]>
Commit | Line | Data |
---|---|---|
8efc0c15 | 1 | /* |
5260325f | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
3 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
4 | * All rights reserved | |
5 | * Created: Mon Mar 27 02:26:40 1995 ylo | |
6 | * Identity and host key generation and maintenance. | |
7 | */ | |
8efc0c15 | 8 | |
9 | #include "includes.h" | |
10 | RCSID("$Id$"); | |
11 | ||
a306f2dd | 12 | #include <openssl/evp.h> |
13 | #include <openssl/pem.h> | |
14 | #include <openssl/rsa.h> | |
15 | #include <openssl/dsa.h> | |
16 | ||
8efc0c15 | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | |
f095fcc7 | 19 | #include "fingerprint.h" |
a306f2dd | 20 | #include "key.h" |
21 | #include "rsa.h" | |
22 | #include "dsa.h" | |
23 | #include "authfile.h" | |
24 | #include "uuencode.h" | |
8efc0c15 | 25 | |
a306f2dd | 26 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
8efc0c15 | 27 | int bits = 1024; |
28 | ||
aa3378df | 29 | /* |
30 | * Flag indicating that we just want to change the passphrase. This can be | |
31 | * set on the command line. | |
32 | */ | |
8efc0c15 | 33 | int change_passphrase = 0; |
34 | ||
aa3378df | 35 | /* |
36 | * Flag indicating that we just want to change the comment. This can be set | |
37 | * on the command line. | |
38 | */ | |
8efc0c15 | 39 | int change_comment = 0; |
40 | ||
41 | int quiet = 0; | |
42 | ||
f095fcc7 | 43 | /* Flag indicating that we just want to see the key fingerprint */ |
44 | int print_fingerprint = 0; | |
45 | ||
5ad13cd7 | 46 | /* The identity file name, given on the command line or entered by the user. */ |
47 | char identity_file[1024]; | |
48 | int have_identity = 0; | |
8efc0c15 | 49 | |
50 | /* This is set to the passphrase if given on the command line. */ | |
51 | char *identity_passphrase = NULL; | |
52 | ||
53 | /* This is set to the new passphrase if given on the command line. */ | |
54 | char *identity_new_passphrase = NULL; | |
55 | ||
56 | /* This is set to the new comment if given on the command line. */ | |
57 | char *identity_comment = NULL; | |
58 | ||
a306f2dd | 59 | /* Dump public key file in format used by real and the original SSH 2 */ |
60 | int convert_to_ssh2 = 0; | |
61 | int convert_from_ssh2 = 0; | |
62 | int print_public = 0; | |
63 | int dsa_mode = 0; | |
64 | ||
5ad13cd7 | 65 | /* argv0 */ |
5260325f | 66 | #ifdef HAVE___PROGNAME |
5ad13cd7 | 67 | extern char *__progname; |
5260325f | 68 | #else /* HAVE___PROGNAME */ |
3fd95d9a | 69 | static const char *__progname = "ssh-keygen"; |
5260325f | 70 | #endif /* HAVE___PROGNAME */ |
8efc0c15 | 71 | |
a306f2dd | 72 | char hostname[MAXHOSTNAMELEN]; |
73 | ||
5ad13cd7 | 74 | void |
75 | ask_filename(struct passwd *pw, const char *prompt) | |
8efc0c15 | 76 | { |
5260325f | 77 | char buf[1024]; |
78 | snprintf(identity_file, sizeof(identity_file), "%s/%s", | |
1d1ffb87 | 79 | pw->pw_dir, |
80 | dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY); | |
5260325f | 81 | printf("%s (%s): ", prompt, identity_file); |
82 | fflush(stdout); | |
83 | if (fgets(buf, sizeof(buf), stdin) == NULL) | |
84 | exit(1); | |
85 | if (strchr(buf, '\n')) | |
86 | *strchr(buf, '\n') = 0; | |
87 | if (strcmp(buf, "") != 0) | |
88 | strlcpy(identity_file, buf, sizeof(identity_file)); | |
89 | have_identity = 1; | |
f095fcc7 | 90 | } |
8efc0c15 | 91 | |
a306f2dd | 92 | int |
93 | try_load_key(char *filename, Key *k) | |
94 | { | |
95 | int success = 1; | |
96 | if (!load_private_key(filename, "", k, NULL)) { | |
97 | char *pass = read_passphrase("Enter passphrase: ", 1); | |
98 | if (!load_private_key(filename, pass, k, NULL)) { | |
99 | success = 0; | |
100 | } | |
101 | memset(pass, 0, strlen(pass)); | |
102 | xfree(pass); | |
103 | } | |
104 | return success; | |
105 | } | |
106 | ||
107 | #define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" | |
108 | #define SSH_COM_MAGIC_END "---- END SSH2 PUBLIC KEY ----" | |
109 | ||
110 | void | |
111 | do_convert_to_ssh2(struct passwd *pw) | |
112 | { | |
113 | Key *k; | |
114 | int len; | |
115 | unsigned char *blob; | |
116 | struct stat st; | |
117 | ||
118 | if (!have_identity) | |
119 | ask_filename(pw, "Enter file in which the key is"); | |
120 | if (stat(identity_file, &st) < 0) { | |
121 | perror(identity_file); | |
122 | exit(1); | |
123 | } | |
124 | k = key_new(KEY_DSA); | |
125 | if (!try_load_key(identity_file, k)) { | |
126 | fprintf(stderr, "load failed\n"); | |
127 | exit(1); | |
128 | } | |
129 | dsa_make_key_blob(k, &blob, &len); | |
130 | fprintf(stdout, SSH_COM_MAGIC_BEGIN "\n"); | |
131 | fprintf(stdout, | |
132 | "Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n", | |
133 | BN_num_bits(k->dsa->p), | |
134 | pw->pw_name, hostname); | |
135 | dump_base64(stdout, blob, len); | |
136 | fprintf(stdout, SSH_COM_MAGIC_END "\n"); | |
137 | key_free(k); | |
138 | xfree(blob); | |
139 | exit(0); | |
140 | } | |
141 | ||
142 | void | |
143 | do_convert_from_ssh2(struct passwd *pw) | |
144 | { | |
145 | Key *k; | |
146 | int blen; | |
147 | char line[1024], *p; | |
148 | char blob[8096]; | |
149 | char encoded[8096]; | |
150 | struct stat st; | |
d0c832f3 | 151 | int escaped = 0; |
a306f2dd | 152 | FILE *fp; |
153 | ||
154 | if (!have_identity) | |
155 | ask_filename(pw, "Enter file in which the key is"); | |
156 | if (stat(identity_file, &st) < 0) { | |
157 | perror(identity_file); | |
158 | exit(1); | |
159 | } | |
160 | fp = fopen(identity_file, "r"); | |
161 | if (fp == NULL) { | |
162 | perror(identity_file); | |
163 | exit(1); | |
164 | } | |
165 | encoded[0] = '\0'; | |
166 | while (fgets(line, sizeof(line), fp)) { | |
d0c832f3 | 167 | if (!(p = strchr(line, '\n'))) { |
168 | fprintf(stderr, "input line too long.\n"); | |
169 | exit(1); | |
170 | } | |
171 | if (p > line && p[-1] == '\\') | |
172 | escaped++; | |
a306f2dd | 173 | if (strncmp(line, "----", 4) == 0 || |
174 | strstr(line, ": ") != NULL) { | |
175 | fprintf(stderr, "ignore: %s", line); | |
176 | continue; | |
177 | } | |
d0c832f3 | 178 | if (escaped) { |
179 | escaped--; | |
180 | fprintf(stderr, "escaped: %s", line); | |
181 | continue; | |
a306f2dd | 182 | } |
183 | *p = '\0'; | |
184 | strlcat(encoded, line, sizeof(encoded)); | |
185 | } | |
186 | blen = uudecode(encoded, (unsigned char *)blob, sizeof(blob)); | |
187 | if (blen < 0) { | |
188 | fprintf(stderr, "uudecode failed.\n"); | |
189 | exit(1); | |
190 | } | |
191 | k = dsa_key_from_blob(blob, blen); | |
192 | if (!key_write(k, stdout)) | |
193 | fprintf(stderr, "key_write failed"); | |
194 | key_free(k); | |
195 | fprintf(stdout, "\n"); | |
196 | fclose(fp); | |
197 | exit(0); | |
198 | } | |
199 | ||
200 | void | |
201 | do_print_public(struct passwd *pw) | |
202 | { | |
203 | Key *k; | |
204 | int len; | |
205 | unsigned char *blob; | |
206 | struct stat st; | |
207 | ||
208 | if (!have_identity) | |
209 | ask_filename(pw, "Enter file in which the key is"); | |
210 | if (stat(identity_file, &st) < 0) { | |
211 | perror(identity_file); | |
212 | exit(1); | |
213 | } | |
214 | k = key_new(KEY_DSA); | |
215 | if (!try_load_key(identity_file, k)) { | |
216 | fprintf(stderr, "load failed\n"); | |
217 | exit(1); | |
218 | } | |
219 | dsa_make_key_blob(k, &blob, &len); | |
220 | if (!key_write(k, stdout)) | |
221 | fprintf(stderr, "key_write failed"); | |
222 | key_free(k); | |
223 | xfree(blob); | |
224 | fprintf(stdout, "\n"); | |
225 | exit(0); | |
226 | } | |
227 | ||
f095fcc7 | 228 | void |
229 | do_fingerprint(struct passwd *pw) | |
230 | { | |
c8d54615 | 231 | FILE *f; |
232 | BIGNUM *e, *n; | |
a306f2dd | 233 | Key *public; |
c8d54615 | 234 | char *comment = NULL, *cp, *ep, line[16*1024]; |
235 | int i, skip = 0, num = 1, invalid = 1; | |
610cd5c6 | 236 | unsigned int ignore; |
5260325f | 237 | struct stat st; |
238 | ||
239 | if (!have_identity) | |
240 | ask_filename(pw, "Enter file in which the key is"); | |
241 | if (stat(identity_file, &st) < 0) { | |
242 | perror(identity_file); | |
243 | exit(1); | |
244 | } | |
a306f2dd | 245 | public = key_new(KEY_RSA); |
246 | if (load_public_key(identity_file, public, &comment)) { | |
247 | printf("%d %s %s\n", BN_num_bits(public->rsa->n), | |
248 | key_fingerprint(public), comment); | |
249 | key_free(public); | |
c8d54615 | 250 | exit(0); |
251 | } | |
a306f2dd | 252 | key_free(public); |
c8d54615 | 253 | |
a306f2dd | 254 | /* XXX */ |
c8d54615 | 255 | f = fopen(identity_file, "r"); |
256 | if (f != NULL) { | |
5260325f | 257 | n = BN_new(); |
258 | e = BN_new(); | |
c8d54615 | 259 | while (fgets(line, sizeof(line), f)) { |
260 | i = strlen(line) - 1; | |
261 | if (line[i] != '\n') { | |
262 | error("line %d too long: %.40s...", num, line); | |
263 | skip = 1; | |
264 | continue; | |
265 | } | |
266 | num++; | |
267 | if (skip) { | |
268 | skip = 0; | |
269 | continue; | |
270 | } | |
271 | line[i] = '\0'; | |
272 | ||
273 | /* Skip leading whitespace, empty and comment lines. */ | |
274 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | |
275 | ; | |
276 | if (!*cp || *cp == '\n' || *cp == '#') | |
277 | continue ; | |
278 | i = strtol(cp, &ep, 10); | |
279 | if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { | |
280 | int quoted = 0; | |
281 | comment = cp; | |
282 | for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { | |
283 | if (*cp == '\\' && cp[1] == '"') | |
284 | cp++; /* Skip both */ | |
285 | else if (*cp == '"') | |
286 | quoted = !quoted; | |
287 | } | |
288 | if (!*cp) | |
289 | continue; | |
290 | *cp++ = '\0'; | |
291 | } | |
292 | ep = cp; | |
610cd5c6 | 293 | if (auth_rsa_read_key(&cp, &ignore, e, n)) { |
c8d54615 | 294 | invalid = 0; |
295 | comment = *cp ? cp : comment; | |
296 | printf("%d %s %s\n", BN_num_bits(n), | |
297 | fingerprint(e, n), | |
298 | comment ? comment : "no comment"); | |
5260325f | 299 | } |
5260325f | 300 | } |
c8d54615 | 301 | BN_free(e); |
302 | BN_free(n); | |
303 | fclose(f); | |
304 | } | |
305 | if (invalid) { | |
306 | printf("%s is not a valid key file.\n", identity_file); | |
307 | exit(1); | |
5260325f | 308 | } |
5260325f | 309 | exit(0); |
f095fcc7 | 310 | } |
311 | ||
5260325f | 312 | /* |
313 | * Perform changing a passphrase. The argument is the passwd structure | |
314 | * for the current user. | |
315 | */ | |
f095fcc7 | 316 | void |
317 | do_change_passphrase(struct passwd *pw) | |
318 | { | |
5260325f | 319 | char *comment; |
320 | char *old_passphrase, *passphrase1, *passphrase2; | |
321 | struct stat st; | |
a306f2dd | 322 | Key *private; |
323 | Key *public; | |
324 | int type = dsa_mode ? KEY_DSA : KEY_RSA; | |
5260325f | 325 | |
326 | if (!have_identity) | |
327 | ask_filename(pw, "Enter file in which the key is"); | |
5260325f | 328 | if (stat(identity_file, &st) < 0) { |
329 | perror(identity_file); | |
330 | exit(1); | |
331 | } | |
a306f2dd | 332 | |
333 | if (type == KEY_RSA) { | |
334 | /* XXX this works currently only for RSA */ | |
335 | public = key_new(type); | |
336 | if (!load_public_key(identity_file, public, NULL)) { | |
337 | printf("%s is not a valid key file.\n", identity_file); | |
338 | exit(1); | |
339 | } | |
340 | /* Clear the public key since we are just about to load the whole file. */ | |
341 | key_free(public); | |
5260325f | 342 | } |
5260325f | 343 | |
344 | /* Try to load the file with empty passphrase. */ | |
a306f2dd | 345 | private = key_new(type); |
346 | if (!load_private_key(identity_file, "", private, &comment)) { | |
5260325f | 347 | if (identity_passphrase) |
348 | old_passphrase = xstrdup(identity_passphrase); | |
349 | else | |
350 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); | |
a306f2dd | 351 | if (!load_private_key(identity_file, old_passphrase, private, &comment)) { |
5260325f | 352 | memset(old_passphrase, 0, strlen(old_passphrase)); |
353 | xfree(old_passphrase); | |
354 | printf("Bad passphrase.\n"); | |
355 | exit(1); | |
356 | } | |
5260325f | 357 | memset(old_passphrase, 0, strlen(old_passphrase)); |
358 | xfree(old_passphrase); | |
359 | } | |
360 | printf("Key has comment '%s'\n", comment); | |
361 | ||
362 | /* Ask the new passphrase (twice). */ | |
363 | if (identity_new_passphrase) { | |
364 | passphrase1 = xstrdup(identity_new_passphrase); | |
365 | passphrase2 = NULL; | |
366 | } else { | |
367 | passphrase1 = | |
368 | read_passphrase("Enter new passphrase (empty for no passphrase): ", 1); | |
369 | passphrase2 = read_passphrase("Enter same passphrase again: ", 1); | |
370 | ||
371 | /* Verify that they are the same. */ | |
372 | if (strcmp(passphrase1, passphrase2) != 0) { | |
373 | memset(passphrase1, 0, strlen(passphrase1)); | |
374 | memset(passphrase2, 0, strlen(passphrase2)); | |
375 | xfree(passphrase1); | |
376 | xfree(passphrase2); | |
377 | printf("Pass phrases do not match. Try again.\n"); | |
378 | exit(1); | |
379 | } | |
380 | /* Destroy the other copy. */ | |
381 | memset(passphrase2, 0, strlen(passphrase2)); | |
382 | xfree(passphrase2); | |
8efc0c15 | 383 | } |
8efc0c15 | 384 | |
5260325f | 385 | /* Save the file using the new passphrase. */ |
a306f2dd | 386 | if (!save_private_key(identity_file, passphrase1, private, comment)) { |
5260325f | 387 | printf("Saving the key failed: %s: %s.\n", |
388 | identity_file, strerror(errno)); | |
389 | memset(passphrase1, 0, strlen(passphrase1)); | |
390 | xfree(passphrase1); | |
a306f2dd | 391 | key_free(private); |
5260325f | 392 | xfree(comment); |
393 | exit(1); | |
394 | } | |
395 | /* Destroy the passphrase and the copy of the key in memory. */ | |
396 | memset(passphrase1, 0, strlen(passphrase1)); | |
397 | xfree(passphrase1); | |
a306f2dd | 398 | key_free(private); /* Destroys contents */ |
5260325f | 399 | xfree(comment); |
400 | ||
401 | printf("Your identification has been saved with the new passphrase.\n"); | |
402 | exit(0); | |
403 | } | |
8efc0c15 | 404 | |
5260325f | 405 | /* |
406 | * Change the comment of a private key file. | |
407 | */ | |
8efc0c15 | 408 | void |
409 | do_change_comment(struct passwd *pw) | |
410 | { | |
5260325f | 411 | char new_comment[1024], *comment; |
a306f2dd | 412 | Key *private; |
413 | Key *public; | |
5260325f | 414 | char *passphrase; |
415 | struct stat st; | |
416 | FILE *f; | |
5260325f | 417 | |
418 | if (!have_identity) | |
419 | ask_filename(pw, "Enter file in which the key is"); | |
5260325f | 420 | if (stat(identity_file, &st) < 0) { |
421 | perror(identity_file); | |
422 | exit(1); | |
423 | } | |
aa3378df | 424 | /* |
425 | * Try to load the public key from the file the verify that it is | |
426 | * readable and of the proper format. | |
427 | */ | |
a306f2dd | 428 | public = key_new(KEY_RSA); |
429 | if (!load_public_key(identity_file, public, NULL)) { | |
5260325f | 430 | printf("%s is not a valid key file.\n", identity_file); |
431 | exit(1); | |
8efc0c15 | 432 | } |
aa3378df | 433 | |
a306f2dd | 434 | private = key_new(KEY_RSA); |
435 | if (load_private_key(identity_file, "", private, &comment)) | |
5260325f | 436 | passphrase = xstrdup(""); |
437 | else { | |
5260325f | 438 | if (identity_passphrase) |
439 | passphrase = xstrdup(identity_passphrase); | |
440 | else if (identity_new_passphrase) | |
441 | passphrase = xstrdup(identity_new_passphrase); | |
442 | else | |
443 | passphrase = read_passphrase("Enter passphrase: ", 1); | |
444 | /* Try to load using the passphrase. */ | |
a306f2dd | 445 | if (!load_private_key(identity_file, passphrase, private, &comment)) { |
5260325f | 446 | memset(passphrase, 0, strlen(passphrase)); |
447 | xfree(passphrase); | |
448 | printf("Bad passphrase.\n"); | |
449 | exit(1); | |
450 | } | |
451 | } | |
452 | printf("Key now has comment '%s'\n", comment); | |
453 | ||
454 | if (identity_comment) { | |
455 | strlcpy(new_comment, identity_comment, sizeof(new_comment)); | |
456 | } else { | |
457 | printf("Enter new comment: "); | |
458 | fflush(stdout); | |
459 | if (!fgets(new_comment, sizeof(new_comment), stdin)) { | |
460 | memset(passphrase, 0, strlen(passphrase)); | |
a306f2dd | 461 | key_free(private); |
5260325f | 462 | exit(1); |
463 | } | |
5260325f | 464 | if (strchr(new_comment, '\n')) |
465 | *strchr(new_comment, '\n') = 0; | |
466 | } | |
467 | ||
468 | /* Save the file using the new passphrase. */ | |
a306f2dd | 469 | if (!save_private_key(identity_file, passphrase, private, new_comment)) { |
5260325f | 470 | printf("Saving the key failed: %s: %s.\n", |
471 | identity_file, strerror(errno)); | |
472 | memset(passphrase, 0, strlen(passphrase)); | |
473 | xfree(passphrase); | |
a306f2dd | 474 | key_free(private); |
5260325f | 475 | xfree(comment); |
476 | exit(1); | |
8efc0c15 | 477 | } |
5260325f | 478 | memset(passphrase, 0, strlen(passphrase)); |
479 | xfree(passphrase); | |
a306f2dd | 480 | key_free(private); |
5260325f | 481 | |
5260325f | 482 | strlcat(identity_file, ".pub", sizeof(identity_file)); |
483 | f = fopen(identity_file, "w"); | |
484 | if (!f) { | |
485 | printf("Could not save your public key in %s\n", identity_file); | |
486 | exit(1); | |
487 | } | |
a306f2dd | 488 | if (!key_write(public, f)) |
489 | fprintf(stderr, "write key failed"); | |
490 | key_free(public); | |
491 | fprintf(f, " %s\n", new_comment); | |
5260325f | 492 | fclose(f); |
493 | ||
494 | xfree(comment); | |
495 | ||
496 | printf("The comment in your key file has been changed.\n"); | |
497 | exit(0); | |
8efc0c15 | 498 | } |
499 | ||
5ad13cd7 | 500 | void |
501 | usage(void) | |
502 | { | |
1d1ffb87 | 503 | printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname); |
5260325f | 504 | exit(1); |
5ad13cd7 | 505 | } |
506 | ||
5260325f | 507 | /* |
508 | * Main program for key management. | |
509 | */ | |
8efc0c15 | 510 | int |
511 | main(int ac, char **av) | |
512 | { | |
5260325f | 513 | char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; |
514 | struct passwd *pw; | |
5260325f | 515 | int opt; |
516 | struct stat st; | |
517 | FILE *f; | |
a306f2dd | 518 | Key *private; |
519 | Key *public; | |
5260325f | 520 | extern int optind; |
521 | extern char *optarg; | |
522 | ||
fa649821 | 523 | SSLeay_add_all_algorithms(); |
a306f2dd | 524 | |
aa3378df | 525 | /* we need this for the home * directory. */ |
5260325f | 526 | pw = getpwuid(getuid()); |
527 | if (!pw) { | |
528 | printf("You don't exist, go away!\n"); | |
529 | exit(1); | |
530 | } | |
a306f2dd | 531 | if (gethostname(hostname, sizeof(hostname)) < 0) { |
532 | perror("gethostname"); | |
533 | exit(1); | |
534 | } | |
aa3378df | 535 | |
a306f2dd | 536 | while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) { |
5260325f | 537 | switch (opt) { |
538 | case 'b': | |
539 | bits = atoi(optarg); | |
540 | if (bits < 512 || bits > 32768) { | |
541 | printf("Bits has bad value.\n"); | |
542 | exit(1); | |
543 | } | |
544 | break; | |
545 | ||
546 | case 'l': | |
547 | print_fingerprint = 1; | |
548 | break; | |
549 | ||
550 | case 'p': | |
551 | change_passphrase = 1; | |
552 | break; | |
553 | ||
554 | case 'c': | |
555 | change_comment = 1; | |
556 | break; | |
557 | ||
558 | case 'f': | |
559 | strlcpy(identity_file, optarg, sizeof(identity_file)); | |
560 | have_identity = 1; | |
561 | break; | |
562 | ||
563 | case 'P': | |
564 | identity_passphrase = optarg; | |
565 | break; | |
566 | ||
567 | case 'N': | |
568 | identity_new_passphrase = optarg; | |
569 | break; | |
570 | ||
571 | case 'C': | |
572 | identity_comment = optarg; | |
573 | break; | |
574 | ||
575 | case 'q': | |
576 | quiet = 1; | |
577 | break; | |
578 | ||
a306f2dd | 579 | case 'R': |
580 | if (rsa_alive() == 0) | |
581 | exit(1); | |
582 | else | |
583 | exit(0); | |
584 | break; | |
585 | ||
586 | case 'x': | |
587 | convert_to_ssh2 = 1; | |
588 | break; | |
589 | ||
590 | case 'X': | |
591 | convert_from_ssh2 = 1; | |
592 | break; | |
593 | ||
594 | case 'y': | |
595 | print_public = 1; | |
596 | break; | |
597 | ||
598 | case 'd': | |
599 | dsa_mode = 1; | |
600 | break; | |
601 | ||
5260325f | 602 | case '?': |
603 | default: | |
604 | usage(); | |
605 | } | |
606 | } | |
607 | if (optind < ac) { | |
608 | printf("Too many arguments.\n"); | |
609 | usage(); | |
610 | } | |
611 | if (change_passphrase && change_comment) { | |
612 | printf("Can only have one of -p and -c.\n"); | |
613 | usage(); | |
614 | } | |
a306f2dd | 615 | /* check if RSA support is needed and exists */ |
616 | if (dsa_mode == 0 && rsa_alive() == 0) { | |
617 | fprintf(stderr, | |
618 | "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", | |
619 | __progname); | |
620 | exit(1); | |
621 | } | |
5260325f | 622 | if (print_fingerprint) |
623 | do_fingerprint(pw); | |
5260325f | 624 | if (change_passphrase) |
625 | do_change_passphrase(pw); | |
5260325f | 626 | if (change_comment) |
627 | do_change_comment(pw); | |
a306f2dd | 628 | if (convert_to_ssh2) |
629 | do_convert_to_ssh2(pw); | |
630 | if (convert_from_ssh2) | |
631 | do_convert_from_ssh2(pw); | |
632 | if (print_public) | |
633 | do_print_public(pw); | |
5260325f | 634 | |
635 | arc4random_stir(); | |
636 | ||
a306f2dd | 637 | if (dsa_mode != 0) { |
638 | if (!quiet) | |
639 | printf("Generating DSA parameter and key.\n"); | |
640 | public = private = dsa_generate_key(bits); | |
641 | if (private == NULL) { | |
642 | fprintf(stderr, "dsa_generate_keys failed"); | |
643 | exit(1); | |
644 | } | |
645 | } else { | |
646 | if (quiet) | |
647 | rsa_set_verbose(0); | |
648 | /* Generate the rsa key pair. */ | |
649 | public = key_new(KEY_RSA); | |
650 | private = key_new(KEY_RSA); | |
651 | rsa_generate_key(private->rsa, public->rsa, bits); | |
652 | } | |
5260325f | 653 | |
654 | if (!have_identity) | |
655 | ask_filename(pw, "Enter file in which to save the key"); | |
656 | ||
657 | /* Create ~/.ssh directory if it doesn\'t already exist. */ | |
658 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR); | |
659 | if (strstr(identity_file, dotsshdir) != NULL && | |
660 | stat(dotsshdir, &st) < 0) { | |
661 | if (mkdir(dotsshdir, 0755) < 0) | |
662 | error("Could not create directory '%s'.", dotsshdir); | |
663 | else if (!quiet) | |
664 | printf("Created directory '%s'.\n", dotsshdir); | |
665 | } | |
666 | /* If the file already exists, ask the user to confirm. */ | |
667 | if (stat(identity_file, &st) >= 0) { | |
668 | char yesno[3]; | |
669 | printf("%s already exists.\n", identity_file); | |
670 | printf("Overwrite (y/n)? "); | |
671 | fflush(stdout); | |
672 | if (fgets(yesno, sizeof(yesno), stdin) == NULL) | |
673 | exit(1); | |
674 | if (yesno[0] != 'y' && yesno[0] != 'Y') | |
675 | exit(1); | |
676 | } | |
677 | /* Ask for a passphrase (twice). */ | |
678 | if (identity_passphrase) | |
679 | passphrase1 = xstrdup(identity_passphrase); | |
680 | else if (identity_new_passphrase) | |
681 | passphrase1 = xstrdup(identity_new_passphrase); | |
682 | else { | |
683 | passphrase_again: | |
684 | passphrase1 = | |
685 | read_passphrase("Enter passphrase (empty for no passphrase): ", 1); | |
686 | passphrase2 = read_passphrase("Enter same passphrase again: ", 1); | |
687 | if (strcmp(passphrase1, passphrase2) != 0) { | |
688 | /* The passphrases do not match. Clear them and retry. */ | |
689 | memset(passphrase1, 0, strlen(passphrase1)); | |
690 | memset(passphrase2, 0, strlen(passphrase2)); | |
691 | xfree(passphrase1); | |
692 | xfree(passphrase2); | |
693 | printf("Passphrases do not match. Try again.\n"); | |
694 | goto passphrase_again; | |
695 | } | |
696 | /* Clear the other copy of the passphrase. */ | |
697 | memset(passphrase2, 0, strlen(passphrase2)); | |
698 | xfree(passphrase2); | |
699 | } | |
700 | ||
5260325f | 701 | if (identity_comment) { |
702 | strlcpy(comment, identity_comment, sizeof(comment)); | |
703 | } else { | |
6ae2364d | 704 | /* Create default commend field for the passphrase. */ |
5260325f | 705 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); |
706 | } | |
707 | ||
708 | /* Save the key with the given passphrase and comment. */ | |
a306f2dd | 709 | if (!save_private_key(identity_file, passphrase1, private, comment)) { |
5260325f | 710 | printf("Saving the key failed: %s: %s.\n", |
a306f2dd | 711 | identity_file, strerror(errno)); |
5260325f | 712 | memset(passphrase1, 0, strlen(passphrase1)); |
713 | xfree(passphrase1); | |
714 | exit(1); | |
715 | } | |
716 | /* Clear the passphrase. */ | |
717 | memset(passphrase1, 0, strlen(passphrase1)); | |
718 | xfree(passphrase1); | |
719 | ||
720 | /* Clear the private key and the random number generator. */ | |
a306f2dd | 721 | if (private != public) { |
722 | key_free(private); | |
723 | } | |
5260325f | 724 | arc4random_stir(); |
725 | ||
726 | if (!quiet) | |
727 | printf("Your identification has been saved in %s.\n", identity_file); | |
728 | ||
5260325f | 729 | strlcat(identity_file, ".pub", sizeof(identity_file)); |
730 | f = fopen(identity_file, "w"); | |
731 | if (!f) { | |
732 | printf("Could not save your public key in %s\n", identity_file); | |
733 | exit(1); | |
734 | } | |
a306f2dd | 735 | if (!key_write(public, f)) |
736 | fprintf(stderr, "write key failed"); | |
737 | fprintf(f, " %s\n", comment); | |
5260325f | 738 | fclose(f); |
739 | ||
740 | if (!quiet) { | |
a306f2dd | 741 | printf("Your public key has been saved in %s.\n", |
742 | identity_file); | |
5260325f | 743 | printf("The key fingerprint is:\n"); |
a306f2dd | 744 | printf("%s %s\n", key_fingerprint(public), comment); |
8efc0c15 | 745 | } |
a306f2dd | 746 | |
747 | key_free(public); | |
5260325f | 748 | exit(0); |
8efc0c15 | 749 | } |