1 files changed, 0 insertions, 751 deletions
diff --git a/other/openssh-2.1.1p4/ssh-keygen.c b/other/openssh-2.1.1p4/ssh-keygen.c
deleted file mode 100644
index 8a03f0d..0000000
--- a/other/openssh-2.1.1p4/ssh-keygen.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Created: Mon Mar 27 02:26:40 1995 ylo
- * Identity and host key generation and maintenance.
- */
-#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.29 2000/07/15 04:01:37 djm Exp $");
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include "ssh.h"
-#include "xmalloc.h"
-#include "fingerprint.h"
-#include "key.h"
-#include "rsa.h"
-#include "dsa.h"
-#include "authfile.h"
-#include "uuencode.h"
-/* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
-int bits = 1024;
-/*
- * Flag indicating that we just want to change the passphrase.  This can be
- * set on the command line.
- */
-int change_passphrase = 0;
-/*
- * Flag indicating that we just want to change the comment.  This can be set
- * on the command line.
- */
-int change_comment = 0;
-int quiet = 0;
-/* Flag indicating that we just want to see the key fingerprint */
-int print_fingerprint = 0;
-/* The identity file name, given on the command line or entered by the user. */
-char identity_file[1024];
-int have_identity = 0;
-/* This is set to the passphrase if given on the command line. */
-char *identity_passphrase = NULL;
-/* This is set to the new passphrase if given on the command line. */
-char *identity_new_passphrase = NULL;
-/* This is set to the new comment if given on the command line. */
-char *identity_comment = NULL;
-/* Dump public key file in format used by real and the original SSH 2 */
-int convert_to_ssh2 = 0;
-int convert_from_ssh2 = 0;
-int print_public = 0;
-int dsa_mode = 0;
-/* argv0 */
-#ifdef HAVE___PROGNAME
-extern char *__progname;
-#else /* HAVE___PROGNAME */
-static const char *__progname = "ssh-keygen";
-#endif /* HAVE___PROGNAME */
-char hostname[MAXHOSTNAMELEN];
-void
-ask_filename(struct passwd *pw, const char *prompt)
-{
-        char buf[1024];
-        snprintf(identity_file, sizeof(identity_file), "%s/%s",
-            pw->pw_dir,
-            dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
-        printf("%s (%s): ", prompt, identity_file);
-        fflush(stdout);
-        if (fgets(buf, sizeof(buf), stdin) == NULL)
-                exit(1);
-        if (strchr(buf, '\n'))
-                *strchr(buf, '\n') = 0;
-        if (strcmp(buf, "") != 0)
-                strlcpy(identity_file, buf, sizeof(identity_file));
-        have_identity = 1;
-}
-int
-try_load_key(char *filename, Key *k)
-{
-        int success = 1;
-        if (!load_private_key(filename, "", k, NULL)) {
-                char *pass = read_passphrase("Enter passphrase: ", 1);
-                if (!load_private_key(filename, pass, k, NULL)) {
-                        success = 0;
-                }
-                memset(pass, 0, strlen(pass));
-                xfree(pass);
-        }
-        return success;
-}
-#define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
-#define SSH_COM_MAGIC_END   "---- END SSH2 PUBLIC KEY ----"
-void
-do_convert_to_ssh2(struct passwd *pw)
-{
-        Key *k;
-        int len;
-        unsigned char *blob;
-        struct stat st;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        k = key_new(KEY_DSA);
-        if (!try_load_key(identity_file, k)) {
-                fprintf(stderr, "load failed\n");
-                exit(1);
-        }
-        dsa_make_key_blob(k, &blob, &len);
-        fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN);
-        fprintf(stdout,
-            "Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n",
-            BN_num_bits(k->dsa->p),
-            pw->pw_name, hostname);
-        dump_base64(stdout, blob, len);
-        fprintf(stdout, "%s\n", SSH_COM_MAGIC_END);
-        key_free(k);
-        xfree(blob);
-        exit(0);
-}
-void
-do_convert_from_ssh2(struct passwd *pw)
-{
-        Key *k;
-        int blen;
-        char line[1024], *p;
-        char blob[8096];
-        char encoded[8096];
-        struct stat st;
-        int escaped = 0;
-        FILE *fp;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        fp = fopen(identity_file, "r");
-        if (fp == NULL) {
-                perror(identity_file);
-                exit(1);
-        }
-        encoded[0] = '\0';
-        while (fgets(line, sizeof(line), fp)) {
-                if (!(p = strchr(line, '\n'))) {
-                        fprintf(stderr, "input line too long.\n");
-                        exit(1);
-                }
-                if (p > line && p[-1] == '\\')
-                        escaped++;
-                if (strncmp(line, "----", 4) == 0 ||
-                    strstr(line, ": ") != NULL) {
-                        fprintf(stderr, "ignore: %s", line);
-                        continue;
-                }
-                if (escaped) {
-                        escaped--;
-                        fprintf(stderr, "escaped: %s", line);
-                        continue;
-                }
-                *p = '\0';
-                strlcat(encoded, line, sizeof(encoded));
-        }
-        blen = uudecode(encoded, (unsigned char *)blob, sizeof(blob));
-        if (blen < 0) {
-                fprintf(stderr, "uudecode failed.\n");
-                exit(1);
-        }
-        k = dsa_key_from_blob(blob, blen);
-        if (!key_write(k, stdout))
-                fprintf(stderr, "key_write failed");
-        key_free(k);
-        fprintf(stdout, "\n");
-        fclose(fp);
-        exit(0);
-}
-void
-do_print_public(struct passwd *pw)
-{
-        Key *k;
-        int len;
-        unsigned char *blob;
-        struct stat st;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        k = key_new(KEY_DSA);
-        if (!try_load_key(identity_file, k)) {
-                fprintf(stderr, "load failed\n");
-                exit(1);
-        }
-        dsa_make_key_blob(k, &blob, &len);
-        if (!key_write(k, stdout))
-                fprintf(stderr, "key_write failed");
-        key_free(k);
-        xfree(blob);
-        fprintf(stdout, "\n");
-        exit(0);
-}
-void
-do_fingerprint(struct passwd *pw)
-{
-        FILE *f;
-        BIGNUM *e, *n;
-        Key *public;
-        char *comment = NULL, *cp, *ep, line[16*1024];
-        int i, skip = 0, num = 1, invalid = 1;
-        unsigned int ignore;
-        struct stat st;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        public = key_new(KEY_RSA);
-        if (load_public_key(identity_file, public, &comment)) {
-                printf("%d %s %s\n", BN_num_bits(public->rsa->n),
-                    key_fingerprint(public), comment);
-                key_free(public);
-                exit(0);
-        }
-        key_free(public);
-        /* XXX */
-        f = fopen(identity_file, "r");
-        if (f != NULL) {
-                n = BN_new();
-                e = BN_new();
-                while (fgets(line, sizeof(line), f)) {
-                        i = strlen(line) - 1;
-                        if (line[i] != '\n') {
-                                error("line %d too long: %.40s...", num, line);
-                                skip = 1;
-                                continue;
-                        }
-                        num++;
-                        if (skip) {
-                                skip = 0;
-                                continue;
-                        }
-                        line[i] = '\0';
-                        /* Skip leading whitespace, empty and comment lines. */
-                        for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-                                ;
-                        if (!*cp || *cp == '\n' || *cp == '#')
-                                continue ;
-                        i = strtol(cp, &ep, 10);
-                        if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
-                                int quoted = 0;
-                                comment = cp;
-                                for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-                                        if (*cp == '\\' && cp[1] == '"')
-                                                cp++;   /* Skip both */
-                                        else if (*cp == '"')
-                                                quoted = !quoted;
-                                }
-                                if (!*cp)
-                                        continue;
-                                *cp++ = '\0';
-                        }
-                        ep = cp;
-                        if (auth_rsa_read_key(&cp, &ignore, e, n)) {
-                                invalid = 0;
-                                comment = *cp ? cp : comment;
-                                printf("%d %s %s\n", BN_num_bits(n),
-                                    fingerprint(e, n),
-                                    comment ? comment : "no comment");
-                        }
-                }
-                BN_free(e);
-                BN_free(n);
-                fclose(f);
-        }
-        if (invalid) {
-                printf("%s is not a valid key file.\n", identity_file);
-                exit(1);
-        }
-        exit(0);
-}
-/*
- * Perform changing a passphrase.  The argument is the passwd structure
- * for the current user.
- */
-void
-do_change_passphrase(struct passwd *pw)
-{
-        char *comment;
-        char *old_passphrase, *passphrase1, *passphrase2;
-        struct stat st;
-        Key *private;
-        Key *public;
-        int type = dsa_mode ? KEY_DSA : KEY_RSA;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        if (type == KEY_RSA) {
-                /* XXX this works currently only for RSA */
-                public = key_new(type);
-                if (!load_public_key(identity_file, public, NULL)) {
-                        printf("%s is not a valid key file.\n", identity_file);
-                        exit(1);
-                }
-                /* Clear the public key since we are just about to load the whole file. */
-                key_free(public);
-        }
-        /* Try to load the file with empty passphrase. */
-        private = key_new(type);
-        if (!load_private_key(identity_file, "", private, &comment)) {
-                if (identity_passphrase)
-                        old_passphrase = xstrdup(identity_passphrase);
-                else
-                        old_passphrase = read_passphrase("Enter old passphrase: ", 1);
-                if (!load_private_key(identity_file, old_passphrase, private, &comment)) {
-                        memset(old_passphrase, 0, strlen(old_passphrase));
-                        xfree(old_passphrase);
-                        printf("Bad passphrase.\n");
-                        exit(1);
-                }
-                memset(old_passphrase, 0, strlen(old_passphrase));
-                xfree(old_passphrase);
-        }
-        printf("Key has comment '%s'\n", comment);
-        /* Ask the new passphrase (twice). */
-        if (identity_new_passphrase) {
-                passphrase1 = xstrdup(identity_new_passphrase);
-                passphrase2 = NULL;
-        } else {
-                passphrase1 =
-                        read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
-                passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
-                /* Verify that they are the same. */
-                if (strcmp(passphrase1, passphrase2) != 0) {
-                        memset(passphrase1, 0, strlen(passphrase1));
-                        memset(passphrase2, 0, strlen(passphrase2));
-                        xfree(passphrase1);
-                        xfree(passphrase2);
-                        printf("Pass phrases do not match.  Try again.\n");
-                        exit(1);
-                }
-                /* Destroy the other copy. */
-                memset(passphrase2, 0, strlen(passphrase2));
-                xfree(passphrase2);
-        }
-        /* Save the file using the new passphrase. */
-        if (!save_private_key(identity_file, passphrase1, private, comment)) {
-                printf("Saving the key failed: %s: %s.\n",
-                       identity_file, strerror(errno));
-                memset(passphrase1, 0, strlen(passphrase1));
-                xfree(passphrase1);
-                key_free(private);
-                xfree(comment);
-                exit(1);
-        }
-        /* Destroy the passphrase and the copy of the key in memory. */
-        memset(passphrase1, 0, strlen(passphrase1));
-        xfree(passphrase1);
-        key_free(private);               /* Destroys contents */
-        xfree(comment);
-        printf("Your identification has been saved with the new passphrase.\n");
-        exit(0);
-}
-/*
- * Change the comment of a private key file.
- */
-void
-do_change_comment(struct passwd *pw)
-{
-        char new_comment[1024], *comment;
-        Key *private;
-        Key *public;
-        char *passphrase;
-        struct stat st;
-        FILE *f;
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which the key is");
-        if (stat(identity_file, &st) < 0) {
-                perror(identity_file);
-                exit(1);
-        }
-        /*
-         * Try to load the public key from the file the verify that it is
-         * readable and of the proper format.
-         */
-        public = key_new(KEY_RSA);
-        if (!load_public_key(identity_file, public, NULL)) {
-                printf("%s is not a valid key file.\n", identity_file);
-                exit(1);
-        }
-        private = key_new(KEY_RSA);
-        if (load_private_key(identity_file, "", private, &comment))
-                passphrase = xstrdup("");
-        else {
-                if (identity_passphrase)
-                        passphrase = xstrdup(identity_passphrase);
-                else if (identity_new_passphrase)
-                        passphrase = xstrdup(identity_new_passphrase);
-                else
-                        passphrase = read_passphrase("Enter passphrase: ", 1);
-                /* Try to load using the passphrase. */
-                if (!load_private_key(identity_file, passphrase, private, &comment)) {
-                        memset(passphrase, 0, strlen(passphrase));
-                        xfree(passphrase);
-                        printf("Bad passphrase.\n");
-                        exit(1);
-                }
-        }
-        printf("Key now has comment '%s'\n", comment);
-        if (identity_comment) {
-                strlcpy(new_comment, identity_comment, sizeof(new_comment));
-        } else {
-                printf("Enter new comment: ");
-                fflush(stdout);
-                if (!fgets(new_comment, sizeof(new_comment), stdin)) {
-                        memset(passphrase, 0, strlen(passphrase));
-                        key_free(private);
-                        exit(1);
-                }
-                if (strchr(new_comment, '\n'))
-                        *strchr(new_comment, '\n') = 0;
-        }
-        /* Save the file using the new passphrase. */
-        if (!save_private_key(identity_file, passphrase, private, new_comment)) {
-                printf("Saving the key failed: %s: %s.\n",
-                       identity_file, strerror(errno));
-                memset(passphrase, 0, strlen(passphrase));
-                xfree(passphrase);
-                key_free(private);
-                xfree(comment);
-                exit(1);
-        }
-        memset(passphrase, 0, strlen(passphrase));
-        xfree(passphrase);
-        key_free(private);
-        strlcat(identity_file, ".pub", sizeof(identity_file));
-        f = fopen(identity_file, "w");
-        if (!f) {
-                printf("Could not save your public key in %s\n", identity_file);
-                exit(1);
-        }
-        if (!key_write(public, f))
-                fprintf(stderr, "write key failed");
-        key_free(public);
-        fprintf(f, " %s\n", new_comment);
-        fclose(f);
-        xfree(comment);
-        printf("The comment in your key file has been changed.\n");
-        exit(0);
-}
-void
-usage(void)
-{
-        printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
-        exit(1);
-}
-/*
- * Main program for key management.
- */
-int
-main(int ac, char **av)
-{
-        char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
-        struct passwd *pw;
-        int opt;
-        struct stat st;
-        FILE *f;
-        Key *private;
-        Key *public;
-        extern int optind;
-        extern char *optarg;
-        init_rng();
-        SSLeay_add_all_algorithms();
-        /* we need this for the home * directory.  */
-        pw = getpwuid(getuid());
-        if (!pw) {
-                printf("You don't exist, go away!\n");
-                exit(1);
-        }
-        if (gethostname(hostname, sizeof(hostname)) < 0) {
-                perror("gethostname");
-                exit(1);
-        }
-        while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {
-                switch (opt) {
-                case 'b':
-                        bits = atoi(optarg);
-                        if (bits < 512 || bits > 32768) {
-                                printf("Bits has bad value.\n");
-                                exit(1);
-                        }
-                        break;
-                case 'l':
-                        print_fingerprint = 1;
-                        break;
-                case 'p':
-                        change_passphrase = 1;
-                        break;
-                case 'c':
-                        change_comment = 1;
-                        break;
-                case 'f':
-                        strlcpy(identity_file, optarg, sizeof(identity_file));
-                        have_identity = 1;
-                        break;
-                case 'P':
-                        identity_passphrase = optarg;
-                        break;
-                case 'N':
-                        identity_new_passphrase = optarg;
-                        break;
-                case 'C':
-                        identity_comment = optarg;
-                        break;
-                case 'q':
-                        quiet = 1;
-                        break;
-                case 'R':
-                        if (rsa_alive() == 0)
-                                exit(1);
-                        else
-                                exit(0);
-                        break;
-                case 'x':
-                        convert_to_ssh2 = 1;
-                        break;
-                case 'X':
-                        convert_from_ssh2 = 1;
-                        break;
-                case 'y':
-                        print_public = 1;
-                        break;
-                case 'd':
-                        dsa_mode = 1;
-                        break;
-                case '?':
-                default:
-                        usage();
-                }
-        }
-        if (optind < ac) {
-                printf("Too many arguments.\n");
-                usage();
-        }
-        if (change_passphrase && change_comment) {
-                printf("Can only have one of -p and -c.\n");
-                usage();
-        }
-        /* check if RSA support is needed and exists */
-        if (dsa_mode == 0 && rsa_alive() == 0) {
-                fprintf(stderr,
-                        "%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
-                        __progname);
-                exit(1);
-        }
-        if (print_fingerprint)
-                do_fingerprint(pw);
-        if (change_passphrase)
-                do_change_passphrase(pw);
-        if (change_comment)
-                do_change_comment(pw);
-        if (convert_to_ssh2)
-                do_convert_to_ssh2(pw);
-        if (convert_from_ssh2)
-                do_convert_from_ssh2(pw);
-        if (print_public)
-                do_print_public(pw);
-        arc4random_stir();
-        if (dsa_mode != 0) {
-                if (!quiet)
-                        printf("Generating DSA parameter and key.\n");
-                public = private = dsa_generate_key(bits);
-                if (private == NULL) {
-                        fprintf(stderr, "dsa_generate_keys failed");
-                        exit(1);
-                }
-        } else {
-                if (quiet)
-                        rsa_set_verbose(0);
-                /* Generate the rsa key pair. */
-                public = key_new(KEY_RSA);
-                private = key_new(KEY_RSA);
-                rsa_generate_key(private->rsa, public->rsa, bits);
-        }
-        if (!have_identity)
-                ask_filename(pw, "Enter file in which to save the key");
-        /* Create ~/.ssh directory if it doesn\'t already exist. */
-        snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
-        if (strstr(identity_file, dotsshdir) != NULL &&
-            stat(dotsshdir, &st) < 0) {
-                if (mkdir(dotsshdir, 0700) < 0)
-                        error("Could not create directory '%s'.", dotsshdir);
-                else if (!quiet)
-                        printf("Created directory '%s'.\n", dotsshdir);
-        }
-        /* If the file already exists, ask the user to confirm. */
-        if (stat(identity_file, &st) >= 0) {
-                char yesno[3];
-                printf("%s already exists.\n", identity_file);
-                printf("Overwrite (y/n)? ");
-                fflush(stdout);
-                if (fgets(yesno, sizeof(yesno), stdin) == NULL)
-                        exit(1);
-                if (yesno[0] != 'y' && yesno[0] != 'Y')
-                        exit(1);
-        }
-        /* Ask for a passphrase (twice). */
-        if (identity_passphrase)
-                passphrase1 = xstrdup(identity_passphrase);
-        else if (identity_new_passphrase)
-                passphrase1 = xstrdup(identity_new_passphrase);
-        else {
-passphrase_again:
-                passphrase1 =
-                        read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
-                passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
-                if (strcmp(passphrase1, passphrase2) != 0) {
-                        /* The passphrases do not match.  Clear them and retry. */
-                        memset(passphrase1, 0, strlen(passphrase1));
-                        memset(passphrase2, 0, strlen(passphrase2));
-                        xfree(passphrase1);
-                        xfree(passphrase2);
-                        printf("Passphrases do not match.  Try again.\n");
-                        goto passphrase_again;
-                }
-                /* Clear the other copy of the passphrase. */
-                memset(passphrase2, 0, strlen(passphrase2));
-                xfree(passphrase2);
-        }
-        if (identity_comment) {
-                strlcpy(comment, identity_comment, sizeof(comment));
-        } else {
-                /* Create default commend field for the passphrase. */
-                snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
-        }
-        /* Save the key with the given passphrase and comment. */
-        if (!save_private_key(identity_file, passphrase1, private, comment)) {
-                printf("Saving the key failed: %s: %s.\n",
-                    identity_file, strerror(errno));
-                memset(passphrase1, 0, strlen(passphrase1));
-                xfree(passphrase1);
-                exit(1);
-        }
-        /* Clear the passphrase. */
-        memset(passphrase1, 0, strlen(passphrase1));
-        xfree(passphrase1);
-        /* Clear the private key and the random number generator. */
-        if (private != public) {
-                key_free(private);
-        }
-        arc4random_stir();
-        if (!quiet)
-                printf("Your identification has been saved in %s.\n", identity_file);
-        strlcat(identity_file, ".pub", sizeof(identity_file));
-        f = fopen(identity_file, "w");
-        if (!f) {
-                printf("Could not save your public key in %s\n", identity_file);
-                exit(1);
-        }
-        if (!key_write(public, f))
-                fprintf(stderr, "write key failed");
-        fprintf(f, " %s\n", comment);
-        fclose(f);
-        if (!quiet) {
-                printf("Your public key has been saved in %s.\n",
-                    identity_file);
-                printf("The key fingerprint is:\n");
-                printf("%s %s\n", key_fingerprint(public), comment);
-        }
-        key_free(public);
-        exit(0);
-}

diff --git a/other/openssh-2.1.1p4/ssh-keygen.c b/other/openssh-2.1.1p4/ssh-keygen.c deleted file mode 100644 index 8a03f0d..0000000 --- a/other/openssh-2.1.1p4/ssh-keygen.c +++ /dev/null
@@ -1,751 +0,0 @@
1	/*
2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
3	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved
5	* Created: Mon Mar 27 02:26:40 1995 ylo
6	* Identity and host key generation and maintenance.
7	*/
8
9	#include "includes.h"
10	RCSID("$OpenBSD: ssh-keygen.c,v 1.29 2000/07/15 04:01:37 djm Exp $");
11
12	#include <openssl/evp.h>
13	#include <openssl/pem.h>
14	#include <openssl/rsa.h>
15	#include <openssl/dsa.h>
16
17	#include "ssh.h"
18	#include "xmalloc.h"
19	#include "fingerprint.h"
20	#include "key.h"
21	#include "rsa.h"
22	#include "dsa.h"
23	#include "authfile.h"
24	#include "uuencode.h"
25
26	/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
27	int bits = 1024;
28
29	/*
30	* Flag indicating that we just want to change the passphrase. This can be
31	* set on the command line.
32	*/
33	int change_passphrase = 0;
34
35	/*
36	* Flag indicating that we just want to change the comment. This can be set
37	* on the command line.
38	*/
39	int change_comment = 0;
40
41	int quiet = 0;
42
43	/* Flag indicating that we just want to see the key fingerprint */
44	int print_fingerprint = 0;
45
46	/* The identity file name, given on the command line or entered by the user. */
47	char identity_file[1024];
48	int have_identity = 0;
49
50	/* This is set to the passphrase if given on the command line. */
51	char *identity_passphrase = NULL;
52
53	/* This is set to the new passphrase if given on the command line. */
54	char *identity_new_passphrase = NULL;
55
56	/* This is set to the new comment if given on the command line. */
57	char *identity_comment = NULL;
58
59	/* Dump public key file in format used by real and the original SSH 2 */
60	int convert_to_ssh2 = 0;
61	int convert_from_ssh2 = 0;
62	int print_public = 0;
63	int dsa_mode = 0;
64
65	/* argv0 */
66	#ifdef HAVE___PROGNAME
67	extern char *__progname;
68	#else /* HAVE___PROGNAME */
69	static const char *__progname = "ssh-keygen";
70	#endif /* HAVE___PROGNAME */
71
72	char hostname[MAXHOSTNAMELEN];
73
74	void
75	ask_filename(struct passwd pw, const char prompt)
76	{
77	char buf[1024];
78	snprintf(identity_file, sizeof(identity_file), "%s/%s",
79	pw->pw_dir,
80	dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
81	printf("%s (%s): ", prompt, identity_file);
82	fflush(stdout);
83	if (fgets(buf, sizeof(buf), stdin) == NULL)
84	exit(1);
85	if (strchr(buf, '\n'))
86	*strchr(buf, '\n') = 0;
87	if (strcmp(buf, "") != 0)
88	strlcpy(identity_file, buf, sizeof(identity_file));
89	have_identity = 1;
90	}
91
92	int
93	try_load_key(char filename, Key k)
94	{
95	int success = 1;
96	if (!load_private_key(filename, "", k, NULL)) {
97	char *pass = read_passphrase("Enter passphrase: ", 1);
98	if (!load_private_key(filename, pass, k, NULL)) {
99	success = 0;
100	}
101	memset(pass, 0, strlen(pass));
102	xfree(pass);
103	}
104	return success;
105	}
106
107	#define SSH_COM_MAGIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
108	#define SSH_COM_MAGIC_END "---- END SSH2 PUBLIC KEY ----"
109
110	void
111	do_convert_to_ssh2(struct passwd *pw)
112	{
113	Key *k;
114	int len;
115	unsigned char *blob;
116	struct stat st;
117
118	if (!have_identity)
119	ask_filename(pw, "Enter file in which the key is");
120	if (stat(identity_file, &st) < 0) {
121	perror(identity_file);
122	exit(1);
123	}
124	k = key_new(KEY_DSA);
125	if (!try_load_key(identity_file, k)) {
126	fprintf(stderr, "load failed\n");
127	exit(1);
128	}
129	dsa_make_key_blob(k, &blob, &len);
130	fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN);
131	fprintf(stdout,
132	"Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n",
133	BN_num_bits(k->dsa->p),
134	pw->pw_name, hostname);
135	dump_base64(stdout, blob, len);
136	fprintf(stdout, "%s\n", SSH_COM_MAGIC_END);
137	key_free(k);
138	xfree(blob);
139	exit(0);
140	}
141
142	void
143	do_convert_from_ssh2(struct passwd *pw)
144	{
145	Key *k;
146	int blen;
147	char line[1024], *p;
148	char blob[8096];
149	char encoded[8096];
150	struct stat st;
151	int escaped = 0;
152	FILE *fp;
153
154	if (!have_identity)
155	ask_filename(pw, "Enter file in which the key is");
156	if (stat(identity_file, &st) < 0) {
157	perror(identity_file);
158	exit(1);
159	}
160	fp = fopen(identity_file, "r");
161	if (fp == NULL) {
162	perror(identity_file);
163	exit(1);
164	}
165	encoded[0] = '\0';
166	while (fgets(line, sizeof(line), fp)) {
167	if (!(p = strchr(line, '\n'))) {
168	fprintf(stderr, "input line too long.\n");
169	exit(1);
170	}
171	if (p > line && p[-1] == '\\')
172	escaped++;
173	if (strncmp(line, "----", 4) == 0 \|\|
174	strstr(line, ": ") != NULL) {
175	fprintf(stderr, "ignore: %s", line);
176	continue;
177	}
178	if (escaped) {
179	escaped--;
180	fprintf(stderr, "escaped: %s", line);
181	continue;
182	}
183	*p = '\0';
184	strlcat(encoded, line, sizeof(encoded));
185	}
186	blen = uudecode(encoded, (unsigned char *)blob, sizeof(blob));
187	if (blen < 0) {
188	fprintf(stderr, "uudecode failed.\n");
189	exit(1);
190	}
191	k = dsa_key_from_blob(blob, blen);
192	if (!key_write(k, stdout))
193	fprintf(stderr, "key_write failed");
194	key_free(k);
195	fprintf(stdout, "\n");
196	fclose(fp);
197	exit(0);
198	}
199
200	void
201	do_print_public(struct passwd *pw)
202	{
203	Key *k;
204	int len;
205	unsigned char *blob;
206	struct stat st;
207
208	if (!have_identity)
209	ask_filename(pw, "Enter file in which the key is");
210	if (stat(identity_file, &st) < 0) {
211	perror(identity_file);
212	exit(1);
213	}
214	k = key_new(KEY_DSA);
215	if (!try_load_key(identity_file, k)) {
216	fprintf(stderr, "load failed\n");
217	exit(1);
218	}
219	dsa_make_key_blob(k, &blob, &len);
220	if (!key_write(k, stdout))
221	fprintf(stderr, "key_write failed");
222	key_free(k);
223	xfree(blob);
224	fprintf(stdout, "\n");
225	exit(0);
226	}
227
228	void
229	do_fingerprint(struct passwd *pw)
230	{
231	FILE *f;
232	BIGNUM e, n;
233	Key *public;
234	char comment = NULL, cp, ep, line[161024];
235	int i, skip = 0, num = 1, invalid = 1;
236	unsigned int ignore;
237	struct stat st;
238
239	if (!have_identity)
240	ask_filename(pw, "Enter file in which the key is");
241	if (stat(identity_file, &st) < 0) {
242	perror(identity_file);
243	exit(1);
244	}
245	public = key_new(KEY_RSA);
246	if (load_public_key(identity_file, public, &comment)) {
247	printf("%d %s %s\n", BN_num_bits(public->rsa->n),
248	key_fingerprint(public), comment);
249	key_free(public);
250	exit(0);
251	}
252	key_free(public);
253
254	/* XXX */
255	f = fopen(identity_file, "r");
256	if (f != NULL) {
257	n = BN_new();
258	e = BN_new();
259	while (fgets(line, sizeof(line), f)) {
260	i = strlen(line) - 1;
261	if (line[i] != '\n') {
262	error("line %d too long: %.40s...", num, line);
263	skip = 1;
264	continue;
265	}
266	num++;
267	if (skip) {
268	skip = 0;
269	continue;
270	}
271	line[i] = '\0';
272
273	/* Skip leading whitespace, empty and comment lines. */
274	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
275	;
276	if (!cp \|\| cp == '\n' \|\| *cp == '#')
277	continue ;
278	i = strtol(cp, &ep, 10);
279	if (i == 0 \|\| ep == NULL \|\| (ep != ' ' && ep != '\t')) {
280	int quoted = 0;
281	comment = cp;
282	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
283	if (*cp == '\\' && cp[1] == '"')
284	cp++; /* Skip both */
285	else if (*cp == '"')
286	quoted = !quoted;
287	}
288	if (!*cp)
289	continue;
290	*cp++ = '\0';
291	}
292	ep = cp;
293	if (auth_rsa_read_key(&cp, &ignore, e, n)) {
294	invalid = 0;
295	comment = *cp ? cp : comment;
296	printf("%d %s %s\n", BN_num_bits(n),
297	fingerprint(e, n),
298	comment ? comment : "no comment");
299	}
300	}
301	BN_free(e);
302	BN_free(n);
303	fclose(f);
304	}
305	if (invalid) {
306	printf("%s is not a valid key file.\n", identity_file);
307	exit(1);
308	}
309	exit(0);
310	}
311
312	/*
313	* Perform changing a passphrase. The argument is the passwd structure
314	* for the current user.
315	*/
316	void
317	do_change_passphrase(struct passwd *pw)
318	{
319	char *comment;
320	char old_passphrase, passphrase1, *passphrase2;
321	struct stat st;
322	Key *private;
323	Key *public;
324	int type = dsa_mode ? KEY_DSA : KEY_RSA;
325
326	if (!have_identity)
327	ask_filename(pw, "Enter file in which the key is");
328	if (stat(identity_file, &st) < 0) {
329	perror(identity_file);
330	exit(1);
331	}
332
333	if (type == KEY_RSA) {
334	/* XXX this works currently only for RSA */
335	public = key_new(type);
336	if (!load_public_key(identity_file, public, NULL)) {
337	printf("%s is not a valid key file.\n", identity_file);
338	exit(1);
339	}
340	/* Clear the public key since we are just about to load the whole file. */
341	key_free(public);
342	}
343
344	/* Try to load the file with empty passphrase. */
345	private = key_new(type);
346	if (!load_private_key(identity_file, "", private, &comment)) {
347	if (identity_passphrase)
348	old_passphrase = xstrdup(identity_passphrase);
349	else
350	old_passphrase = read_passphrase("Enter old passphrase: ", 1);
351	if (!load_private_key(identity_file, old_passphrase, private, &comment)) {
352	memset(old_passphrase, 0, strlen(old_passphrase));
353	xfree(old_passphrase);
354	printf("Bad passphrase.\n");
355	exit(1);
356	}
357	memset(old_passphrase, 0, strlen(old_passphrase));
358	xfree(old_passphrase);
359	}
360	printf("Key has comment '%s'\n", comment);
361
362	/* Ask the new passphrase (twice). */
363	if (identity_new_passphrase) {
364	passphrase1 = xstrdup(identity_new_passphrase);
365	passphrase2 = NULL;
366	} else {
367	passphrase1 =
368	read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
369	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
370
371	/* Verify that they are the same. */
372	if (strcmp(passphrase1, passphrase2) != 0) {
373	memset(passphrase1, 0, strlen(passphrase1));
374	memset(passphrase2, 0, strlen(passphrase2));
375	xfree(passphrase1);
376	xfree(passphrase2);
377	printf("Pass phrases do not match. Try again.\n");
378	exit(1);
379	}
380	/* Destroy the other copy. */
381	memset(passphrase2, 0, strlen(passphrase2));
382	xfree(passphrase2);
383	}
384
385	/* Save the file using the new passphrase. */
386	if (!save_private_key(identity_file, passphrase1, private, comment)) {
387	printf("Saving the key failed: %s: %s.\n",
388	identity_file, strerror(errno));
389	memset(passphrase1, 0, strlen(passphrase1));
390	xfree(passphrase1);
391	key_free(private);
392	xfree(comment);
393	exit(1);
394	}
395	/* Destroy the passphrase and the copy of the key in memory. */
396	memset(passphrase1, 0, strlen(passphrase1));
397	xfree(passphrase1);
398	key_free(private); /* Destroys contents */
399	xfree(comment);
400
401	printf("Your identification has been saved with the new passphrase.\n");
402	exit(0);
403	}
404
405	/*
406	* Change the comment of a private key file.
407	*/
408	void
409	do_change_comment(struct passwd *pw)
410	{
411	char new_comment[1024], *comment;
412	Key *private;
413	Key *public;
414	char *passphrase;
415	struct stat st;
416	FILE *f;
417
418	if (!have_identity)
419	ask_filename(pw, "Enter file in which the key is");
420	if (stat(identity_file, &st) < 0) {
421	perror(identity_file);
422	exit(1);
423	}
424	/*
425	* Try to load the public key from the file the verify that it is
426	* readable and of the proper format.
427	*/
428	public = key_new(KEY_RSA);
429	if (!load_public_key(identity_file, public, NULL)) {
430	printf("%s is not a valid key file.\n", identity_file);
431	exit(1);
432	}
433
434	private = key_new(KEY_RSA);
435	if (load_private_key(identity_file, "", private, &comment))
436	passphrase = xstrdup("");
437	else {
438	if (identity_passphrase)
439	passphrase = xstrdup(identity_passphrase);
440	else if (identity_new_passphrase)
441	passphrase = xstrdup(identity_new_passphrase);
442	else
443	passphrase = read_passphrase("Enter passphrase: ", 1);
444	/* Try to load using the passphrase. */
445	if (!load_private_key(identity_file, passphrase, private, &comment)) {
446	memset(passphrase, 0, strlen(passphrase));
447	xfree(passphrase);
448	printf("Bad passphrase.\n");
449	exit(1);
450	}
451	}
452	printf("Key now has comment '%s'\n", comment);
453
454	if (identity_comment) {
455	strlcpy(new_comment, identity_comment, sizeof(new_comment));
456	} else {
457	printf("Enter new comment: ");
458	fflush(stdout);
459	if (!fgets(new_comment, sizeof(new_comment), stdin)) {
460	memset(passphrase, 0, strlen(passphrase));
461	key_free(private);
462	exit(1);
463	}
464	if (strchr(new_comment, '\n'))
465	*strchr(new_comment, '\n') = 0;
466	}
467
468	/* Save the file using the new passphrase. */
469	if (!save_private_key(identity_file, passphrase, private, new_comment)) {
470	printf("Saving the key failed: %s: %s.\n",
471	identity_file, strerror(errno));
472	memset(passphrase, 0, strlen(passphrase));
473	xfree(passphrase);
474	key_free(private);
475	xfree(comment);
476	exit(1);
477	}
478	memset(passphrase, 0, strlen(passphrase));
479	xfree(passphrase);
480	key_free(private);
481
482	strlcat(identity_file, ".pub", sizeof(identity_file));
483	f = fopen(identity_file, "w");
484	if (!f) {
485	printf("Could not save your public key in %s\n", identity_file);
486	exit(1);
487	}
488	if (!key_write(public, f))
489	fprintf(stderr, "write key failed");
490	key_free(public);
491	fprintf(f, " %s\n", new_comment);
492	fclose(f);
493
494	xfree(comment);
495
496	printf("The comment in your key file has been changed.\n");
497	exit(0);
498	}
499
500	void
501	usage(void)
502	{
503	printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
504	exit(1);
505	}
506
507	/*
508	* Main program for key management.
509	*/
510	int
511	main(int ac, char **av)
512	{
513	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;
514	struct passwd *pw;
515	int opt;
516	struct stat st;
517	FILE *f;
518	Key *private;
519	Key *public;
520	extern int optind;
521	extern char *optarg;
522
523	init_rng();
524
525	SSLeay_add_all_algorithms();
526
527	/* we need this for the home * directory. */
528	pw = getpwuid(getuid());
529	if (!pw) {
530	printf("You don't exist, go away!\n");
531	exit(1);
532	}
533	if (gethostname(hostname, sizeof(hostname)) < 0) {
534	perror("gethostname");
535	exit(1);
536	}
537
538	while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {
539	switch (opt) {
540	case 'b':
541	bits = atoi(optarg);
542	if (bits < 512 \|\| bits > 32768) {
543	printf("Bits has bad value.\n");
544	exit(1);
545	}
546	break;
547
548	case 'l':
549	print_fingerprint = 1;
550	break;
551
552	case 'p':
553	change_passphrase = 1;
554	break;
555
556	case 'c':
557	change_comment = 1;
558	break;
559
560	case 'f':
561	strlcpy(identity_file, optarg, sizeof(identity_file));
562	have_identity = 1;
563	break;
564
565	case 'P':
566	identity_passphrase = optarg;
567	break;
568
569	case 'N':
570	identity_new_passphrase = optarg;
571	break;
572
573	case 'C':
574	identity_comment = optarg;
575	break;
576
577	case 'q':
578	quiet = 1;
579	break;
580
581	case 'R':
582	if (rsa_alive() == 0)
583	exit(1);
584	else
585	exit(0);
586	break;
587
588	case 'x':
589	convert_to_ssh2 = 1;
590	break;
591
592	case 'X':
593	convert_from_ssh2 = 1;
594	break;
595
596	case 'y':
597	print_public = 1;
598	break;
599
600	case 'd':
601	dsa_mode = 1;
602	break;
603
604	case '?':
605	default:
606	usage();
607	}
608	}
609	if (optind < ac) {
610	printf("Too many arguments.\n");
611	usage();
612	}
613	if (change_passphrase && change_comment) {
614	printf("Can only have one of -p and -c.\n");
615	usage();
616	}
617	/* check if RSA support is needed and exists */
618	if (dsa_mode == 0 && rsa_alive() == 0) {
619	fprintf(stderr,
620	"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
621	__progname);
622	exit(1);
623	}
624	if (print_fingerprint)
625	do_fingerprint(pw);
626	if (change_passphrase)
627	do_change_passphrase(pw);
628	if (change_comment)
629	do_change_comment(pw);
630	if (convert_to_ssh2)
631	do_convert_to_ssh2(pw);
632	if (convert_from_ssh2)
633	do_convert_from_ssh2(pw);
634	if (print_public)
635	do_print_public(pw);
636
637	arc4random_stir();
638
639	if (dsa_mode != 0) {
640	if (!quiet)
641	printf("Generating DSA parameter and key.\n");
642	public = private = dsa_generate_key(bits);
643	if (private == NULL) {
644	fprintf(stderr, "dsa_generate_keys failed");
645	exit(1);
646	}
647	} else {
648	if (quiet)
649	rsa_set_verbose(0);
650	/* Generate the rsa key pair. */
651	public = key_new(KEY_RSA);
652	private = key_new(KEY_RSA);
653	rsa_generate_key(private->rsa, public->rsa, bits);
654	}
655
656	if (!have_identity)
657	ask_filename(pw, "Enter file in which to save the key");
658
659	/* Create ~/.ssh directory if it doesn\'t already exist. */
660	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
661	if (strstr(identity_file, dotsshdir) != NULL &&
662	stat(dotsshdir, &st) < 0) {
663	if (mkdir(dotsshdir, 0700) < 0)
664	error("Could not create directory '%s'.", dotsshdir);
665	else if (!quiet)
666	printf("Created directory '%s'.\n", dotsshdir);
667	}
668	/* If the file already exists, ask the user to confirm. */
669	if (stat(identity_file, &st) >= 0) {
670	char yesno[3];
671	printf("%s already exists.\n", identity_file);
672	printf("Overwrite (y/n)? ");
673	fflush(stdout);
674	if (fgets(yesno, sizeof(yesno), stdin) == NULL)
675	exit(1);
676	if (yesno[0] != 'y' && yesno[0] != 'Y')
677	exit(1);
678	}
679	/* Ask for a passphrase (twice). */
680	if (identity_passphrase)
681	passphrase1 = xstrdup(identity_passphrase);
682	else if (identity_new_passphrase)
683	passphrase1 = xstrdup(identity_new_passphrase);
684	else {
685	passphrase_again:
686	passphrase1 =
687	read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
688	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
689	if (strcmp(passphrase1, passphrase2) != 0) {
690	/* The passphrases do not match. Clear them and retry. */
691	memset(passphrase1, 0, strlen(passphrase1));
692	memset(passphrase2, 0, strlen(passphrase2));
693	xfree(passphrase1);
694	xfree(passphrase2);
695	printf("Passphrases do not match. Try again.\n");
696	goto passphrase_again;
697	}
698	/* Clear the other copy of the passphrase. */
699	memset(passphrase2, 0, strlen(passphrase2));
700	xfree(passphrase2);
701	}
702
703	if (identity_comment) {
704	strlcpy(comment, identity_comment, sizeof(comment));
705	} else {
706	/* Create default commend field for the passphrase. */
707	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
708	}
709
710	/* Save the key with the given passphrase and comment. */
711	if (!save_private_key(identity_file, passphrase1, private, comment)) {
712	printf("Saving the key failed: %s: %s.\n",
713	identity_file, strerror(errno));
714	memset(passphrase1, 0, strlen(passphrase1));
715	xfree(passphrase1);
716	exit(1);
717	}
718	/* Clear the passphrase. */
719	memset(passphrase1, 0, strlen(passphrase1));
720	xfree(passphrase1);
721
722	/* Clear the private key and the random number generator. */
723	if (private != public) {
724	key_free(private);
725	}
726	arc4random_stir();
727
728	if (!quiet)
729	printf("Your identification has been saved in %s.\n", identity_file);
730
731	strlcat(identity_file, ".pub", sizeof(identity_file));
732	f = fopen(identity_file, "w");
733	if (!f) {
734	printf("Could not save your public key in %s\n", identity_file);
735	exit(1);
736	}
737	if (!key_write(public, f))
738	fprintf(stderr, "write key failed");
739	fprintf(f, " %s\n", comment);
740	fclose(f);
741
742	if (!quiet) {
743	printf("Your public key has been saved in %s.\n",
744	identity_file);
745	printf("The key fingerprint is:\n");
746	printf("%s %s\n", key_fingerprint(public), comment);
747	}
748
749	key_free(public);
750	exit(0);
751	}