src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.14 and 1.25.2.2

version 1.14, 1999/11/24 19:53:52

version 1.25.2.2, 2000/09/01 18:23:23

Line 7

#include "includes.h"

RCSID("$Id$");

RCSID("$OpenBSD$");

#include "rsa.h"

#include <openssl/evp.h>

#include <openssl/pem.h>

#include <openssl/rsa.h>

#include <openssl/dsa.h>

#include "ssh.h"

#include "xmalloc.h"

#include "fingerprint.h"

#include "key.h"

#include "rsa.h"

#include "dsa.h"

#include "authfile.h"

#include "uuencode.h"

/* Generated private key. */

/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */

RSA *private_key;

/* Generated public key. */

RSA *public_key;

/* Number of bits in the RSA key. This value can be changed on the command line. */

int bits = 1024;

Line 53

Line 55

/* This is set to the new comment if given on the command line. */

char *identity_comment = NULL;

/* Dump public key file in format used by real and the original SSH 2 */

int convert_to_ssh2 = 0;

int convert_from_ssh2 = 0;

int print_public = 0;

int dsa_mode = 0;

/* argv0 */

extern char *__progname;

char hostname[MAXHOSTNAMELEN];

void

ask_filename(struct passwd *pw, const char *prompt)

{

char buf[1024];

snprintf(identity_file, sizeof(identity_file), "%s/%s",

pw->pw_dir, SSH_CLIENT_IDENTITY);

pw->pw_dir,

dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);

printf("%s (%s): ", prompt, identity_file);

fflush(stdout);

if (fgets(buf, sizeof(buf), stdin) == NULL)

Line 73

Line 84

have_identity = 1;

}

int

try_load_key(char *filename, Key *k)

{

int success = 1;

if (!load_private_key(filename, "", k, NULL)) {

char *pass = read_passphrase("Enter passphrase: ", 1);

if (!load_private_key(filename, pass, k, NULL)) {

success = 0;

}

memset(pass, 0, strlen(pass));

xfree(pass);

}

return success;

}

#define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"

#define SSH_COM_MAGIC_END "---- END SSH2 PUBLIC KEY ----"

void

do_convert_to_ssh2(struct passwd *pw)

{

Key *k;

int len;

unsigned char *blob;

struct stat st;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

if (stat(identity_file, &st) < 0) {

perror(identity_file);

exit(1);

}

k = key_new(KEY_DSA);

if (!try_load_key(identity_file, k)) {

fprintf(stderr, "load failed\n");

exit(1);

}

dsa_make_key_blob(k, &blob, &len);

fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN);

fprintf(stdout,

"Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n",

BN_num_bits(k->dsa->p),

pw->pw_name, hostname);

dump_base64(stdout, blob, len);

fprintf(stdout, "%s\n", SSH_COM_MAGIC_END);

key_free(k);

xfree(blob);

exit(0);

}

void

do_convert_from_ssh2(struct passwd *pw)

{

Key *k;

int blen;

char line[1024], *p;

char blob[8096];

char encoded[8096];

struct stat st;

int escaped = 0;

FILE *fp;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

if (stat(identity_file, &st) < 0) {

perror(identity_file);

exit(1);

}

fp = fopen(identity_file, "r");

if (fp == NULL) {

perror(identity_file);

exit(1);

}

encoded[0] = '\0';

while (fgets(line, sizeof(line), fp)) {

if (!(p = strchr(line, '\n'))) {

fprintf(stderr, "input line too long.\n");

exit(1);

}

if (p > line && p[-1] == '\\')

escaped++;

if (strncmp(line, "----", 4) == 0 ||

strstr(line, ": ") != NULL) {

fprintf(stderr, "ignore: %s", line);

continue;

}

if (escaped) {

escaped--;

fprintf(stderr, "escaped: %s", line);

continue;

}

*p = '\0';

strlcat(encoded, line, sizeof(encoded));

}

blen = uudecode(encoded, (unsigned char *)blob, sizeof(blob));

if (blen < 0) {

fprintf(stderr, "uudecode failed.\n");

exit(1);

}

k = dsa_key_from_blob(blob, blen);

if (!key_write(k, stdout))

fprintf(stderr, "key_write failed");

key_free(k);

fprintf(stdout, "\n");

fclose(fp);

exit(0);

}

void

do_print_public(struct passwd *pw)

{

Key *k;

int len;

unsigned char *blob;

struct stat st;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

if (stat(identity_file, &st) < 0) {

perror(identity_file);

exit(1);

}

k = key_new(KEY_DSA);

if (!try_load_key(identity_file, k)) {

fprintf(stderr, "load failed\n");

exit(1);

}

dsa_make_key_blob(k, &blob, &len);

if (!key_write(k, stdout))

fprintf(stderr, "key_write failed");

key_free(k);

xfree(blob);

fprintf(stdout, "\n");

exit(0);

}

void

do_fingerprint(struct passwd *pw)

{

char *comment;

/* XXX RSA1 only */

RSA *public_key;

FILE *f;

Key *public;

char *comment = NULL, *cp, *ep, line[16*1024];

int i, skip = 0, num = 1, invalid = 1;

unsigned int ignore;

struct stat st;

if (!have_identity)

Line 86

Line 238

perror(identity_file);

exit(1);

}

public_key = RSA_new();

public = key_new(KEY_RSA);

if (!load_public_key(identity_file, public_key, &comment)) {

if (load_public_key(identity_file, public, &comment)) {

char *cp, line[1024];

printf("%d %s %s\n", BN_num_bits(public->rsa->n),

BIGNUM *e, *n;

key_fingerprint(public), comment);

int dummy, invalid = 0;

key_free(public);

FILE *f = fopen(identity_file, "r");

exit(0);

n = BN_new();

}

e = BN_new();

if (f && fgets(line, sizeof(line), f)) {

f = fopen(identity_file, "r");

cp = line;

if (f != NULL) {

line[strlen(line) - 1] = '\0';

while (fgets(line, sizeof(line), f)) {

if (auth_rsa_read_key(&cp, &dummy, e, n)) {

i = strlen(line) - 1;

public_key->e = e;

if (line[i] != '\n') {

public_key->n = n;

error("line %d too long: %.40s...", num, line);

comment = xstrdup(cp ? cp : "no comment");

skip = 1;

} else {

continue;

invalid = 1;

}

} else {

num++;

invalid = 1;

if (skip) {

skip = 0;

continue;

}

line[i] = '\0';

/* Skip leading whitespace, empty and comment lines. */

for (cp = line; *cp == ' ' || *cp == '\t'; cp++)

;

if (!*cp || *cp == '\n' || *cp == '#')

continue ;

i = strtol(cp, &ep, 10);

if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {

int quoted = 0;

comment = cp;

for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {

if (*cp == '\\' && cp[1] == '"')

cp++; /* Skip both */

else if (*cp == '"')

quoted = !quoted;

}

if (!*cp)

continue;

*cp++ = '\0';

}

ep = cp;

if (auth_rsa_read_key(&cp, &ignore, public->rsa->e, public->rsa->n)) {

invalid = 0;

comment = *cp ? cp : comment;

printf("%d %s %s\n", key_size(public),

key_fingerprint(public),

comment ? comment : "no comment");

}

if (invalid) {

fclose(f);

printf("%s is not a valid key file.\n", identity_file);

BN_free(e);

BN_free(n);

exit(1);

}

printf("%d %s %s\n", BN_num_bits(public_key->n),

key_free(public);

fingerprint(public_key->e, public_key->n),

if (invalid) {

comment);

printf("%s is not a valid key file.\n", identity_file);

RSA_free(public_key);

exit(1);

}

exit(0);

}

Line 131

Line 310

char *comment;

char *old_passphrase, *passphrase1, *passphrase2;

struct stat st;

RSA *private_key;

Key *private;

Key *public;

int type = dsa_mode ? KEY_DSA : KEY_RSA;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

Line 139

Line 320

perror(identity_file);

exit(1);

}

public_key = RSA_new();

if (!load_public_key(identity_file, public_key, NULL)) {

if (type == KEY_RSA) {

printf("%s is not a valid key file.\n", identity_file);

/* XXX this works currently only for RSA */

exit(1);

public = key_new(type);

if (!load_public_key(identity_file, public, NULL)) {

printf("%s is not a valid key file.\n", identity_file);

exit(1);

}

/* Clear the public key since we are just about to load the whole file. */

key_free(public);

}

/* Clear the public key since we are just about to load the whole file. */

RSA_free(public_key);

/* Try to load the file with empty passphrase. */

private_key = RSA_new();

private = key_new(type);

if (!load_private_key(identity_file, "", private_key, &comment)) {

if (!load_private_key(identity_file, "", private, &comment)) {

if (identity_passphrase)

old_passphrase = xstrdup(identity_passphrase);

else

old_passphrase = read_passphrase("Enter old passphrase: ", 1);

if (!load_private_key(identity_file, old_passphrase, private_key, &comment)) {

if (!load_private_key(identity_file, old_passphrase, private, &comment)) {

memset(old_passphrase, 0, strlen(old_passphrase));

xfree(old_passphrase);

printf("Bad passphrase.\n");

Line 189

Line 374

}

/* Save the file using the new passphrase. */

if (!save_private_key(identity_file, passphrase1, private_key, comment)) {

if (!save_private_key(identity_file, passphrase1, private, comment)) {

printf("Saving the key failed: %s: %s.\n",

identity_file, strerror(errno));

memset(passphrase1, 0, strlen(passphrase1));

xfree(passphrase1);

RSA_free(private_key);

key_free(private);

xfree(comment);

exit(1);

}

/* Destroy the passphrase and the copy of the key in memory. */

memset(passphrase1, 0, strlen(passphrase1));

xfree(passphrase1);

RSA_free(private_key); /* Destroys contents */

key_free(private); /* Destroys contents */

xfree(comment);

printf("Your identification has been saved with the new passphrase.\n");

Line 215

Line 400

do_change_comment(struct passwd *pw)

{

char new_comment[1024], *comment;

RSA *private_key;

Key *private;

Key *public;

char *passphrase;

struct stat st;

FILE *f;

char *tmpbuf;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

Line 231

Line 416

* Try to load the public key from the file the verify that it is

* readable and of the proper format.

public_key = RSA_new();

public = key_new(KEY_RSA);

if (!load_public_key(identity_file, public_key, NULL)) {

if (!load_public_key(identity_file, public, NULL)) {

printf("%s is not a valid key file.\n", identity_file);

exit(1);

}

private_key = RSA_new();

if (load_private_key(identity_file, "", private_key, &comment))

private = key_new(KEY_RSA);

if (load_private_key(identity_file, "", private, &comment))

passphrase = xstrdup("");

else {

if (identity_passphrase)

Line 248

Line 433

else

passphrase = read_passphrase("Enter passphrase: ", 1);

/* Try to load using the passphrase. */

if (!load_private_key(identity_file, passphrase, private_key, &comment)) {

if (!load_private_key(identity_file, passphrase, private, &comment)) {

memset(passphrase, 0, strlen(passphrase));

xfree(passphrase);

printf("Bad passphrase.\n");

Line 264

Line 449

fflush(stdout);

if (!fgets(new_comment, sizeof(new_comment), stdin)) {

memset(passphrase, 0, strlen(passphrase));

RSA_free(private_key);

key_free(private);

exit(1);

}

if (strchr(new_comment, '\n'))

Line 272

Line 457

}

/* Save the file using the new passphrase. */

if (!save_private_key(identity_file, passphrase, private_key, new_comment)) {

if (!save_private_key(identity_file, passphrase, private, new_comment)) {

printf("Saving the key failed: %s: %s.\n",

identity_file, strerror(errno));

memset(passphrase, 0, strlen(passphrase));

xfree(passphrase);

RSA_free(private_key);

key_free(private);

xfree(comment);

exit(1);

}

memset(passphrase, 0, strlen(passphrase));

xfree(passphrase);

RSA_free(private_key);

key_free(private);

strlcat(identity_file, ".pub", sizeof(identity_file));

f = fopen(identity_file, "w");

Line 291

Line 476

printf("Could not save your public key in %s\n", identity_file);

exit(1);

}

fprintf(f, "%d ", BN_num_bits(public_key->n));

if (!key_write(public, f))

tmpbuf = BN_bn2dec(public_key->e);

fprintf(stderr, "write key failed");

fprintf(f, "%s ", tmpbuf);

key_free(public);

free(tmpbuf);

fprintf(f, " %s\n", new_comment);

tmpbuf = BN_bn2dec(public_key->n);

fprintf(f, "%s %s\n", tmpbuf, new_comment);

free(tmpbuf);

fclose(f);

xfree(comment);

Line 309

Line 491

void

usage(void)

{

printf("ssh-keygen version %s\n", SSH_VERSION);

printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);

printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);

exit(1);

}

Line 322

Line 503

{

char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;

struct passwd *pw;

char *tmpbuf;

int opt;

struct stat st;

FILE *f;

char hostname[MAXHOSTNAMELEN];

Key *private;

Key *public;

extern int optind;

extern char *optarg;

/* check if RSA support exists */

SSLeay_add_all_algorithms();

if (rsa_alive() == 0) {

fprintf(stderr,

"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",

__progname);

exit(1);

}

/* we need this for the home * directory. */

pw = getpwuid(getuid());

if (!pw) {

printf("You don't exist, go away!\n");

exit(1);

}

if (gethostname(hostname, sizeof(hostname)) < 0) {

perror("gethostname");

exit(1);

}

while ((opt = getopt(ac, av, "qpclb:f:P:N:C:")) != EOF) {

while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {

switch (opt) {

case 'b':

bits = atoi(optarg);

Line 387

Line 567

quiet = 1;

break;

case 'R':

if (rsa_alive() == 0)

exit(1);

else

exit(0);

break;

case 'x':

convert_to_ssh2 = 1;

break;

case 'X':

convert_from_ssh2 = 1;

break;

case 'y':

print_public = 1;

break;

case 'd':

dsa_mode = 1;

break;

case '?':

default:

usage();

Line 400

Line 603

printf("Can only have one of -p and -c.\n");

usage();

}

/* check if RSA support is needed and exists */

if (dsa_mode == 0 && rsa_alive() == 0) {

fprintf(stderr,

"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",

__progname);

exit(1);

}

if (print_fingerprint)

do_fingerprint(pw);

if (change_passphrase)

do_change_passphrase(pw);

if (change_comment)

do_change_comment(pw);

if (convert_to_ssh2)

do_convert_to_ssh2(pw);

if (convert_from_ssh2)

do_convert_from_ssh2(pw);

if (print_public)

do_print_public(pw);

arc4random_stir();

if (quiet)

if (dsa_mode != 0) {

rsa_set_verbose(0);

if (!quiet)

printf("Generating DSA parameter and key.\n");

public = private = dsa_generate_key(bits);

if (private == NULL) {

fprintf(stderr, "dsa_generate_keys failed");

exit(1);

}

} else {

if (quiet)

rsa_set_verbose(0);

/* Generate the rsa key pair. */

public = key_new(KEY_RSA);

private = key_new(KEY_RSA);

rsa_generate_key(private->rsa, public->rsa, bits);

}

/* Generate the rsa key pair. */

private_key = RSA_new();

public_key = RSA_new();

rsa_generate_key(private_key, public_key, bits);

if (!have_identity)

ask_filename(pw, "Enter file in which to save the key");

Line 424

Line 649

snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);

if (strstr(identity_file, dotsshdir) != NULL &&

stat(dotsshdir, &st) < 0) {

if (mkdir(dotsshdir, 0755) < 0)

if (mkdir(dotsshdir, 0700) < 0)

error("Could not create directory '%s'.", dotsshdir);

else if (!quiet)

printf("Created directory '%s'.\n", dotsshdir);

Line 467

Line 692

if (identity_comment) {

strlcpy(comment, identity_comment, sizeof(comment));

} else {

/* Create default commend field for the passphrase. */

if (gethostname(hostname, sizeof(hostname)) < 0) {

perror("gethostname");

exit(1);

}

snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);

}

/* Save the key with the given passphrase and comment. */

if (!save_private_key(identity_file, passphrase1, private_key, comment)) {

if (!save_private_key(identity_file, passphrase1, private, comment)) {

printf("Saving the key failed: %s: %s.\n",

identity_file, strerror(errno));

memset(passphrase1, 0, strlen(passphrase1));

xfree(passphrase1);

exit(1);

Line 488

Line 709

xfree(passphrase1);

/* Clear the private key and the random number generator. */

RSA_free(private_key);

if (private != public) {

key_free(private);

}

arc4random_stir();

if (!quiet)

Line 500

Line 723

printf("Could not save your public key in %s\n", identity_file);

exit(1);

}

fprintf(f, "%d ", BN_num_bits(public_key->n));

if (!key_write(public, f))

tmpbuf = BN_bn2dec(public_key->e);

fprintf(stderr, "write key failed");

fprintf(f, "%s ", tmpbuf);

fprintf(f, " %s\n", comment);

free(tmpbuf);

tmpbuf = BN_bn2dec(public_key->n);

fprintf(f, "%s %s\n", tmpbuf, comment);

free(tmpbuf);

fclose(f);

if (!quiet) {

printf("Your public key has been saved in %s.\n", identity_file);

printf("Your public key has been saved in %s.\n",

identity_file);

printf("The key fingerprint is:\n");

printf("%d %s %s\n", BN_num_bits(public_key->n),

printf("%s %s\n", key_fingerprint(public), comment);

fingerprint(public_key->e, public_key->n),

comment);

}

key_free(public);

exit(0);

}