1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Identity and host key generation and maintenance.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $");
16
17#include <openssl/evp.h>
18#include <openssl/pem.h>
19
20#include "xmalloc.h"
21#include "key.h"
22#include "rsa.h"
23#include "authfile.h"
24#include "uuencode.h"
25#include "buffer.h"
26#include "bufaux.h"
27#include "pathnames.h"
28#include "log.h"
29#include "readpass.h"
30
31#ifdef SMARTCARD
32#include "scard.h"
33#endif
34
35/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
36int bits = 1024;
37
38/*
39 * Flag indicating that we just want to change the passphrase. This can be
40 * set on the command line.
41 */
--- 23 unchanged lines hidden (view full) ---
65
66/* This is set to the new comment if given on the command line. */
67char *identity_comment = NULL;
68
69/* Dump public key file in format used by real and the original SSH 2 */
70int convert_to_ssh2 = 0;
71int convert_from_ssh2 = 0;
72int print_public = 0;
73
74char *key_type_name = NULL;
75
76/* argv0 */
77#ifdef HAVE___PROGNAME
78extern char *__progname;
79#else
80char *__progname;
--- 77 unchanged lines hidden (view full) ---
158 exit(1);
159 }
160 if ((k = key_load_public(identity_file, NULL)) == NULL) {
161 if ((k = load_identity(identity_file)) == NULL) {
162 fprintf(stderr, "load failed\n");
163 exit(1);
164 }
165 }
166 if (key_to_blob(k, &blob, &len) <= 0) {
167 fprintf(stderr, "key_to_blob failed\n");
168 exit(1);
169 }
170 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
171 fprintf(stdout,
172 "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
173 key_size(k), key_type(k),
--- 236 unchanged lines hidden (view full) ---
410 if (prv == NULL) {
411 error("load failed");
412 exit(1);
413 }
414 ret = sc_put_key(prv, sc_reader_id);
415 key_free(prv);
416 if (ret < 0)
417 exit(1);
418 log("loading key done");
419 exit(0);
420}
421
422static void
423do_download(struct passwd *pw, const char *sc_reader_id)
424{
425 Key **keys = NULL;
426 int i;
--- 184 unchanged lines hidden (view full) ---
611 xfree(passphrase1);
612 key_free(private); /* Destroys contents */
613 xfree(comment);
614
615 printf("Your identification has been saved with the new passphrase.\n");
616 exit(0);
617}
618
619/*
620 * Change the comment of a private key file.
621 */
622static void
623do_change_comment(struct passwd *pw)
624{
625 char new_comment[1024], *comment, *passphrase;
626 Key *private;
627 Key *public;
--- 89 unchanged lines hidden (view full) ---
717usage(void)
718{
719 fprintf(stderr, "Usage: %s [options]\n", __progname);
720 fprintf(stderr, "Options:\n");
721 fprintf(stderr, " -b bits Number of bits in the key to create.\n");
722 fprintf(stderr, " -c Change comment in private and public key files.\n");
723 fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
724 fprintf(stderr, " -f filename Filename of the key file.\n");
725 fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
726 fprintf(stderr, " -l Show fingerprint of key file.\n");
727 fprintf(stderr, " -p Change passphrase of private key file.\n");
728 fprintf(stderr, " -q Quiet.\n");
729 fprintf(stderr, " -y Read private key file and print public key.\n");
730 fprintf(stderr, " -t type Specify type of key to create.\n");
731 fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
732 fprintf(stderr, " -C comment Provide new comment.\n");
733 fprintf(stderr, " -N phrase Provide new passphrase.\n");
734 fprintf(stderr, " -P phrase Provide old passphrase.\n");
735#ifdef SMARTCARD
736 fprintf(stderr, " -D reader Download public key from smartcard.\n");
737 fprintf(stderr, " -U reader Upload private key to smartcard.\n");
738#endif /* SMARTCARD */
739
740 exit(1);
741}
742
743/*
744 * Main program for key management.
745 */
746int
747main(int ac, char **av)
748{
749 char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
750 char *reader_id = NULL;
751 Key *private, *public;
752 struct passwd *pw;
753 struct stat st;
754 int opt, type, fd, download = 0;
755 FILE *f;
756
757 extern int optind;
758 extern char *optarg;
759
760 __progname = get_progname(av[0]);
761
762 SSLeay_add_all_algorithms();
763 init_rng();
764 seed_rng();
765
766 /* we need this for the home * directory. */
767 pw = getpwuid(getuid());
768 if (!pw) {
769 printf("You don't exist, go away!\n");
770 exit(1);
771 }
772 if (gethostname(hostname, sizeof(hostname)) < 0) {
773 perror("gethostname");
774 exit(1);
775 }
776
777 while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:U:D:P:N:C:")) != -1) {
778 switch (opt) {
779 case 'b':
780 bits = atoi(optarg);
781 if (bits < 512 || bits > 32768) {
782 printf("Bits has bad value.\n");
783 exit(1);
784 }
785 break;
--- 8 unchanged lines hidden (view full) ---
794 break;
795 case 'c':
796 change_comment = 1;
797 break;
798 case 'f':
799 strlcpy(identity_file, optarg, sizeof(identity_file));
800 have_identity = 1;
801 break;
802 case 'P':
803 identity_passphrase = optarg;
804 break;
805 case 'N':
806 identity_new_passphrase = optarg;
807 break;
808 case 'C':
809 identity_comment = optarg;
--- 24 unchanged lines hidden (view full) ---
834 case 't':
835 key_type_name = optarg;
836 break;
837 case 'D':
838 download = 1;
839 case 'U':
840 reader_id = optarg;
841 break;
842 case '?':
843 default:
844 usage();
845 }
846 }
847 if (optind < ac) {
848 printf("Too many arguments.\n");
849 usage();
--- 9 unchanged lines hidden (view full) ---
859 if (change_comment)
860 do_change_comment(pw);
861 if (convert_to_ssh2)
862 do_convert_to_ssh2(pw);
863 if (convert_from_ssh2)
864 do_convert_from_ssh2(pw);
865 if (print_public)
866 do_print_public(pw);
867 if (reader_id != NULL) {
868#ifdef SMARTCARD
869 if (download)
870 do_download(pw, reader_id);
871 else
872 do_upload(pw, reader_id);
873#else /* SMARTCARD */
874 fatal("no support for smartcards.");
875#endif /* SMARTCARD */
876 }
877
878 arc4random_stir();
879
880 if (key_type_name == NULL) {
881 printf("You must specify a key type (-t).\n");
882 usage();
883 }
884 type = key_type_from_name(key_type_name);
885 if (type == KEY_UNSPEC) {
--- 117 unchanged lines hidden ---
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Identity and host key generation and maintenance.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $");
16
17#include <openssl/evp.h>
18#include <openssl/pem.h>
19
20#include "xmalloc.h"
21#include "key.h"
22#include "rsa.h"
23#include "authfile.h"
24#include "uuencode.h"
25#include "buffer.h"
26#include "bufaux.h"
27#include "pathnames.h"
28#include "log.h"
29#include "readpass.h"
30
31#ifdef SMARTCARD
32#include "scard.h"
33#endif
34
35/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
36int bits = 1024;
37
38/*
39 * Flag indicating that we just want to change the passphrase. This can be
40 * set on the command line.
41 */
--- 23 unchanged lines hidden (view full) ---
65
66/* This is set to the new comment if given on the command line. */
67char *identity_comment = NULL;
68
69/* Dump public key file in format used by real and the original SSH 2 */
70int convert_to_ssh2 = 0;
71int convert_from_ssh2 = 0;
72int print_public = 0;
73
74char *key_type_name = NULL;
75
76/* argv0 */
77#ifdef HAVE___PROGNAME
78extern char *__progname;
79#else
80char *__progname;
--- 77 unchanged lines hidden (view full) ---
158 exit(1);
159 }
160 if ((k = key_load_public(identity_file, NULL)) == NULL) {
161 if ((k = load_identity(identity_file)) == NULL) {
162 fprintf(stderr, "load failed\n");
163 exit(1);
164 }
165 }
166 if (key_to_blob(k, &blob, &len) <= 0) {
167 fprintf(stderr, "key_to_blob failed\n");
168 exit(1);
169 }
170 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
171 fprintf(stdout,
172 "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
173 key_size(k), key_type(k),
--- 236 unchanged lines hidden (view full) ---
410 if (prv == NULL) {
411 error("load failed");
412 exit(1);
413 }
414 ret = sc_put_key(prv, sc_reader_id);
415 key_free(prv);
416 if (ret < 0)
417 exit(1);
418 log("loading key done");
419 exit(0);
420}
421
422static void
423do_download(struct passwd *pw, const char *sc_reader_id)
424{
425 Key **keys = NULL;
426 int i;
--- 184 unchanged lines hidden (view full) ---
611 xfree(passphrase1);
612 key_free(private); /* Destroys contents */
613 xfree(comment);
614
615 printf("Your identification has been saved with the new passphrase.\n");
616 exit(0);
617}
618
619/*
620 * Change the comment of a private key file.
621 */
622static void
623do_change_comment(struct passwd *pw)
624{
625 char new_comment[1024], *comment, *passphrase;
626 Key *private;
627 Key *public;
--- 89 unchanged lines hidden (view full) ---
717usage(void)
718{
719 fprintf(stderr, "Usage: %s [options]\n", __progname);
720 fprintf(stderr, "Options:\n");
721 fprintf(stderr, " -b bits Number of bits in the key to create.\n");
722 fprintf(stderr, " -c Change comment in private and public key files.\n");
723 fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
724 fprintf(stderr, " -f filename Filename of the key file.\n");
725 fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
726 fprintf(stderr, " -l Show fingerprint of key file.\n");
727 fprintf(stderr, " -p Change passphrase of private key file.\n");
728 fprintf(stderr, " -q Quiet.\n");
729 fprintf(stderr, " -y Read private key file and print public key.\n");
730 fprintf(stderr, " -t type Specify type of key to create.\n");
731 fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
732 fprintf(stderr, " -C comment Provide new comment.\n");
733 fprintf(stderr, " -N phrase Provide new passphrase.\n");
734 fprintf(stderr, " -P phrase Provide old passphrase.\n");
735#ifdef SMARTCARD
736 fprintf(stderr, " -D reader Download public key from smartcard.\n");
737 fprintf(stderr, " -U reader Upload private key to smartcard.\n");
738#endif /* SMARTCARD */
739
740 exit(1);
741}
742
743/*
744 * Main program for key management.
745 */
746int
747main(int ac, char **av)
748{
749 char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
750 char *reader_id = NULL;
751 Key *private, *public;
752 struct passwd *pw;
753 struct stat st;
754 int opt, type, fd, download = 0;
755 FILE *f;
756
757 extern int optind;
758 extern char *optarg;
759
760 __progname = get_progname(av[0]);
761
762 SSLeay_add_all_algorithms();
763 init_rng();
764 seed_rng();
765
766 /* we need this for the home * directory. */
767 pw = getpwuid(getuid());
768 if (!pw) {
769 printf("You don't exist, go away!\n");
770 exit(1);
771 }
772 if (gethostname(hostname, sizeof(hostname)) < 0) {
773 perror("gethostname");
774 exit(1);
775 }
776
777 while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:U:D:P:N:C:")) != -1) {
778 switch (opt) {
779 case 'b':
780 bits = atoi(optarg);
781 if (bits < 512 || bits > 32768) {
782 printf("Bits has bad value.\n");
783 exit(1);
784 }
785 break;
--- 8 unchanged lines hidden (view full) ---
794 break;
795 case 'c':
796 change_comment = 1;
797 break;
798 case 'f':
799 strlcpy(identity_file, optarg, sizeof(identity_file));
800 have_identity = 1;
801 break;
802 case 'P':
803 identity_passphrase = optarg;
804 break;
805 case 'N':
806 identity_new_passphrase = optarg;
807 break;
808 case 'C':
809 identity_comment = optarg;
--- 24 unchanged lines hidden (view full) ---
834 case 't':
835 key_type_name = optarg;
836 break;
837 case 'D':
838 download = 1;
839 case 'U':
840 reader_id = optarg;
841 break;
842 case '?':
843 default:
844 usage();
845 }
846 }
847 if (optind < ac) {
848 printf("Too many arguments.\n");
849 usage();
--- 9 unchanged lines hidden (view full) ---
859 if (change_comment)
860 do_change_comment(pw);
861 if (convert_to_ssh2)
862 do_convert_to_ssh2(pw);
863 if (convert_from_ssh2)
864 do_convert_from_ssh2(pw);
865 if (print_public)
866 do_print_public(pw);
867 if (reader_id != NULL) {
868#ifdef SMARTCARD
869 if (download)
870 do_download(pw, reader_id);
871 else
872 do_upload(pw, reader_id);
873#else /* SMARTCARD */
874 fatal("no support for smartcards.");
875#endif /* SMARTCARD */
876 }
877
878 arc4random_stir();
879
880 if (key_type_name == NULL) {
881 printf("You must specify a key type (-t).\n");
882 usage();
883 }
884 type = key_type_from_name(key_type_name);
885 if (type == KEY_UNSPEC) {
--- 117 unchanged lines hidden ---