Blame - ssh-keygen.c - platform/external/openssh

blob: 216a8b6ef0f764751d96edefe9e5ca6d2e621944 [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				3	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				4	* All rights reserved
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	5	* Identity and host key generation and maintenance.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame^]	6	*
				7	* As far as I am concerned, the code I have written for this software
				8	* can be used freely for any purpose. Any derived versions of this
				9	* software must be clearly marked as such, and if the derived work is
				10	* incompatible with the protocol description in the RFC file, it must be
				11	* called by a name other than "ssh" or "Secure Shell".
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	12	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	13
				14	#include "includes.h"
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame^]	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.31 2000/09/07 20:27:54 deraadt Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	16
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	17	#include <openssl/evp.h>
				18	#include <openssl/pem.h>
				19	#include <openssl/rsa.h>
				20	#include <openssl/dsa.h>
				21
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	22	#include "ssh.h"
				23	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	24	#include "key.h"
				25	#include "rsa.h"
				26	#include "dsa.h"
				27	#include "authfile.h"
				28	#include "uuencode.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	29
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	30	/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	31	int bits = 1024;
				32
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	33	/*
				34	* Flag indicating that we just want to change the passphrase. This can be
				35	* set on the command line.
				36	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	37	int change_passphrase = 0;
				38
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	39	/*
				40	* Flag indicating that we just want to change the comment. This can be set
				41	* on the command line.
				42	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	43	int change_comment = 0;
				44
				45	int quiet = 0;
				46
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	47	/* Flag indicating that we just want to see the key fingerprint */
				48	int print_fingerprint = 0;
				49
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	50	/* The identity file name, given on the command line or entered by the user. */
				51	char identity_file[1024];
				52	int have_identity = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	53
				54	/* This is set to the passphrase if given on the command line. */
				55	char *identity_passphrase = NULL;
				56
				57	/* This is set to the new passphrase if given on the command line. */
				58	char *identity_new_passphrase = NULL;
				59
				60	/* This is set to the new comment if given on the command line. */
				61	char *identity_comment = NULL;
				62
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	63	/* Dump public key file in format used by real and the original SSH 2 */
				64	int convert_to_ssh2 = 0;
				65	int convert_from_ssh2 = 0;
				66	int print_public = 0;
				67	int dsa_mode = 0;
				68
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	69	/* argv0 */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	70	#ifdef HAVE___PROGNAME
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	71	extern char *__progname;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	72	#else /* HAVE___PROGNAME */
Damien Miller	70fb671	2000-05-01 20:59:50 +1000	[diff] [blame]	73	static const char *__progname = "ssh-keygen";
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	74	#endif /* HAVE___PROGNAME */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	75
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	76	char hostname[MAXHOSTNAMELEN];
				77
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	78	void
				79	ask_filename(struct passwd pw, const char prompt)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	80	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	81	char buf[1024];
				82	snprintf(identity_file, sizeof(identity_file), "%s/%s",
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	83	pw->pw_dir,
				84	dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	85	printf("%s (%s): ", prompt, identity_file);
				86	fflush(stdout);
				87	if (fgets(buf, sizeof(buf), stdin) == NULL)
				88	exit(1);
				89	if (strchr(buf, '\n'))
				90	*strchr(buf, '\n') = 0;
				91	if (strcmp(buf, "") != 0)
				92	strlcpy(identity_file, buf, sizeof(identity_file));
				93	have_identity = 1;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	94	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	95
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	96	int
				97	try_load_key(char filename, Key k)
				98	{
				99	int success = 1;
				100	if (!load_private_key(filename, "", k, NULL)) {
				101	char *pass = read_passphrase("Enter passphrase: ", 1);
				102	if (!load_private_key(filename, pass, k, NULL)) {
				103	success = 0;
				104	}
				105	memset(pass, 0, strlen(pass));
				106	xfree(pass);
				107	}
				108	return success;
				109	}
				110
				111	#define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
				112	#define SSH_COM_MAGIC_END "---- END SSH2 PUBLIC KEY ----"
				113
				114	void
				115	do_convert_to_ssh2(struct passwd *pw)
				116	{
				117	Key *k;
				118	int len;
				119	unsigned char *blob;
				120	struct stat st;
				121
				122	if (!have_identity)
				123	ask_filename(pw, "Enter file in which the key is");
				124	if (stat(identity_file, &st) < 0) {
				125	perror(identity_file);
				126	exit(1);
				127	}
				128	k = key_new(KEY_DSA);
				129	if (!try_load_key(identity_file, k)) {
				130	fprintf(stderr, "load failed\n");
				131	exit(1);
				132	}
				133	dsa_make_key_blob(k, &blob, &len);
Damien Miller	3702396	2000-07-11 17:31:38 +1000	[diff] [blame]	134	fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	135	fprintf(stdout,
				136	"Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n",
				137	BN_num_bits(k->dsa->p),
				138	pw->pw_name, hostname);
				139	dump_base64(stdout, blob, len);
Damien Miller	3702396	2000-07-11 17:31:38 +1000	[diff] [blame]	140	fprintf(stdout, "%s\n", SSH_COM_MAGIC_END);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	141	key_free(k);
				142	xfree(blob);
				143	exit(0);
				144	}
				145
				146	void
				147	do_convert_from_ssh2(struct passwd *pw)
				148	{
				149	Key *k;
				150	int blen;
				151	char line[1024], *p;
				152	char blob[8096];
				153	char encoded[8096];
				154	struct stat st;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	155	int escaped = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	156	FILE *fp;
				157
				158	if (!have_identity)
				159	ask_filename(pw, "Enter file in which the key is");
				160	if (stat(identity_file, &st) < 0) {
				161	perror(identity_file);
				162	exit(1);
				163	}
				164	fp = fopen(identity_file, "r");
				165	if (fp == NULL) {
				166	perror(identity_file);
				167	exit(1);
				168	}
				169	encoded[0] = '\0';
				170	while (fgets(line, sizeof(line), fp)) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	171	if (!(p = strchr(line, '\n'))) {
				172	fprintf(stderr, "input line too long.\n");
				173	exit(1);
				174	}
				175	if (p > line && p[-1] == '\\')
				176	escaped++;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	177	if (strncmp(line, "----", 4) == 0 \|\|
				178	strstr(line, ": ") != NULL) {
				179	fprintf(stderr, "ignore: %s", line);
				180	continue;
				181	}
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	182	if (escaped) {
				183	escaped--;
				184	fprintf(stderr, "escaped: %s", line);
				185	continue;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	186	}
				187	*p = '\0';
				188	strlcat(encoded, line, sizeof(encoded));
				189	}
				190	blen = uudecode(encoded, (unsigned char *)blob, sizeof(blob));
				191	if (blen < 0) {
				192	fprintf(stderr, "uudecode failed.\n");
				193	exit(1);
				194	}
				195	k = dsa_key_from_blob(blob, blen);
				196	if (!key_write(k, stdout))
				197	fprintf(stderr, "key_write failed");
				198	key_free(k);
				199	fprintf(stdout, "\n");
				200	fclose(fp);
				201	exit(0);
				202	}
				203
				204	void
				205	do_print_public(struct passwd *pw)
				206	{
				207	Key *k;
				208	int len;
				209	unsigned char *blob;
				210	struct stat st;
				211
				212	if (!have_identity)
				213	ask_filename(pw, "Enter file in which the key is");
				214	if (stat(identity_file, &st) < 0) {
				215	perror(identity_file);
				216	exit(1);
				217	}
				218	k = key_new(KEY_DSA);
				219	if (!try_load_key(identity_file, k)) {
				220	fprintf(stderr, "load failed\n");
				221	exit(1);
				222	}
				223	dsa_make_key_blob(k, &blob, &len);
				224	if (!key_write(k, stdout))
				225	fprintf(stderr, "key_write failed");
				226	key_free(k);
				227	xfree(blob);
				228	fprintf(stdout, "\n");
				229	exit(0);
				230	}
				231
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	232	void
				233	do_fingerprint(struct passwd *pw)
				234	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	235	/* XXX RSA1 only */
				236
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	237	FILE *f;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	238	Key *public;
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	239	char comment = NULL, cp, ep, line[161024];
				240	int i, skip = 0, num = 1, invalid = 1;
Damien Miller	7684ee1	2000-03-17 23:40:15 +1100	[diff] [blame]	241	unsigned int ignore;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	242	struct stat st;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	243
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	244	if (!have_identity)
				245	ask_filename(pw, "Enter file in which the key is");
				246	if (stat(identity_file, &st) < 0) {
				247	perror(identity_file);
				248	exit(1);
				249	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	250	public = key_new(KEY_RSA);
				251	if (load_public_key(identity_file, public, &comment)) {
				252	printf("%d %s %s\n", BN_num_bits(public->rsa->n),
				253	key_fingerprint(public), comment);
				254	key_free(public);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	255	exit(0);
				256	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	257
				258	f = fopen(identity_file, "r");
				259	if (f != NULL) {
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	260	while (fgets(line, sizeof(line), f)) {
				261	i = strlen(line) - 1;
				262	if (line[i] != '\n') {
				263	error("line %d too long: %.40s...", num, line);
				264	skip = 1;
				265	continue;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	266	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	267	num++;
				268	if (skip) {
				269	skip = 0;
				270	continue;
				271	}
				272	line[i] = '\0';
				273
				274	/* Skip leading whitespace, empty and comment lines. */
				275	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
				276	;
				277	if (!cp \|\| cp == '\n' \|\| *cp == '#')
				278	continue ;
				279	i = strtol(cp, &ep, 10);
				280	if (i == 0 \|\| ep == NULL \|\| (ep != ' ' && ep != '\t')) {
				281	int quoted = 0;
				282	comment = cp;
				283	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
				284	if (*cp == '\\' && cp[1] == '"')
				285	cp++; /* Skip both */
				286	else if (*cp == '"')
				287	quoted = !quoted;
				288	}
				289	if (!*cp)
				290	continue;
				291	*cp++ = '\0';
				292	}
				293	ep = cp;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	294	if (auth_rsa_read_key(&cp, &ignore, public->rsa->e, public->rsa->n)) {
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	295	invalid = 0;
				296	comment = *cp ? cp : comment;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	297	printf("%d %s %s\n", key_size(public),
				298	key_fingerprint(public),
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	299	comment ? comment : "no comment");
				300	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	301	}
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	302	fclose(f);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	303	}
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	304	key_free(public);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	305	if (invalid) {
				306	printf("%s is not a valid key file.\n", identity_file);
				307	exit(1);
				308	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	309	exit(0);
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	310	}
				311
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	312	/*
				313	* Perform changing a passphrase. The argument is the passwd structure
				314	* for the current user.
				315	*/
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	316	void
				317	do_change_passphrase(struct passwd *pw)
				318	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	319	char *comment;
				320	char old_passphrase, passphrase1, *passphrase2;
				321	struct stat st;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	322	Key *private;
				323	Key *public;
				324	int type = dsa_mode ? KEY_DSA : KEY_RSA;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	325
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	326	if (!have_identity)
				327	ask_filename(pw, "Enter file in which the key is");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	328	if (stat(identity_file, &st) < 0) {
				329	perror(identity_file);
				330	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	331	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	332
				333	if (type == KEY_RSA) {
				334	/* XXX this works currently only for RSA */
				335	public = key_new(type);
				336	if (!load_public_key(identity_file, public, NULL)) {
				337	printf("%s is not a valid key file.\n", identity_file);
				338	exit(1);
				339	}
				340	/* Clear the public key since we are just about to load the whole file. */
				341	key_free(public);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	342	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	343
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	344	/* Try to load the file with empty passphrase. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	345	private = key_new(type);
				346	if (!load_private_key(identity_file, "", private, &comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	347	if (identity_passphrase)
				348	old_passphrase = xstrdup(identity_passphrase);
				349	else
				350	old_passphrase = read_passphrase("Enter old passphrase: ", 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	351	if (!load_private_key(identity_file, old_passphrase, private, &comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	352	memset(old_passphrase, 0, strlen(old_passphrase));
				353	xfree(old_passphrase);
				354	printf("Bad passphrase.\n");
				355	exit(1);
				356	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	357	memset(old_passphrase, 0, strlen(old_passphrase));
				358	xfree(old_passphrase);
				359	}
				360	printf("Key has comment '%s'\n", comment);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	361
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	362	/* Ask the new passphrase (twice). */
				363	if (identity_new_passphrase) {
				364	passphrase1 = xstrdup(identity_new_passphrase);
				365	passphrase2 = NULL;
				366	} else {
				367	passphrase1 =
				368	read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
				369	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
				370
				371	/* Verify that they are the same. */
				372	if (strcmp(passphrase1, passphrase2) != 0) {
				373	memset(passphrase1, 0, strlen(passphrase1));
				374	memset(passphrase2, 0, strlen(passphrase2));
				375	xfree(passphrase1);
				376	xfree(passphrase2);
				377	printf("Pass phrases do not match. Try again.\n");
				378	exit(1);
				379	}
				380	/* Destroy the other copy. */
				381	memset(passphrase2, 0, strlen(passphrase2));
				382	xfree(passphrase2);
				383	}
				384
				385	/* Save the file using the new passphrase. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	386	if (!save_private_key(identity_file, passphrase1, private, comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	387	printf("Saving the key failed: %s: %s.\n",
				388	identity_file, strerror(errno));
				389	memset(passphrase1, 0, strlen(passphrase1));
				390	xfree(passphrase1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	391	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	392	xfree(comment);
				393	exit(1);
				394	}
				395	/* Destroy the passphrase and the copy of the key in memory. */
				396	memset(passphrase1, 0, strlen(passphrase1));
				397	xfree(passphrase1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	398	key_free(private); /* Destroys contents */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	399	xfree(comment);
				400
				401	printf("Your identification has been saved with the new passphrase.\n");
				402	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	403	}
				404
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	405	/*
				406	* Change the comment of a private key file.
				407	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	408	void
				409	do_change_comment(struct passwd *pw)
				410	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	411	char new_comment[1024], *comment;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	412	Key *private;
				413	Key *public;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	414	char *passphrase;
				415	struct stat st;
				416	FILE *f;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	417
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	418	if (!have_identity)
				419	ask_filename(pw, "Enter file in which the key is");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	420	if (stat(identity_file, &st) < 0) {
				421	perror(identity_file);
				422	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	423	}
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	424	/*
				425	* Try to load the public key from the file the verify that it is
				426	* readable and of the proper format.
				427	*/
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	428	public = key_new(KEY_RSA);
				429	if (!load_public_key(identity_file, public, NULL)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	430	printf("%s is not a valid key file.\n", identity_file);
				431	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	432	}
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	433
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	434	private = key_new(KEY_RSA);
				435	if (load_private_key(identity_file, "", private, &comment))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	436	passphrase = xstrdup("");
				437	else {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	438	if (identity_passphrase)
				439	passphrase = xstrdup(identity_passphrase);
				440	else if (identity_new_passphrase)
				441	passphrase = xstrdup(identity_new_passphrase);
				442	else
				443	passphrase = read_passphrase("Enter passphrase: ", 1);
				444	/* Try to load using the passphrase. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	445	if (!load_private_key(identity_file, passphrase, private, &comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	446	memset(passphrase, 0, strlen(passphrase));
				447	xfree(passphrase);
				448	printf("Bad passphrase.\n");
				449	exit(1);
				450	}
				451	}
				452	printf("Key now has comment '%s'\n", comment);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	453
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	454	if (identity_comment) {
				455	strlcpy(new_comment, identity_comment, sizeof(new_comment));
				456	} else {
				457	printf("Enter new comment: ");
				458	fflush(stdout);
				459	if (!fgets(new_comment, sizeof(new_comment), stdin)) {
				460	memset(passphrase, 0, strlen(passphrase));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	461	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	462	exit(1);
				463	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	464	if (strchr(new_comment, '\n'))
				465	*strchr(new_comment, '\n') = 0;
				466	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	467
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	468	/* Save the file using the new passphrase. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	469	if (!save_private_key(identity_file, passphrase, private, new_comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	470	printf("Saving the key failed: %s: %s.\n",
				471	identity_file, strerror(errno));
				472	memset(passphrase, 0, strlen(passphrase));
				473	xfree(passphrase);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	474	key_free(private);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	475	xfree(comment);
				476	exit(1);
				477	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	478	memset(passphrase, 0, strlen(passphrase));
				479	xfree(passphrase);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	480	key_free(private);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	481
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	482	strlcat(identity_file, ".pub", sizeof(identity_file));
				483	f = fopen(identity_file, "w");
				484	if (!f) {
				485	printf("Could not save your public key in %s\n", identity_file);
				486	exit(1);
				487	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	488	if (!key_write(public, f))
				489	fprintf(stderr, "write key failed");
				490	key_free(public);
				491	fprintf(f, " %s\n", new_comment);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	492	fclose(f);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	493
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	494	xfree(comment);
				495
				496	printf("The comment in your key file has been changed.\n");
				497	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	498	}
				499
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	500	void
				501	usage(void)
				502	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	503	printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	504	exit(1);
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	505	}
				506
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	507	/*
				508	* Main program for key management.
				509	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	510	int
				511	main(int ac, char **av)
				512	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	513	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;
				514	struct passwd *pw;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	515	int opt;
				516	struct stat st;
				517	FILE *f;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	518	Key *private;
				519	Key *public;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	520	extern int optind;
				521	extern char *optarg;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	522
Damien Miller	f9b625c	2000-07-09 22:42:32 +1000	[diff] [blame]	523	init_rng();
				524
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	525	SSLeay_add_all_algorithms();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	526
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	527	/* we need this for the home * directory. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	528	pw = getpwuid(getuid());
				529	if (!pw) {
				530	printf("You don't exist, go away!\n");
				531	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	532	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	533	if (gethostname(hostname, sizeof(hostname)) < 0) {
				534	perror("gethostname");
				535	exit(1);
				536	}
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	537
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	538	while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	539	switch (opt) {
				540	case 'b':
				541	bits = atoi(optarg);
				542	if (bits < 512 \|\| bits > 32768) {
				543	printf("Bits has bad value.\n");
				544	exit(1);
				545	}
				546	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	547
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	548	case 'l':
				549	print_fingerprint = 1;
				550	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	551
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	552	case 'p':
				553	change_passphrase = 1;
				554	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	555
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	556	case 'c':
				557	change_comment = 1;
				558	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	559
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	560	case 'f':
				561	strlcpy(identity_file, optarg, sizeof(identity_file));
				562	have_identity = 1;
				563	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	564
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	565	case 'P':
				566	identity_passphrase = optarg;
				567	break;
				568
				569	case 'N':
				570	identity_new_passphrase = optarg;
				571	break;
				572
				573	case 'C':
				574	identity_comment = optarg;
				575	break;
				576
				577	case 'q':
				578	quiet = 1;
				579	break;
				580
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	581	case 'R':
				582	if (rsa_alive() == 0)
				583	exit(1);
				584	else
				585	exit(0);
				586	break;
				587
				588	case 'x':
				589	convert_to_ssh2 = 1;
				590	break;
				591
				592	case 'X':
				593	convert_from_ssh2 = 1;
				594	break;
				595
				596	case 'y':
				597	print_public = 1;
				598	break;
				599
				600	case 'd':
				601	dsa_mode = 1;
				602	break;
				603
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	604	case '?':
				605	default:
				606	usage();
				607	}
				608	}
				609	if (optind < ac) {
				610	printf("Too many arguments.\n");
				611	usage();
				612	}
				613	if (change_passphrase && change_comment) {
				614	printf("Can only have one of -p and -c.\n");
				615	usage();
				616	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	617	/* check if RSA support is needed and exists */
				618	if (dsa_mode == 0 && rsa_alive() == 0) {
				619	fprintf(stderr,
				620	"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
				621	__progname);
				622	exit(1);
				623	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	624	if (print_fingerprint)
				625	do_fingerprint(pw);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	626	if (change_passphrase)
				627	do_change_passphrase(pw);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	628	if (change_comment)
				629	do_change_comment(pw);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	630	if (convert_to_ssh2)
				631	do_convert_to_ssh2(pw);
				632	if (convert_from_ssh2)
				633	do_convert_from_ssh2(pw);
				634	if (print_public)
				635	do_print_public(pw);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	636
				637	arc4random_stir();
				638
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	639	if (dsa_mode != 0) {
				640	if (!quiet)
				641	printf("Generating DSA parameter and key.\n");
				642	public = private = dsa_generate_key(bits);
				643	if (private == NULL) {
				644	fprintf(stderr, "dsa_generate_keys failed");
				645	exit(1);
				646	}
				647	} else {
				648	if (quiet)
				649	rsa_set_verbose(0);
				650	/* Generate the rsa key pair. */
				651	public = key_new(KEY_RSA);
				652	private = key_new(KEY_RSA);
				653	rsa_generate_key(private->rsa, public->rsa, bits);
				654	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	655
				656	if (!have_identity)
				657	ask_filename(pw, "Enter file in which to save the key");
				658
				659	/* Create ~/.ssh directory if it doesn\'t already exist. */
				660	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
				661	if (strstr(identity_file, dotsshdir) != NULL &&
				662	stat(dotsshdir, &st) < 0) {
Damien Miller	be484b5	2000-07-15 14:14:16 +1000	[diff] [blame]	663	if (mkdir(dotsshdir, 0700) < 0)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	664	error("Could not create directory '%s'.", dotsshdir);
				665	else if (!quiet)
				666	printf("Created directory '%s'.\n", dotsshdir);
				667	}
				668	/* If the file already exists, ask the user to confirm. */
				669	if (stat(identity_file, &st) >= 0) {
				670	char yesno[3];
				671	printf("%s already exists.\n", identity_file);
				672	printf("Overwrite (y/n)? ");
				673	fflush(stdout);
				674	if (fgets(yesno, sizeof(yesno), stdin) == NULL)
				675	exit(1);
				676	if (yesno[0] != 'y' && yesno[0] != 'Y')
				677	exit(1);
				678	}
				679	/* Ask for a passphrase (twice). */
				680	if (identity_passphrase)
				681	passphrase1 = xstrdup(identity_passphrase);
				682	else if (identity_new_passphrase)
				683	passphrase1 = xstrdup(identity_new_passphrase);
				684	else {
				685	passphrase_again:
				686	passphrase1 =
				687	read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
				688	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
				689	if (strcmp(passphrase1, passphrase2) != 0) {
				690	/* The passphrases do not match. Clear them and retry. */
				691	memset(passphrase1, 0, strlen(passphrase1));
				692	memset(passphrase2, 0, strlen(passphrase2));
				693	xfree(passphrase1);
				694	xfree(passphrase2);
				695	printf("Passphrases do not match. Try again.\n");
				696	goto passphrase_again;
				697	}
				698	/* Clear the other copy of the passphrase. */
				699	memset(passphrase2, 0, strlen(passphrase2));
				700	xfree(passphrase2);
				701	}
				702
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	703	if (identity_comment) {
				704	strlcpy(comment, identity_comment, sizeof(comment));
				705	} else {
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	706	/* Create default commend field for the passphrase. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	707	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
				708	}
				709
				710	/* Save the key with the given passphrase and comment. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	711	if (!save_private_key(identity_file, passphrase1, private, comment)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	712	printf("Saving the key failed: %s: %s.\n",
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	713	identity_file, strerror(errno));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	714	memset(passphrase1, 0, strlen(passphrase1));
				715	xfree(passphrase1);
				716	exit(1);
				717	}
				718	/* Clear the passphrase. */
				719	memset(passphrase1, 0, strlen(passphrase1));
				720	xfree(passphrase1);
				721
				722	/* Clear the private key and the random number generator. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	723	if (private != public) {
				724	key_free(private);
				725	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	726	arc4random_stir();
				727
				728	if (!quiet)
				729	printf("Your identification has been saved in %s.\n", identity_file);
				730
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	731	strlcat(identity_file, ".pub", sizeof(identity_file));
				732	f = fopen(identity_file, "w");
				733	if (!f) {
				734	printf("Could not save your public key in %s\n", identity_file);
				735	exit(1);
				736	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	737	if (!key_write(public, f))
				738	fprintf(stderr, "write key failed");
				739	fprintf(f, " %s\n", comment);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	740	fclose(f);
				741
				742	if (!quiet) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	743	printf("Your public key has been saved in %s.\n",
				744	identity_file);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	745	printf("The key fingerprint is:\n");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	746	printf("%s %s\n", key_fingerprint(public), comment);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	747	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	748
				749	key_free(public);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	750	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	751	}