ssh-keygen.c revision 181097
1/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Identity and host key generation and maintenance. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14 15#include "includes.h" 16 17#include <sys/types.h> 18#include <sys/socket.h> 19#include <sys/stat.h> 20#include <sys/param.h> 21 22#include <openssl/evp.h> 23#include <openssl/pem.h> 24 25#include <errno.h> 26#include <fcntl.h> 27#include <netdb.h> 28#ifdef HAVE_PATHS_H 29# include <paths.h> 30#endif 31#include <pwd.h> 32#include <stdarg.h> 33#include <stdio.h> 34#include <stdlib.h> 35#include <string.h> 36#include <unistd.h> 37 38#include "xmalloc.h" 39#include "key.h" 40#include "rsa.h" 41#include "authfile.h" 42#include "uuencode.h" 43#include "buffer.h" 44#include "pathnames.h" 45#include "log.h" 46#include "misc.h" 47#include "match.h" 48#include "hostfile.h" 49#include "dns.h" 50 51#ifdef SMARTCARD 52#include "scard.h" 53#endif 54 55/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ 56#define DEFAULT_BITS 2048 57#define DEFAULT_BITS_DSA 1024 58u_int32_t bits = 0; 59 60/* 61 * Flag indicating that we just want to change the passphrase. This can be 62 * set on the command line. 63 */ 64int change_passphrase = 0; 65 66/* 67 * Flag indicating that we just want to change the comment. This can be set 68 * on the command line. 69 */ 70int change_comment = 0; 71 72int quiet = 0; 73 74/* Flag indicating that we want to hash a known_hosts file */ 75int hash_hosts = 0; 76/* Flag indicating that we want lookup a host in known_hosts file */ 77int find_host = 0; 78/* Flag indicating that we want to delete a host from a known_hosts file */ 79int delete_host = 0; 80 81/* Flag indicating that we just want to see the key fingerprint */ 82int print_fingerprint = 0; 83int print_bubblebabble = 0; 84 85/* The identity file name, given on the command line or entered by the user. */ 86char identity_file[1024]; 87int have_identity = 0; 88 89/* This is set to the passphrase if given on the command line. */ 90char *identity_passphrase = NULL; 91 92/* This is set to the new passphrase if given on the command line. */ 93char *identity_new_passphrase = NULL; 94 95/* This is set to the new comment if given on the command line. */ 96char *identity_comment = NULL; 97 98/* Dump public key file in format used by real and the original SSH 2 */ 99int convert_to_ssh2 = 0; 100int convert_from_ssh2 = 0; 101int print_public = 0; 102int print_generic = 0; 103 104char *key_type_name = NULL; 105 106/* argv0 */ 107extern char *__progname; 108 109char hostname[MAXHOSTNAMELEN]; 110 111/* moduli.c */ 112int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); 113int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); 114 115static void 116ask_filename(struct passwd *pw, const char *prompt) 117{ 118 char buf[1024]; 119 char *name = NULL; 120 121 if (key_type_name == NULL) 122 name = _PATH_SSH_CLIENT_ID_RSA; 123 else { 124 switch (key_type_from_name(key_type_name)) { 125 case KEY_RSA1: 126 name = _PATH_SSH_CLIENT_IDENTITY; 127 break; 128 case KEY_DSA: 129 name = _PATH_SSH_CLIENT_ID_DSA; 130 break; 131 case KEY_RSA: 132 name = _PATH_SSH_CLIENT_ID_RSA; 133 break; 134 default: 135 fprintf(stderr, "bad key type"); 136 exit(1); 137 break; 138 } 139 } 140 snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); 141 fprintf(stderr, "%s (%s): ", prompt, identity_file); 142 if (fgets(buf, sizeof(buf), stdin) == NULL) 143 exit(1); 144 if (strchr(buf, '\n')) 145 *strchr(buf, '\n') = 0; 146 if (strcmp(buf, "") != 0) 147 strlcpy(identity_file, buf, sizeof(identity_file)); 148 have_identity = 1; 149} 150 151static Key * 152load_identity(char *filename) 153{ 154 char *pass; 155 Key *prv; 156 157 prv = key_load_private(filename, "", NULL); 158 if (prv == NULL) { 159 if (identity_passphrase) 160 pass = xstrdup(identity_passphrase); 161 else 162 pass = read_passphrase("Enter passphrase: ", 163 RP_ALLOW_STDIN); 164 prv = key_load_private(filename, pass, NULL); 165 memset(pass, 0, strlen(pass)); 166 xfree(pass); 167 } 168 return prv; 169} 170 171#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" 172#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----" 173#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" 174#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb 175 176static void 177do_convert_to_ssh2(struct passwd *pw) 178{ 179 Key *k; 180 u_int len; 181 u_char *blob; 182 struct stat st; 183 184 if (!have_identity) 185 ask_filename(pw, "Enter file in which the key is"); 186 if (stat(identity_file, &st) < 0) { 187 perror(identity_file); 188 exit(1); 189 } 190 if ((k = key_load_public(identity_file, NULL)) == NULL) { 191 if ((k = load_identity(identity_file)) == NULL) { 192 fprintf(stderr, "load failed\n"); 193 exit(1); 194 } 195 } 196 if (k->type == KEY_RSA1) { 197 fprintf(stderr, "version 1 keys are not supported\n"); 198 exit(1); 199 } 200 if (key_to_blob(k, &blob, &len) <= 0) { 201 fprintf(stderr, "key_to_blob failed\n"); 202 exit(1); 203 } 204 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); 205 fprintf(stdout, 206 "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n", 207 key_size(k), key_type(k), 208 pw->pw_name, hostname); 209 dump_base64(stdout, blob, len); 210 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); 211 key_free(k); 212 xfree(blob); 213 exit(0); 214} 215 216static void 217buffer_get_bignum_bits(Buffer *b, BIGNUM *value) 218{ 219 u_int bignum_bits = buffer_get_int(b); 220 u_int bytes = (bignum_bits + 7) / 8; 221 222 if (buffer_len(b) < bytes) 223 fatal("buffer_get_bignum_bits: input buffer too small: " 224 "need %d have %d", bytes, buffer_len(b)); 225 if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL) 226 fatal("buffer_get_bignum_bits: BN_bin2bn failed"); 227 buffer_consume(b, bytes); 228} 229 230static Key * 231do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) 232{ 233 Buffer b; 234 Key *key = NULL; 235 char *type, *cipher; 236 u_char *sig, data[] = "abcde12345"; 237 int magic, rlen, ktype, i1, i2, i3, i4; 238 u_int slen; 239 u_long e; 240 241 buffer_init(&b); 242 buffer_append(&b, blob, blen); 243 244 magic = buffer_get_int(&b); 245 if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { 246 error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); 247 buffer_free(&b); 248 return NULL; 249 } 250 i1 = buffer_get_int(&b); 251 type = buffer_get_string(&b, NULL); 252 cipher = buffer_get_string(&b, NULL); 253 i2 = buffer_get_int(&b); 254 i3 = buffer_get_int(&b); 255 i4 = buffer_get_int(&b); 256 debug("ignore (%d %d %d %d)", i1,i2,i3,i4); 257 if (strcmp(cipher, "none") != 0) { 258 error("unsupported cipher %s", cipher); 259 xfree(cipher); 260 buffer_free(&b); 261 xfree(type); 262 return NULL; 263 } 264 xfree(cipher); 265 266 if (strstr(type, "dsa")) { 267 ktype = KEY_DSA; 268 } else if (strstr(type, "rsa")) { 269 ktype = KEY_RSA; 270 } else { 271 buffer_free(&b); 272 xfree(type); 273 return NULL; 274 } 275 key = key_new_private(ktype); 276 xfree(type); 277 278 switch (key->type) { 279 case KEY_DSA: 280 buffer_get_bignum_bits(&b, key->dsa->p); 281 buffer_get_bignum_bits(&b, key->dsa->g); 282 buffer_get_bignum_bits(&b, key->dsa->q); 283 buffer_get_bignum_bits(&b, key->dsa->pub_key); 284 buffer_get_bignum_bits(&b, key->dsa->priv_key); 285 break; 286 case KEY_RSA: 287 e = buffer_get_char(&b); 288 debug("e %lx", e); 289 if (e < 30) { 290 e <<= 8; 291 e += buffer_get_char(&b); 292 debug("e %lx", e); 293 e <<= 8; 294 e += buffer_get_char(&b); 295 debug("e %lx", e); 296 } 297 if (!BN_set_word(key->rsa->e, e)) { 298 buffer_free(&b); 299 key_free(key); 300 return NULL; 301 } 302 buffer_get_bignum_bits(&b, key->rsa->d); 303 buffer_get_bignum_bits(&b, key->rsa->n); 304 buffer_get_bignum_bits(&b, key->rsa->iqmp); 305 buffer_get_bignum_bits(&b, key->rsa->q); 306 buffer_get_bignum_bits(&b, key->rsa->p); 307 rsa_generate_additional_parameters(key->rsa); 308 break; 309 } 310 rlen = buffer_len(&b); 311 if (rlen != 0) 312 error("do_convert_private_ssh2_from_blob: " 313 "remaining bytes in key blob %d", rlen); 314 buffer_free(&b); 315 316 /* try the key */ 317 key_sign(key, &sig, &slen, data, sizeof(data)); 318 key_verify(key, sig, slen, data, sizeof(data)); 319 xfree(sig); 320 return key; 321} 322 323static int 324get_line(FILE *fp, char *line, size_t len) 325{ 326 int c; 327 size_t pos = 0; 328 329 line[0] = '\0'; 330 while ((c = fgetc(fp)) != EOF) { 331 if (pos >= len - 1) { 332 fprintf(stderr, "input line too long.\n"); 333 exit(1); 334 } 335 switch (c) { 336 case '\r': 337 c = fgetc(fp); 338 if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { 339 fprintf(stderr, "unget: %s\n", strerror(errno)); 340 exit(1); 341 } 342 return pos; 343 case '\n': 344 return pos; 345 } 346 line[pos++] = c; 347 line[pos] = '\0'; 348 } 349 if (c == EOF) 350 return -1; 351 return pos; 352} 353 354static void 355do_convert_from_ssh2(struct passwd *pw) 356{ 357 Key *k; 358 int blen; 359 u_int len; 360 char line[1024]; 361 u_char blob[8096]; 362 char encoded[8096]; 363 struct stat st; 364 int escaped = 0, private = 0, ok; 365 FILE *fp; 366 367 if (!have_identity) 368 ask_filename(pw, "Enter file in which the key is"); 369 if (stat(identity_file, &st) < 0) { 370 perror(identity_file); 371 exit(1); 372 } 373 fp = fopen(identity_file, "r"); 374 if (fp == NULL) { 375 perror(identity_file); 376 exit(1); 377 } 378 encoded[0] = '\0'; 379 while ((blen = get_line(fp, line, sizeof(line))) != -1) { 380 if (line[blen - 1] == '\\') 381 escaped++; 382 if (strncmp(line, "----", 4) == 0 || 383 strstr(line, ": ") != NULL) { 384 if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) 385 private = 1; 386 if (strstr(line, " END ") != NULL) { 387 break; 388 } 389 /* fprintf(stderr, "ignore: %s", line); */ 390 continue; 391 } 392 if (escaped) { 393 escaped--; 394 /* fprintf(stderr, "escaped: %s", line); */ 395 continue; 396 } 397 strlcat(encoded, line, sizeof(encoded)); 398 } 399 len = strlen(encoded); 400 if (((len % 4) == 3) && 401 (encoded[len-1] == '=') && 402 (encoded[len-2] == '=') && 403 (encoded[len-3] == '=')) 404 encoded[len-3] = '\0'; 405 blen = uudecode(encoded, blob, sizeof(blob)); 406 if (blen < 0) { 407 fprintf(stderr, "uudecode failed.\n"); 408 exit(1); 409 } 410 k = private ? 411 do_convert_private_ssh2_from_blob(blob, blen) : 412 key_from_blob(blob, blen); 413 if (k == NULL) { 414 fprintf(stderr, "decode blob failed.\n"); 415 exit(1); 416 } 417 ok = private ? 418 (k->type == KEY_DSA ? 419 PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : 420 PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : 421 key_write(k, stdout); 422 if (!ok) { 423 fprintf(stderr, "key write failed"); 424 exit(1); 425 } 426 key_free(k); 427 if (!private) 428 fprintf(stdout, "\n"); 429 fclose(fp); 430 exit(0); 431} 432 433static void 434do_print_public(struct passwd *pw) 435{ 436 Key *prv; 437 struct stat st; 438 439 if (!have_identity) 440 ask_filename(pw, "Enter file in which the key is"); 441 if (stat(identity_file, &st) < 0) { 442 perror(identity_file); 443 exit(1); 444 } 445 prv = load_identity(identity_file); 446 if (prv == NULL) { 447 fprintf(stderr, "load failed\n"); 448 exit(1); 449 } 450 if (!key_write(prv, stdout)) 451 fprintf(stderr, "key_write failed"); 452 key_free(prv); 453 fprintf(stdout, "\n"); 454 exit(0); 455} 456 457#ifdef SMARTCARD 458static void 459do_upload(struct passwd *pw, const char *sc_reader_id) 460{ 461 Key *prv = NULL; 462 struct stat st; 463 int ret; 464 465 if (!have_identity) 466 ask_filename(pw, "Enter file in which the key is"); 467 if (stat(identity_file, &st) < 0) { 468 perror(identity_file); 469 exit(1); 470 } 471 prv = load_identity(identity_file); 472 if (prv == NULL) { 473 error("load failed"); 474 exit(1); 475 } 476 ret = sc_put_key(prv, sc_reader_id); 477 key_free(prv); 478 if (ret < 0) 479 exit(1); 480 logit("loading key done"); 481 exit(0); 482} 483 484static void 485do_download(struct passwd *pw, const char *sc_reader_id) 486{ 487 Key **keys = NULL; 488 int i; 489 490 keys = sc_get_keys(sc_reader_id, NULL); 491 if (keys == NULL) 492 fatal("cannot read public key from smartcard"); 493 for (i = 0; keys[i]; i++) { 494 key_write(keys[i], stdout); 495 key_free(keys[i]); 496 fprintf(stdout, "\n"); 497 } 498 xfree(keys); 499 exit(0); 500} 501#endif /* SMARTCARD */ 502 503static void 504do_fingerprint(struct passwd *pw) 505{ 506 FILE *f; 507 Key *public; 508 char *comment = NULL, *cp, *ep, line[16*1024], *fp; 509 int i, skip = 0, num = 1, invalid = 1; 510 enum fp_rep rep; 511 enum fp_type fptype; 512 struct stat st; 513 514 fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; 515 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; 516 517 if (!have_identity) 518 ask_filename(pw, "Enter file in which the key is"); 519 if (stat(identity_file, &st) < 0) { 520 perror(identity_file); 521 exit(1); 522 } 523 public = key_load_public(identity_file, &comment); 524 if (public != NULL) { 525 fp = key_fingerprint(public, fptype, rep); 526 printf("%u %s %s\n", key_size(public), fp, comment); 527 key_free(public); 528 xfree(comment); 529 xfree(fp); 530 exit(0); 531 } 532 if (comment) { 533 xfree(comment); 534 comment = NULL; 535 } 536 537 f = fopen(identity_file, "r"); 538 if (f != NULL) { 539 while (fgets(line, sizeof(line), f)) { 540 i = strlen(line) - 1; 541 if (line[i] != '\n') { 542 error("line %d too long: %.40s...", num, line); 543 skip = 1; 544 continue; 545 } 546 num++; 547 if (skip) { 548 skip = 0; 549 continue; 550 } 551 line[i] = '\0'; 552 553 /* Skip leading whitespace, empty and comment lines. */ 554 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 555 ; 556 if (!*cp || *cp == '\n' || *cp == '#') 557 continue ; 558 i = strtol(cp, &ep, 10); 559 if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { 560 int quoted = 0; 561 comment = cp; 562 for (; *cp && (quoted || (*cp != ' ' && 563 *cp != '\t')); cp++) { 564 if (*cp == '\\' && cp[1] == '"') 565 cp++; /* Skip both */ 566 else if (*cp == '"') 567 quoted = !quoted; 568 } 569 if (!*cp) 570 continue; 571 *cp++ = '\0'; 572 } 573 ep = cp; 574 public = key_new(KEY_RSA1); 575 if (key_read(public, &cp) != 1) { 576 cp = ep; 577 key_free(public); 578 public = key_new(KEY_UNSPEC); 579 if (key_read(public, &cp) != 1) { 580 key_free(public); 581 continue; 582 } 583 } 584 comment = *cp ? cp : comment; 585 fp = key_fingerprint(public, fptype, rep); 586 printf("%u %s %s\n", key_size(public), fp, 587 comment ? comment : "no comment"); 588 xfree(fp); 589 key_free(public); 590 invalid = 0; 591 } 592 fclose(f); 593 } 594 if (invalid) { 595 printf("%s is not a public key file.\n", identity_file); 596 exit(1); 597 } 598 exit(0); 599} 600 601static void 602print_host(FILE *f, char *name, Key *public, int hash) 603{ 604 if (hash && (name = host_hash(name, NULL, 0)) == NULL) 605 fatal("hash_host failed"); 606 fprintf(f, "%s ", name); 607 if (!key_write(public, f)) 608 fatal("key_write failed"); 609 fprintf(f, "\n"); 610} 611 612static void 613do_known_hosts(struct passwd *pw, const char *name) 614{ 615 FILE *in, *out = stdout; 616 Key *public; 617 char *cp, *cp2, *kp, *kp2; 618 char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; 619 int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; 620 621 if (!have_identity) { 622 cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); 623 if (strlcpy(identity_file, cp, sizeof(identity_file)) >= 624 sizeof(identity_file)) 625 fatal("Specified known hosts path too long"); 626 xfree(cp); 627 have_identity = 1; 628 } 629 if ((in = fopen(identity_file, "r")) == NULL) 630 fatal("fopen: %s", strerror(errno)); 631 632 /* 633 * Find hosts goes to stdout, hash and deletions happen in-place 634 * A corner case is ssh-keygen -HF foo, which should go to stdout 635 */ 636 if (!find_host && (hash_hosts || delete_host)) { 637 if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || 638 strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || 639 strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || 640 strlcat(old, ".old", sizeof(old)) >= sizeof(old)) 641 fatal("known_hosts path too long"); 642 umask(077); 643 if ((c = mkstemp(tmp)) == -1) 644 fatal("mkstemp: %s", strerror(errno)); 645 if ((out = fdopen(c, "w")) == NULL) { 646 c = errno; 647 unlink(tmp); 648 fatal("fdopen: %s", strerror(c)); 649 } 650 inplace = 1; 651 } 652 653 while (fgets(line, sizeof(line), in)) { 654 num++; 655 i = strlen(line) - 1; 656 if (line[i] != '\n') { 657 error("line %d too long: %.40s...", num, line); 658 skip = 1; 659 invalid = 1; 660 continue; 661 } 662 if (skip) { 663 skip = 0; 664 continue; 665 } 666 line[i] = '\0'; 667 668 /* Skip leading whitespace, empty and comment lines. */ 669 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 670 ; 671 if (!*cp || *cp == '\n' || *cp == '#') { 672 if (inplace) 673 fprintf(out, "%s\n", cp); 674 continue; 675 } 676 /* Find the end of the host name portion. */ 677 for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) 678 ; 679 if (*kp == '\0' || *(kp + 1) == '\0') { 680 error("line %d missing key: %.40s...", 681 num, line); 682 invalid = 1; 683 continue; 684 } 685 *kp++ = '\0'; 686 kp2 = kp; 687 688 public = key_new(KEY_RSA1); 689 if (key_read(public, &kp) != 1) { 690 kp = kp2; 691 key_free(public); 692 public = key_new(KEY_UNSPEC); 693 if (key_read(public, &kp) != 1) { 694 error("line %d invalid key: %.40s...", 695 num, line); 696 key_free(public); 697 invalid = 1; 698 continue; 699 } 700 } 701 702 if (*cp == HASH_DELIM) { 703 if (find_host || delete_host) { 704 cp2 = host_hash(name, cp, strlen(cp)); 705 if (cp2 == NULL) { 706 error("line %d: invalid hashed " 707 "name: %.64s...", num, line); 708 invalid = 1; 709 continue; 710 } 711 c = (strcmp(cp2, cp) == 0); 712 if (find_host && c) { 713 printf("# Host %s found: " 714 "line %d type %s\n", name, 715 num, key_type(public)); 716 print_host(out, cp, public, 0); 717 } 718 if (delete_host && !c) 719 print_host(out, cp, public, 0); 720 } else if (hash_hosts) 721 print_host(out, cp, public, 0); 722 } else { 723 if (find_host || delete_host) { 724 c = (match_hostname(name, cp, 725 strlen(cp)) == 1); 726 if (find_host && c) { 727 printf("# Host %s found: " 728 "line %d type %s\n", name, 729 num, key_type(public)); 730 print_host(out, cp, public, hash_hosts); 731 } 732 if (delete_host && !c) 733 print_host(out, cp, public, 0); 734 } else if (hash_hosts) { 735 for (cp2 = strsep(&cp, ","); 736 cp2 != NULL && *cp2 != '\0'; 737 cp2 = strsep(&cp, ",")) { 738 if (strcspn(cp2, "*?!") != strlen(cp2)) 739 fprintf(stderr, "Warning: " 740 "ignoring host name with " 741 "metacharacters: %.64s\n", 742 cp2); 743 else 744 print_host(out, cp2, public, 1); 745 } 746 has_unhashed = 1; 747 } 748 } 749 key_free(public); 750 } 751 fclose(in); 752 753 if (invalid) { 754 fprintf(stderr, "%s is not a valid known_host file.\n", 755 identity_file); 756 if (inplace) { 757 fprintf(stderr, "Not replacing existing known_hosts " 758 "file because of errors\n"); 759 fclose(out); 760 unlink(tmp); 761 } 762 exit(1); 763 } 764 765 if (inplace) { 766 fclose(out); 767 768 /* Backup existing file */ 769 if (unlink(old) == -1 && errno != ENOENT) 770 fatal("unlink %.100s: %s", old, strerror(errno)); 771 if (link(identity_file, old) == -1) 772 fatal("link %.100s to %.100s: %s", identity_file, old, 773 strerror(errno)); 774 /* Move new one into place */ 775 if (rename(tmp, identity_file) == -1) { 776 error("rename\"%s\" to \"%s\": %s", tmp, identity_file, 777 strerror(errno)); 778 unlink(tmp); 779 unlink(old); 780 exit(1); 781 } 782 783 fprintf(stderr, "%s updated.\n", identity_file); 784 fprintf(stderr, "Original contents retained as %s\n", old); 785 if (has_unhashed) { 786 fprintf(stderr, "WARNING: %s contains unhashed " 787 "entries\n", old); 788 fprintf(stderr, "Delete this file to ensure privacy " 789 "of hostnames\n"); 790 } 791 } 792 793 exit(0); 794} 795 796/* 797 * Perform changing a passphrase. The argument is the passwd structure 798 * for the current user. 799 */ 800static void 801do_change_passphrase(struct passwd *pw) 802{ 803 char *comment; 804 char *old_passphrase, *passphrase1, *passphrase2; 805 struct stat st; 806 Key *private; 807 808 if (!have_identity) 809 ask_filename(pw, "Enter file in which the key is"); 810 if (stat(identity_file, &st) < 0) { 811 perror(identity_file); 812 exit(1); 813 } 814 /* Try to load the file with empty passphrase. */ 815 private = key_load_private(identity_file, "", &comment); 816 if (private == NULL) { 817 if (identity_passphrase) 818 old_passphrase = xstrdup(identity_passphrase); 819 else 820 old_passphrase = 821 read_passphrase("Enter old passphrase: ", 822 RP_ALLOW_STDIN); 823 private = key_load_private(identity_file, old_passphrase, 824 &comment); 825 memset(old_passphrase, 0, strlen(old_passphrase)); 826 xfree(old_passphrase); 827 if (private == NULL) { 828 printf("Bad passphrase.\n"); 829 exit(1); 830 } 831 } 832 printf("Key has comment '%s'\n", comment); 833 834 /* Ask the new passphrase (twice). */ 835 if (identity_new_passphrase) { 836 passphrase1 = xstrdup(identity_new_passphrase); 837 passphrase2 = NULL; 838 } else { 839 passphrase1 = 840 read_passphrase("Enter new passphrase (empty for no " 841 "passphrase): ", RP_ALLOW_STDIN); 842 passphrase2 = read_passphrase("Enter same passphrase again: ", 843 RP_ALLOW_STDIN); 844 845 /* Verify that they are the same. */ 846 if (strcmp(passphrase1, passphrase2) != 0) { 847 memset(passphrase1, 0, strlen(passphrase1)); 848 memset(passphrase2, 0, strlen(passphrase2)); 849 xfree(passphrase1); 850 xfree(passphrase2); 851 printf("Pass phrases do not match. Try again.\n"); 852 exit(1); 853 } 854 /* Destroy the other copy. */ 855 memset(passphrase2, 0, strlen(passphrase2)); 856 xfree(passphrase2); 857 } 858 859 /* Save the file using the new passphrase. */ 860 if (!key_save_private(private, identity_file, passphrase1, comment)) { 861 printf("Saving the key failed: %s.\n", identity_file); 862 memset(passphrase1, 0, strlen(passphrase1)); 863 xfree(passphrase1); 864 key_free(private); 865 xfree(comment); 866 exit(1); 867 } 868 /* Destroy the passphrase and the copy of the key in memory. */ 869 memset(passphrase1, 0, strlen(passphrase1)); 870 xfree(passphrase1); 871 key_free(private); /* Destroys contents */ 872 xfree(comment); 873 874 printf("Your identification has been saved with the new passphrase.\n"); 875 exit(0); 876} 877 878/* 879 * Print the SSHFP RR. 880 */ 881static int 882do_print_resource_record(struct passwd *pw, char *fname, char *hname) 883{ 884 Key *public; 885 char *comment = NULL; 886 struct stat st; 887 888 if (fname == NULL) 889 ask_filename(pw, "Enter file in which the key is"); 890 if (stat(fname, &st) < 0) { 891 if (errno == ENOENT) 892 return 0; 893 perror(fname); 894 exit(1); 895 } 896 public = key_load_public(fname, &comment); 897 if (public != NULL) { 898 export_dns_rr(hname, public, stdout, print_generic); 899 key_free(public); 900 xfree(comment); 901 return 1; 902 } 903 if (comment) 904 xfree(comment); 905 906 printf("failed to read v2 public key from %s.\n", fname); 907 exit(1); 908} 909 910/* 911 * Change the comment of a private key file. 912 */ 913static void 914do_change_comment(struct passwd *pw) 915{ 916 char new_comment[1024], *comment, *passphrase; 917 Key *private; 918 Key *public; 919 struct stat st; 920 FILE *f; 921 int fd; 922 923 if (!have_identity) 924 ask_filename(pw, "Enter file in which the key is"); 925 if (stat(identity_file, &st) < 0) { 926 perror(identity_file); 927 exit(1); 928 } 929 private = key_load_private(identity_file, "", &comment); 930 if (private == NULL) { 931 if (identity_passphrase) 932 passphrase = xstrdup(identity_passphrase); 933 else if (identity_new_passphrase) 934 passphrase = xstrdup(identity_new_passphrase); 935 else 936 passphrase = read_passphrase("Enter passphrase: ", 937 RP_ALLOW_STDIN); 938 /* Try to load using the passphrase. */ 939 private = key_load_private(identity_file, passphrase, &comment); 940 if (private == NULL) { 941 memset(passphrase, 0, strlen(passphrase)); 942 xfree(passphrase); 943 printf("Bad passphrase.\n"); 944 exit(1); 945 } 946 } else { 947 passphrase = xstrdup(""); 948 } 949 if (private->type != KEY_RSA1) { 950 fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); 951 key_free(private); 952 exit(1); 953 } 954 printf("Key now has comment '%s'\n", comment); 955 956 if (identity_comment) { 957 strlcpy(new_comment, identity_comment, sizeof(new_comment)); 958 } else { 959 printf("Enter new comment: "); 960 fflush(stdout); 961 if (!fgets(new_comment, sizeof(new_comment), stdin)) { 962 memset(passphrase, 0, strlen(passphrase)); 963 key_free(private); 964 exit(1); 965 } 966 if (strchr(new_comment, '\n')) 967 *strchr(new_comment, '\n') = 0; 968 } 969 970 /* Save the file using the new passphrase. */ 971 if (!key_save_private(private, identity_file, passphrase, new_comment)) { 972 printf("Saving the key failed: %s.\n", identity_file); 973 memset(passphrase, 0, strlen(passphrase)); 974 xfree(passphrase); 975 key_free(private); 976 xfree(comment); 977 exit(1); 978 } 979 memset(passphrase, 0, strlen(passphrase)); 980 xfree(passphrase); 981 public = key_from_private(private); 982 key_free(private); 983 984 strlcat(identity_file, ".pub", sizeof(identity_file)); 985 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); 986 if (fd == -1) { 987 printf("Could not save your public key in %s\n", identity_file); 988 exit(1); 989 } 990 f = fdopen(fd, "w"); 991 if (f == NULL) { 992 printf("fdopen %s failed", identity_file); 993 exit(1); 994 } 995 if (!key_write(public, f)) 996 fprintf(stderr, "write key failed"); 997 key_free(public); 998 fprintf(f, " %s\n", new_comment); 999 fclose(f); 1000 1001 xfree(comment); 1002 1003 printf("The comment in your key file has been changed.\n"); 1004 exit(0); 1005} 1006 1007static void 1008usage(void) 1009{ 1010 fprintf(stderr, "Usage: %s [options]\n", __progname); 1011 fprintf(stderr, "Options:\n"); 1012 fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); 1013 fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); 1014 fprintf(stderr, " -b bits Number of bits in the key to create.\n"); 1015 fprintf(stderr, " -C comment Provide new comment.\n"); 1016 fprintf(stderr, " -c Change comment in private and public key files.\n"); 1017#ifdef SMARTCARD 1018 fprintf(stderr, " -D reader Download public key from smartcard.\n"); 1019#endif /* SMARTCARD */ 1020 fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); 1021 fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); 1022 fprintf(stderr, " -f filename Filename of the key file.\n"); 1023 fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); 1024 fprintf(stderr, " -g Use generic DNS resource record format.\n"); 1025 fprintf(stderr, " -H Hash names in known_hosts file.\n"); 1026 fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); 1027 fprintf(stderr, " -l Show fingerprint of key file.\n"); 1028 fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); 1029 fprintf(stderr, " -N phrase Provide new passphrase.\n"); 1030 fprintf(stderr, " -P phrase Provide old passphrase.\n"); 1031 fprintf(stderr, " -p Change passphrase of private key file.\n"); 1032 fprintf(stderr, " -q Quiet.\n"); 1033 fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); 1034 fprintf(stderr, " -r hostname Print DNS resource record.\n"); 1035 fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); 1036 fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); 1037 fprintf(stderr, " -t type Specify type of key to create.\n"); 1038#ifdef SMARTCARD 1039 fprintf(stderr, " -U reader Upload private key to smartcard.\n"); 1040#endif /* SMARTCARD */ 1041 fprintf(stderr, " -v Verbose.\n"); 1042 fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); 1043 fprintf(stderr, " -y Read private key file and print public key.\n"); 1044 1045 exit(1); 1046} 1047 1048/* 1049 * Main program for key management. 1050 */ 1051int 1052main(int ac, char **av) 1053{ 1054 char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; 1055 char out_file[MAXPATHLEN], *reader_id = NULL; 1056 char *rr_hostname = NULL; 1057 Key *private, *public; 1058 struct passwd *pw; 1059 struct stat st; 1060 int opt, type, fd, download = 0; 1061 u_int32_t memory = 0, generator_wanted = 0, trials = 100; 1062 int do_gen_candidates = 0, do_screen_candidates = 0; 1063 int log_level = SYSLOG_LEVEL_INFO; 1064 BIGNUM *start = NULL; 1065 FILE *f; 1066 const char *errstr; 1067 1068 extern int optind; 1069 extern char *optarg; 1070 1071 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1072 sanitise_stdfd(); 1073 1074 __progname = ssh_get_progname(av[0]); 1075 1076 SSLeay_add_all_algorithms(); 1077 log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); 1078 1079 init_rng(); 1080 seed_rng(); 1081 1082 /* we need this for the home * directory. */ 1083 pw = getpwuid(getuid()); 1084 if (!pw) { 1085 printf("You don't exist, go away!\n"); 1086 exit(1); 1087 } 1088 if (gethostname(hostname, sizeof(hostname)) < 0) { 1089 perror("gethostname"); 1090 exit(1); 1091 } 1092 1093 while ((opt = getopt(ac, av, 1094 "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { 1095 switch (opt) { 1096 case 'b': 1097 bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); 1098 if (errstr) 1099 fatal("Bits has bad value %s (%s)", 1100 optarg, errstr); 1101 break; 1102 case 'F': 1103 find_host = 1; 1104 rr_hostname = optarg; 1105 break; 1106 case 'H': 1107 hash_hosts = 1; 1108 break; 1109 case 'R': 1110 delete_host = 1; 1111 rr_hostname = optarg; 1112 break; 1113 case 'l': 1114 print_fingerprint = 1; 1115 break; 1116 case 'B': 1117 print_bubblebabble = 1; 1118 break; 1119 case 'p': 1120 change_passphrase = 1; 1121 break; 1122 case 'c': 1123 change_comment = 1; 1124 break; 1125 case 'f': 1126 if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= 1127 sizeof(identity_file)) 1128 fatal("Identity filename too long"); 1129 have_identity = 1; 1130 break; 1131 case 'g': 1132 print_generic = 1; 1133 break; 1134 case 'P': 1135 identity_passphrase = optarg; 1136 break; 1137 case 'N': 1138 identity_new_passphrase = optarg; 1139 break; 1140 case 'C': 1141 identity_comment = optarg; 1142 break; 1143 case 'q': 1144 quiet = 1; 1145 break; 1146 case 'e': 1147 case 'x': 1148 /* export key */ 1149 convert_to_ssh2 = 1; 1150 break; 1151 case 'i': 1152 case 'X': 1153 /* import key */ 1154 convert_from_ssh2 = 1; 1155 break; 1156 case 'y': 1157 print_public = 1; 1158 break; 1159 case 'd': 1160 key_type_name = "dsa"; 1161 break; 1162 case 't': 1163 key_type_name = optarg; 1164 break; 1165 case 'D': 1166 download = 1; 1167 /*FALLTHROUGH*/ 1168 case 'U': 1169 reader_id = optarg; 1170 break; 1171 case 'v': 1172 if (log_level == SYSLOG_LEVEL_INFO) 1173 log_level = SYSLOG_LEVEL_DEBUG1; 1174 else { 1175 if (log_level >= SYSLOG_LEVEL_DEBUG1 && 1176 log_level < SYSLOG_LEVEL_DEBUG3) 1177 log_level++; 1178 } 1179 break; 1180 case 'r': 1181 rr_hostname = optarg; 1182 break; 1183 case 'W': 1184 generator_wanted = (u_int32_t)strtonum(optarg, 1, 1185 UINT_MAX, &errstr); 1186 if (errstr) 1187 fatal("Desired generator has bad value: %s (%s)", 1188 optarg, errstr); 1189 break; 1190 case 'a': 1191 trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); 1192 if (errstr) 1193 fatal("Invalid number of trials: %s (%s)", 1194 optarg, errstr); 1195 break; 1196 case 'M': 1197 memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); 1198 if (errstr) { 1199 fatal("Memory limit is %s: %s", errstr, optarg); 1200 } 1201 break; 1202 case 'G': 1203 do_gen_candidates = 1; 1204 if (strlcpy(out_file, optarg, sizeof(out_file)) >= 1205 sizeof(out_file)) 1206 fatal("Output filename too long"); 1207 break; 1208 case 'T': 1209 do_screen_candidates = 1; 1210 if (strlcpy(out_file, optarg, sizeof(out_file)) >= 1211 sizeof(out_file)) 1212 fatal("Output filename too long"); 1213 break; 1214 case 'S': 1215 /* XXX - also compare length against bits */ 1216 if (BN_hex2bn(&start, optarg) == 0) 1217 fatal("Invalid start point."); 1218 break; 1219 case '?': 1220 default: 1221 usage(); 1222 } 1223 } 1224 1225 /* reinit */ 1226 log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1); 1227 1228 if (optind < ac) { 1229 printf("Too many arguments.\n"); 1230 usage(); 1231 } 1232 if (change_passphrase && change_comment) { 1233 printf("Can only have one of -p and -c.\n"); 1234 usage(); 1235 } 1236 if (delete_host || hash_hosts || find_host) 1237 do_known_hosts(pw, rr_hostname); 1238 if (print_fingerprint || print_bubblebabble) 1239 do_fingerprint(pw); 1240 if (change_passphrase) 1241 do_change_passphrase(pw); 1242 if (change_comment) 1243 do_change_comment(pw); 1244 if (convert_to_ssh2) 1245 do_convert_to_ssh2(pw); 1246 if (convert_from_ssh2) 1247 do_convert_from_ssh2(pw); 1248 if (print_public) 1249 do_print_public(pw); 1250 if (rr_hostname != NULL) { 1251 unsigned int n = 0; 1252 1253 if (have_identity) { 1254 n = do_print_resource_record(pw, 1255 identity_file, rr_hostname); 1256 if (n == 0) { 1257 perror(identity_file); 1258 exit(1); 1259 } 1260 exit(0); 1261 } else { 1262 1263 n += do_print_resource_record(pw, 1264 _PATH_HOST_RSA_KEY_FILE, rr_hostname); 1265 n += do_print_resource_record(pw, 1266 _PATH_HOST_DSA_KEY_FILE, rr_hostname); 1267 1268 if (n == 0) 1269 fatal("no keys found."); 1270 exit(0); 1271 } 1272 } 1273 if (reader_id != NULL) { 1274#ifdef SMARTCARD 1275 if (download) 1276 do_download(pw, reader_id); 1277 else 1278 do_upload(pw, reader_id); 1279#else /* SMARTCARD */ 1280 fatal("no support for smartcards."); 1281#endif /* SMARTCARD */ 1282 } 1283 1284 if (do_gen_candidates) { 1285 FILE *out = fopen(out_file, "w"); 1286 1287 if (out == NULL) { 1288 error("Couldn't open modulus candidate file \"%s\": %s", 1289 out_file, strerror(errno)); 1290 return (1); 1291 } 1292 if (bits == 0) 1293 bits = DEFAULT_BITS; 1294 if (gen_candidates(out, memory, bits, start) != 0) 1295 fatal("modulus candidate generation failed"); 1296 1297 return (0); 1298 } 1299 1300 if (do_screen_candidates) { 1301 FILE *in; 1302 FILE *out = fopen(out_file, "w"); 1303 1304 if (have_identity && strcmp(identity_file, "-") != 0) { 1305 if ((in = fopen(identity_file, "r")) == NULL) { 1306 fatal("Couldn't open modulus candidate " 1307 "file \"%s\": %s", identity_file, 1308 strerror(errno)); 1309 } 1310 } else 1311 in = stdin; 1312 1313 if (out == NULL) { 1314 fatal("Couldn't open moduli file \"%s\": %s", 1315 out_file, strerror(errno)); 1316 } 1317 if (prime_test(in, out, trials, generator_wanted) != 0) 1318 fatal("modulus screening failed"); 1319 return (0); 1320 } 1321 1322 arc4random_stir(); 1323 1324 if (key_type_name == NULL) 1325 key_type_name = "rsa"; 1326 1327 type = key_type_from_name(key_type_name); 1328 if (type == KEY_UNSPEC) { 1329 fprintf(stderr, "unknown key type %s\n", key_type_name); 1330 exit(1); 1331 } 1332 if (bits == 0) 1333 bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; 1334 if (type == KEY_DSA && bits != 1024) 1335 fatal("DSA keys must be 1024 bits"); 1336 if (!quiet) 1337 printf("Generating public/private %s key pair.\n", key_type_name); 1338 private = key_generate(type, bits); 1339 if (private == NULL) { 1340 fprintf(stderr, "key_generate failed"); 1341 exit(1); 1342 } 1343 public = key_from_private(private); 1344 1345 if (!have_identity) 1346 ask_filename(pw, "Enter file in which to save the key"); 1347 1348 /* Create ~/.ssh directory if it doesn't already exist. */ 1349 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); 1350 if (strstr(identity_file, dotsshdir) != NULL && 1351 stat(dotsshdir, &st) < 0) { 1352 if (mkdir(dotsshdir, 0700) < 0) 1353 error("Could not create directory '%s'.", dotsshdir); 1354 else if (!quiet) 1355 printf("Created directory '%s'.\n", dotsshdir); 1356 } 1357 /* If the file already exists, ask the user to confirm. */ 1358 if (stat(identity_file, &st) >= 0) { 1359 char yesno[3]; 1360 printf("%s already exists.\n", identity_file); 1361 printf("Overwrite (y/n)? "); 1362 fflush(stdout); 1363 if (fgets(yesno, sizeof(yesno), stdin) == NULL) 1364 exit(1); 1365 if (yesno[0] != 'y' && yesno[0] != 'Y') 1366 exit(1); 1367 } 1368 /* Ask for a passphrase (twice). */ 1369 if (identity_passphrase) 1370 passphrase1 = xstrdup(identity_passphrase); 1371 else if (identity_new_passphrase) 1372 passphrase1 = xstrdup(identity_new_passphrase); 1373 else { 1374passphrase_again: 1375 passphrase1 = 1376 read_passphrase("Enter passphrase (empty for no " 1377 "passphrase): ", RP_ALLOW_STDIN); 1378 passphrase2 = read_passphrase("Enter same passphrase again: ", 1379 RP_ALLOW_STDIN); 1380 if (strcmp(passphrase1, passphrase2) != 0) { 1381 /* 1382 * The passphrases do not match. Clear them and 1383 * retry. 1384 */ 1385 memset(passphrase1, 0, strlen(passphrase1)); 1386 memset(passphrase2, 0, strlen(passphrase2)); 1387 xfree(passphrase1); 1388 xfree(passphrase2); 1389 printf("Passphrases do not match. Try again.\n"); 1390 goto passphrase_again; 1391 } 1392 /* Clear the other copy of the passphrase. */ 1393 memset(passphrase2, 0, strlen(passphrase2)); 1394 xfree(passphrase2); 1395 } 1396 1397 if (identity_comment) { 1398 strlcpy(comment, identity_comment, sizeof(comment)); 1399 } else { 1400 /* Create default commend field for the passphrase. */ 1401 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); 1402 } 1403 1404 /* Save the key with the given passphrase and comment. */ 1405 if (!key_save_private(private, identity_file, passphrase1, comment)) { 1406 printf("Saving the key failed: %s.\n", identity_file); 1407 memset(passphrase1, 0, strlen(passphrase1)); 1408 xfree(passphrase1); 1409 exit(1); 1410 } 1411 /* Clear the passphrase. */ 1412 memset(passphrase1, 0, strlen(passphrase1)); 1413 xfree(passphrase1); 1414 1415 /* Clear the private key and the random number generator. */ 1416 key_free(private); 1417 arc4random_stir(); 1418 1419 if (!quiet) 1420 printf("Your identification has been saved in %s.\n", identity_file); 1421 1422 strlcat(identity_file, ".pub", sizeof(identity_file)); 1423 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); 1424 if (fd == -1) { 1425 printf("Could not save your public key in %s\n", identity_file); 1426 exit(1); 1427 } 1428 f = fdopen(fd, "w"); 1429 if (f == NULL) { 1430 printf("fdopen %s failed", identity_file); 1431 exit(1); 1432 } 1433 if (!key_write(public, f)) 1434 fprintf(stderr, "write key failed"); 1435 fprintf(f, " %s\n", comment); 1436 fclose(f); 1437 1438 if (!quiet) { 1439 char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); 1440 printf("Your public key has been saved in %s.\n", 1441 identity_file); 1442 printf("The key fingerprint is:\n"); 1443 printf("%s %s\n", fp, comment); 1444 xfree(fp); 1445 } 1446 1447 key_free(public); 1448 exit(0); 1449} 1450