PRIVATE) ||
-       (intype == SSH_KEYTYPE_OPENSSH && outtype == OPENSSH) ||
+       (intype == SSH_KEYTYPE_OPENSSH_PEM && outtype == OPENSSH_PEM) ||
+       (intype == SSH_KEYTYPE_OPENSSH_NEW && outtype == OPENSSH_NEW) ||
        (intype == SSH_KEYTYPE_SSHCOM && outtype == SSHCOM)) {
        if (!outfile) {
            outfile = infile;
@@ -632,7 +658,8 @@ int main(int argc, char **argv)
             * Bomb out rather than automatically choosing to write
             * a private key file to stdout.
             */
-           if (outtype==PRIVATE || outtype==OPENSSH || outtype==SSHCOM) {
+           if (outtype == PRIVATE || outtype == OPENSSH_PEM ||
+                outtype == OPENSSH_NEW || outtype == SSHCOM) {
                fprintf(stderr, "puttygen: need to specify an output file\n");
                return 1;
            }
@@ -645,8 +672,11 @@ int main(int argc, char **argv)
      * out a private key format, or (b) the entire input key file
      * is encrypted.
      */
-    if (outtype == PRIVATE || outtype == OPENSSH || outtype == SSHCOM ||
-       intype == SSH_KEYTYPE_OPENSSH || intype == SSH_KEYTYPE_SSHCOM)
+    if (outtype == PRIVATE || outtype == OPENSSH_PEM ||
+        outtype == OPENSSH_NEW || outtype == SSHCOM ||
+       intype == SSH_KEYTYPE_OPENSSH_PEM ||
+       intype == SSH_KEYTYPE_OPENSSH_NEW ||
+        intype == SSH_KEYTYPE_SSHCOM)
        load_encrypted = TRUE;
     else
        load_encrypted = FALSE;
@@ -831,7 +861,8 @@ int main(int argc, char **argv)
            }
            break;
 
-         case SSH_KEYTYPE_OPENSSH:
+         case SSH_KEYTYPE_OPENSSH_PEM:
+         case SSH_KEYTYPE_OPENSSH_NEW:
          case SSH_KEYTYPE_SSHCOM:
            ssh2key = import_ssh2(infilename, intype, passphrase, &error);
            if (ssh2key) {
@@ -920,7 +951,7 @@ int main(int argc, char **argv)
        outfilename = filename_from_str(outfile ? outfile : "");
 
     switch (outtype) {
-       int ret;
+       int ret, real_outtype;
 
       case PRIVATE:
        if (sshver == 1) {
@@ -1052,13 +1083,27 @@ int main(int argc, char **argv)
        }
        break;
        
-      case OPENSSH:
+      case OPENSSH_PEM:
+      case OPENSSH_NEW:
       case SSHCOM:
        assert(sshver == 2);
        assert(ssh2key);
        random_ref(); /* both foreign key types require randomness,
                        * for IV or padding */
-       ret = export_ssh2(outfilename, outtype, ssh2key, passphrase);
+        switch (outtype) {
+          case OPENSSH_PEM:
+            real_outtype = SSH_KEYTYPE_OPENSSH_PEM;
+            break;
+          case OPENSSH_NEW:
+            real_outtype = SSH_KEYTYPE_OPENSSH_NEW;
+            break;
+          case SSHCOM:
+            real_outtype = SSH_KEYTYPE_SSHCOM;
+            break;
+          default:
+            assert(0 && "control flow goof");
+        }
+       ret = export_ssh2(outfilename, real_outtype, ssh2key, passphrase);
        if (!ret) {
            fprintf(stderr, "puttygen: unable to export key\n");
            return 1;