=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.311 retrieving revision 1.339 diff -u -r1.311 -r1.339 --- src/usr.bin/ssh/ssh-keygen.c 2018/02/10 05:43:26 1.311 +++ src/usr.bin/ssh/ssh-keygen.c 2019/08/05 21:45:27 1.339 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.311 2018/02/10 05:43:26 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.339 2019/08/05 21:45:27 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -33,7 +33,6 @@ #include "xmalloc.h" #include "sshkey.h" #include "authfile.h" -#include "uuencode.h" #include "sshbuf.h" #include "pathnames.h" #include "log.h" @@ -60,79 +59,52 @@ # define DEFAULT_KEY_TYPE_NAME "ed25519" #endif -/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ -#define DEFAULT_BITS 2048 +/* + * Default number of bits in the RSA, DSA and ECDSA keys. These value can be + * overridden on the command line. + * + * These values, with the exception of DSA, provide security equivalent to at + * least 128 bits of security according to NIST Special Publication 800-57: + * Recommendation for Key Management Part 1 rev 4 section 5.6.1. + * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for + * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only + * SHA1 we limit the DSA key size 1k bits. + */ +#define DEFAULT_BITS 3072 #define DEFAULT_BITS_DSA 1024 #define DEFAULT_BITS_ECDSA 256 -u_int32_t bits = 0; -/* - * Flag indicating that we just want to change the passphrase. This can be - * set on the command line. - */ -int change_passphrase = 0; +static int quiet = 0; -/* - * Flag indicating that we just want to change the comment. This can be set - * on the command line. - */ -int change_comment = 0; - -int quiet = 0; - -int log_level = SYSLOG_LEVEL_INFO; - -/* Flag indicating that we want to hash a known_hosts file */ -int hash_hosts = 0; -/* Flag indicating that we want lookup a host in known_hosts file */ -int find_host = 0; -/* Flag indicating that we want to delete a host from a known_hosts file */ -int delete_host = 0; - -/* Flag indicating that we want to show the contents of a certificate */ -int show_cert = 0; - /* Flag indicating that we just want to see the key fingerprint */ -int print_fingerprint = 0; -int print_bubblebabble = 0; +static int print_fingerprint = 0; +static int print_bubblebabble = 0; /* Hash algorithm to use for fingerprints. */ -int fingerprint_hash = SSH_FP_HASH_DEFAULT; +static int fingerprint_hash = SSH_FP_HASH_DEFAULT; /* The identity file name, given on the command line or entered by the user. */ -char identity_file[1024]; -int have_identity = 0; +static char identity_file[1024]; +static int have_identity = 0; /* This is set to the passphrase if given on the command line. */ -char *identity_passphrase = NULL; +static char *identity_passphrase = NULL; /* This is set to the new passphrase if given on the command line. */ -char *identity_new_passphrase = NULL; +static char *identity_new_passphrase = NULL; -/* This is set to the new comment if given on the command line. */ -char *identity_comment = NULL; - -/* Path to CA key when certifying keys. */ -char *ca_key_path = NULL; - -/* Prefer to use agent keys for CA signing */ -int prefer_agent = 0; - -/* Certificate serial number */ -unsigned long long cert_serial = 0; - /* Key type when certifying */ -u_int cert_key_type = SSH2_CERT_TYPE_USER; +static u_int cert_key_type = SSH2_CERT_TYPE_USER; /* "key ID" of signed key */ -char *cert_key_id = NULL; +static char *cert_key_id = NULL; /* Comma-separated list of principal names for certifying keys */ -char *cert_principals = NULL; +static char *cert_principals = NULL; /* Validity period for certificates */ -u_int64_t cert_valid_from = 0; -u_int64_t cert_valid_to = ~0ULL; +static u_int64_t cert_valid_from = 0; +static u_int64_t cert_valid_to = ~0ULL; /* Certificate options */ #define CERTOPT_X_FWD (1) @@ -142,9 +114,9 @@ #define CERTOPT_USER_RC (1<<4) #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) -u_int32_t certflags_flags = CERTOPT_DEFAULT; -char *certflags_command = NULL; -char *certflags_src_addr = NULL; +static u_int32_t certflags_flags = CERTOPT_DEFAULT; +static char *certflags_command = NULL; +static char *certflags_src_addr = NULL; /* Arbitrary extensions specified by user */ struct cert_userext { @@ -152,41 +124,37 @@ char *val; int crit; }; -struct cert_userext *cert_userext; -size_t ncert_userext; +static struct cert_userext *cert_userext; +static size_t ncert_userext; /* Conversion to/from various formats */ -int convert_to = 0; -int convert_from = 0; enum { FMT_RFC4716, FMT_PKCS8, FMT_PEM } convert_format = FMT_RFC4716; -int print_public = 0; -int print_generic = 0; -char *key_type_name = NULL; +static char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ -char *pkcs11provider = NULL; +static char *pkcs11provider = NULL; -/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -int use_new_format = 0; +/* Format for writing private keys */ +static int private_key_format = SSHKEY_PRIVATE_OPENSSH; /* Cipher for new-format private keys */ -char *new_format_cipher = NULL; +static char *openssh_format_cipher = NULL; /* * Number of KDF rounds to derive new format keys / * number of primality trials when screening moduli. */ -int rounds = 0; +static int rounds = 0; /* argv0 */ extern char *__progname; -char hostname[NI_MAXHOST]; +static char hostname[NI_MAXHOST]; #ifdef WITH_OPENSSL /* moduli.c */ @@ -198,31 +166,30 @@ static void type_bits_valid(int type, const char *name, u_int32_t *bitsp) { -#ifdef WITH_OPENSSL - u_int maxbits, nid; -#endif - if (type == KEY_UNSPEC) fatal("unknown key type %s", key_type_name); if (*bitsp == 0) { #ifdef WITH_OPENSSL - if (type == KEY_DSA) + u_int nid; + + switch(type) { + case KEY_DSA: *bitsp = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) { + break; + case KEY_ECDSA: if (name != NULL && (nid = sshkey_ecdsa_nid_from_name(name)) > 0) *bitsp = sshkey_curve_nid_to_bits(nid); if (*bitsp == 0) *bitsp = DEFAULT_BITS_ECDSA; - } else -#endif + break; + case KEY_RSA: *bitsp = DEFAULT_BITS; + break; + } +#endif } #ifdef WITH_OPENSSL - maxbits = (type == KEY_DSA) ? - OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; - if (*bitsp > maxbits) - fatal("key bits exceeds maximum %d", maxbits); switch (type) { case KEY_DSA: if (*bitsp != 1024) @@ -232,6 +199,9 @@ if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) fatal("Invalid RSA key length: minimum is %d bits", SSH_RSA_MINIMUM_MODULUS_SIZE); + else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS) + fatal("Invalid RSA key length: maximum is %d bits", + OPENSSL_RSA_MAX_MODULUS_BITS); break; case KEY_ECDSA: if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) @@ -267,6 +237,10 @@ case KEY_ED25519_CERT: name = _PATH_SSH_CLIENT_ID_ED25519; break; + case KEY_XMSS: + case KEY_XMSS_CERT: + name = _PATH_SSH_CLIENT_ID_XMSS; + break; default: fatal("bad key type"); } @@ -315,25 +289,30 @@ static void do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) { - size_t len; - u_char *blob; - char comment[61]; + struct sshbuf *b; + char comment[61], *b64; int r; - if ((r = sshkey_to_blob(k, &blob, &len)) != 0) + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_putb(k, b)) != 0) fatal("key_to_blob failed: %s", ssh_err(r)); + if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL) + fatal("%s: sshbuf_dtob64_string failed", __func__); + /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ snprintf(comment, sizeof(comment), "%u-bit %s, converted by %s@%s from OpenSSH", sshkey_size(k), sshkey_type(k), pw->pw_name, hostname); + sshkey_free(k); + sshbuf_free(b); + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - fprintf(stdout, "Comment: \"%s\"\n", comment); - dump_base64(stdout, blob, len); + fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); - sshkey_free(k); - free(blob); + free(b64); exit(0); } @@ -382,7 +361,7 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) k = load_identity(identity_file); @@ -425,9 +404,8 @@ } static struct sshkey * -do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) +do_convert_private_ssh2(struct sshbuf *b) { - struct sshbuf *b; struct sshkey *key = NULL; char *type, *cipher; u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; @@ -435,16 +413,17 @@ u_int magic, i1, i2, i3, i4; size_t slen; u_long e; + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; + BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; + BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; - if ((b = sshbuf_from(blob, blen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); if ((r = sshbuf_get_u32(b, &magic)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); - sshbuf_free(b); return NULL; } if ((r = sshbuf_get_u32(b, &i1)) != 0 || @@ -458,7 +437,6 @@ if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); free(cipher); - sshbuf_free(b); free(type); return NULL; } @@ -469,21 +447,32 @@ } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { - sshbuf_free(b); free(type); return NULL; } - if ((key = sshkey_new_private(ktype)) == NULL) - fatal("sshkey_new_private failed"); + if ((key = sshkey_new(ktype)) == NULL) + fatal("sshkey_new failed"); free(type); switch (key->type) { case KEY_DSA: - buffer_get_bignum_bits(b, key->dsa->p); - buffer_get_bignum_bits(b, key->dsa->g); - buffer_get_bignum_bits(b, key->dsa->q); - buffer_get_bignum_bits(b, key->dsa->pub_key); - buffer_get_bignum_bits(b, key->dsa->priv_key); + if ((dsa_p = BN_new()) == NULL || + (dsa_q = BN_new()) == NULL || + (dsa_g = BN_new()) == NULL || + (dsa_pub_key = BN_new()) == NULL || + (dsa_priv_key = BN_new()) == NULL) + fatal("%s: BN_new", __func__); + buffer_get_bignum_bits(b, dsa_p); + buffer_get_bignum_bits(b, dsa_g); + buffer_get_bignum_bits(b, dsa_q); + buffer_get_bignum_bits(b, dsa_pub_key); + buffer_get_bignum_bits(b, dsa_priv_key); + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) + fatal("%s: DSA_set0_pqg failed", __func__); + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ + if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key)) + fatal("%s: DSA_set0_key failed", __func__); + dsa_pub_key = dsa_priv_key = NULL; /* transferred */ break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || @@ -500,25 +489,38 @@ e += e3; debug("e %lx", e); } - if (!BN_set_word(key->rsa->e, e)) { - sshbuf_free(b); + if ((rsa_e = BN_new()) == NULL) + fatal("%s: BN_new", __func__); + if (!BN_set_word(rsa_e, e)) { + BN_clear_free(rsa_e); sshkey_free(key); return NULL; } - buffer_get_bignum_bits(b, key->rsa->d); - buffer_get_bignum_bits(b, key->rsa->n); - buffer_get_bignum_bits(b, key->rsa->iqmp); - buffer_get_bignum_bits(b, key->rsa->q); - buffer_get_bignum_bits(b, key->rsa->p); - if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) + if ((rsa_n = BN_new()) == NULL || + (rsa_d = BN_new()) == NULL || + (rsa_p = BN_new()) == NULL || + (rsa_q = BN_new()) == NULL || + (rsa_iqmp = BN_new()) == NULL) + fatal("%s: BN_new", __func__); + buffer_get_bignum_bits(b, rsa_d); + buffer_get_bignum_bits(b, rsa_n); + buffer_get_bignum_bits(b, rsa_iqmp); + buffer_get_bignum_bits(b, rsa_q); + buffer_get_bignum_bits(b, rsa_p); + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d)) + fatal("%s: RSA_set0_key failed", __func__); + rsa_n = rsa_e = rsa_d = NULL; /* transferred */ + if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) + fatal("%s: RSA_set0_factors failed", __func__); + rsa_p = rsa_q = NULL; /* transferred */ + if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); + BN_clear_free(rsa_iqmp); break; } rlen = sshbuf_len(b); if (rlen != 0) - error("do_convert_private_ssh2_from_blob: " - "remaining bytes in key blob %d", rlen); - sshbuf_free(b); + error("%s: remaining bytes in key blob %d", __func__, rlen); /* try the key */ if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || @@ -563,10 +565,12 @@ int r, blen, escaped = 0; u_int len; char line[1024]; - u_char blob[8096]; + struct sshbuf *buf; char encoded[8096]; FILE *fp; + if ((buf = sshbuf_new()) == NULL) + fatal("sshbuf_new failed"); if ((fp = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); encoded[0] = '\0'; @@ -596,12 +600,11 @@ (encoded[len-2] == '=') && (encoded[len-3] == '=')) encoded[len-3] = '\0'; - blen = uudecode(encoded, blob, sizeof(blob)); - if (blen < 0) - fatal("uudecode failed."); + if ((r = sshbuf_b64tod(buf, encoded)) != 0) + fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); if (*private) - *k = do_convert_private_ssh2_from_blob(blob, blen); - else if ((r = sshkey_from_blob(blob, blen, k)) != 0) + *k = do_convert_private_ssh2(buf); + else if ((r = sshkey_fromb(buf, k)) != 0) fatal("decode blob failed: %s", ssh_err(r)); fclose(fp); } @@ -619,7 +622,7 @@ identity_file); } fclose(fp); - switch (EVP_PKEY_type(pubkey->type)) { + switch (EVP_PKEY_base_id(pubkey)) { case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); @@ -641,7 +644,7 @@ break; default: fatal("%s: unsupported pubkey type %d", __func__, - EVP_PKEY_type(pubkey->type)); + EVP_PKEY_base_id(pubkey)); } EVP_PKEY_free(pubkey); return; @@ -675,7 +678,7 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); switch (convert_format) { @@ -733,7 +736,7 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) @@ -756,7 +759,7 @@ fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - pkcs11_init(0); + pkcs11_init(1); nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); @@ -769,7 +772,7 @@ fatal("%s: sshkey_fingerprint fail", __func__); printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), fp, sshkey_type(keys[i])); - if (log_level >= SYSLOG_LEVEL_VERBOSE) + if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); free(ra); free(fp); @@ -817,7 +820,7 @@ fatal("%s: sshkey_fingerprint failed", __func__); mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) + if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); free(ra); free(fp); @@ -831,7 +834,7 @@ struct sshkey *public = NULL; int r; - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &public, &comment)) != 0) { debug("load public \"%s\": %s", path, ssh_err(r)); @@ -852,7 +855,8 @@ { FILE *f; struct sshkey *public = NULL; - char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *comment = NULL, *cp, *ep, *line = NULL; + size_t linesize = 0; int i, invalid = 1; const char *path; u_long lnum = 0; @@ -867,7 +871,8 @@ } else if ((f = fopen(path, "r")) == NULL) fatal("%s: %s: %s", __progname, path, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; cp = line; cp[strcspn(cp, "\n")] = '\0'; /* Trim leading space and comments */ @@ -887,6 +892,7 @@ */ if (lnum == 1 && strcmp(identity_file, "-") != 0 && strstr(cp, "PRIVATE KEY") != NULL) { + free(line); fclose(f); fingerprint_private(path); exit(0); @@ -933,6 +939,7 @@ invalid = 0; /* One good key in the file is sufficient */ } fclose(f); + free(line); if (invalid) fatal("%s is not a public key file.", path); @@ -953,9 +960,13 @@ { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, #endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, +#ifdef WITH_XMSS + { "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE }, +#endif /* WITH_XMSS */ { NULL, NULL, NULL } }; + u_int bits = 0; int first = 0; struct stat st; struct sshkey *private, *public; @@ -1015,7 +1026,8 @@ snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); if ((r = sshkey_save_private(private, prv_tmp, "", - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", prv_tmp, ssh_err(r)); goto failnext; @@ -1079,6 +1091,9 @@ int has_unhashed; /* When hashing, original had unhashed hosts */ int found_key; /* For find/delete, host was found */ int invalid; /* File contained invalid items; don't delete */ + int hash_hosts; /* Hash hostnames as we go */ + int find_host; /* Search for specific hostname */ + int delete_host; /* Delete host from known_hosts */ }; static int @@ -1098,7 +1113,7 @@ */ if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); - if (has_wild && !find_host) { + if (has_wild && !ctx->find_host) { logit("%s:%lu: ignoring host name " "with wildcard: %.64s", l->path, l->linenum, l->hosts); @@ -1138,13 +1153,13 @@ struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; enum sshkey_fp_rep rep; int fptype; - char *fp; + char *fp = NULL, *ra = NULL; fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; if (l->status == HKF_STATUS_MATCHED) { - if (delete_host) { + if (ctx->delete_host) { if (l->marker != MRK_NONE) { /* Don't remove CA and revocation lines */ fprintf(ctx->out, "%s\n", l->line); @@ -1160,7 +1175,7 @@ ctx->host, l->linenum); } return 0; - } else if (find_host) { + } else if (ctx->find_host) { ctx->found_key = 1; if (!quiet) { printf("# Host %s found: line %lu %s\n", @@ -1168,18 +1183,26 @@ l->linenum, l->marker == MRK_CA ? "CA" : (l->marker == MRK_REVOKE ? "REVOKED" : "")); } - if (hash_hosts) + if (ctx->hash_hosts) known_hosts_hash(l, ctx); else if (print_fingerprint) { fp = sshkey_fingerprint(l->key, fptype, rep); + ra = sshkey_fingerprint(l->key, + fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint failed", + __func__); mprintf("%s %s %s %s\n", ctx->host, sshkey_type(l->key), fp, l->comment); + if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) + printf("%s\n", ra); + free(ra); free(fp); } else fprintf(ctx->out, "%s\n", l->line); return 0; } - } else if (delete_host) { + } else if (ctx->delete_host) { /* Retain non-matching hosts when deleting */ if (l->status == HKF_STATUS_INVALID) { ctx->invalid = 1; @@ -1191,7 +1214,8 @@ } static void -do_known_hosts(struct passwd *pw, const char *name) +do_known_hosts(struct passwd *pw, const char *name, int find_host, + int delete_host, int hash_hosts) { char *cp, tmp[PATH_MAX], old[PATH_MAX]; int r, fd, oerrno, inplace = 0; @@ -1210,6 +1234,9 @@ memset(&ctx, 0, sizeof(ctx)); ctx.out = stdout; ctx.host = name; + ctx.hash_hosts = hash_hosts; + ctx.find_host = find_host; + ctx.delete_host = delete_host; /* * Find hosts goes to stdout, hash and deletions happen in-place @@ -1231,13 +1258,12 @@ } inplace = 1; } - /* XXX support identity_file == "-" for stdin */ foreach_options = find_host ? HKF_WANT_MATCH : 0; foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; - if ((r = hostkeys_foreach(identity_file, - hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, - name, NULL, foreach_options)) != 0) { + if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ? + known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL, + foreach_options)) != 0) { if (inplace) unlink(tmp); fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); @@ -1301,7 +1327,7 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); /* Try to load the file with empty passphrase. */ r = sshkey_load_private(identity_file, "", &private, &comment); @@ -1352,7 +1378,7 @@ /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s.", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); @@ -1375,7 +1401,8 @@ * Print the SSHFP RR. */ static int -do_print_resource_record(struct passwd *pw, char *fname, char *hname) +do_print_resource_record(struct passwd *pw, char *fname, char *hname, + int print_generic) { struct sshkey *public; char *comment = NULL; @@ -1384,7 +1411,7 @@ if (fname == NULL) fatal("%s: no filename", __func__); - if (stat(fname, &st) < 0) { + if (stat(fname, &st) == -1) { if (errno == ENOENT) return 0; fatal("%s: %s", fname, strerror(errno)); @@ -1402,7 +1429,7 @@ * Change the comment of a private key file. */ static void -do_change_comment(struct passwd *pw) +do_change_comment(struct passwd *pw, const char *identity_comment) { char new_comment[1024], *comment, *passphrase; struct sshkey *private; @@ -1413,7 +1440,7 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_private(identity_file, "", &private, &comment)) == 0) @@ -1439,7 +1466,8 @@ } } - if (private->type != KEY_ED25519 && !use_new_format) { + if (private->type != KEY_ED25519 && private->type != KEY_XMSS && + private_key_format != SSHKEY_PRIVATE_OPENSSH) { error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); @@ -1447,14 +1475,14 @@ exit(1); } if (comment) - printf("Key now has comment '%s'\n", comment); + printf("Old comment: %s\n", comment); else - printf("Key now has no comment\n"); + printf("No existing comment\n"); if (identity_comment) { strlcpy(new_comment, identity_comment, sizeof(new_comment)); } else { - printf("Enter new comment: "); + printf("New comment: "); fflush(stdout); if (!fgets(new_comment, sizeof(new_comment), stdin)) { explicit_bzero(passphrase, strlen(passphrase)); @@ -1463,10 +1491,18 @@ } new_comment[strcspn(new_comment, "\n")] = '\0'; } + if (comment != NULL && strcmp(comment, new_comment) == 0) { + printf("No change to comment\n"); + free(passphrase); + sshkey_free(private); + free(comment); + exit(0); + } /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase, - new_comment, use_new_format, new_format_cipher, rounds)) != 0) { + new_comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase, strlen(passphrase)); @@ -1496,7 +1532,11 @@ free(comment); - printf("The comment in your key file has been changed.\n"); + if (strlen(new_comment) > 0) + printf("Comment '%s' applied\n", new_comment); + else + printf("Comment removed\n"); + exit(0); } @@ -1602,7 +1642,7 @@ /* Signer for sshkey_certify_custom that uses the agent */ static int -agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, +agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat, void *ctx) { @@ -1613,7 +1653,9 @@ } static void -do_ca_sign(struct passwd *pw, int argc, char **argv) +do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, + unsigned long long cert_serial, int cert_serial_autoinc, + int argc, char **argv) { int r, i, fd, found, agent_fd = -1; u_int n; @@ -1681,13 +1723,16 @@ } free(otmp); } - + if (n > SSHKEY_CERT_MAX_PRINCIPALS) + fatal("Too many certificate principals specified"); + tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) fatal("%s: unable to open \"%s\": %s", __func__, tmp, ssh_err(r)); if (public->type != KEY_RSA && public->type != KEY_DSA && - public->type != KEY_ECDSA && public->type != KEY_ED25519) + public->type != KEY_ECDSA && public->type != KEY_ED25519 && + public->type != KEY_XMSS) fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, sshkey_type(public)); @@ -1750,6 +1795,8 @@ sshkey_free(public); free(out); + if (cert_serial_autoinc) + cert_serial++; } #ifdef ENABLE_PKCS11 pkcs11_terminate(); @@ -1771,40 +1818,6 @@ return now + (u_int64_t)(secs * mul); } -static u_int64_t -parse_absolute_time(const char *s) -{ - struct tm tm; - time_t tt; - char buf[32], *fmt; - - /* - * POSIX strptime says "The application shall ensure that there - * is white-space or other non-alphanumeric characters between - * any two conversion specifications" so arrange things this way. - */ - switch (strlen(s)) { - case 8: - fmt = "%Y-%m-%d"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); - break; - case 14: - fmt = "%Y-%m-%dT%H:%M:%S"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", - s, s + 4, s + 6, s + 8, s + 10, s + 12); - break; - default: - fatal("Invalid certificate time format \"%s\"", s); - } - - memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - fatal("Invalid certificate time %s", s); - if ((tt = mktime(&tm)) < 0) - fatal("Certificate time %s cannot be represented", s); - return (u_int64_t)tt; -} - static void parse_cert_times(char *timespec) { @@ -1840,15 +1853,15 @@ cert_valid_from = parse_relative_time(from, now); else if (strcmp(from, "always") == 0) cert_valid_from = 0; - else - cert_valid_from = parse_absolute_time(from); + else if (parse_absolute_time(from, &cert_valid_from) != 0) + fatal("Invalid from time \"%s\"", from); if (*to == '-' || *to == '+') cert_valid_to = parse_relative_time(to, now); else if (strcmp(to, "forever") == 0) cert_valid_to = ~(u_int64_t)0; - else - cert_valid_to = parse_absolute_time(to); + else if (parse_absolute_time(to, &cert_valid_to) != 0) + fatal("Invalid to time \"%s\"", to); if (cert_valid_to <= cert_valid_from) fatal("Empty certificate validity interval"); @@ -1975,8 +1988,9 @@ printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), sshkey_cert_type(key)); printf(" Public key: %s %s\n", sshkey_type(key), key_fp); - printf(" Signing CA: %s %s\n", - sshkey_type(key->cert->signature_key), ca_fp); + printf(" Signing CA: %s %s (using %s)\n", + sshkey_type(key->cert->signature_key), ca_fp, + key->cert->signature_type); printf(" Key ID: \"%s\"\n", key->cert->key_id); printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); printf(" Valid: %s\n", valid); @@ -2012,13 +2026,14 @@ struct stat st; int r, is_stdin = 0, ok = 0; FILE *f; - char *cp, line[SSH_MAX_PUBKEY_BYTES]; + char *cp, *line = NULL; const char *path; + size_t linesize = 0; u_long lnum = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) + if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); path = identity_file; @@ -2029,7 +2044,8 @@ } else if ((f = fopen(identity_file, "r")) == NULL) fatal("fopen %s: %s", identity_file, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; sshkey_free(key); key = NULL; /* Trim leading space and comments */ @@ -2054,6 +2070,7 @@ printf("%s:%lu:\n", path, lnum); print_cert(key); } + free(line); sshkey_free(key); fclose(f); exit(ok ? 0 : 1); @@ -2081,14 +2098,51 @@ } static void +hash_to_blob(const char *cp, u_char **blobp, size_t *lenp, + const char *file, u_long lnum) +{ + char *tmp; + size_t tlen; + struct sshbuf *b; + int r; + + if (strncmp(cp, "SHA256:", 7) != 0) + fatal("%s:%lu: unsupported hash algorithm", file, lnum); + cp += 7; + + /* + * OpenSSH base64 hashes omit trailing '=' + * characters; put them back for decode. + */ + tlen = strlen(cp); + tmp = xmalloc(tlen + 4 + 1); + strlcpy(tmp, cp, tlen + 1); + while ((tlen % 4) != 0) { + tmp[tlen++] = '='; + tmp[tlen] = '\0'; + } + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_b64tod(b, tmp)) != 0) + fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r)); + free(tmp); + *lenp = sshbuf_len(b); + *blobp = xmalloc(*lenp); + memcpy(*blobp, sshbuf_ptr(b), *lenp); + sshbuf_free(b); +} + +static void update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, const struct sshkey *ca, struct ssh_krl *krl) { struct sshkey *key = NULL; u_long lnum = 0; - char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *path, *cp, *ep, *line = NULL; + u_char *blob = NULL; + size_t blen = 0, linesize = 0; unsigned long long serial, serial2; - int i, was_explicit_key, was_sha1, r; + int i, was_explicit_key, was_sha1, was_sha256, was_hash, r; FILE *krl_spec; path = tilde_expand_filename(file, pw->pw_uid); @@ -2101,9 +2155,9 @@ if (!quiet) printf("Revoking from %s\n", path); - while (read_keyfile_line(krl_spec, path, line, sizeof(line), - &lnum) == 0) { - was_explicit_key = was_sha1 = 0; + while (getline(&line, &linesize, krl_spec) != -1) { + lnum++; + was_explicit_key = was_sha1 = was_sha256 = was_hash = 0; cp = line + strspn(line, " \t"); /* Trim trailing space, comments and strip \n */ for (i = 0, r = -1; cp[i] != '\0'; i++) { @@ -2168,6 +2222,11 @@ cp = cp + strspn(cp, " \t"); if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0) fatal("%s: revoke key ID failed", __func__); + } else if (strncasecmp(cp, "hash:", 5) == 0) { + cp += 5; + cp = cp + strspn(cp, " \t"); + hash_to_blob(cp, &blob, &blen, file, lnum); + r = ssh_krl_revoke_key_sha256(krl, blob, blen); } else { if (strncasecmp(cp, "key:", 4) == 0) { cp += 4; @@ -2177,7 +2236,10 @@ cp += 5; cp = cp + strspn(cp, " \t"); was_sha1 = 1; - } else { + } else if (strncasecmp(cp, "sha256:", 7) == 0) { + cp += 7; + cp = cp + strspn(cp, " \t"); + was_sha256 = 1; /* * Just try to process the line as a key. * Parsing will fail if it isn't. @@ -2190,23 +2252,41 @@ path, lnum, ssh_err(r)); if (was_explicit_key) r = ssh_krl_revoke_key_explicit(krl, key); - else if (was_sha1) - r = ssh_krl_revoke_key_sha1(krl, key); - else + else if (was_sha1) { + if (sshkey_fingerprint_raw(key, + SSH_DIGEST_SHA1, &blob, &blen) != 0) { + fatal("%s:%lu: fingerprint failed", + file, lnum); + } + r = ssh_krl_revoke_key_sha1(krl, blob, blen); + } else if (was_sha256) { + if (sshkey_fingerprint_raw(key, + SSH_DIGEST_SHA256, &blob, &blen) != 0) { + fatal("%s:%lu: fingerprint failed", + file, lnum); + } + r = ssh_krl_revoke_key_sha256(krl, blob, blen); + } else r = ssh_krl_revoke_key(krl, key); if (r != 0) fatal("%s: revoke key failed: %s", __func__, ssh_err(r)); + freezero(blob, blen); + blob = NULL; + blen = 0; sshkey_free(key); } } if (strcmp(path, "-") != 0) fclose(krl_spec); + free(line); free(path); } static void -do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) +do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, + unsigned long long krl_version, const char *krl_comment, + int argc, char **argv) { struct ssh_krl *krl; struct stat sb; @@ -2241,10 +2321,10 @@ else if ((krl = ssh_krl_init()) == NULL) fatal("couldn't create KRL"); - if (cert_serial != 0) - ssh_krl_set_version(krl, cert_serial); - if (identity_comment != NULL) - ssh_krl_set_comment(krl, identity_comment); + if (krl_version != 0) + ssh_krl_set_version(krl, krl_version); + if (krl_comment != NULL) + ssh_krl_set_comment(krl, krl_comment); for (i = 0; i < argc; i++) update_krl_from_file(pw, argv[i], wild_ca, ca, krl); @@ -2255,7 +2335,7 @@ fatal("Couldn't generate KRL"); if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) fatal("open %s: %s", identity_file, strerror(errno)); - if (atomicio(vwrite, fd, (void *)sshbuf_ptr(kbuf), sshbuf_len(kbuf)) != + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != sshbuf_len(kbuf)) fatal("write %s: %s", identity_file, strerror(errno)); close(fd); @@ -2297,9 +2377,10 @@ usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa] [-m format]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" - " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" + " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-m format]\n" + " [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" " ssh-keygen -y [-f input_keyfile]\n" @@ -2343,9 +2424,17 @@ struct passwd *pw; struct stat st; int r, opt, type, fd; + int change_passphrase = 0, change_comment = 0, show_cert = 0; + int find_host = 0, delete_host = 0, hash_hosts = 0; int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; + int prefer_agent = 0, convert_to = 0, convert_from = 0; + int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; + unsigned long long cert_serial = 0; + char *identity_comment = NULL, *ca_key_path = NULL; + u_int bits = 0; FILE *f; const char *errstr; + int log_level = SYSLOG_LEVEL_INFO; #ifdef WITH_OPENSSL /* Moduli generation/screening */ char out_file[PATH_MAX], *checkpoint = NULL; @@ -2358,7 +2447,6 @@ extern int optind; extern char *optarg; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2371,7 +2459,7 @@ pw = getpwuid(getuid()); if (!pw) fatal("No user exists for uid %lu", (u_long)getuid()); - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %s", strerror(errno)); /* Remaining characters: Ydw */ @@ -2383,7 +2471,7 @@ gen_all_hostkeys = 1; break; case 'b': - bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); + bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -2424,10 +2512,12 @@ } if (strcasecmp(optarg, "PKCS8") == 0) { convert_format = FMT_PKCS8; + private_key_format = SSHKEY_PRIVATE_PKCS8; break; } if (strcasecmp(optarg, "PEM") == 0) { convert_format = FMT_PEM; + private_key_format = SSHKEY_PRIVATE_PEM; break; } fatal("Unsupported conversion format \"%s\"", optarg); @@ -2435,7 +2525,7 @@ cert_principals = optarg; break; case 'o': - use_new_format = 1; + /* no-op; new format is already the default */ break; case 'p': change_passphrase = 1; @@ -2465,7 +2555,7 @@ add_cert_option(optarg); break; case 'Z': - new_format_cipher = optarg; + openssh_format_cipher = optarg; break; case 'C': identity_comment = optarg; @@ -2531,6 +2621,10 @@ break; case 'z': errno = 0; + if (*optarg == '+') { + cert_serial_autoinc = 1; + optarg++; + } cert_serial = strtoull(optarg, &ep, 10); if (*optarg < '0' || *optarg > '9' || *ep != '\0' || (errno == ERANGE && cert_serial == ULLONG_MAX)) @@ -2611,7 +2705,8 @@ } #ifdef WITH_OPENSSL if (gen_krl) { - do_gen_krl(pw, update_krl, argc, argv); + do_gen_krl(pw, update_krl, ca_key_path, + cert_serial, identity_comment, argc, argv); return (0); } if (check_krl) { @@ -2622,12 +2717,15 @@ if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); - do_ca_sign(pw, argc, argv); + do_ca_sign(pw, ca_key_path, prefer_agent, + cert_serial, cert_serial_autoinc, argc, argv); } if (show_cert) do_show_cert(pw); - if (delete_host || hash_hosts || find_host) - do_known_hosts(pw, rr_hostname); + if (delete_host || hash_hosts || find_host) { + do_known_hosts(pw, rr_hostname, find_host, + delete_host, hash_hosts); + } if (pkcs11provider != NULL) do_download(pw); if (print_fingerprint || print_bubblebabble) @@ -2635,7 +2733,7 @@ if (change_passphrase) do_change_passphrase(pw); if (change_comment) - do_change_comment(pw); + do_change_comment(pw, identity_comment); #ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); @@ -2648,21 +2746,28 @@ unsigned int n = 0; if (have_identity) { - n = do_print_resource_record(pw, - identity_file, rr_hostname); + n = do_print_resource_record(pw, identity_file, + rr_hostname, print_generic); if (n == 0) fatal("%s: %s", identity_file, strerror(errno)); exit(0); } else { n += do_print_resource_record(pw, - _PATH_HOST_RSA_KEY_FILE, rr_hostname); + _PATH_HOST_RSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_DSA_KEY_FILE, rr_hostname); + _PATH_HOST_DSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); + _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ED25519_KEY_FILE, rr_hostname); + _PATH_HOST_ED25519_KEY_FILE, rr_hostname, + print_generic); + n += do_print_resource_record(pw, + _PATH_HOST_XMSS_KEY_FILE, rr_hostname, + print_generic); if (n == 0) fatal("no keys found."); exit(0); @@ -2737,11 +2842,11 @@ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL) { - if (stat(dotsshdir, &st) < 0) { + if (stat(dotsshdir, &st) == -1) { if (errno != ENOENT) { error("Could not stat %s: %s", dotsshdir, strerror(errno)); - } else if (mkdir(dotsshdir, 0700) < 0) { + } else if (mkdir(dotsshdir, 0700) == -1) { error("Could not create directory '%s': %s", dotsshdir, strerror(errno)); } else if (!quiet) @@ -2797,7 +2902,7 @@ /* Save the key with the given passphrase and comment. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1));