Blame - ssh-keygen.c - platform/external/openssh

blob: 8938dc051bae0c1381bbb713c684646bea69af21 [file] [log] [blame]

Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1	/* $OpenBSD: ssh-keygen.c,v 1.186 2010/04/16 01:47:26 djm Exp $ */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	6	* Identity and host key generation and maintenance.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	7	*
				8	* As far as I am concerned, the code I have written for this software
				9	* can be used freely for any purpose. Any derived versions of this
				10	* software must be clearly marked as such, and if the derived work is
				11	* incompatible with the protocol description in the RFC file, it must be
				12	* called by a name other than "ssh" or "Secure Shell".
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	13	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	14
				15	#include "includes.h"
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	16
				17	#include <sys/types.h>
Damien Miller	e3b60b5	2006-07-10 21:08:03 +1000	[diff] [blame]	18	#include <sys/socket.h>
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	19	#include <sys/stat.h>
Damien Miller	8dbffe7	2006-08-05 11:02:17 +1000	[diff] [blame]	20	#include <sys/param.h>
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	21
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	22	#include <openssl/evp.h>
				23	#include <openssl/pem.h>
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	24	#include "openbsd-compat/openssl-compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	25
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	26	#include <errno.h>
Damien Miller	57cf638	2006-07-10 21:13:46 +1000	[diff] [blame]	27	#include <fcntl.h>
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	28	#include <netdb.h>
Darren Tucker	2ee50c5	2006-07-11 18:55:05 +1000	[diff] [blame]	29	#ifdef HAVE_PATHS_H
				30	# include <paths.h>
				31	#endif
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	32	#include <pwd.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	33	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	34	#include <stdio.h>
Damien Miller	e7a1e5c	2006-08-05 11:34:19 +1000	[diff] [blame]	35	#include <stdlib.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	36	#include <string.h>
Damien Miller	e6b3b61	2006-07-24 14:01:23 +1000	[diff] [blame]	37	#include <unistd.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	38
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	39	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "key.h"
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	41	#include "rsa.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	#include "authfile.h"
				43	#include "uuencode.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	44	#include "buffer.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	45	#include "pathnames.h"
				46	#include "log.h"
Darren Tucker	e608ca2	2004-05-13 16:15:47 +1000	[diff] [blame]	47	#include "misc.h"
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	48	#include "match.h"
				49	#include "hostfile.h"
Damien Miller	6999610	2006-07-10 20:53:31 +1000	[diff] [blame]	50	#include "dns.h"
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	51	#include "ssh2.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	52
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	53	#ifdef ENABLE_PKCS11
				54	#include "ssh-pkcs11.h"
Ben Lindstrom	bcc1808	2001-08-06 21:59:25 +0000	[diff] [blame]	55	#endif
Ben Lindstrom	cd39228	2001-07-04 03:44:03 +0000	[diff] [blame]	56
Damien Miller	3f54a9f	2005-11-05 14:52:18 +1100	[diff] [blame]	57	/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
				58	#define DEFAULT_BITS 2048
				59	#define DEFAULT_BITS_DSA 1024
				60	u_int32_t bits = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	61
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	62	/*
				63	* Flag indicating that we just want to change the passphrase. This can be
				64	* set on the command line.
				65	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	66	int change_passphrase = 0;
				67
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	68	/*
				69	* Flag indicating that we just want to change the comment. This can be set
				70	* on the command line.
				71	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	72	int change_comment = 0;
				73
				74	int quiet = 0;
				75
Darren Tucker	35c4553	2008-06-13 04:43:15 +1000	[diff] [blame]	76	int log_level = SYSLOG_LEVEL_INFO;
				77
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	78	/* Flag indicating that we want to hash a known_hosts file */
				79	int hash_hosts = 0;
				80	/* Flag indicating that we want lookup a host in known_hosts file */
				81	int find_host = 0;
				82	/* Flag indicating that we want to delete a host from a known_hosts file */
				83	int delete_host = 0;
				84
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	85	/* Flag indicating that we want to show the contents of a certificate */
				86	int show_cert = 0;
				87
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	88	/* Flag indicating that we just want to see the key fingerprint */
				89	int print_fingerprint = 0;
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	90	int print_bubblebabble = 0;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	91
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	92	/* The identity file name, given on the command line or entered by the user. */
				93	char identity_file[1024];
				94	int have_identity = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	95
				96	/* This is set to the passphrase if given on the command line. */
				97	char *identity_passphrase = NULL;
				98
				99	/* This is set to the new passphrase if given on the command line. */
				100	char *identity_new_passphrase = NULL;
				101
				102	/* This is set to the new comment if given on the command line. */
				103	char *identity_comment = NULL;
				104
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	105	/* Path to CA key when certifying keys. */
				106	char *ca_key_path = NULL;
				107
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	108	/* Certificate serial number */
				109	long long cert_serial = 0;
				110
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	111	/* Key type when certifying */
				112	u_int cert_key_type = SSH2_CERT_TYPE_USER;
				113
				114	/* "key ID" of signed key */
				115	char *cert_key_id = NULL;
				116
				117	/* Comma-separated list of principal names for certifying keys */
				118	char *cert_principals = NULL;
				119
				120	/* Validity period for certificates */
				121	u_int64_t cert_valid_from = 0;
				122	u_int64_t cert_valid_to = ~0ULL;
				123
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	124	/* Certificate options */
				125	#define CRITOPT_X_FWD (1)
				126	#define CRITOPT_AGENT_FWD (1<<1)
				127	#define CRITOPT_PORT_FWD (1<<2)
				128	#define CRITOPT_PTY (1<<3)
				129	#define CRITOPT_USER_RC (1<<4)
				130	#define CRITOPT_DEFAULT (CRITOPT_X_FWD\|CRITOPT_AGENT_FWD\| \
				131	CRITOPT_PORT_FWD\|CRITOPT_PTY\| \
				132	CRITOPT_USER_RC)
				133	u_int32_t critical_flags = CRITOPT_DEFAULT;
				134	char *critical_command = NULL;
				135	char *critical_src_addr = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	136
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	137	/* Dump public key file in format used by real and the original SSH 2 */
				138	int convert_to_ssh2 = 0;
				139	int convert_from_ssh2 = 0;
				140	int print_public = 0;
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	141	int print_generic = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	142
Damien Miller	a41c8b1	2002-01-22 23:05:08 +1100	[diff] [blame]	143	char *key_type_name = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	144
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	145	/* argv0 */
				146	extern char *__progname;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	147
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	148	char hostname[MAXHOSTNAMELEN];
				149
Darren Tucker	770fc01	2004-05-13 16:24:32 +1000	[diff] [blame]	150	/* moduli.c */
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	151	int gen_candidates(FILE , u_int32_t, u_int32_t, BIGNUM );
Darren Tucker	770fc01	2004-05-13 16:24:32 +1000	[diff] [blame]	152	int prime_test(FILE , FILE , u_int32_t, u_int32_t);
				153
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	154	static void
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	155	ask_filename(struct passwd pw, const char prompt)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	156	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	157	char buf[1024];
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	158	char *name = NULL;
				159
Damien Miller	993dd55	2002-02-19 15:22:47 +1100	[diff] [blame]	160	if (key_type_name == NULL)
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	161	name = _PATH_SSH_CLIENT_ID_RSA;
Damien Miller	9096740	2006-03-26 14:07:26 +1100	[diff] [blame]	162	else {
Damien Miller	993dd55	2002-02-19 15:22:47 +1100	[diff] [blame]	163	switch (key_type_from_name(key_type_name)) {
				164	case KEY_RSA1:
				165	name = _PATH_SSH_CLIENT_IDENTITY;
				166	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	167	case KEY_DSA_CERT:
				168	case KEY_DSA_CERT_V00:
Damien Miller	993dd55	2002-02-19 15:22:47 +1100	[diff] [blame]	169	case KEY_DSA:
				170	name = _PATH_SSH_CLIENT_ID_DSA;
				171	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	172	case KEY_RSA_CERT:
				173	case KEY_RSA_CERT_V00:
Damien Miller	993dd55	2002-02-19 15:22:47 +1100	[diff] [blame]	174	case KEY_RSA:
				175	name = _PATH_SSH_CLIENT_ID_RSA;
				176	break;
				177	default:
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	178	fprintf(stderr, "bad key type\n");
Damien Miller	993dd55	2002-02-19 15:22:47 +1100	[diff] [blame]	179	exit(1);
				180	break;
				181	}
Damien Miller	9096740	2006-03-26 14:07:26 +1100	[diff] [blame]	182	}
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	183	snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
Ben Lindstrom	3deda8b	2000-12-22 20:27:43 +0000	[diff] [blame]	184	fprintf(stderr, "%s (%s): ", prompt, identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	185	if (fgets(buf, sizeof(buf), stdin) == NULL)
				186	exit(1);
Damien Miller	14b017d	2007-09-17 16:09:15 +1000	[diff] [blame]	187	buf[strcspn(buf, "\n")] = '\0';
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	188	if (strcmp(buf, "") != 0)
				189	strlcpy(identity_file, buf, sizeof(identity_file));
				190	have_identity = 1;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	191	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	192
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	193	static Key *
Ben Lindstrom	d78ae76	2001-06-05 20:35:09 +0000	[diff] [blame]	194	load_identity(char *filename)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	195	{
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	196	char *pass;
				197	Key *prv;
				198
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	199	prv = key_load_private(filename, "", NULL);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	200	if (prv == NULL) {
Ben Lindstrom	d78ae76	2001-06-05 20:35:09 +0000	[diff] [blame]	201	if (identity_passphrase)
				202	pass = xstrdup(identity_passphrase);
				203	else
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	204	pass = read_passphrase("Enter passphrase: ",
				205	RP_ALLOW_STDIN);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	206	prv = key_load_private(filename, pass, NULL);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	207	memset(pass, 0, strlen(pass));
				208	xfree(pass);
				209	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	210	return prv;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	211	}
				212
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	213	#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	214	#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	215	#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	216	#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	217
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	218	static void
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	219	do_convert_to_ssh2(struct passwd *pw)
				220	{
Ben Lindstrom	46c264f	2001-04-24 16:56:58 +0000	[diff] [blame]	221	Key *k;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	222	u_int len;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	223	u_char *blob;
Darren Tucker	d04758d	2010-01-12 19:41:57 +1100	[diff] [blame]	224	char comment[61];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	225	struct stat st;
				226
				227	if (!have_identity)
				228	ask_filename(pw, "Enter file in which the key is");
				229	if (stat(identity_file, &st) < 0) {
				230	perror(identity_file);
				231	exit(1);
				232	}
Ben Lindstrom	46c264f	2001-04-24 16:56:58 +0000	[diff] [blame]	233	if ((k = key_load_public(identity_file, NULL)) == NULL) {
Ben Lindstrom	d78ae76	2001-06-05 20:35:09 +0000	[diff] [blame]	234	if ((k = load_identity(identity_file)) == NULL) {
Ben Lindstrom	46c264f	2001-04-24 16:56:58 +0000	[diff] [blame]	235	fprintf(stderr, "load failed\n");
				236	exit(1);
				237	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	238	}
Damien Miller	db27472	2003-05-14 13:45:22 +1000	[diff] [blame]	239	if (k->type == KEY_RSA1) {
				240	fprintf(stderr, "version 1 keys are not supported\n");
				241	exit(1);
				242	}
Ben Lindstrom	99a30f1	2001-09-18 05:49:14 +0000	[diff] [blame]	243	if (key_to_blob(k, &blob, &len) <= 0) {
				244	fprintf(stderr, "key_to_blob failed\n");
				245	exit(1);
				246	}
Darren Tucker	d04758d	2010-01-12 19:41:57 +1100	[diff] [blame]	247	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
				248	snprintf(comment, sizeof(comment),
				249	"%u-bit %s, converted by %s@%s from OpenSSH",
Ben Lindstrom	46c264f	2001-04-24 16:56:58 +0000	[diff] [blame]	250	key_size(k), key_type(k),
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	251	pw->pw_name, hostname);
Darren Tucker	d04758d	2010-01-12 19:41:57 +1100	[diff] [blame]	252
				253	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
				254	fprintf(stdout, "Comment: \"%s\"\n", comment);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	255	dump_base64(stdout, blob, len);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	256	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
Ben Lindstrom	46c264f	2001-04-24 16:56:58 +0000	[diff] [blame]	257	key_free(k);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	258	xfree(blob);
				259	exit(0);
				260	}
				261
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	262	static void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	263	buffer_get_bignum_bits(Buffer b, BIGNUM value)
				264	{
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	265	u_int bignum_bits = buffer_get_int(b);
				266	u_int bytes = (bignum_bits + 7) / 8;
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	267
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	268	if (buffer_len(b) < bytes)
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	269	fatal("buffer_get_bignum_bits: input buffer too small: "
				270	"need %d have %d", bytes, buffer_len(b));
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	271	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
				272	fatal("buffer_get_bignum_bits: BN_bin2bn failed");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	273	buffer_consume(b, bytes);
				274	}
				275
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	276	static Key *
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	277	do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	278	{
				279	Buffer b;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	280	Key *key = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	281	char type, cipher;
Ben Lindstrom	511d69e	2001-07-04 05:05:27 +0000	[diff] [blame]	282	u_char *sig, data[] = "abcde12345";
Ben Lindstrom	e586c4c	2001-06-25 05:04:58 +0000	[diff] [blame]	283	int magic, rlen, ktype, i1, i2, i3, i4;
				284	u_int slen;
				285	u_long e;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	286
				287	buffer_init(&b);
				288	buffer_append(&b, blob, blen);
				289
Darren Tucker	82a3d2b	2007-02-19 22:10:25 +1100	[diff] [blame]	290	magic = buffer_get_int(&b);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	291	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
				292	error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
				293	buffer_free(&b);
				294	return NULL;
				295	}
Ben Lindstrom	34f9188	2001-06-25 04:47:54 +0000	[diff] [blame]	296	i1 = buffer_get_int(&b);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	297	type = buffer_get_string(&b, NULL);
				298	cipher = buffer_get_string(&b, NULL);
Ben Lindstrom	34f9188	2001-06-25 04:47:54 +0000	[diff] [blame]	299	i2 = buffer_get_int(&b);
				300	i3 = buffer_get_int(&b);
				301	i4 = buffer_get_int(&b);
Damien Miller	8016390	2007-01-05 16:30:16 +1100	[diff] [blame]	302	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	303	if (strcmp(cipher, "none") != 0) {
				304	error("unsupported cipher %s", cipher);
				305	xfree(cipher);
				306	buffer_free(&b);
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	307	xfree(type);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	308	return NULL;
				309	}
				310	xfree(cipher);
				311
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	312	if (strstr(type, "dsa")) {
				313	ktype = KEY_DSA;
				314	} else if (strstr(type, "rsa")) {
				315	ktype = KEY_RSA;
				316	} else {
Darren Tucker	7cfeecf	2005-01-20 10:56:31 +1100	[diff] [blame]	317	buffer_free(&b);
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	318	xfree(type);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	319	return NULL;
				320	}
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	321	key = key_new_private(ktype);
				322	xfree(type);
				323
				324	switch (key->type) {
				325	case KEY_DSA:
				326	buffer_get_bignum_bits(&b, key->dsa->p);
				327	buffer_get_bignum_bits(&b, key->dsa->g);
				328	buffer_get_bignum_bits(&b, key->dsa->q);
				329	buffer_get_bignum_bits(&b, key->dsa->pub_key);
				330	buffer_get_bignum_bits(&b, key->dsa->priv_key);
				331	break;
				332	case KEY_RSA:
Darren Tucker	82a3d2b	2007-02-19 22:10:25 +1100	[diff] [blame]	333	e = buffer_get_char(&b);
Ben Lindstrom	34f9188	2001-06-25 04:47:54 +0000	[diff] [blame]	334	debug("e %lx", e);
				335	if (e < 30) {
				336	e <<= 8;
				337	e += buffer_get_char(&b);
				338	debug("e %lx", e);
				339	e <<= 8;
				340	e += buffer_get_char(&b);
				341	debug("e %lx", e);
				342	}
				343	if (!BN_set_word(key->rsa->e, e)) {
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	344	buffer_free(&b);
				345	key_free(key);
				346	return NULL;
				347	}
				348	buffer_get_bignum_bits(&b, key->rsa->d);
				349	buffer_get_bignum_bits(&b, key->rsa->n);
				350	buffer_get_bignum_bits(&b, key->rsa->iqmp);
				351	buffer_get_bignum_bits(&b, key->rsa->q);
				352	buffer_get_bignum_bits(&b, key->rsa->p);
Ben Lindstrom	f7297dd	2001-07-04 05:02:23 +0000	[diff] [blame]	353	rsa_generate_additional_parameters(key->rsa);
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	354	break;
				355	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	356	rlen = buffer_len(&b);
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	357	if (rlen != 0)
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	358	error("do_convert_private_ssh2_from_blob: "
				359	"remaining bytes in key blob %d", rlen);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	360	buffer_free(&b);
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	361
Ben Lindstrom	e586c4c	2001-06-25 05:04:58 +0000	[diff] [blame]	362	/* try the key */
				363	key_sign(key, &sig, &slen, data, sizeof(data));
				364	key_verify(key, sig, slen, data, sizeof(data));
				365	xfree(sig);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	366	return key;
				367	}
				368
Damien Miller	8056a9d	2006-03-15 12:05:40 +1100	[diff] [blame]	369	static int
				370	get_line(FILE fp, char line, size_t len)
				371	{
				372	int c;
				373	size_t pos = 0;
				374
				375	line[0] = '\0';
				376	while ((c = fgetc(fp)) != EOF) {
				377	if (pos >= len - 1) {
				378	fprintf(stderr, "input line too long.\n");
				379	exit(1);
				380	}
Damien Miller	9096740	2006-03-26 14:07:26 +1100	[diff] [blame]	381	switch (c) {
Damien Miller	8056a9d	2006-03-15 12:05:40 +1100	[diff] [blame]	382	case '\r':
				383	c = fgetc(fp);
				384	if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
				385	fprintf(stderr, "unget: %s\n", strerror(errno));
				386	exit(1);
				387	}
				388	return pos;
				389	case '\n':
				390	return pos;
				391	}
				392	line[pos++] = c;
				393	line[pos] = '\0';
				394	}
Damien Miller	6c7439f	2007-01-05 16:29:55 +1100	[diff] [blame]	395	/* We reached EOF */
				396	return -1;
Damien Miller	8056a9d	2006-03-15 12:05:40 +1100	[diff] [blame]	397	}
				398
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	399	static void
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	400	do_convert_from_ssh2(struct passwd *pw)
				401	{
				402	Key *k;
				403	int blen;
Ben Lindstrom	155b981	2002-04-02 20:26:26 +0000	[diff] [blame]	404	u_int len;
Damien Miller	8056a9d	2006-03-15 12:05:40 +1100	[diff] [blame]	405	char line[1024];
Ben Lindstrom	9e0ddd4	2001-09-18 05:41:19 +0000	[diff] [blame]	406	u_char blob[8096];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	407	char encoded[8096];
				408	struct stat st;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	409	int escaped = 0, private = 0, ok;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	410	FILE *fp;
				411
				412	if (!have_identity)
				413	ask_filename(pw, "Enter file in which the key is");
				414	if (stat(identity_file, &st) < 0) {
				415	perror(identity_file);
				416	exit(1);
				417	}
				418	fp = fopen(identity_file, "r");
				419	if (fp == NULL) {
				420	perror(identity_file);
				421	exit(1);
				422	}
				423	encoded[0] = '\0';
Damien Miller	8056a9d	2006-03-15 12:05:40 +1100	[diff] [blame]	424	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
				425	if (line[blen - 1] == '\\')
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	426	escaped++;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	427	if (strncmp(line, "----", 4) == 0 \|\|
				428	strstr(line, ": ") != NULL) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	429	if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
				430	private = 1;
Ben Lindstrom	e586c4c	2001-06-25 05:04:58 +0000	[diff] [blame]	431	if (strstr(line, " END ") != NULL) {
				432	break;
				433	}
Ben Lindstrom	3035860	2001-04-24 16:59:28 +0000	[diff] [blame]	434	/* fprintf(stderr, "ignore: %s", line); */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	435	continue;
				436	}
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	437	if (escaped) {
				438	escaped--;
Ben Lindstrom	3035860	2001-04-24 16:59:28 +0000	[diff] [blame]	439	/* fprintf(stderr, "escaped: %s", line); */
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	440	continue;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	441	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	442	strlcat(encoded, line, sizeof(encoded));
				443	}
Ben Lindstrom	155b981	2002-04-02 20:26:26 +0000	[diff] [blame]	444	len = strlen(encoded);
				445	if (((len % 4) == 3) &&
				446	(encoded[len-1] == '=') &&
				447	(encoded[len-2] == '=') &&
				448	(encoded[len-3] == '='))
				449	encoded[len-3] = '\0';
Damien Miller	4a8ed54	2002-01-22 23:33:31 +1100	[diff] [blame]	450	blen = uudecode(encoded, blob, sizeof(blob));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	451	if (blen < 0) {
				452	fprintf(stderr, "uudecode failed.\n");
				453	exit(1);
				454	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	455	k = private ?
				456	do_convert_private_ssh2_from_blob(blob, blen) :
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	457	key_from_blob(blob, blen);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	458	if (k == NULL) {
				459	fprintf(stderr, "decode blob failed.\n");
				460	exit(1);
				461	}
				462	ok = private ?
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	463	(k->type == KEY_DSA ?
				464	PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) :
				465	PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) :
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	466	key_write(k, stdout);
				467	if (!ok) {
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	468	fprintf(stderr, "key write failed\n");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	469	exit(1);
				470	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	471	key_free(k);
Damien Miller	a1db12b	2002-01-22 23:20:15 +1100	[diff] [blame]	472	if (!private)
				473	fprintf(stdout, "\n");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	474	fclose(fp);
				475	exit(0);
				476	}
				477
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	478	static void
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	479	do_print_public(struct passwd *pw)
				480	{
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	481	Key *prv;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	482	struct stat st;
				483
				484	if (!have_identity)
				485	ask_filename(pw, "Enter file in which the key is");
				486	if (stat(identity_file, &st) < 0) {
				487	perror(identity_file);
				488	exit(1);
				489	}
Ben Lindstrom	d78ae76	2001-06-05 20:35:09 +0000	[diff] [blame]	490	prv = load_identity(identity_file);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	491	if (prv == NULL) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	492	fprintf(stderr, "load failed\n");
				493	exit(1);
				494	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	495	if (!key_write(prv, stdout))
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	496	fprintf(stderr, "key_write failed");
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	497	key_free(prv);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	498	fprintf(stdout, "\n");
				499	exit(0);
				500	}
				501
Ben Lindstrom	cd39228	2001-07-04 03:44:03 +0000	[diff] [blame]	502	static void
Damien Miller	86cbb44	2010-02-12 09:22:57 +1100	[diff] [blame]	503	do_download(struct passwd pw, char pkcs11provider)
Ben Lindstrom	cd39228	2001-07-04 03:44:03 +0000	[diff] [blame]	504	{
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	505	#ifdef ENABLE_PKCS11
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	506	Key **keys = NULL;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	507	int i, nkeys;
Ben Lindstrom	8282d6a	2001-08-06 21:44:05 +0000	[diff] [blame]	508
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	509	pkcs11_init(0);
				510	nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
				511	if (nkeys <= 0)
				512	fatal("cannot read public key from pkcs11");
				513	for (i = 0; i < nkeys; i++) {
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	514	key_write(keys[i], stdout);
				515	key_free(keys[i]);
				516	fprintf(stdout, "\n");
				517	}
				518	xfree(keys);
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	519	pkcs11_terminate();
Ben Lindstrom	8282d6a	2001-08-06 21:44:05 +0000	[diff] [blame]	520	exit(0);
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	521	#else
				522	fatal("no pkcs11 support");
				523	#endif /* ENABLE_PKCS11 */
Ben Lindstrom	8282d6a	2001-08-06 21:44:05 +0000	[diff] [blame]	524	}
Ben Lindstrom	cd39228	2001-07-04 03:44:03 +0000	[diff] [blame]	525
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	526	static void
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	527	do_fingerprint(struct passwd *pw)
				528	{
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	529	FILE *f;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	530	Key *public;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	531	char comment = NULL, cp, ep, line[161024], fp, ra;
Damien Miller	cb2fbb2	2008-02-10 22:24:55 +1100	[diff] [blame]	532	int i, skip = 0, num = 0, invalid = 1;
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	533	enum fp_rep rep;
				534	enum fp_type fptype;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	535	struct stat st;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	536
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	537	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
				538	rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	539
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	540	if (!have_identity)
				541	ask_filename(pw, "Enter file in which the key is");
				542	if (stat(identity_file, &st) < 0) {
				543	perror(identity_file);
				544	exit(1);
				545	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	546	public = key_load_public(identity_file, &comment);
				547	if (public != NULL) {
				548	fp = key_fingerprint(public, fptype, rep);
Darren Tucker	9bcd25b	2009-10-07 08:45:48 +1100	[diff] [blame]	549	ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
Darren Tucker	b68fb4a	2008-06-13 08:57:27 +1000	[diff] [blame]	550	printf("%u %s %s (%s)\n", key_size(public), fp, comment,
				551	key_type(public));
Darren Tucker	35c4553	2008-06-13 04:43:15 +1000	[diff] [blame]	552	if (log_level >= SYSLOG_LEVEL_VERBOSE)
				553	printf("%s\n", ra);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	554	key_free(public);
				555	xfree(comment);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	556	xfree(ra);
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	557	xfree(fp);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	558	exit(0);
				559	}
Damien Miller	40b5985	2006-06-13 13:00:25 +1000	[diff] [blame]	560	if (comment) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	561	xfree(comment);
Damien Miller	40b5985	2006-06-13 13:00:25 +1000	[diff] [blame]	562	comment = NULL;
				563	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	564
				565	f = fopen(identity_file, "r");
				566	if (f != NULL) {
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	567	while (fgets(line, sizeof(line), f)) {
Damien Miller	0f4ed69	2007-10-26 14:26:32 +1000	[diff] [blame]	568	if ((cp = strchr(line, '\n')) == NULL) {
Damien Miller	cb2fbb2	2008-02-10 22:24:55 +1100	[diff] [blame]	569	error("line %d too long: %.40s...",
				570	num + 1, line);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	571	skip = 1;
				572	continue;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	573	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	574	num++;
				575	if (skip) {
				576	skip = 0;
				577	continue;
				578	}
Damien Miller	0f4ed69	2007-10-26 14:26:32 +1000	[diff] [blame]	579	*cp = '\0';
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	580
				581	/* Skip leading whitespace, empty and comment lines. */
				582	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
				583	;
				584	if (!cp \|\| cp == '\n' \|\| *cp == '#')
Damien Miller	8016390	2007-01-05 16:30:16 +1100	[diff] [blame]	585	continue;
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	586	i = strtol(cp, &ep, 10);
				587	if (i == 0 \|\| ep == NULL \|\| (ep != ' ' && ep != '\t')) {
				588	int quoted = 0;
				589	comment = cp;
Ben Lindstrom	58d3b72	2002-06-23 21:28:13 +0000	[diff] [blame]	590	for (; cp && (quoted \|\| (cp != ' ' &&
				591	*cp != '\t')); cp++) {
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	592	if (*cp == '\\' && cp[1] == '"')
				593	cp++; /* Skip both */
				594	else if (*cp == '"')
				595	quoted = !quoted;
				596	}
				597	if (!*cp)
				598	continue;
				599	*cp++ = '\0';
				600	}
				601	ep = cp;
Ben Lindstrom	2941f11	2000-12-29 16:50:13 +0000	[diff] [blame]	602	public = key_new(KEY_RSA1);
				603	if (key_read(public, &cp) != 1) {
				604	cp = ep;
				605	key_free(public);
				606	public = key_new(KEY_UNSPEC);
				607	if (key_read(public, &cp) != 1) {
				608	key_free(public);
				609	continue;
				610	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	611	}
Ben Lindstrom	2941f11	2000-12-29 16:50:13 +0000	[diff] [blame]	612	comment = *cp ? cp : comment;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	613	fp = key_fingerprint(public, fptype, rep);
Darren Tucker	9bcd25b	2009-10-07 08:45:48 +1100	[diff] [blame]	614	ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
Darren Tucker	b68fb4a	2008-06-13 08:57:27 +1000	[diff] [blame]	615	printf("%u %s %s (%s)\n", key_size(public), fp,
				616	comment ? comment : "no comment", key_type(public));
Darren Tucker	35c4553	2008-06-13 04:43:15 +1000	[diff] [blame]	617	if (log_level >= SYSLOG_LEVEL_VERBOSE)
				618	printf("%s\n", ra);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	619	xfree(ra);
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	620	xfree(fp);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	621	key_free(public);
Ben Lindstrom	2941f11	2000-12-29 16:50:13 +0000	[diff] [blame]	622	invalid = 0;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	623	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	624	fclose(f);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	625	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	626	if (invalid) {
Damien Miller	eb5fec6	2001-11-12 10:52:44 +1100	[diff] [blame]	627	printf("%s is not a public key file.\n", identity_file);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	628	exit(1);
				629	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	630	exit(0);
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	631	}
				632
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	633	static void
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	634	printhost(FILE f, const char name, Key *public, int ca, int hash)
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	635	{
Darren Tucker	0f7e910	2008-06-08 12:54:29 +1000	[diff] [blame]	636	if (print_fingerprint) {
				637	enum fp_rep rep;
				638	enum fp_type fptype;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	639	char fp, ra;
Darren Tucker	0f7e910	2008-06-08 12:54:29 +1000	[diff] [blame]	640
				641	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
				642	rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
				643	fp = key_fingerprint(public, fptype, rep);
Darren Tucker	9bcd25b	2009-10-07 08:45:48 +1100	[diff] [blame]	644	ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
Damien Miller	81dec05	2008-07-14 11:28:29 +1000	[diff] [blame]	645	printf("%u %s %s (%s)\n", key_size(public), fp, name,
				646	key_type(public));
				647	if (log_level >= SYSLOG_LEVEL_VERBOSE)
				648	printf("%s\n", ra);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	649	xfree(ra);
Darren Tucker	0f7e910	2008-06-08 12:54:29 +1000	[diff] [blame]	650	xfree(fp);
				651	} else {
				652	if (hash && (name = host_hash(name, NULL, 0)) == NULL)
				653	fatal("hash_host failed");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	654	fprintf(f, "%s%s%s ", ca ? CA_MARKER : "", ca ? " " : "", name);
Darren Tucker	0f7e910	2008-06-08 12:54:29 +1000	[diff] [blame]	655	if (!key_write(public, f))
				656	fatal("key_write failed");
				657	fprintf(f, "\n");
				658	}
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	659	}
				660
				661	static void
				662	do_known_hosts(struct passwd pw, const char name)
				663	{
				664	FILE in, out = stdout;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	665	Key *pub;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	666	char cp, cp2, kp, kp2;
				667	char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
Damien Miller	cb2fbb2	2008-02-10 22:24:55 +1100	[diff] [blame]	668	int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	669	int ca;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	670
				671	if (!have_identity) {
				672	cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
				673	if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
				674	sizeof(identity_file))
				675	fatal("Specified known hosts path too long");
				676	xfree(cp);
				677	have_identity = 1;
				678	}
				679	if ((in = fopen(identity_file, "r")) == NULL)
				680	fatal("fopen: %s", strerror(errno));
				681
				682	/*
				683	* Find hosts goes to stdout, hash and deletions happen in-place
				684	* A corner case is ssh-keygen -HF foo, which should go to stdout
				685	*/
				686	if (!find_host && (hash_hosts \|\| delete_host)) {
				687	if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) \|\|
				688	strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) \|\|
				689	strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) \|\|
				690	strlcat(old, ".old", sizeof(old)) >= sizeof(old))
				691	fatal("known_hosts path too long");
				692	umask(077);
				693	if ((c = mkstemp(tmp)) == -1)
				694	fatal("mkstemp: %s", strerror(errno));
				695	if ((out = fdopen(c, "w")) == NULL) {
				696	c = errno;
				697	unlink(tmp);
				698	fatal("fdopen: %s", strerror(c));
				699	}
				700	inplace = 1;
				701	}
				702
				703	while (fgets(line, sizeof(line), in)) {
Damien Miller	0f4ed69	2007-10-26 14:26:32 +1000	[diff] [blame]	704	if ((cp = strchr(line, '\n')) == NULL) {
Damien Miller	cb2fbb2	2008-02-10 22:24:55 +1100	[diff] [blame]	705	error("line %d too long: %.40s...", num + 1, line);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	706	skip = 1;
				707	invalid = 1;
				708	continue;
				709	}
Damien Miller	0f4ed69	2007-10-26 14:26:32 +1000	[diff] [blame]	710	num++;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	711	if (skip) {
				712	skip = 0;
				713	continue;
				714	}
Damien Miller	0f4ed69	2007-10-26 14:26:32 +1000	[diff] [blame]	715	*cp = '\0';
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	716
				717	/* Skip leading whitespace, empty and comment lines. */
				718	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
				719	;
				720	if (!cp \|\| cp == '\n' \|\| *cp == '#') {
				721	if (inplace)
				722	fprintf(out, "%s\n", cp);
				723	continue;
				724	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	725	/* Check whether this is a CA key */
				726	if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 &&
				727	(cp[sizeof(CA_MARKER) - 1] == ' ' \|\|
				728	cp[sizeof(CA_MARKER) - 1] == '\t')) {
				729	ca = 1;
				730	cp += sizeof(CA_MARKER);
				731	} else
				732	ca = 0;
				733
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	734	/* Find the end of the host name portion. */
				735	for (kp = cp; kp && kp != ' ' && *kp != '\t'; kp++)
				736	;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	737
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	738	if (kp == '\0' \|\| (kp + 1) == '\0') {
				739	error("line %d missing key: %.40s...",
				740	num, line);
				741	invalid = 1;
				742	continue;
				743	}
				744	*kp++ = '\0';
				745	kp2 = kp;
				746
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	747	pub = key_new(KEY_RSA1);
				748	if (key_read(pub, &kp) != 1) {
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	749	kp = kp2;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	750	key_free(pub);
				751	pub = key_new(KEY_UNSPEC);
				752	if (key_read(pub, &kp) != 1) {
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	753	error("line %d invalid key: %.40s...",
				754	num, line);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	755	key_free(pub);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	756	invalid = 1;
				757	continue;
				758	}
				759	}
				760
				761	if (*cp == HASH_DELIM) {
				762	if (find_host \|\| delete_host) {
				763	cp2 = host_hash(name, cp, strlen(cp));
				764	if (cp2 == NULL) {
				765	error("line %d: invalid hashed "
				766	"name: %.64s...", num, line);
				767	invalid = 1;
				768	continue;
				769	}
				770	c = (strcmp(cp2, cp) == 0);
				771	if (find_host && c) {
				772	printf("# Host %s found: "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	773	"line %d type %s%s\n", name,
				774	num, key_type(pub),
				775	ca ? " (CA key)" : "");
				776	printhost(out, cp, pub, ca, 0);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	777	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	778	if (delete_host && !c && !ca)
				779	printhost(out, cp, pub, ca, 0);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	780	} else if (hash_hosts)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	781	printhost(out, cp, pub, ca, 0);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	782	} else {
				783	if (find_host \|\| delete_host) {
				784	c = (match_hostname(name, cp,
				785	strlen(cp)) == 1);
				786	if (find_host && c) {
				787	printf("# Host %s found: "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	788	"line %d type %s%s\n", name,
				789	num, key_type(pub),
				790	ca ? " (CA key)" : "");
				791	printhost(out, name, pub,
				792	ca, hash_hosts && !ca);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	793	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	794	if (delete_host && !c && !ca)
				795	printhost(out, cp, pub, ca, 0);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	796	} else if (hash_hosts) {
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	797	for (cp2 = strsep(&cp, ",");
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	798	cp2 != NULL && *cp2 != '\0';
Damien Miller	89eac80	2005-03-02 12:33:04 +1100	[diff] [blame]	799	cp2 = strsep(&cp, ",")) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	800	if (ca) {
				801	fprintf(stderr, "Warning: "
				802	"ignoring CA key for host: "
				803	"%.64s\n", cp2);
				804	printhost(out, cp2, pub, ca, 0);
				805	} else if (strcspn(cp2, "*?!") !=
				806	strlen(cp2)) {
Damien Miller	89eac80	2005-03-02 12:33:04 +1100	[diff] [blame]	807	fprintf(stderr, "Warning: "
				808	"ignoring host name with "
				809	"metacharacters: %.64s\n",
				810	cp2);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	811	printhost(out, cp2, pub, ca, 0);
				812	} else
				813	printhost(out, cp2, pub, ca, 1);
Damien Miller	89eac80	2005-03-02 12:33:04 +1100	[diff] [blame]	814	}
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	815	has_unhashed = 1;
				816	}
				817	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	818	key_free(pub);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	819	}
				820	fclose(in);
				821
				822	if (invalid) {
Damien Miller	cb2fbb2	2008-02-10 22:24:55 +1100	[diff] [blame]	823	fprintf(stderr, "%s is not a valid known_hosts file.\n",
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	824	identity_file);
				825	if (inplace) {
				826	fprintf(stderr, "Not replacing existing known_hosts "
Darren Tucker	9f438a9	2005-03-14 23:09:18 +1100	[diff] [blame]	827	"file because of errors\n");
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	828	fclose(out);
				829	unlink(tmp);
				830	}
				831	exit(1);
				832	}
				833
				834	if (inplace) {
				835	fclose(out);
				836
				837	/* Backup existing file */
				838	if (unlink(old) == -1 && errno != ENOENT)
				839	fatal("unlink %.100s: %s", old, strerror(errno));
				840	if (link(identity_file, old) == -1)
				841	fatal("link %.100s to %.100s: %s", identity_file, old,
				842	strerror(errno));
				843	/* Move new one into place */
				844	if (rename(tmp, identity_file) == -1) {
				845	error("rename\"%s\" to \"%s\": %s", tmp, identity_file,
				846	strerror(errno));
				847	unlink(tmp);
				848	unlink(old);
				849	exit(1);
				850	}
				851
				852	fprintf(stderr, "%s updated.\n", identity_file);
				853	fprintf(stderr, "Original contents retained as %s\n", old);
				854	if (has_unhashed) {
				855	fprintf(stderr, "WARNING: %s contains unhashed "
				856	"entries\n", old);
				857	fprintf(stderr, "Delete this file to ensure privacy "
Damien Miller	0dc1bef	2005-07-17 17:22:45 +1000	[diff] [blame]	858	"of hostnames\n");
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	859	}
				860	}
				861
				862	exit(0);
				863	}
				864
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	865	/*
				866	* Perform changing a passphrase. The argument is the passwd structure
				867	* for the current user.
				868	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	869	static void
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	870	do_change_passphrase(struct passwd *pw)
				871	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	872	char *comment;
				873	char old_passphrase, passphrase1, *passphrase2;
				874	struct stat st;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	875	Key *private;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	876
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	877	if (!have_identity)
				878	ask_filename(pw, "Enter file in which the key is");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	879	if (stat(identity_file, &st) < 0) {
				880	perror(identity_file);
				881	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	882	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	883	/* Try to load the file with empty passphrase. */
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	884	private = key_load_private(identity_file, "", &comment);
				885	if (private == NULL) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	886	if (identity_passphrase)
				887	old_passphrase = xstrdup(identity_passphrase);
				888	else
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	889	old_passphrase =
				890	read_passphrase("Enter old passphrase: ",
				891	RP_ALLOW_STDIN);
				892	private = key_load_private(identity_file, old_passphrase,
				893	&comment);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	894	memset(old_passphrase, 0, strlen(old_passphrase));
				895	xfree(old_passphrase);
				896	if (private == NULL) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	897	printf("Bad passphrase.\n");
				898	exit(1);
				899	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	900	}
				901	printf("Key has comment '%s'\n", comment);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	902
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	903	/* Ask the new passphrase (twice). */
				904	if (identity_new_passphrase) {
				905	passphrase1 = xstrdup(identity_new_passphrase);
				906	passphrase2 = NULL;
				907	} else {
				908	passphrase1 =
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	909	read_passphrase("Enter new passphrase (empty for no "
				910	"passphrase): ", RP_ALLOW_STDIN);
				911	passphrase2 = read_passphrase("Enter same passphrase again: ",
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	912	RP_ALLOW_STDIN);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	913
				914	/* Verify that they are the same. */
				915	if (strcmp(passphrase1, passphrase2) != 0) {
				916	memset(passphrase1, 0, strlen(passphrase1));
				917	memset(passphrase2, 0, strlen(passphrase2));
				918	xfree(passphrase1);
				919	xfree(passphrase2);
				920	printf("Pass phrases do not match. Try again.\n");
				921	exit(1);
				922	}
				923	/* Destroy the other copy. */
				924	memset(passphrase2, 0, strlen(passphrase2));
				925	xfree(passphrase2);
				926	}
				927
				928	/* Save the file using the new passphrase. */
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	929	if (!key_save_private(private, identity_file, passphrase1, comment)) {
Ben Lindstrom	15f3386	2001-04-16 02:00:02 +0000	[diff] [blame]	930	printf("Saving the key failed: %s.\n", identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	931	memset(passphrase1, 0, strlen(passphrase1));
				932	xfree(passphrase1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	933	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	934	xfree(comment);
				935	exit(1);
				936	}
				937	/* Destroy the passphrase and the copy of the key in memory. */
				938	memset(passphrase1, 0, strlen(passphrase1));
				939	xfree(passphrase1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	940	key_free(private); /* Destroys contents */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	941	xfree(comment);
				942
				943	printf("Your identification has been saved with the new passphrase.\n");
				944	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	945	}
				946
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	947	/*
				948	* Print the SSHFP RR.
				949	*/
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	950	static int
				951	do_print_resource_record(struct passwd pw, char fname, char *hname)
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	952	{
				953	Key *public;
				954	char *comment = NULL;
				955	struct stat st;
				956
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	957	if (fname == NULL)
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	958	ask_filename(pw, "Enter file in which the key is");
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	959	if (stat(fname, &st) < 0) {
				960	if (errno == ENOENT)
				961	return 0;
				962	perror(fname);
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	963	exit(1);
				964	}
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	965	public = key_load_public(fname, &comment);
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	966	if (public != NULL) {
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	967	export_dns_rr(hname, public, stdout, print_generic);
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	968	key_free(public);
				969	xfree(comment);
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	970	return 1;
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	971	}
				972	if (comment)
				973	xfree(comment);
				974
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	975	printf("failed to read v2 public key from %s.\n", fname);
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	976	exit(1);
				977	}
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	978
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	979	/*
				980	* Change the comment of a private key file.
				981	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	982	static void
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	983	do_change_comment(struct passwd *pw)
				984	{
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	985	char new_comment[1024], comment, passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	986	Key *private;
				987	Key *public;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	988	struct stat st;
				989	FILE *f;
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	990	int fd;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	991
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	992	if (!have_identity)
				993	ask_filename(pw, "Enter file in which the key is");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	994	if (stat(identity_file, &st) < 0) {
				995	perror(identity_file);
				996	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	997	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	998	private = key_load_private(identity_file, "", &comment);
				999	if (private == NULL) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1000	if (identity_passphrase)
				1001	passphrase = xstrdup(identity_passphrase);
				1002	else if (identity_new_passphrase)
				1003	passphrase = xstrdup(identity_new_passphrase);
				1004	else
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	1005	passphrase = read_passphrase("Enter passphrase: ",
				1006	RP_ALLOW_STDIN);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1007	/* Try to load using the passphrase. */
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1008	private = key_load_private(identity_file, passphrase, &comment);
				1009	if (private == NULL) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1010	memset(passphrase, 0, strlen(passphrase));
				1011	xfree(passphrase);
				1012	printf("Bad passphrase.\n");
				1013	exit(1);
				1014	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1015	} else {
				1016	passphrase = xstrdup("");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1017	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1018	if (private->type != KEY_RSA1) {
				1019	fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
				1020	key_free(private);
				1021	exit(1);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1022	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1023	printf("Key now has comment '%s'\n", comment);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1024
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1025	if (identity_comment) {
				1026	strlcpy(new_comment, identity_comment, sizeof(new_comment));
				1027	} else {
				1028	printf("Enter new comment: ");
				1029	fflush(stdout);
				1030	if (!fgets(new_comment, sizeof(new_comment), stdin)) {
				1031	memset(passphrase, 0, strlen(passphrase));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1032	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1033	exit(1);
				1034	}
Damien Miller	14b017d	2007-09-17 16:09:15 +1000	[diff] [blame]	1035	new_comment[strcspn(new_comment, "\n")] = '\0';
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1036	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1037
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1038	/* Save the file using the new passphrase. */
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1039	if (!key_save_private(private, identity_file, passphrase, new_comment)) {
Ben Lindstrom	15f3386	2001-04-16 02:00:02 +0000	[diff] [blame]	1040	printf("Saving the key failed: %s.\n", identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1041	memset(passphrase, 0, strlen(passphrase));
				1042	xfree(passphrase);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1043	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1044	xfree(comment);
				1045	exit(1);
				1046	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1047	memset(passphrase, 0, strlen(passphrase));
				1048	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1049	public = key_from_private(private);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1050	key_free(private);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1051
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1052	strlcat(identity_file, ".pub", sizeof(identity_file));
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1053	fd = open(identity_file, O_WRONLY \| O_CREAT \| O_TRUNC, 0644);
				1054	if (fd == -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1055	printf("Could not save your public key in %s\n", identity_file);
				1056	exit(1);
				1057	}
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1058	f = fdopen(fd, "w");
				1059	if (f == NULL) {
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	1060	printf("fdopen %s failed\n", identity_file);
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1061	exit(1);
				1062	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1063	if (!key_write(public, f))
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	1064	fprintf(stderr, "write key failed\n");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1065	key_free(public);
				1066	fprintf(f, " %s\n", new_comment);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1067	fclose(f);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1068
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1069	xfree(comment);
				1070
				1071	printf("The comment in your key file has been changed.\n");
				1072	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1073	}
				1074
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1075	static const char *
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1076	fmt_validity(u_int64_t valid_from, u_int64_t valid_to)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1077	{
				1078	char from[32], to[32];
				1079	static char ret[64];
				1080	time_t tt;
				1081	struct tm *tm;
				1082
				1083	from = to = '\0';
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1084	if (valid_from == 0 && valid_to == 0xffffffffffffffffULL)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1085	return "forever";
				1086
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1087	if (valid_from != 0) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1088	/* XXX revisit INT_MAX in 2038 :) */
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1089	tt = valid_from > INT_MAX ? INT_MAX : valid_from;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1090	tm = localtime(&tt);
				1091	strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm);
				1092	}
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1093	if (valid_to != 0xffffffffffffffffULL) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1094	/* XXX revisit INT_MAX in 2038 :) */
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1095	tt = valid_to > INT_MAX ? INT_MAX : valid_to;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1096	tm = localtime(&tt);
				1097	strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm);
				1098	}
				1099
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1100	if (valid_from == 0) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1101	snprintf(ret, sizeof(ret), "before %s", to);
				1102	return ret;
				1103	}
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1104	if (valid_to == 0xffffffffffffffffULL) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1105	snprintf(ret, sizeof(ret), "after %s", from);
				1106	return ret;
				1107	}
				1108
				1109	snprintf(ret, sizeof(ret), "from %s to %s", from, to);
				1110	return ret;
				1111	}
				1112
				1113	static void
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1114	add_flag_option(Buffer c, const char name)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1115	{
				1116	debug3("%s: %s", __func__, name);
				1117	buffer_put_cstring(c, name);
				1118	buffer_put_string(c, NULL, 0);
				1119	}
				1120
				1121	static void
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1122	add_string_option(Buffer c, const char name, const char *value)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1123	{
				1124	Buffer b;
				1125
				1126	debug3("%s: %s=%s", __func__, name, value);
				1127	buffer_init(&b);
				1128	buffer_put_cstring(&b, value);
				1129
				1130	buffer_put_cstring(c, name);
				1131	buffer_put_string(c, buffer_ptr(&b), buffer_len(&b));
				1132
				1133	buffer_free(&b);
				1134	}
				1135
				1136	static void
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1137	prepare_options_buf(Buffer *c)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1138	{
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1139	buffer_clear(c);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1140	if ((critical_flags & CRITOPT_X_FWD) != 0)
				1141	add_flag_option(c, "permit-X11-forwarding");
				1142	if ((critical_flags & CRITOPT_AGENT_FWD) != 0)
				1143	add_flag_option(c, "permit-agent-forwarding");
				1144	if ((critical_flags & CRITOPT_PORT_FWD) != 0)
				1145	add_flag_option(c, "permit-port-forwarding");
				1146	if ((critical_flags & CRITOPT_PTY) != 0)
				1147	add_flag_option(c, "permit-pty");
				1148	if ((critical_flags & CRITOPT_USER_RC) != 0)
				1149	add_flag_option(c, "permit-user-rc");
				1150	if (critical_command != NULL)
				1151	add_string_option(c, "force-command", critical_command);
				1152	if (critical_src_addr != NULL)
				1153	add_string_option(c, "source-address", critical_src_addr);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1154	}
				1155
				1156	static void
				1157	do_ca_sign(struct passwd pw, int argc, char *argv)
				1158	{
				1159	int i, fd;
				1160	u_int n;
				1161	Key ca, public;
				1162	char otmp, tmp, cp, out, comment, *plist = NULL;
				1163	FILE *f;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1164	int v00 = 0; /* legacy keys */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1165
				1166	tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
				1167	if ((ca = load_identity(tmp)) == NULL)
				1168	fatal("Couldn't load CA key \"%s\"", tmp);
				1169	xfree(tmp);
				1170
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1171	if (key_type_name != NULL) {
				1172	switch (key_type_from_name(key_type_name)) {
				1173	case KEY_RSA_CERT_V00:
				1174	case KEY_DSA_CERT_V00:
				1175	v00 = 1;
				1176	break;
				1177	case KEY_UNSPEC:
				1178	if (strcasecmp(key_type_name, "v00") == 0) {
				1179	v00 = 1;
				1180	break;
				1181	} else if (strcasecmp(key_type_name, "v01") == 0)
				1182	break;
				1183	/* FALLTHROUGH */
				1184	default:
				1185	fprintf(stderr, "unknown key type %s\n", key_type_name);
				1186	exit(1);
				1187	}
				1188	}
				1189
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1190	for (i = 0; i < argc; i++) {
				1191	/* Split list of principals */
				1192	n = 0;
				1193	if (cert_principals != NULL) {
				1194	otmp = tmp = xstrdup(cert_principals);
				1195	plist = NULL;
				1196	for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
				1197	plist = xrealloc(plist, n + 1, sizeof(*plist));
				1198	if (*(plist[n] = xstrdup(cp)) == '\0')
				1199	fatal("Empty principal name");
				1200	}
				1201	xfree(otmp);
				1202	}
				1203
				1204	tmp = tilde_expand_filename(argv[i], pw->pw_uid);
				1205	if ((public = key_load_public(tmp, &comment)) == NULL)
				1206	fatal("%s: unable to open \"%s\"", __func__, tmp);
				1207	if (public->type != KEY_RSA && public->type != KEY_DSA)
				1208	fatal("%s: key \"%s\" type %s cannot be certified",
				1209	__func__, tmp, key_type(public));
				1210
				1211	/* Prepare certificate to sign */
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1212	if (key_to_certified(public, v00) != 0)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1213	fatal("Could not upgrade key %s to certificate", tmp);
				1214	public->cert->type = cert_key_type;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1215	public->cert->serial = (u_int64_t)cert_serial;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1216	public->cert->key_id = xstrdup(cert_key_id);
				1217	public->cert->nprincipals = n;
				1218	public->cert->principals = plist;
				1219	public->cert->valid_after = cert_valid_from;
				1220	public->cert->valid_before = cert_valid_to;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1221	prepare_options_buf(&public->cert->critical);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1222	public->cert->signature_key = key_from_private(ca);
				1223
				1224	if (key_certify(public, ca) != 0)
				1225	fatal("Couldn't not certify key %s", tmp);
				1226
				1227	if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
				1228	*cp = '\0';
				1229	xasprintf(&out, "%s-cert.pub", tmp);
				1230	xfree(tmp);
				1231
				1232	if ((fd = open(out, O_WRONLY\|O_CREAT\|O_TRUNC, 0644)) == -1)
				1233	fatal("Could not open \"%s\" for writing: %s", out,
				1234	strerror(errno));
				1235	if ((f = fdopen(fd, "w")) == NULL)
				1236	fatal("%s: fdopen: %s", __func__, strerror(errno));
				1237	if (!key_write(public, f))
				1238	fatal("Could not write certified key to %s", out);
				1239	fprintf(f, " %s\n", comment);
				1240	fclose(f);
				1241
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1242	if (!quiet) {
				1243	logit("Signed %s key %s: id \"%s\" serial %llu%s%s "
				1244	"valid %s", key_cert_type(public),
				1245	out, public->cert->key_id, public->cert->serial,
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1246	cert_principals != NULL ? " for " : "",
				1247	cert_principals != NULL ? cert_principals : "",
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1248	fmt_validity(cert_valid_from, cert_valid_to));
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1249	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1250
				1251	key_free(public);
				1252	xfree(out);
				1253	}
				1254	exit(0);
				1255	}
				1256
				1257	static u_int64_t
				1258	parse_relative_time(const char *s, time_t now)
				1259	{
				1260	int64_t mul, secs;
				1261
				1262	mul = *s == '-' ? -1 : 1;
				1263
				1264	if ((secs = convtime(s + 1)) == -1)
				1265	fatal("Invalid relative certificate time %s", s);
				1266	if (mul == -1 && secs > now)
				1267	fatal("Certificate time %s cannot be represented", s);
				1268	return now + (u_int64_t)(secs * mul);
				1269	}
				1270
				1271	static u_int64_t
				1272	parse_absolute_time(const char *s)
				1273	{
				1274	struct tm tm;
				1275	time_t tt;
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1276	char buf[32], *fmt;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1277
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1278	/*
				1279	* POSIX strptime says "The application shall ensure that there
				1280	* is white-space or other non-alphanumeric characters between
				1281	* any two conversion specifications" so arrange things this way.
				1282	*/
				1283	switch (strlen(s)) {
				1284	case 8:
Damien Miller	3e1ee49	2010-03-08 09:24:11 +1100	[diff] [blame]	1285	fmt = "%Y-%m-%d";
				1286	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1287	break;
				1288	case 14:
Damien Miller	3e1ee49	2010-03-08 09:24:11 +1100	[diff] [blame]	1289	fmt = "%Y-%m-%dT%H:%M:%S";
				1290	snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s",
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1291	s, s + 4, s + 6, s + 8, s + 10, s + 12);
				1292	break;
				1293	default:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1294	fatal("Invalid certificate time format %s", s);
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1295	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1296
				1297	bzero(&tm, sizeof(tm));
Damien Miller	2ca342b	2010-03-03 12:14:15 +1100	[diff] [blame]	1298	if (strptime(buf, fmt, &tm) == NULL)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1299	fatal("Invalid certificate time %s", s);
				1300	if ((tt = mktime(&tm)) < 0)
				1301	fatal("Certificate time %s cannot be represented", s);
				1302	return (u_int64_t)tt;
				1303	}
				1304
				1305	static void
				1306	parse_cert_times(char *timespec)
				1307	{
				1308	char from, to;
				1309	time_t now = time(NULL);
				1310	int64_t secs;
				1311
				1312	/* +timespec relative to now */
				1313	if (*timespec == '+' && strchr(timespec, ':') == NULL) {
				1314	if ((secs = convtime(timespec + 1)) == -1)
				1315	fatal("Invalid relative certificate life %s", timespec);
				1316	cert_valid_to = now + secs;
				1317	/*
				1318	* Backdate certificate one minute to avoid problems on hosts
				1319	* with poorly-synchronised clocks.
				1320	*/
				1321	cert_valid_from = ((now - 59)/ 60) * 60;
				1322	return;
				1323	}
				1324
				1325	/*
				1326	* from:to, where
				1327	* from := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS
				1328	* to := [+-]timespec \| YYYYMMDD \| YYYYMMDDHHMMSS
				1329	*/
				1330	from = xstrdup(timespec);
				1331	to = strchr(from, ':');
				1332	if (to == NULL \|\| from == to \|\| *(to + 1) == '\0')
Damien Miller	910f209	2010-03-04 14:17:22 +1100	[diff] [blame]	1333	fatal("Invalid certificate life specification %s", timespec);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1334	*to++ = '\0';
				1335
				1336	if (from == '-' \|\| from == '+')
				1337	cert_valid_from = parse_relative_time(from, now);
				1338	else
				1339	cert_valid_from = parse_absolute_time(from);
				1340
				1341	if (to == '-' \|\| to == '+')
				1342	cert_valid_to = parse_relative_time(to, cert_valid_from);
				1343	else
				1344	cert_valid_to = parse_absolute_time(to);
				1345
				1346	if (cert_valid_to <= cert_valid_from)
				1347	fatal("Empty certificate validity interval");
				1348	xfree(from);
				1349	}
				1350
				1351	static void
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1352	add_cert_option(char *opt)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1353	{
				1354	char *val;
				1355
				1356	if (strcmp(opt, "clear") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1357	critical_flags = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1358	else if (strcasecmp(opt, "no-x11-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1359	critical_flags &= ~CRITOPT_X_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1360	else if (strcasecmp(opt, "permit-x11-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1361	critical_flags \|= CRITOPT_X_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1362	else if (strcasecmp(opt, "no-agent-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1363	critical_flags &= ~CRITOPT_AGENT_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1364	else if (strcasecmp(opt, "permit-agent-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1365	critical_flags \|= CRITOPT_AGENT_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1366	else if (strcasecmp(opt, "no-port-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1367	critical_flags &= ~CRITOPT_PORT_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1368	else if (strcasecmp(opt, "permit-port-forwarding") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1369	critical_flags \|= CRITOPT_PORT_FWD;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1370	else if (strcasecmp(opt, "no-pty") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1371	critical_flags &= ~CRITOPT_PTY;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1372	else if (strcasecmp(opt, "permit-pty") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1373	critical_flags \|= CRITOPT_PTY;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1374	else if (strcasecmp(opt, "no-user-rc") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1375	critical_flags &= ~CRITOPT_USER_RC;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1376	else if (strcasecmp(opt, "permit-user-rc") == 0)
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1377	critical_flags \|= CRITOPT_USER_RC;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1378	else if (strncasecmp(opt, "force-command=", 14) == 0) {
				1379	val = opt + 14;
				1380	if (*val == '\0')
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1381	fatal("Empty force-command option");
				1382	if (critical_command != NULL)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1383	fatal("force-command already specified");
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1384	critical_command = xstrdup(val);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1385	} else if (strncasecmp(opt, "source-address=", 15) == 0) {
				1386	val = opt + 15;
				1387	if (*val == '\0')
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1388	fatal("Empty source-address option");
				1389	if (critical_src_addr != NULL)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1390	fatal("source-address already specified");
				1391	if (addr_match_cidr_list(NULL, val) != 0)
				1392	fatal("Invalid source-address list");
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1393	critical_src_addr = xstrdup(val);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1394	} else
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1395	fatal("Unsupported certificate option \"%s\"", opt);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1396	}
				1397
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1398	static void
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1399	do_show_cert(struct passwd *pw)
				1400	{
				1401	Key *key;
				1402	struct stat st;
				1403	char key_fp, ca_fp;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1404	Buffer options, option;
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1405	u_char name, data;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1406	u_int i, dlen, v00;
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1407
				1408	if (!have_identity)
				1409	ask_filename(pw, "Enter file in which the key is");
				1410	if (stat(identity_file, &st) < 0) {
				1411	perror(identity_file);
				1412	exit(1);
				1413	}
				1414	if ((key = key_load_public(identity_file, NULL)) == NULL)
				1415	fatal("%s is not a public key", identity_file);
				1416	if (!key_is_cert(key))
				1417	fatal("%s is not a certificate", identity_file);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1418	v00 = key->type == KEY_RSA_CERT_V00 \|\| key->type == KEY_DSA_CERT_V00;
				1419
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1420	key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				1421	ca_fp = key_fingerprint(key->cert->signature_key,
				1422	SSH_FP_MD5, SSH_FP_HEX);
				1423
				1424	printf("%s:\n", identity_file);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1425	printf(" Type: %s %s certificate\n", key_ssh_name(key),
				1426	key_cert_type(key));
				1427	printf(" Public key: %s %s\n", key_type(key), key_fp);
				1428	printf(" Signing CA: %s %s\n",
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1429	key_type(key->cert->signature_key), ca_fp);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1430	printf(" Key ID: \"%s\"\n", key->cert->key_id);
				1431	if (!v00)
				1432	printf(" Serial: %llu\n", key->cert->serial);
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1433	printf(" Valid: %s\n",
				1434	fmt_validity(key->cert->valid_after, key->cert->valid_before));
				1435	printf(" Principals: ");
				1436	if (key->cert->nprincipals == 0)
				1437	printf("(none)\n");
				1438	else {
				1439	for (i = 0; i < key->cert->nprincipals; i++)
				1440	printf("\n %s",
				1441	key->cert->principals[i]);
				1442	printf("\n");
				1443	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1444	printf(" Critical Options: ");
				1445	if (buffer_len(&key->cert->critical) == 0)
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1446	printf("(none)\n");
				1447	else {
				1448	printf("\n");
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1449	buffer_init(&options);
				1450	buffer_append(&options,
				1451	buffer_ptr(&key->cert->critical),
				1452	buffer_len(&key->cert->critical));
				1453	buffer_init(&option);
				1454	while (buffer_len(&options) != 0) {
				1455	name = buffer_get_string(&options, NULL);
				1456	data = buffer_get_string_ptr(&options, &dlen);
				1457	buffer_append(&option, data, dlen);
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1458	printf(" %s", name);
				1459	if (strcmp(name, "permit-X11-forwarding") == 0 \|\|
				1460	strcmp(name, "permit-agent-forwarding") == 0 \|\|
				1461	strcmp(name, "permit-port-forwarding") == 0 \|\|
				1462	strcmp(name, "permit-pty") == 0 \|\|
				1463	strcmp(name, "permit-user-rc") == 0)
				1464	printf("\n");
				1465	else if (strcmp(name, "force-command") == 0 \|\|
				1466	strcmp(name, "source-address") == 0) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1467	data = buffer_get_string(&option, NULL);
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1468	printf(" %s\n", data);
				1469	xfree(data);
				1470	} else {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1471	printf(" UNKNOWN OPTION (len %u)\n",
				1472	buffer_len(&option));
				1473	buffer_clear(&option);
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1474	}
				1475	xfree(name);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1476	if (buffer_len(&option) != 0)
				1477	fatal("Option corrupt: extra data at end");
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1478	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1479	buffer_free(&option);
				1480	buffer_free(&options);
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1481	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1482	if (!v00) {
				1483	printf(" Extensions: ");
				1484	if (buffer_len(&key->cert->extensions) == 0)
				1485	printf("(none)\n");
				1486	else {
				1487	printf("\n");
				1488	buffer_init(&options);
				1489	buffer_append(&options,
				1490	buffer_ptr(&key->cert->extensions),
				1491	buffer_len(&key->cert->extensions));
				1492	buffer_init(&option);
				1493	while (buffer_len(&options) != 0) {
				1494	name = buffer_get_string(&options, NULL);
				1495	(void)buffer_get_string_ptr(&options, &dlen);
				1496	printf(" %s UNKNOWN OPTION "
				1497	"(len %u)\n", name, dlen);
				1498	xfree(name);
				1499	}
				1500	buffer_free(&option);
				1501	buffer_free(&options);
				1502	}
				1503	}
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1504	exit(0);
				1505	}
				1506
				1507	static void
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	1508	usage(void)
				1509	{
Damien Miller	5cbe7ca	2007-09-17 16:05:50 +1000	[diff] [blame]	1510	fprintf(stderr, "usage: %s [options]\n", __progname);
Ben Lindstrom	97be31e	2001-08-06 21:49:06 +0000	[diff] [blame]	1511	fprintf(stderr, "Options:\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1512	fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
Ben Lindstrom	97be31e	2001-08-06 21:49:06 +0000	[diff] [blame]	1513	fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1514	fprintf(stderr, " -b bits Number of bits in the key to create.\n");
Ben Lindstrom	97be31e	2001-08-06 21:49:06 +0000	[diff] [blame]	1515	fprintf(stderr, " -C comment Provide new comment.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1516	fprintf(stderr, " -c Change comment in private and public key files.\n");
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1517	#ifdef ENABLE_PKCS11
				1518	fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n");
				1519	#endif
Darren Tucker	26dc3e6	2007-02-19 22:09:06 +1100	[diff] [blame]	1520	fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1521	fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
				1522	fprintf(stderr, " -f filename Filename of the key file.\n");
				1523	fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
				1524	fprintf(stderr, " -g Use generic DNS resource record format.\n");
				1525	fprintf(stderr, " -H Hash names in known_hosts file.\n");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1526	fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
				1527	fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
Darren Tucker	26dc3e6	2007-02-19 22:09:06 +1100	[diff] [blame]	1528	fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n");
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1529	fprintf(stderr, " -L Print the contents of a certificate.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1530	fprintf(stderr, " -l Show fingerprint of key file.\n");
				1531	fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1532	fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1533	fprintf(stderr, " -N phrase Provide new passphrase.\n");
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1534	fprintf(stderr, " -O cnstr Specify a certificate option.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1535	fprintf(stderr, " -P phrase Provide old passphrase.\n");
				1536	fprintf(stderr, " -p Change passphrase of private key file.\n");
				1537	fprintf(stderr, " -q Quiet.\n");
				1538	fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
				1539	fprintf(stderr, " -r hostname Print DNS resource record.\n");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1540	fprintf(stderr, " -s ca_key Certify keys with CA key.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1541	fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
				1542	fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
				1543	fprintf(stderr, " -t type Specify type of key to create.\n");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1544	fprintf(stderr, " -V from:to Specify certificate validity interval.\n");
Damien Miller	9278ffa	2005-05-26 11:59:06 +1000	[diff] [blame]	1545	fprintf(stderr, " -v Verbose.\n");
				1546	fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
				1547	fprintf(stderr, " -y Read private key file and print public key.\n");
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1548
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1549	exit(1);
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	1550	}
				1551
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1552	/*
				1553	* Main program for key management.
				1554	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1555	int
Damien Miller	df8b7db	2007-01-05 16:22:57 +1100	[diff] [blame]	1556	main(int argc, char **argv)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1557	{
Damien Miller	a41c8b1	2002-01-22 23:05:08 +1100	[diff] [blame]	1558	char dotsshdir[MAXPATHLEN], comment[1024], passphrase1, passphrase2;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1559	char out_file[MAXPATHLEN], *pkcs11provider = NULL;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1560	char *rr_hostname = NULL;
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1561	Key private, public;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1562	struct passwd *pw;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1563	struct stat st;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1564	int opt, type, fd;
Darren Tucker	2db8ae6	2005-06-01 23:02:25 +1000	[diff] [blame]	1565	u_int32_t memory = 0, generator_wanted = 0, trials = 100;
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1566	int do_gen_candidates = 0, do_screen_candidates = 0;
				1567	BIGNUM *start = NULL;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1568	FILE *f;
Damien Miller	02e754f	2005-05-26 12:19:39 +1000	[diff] [blame]	1569	const char *errstr;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1570
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1571	extern int optind;
				1572	extern char *optarg;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1573
Darren Tucker	ce321d8	2005-10-03 18:11:24 +1000	[diff] [blame]	1574	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
				1575	sanitise_stdfd();
				1576
Darren Tucker	9ac56e9	2007-01-14 10:19:59 +1100	[diff] [blame]	1577	__progname = ssh_get_progname(argv[0]);
Damien Miller	f9b625c	2000-07-09 22:42:32 +1000	[diff] [blame]	1578
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	1579	SSLeay_add_all_algorithms();
Damien Miller	df8b7db	2007-01-05 16:22:57 +1100	[diff] [blame]	1580	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1581
Kevin Steves	3a88191	2002-07-20 19:05:40 +0000	[diff] [blame]	1582	init_rng();
				1583	seed_rng();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1584
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1585	/* we need this for the home * directory. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1586	pw = getpwuid(getuid());
				1587	if (!pw) {
				1588	printf("You don't exist, go away!\n");
				1589	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1590	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1591	if (gethostname(hostname, sizeof(hostname)) < 0) {
				1592	perror("gethostname");
				1593	exit(1);
				1594	}
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1595
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1596	while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1597	"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1598	switch (opt) {
				1599	case 'b':
Damien Miller	5f34006	2006-03-26 14:27:57 +1100	[diff] [blame]	1600	bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
Damien Miller	02e754f	2005-05-26 12:19:39 +1000	[diff] [blame]	1601	if (errstr)
				1602	fatal("Bits has bad value %s (%s)",
				1603	optarg, errstr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1604	break;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1605	case 'F':
				1606	find_host = 1;
				1607	rr_hostname = optarg;
				1608	break;
				1609	case 'H':
				1610	hash_hosts = 1;
				1611	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1612	case 'I':
				1613	cert_key_id = optarg;
				1614	break;
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1615	case 'R':
				1616	delete_host = 1;
				1617	rr_hostname = optarg;
				1618	break;
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1619	case 'L':
				1620	show_cert = 1;
				1621	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1622	case 'l':
				1623	print_fingerprint = 1;
				1624	break;
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	1625	case 'B':
				1626	print_bubblebabble = 1;
				1627	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1628	case 'n':
				1629	cert_principals = optarg;
				1630	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1631	case 'p':
				1632	change_passphrase = 1;
				1633	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1634	case 'c':
				1635	change_comment = 1;
				1636	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1637	case 'f':
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1638	if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
				1639	sizeof(identity_file))
				1640	fatal("Identity filename too long");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1641	have_identity = 1;
				1642	break;
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	1643	case 'g':
				1644	print_generic = 1;
				1645	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1646	case 'P':
				1647	identity_passphrase = optarg;
				1648	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1649	case 'N':
				1650	identity_new_passphrase = optarg;
				1651	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1652	case 'O':
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1653	add_cert_option(optarg);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1654	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1655	case 'C':
				1656	identity_comment = optarg;
				1657	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1658	case 'q':
				1659	quiet = 1;
				1660	break;
Ben Lindstrom	5a70782	2001-04-22 17:15:46 +0000	[diff] [blame]	1661	case 'e':
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1662	case 'x':
Ben Lindstrom	5a70782	2001-04-22 17:15:46 +0000	[diff] [blame]	1663	/* export key */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1664	convert_to_ssh2 = 1;
				1665	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1666	case 'h':
				1667	cert_key_type = SSH2_CERT_TYPE_HOST;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1668	critical_flags = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1669	break;
Ben Lindstrom	5a70782	2001-04-22 17:15:46 +0000	[diff] [blame]	1670	case 'i':
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1671	case 'X':
Ben Lindstrom	5a70782	2001-04-22 17:15:46 +0000	[diff] [blame]	1672	/* import key */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1673	convert_from_ssh2 = 1;
				1674	break;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1675	case 'y':
				1676	print_public = 1;
				1677	break;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1678	case 'd':
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1679	key_type_name = "dsa";
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1680	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1681	case 's':
				1682	ca_key_path = optarg;
				1683	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1684	case 't':
				1685	key_type_name = optarg;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1686	break;
Ben Lindstrom	8282d6a	2001-08-06 21:44:05 +0000	[diff] [blame]	1687	case 'D':
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1688	pkcs11provider = optarg;
Ben Lindstrom	cd39228	2001-07-04 03:44:03 +0000	[diff] [blame]	1689	break;
Darren Tucker	06930c7	2003-12-31 11:34:51 +1100	[diff] [blame]	1690	case 'v':
				1691	if (log_level == SYSLOG_LEVEL_INFO)
				1692	log_level = SYSLOG_LEVEL_DEBUG1;
				1693	else {
Darren Tucker	fc95970	2004-07-17 16:12:08 +1000	[diff] [blame]	1694	if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
Darren Tucker	06930c7	2003-12-31 11:34:51 +1100	[diff] [blame]	1695	log_level < SYSLOG_LEVEL_DEBUG3)
				1696	log_level++;
				1697	}
				1698	break;
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	1699	case 'r':
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1700	rr_hostname = optarg;
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	1701	break;
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1702	case 'W':
Damien Miller	5f34006	2006-03-26 14:27:57 +1100	[diff] [blame]	1703	generator_wanted = (u_int32_t)strtonum(optarg, 1,
				1704	UINT_MAX, &errstr);
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1705	if (errstr)
				1706	fatal("Desired generator has bad value: %s (%s)",
				1707	optarg, errstr);
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1708	break;
				1709	case 'a':
Damien Miller	5f34006	2006-03-26 14:27:57 +1100	[diff] [blame]	1710	trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1711	if (errstr)
				1712	fatal("Invalid number of trials: %s (%s)",
				1713	optarg, errstr);
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1714	break;
				1715	case 'M':
Damien Miller	5f34006	2006-03-26 14:27:57 +1100	[diff] [blame]	1716	memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1717	if (errstr)
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1718	fatal("Memory limit is %s: %s", errstr, optarg);
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1719	break;
				1720	case 'G':
				1721	do_gen_candidates = 1;
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1722	if (strlcpy(out_file, optarg, sizeof(out_file)) >=
				1723	sizeof(out_file))
				1724	fatal("Output filename too long");
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1725	break;
				1726	case 'T':
				1727	do_screen_candidates = 1;
Damien Miller	b089fb5	2005-05-26 12:16:18 +1000	[diff] [blame]	1728	if (strlcpy(out_file, optarg, sizeof(out_file)) >=
				1729	sizeof(out_file))
				1730	fatal("Output filename too long");
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1731	break;
				1732	case 'S':
				1733	/* XXX - also compare length against bits */
				1734	if (BN_hex2bn(&start, optarg) == 0)
				1735	fatal("Invalid start point.");
				1736	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1737	case 'V':
				1738	parse_cert_times(optarg);
				1739	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame^]	1740	case 'z':
				1741	cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr);
				1742	if (errstr)
				1743	fatal("Invalid serial number: %s", errstr);
				1744	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1745	case '?':
				1746	default:
				1747	usage();
				1748	}
				1749	}
Darren Tucker	06930c7	2003-12-31 11:34:51 +1100	[diff] [blame]	1750
				1751	/* reinit */
Damien Miller	df8b7db	2007-01-05 16:22:57 +1100	[diff] [blame]	1752	log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
Darren Tucker	06930c7	2003-12-31 11:34:51 +1100	[diff] [blame]	1753
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1754	argv += optind;
				1755	argc -= optind;
				1756
				1757	if (ca_key_path != NULL) {
				1758	if (argc < 1) {
				1759	printf("Too few arguments.\n");
				1760	usage();
				1761	}
				1762	} else if (argc > 0) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1763	printf("Too many arguments.\n");
				1764	usage();
				1765	}
				1766	if (change_passphrase && change_comment) {
				1767	printf("Can only have one of -p and -c.\n");
				1768	usage();
				1769	}
Darren Tucker	0f7e910	2008-06-08 12:54:29 +1000	[diff] [blame]	1770	if (print_fingerprint && (delete_host \|\| hash_hosts)) {
				1771	printf("Cannot use -l with -D or -R.\n");
				1772	usage();
				1773	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1774	if (ca_key_path != NULL) {
				1775	if (cert_key_id == NULL)
				1776	fatal("Must specify key id (-I) when certifying");
				1777	do_ca_sign(pw, argc, argv);
				1778	}
Damien Miller	f2b70ca	2010-03-05 07:39:35 +1100	[diff] [blame]	1779	if (show_cert)
				1780	do_show_cert(pw);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1781	if (delete_host \|\| hash_hosts \|\| find_host)
				1782	do_known_hosts(pw, rr_hostname);
Ben Lindstrom	8fd372b	2001-03-12 03:02:17 +0000	[diff] [blame]	1783	if (print_fingerprint \|\| print_bubblebabble)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1784	do_fingerprint(pw);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1785	if (change_passphrase)
				1786	do_change_passphrase(pw);
Damien Miller	4a10d2e	2002-03-11 22:53:29 +1100	[diff] [blame]	1787	if (change_comment)
				1788	do_change_comment(pw);
Kevin Steves	3a88191	2002-07-20 19:05:40 +0000	[diff] [blame]	1789	if (convert_to_ssh2)
				1790	do_convert_to_ssh2(pw);
				1791	if (convert_from_ssh2)
				1792	do_convert_from_ssh2(pw);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1793	if (print_public)
				1794	do_print_public(pw);
Damien Miller	4b42d7f	2005-03-01 21:48:35 +1100	[diff] [blame]	1795	if (rr_hostname != NULL) {
Damien Miller	cb31482	2006-03-26 13:48:01 +1100	[diff] [blame]	1796	unsigned int n = 0;
				1797
				1798	if (have_identity) {
				1799	n = do_print_resource_record(pw,
				1800	identity_file, rr_hostname);
				1801	if (n == 0) {
				1802	perror(identity_file);
				1803	exit(1);
				1804	}
				1805	exit(0);
				1806	} else {
				1807
				1808	n += do_print_resource_record(pw,
				1809	_PATH_HOST_RSA_KEY_FILE, rr_hostname);
				1810	n += do_print_resource_record(pw,
				1811	_PATH_HOST_DSA_KEY_FILE, rr_hostname);
				1812
				1813	if (n == 0)
				1814	fatal("no keys found.");
				1815	exit(0);
				1816	}
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	1817	}
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1818	if (pkcs11provider != NULL)
				1819	do_download(pw, pkcs11provider);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1820
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1821	if (do_gen_candidates) {
				1822	FILE *out = fopen(out_file, "w");
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	1823
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1824	if (out == NULL) {
				1825	error("Couldn't open modulus candidate file \"%s\": %s",
				1826	out_file, strerror(errno));
				1827	return (1);
				1828	}
Damien Miller	3f54a9f	2005-11-05 14:52:18 +1100	[diff] [blame]	1829	if (bits == 0)
				1830	bits = DEFAULT_BITS;
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1831	if (gen_candidates(out, memory, bits, start) != 0)
Damien Miller	15d72a0	2005-11-05 15:07:33 +1100	[diff] [blame]	1832	fatal("modulus candidate generation failed");
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1833
				1834	return (0);
				1835	}
				1836
				1837	if (do_screen_candidates) {
				1838	FILE *in;
				1839	FILE *out = fopen(out_file, "w");
				1840
				1841	if (have_identity && strcmp(identity_file, "-") != 0) {
				1842	if ((in = fopen(identity_file, "r")) == NULL) {
				1843	fatal("Couldn't open modulus candidate "
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	1844	"file \"%s\": %s", identity_file,
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1845	strerror(errno));
				1846	}
				1847	} else
				1848	in = stdin;
				1849
				1850	if (out == NULL) {
				1851	fatal("Couldn't open moduli file \"%s\": %s",
				1852	out_file, strerror(errno));
				1853	}
				1854	if (prime_test(in, out, trials, generator_wanted) != 0)
Damien Miller	15d72a0	2005-11-05 15:07:33 +1100	[diff] [blame]	1855	fatal("modulus screening failed");
Darren Tucker	f4220e6	2003-08-21 16:44:07 +1000	[diff] [blame]	1856	return (0);
Darren Tucker	019cefe	2003-08-02 22:40:07 +1000	[diff] [blame]	1857	}
				1858
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1859	arc4random_stir();
				1860
Damien Miller	f14be5c	2005-11-05 15:15:49 +1100	[diff] [blame]	1861	if (key_type_name == NULL)
				1862	key_type_name = "rsa";
				1863
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	1864	type = key_type_from_name(key_type_name);
				1865	if (type == KEY_UNSPEC) {
				1866	fprintf(stderr, "unknown key type %s\n", key_type_name);
				1867	exit(1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1868	}
Damien Miller	3f54a9f	2005-11-05 14:52:18 +1100	[diff] [blame]	1869	if (bits == 0)
				1870	bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
Tim Rice	660c340	2005-11-28 17:45:32 -0800	[diff] [blame]	1871	if (type == KEY_DSA && bits != 1024)
				1872	fatal("DSA keys must be 1024 bits");
Darren Tucker	3af2ac5	2005-11-29 13:10:24 +1100	[diff] [blame]	1873	if (!quiet)
				1874	printf("Generating public/private %s key pair.\n", key_type_name);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1875	private = key_generate(type, bits);
				1876	if (private == NULL) {
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	1877	fprintf(stderr, "key_generate failed\n");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1878	exit(1);
				1879	}
				1880	public = key_from_private(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1881
				1882	if (!have_identity)
				1883	ask_filename(pw, "Enter file in which to save the key");
				1884
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	1885	/* Create ~/.ssh directory if it doesn't already exist. */
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1886	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1887	if (strstr(identity_file, dotsshdir) != NULL &&
				1888	stat(dotsshdir, &st) < 0) {
Damien Miller	be484b5	2000-07-15 14:14:16 +1000	[diff] [blame]	1889	if (mkdir(dotsshdir, 0700) < 0)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1890	error("Could not create directory '%s'.", dotsshdir);
				1891	else if (!quiet)
				1892	printf("Created directory '%s'.\n", dotsshdir);
				1893	}
				1894	/* If the file already exists, ask the user to confirm. */
				1895	if (stat(identity_file, &st) >= 0) {
				1896	char yesno[3];
				1897	printf("%s already exists.\n", identity_file);
				1898	printf("Overwrite (y/n)? ");
				1899	fflush(stdout);
				1900	if (fgets(yesno, sizeof(yesno), stdin) == NULL)
				1901	exit(1);
				1902	if (yesno[0] != 'y' && yesno[0] != 'Y')
				1903	exit(1);
				1904	}
				1905	/* Ask for a passphrase (twice). */
				1906	if (identity_passphrase)
				1907	passphrase1 = xstrdup(identity_passphrase);
				1908	else if (identity_new_passphrase)
				1909	passphrase1 = xstrdup(identity_new_passphrase);
				1910	else {
				1911	passphrase_again:
				1912	passphrase1 =
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	1913	read_passphrase("Enter passphrase (empty for no "
				1914	"passphrase): ", RP_ALLOW_STDIN);
				1915	passphrase2 = read_passphrase("Enter same passphrase again: ",
				1916	RP_ALLOW_STDIN);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1917	if (strcmp(passphrase1, passphrase2) != 0) {
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	1918	/*
				1919	* The passphrases do not match. Clear them and
				1920	* retry.
				1921	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1922	memset(passphrase1, 0, strlen(passphrase1));
				1923	memset(passphrase2, 0, strlen(passphrase2));
				1924	xfree(passphrase1);
				1925	xfree(passphrase2);
				1926	printf("Passphrases do not match. Try again.\n");
				1927	goto passphrase_again;
				1928	}
				1929	/* Clear the other copy of the passphrase. */
				1930	memset(passphrase2, 0, strlen(passphrase2));
				1931	xfree(passphrase2);
				1932	}
				1933
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1934	if (identity_comment) {
				1935	strlcpy(comment, identity_comment, sizeof(comment));
				1936	} else {
Darren Tucker	e15fb09	2008-11-11 16:31:43 +1100	[diff] [blame]	1937	/* Create default comment field for the passphrase. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1938	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
				1939	}
				1940
				1941	/* Save the key with the given passphrase and comment. */
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1942	if (!key_save_private(private, identity_file, passphrase1, comment)) {
Ben Lindstrom	15f3386	2001-04-16 02:00:02 +0000	[diff] [blame]	1943	printf("Saving the key failed: %s.\n", identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1944	memset(passphrase1, 0, strlen(passphrase1));
				1945	xfree(passphrase1);
				1946	exit(1);
				1947	}
				1948	/* Clear the passphrase. */
				1949	memset(passphrase1, 0, strlen(passphrase1));
				1950	xfree(passphrase1);
				1951
				1952	/* Clear the private key and the random number generator. */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1953	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1954	arc4random_stir();
				1955
				1956	if (!quiet)
				1957	printf("Your identification has been saved in %s.\n", identity_file);
				1958
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1959	strlcat(identity_file, ".pub", sizeof(identity_file));
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1960	fd = open(identity_file, O_WRONLY \| O_CREAT \| O_TRUNC, 0644);
				1961	if (fd == -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1962	printf("Could not save your public key in %s\n", identity_file);
				1963	exit(1);
				1964	}
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1965	f = fdopen(fd, "w");
				1966	if (f == NULL) {
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	1967	printf("fdopen %s failed\n", identity_file);
Ben Lindstrom	5fc6270	2001-03-09 18:19:24 +0000	[diff] [blame]	1968	exit(1);
				1969	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1970	if (!key_write(public, f))
Damien Miller	9eab956	2009-02-22 08:47:02 +1100	[diff] [blame]	1971	fprintf(stderr, "write key failed\n");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1972	fprintf(f, " %s\n", comment);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1973	fclose(f);
				1974
				1975	if (!quiet) {
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	1976	char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	1977	char *ra = key_fingerprint(public, SSH_FP_MD5,
				1978	SSH_FP_RANDOMART);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1979	printf("Your public key has been saved in %s.\n",
				1980	identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1981	printf("The key fingerprint is:\n");
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	1982	printf("%s %s\n", fp, comment);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	1983	printf("The key's randomart image is:\n");
				1984	printf("%s\n", ra);
				1985	xfree(ra);
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	1986	xfree(fp);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1987	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1988
				1989	key_free(public);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1990	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1991	}