xref: /openssh-portable/ssh-keygen.c (revision 8aa2aa3c)
1 /* $OpenBSD: ssh-keygen.c,v 1.350 2019/09/16 03:23:02 djm Exp $ */
2 /*
3  * Author: Tatu Ylonen <ylo@cs.hut.fi>
4  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  * Identity and host key generation and maintenance.
7  *
8  * As far as I am concerned, the code I have written for this software
9  * can be used freely for any purpose.  Any derived versions of this
10  * software must be clearly marked as such, and if the derived work is
11  * incompatible with the protocol description in the RFC file, it must be
12  * called by a name other than "ssh" or "Secure Shell".
13  */
14 
15 #include "includes.h"
16 
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 
21 #ifdef WITH_OPENSSL
22 #include <openssl/evp.h>
23 #include <openssl/pem.h>
24 #include "openbsd-compat/openssl-compat.h"
25 #endif
26 
27 #include <stdint.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <netdb.h>
31 #ifdef HAVE_PATHS_H
32 # include <paths.h>
33 #endif
34 #include <pwd.h>
35 #include <stdarg.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <unistd.h>
40 #include <limits.h>
41 #include <locale.h>
42 #include <time.h>
43 
44 #include "xmalloc.h"
45 #include "sshkey.h"
46 #include "authfile.h"
47 #include "sshbuf.h"
48 #include "pathnames.h"
49 #include "log.h"
50 #include "misc.h"
51 #include "match.h"
52 #include "hostfile.h"
53 #include "dns.h"
54 #include "ssh.h"
55 #include "ssh2.h"
56 #include "ssherr.h"
57 #include "ssh-pkcs11.h"
58 #include "atomicio.h"
59 #include "krl.h"
60 #include "digest.h"
61 #include "utf8.h"
62 #include "authfd.h"
63 #include "sshsig.h"
64 
65 #ifdef WITH_OPENSSL
66 # define DEFAULT_KEY_TYPE_NAME "rsa"
67 #else
68 # define DEFAULT_KEY_TYPE_NAME "ed25519"
69 #endif
70 
71 /*
72  * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
73  * overridden on the command line.
74  *
75  * These values, with the exception of DSA, provide security equivalent to at
76  * least 128 bits of security according to NIST Special Publication 800-57:
77  * Recommendation for Key Management Part 1 rev 4 section 5.6.1.
78  * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for
79  * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
80  * SHA1 we limit the DSA key size 1k bits.
81  */
82 #define DEFAULT_BITS		3072
83 #define DEFAULT_BITS_DSA	1024
84 #define DEFAULT_BITS_ECDSA	256
85 
86 static int quiet = 0;
87 
88 /* Flag indicating that we just want to see the key fingerprint */
89 static int print_fingerprint = 0;
90 static int print_bubblebabble = 0;
91 
92 /* Hash algorithm to use for fingerprints. */
93 static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
94 
95 /* The identity file name, given on the command line or entered by the user. */
96 static char identity_file[1024];
97 static int have_identity = 0;
98 
99 /* This is set to the passphrase if given on the command line. */
100 static char *identity_passphrase = NULL;
101 
102 /* This is set to the new passphrase if given on the command line. */
103 static char *identity_new_passphrase = NULL;
104 
105 /* Key type when certifying */
106 static u_int cert_key_type = SSH2_CERT_TYPE_USER;
107 
108 /* "key ID" of signed key */
109 static char *cert_key_id = NULL;
110 
111 /* Comma-separated list of principal names for certifying keys */
112 static char *cert_principals = NULL;
113 
114 /* Validity period for certificates */
115 static u_int64_t cert_valid_from = 0;
116 static u_int64_t cert_valid_to = ~0ULL;
117 
118 /* Certificate options */
119 #define CERTOPT_X_FWD	(1)
120 #define CERTOPT_AGENT_FWD	(1<<1)
121 #define CERTOPT_PORT_FWD	(1<<2)
122 #define CERTOPT_PTY		(1<<3)
123 #define CERTOPT_USER_RC	(1<<4)
124 #define CERTOPT_DEFAULT	(CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
125 			 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
126 static u_int32_t certflags_flags = CERTOPT_DEFAULT;
127 static char *certflags_command = NULL;
128 static char *certflags_src_addr = NULL;
129 
130 /* Arbitrary extensions specified by user */
131 struct cert_userext {
132 	char *key;
133 	char *val;
134 	int crit;
135 };
136 static struct cert_userext *cert_userext;
137 static size_t ncert_userext;
138 
139 /* Conversion to/from various formats */
140 enum {
141 	FMT_RFC4716,
142 	FMT_PKCS8,
143 	FMT_PEM
144 } convert_format = FMT_RFC4716;
145 
146 static char *key_type_name = NULL;
147 
148 /* Load key from this PKCS#11 provider */
149 static char *pkcs11provider = NULL;
150 
151 /* Format for writing private keys */
152 static int private_key_format = SSHKEY_PRIVATE_OPENSSH;
153 
154 /* Cipher for new-format private keys */
155 static char *openssh_format_cipher = NULL;
156 
157 /*
158  * Number of KDF rounds to derive new format keys /
159  * number of primality trials when screening moduli.
160  */
161 static int rounds = 0;
162 
163 /* argv0 */
164 extern char *__progname;
165 
166 static char hostname[NI_MAXHOST];
167 
168 #ifdef WITH_OPENSSL
169 /* moduli.c */
170 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
171 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
172     unsigned long);
173 #endif
174 
175 static void
type_bits_valid(int type,const char * name,u_int32_t * bitsp)176 type_bits_valid(int type, const char *name, u_int32_t *bitsp)
177 {
178 	if (type == KEY_UNSPEC)
179 		fatal("unknown key type %s", key_type_name);
180 	if (*bitsp == 0) {
181 #ifdef WITH_OPENSSL
182 		u_int nid;
183 
184 		switch(type) {
185 		case KEY_DSA:
186 			*bitsp = DEFAULT_BITS_DSA;
187 			break;
188 		case KEY_ECDSA:
189 			if (name != NULL &&
190 			    (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
191 				*bitsp = sshkey_curve_nid_to_bits(nid);
192 			if (*bitsp == 0)
193 				*bitsp = DEFAULT_BITS_ECDSA;
194 			break;
195 		case KEY_RSA:
196 			*bitsp = DEFAULT_BITS;
197 			break;
198 		}
199 #endif
200 	}
201 #ifdef WITH_OPENSSL
202 	switch (type) {
203 	case KEY_DSA:
204 		if (*bitsp != 1024)
205 			fatal("Invalid DSA key length: must be 1024 bits");
206 		break;
207 	case KEY_RSA:
208 		if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
209 			fatal("Invalid RSA key length: minimum is %d bits",
210 			    SSH_RSA_MINIMUM_MODULUS_SIZE);
211 		else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
212 			fatal("Invalid RSA key length: maximum is %d bits",
213 			    OPENSSL_RSA_MAX_MODULUS_BITS);
214 		break;
215 	case KEY_ECDSA:
216 		if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
217 			fatal("Invalid ECDSA key length: valid lengths are "
218 #ifdef OPENSSL_HAS_NISTP521
219 			    "256, 384 or 521 bits");
220 #else
221 			    "256 or 384 bits");
222 #endif
223 	}
224 #endif
225 }
226 
227 /*
228  * Checks whether a file exists and, if so, asks the user whether they wish
229  * to overwrite it.
230  * Returns nonzero if the file does not already exist or if the user agrees to
231  * overwrite, or zero otherwise.
232  */
233 static int
confirm_overwrite(const char * filename)234 confirm_overwrite(const char *filename)
235 {
236 	char yesno[3];
237 	struct stat st;
238 
239 	if (stat(filename, &st) != 0)
240 		return 1;
241 	printf("%s already exists.\n", filename);
242 	printf("Overwrite (y/n)? ");
243 	fflush(stdout);
244 	if (fgets(yesno, sizeof(yesno), stdin) == NULL)
245 		return 0;
246 	if (yesno[0] != 'y' && yesno[0] != 'Y')
247 		return 0;
248 	return 1;
249 }
250 
251 static void
ask_filename(struct passwd * pw,const char * prompt)252 ask_filename(struct passwd *pw, const char *prompt)
253 {
254 	char buf[1024];
255 	char *name = NULL;
256 
257 	if (key_type_name == NULL)
258 		name = _PATH_SSH_CLIENT_ID_RSA;
259 	else {
260 		switch (sshkey_type_from_name(key_type_name)) {
261 		case KEY_DSA_CERT:
262 		case KEY_DSA:
263 			name = _PATH_SSH_CLIENT_ID_DSA;
264 			break;
265 #ifdef OPENSSL_HAS_ECC
266 		case KEY_ECDSA_CERT:
267 		case KEY_ECDSA:
268 			name = _PATH_SSH_CLIENT_ID_ECDSA;
269 			break;
270 #endif
271 		case KEY_RSA_CERT:
272 		case KEY_RSA:
273 			name = _PATH_SSH_CLIENT_ID_RSA;
274 			break;
275 		case KEY_ED25519:
276 		case KEY_ED25519_CERT:
277 			name = _PATH_SSH_CLIENT_ID_ED25519;
278 			break;
279 		case KEY_XMSS:
280 		case KEY_XMSS_CERT:
281 			name = _PATH_SSH_CLIENT_ID_XMSS;
282 			break;
283 		default:
284 			fatal("bad key type");
285 		}
286 	}
287 	snprintf(identity_file, sizeof(identity_file),
288 	    "%s/%s", pw->pw_dir, name);
289 	printf("%s (%s): ", prompt, identity_file);
290 	fflush(stdout);
291 	if (fgets(buf, sizeof(buf), stdin) == NULL)
292 		exit(1);
293 	buf[strcspn(buf, "\n")] = '\0';
294 	if (strcmp(buf, "") != 0)
295 		strlcpy(identity_file, buf, sizeof(identity_file));
296 	have_identity = 1;
297 }
298 
299 static struct sshkey *
load_identity(const char * filename,char ** commentp)300 load_identity(const char *filename, char **commentp)
301 {
302 	char *pass;
303 	struct sshkey *prv;
304 	int r;
305 
306 	if (commentp != NULL)
307 		*commentp = NULL;
308 	if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0)
309 		return prv;
310 	if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
311 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
312 	if (identity_passphrase)
313 		pass = xstrdup(identity_passphrase);
314 	else
315 		pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
316 	r = sshkey_load_private(filename, pass, &prv, commentp);
317 	explicit_bzero(pass, strlen(pass));
318 	free(pass);
319 	if (r != 0)
320 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
321 	return prv;
322 }
323 
324 #define SSH_COM_PUBLIC_BEGIN		"---- BEGIN SSH2 PUBLIC KEY ----"
325 #define SSH_COM_PUBLIC_END		"---- END SSH2 PUBLIC KEY ----"
326 #define SSH_COM_PRIVATE_BEGIN		"---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
327 #define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
328 
329 #ifdef WITH_OPENSSL
330 static void
do_convert_to_ssh2(struct passwd * pw,struct sshkey * k)331 do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
332 {
333 	struct sshbuf *b;
334 	char comment[61], *b64;
335 	int r;
336 
337 	if ((b = sshbuf_new()) == NULL)
338 		fatal("%s: sshbuf_new failed", __func__);
339 	if ((r = sshkey_putb(k, b)) != 0)
340 		fatal("key_to_blob failed: %s", ssh_err(r));
341 	if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL)
342 		fatal("%s: sshbuf_dtob64_string failed", __func__);
343 
344 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
345 	snprintf(comment, sizeof(comment),
346 	    "%u-bit %s, converted by %s@%s from OpenSSH",
347 	    sshkey_size(k), sshkey_type(k),
348 	    pw->pw_name, hostname);
349 
350 	sshkey_free(k);
351 	sshbuf_free(b);
352 
353 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
354 	fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64);
355 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
356 	free(b64);
357 	exit(0);
358 }
359 
360 static void
do_convert_to_pkcs8(struct sshkey * k)361 do_convert_to_pkcs8(struct sshkey *k)
362 {
363 	switch (sshkey_type_plain(k->type)) {
364 	case KEY_RSA:
365 		if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
366 			fatal("PEM_write_RSA_PUBKEY failed");
367 		break;
368 	case KEY_DSA:
369 		if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
370 			fatal("PEM_write_DSA_PUBKEY failed");
371 		break;
372 #ifdef OPENSSL_HAS_ECC
373 	case KEY_ECDSA:
374 		if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
375 			fatal("PEM_write_EC_PUBKEY failed");
376 		break;
377 #endif
378 	default:
379 		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
380 	}
381 	exit(0);
382 }
383 
384 static void
do_convert_to_pem(struct sshkey * k)385 do_convert_to_pem(struct sshkey *k)
386 {
387 	switch (sshkey_type_plain(k->type)) {
388 	case KEY_RSA:
389 		if (!PEM_write_RSAPublicKey(stdout, k->rsa))
390 			fatal("PEM_write_RSAPublicKey failed");
391 		break;
392 	default:
393 		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
394 	}
395 	exit(0);
396 }
397 
398 static void
do_convert_to(struct passwd * pw)399 do_convert_to(struct passwd *pw)
400 {
401 	struct sshkey *k;
402 	struct stat st;
403 	int r;
404 
405 	if (!have_identity)
406 		ask_filename(pw, "Enter file in which the key is");
407 	if (stat(identity_file, &st) == -1)
408 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
409 	if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
410 		k = load_identity(identity_file, NULL);
411 	switch (convert_format) {
412 	case FMT_RFC4716:
413 		do_convert_to_ssh2(pw, k);
414 		break;
415 	case FMT_PKCS8:
416 		do_convert_to_pkcs8(k);
417 		break;
418 	case FMT_PEM:
419 		do_convert_to_pem(k);
420 		break;
421 	default:
422 		fatal("%s: unknown key format %d", __func__, convert_format);
423 	}
424 	exit(0);
425 }
426 
427 /*
428  * This is almost exactly the bignum1 encoding, but with 32 bit for length
429  * instead of 16.
430  */
431 static void
buffer_get_bignum_bits(struct sshbuf * b,BIGNUM * value)432 buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value)
433 {
434 	u_int bytes, bignum_bits;
435 	int r;
436 
437 	if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0)
438 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
439 	bytes = (bignum_bits + 7) / 8;
440 	if (sshbuf_len(b) < bytes)
441 		fatal("%s: input buffer too small: need %d have %zu",
442 		    __func__, bytes, sshbuf_len(b));
443 	if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL)
444 		fatal("%s: BN_bin2bn failed", __func__);
445 	if ((r = sshbuf_consume(b, bytes)) != 0)
446 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
447 }
448 
449 static struct sshkey *
do_convert_private_ssh2(struct sshbuf * b)450 do_convert_private_ssh2(struct sshbuf *b)
451 {
452 	struct sshkey *key = NULL;
453 	char *type, *cipher;
454 	u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
455 	int r, rlen, ktype;
456 	u_int magic, i1, i2, i3, i4;
457 	size_t slen;
458 	u_long e;
459 	BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
460 	BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
461 	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
462 	BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
463 
464 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
465 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
466 
467 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
468 		error("bad magic 0x%x != 0x%x", magic,
469 		    SSH_COM_PRIVATE_KEY_MAGIC);
470 		return NULL;
471 	}
472 	if ((r = sshbuf_get_u32(b, &i1)) != 0 ||
473 	    (r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
474 	    (r = sshbuf_get_cstring(b, &cipher, NULL)) != 0 ||
475 	    (r = sshbuf_get_u32(b, &i2)) != 0 ||
476 	    (r = sshbuf_get_u32(b, &i3)) != 0 ||
477 	    (r = sshbuf_get_u32(b, &i4)) != 0)
478 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
479 	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
480 	if (strcmp(cipher, "none") != 0) {
481 		error("unsupported cipher %s", cipher);
482 		free(cipher);
483 		free(type);
484 		return NULL;
485 	}
486 	free(cipher);
487 
488 	if (strstr(type, "dsa")) {
489 		ktype = KEY_DSA;
490 	} else if (strstr(type, "rsa")) {
491 		ktype = KEY_RSA;
492 	} else {
493 		free(type);
494 		return NULL;
495 	}
496 	if ((key = sshkey_new(ktype)) == NULL)
497 		fatal("sshkey_new failed");
498 	free(type);
499 
500 	switch (key->type) {
501 	case KEY_DSA:
502 		if ((dsa_p = BN_new()) == NULL ||
503 		    (dsa_q = BN_new()) == NULL ||
504 		    (dsa_g = BN_new()) == NULL ||
505 		    (dsa_pub_key = BN_new()) == NULL ||
506 		    (dsa_priv_key = BN_new()) == NULL)
507 			fatal("%s: BN_new", __func__);
508 		buffer_get_bignum_bits(b, dsa_p);
509 		buffer_get_bignum_bits(b, dsa_g);
510 		buffer_get_bignum_bits(b, dsa_q);
511 		buffer_get_bignum_bits(b, dsa_pub_key);
512 		buffer_get_bignum_bits(b, dsa_priv_key);
513 		if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
514 			fatal("%s: DSA_set0_pqg failed", __func__);
515 		dsa_p = dsa_q = dsa_g = NULL; /* transferred */
516 		if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
517 			fatal("%s: DSA_set0_key failed", __func__);
518 		dsa_pub_key = dsa_priv_key = NULL; /* transferred */
519 		break;
520 	case KEY_RSA:
521 		if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
522 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
523 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0))
524 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
525 		e = e1;
526 		debug("e %lx", e);
527 		if (e < 30) {
528 			e <<= 8;
529 			e += e2;
530 			debug("e %lx", e);
531 			e <<= 8;
532 			e += e3;
533 			debug("e %lx", e);
534 		}
535 		if ((rsa_e = BN_new()) == NULL)
536 			fatal("%s: BN_new", __func__);
537 		if (!BN_set_word(rsa_e, e)) {
538 			BN_clear_free(rsa_e);
539 			sshkey_free(key);
540 			return NULL;
541 		}
542 		if ((rsa_n = BN_new()) == NULL ||
543 		    (rsa_d = BN_new()) == NULL ||
544 		    (rsa_p = BN_new()) == NULL ||
545 		    (rsa_q = BN_new()) == NULL ||
546 		    (rsa_iqmp = BN_new()) == NULL)
547 			fatal("%s: BN_new", __func__);
548 		buffer_get_bignum_bits(b, rsa_d);
549 		buffer_get_bignum_bits(b, rsa_n);
550 		buffer_get_bignum_bits(b, rsa_iqmp);
551 		buffer_get_bignum_bits(b, rsa_q);
552 		buffer_get_bignum_bits(b, rsa_p);
553 		if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
554 			fatal("%s: RSA_set0_key failed", __func__);
555 		rsa_n = rsa_e = rsa_d = NULL; /* transferred */
556 		if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
557 			fatal("%s: RSA_set0_factors failed", __func__);
558 		rsa_p = rsa_q = NULL; /* transferred */
559 		if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
560 			fatal("generate RSA parameters failed: %s", ssh_err(r));
561 		BN_clear_free(rsa_iqmp);
562 		break;
563 	}
564 	rlen = sshbuf_len(b);
565 	if (rlen != 0)
566 		error("%s: remaining bytes in key blob %d", __func__, rlen);
567 
568 	/* try the key */
569 	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
570 	    sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) {
571 		sshkey_free(key);
572 		free(sig);
573 		return NULL;
574 	}
575 	free(sig);
576 	return key;
577 }
578 
579 static int
get_line(FILE * fp,char * line,size_t len)580 get_line(FILE *fp, char *line, size_t len)
581 {
582 	int c;
583 	size_t pos = 0;
584 
585 	line[0] = '\0';
586 	while ((c = fgetc(fp)) != EOF) {
587 		if (pos >= len - 1)
588 			fatal("input line too long.");
589 		switch (c) {
590 		case '\r':
591 			c = fgetc(fp);
592 			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
593 				fatal("unget: %s", strerror(errno));
594 			return pos;
595 		case '\n':
596 			return pos;
597 		}
598 		line[pos++] = c;
599 		line[pos] = '\0';
600 	}
601 	/* We reached EOF */
602 	return -1;
603 }
604 
605 static void
do_convert_from_ssh2(struct passwd * pw,struct sshkey ** k,int * private)606 do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
607 {
608 	int r, blen, escaped = 0;
609 	u_int len;
610 	char line[1024];
611 	struct sshbuf *buf;
612 	char encoded[8096];
613 	FILE *fp;
614 
615 	if ((buf = sshbuf_new()) == NULL)
616 		fatal("sshbuf_new failed");
617 	if ((fp = fopen(identity_file, "r")) == NULL)
618 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
619 	encoded[0] = '\0';
620 	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
621 		if (blen > 0 && line[blen - 1] == '\\')
622 			escaped++;
623 		if (strncmp(line, "----", 4) == 0 ||
624 		    strstr(line, ": ") != NULL) {
625 			if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
626 				*private = 1;
627 			if (strstr(line, " END ") != NULL) {
628 				break;
629 			}
630 			/* fprintf(stderr, "ignore: %s", line); */
631 			continue;
632 		}
633 		if (escaped) {
634 			escaped--;
635 			/* fprintf(stderr, "escaped: %s", line); */
636 			continue;
637 		}
638 		strlcat(encoded, line, sizeof(encoded));
639 	}
640 	len = strlen(encoded);
641 	if (((len % 4) == 3) &&
642 	    (encoded[len-1] == '=') &&
643 	    (encoded[len-2] == '=') &&
644 	    (encoded[len-3] == '='))
645 		encoded[len-3] = '\0';
646 	if ((r = sshbuf_b64tod(buf, encoded)) != 0)
647 		fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
648 	if (*private)
649 		*k = do_convert_private_ssh2(buf);
650 	else if ((r = sshkey_fromb(buf, k)) != 0)
651 		fatal("decode blob failed: %s", ssh_err(r));
652 	fclose(fp);
653 }
654 
655 static void
do_convert_from_pkcs8(struct sshkey ** k,int * private)656 do_convert_from_pkcs8(struct sshkey **k, int *private)
657 {
658 	EVP_PKEY *pubkey;
659 	FILE *fp;
660 
661 	if ((fp = fopen(identity_file, "r")) == NULL)
662 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
663 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
664 		fatal("%s: %s is not a recognised public key format", __func__,
665 		    identity_file);
666 	}
667 	fclose(fp);
668 	switch (EVP_PKEY_base_id(pubkey)) {
669 	case EVP_PKEY_RSA:
670 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
671 			fatal("sshkey_new failed");
672 		(*k)->type = KEY_RSA;
673 		(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);
674 		break;
675 	case EVP_PKEY_DSA:
676 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
677 			fatal("sshkey_new failed");
678 		(*k)->type = KEY_DSA;
679 		(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
680 		break;
681 #ifdef OPENSSL_HAS_ECC
682 	case EVP_PKEY_EC:
683 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
684 			fatal("sshkey_new failed");
685 		(*k)->type = KEY_ECDSA;
686 		(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);
687 		(*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa);
688 		break;
689 #endif
690 	default:
691 		fatal("%s: unsupported pubkey type %d", __func__,
692 		    EVP_PKEY_base_id(pubkey));
693 	}
694 	EVP_PKEY_free(pubkey);
695 	return;
696 }
697 
698 static void
do_convert_from_pem(struct sshkey ** k,int * private)699 do_convert_from_pem(struct sshkey **k, int *private)
700 {
701 	FILE *fp;
702 	RSA *rsa;
703 
704 	if ((fp = fopen(identity_file, "r")) == NULL)
705 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
706 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
707 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
708 			fatal("sshkey_new failed");
709 		(*k)->type = KEY_RSA;
710 		(*k)->rsa = rsa;
711 		fclose(fp);
712 		return;
713 	}
714 	fatal("%s: unrecognised raw private key format", __func__);
715 }
716 
717 static void
do_convert_from(struct passwd * pw)718 do_convert_from(struct passwd *pw)
719 {
720 	struct sshkey *k = NULL;
721 	int r, private = 0, ok = 0;
722 	struct stat st;
723 
724 	if (!have_identity)
725 		ask_filename(pw, "Enter file in which the key is");
726 	if (stat(identity_file, &st) == -1)
727 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
728 
729 	switch (convert_format) {
730 	case FMT_RFC4716:
731 		do_convert_from_ssh2(pw, &k, &private);
732 		break;
733 	case FMT_PKCS8:
734 		do_convert_from_pkcs8(&k, &private);
735 		break;
736 	case FMT_PEM:
737 		do_convert_from_pem(&k, &private);
738 		break;
739 	default:
740 		fatal("%s: unknown key format %d", __func__, convert_format);
741 	}
742 
743 	if (!private) {
744 		if ((r = sshkey_write(k, stdout)) == 0)
745 			ok = 1;
746 		if (ok)
747 			fprintf(stdout, "\n");
748 	} else {
749 		switch (k->type) {
750 		case KEY_DSA:
751 			ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
752 			    NULL, 0, NULL, NULL);
753 			break;
754 #ifdef OPENSSL_HAS_ECC
755 		case KEY_ECDSA:
756 			ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,
757 			    NULL, 0, NULL, NULL);
758 			break;
759 #endif
760 		case KEY_RSA:
761 			ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL,
762 			    NULL, 0, NULL, NULL);
763 			break;
764 		default:
765 			fatal("%s: unsupported key type %s", __func__,
766 			    sshkey_type(k));
767 		}
768 	}
769 
770 	if (!ok)
771 		fatal("key write failed");
772 	sshkey_free(k);
773 	exit(0);
774 }
775 #endif
776 
777 static void
do_print_public(struct passwd * pw)778 do_print_public(struct passwd *pw)
779 {
780 	struct sshkey *prv;
781 	struct stat st;
782 	int r;
783 	char *comment = NULL;
784 
785 	if (!have_identity)
786 		ask_filename(pw, "Enter file in which the key is");
787 	if (stat(identity_file, &st) == -1)
788 		fatal("%s: %s", identity_file, strerror(errno));
789 	prv = load_identity(identity_file, &comment);
790 	if ((r = sshkey_write(prv, stdout)) != 0)
791 		error("sshkey_write failed: %s", ssh_err(r));
792 	sshkey_free(prv);
793 	if (comment != NULL && *comment != '\0')
794 		fprintf(stdout, " %s", comment);
795 	fprintf(stdout, "\n");
796 	free(comment);
797 	exit(0);
798 }
799 
800 static void
do_download(struct passwd * pw)801 do_download(struct passwd *pw)
802 {
803 #ifdef ENABLE_PKCS11
804 	struct sshkey **keys = NULL;
805 	int i, nkeys;
806 	enum sshkey_fp_rep rep;
807 	int fptype;
808 	char *fp, *ra;
809 
810 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
811 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
812 
813 	pkcs11_init(1);
814 	nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
815 	if (nkeys <= 0)
816 		fatal("cannot read public key from pkcs11");
817 	for (i = 0; i < nkeys; i++) {
818 		if (print_fingerprint) {
819 			fp = sshkey_fingerprint(keys[i], fptype, rep);
820 			ra = sshkey_fingerprint(keys[i], fingerprint_hash,
821 			    SSH_FP_RANDOMART);
822 			if (fp == NULL || ra == NULL)
823 				fatal("%s: sshkey_fingerprint fail", __func__);
824 			printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
825 			    fp, sshkey_type(keys[i]));
826 			if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
827 				printf("%s\n", ra);
828 			free(ra);
829 			free(fp);
830 		} else {
831 			(void) sshkey_write(keys[i], stdout); /* XXX check */
832 			fprintf(stdout, "\n");
833 		}
834 		sshkey_free(keys[i]);
835 	}
836 	free(keys);
837 	pkcs11_terminate();
838 	exit(0);
839 #else
840 	fatal("no pkcs11 support");
841 #endif /* ENABLE_PKCS11 */
842 }
843 
844 static struct sshkey *
try_read_key(char ** cpp)845 try_read_key(char **cpp)
846 {
847 	struct sshkey *ret;
848 	int r;
849 
850 	if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
851 		fatal("sshkey_new failed");
852 	if ((r = sshkey_read(ret, cpp)) == 0)
853 		return ret;
854 	/* Not a key */
855 	sshkey_free(ret);
856 	return NULL;
857 }
858 
859 static void
fingerprint_one_key(const struct sshkey * public,const char * comment)860 fingerprint_one_key(const struct sshkey *public, const char *comment)
861 {
862 	char *fp = NULL, *ra = NULL;
863 	enum sshkey_fp_rep rep;
864 	int fptype;
865 
866 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
867 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
868 	fp = sshkey_fingerprint(public, fptype, rep);
869 	ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
870 	if (fp == NULL || ra == NULL)
871 		fatal("%s: sshkey_fingerprint failed", __func__);
872 	mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
873 	    comment ? comment : "no comment", sshkey_type(public));
874 	if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
875 		printf("%s\n", ra);
876 	free(ra);
877 	free(fp);
878 }
879 
880 static void
fingerprint_private(const char * path)881 fingerprint_private(const char *path)
882 {
883 	struct stat st;
884 	char *comment = NULL;
885 	struct sshkey *public = NULL;
886 	int r;
887 
888 	if (stat(identity_file, &st) == -1)
889 		fatal("%s: %s", path, strerror(errno));
890 	if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
891 		debug("load public \"%s\": %s", path, ssh_err(r));
892 		if ((r = sshkey_load_private(path, NULL,
893 		    &public, &comment)) != 0) {
894 			debug("load private \"%s\": %s", path, ssh_err(r));
895 			fatal("%s is not a key file.", path);
896 		}
897 	}
898 
899 	fingerprint_one_key(public, comment);
900 	sshkey_free(public);
901 	free(comment);
902 }
903 
904 static void
do_fingerprint(struct passwd * pw)905 do_fingerprint(struct passwd *pw)
906 {
907 	FILE *f;
908 	struct sshkey *public = NULL;
909 	char *comment = NULL, *cp, *ep, *line = NULL;
910 	size_t linesize = 0;
911 	int i, invalid = 1;
912 	const char *path;
913 	u_long lnum = 0;
914 
915 	if (!have_identity)
916 		ask_filename(pw, "Enter file in which the key is");
917 	path = identity_file;
918 
919 	if (strcmp(identity_file, "-") == 0) {
920 		f = stdin;
921 		path = "(stdin)";
922 	} else if ((f = fopen(path, "r")) == NULL)
923 		fatal("%s: %s: %s", __progname, path, strerror(errno));
924 
925 	while (getline(&line, &linesize, f) != -1) {
926 		lnum++;
927 		cp = line;
928 		cp[strcspn(cp, "\n")] = '\0';
929 		/* Trim leading space and comments */
930 		cp = line + strspn(line, " \t");
931 		if (*cp == '#' || *cp == '\0')
932 			continue;
933 
934 		/*
935 		 * Input may be plain keys, private keys, authorized_keys
936 		 * or known_hosts.
937 		 */
938 
939 		/*
940 		 * Try private keys first. Assume a key is private if
941 		 * "SSH PRIVATE KEY" appears on the first line and we're
942 		 * not reading from stdin (XXX support private keys on stdin).
943 		 */
944 		if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
945 		    strstr(cp, "PRIVATE KEY") != NULL) {
946 			free(line);
947 			fclose(f);
948 			fingerprint_private(path);
949 			exit(0);
950 		}
951 
952 		/*
953 		 * If it's not a private key, then this must be prepared to
954 		 * accept a public key prefixed with a hostname or options.
955 		 * Try a bare key first, otherwise skip the leading stuff.
956 		 */
957 		if ((public = try_read_key(&cp)) == NULL) {
958 			i = strtol(cp, &ep, 10);
959 			if (i == 0 || ep == NULL ||
960 			    (*ep != ' ' && *ep != '\t')) {
961 				int quoted = 0;
962 
963 				comment = cp;
964 				for (; *cp && (quoted || (*cp != ' ' &&
965 				    *cp != '\t')); cp++) {
966 					if (*cp == '\\' && cp[1] == '"')
967 						cp++;	/* Skip both */
968 					else if (*cp == '"')
969 						quoted = !quoted;
970 				}
971 				if (!*cp)
972 					continue;
973 				*cp++ = '\0';
974 			}
975 		}
976 		/* Retry after parsing leading hostname/key options */
977 		if (public == NULL && (public = try_read_key(&cp)) == NULL) {
978 			debug("%s:%lu: not a public key", path, lnum);
979 			continue;
980 		}
981 
982 		/* Find trailing comment, if any */
983 		for (; *cp == ' ' || *cp == '\t'; cp++)
984 			;
985 		if (*cp != '\0' && *cp != '#')
986 			comment = cp;
987 
988 		fingerprint_one_key(public, comment);
989 		sshkey_free(public);
990 		invalid = 0; /* One good key in the file is sufficient */
991 	}
992 	fclose(f);
993 	free(line);
994 
995 	if (invalid)
996 		fatal("%s is not a public key file.", path);
997 	exit(0);
998 }
999 
1000 static void
do_gen_all_hostkeys(struct passwd * pw)1001 do_gen_all_hostkeys(struct passwd *pw)
1002 {
1003 	struct {
1004 		char *key_type;
1005 		char *key_type_display;
1006 		char *path;
1007 	} key_types[] = {
1008 #ifdef WITH_OPENSSL
1009 		{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
1010 		{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
1011 #ifdef OPENSSL_HAS_ECC
1012 		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
1013 #endif /* OPENSSL_HAS_ECC */
1014 #endif /* WITH_OPENSSL */
1015 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
1016 #ifdef WITH_XMSS
1017 		{ "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE },
1018 #endif /* WITH_XMSS */
1019 		{ NULL, NULL, NULL }
1020 	};
1021 
1022 	u_int32_t bits = 0;
1023 	int first = 0;
1024 	struct stat st;
1025 	struct sshkey *private, *public;
1026 	char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;
1027 	int i, type, fd, r;
1028 	FILE *f;
1029 
1030 	for (i = 0; key_types[i].key_type; i++) {
1031 		public = private = NULL;
1032 		prv_tmp = pub_tmp = prv_file = pub_file = NULL;
1033 
1034 		xasprintf(&prv_file, "%s%s",
1035 		    identity_file, key_types[i].path);
1036 
1037 		/* Check whether private key exists and is not zero-length */
1038 		if (stat(prv_file, &st) == 0) {
1039 			if (st.st_size != 0)
1040 				goto next;
1041 		} else if (errno != ENOENT) {
1042 			error("Could not stat %s: %s", key_types[i].path,
1043 			    strerror(errno));
1044 			goto failnext;
1045 		}
1046 
1047 		/*
1048 		 * Private key doesn't exist or is invalid; proceed with
1049 		 * key generation.
1050 		 */
1051 		xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
1052 		    identity_file, key_types[i].path);
1053 		xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
1054 		    identity_file, key_types[i].path);
1055 		xasprintf(&pub_file, "%s%s.pub",
1056 		    identity_file, key_types[i].path);
1057 
1058 		if (first == 0) {
1059 			first = 1;
1060 			printf("%s: generating new host keys: ", __progname);
1061 		}
1062 		printf("%s ", key_types[i].key_type_display);
1063 		fflush(stdout);
1064 		type = sshkey_type_from_name(key_types[i].key_type);
1065 		if ((fd = mkstemp(prv_tmp)) == -1) {
1066 			error("Could not save your public key in %s: %s",
1067 			    prv_tmp, strerror(errno));
1068 			goto failnext;
1069 		}
1070 		close(fd); /* just using mkstemp() to generate/reserve a name */
1071 		bits = 0;
1072 		type_bits_valid(type, NULL, &bits);
1073 		if ((r = sshkey_generate(type, bits, &private)) != 0) {
1074 			error("sshkey_generate failed: %s", ssh_err(r));
1075 			goto failnext;
1076 		}
1077 		if ((r = sshkey_from_private(private, &public)) != 0)
1078 			fatal("sshkey_from_private failed: %s", ssh_err(r));
1079 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
1080 		    hostname);
1081 		if ((r = sshkey_save_private(private, prv_tmp, "",
1082 		    comment, private_key_format, openssh_format_cipher,
1083 		    rounds)) != 0) {
1084 			error("Saving key \"%s\" failed: %s",
1085 			    prv_tmp, ssh_err(r));
1086 			goto failnext;
1087 		}
1088 		if ((fd = mkstemp(pub_tmp)) == -1) {
1089 			error("Could not save your public key in %s: %s",
1090 			    pub_tmp, strerror(errno));
1091 			goto failnext;
1092 		}
1093 		(void)fchmod(fd, 0644);
1094 		f = fdopen(fd, "w");
1095 		if (f == NULL) {
1096 			error("fdopen %s failed: %s", pub_tmp, strerror(errno));
1097 			close(fd);
1098 			goto failnext;
1099 		}
1100 		if ((r = sshkey_write(public, f)) != 0) {
1101 			error("write key failed: %s", ssh_err(r));
1102 			fclose(f);
1103 			goto failnext;
1104 		}
1105 		fprintf(f, " %s\n", comment);
1106 		if (ferror(f) != 0) {
1107 			error("write key failed: %s", strerror(errno));
1108 			fclose(f);
1109 			goto failnext;
1110 		}
1111 		if (fclose(f) != 0) {
1112 			error("key close failed: %s", strerror(errno));
1113 			goto failnext;
1114 		}
1115 
1116 		/* Rename temporary files to their permanent locations. */
1117 		if (rename(pub_tmp, pub_file) != 0) {
1118 			error("Unable to move %s into position: %s",
1119 			    pub_file, strerror(errno));
1120 			goto failnext;
1121 		}
1122 		if (rename(prv_tmp, prv_file) != 0) {
1123 			error("Unable to move %s into position: %s",
1124 			    key_types[i].path, strerror(errno));
1125  failnext:
1126 			first = 0;
1127 			goto next;
1128 		}
1129  next:
1130 		sshkey_free(private);
1131 		sshkey_free(public);
1132 		free(prv_tmp);
1133 		free(pub_tmp);
1134 		free(prv_file);
1135 		free(pub_file);
1136 	}
1137 	if (first != 0)
1138 		printf("\n");
1139 }
1140 
1141 struct known_hosts_ctx {
1142 	const char *host;	/* Hostname searched for in find/delete case */
1143 	FILE *out;		/* Output file, stdout for find_hosts case */
1144 	int has_unhashed;	/* When hashing, original had unhashed hosts */
1145 	int found_key;		/* For find/delete, host was found */
1146 	int invalid;		/* File contained invalid items; don't delete */
1147 	int hash_hosts;		/* Hash hostnames as we go */
1148 	int find_host;		/* Search for specific hostname */
1149 	int delete_host;	/* Delete host from known_hosts */
1150 };
1151 
1152 static int
known_hosts_hash(struct hostkey_foreach_line * l,void * _ctx)1153 known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1154 {
1155 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1156 	char *hashed, *cp, *hosts, *ohosts;
1157 	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1158 	int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
1159 
1160 	switch (l->status) {
1161 	case HKF_STATUS_OK:
1162 	case HKF_STATUS_MATCHED:
1163 		/*
1164 		 * Don't hash hosts already already hashed, with wildcard
1165 		 * characters or a CA/revocation marker.
1166 		 */
1167 		if (was_hashed || has_wild || l->marker != MRK_NONE) {
1168 			fprintf(ctx->out, "%s\n", l->line);
1169 			if (has_wild && !ctx->find_host) {
1170 				logit("%s:%lu: ignoring host name "
1171 				    "with wildcard: %.64s", l->path,
1172 				    l->linenum, l->hosts);
1173 			}
1174 			return 0;
1175 		}
1176 		/*
1177 		 * Split any comma-separated hostnames from the host list,
1178 		 * hash and store separately.
1179 		 */
1180 		ohosts = hosts = xstrdup(l->hosts);
1181 		while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1182 			lowercase(cp);
1183 			if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1184 				fatal("hash_host failed");
1185 			fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
1186 			ctx->has_unhashed = 1;
1187 		}
1188 		free(ohosts);
1189 		return 0;
1190 	case HKF_STATUS_INVALID:
1191 		/* Retain invalid lines, but mark file as invalid. */
1192 		ctx->invalid = 1;
1193 		logit("%s:%lu: invalid line", l->path, l->linenum);
1194 		/* FALLTHROUGH */
1195 	default:
1196 		fprintf(ctx->out, "%s\n", l->line);
1197 		return 0;
1198 	}
1199 	/* NOTREACHED */
1200 	return -1;
1201 }
1202 
1203 static int
known_hosts_find_delete(struct hostkey_foreach_line * l,void * _ctx)1204 known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1205 {
1206 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1207 	enum sshkey_fp_rep rep;
1208 	int fptype;
1209 	char *fp = NULL, *ra = NULL;
1210 
1211 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
1212 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
1213 
1214 	if (l->status == HKF_STATUS_MATCHED) {
1215 		if (ctx->delete_host) {
1216 			if (l->marker != MRK_NONE) {
1217 				/* Don't remove CA and revocation lines */
1218 				fprintf(ctx->out, "%s\n", l->line);
1219 			} else {
1220 				/*
1221 				 * Hostname matches and has no CA/revoke
1222 				 * marker, delete it by *not* writing the
1223 				 * line to ctx->out.
1224 				 */
1225 				ctx->found_key = 1;
1226 				if (!quiet)
1227 					printf("# Host %s found: line %lu\n",
1228 					    ctx->host, l->linenum);
1229 			}
1230 			return 0;
1231 		} else if (ctx->find_host) {
1232 			ctx->found_key = 1;
1233 			if (!quiet) {
1234 				printf("# Host %s found: line %lu %s\n",
1235 				    ctx->host,
1236 				    l->linenum, l->marker == MRK_CA ? "CA" :
1237 				    (l->marker == MRK_REVOKE ? "REVOKED" : ""));
1238 			}
1239 			if (ctx->hash_hosts)
1240 				known_hosts_hash(l, ctx);
1241 			else if (print_fingerprint) {
1242 				fp = sshkey_fingerprint(l->key, fptype, rep);
1243 				ra = sshkey_fingerprint(l->key,
1244 				    fingerprint_hash, SSH_FP_RANDOMART);
1245 				if (fp == NULL || ra == NULL)
1246 					fatal("%s: sshkey_fingerprint failed",
1247 					    __func__);
1248 				mprintf("%s %s %s %s\n", ctx->host,
1249 				    sshkey_type(l->key), fp, l->comment);
1250 				if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
1251 					printf("%s\n", ra);
1252 				free(ra);
1253 				free(fp);
1254 			} else
1255 				fprintf(ctx->out, "%s\n", l->line);
1256 			return 0;
1257 		}
1258 	} else if (ctx->delete_host) {
1259 		/* Retain non-matching hosts when deleting */
1260 		if (l->status == HKF_STATUS_INVALID) {
1261 			ctx->invalid = 1;
1262 			logit("%s:%lu: invalid line", l->path, l->linenum);
1263 		}
1264 		fprintf(ctx->out, "%s\n", l->line);
1265 	}
1266 	return 0;
1267 }
1268 
1269 static void
do_known_hosts(struct passwd * pw,const char * name,int find_host,int delete_host,int hash_hosts)1270 do_known_hosts(struct passwd *pw, const char *name, int find_host,
1271     int delete_host, int hash_hosts)
1272 {
1273 	char *cp, tmp[PATH_MAX], old[PATH_MAX];
1274 	int r, fd, oerrno, inplace = 0;
1275 	struct known_hosts_ctx ctx;
1276 	u_int foreach_options;
1277 
1278 	if (!have_identity) {
1279 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
1280 		if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
1281 		    sizeof(identity_file))
1282 			fatal("Specified known hosts path too long");
1283 		free(cp);
1284 		have_identity = 1;
1285 	}
1286 
1287 	memset(&ctx, 0, sizeof(ctx));
1288 	ctx.out = stdout;
1289 	ctx.host = name;
1290 	ctx.hash_hosts = hash_hosts;
1291 	ctx.find_host = find_host;
1292 	ctx.delete_host = delete_host;
1293 
1294 	/*
1295 	 * Find hosts goes to stdout, hash and deletions happen in-place
1296 	 * A corner case is ssh-keygen -HF foo, which should go to stdout
1297 	 */
1298 	if (!find_host && (hash_hosts || delete_host)) {
1299 		if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) ||
1300 		    strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) ||
1301 		    strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) ||
1302 		    strlcat(old, ".old", sizeof(old)) >= sizeof(old))
1303 			fatal("known_hosts path too long");
1304 		umask(077);
1305 		if ((fd = mkstemp(tmp)) == -1)
1306 			fatal("mkstemp: %s", strerror(errno));
1307 		if ((ctx.out = fdopen(fd, "w")) == NULL) {
1308 			oerrno = errno;
1309 			unlink(tmp);
1310 			fatal("fdopen: %s", strerror(oerrno));
1311 		}
1312 		inplace = 1;
1313 	}
1314 	/* XXX support identity_file == "-" for stdin */
1315 	foreach_options = find_host ? HKF_WANT_MATCH : 0;
1316 	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
1317 	if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
1318 	    known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
1319 	    foreach_options)) != 0) {
1320 		if (inplace)
1321 			unlink(tmp);
1322 		fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
1323 	}
1324 
1325 	if (inplace)
1326 		fclose(ctx.out);
1327 
1328 	if (ctx.invalid) {
1329 		error("%s is not a valid known_hosts file.", identity_file);
1330 		if (inplace) {
1331 			error("Not replacing existing known_hosts "
1332 			    "file because of errors");
1333 			unlink(tmp);
1334 		}
1335 		exit(1);
1336 	} else if (delete_host && !ctx.found_key) {
1337 		logit("Host %s not found in %s", name, identity_file);
1338 		if (inplace)
1339 			unlink(tmp);
1340 	} else if (inplace) {
1341 		/* Backup existing file */
1342 		if (unlink(old) == -1 && errno != ENOENT)
1343 			fatal("unlink %.100s: %s", old, strerror(errno));
1344 		if (link(identity_file, old) == -1)
1345 			fatal("link %.100s to %.100s: %s", identity_file, old,
1346 			    strerror(errno));
1347 		/* Move new one into place */
1348 		if (rename(tmp, identity_file) == -1) {
1349 			error("rename\"%s\" to \"%s\": %s", tmp, identity_file,
1350 			    strerror(errno));
1351 			unlink(tmp);
1352 			unlink(old);
1353 			exit(1);
1354 		}
1355 
1356 		printf("%s updated.\n", identity_file);
1357 		printf("Original contents retained as %s\n", old);
1358 		if (ctx.has_unhashed) {
1359 			logit("WARNING: %s contains unhashed entries", old);
1360 			logit("Delete this file to ensure privacy "
1361 			    "of hostnames");
1362 		}
1363 	}
1364 
1365 	exit (find_host && !ctx.found_key);
1366 }
1367 
1368 /*
1369  * Perform changing a passphrase.  The argument is the passwd structure
1370  * for the current user.
1371  */
1372 static void
do_change_passphrase(struct passwd * pw)1373 do_change_passphrase(struct passwd *pw)
1374 {
1375 	char *comment;
1376 	char *old_passphrase, *passphrase1, *passphrase2;
1377 	struct stat st;
1378 	struct sshkey *private;
1379 	int r;
1380 
1381 	if (!have_identity)
1382 		ask_filename(pw, "Enter file in which the key is");
1383 	if (stat(identity_file, &st) == -1)
1384 		fatal("%s: %s", identity_file, strerror(errno));
1385 	/* Try to load the file with empty passphrase. */
1386 	r = sshkey_load_private(identity_file, "", &private, &comment);
1387 	if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
1388 		if (identity_passphrase)
1389 			old_passphrase = xstrdup(identity_passphrase);
1390 		else
1391 			old_passphrase =
1392 			    read_passphrase("Enter old passphrase: ",
1393 			    RP_ALLOW_STDIN);
1394 		r = sshkey_load_private(identity_file, old_passphrase,
1395 		    &private, &comment);
1396 		explicit_bzero(old_passphrase, strlen(old_passphrase));
1397 		free(old_passphrase);
1398 		if (r != 0)
1399 			goto badkey;
1400 	} else if (r != 0) {
1401  badkey:
1402 		fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1403 	}
1404 	if (comment)
1405 		mprintf("Key has comment '%s'\n", comment);
1406 
1407 	/* Ask the new passphrase (twice). */
1408 	if (identity_new_passphrase) {
1409 		passphrase1 = xstrdup(identity_new_passphrase);
1410 		passphrase2 = NULL;
1411 	} else {
1412 		passphrase1 =
1413 			read_passphrase("Enter new passphrase (empty for no "
1414 			    "passphrase): ", RP_ALLOW_STDIN);
1415 		passphrase2 = read_passphrase("Enter same passphrase again: ",
1416 		    RP_ALLOW_STDIN);
1417 
1418 		/* Verify that they are the same. */
1419 		if (strcmp(passphrase1, passphrase2) != 0) {
1420 			explicit_bzero(passphrase1, strlen(passphrase1));
1421 			explicit_bzero(passphrase2, strlen(passphrase2));
1422 			free(passphrase1);
1423 			free(passphrase2);
1424 			printf("Pass phrases do not match.  Try again.\n");
1425 			exit(1);
1426 		}
1427 		/* Destroy the other copy. */
1428 		explicit_bzero(passphrase2, strlen(passphrase2));
1429 		free(passphrase2);
1430 	}
1431 
1432 	/* Save the file using the new passphrase. */
1433 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
1434 	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
1435 		error("Saving key \"%s\" failed: %s.",
1436 		    identity_file, ssh_err(r));
1437 		explicit_bzero(passphrase1, strlen(passphrase1));
1438 		free(passphrase1);
1439 		sshkey_free(private);
1440 		free(comment);
1441 		exit(1);
1442 	}
1443 	/* Destroy the passphrase and the copy of the key in memory. */
1444 	explicit_bzero(passphrase1, strlen(passphrase1));
1445 	free(passphrase1);
1446 	sshkey_free(private);		 /* Destroys contents */
1447 	free(comment);
1448 
1449 	printf("Your identification has been saved with the new passphrase.\n");
1450 	exit(0);
1451 }
1452 
1453 /*
1454  * Print the SSHFP RR.
1455  */
1456 static int
do_print_resource_record(struct passwd * pw,char * fname,char * hname,int print_generic)1457 do_print_resource_record(struct passwd *pw, char *fname, char *hname,
1458     int print_generic)
1459 {
1460 	struct sshkey *public;
1461 	char *comment = NULL;
1462 	struct stat st;
1463 	int r;
1464 
1465 	if (fname == NULL)
1466 		fatal("%s: no filename", __func__);
1467 	if (stat(fname, &st) == -1) {
1468 		if (errno == ENOENT)
1469 			return 0;
1470 		fatal("%s: %s", fname, strerror(errno));
1471 	}
1472 	if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
1473 		fatal("Failed to read v2 public key from \"%s\": %s.",
1474 		    fname, ssh_err(r));
1475 	export_dns_rr(hname, public, stdout, print_generic);
1476 	sshkey_free(public);
1477 	free(comment);
1478 	return 1;
1479 }
1480 
1481 /*
1482  * Change the comment of a private key file.
1483  */
1484 static void
do_change_comment(struct passwd * pw,const char * identity_comment)1485 do_change_comment(struct passwd *pw, const char *identity_comment)
1486 {
1487 	char new_comment[1024], *comment, *passphrase;
1488 	struct sshkey *private;
1489 	struct sshkey *public;
1490 	struct stat st;
1491 	FILE *f;
1492 	int r, fd;
1493 
1494 	if (!have_identity)
1495 		ask_filename(pw, "Enter file in which the key is");
1496 	if (stat(identity_file, &st) == -1)
1497 		fatal("%s: %s", identity_file, strerror(errno));
1498 	if ((r = sshkey_load_private(identity_file, "",
1499 	    &private, &comment)) == 0)
1500 		passphrase = xstrdup("");
1501 	else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
1502 		fatal("Cannot load private key \"%s\": %s.",
1503 		    identity_file, ssh_err(r));
1504 	else {
1505 		if (identity_passphrase)
1506 			passphrase = xstrdup(identity_passphrase);
1507 		else if (identity_new_passphrase)
1508 			passphrase = xstrdup(identity_new_passphrase);
1509 		else
1510 			passphrase = read_passphrase("Enter passphrase: ",
1511 			    RP_ALLOW_STDIN);
1512 		/* Try to load using the passphrase. */
1513 		if ((r = sshkey_load_private(identity_file, passphrase,
1514 		    &private, &comment)) != 0) {
1515 			explicit_bzero(passphrase, strlen(passphrase));
1516 			free(passphrase);
1517 			fatal("Cannot load private key \"%s\": %s.",
1518 			    identity_file, ssh_err(r));
1519 		}
1520 	}
1521 
1522 	if (private->type != KEY_ED25519 && private->type != KEY_XMSS &&
1523 	    private_key_format != SSHKEY_PRIVATE_OPENSSH) {
1524 		error("Comments are only supported for keys stored in "
1525 		    "the new format (-o).");
1526 		explicit_bzero(passphrase, strlen(passphrase));
1527 		sshkey_free(private);
1528 		exit(1);
1529 	}
1530 	if (comment)
1531 		printf("Old comment: %s\n", comment);
1532 	else
1533 		printf("No existing comment\n");
1534 
1535 	if (identity_comment) {
1536 		strlcpy(new_comment, identity_comment, sizeof(new_comment));
1537 	} else {
1538 		printf("New comment: ");
1539 		fflush(stdout);
1540 		if (!fgets(new_comment, sizeof(new_comment), stdin)) {
1541 			explicit_bzero(passphrase, strlen(passphrase));
1542 			sshkey_free(private);
1543 			exit(1);
1544 		}
1545 		new_comment[strcspn(new_comment, "\n")] = '\0';
1546 	}
1547 	if (comment != NULL && strcmp(comment, new_comment) == 0) {
1548 		printf("No change to comment\n");
1549 		free(passphrase);
1550 		sshkey_free(private);
1551 		free(comment);
1552 		exit(0);
1553 	}
1554 
1555 	/* Save the file using the new passphrase. */
1556 	if ((r = sshkey_save_private(private, identity_file, passphrase,
1557 	    new_comment, private_key_format, openssh_format_cipher,
1558 	    rounds)) != 0) {
1559 		error("Saving key \"%s\" failed: %s",
1560 		    identity_file, ssh_err(r));
1561 		explicit_bzero(passphrase, strlen(passphrase));
1562 		free(passphrase);
1563 		sshkey_free(private);
1564 		free(comment);
1565 		exit(1);
1566 	}
1567 	explicit_bzero(passphrase, strlen(passphrase));
1568 	free(passphrase);
1569 	if ((r = sshkey_from_private(private, &public)) != 0)
1570 		fatal("sshkey_from_private failed: %s", ssh_err(r));
1571 	sshkey_free(private);
1572 
1573 	strlcat(identity_file, ".pub", sizeof(identity_file));
1574 	fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1575 	if (fd == -1)
1576 		fatal("Could not save your public key in %s", identity_file);
1577 	f = fdopen(fd, "w");
1578 	if (f == NULL)
1579 		fatal("fdopen %s failed: %s", identity_file, strerror(errno));
1580 	if ((r = sshkey_write(public, f)) != 0)
1581 		fatal("write key failed: %s", ssh_err(r));
1582 	sshkey_free(public);
1583 	fprintf(f, " %s\n", new_comment);
1584 	fclose(f);
1585 
1586 	free(comment);
1587 
1588 	if (strlen(new_comment) > 0)
1589 		printf("Comment '%s' applied\n", new_comment);
1590 	else
1591 		printf("Comment removed\n");
1592 
1593 	exit(0);
1594 }
1595 
1596 static void
add_flag_option(struct sshbuf * c,const char * name)1597 add_flag_option(struct sshbuf *c, const char *name)
1598 {
1599 	int r;
1600 
1601 	debug3("%s: %s", __func__, name);
1602 	if ((r = sshbuf_put_cstring(c, name)) != 0 ||
1603 	    (r = sshbuf_put_string(c, NULL, 0)) != 0)
1604 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1605 }
1606 
1607 static void
add_string_option(struct sshbuf * c,const char * name,const char * value)1608 add_string_option(struct sshbuf *c, const char *name, const char *value)
1609 {
1610 	struct sshbuf *b;
1611 	int r;
1612 
1613 	debug3("%s: %s=%s", __func__, name, value);
1614 	if ((b = sshbuf_new()) == NULL)
1615 		fatal("%s: sshbuf_new failed", __func__);
1616 	if ((r = sshbuf_put_cstring(b, value)) != 0 ||
1617 	    (r = sshbuf_put_cstring(c, name)) != 0 ||
1618 	    (r = sshbuf_put_stringb(c, b)) != 0)
1619 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1620 
1621 	sshbuf_free(b);
1622 }
1623 
1624 #define OPTIONS_CRITICAL	1
1625 #define OPTIONS_EXTENSIONS	2
1626 static void
prepare_options_buf(struct sshbuf * c,int which)1627 prepare_options_buf(struct sshbuf *c, int which)
1628 {
1629 	size_t i;
1630 
1631 	sshbuf_reset(c);
1632 	if ((which & OPTIONS_CRITICAL) != 0 &&
1633 	    certflags_command != NULL)
1634 		add_string_option(c, "force-command", certflags_command);
1635 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1636 	    (certflags_flags & CERTOPT_X_FWD) != 0)
1637 		add_flag_option(c, "permit-X11-forwarding");
1638 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1639 	    (certflags_flags & CERTOPT_AGENT_FWD) != 0)
1640 		add_flag_option(c, "permit-agent-forwarding");
1641 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1642 	    (certflags_flags & CERTOPT_PORT_FWD) != 0)
1643 		add_flag_option(c, "permit-port-forwarding");
1644 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1645 	    (certflags_flags & CERTOPT_PTY) != 0)
1646 		add_flag_option(c, "permit-pty");
1647 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1648 	    (certflags_flags & CERTOPT_USER_RC) != 0)
1649 		add_flag_option(c, "permit-user-rc");
1650 	if ((which & OPTIONS_CRITICAL) != 0 &&
1651 	    certflags_src_addr != NULL)
1652 		add_string_option(c, "source-address", certflags_src_addr);
1653 	for (i = 0; i < ncert_userext; i++) {
1654 		if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) ||
1655 		    (!cert_userext[i].crit && (which & OPTIONS_CRITICAL)))
1656 			continue;
1657 		if (cert_userext[i].val == NULL)
1658 			add_flag_option(c, cert_userext[i].key);
1659 		else {
1660 			add_string_option(c, cert_userext[i].key,
1661 			    cert_userext[i].val);
1662 		}
1663 	}
1664 }
1665 
1666 static struct sshkey *
load_pkcs11_key(char * path)1667 load_pkcs11_key(char *path)
1668 {
1669 #ifdef ENABLE_PKCS11
1670 	struct sshkey **keys = NULL, *public, *private = NULL;
1671 	int r, i, nkeys;
1672 
1673 	if ((r = sshkey_load_public(path, &public, NULL)) != 0)
1674 		fatal("Couldn't load CA public key \"%s\": %s",
1675 		    path, ssh_err(r));
1676 
1677 	nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys);
1678 	debug3("%s: %d keys", __func__, nkeys);
1679 	if (nkeys <= 0)
1680 		fatal("cannot read public key from pkcs11");
1681 	for (i = 0; i < nkeys; i++) {
1682 		if (sshkey_equal_public(public, keys[i])) {
1683 			private = keys[i];
1684 			continue;
1685 		}
1686 		sshkey_free(keys[i]);
1687 	}
1688 	free(keys);
1689 	sshkey_free(public);
1690 	return private;
1691 #else
1692 	fatal("no pkcs11 support");
1693 #endif /* ENABLE_PKCS11 */
1694 }
1695 
1696 /* Signer for sshkey_certify_custom that uses the agent */
1697 static int
agent_signer(struct sshkey * key,u_char ** sigp,size_t * lenp,const u_char * data,size_t datalen,const char * alg,u_int compat,void * ctx)1698 agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp,
1699     const u_char *data, size_t datalen,
1700     const char *alg, u_int compat, void *ctx)
1701 {
1702 	int *agent_fdp = (int *)ctx;
1703 
1704 	return ssh_agent_sign(*agent_fdp, key, sigp, lenp,
1705 	    data, datalen, alg, compat);
1706 }
1707 
1708 static void
do_ca_sign(struct passwd * pw,const char * ca_key_path,int prefer_agent,unsigned long long cert_serial,int cert_serial_autoinc,int argc,char ** argv)1709 do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1710     unsigned long long cert_serial, int cert_serial_autoinc,
1711     int argc, char **argv)
1712 {
1713 	int r, i, fd, found, agent_fd = -1;
1714 	u_int n;
1715 	struct sshkey *ca, *public;
1716 	char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL;
1717 	FILE *f;
1718 	struct ssh_identitylist *agent_ids;
1719 	size_t j;
1720 
1721 #ifdef ENABLE_PKCS11
1722 	pkcs11_init(1);
1723 #endif
1724 	tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
1725 	if (pkcs11provider != NULL) {
1726 		/* If a PKCS#11 token was specified then try to use it */
1727 		if ((ca = load_pkcs11_key(tmp)) == NULL)
1728 			fatal("No PKCS#11 key matching %s found", ca_key_path);
1729 	} else if (prefer_agent) {
1730 		/*
1731 		 * Agent signature requested. Try to use agent after making
1732 		 * sure the public key specified is actually present in the
1733 		 * agent.
1734 		 */
1735 		if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
1736 			fatal("Cannot load CA public key %s: %s",
1737 			    tmp, ssh_err(r));
1738 		if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
1739 			fatal("Cannot use public key for CA signature: %s",
1740 			    ssh_err(r));
1741 		if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0)
1742 			fatal("Retrieve agent key list: %s", ssh_err(r));
1743 		found = 0;
1744 		for (j = 0; j < agent_ids->nkeys; j++) {
1745 			if (sshkey_equal(ca, agent_ids->keys[j])) {
1746 				found = 1;
1747 				break;
1748 			}
1749 		}
1750 		if (!found)
1751 			fatal("CA key %s not found in agent", tmp);
1752 		ssh_free_identitylist(agent_ids);
1753 		ca->flags |= SSHKEY_FLAG_EXT;
1754 	} else {
1755 		/* CA key is assumed to be a private key on the filesystem */
1756 		ca = load_identity(tmp, NULL);
1757 	}
1758 	free(tmp);
1759 
1760 	if (key_type_name != NULL &&
1761 	    sshkey_type_from_name(key_type_name) != ca->type)  {
1762 		fatal("CA key type %s doesn't match specified %s",
1763 		    sshkey_ssh_name(ca), key_type_name);
1764 	}
1765 
1766 	for (i = 0; i < argc; i++) {
1767 		/* Split list of principals */
1768 		n = 0;
1769 		if (cert_principals != NULL) {
1770 			otmp = tmp = xstrdup(cert_principals);
1771 			plist = NULL;
1772 			for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
1773 				plist = xreallocarray(plist, n + 1, sizeof(*plist));
1774 				if (*(plist[n] = xstrdup(cp)) == '\0')
1775 					fatal("Empty principal name");
1776 			}
1777 			free(otmp);
1778 		}
1779 		if (n > SSHKEY_CERT_MAX_PRINCIPALS)
1780 			fatal("Too many certificate principals specified");
1781 
1782 		tmp = tilde_expand_filename(argv[i], pw->pw_uid);
1783 		if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
1784 			fatal("%s: unable to open \"%s\": %s",
1785 			    __func__, tmp, ssh_err(r));
1786 		if (public->type != KEY_RSA && public->type != KEY_DSA &&
1787 		    public->type != KEY_ECDSA && public->type != KEY_ED25519 &&
1788 		    public->type != KEY_XMSS)
1789 			fatal("%s: key \"%s\" type %s cannot be certified",
1790 			    __func__, tmp, sshkey_type(public));
1791 
1792 		/* Prepare certificate to sign */
1793 		if ((r = sshkey_to_certified(public)) != 0)
1794 			fatal("Could not upgrade key %s to certificate: %s",
1795 			    tmp, ssh_err(r));
1796 		public->cert->type = cert_key_type;
1797 		public->cert->serial = (u_int64_t)cert_serial;
1798 		public->cert->key_id = xstrdup(cert_key_id);
1799 		public->cert->nprincipals = n;
1800 		public->cert->principals = plist;
1801 		public->cert->valid_after = cert_valid_from;
1802 		public->cert->valid_before = cert_valid_to;
1803 		prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL);
1804 		prepare_options_buf(public->cert->extensions,
1805 		    OPTIONS_EXTENSIONS);
1806 		if ((r = sshkey_from_private(ca,
1807 		    &public->cert->signature_key)) != 0)
1808 			fatal("sshkey_from_private (ca key): %s", ssh_err(r));
1809 
1810 		if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) {
1811 			if ((r = sshkey_certify_custom(public, ca,
1812 			    key_type_name, agent_signer, &agent_fd)) != 0)
1813 				fatal("Couldn't certify key %s via agent: %s",
1814 				    tmp, ssh_err(r));
1815 		} else {
1816 			if ((sshkey_certify(public, ca, key_type_name)) != 0)
1817 				fatal("Couldn't certify key %s: %s",
1818 				    tmp, ssh_err(r));
1819 		}
1820 
1821 		if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
1822 			*cp = '\0';
1823 		xasprintf(&out, "%s-cert.pub", tmp);
1824 		free(tmp);
1825 
1826 		if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
1827 			fatal("Could not open \"%s\" for writing: %s", out,
1828 			    strerror(errno));
1829 		if ((f = fdopen(fd, "w")) == NULL)
1830 			fatal("%s: fdopen: %s", __func__, strerror(errno));
1831 		if ((r = sshkey_write(public, f)) != 0)
1832 			fatal("Could not write certified key to %s: %s",
1833 			    out, ssh_err(r));
1834 		fprintf(f, " %s\n", comment);
1835 		fclose(f);
1836 
1837 		if (!quiet) {
1838 			sshkey_format_cert_validity(public->cert,
1839 			    valid, sizeof(valid));
1840 			logit("Signed %s key %s: id \"%s\" serial %llu%s%s "
1841 			    "valid %s", sshkey_cert_type(public),
1842 			    out, public->cert->key_id,
1843 			    (unsigned long long)public->cert->serial,
1844 			    cert_principals != NULL ? " for " : "",
1845 			    cert_principals != NULL ? cert_principals : "",
1846 			    valid);
1847 		}
1848 
1849 		sshkey_free(public);
1850 		free(out);
1851 		if (cert_serial_autoinc)
1852 			cert_serial++;
1853 	}
1854 #ifdef ENABLE_PKCS11
1855 	pkcs11_terminate();
1856 #endif
1857 	exit(0);
1858 }
1859 
1860 static u_int64_t
parse_relative_time(const char * s,time_t now)1861 parse_relative_time(const char *s, time_t now)
1862 {
1863 	int64_t mul, secs;
1864 
1865 	mul = *s == '-' ? -1 : 1;
1866 
1867 	if ((secs = convtime(s + 1)) == -1)
1868 		fatal("Invalid relative certificate time %s", s);
1869 	if (mul == -1 && secs > now)
1870 		fatal("Certificate time %s cannot be represented", s);
1871 	return now + (u_int64_t)(secs * mul);
1872 }
1873 
1874 static void
parse_cert_times(char * timespec)1875 parse_cert_times(char *timespec)
1876 {
1877 	char *from, *to;
1878 	time_t now = time(NULL);
1879 	int64_t secs;
1880 
1881 	/* +timespec relative to now */
1882 	if (*timespec == '+' && strchr(timespec, ':') == NULL) {
1883 		if ((secs = convtime(timespec + 1)) == -1)
1884 			fatal("Invalid relative certificate life %s", timespec);
1885 		cert_valid_to = now + secs;
1886 		/*
1887 		 * Backdate certificate one minute to avoid problems on hosts
1888 		 * with poorly-synchronised clocks.
1889 		 */
1890 		cert_valid_from = ((now - 59)/ 60) * 60;
1891 		return;
1892 	}
1893 
1894 	/*
1895 	 * from:to, where
1896 	 * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always"
1897 	 *   to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever"
1898 	 */
1899 	from = xstrdup(timespec);
1900 	to = strchr(from, ':');
1901 	if (to == NULL || from == to || *(to + 1) == '\0')
1902 		fatal("Invalid certificate life specification %s", timespec);
1903 	*to++ = '\0';
1904 
1905 	if (*from == '-' || *from == '+')
1906 		cert_valid_from = parse_relative_time(from, now);
1907 	else if (strcmp(from, "always") == 0)
1908 		cert_valid_from = 0;
1909 	else if (parse_absolute_time(from, &cert_valid_from) != 0)
1910 		fatal("Invalid from time \"%s\"", from);
1911 
1912 	if (*to == '-' || *to == '+')
1913 		cert_valid_to = parse_relative_time(to, now);
1914 	else if (strcmp(to, "forever") == 0)
1915 		cert_valid_to = ~(u_int64_t)0;
1916 	else if (parse_absolute_time(to, &cert_valid_to) != 0)
1917 		fatal("Invalid to time \"%s\"", to);
1918 
1919 	if (cert_valid_to <= cert_valid_from)
1920 		fatal("Empty certificate validity interval");
1921 	free(from);
1922 }
1923 
1924 static void
add_cert_option(char * opt)1925 add_cert_option(char *opt)
1926 {
1927 	char *val, *cp;
1928 	int iscrit = 0;
1929 
1930 	if (strcasecmp(opt, "clear") == 0)
1931 		certflags_flags = 0;
1932 	else if (strcasecmp(opt, "no-x11-forwarding") == 0)
1933 		certflags_flags &= ~CERTOPT_X_FWD;
1934 	else if (strcasecmp(opt, "permit-x11-forwarding") == 0)
1935 		certflags_flags |= CERTOPT_X_FWD;
1936 	else if (strcasecmp(opt, "no-agent-forwarding") == 0)
1937 		certflags_flags &= ~CERTOPT_AGENT_FWD;
1938 	else if (strcasecmp(opt, "permit-agent-forwarding") == 0)
1939 		certflags_flags |= CERTOPT_AGENT_FWD;
1940 	else if (strcasecmp(opt, "no-port-forwarding") == 0)
1941 		certflags_flags &= ~CERTOPT_PORT_FWD;
1942 	else if (strcasecmp(opt, "permit-port-forwarding") == 0)
1943 		certflags_flags |= CERTOPT_PORT_FWD;
1944 	else if (strcasecmp(opt, "no-pty") == 0)
1945 		certflags_flags &= ~CERTOPT_PTY;
1946 	else if (strcasecmp(opt, "permit-pty") == 0)
1947 		certflags_flags |= CERTOPT_PTY;
1948 	else if (strcasecmp(opt, "no-user-rc") == 0)
1949 		certflags_flags &= ~CERTOPT_USER_RC;
1950 	else if (strcasecmp(opt, "permit-user-rc") == 0)
1951 		certflags_flags |= CERTOPT_USER_RC;
1952 	else if (strncasecmp(opt, "force-command=", 14) == 0) {
1953 		val = opt + 14;
1954 		if (*val == '\0')
1955 			fatal("Empty force-command option");
1956 		if (certflags_command != NULL)
1957 			fatal("force-command already specified");
1958 		certflags_command = xstrdup(val);
1959 	} else if (strncasecmp(opt, "source-address=", 15) == 0) {
1960 		val = opt + 15;
1961 		if (*val == '\0')
1962 			fatal("Empty source-address option");
1963 		if (certflags_src_addr != NULL)
1964 			fatal("source-address already specified");
1965 		if (addr_match_cidr_list(NULL, val) != 0)
1966 			fatal("Invalid source-address list");
1967 		certflags_src_addr = xstrdup(val);
1968 	} else if (strncasecmp(opt, "extension:", 10) == 0 ||
1969 		   (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
1970 		val = xstrdup(strchr(opt, ':') + 1);
1971 		if ((cp = strchr(val, '=')) != NULL)
1972 			*cp++ = '\0';
1973 		cert_userext = xreallocarray(cert_userext, ncert_userext + 1,
1974 		    sizeof(*cert_userext));
1975 		cert_userext[ncert_userext].key = val;
1976 		cert_userext[ncert_userext].val = cp == NULL ?
1977 		    NULL : xstrdup(cp);
1978 		cert_userext[ncert_userext].crit = iscrit;
1979 		ncert_userext++;
1980 	} else
1981 		fatal("Unsupported certificate option \"%s\"", opt);
1982 }
1983 
1984 static void
show_options(struct sshbuf * optbuf,int in_critical)1985 show_options(struct sshbuf *optbuf, int in_critical)
1986 {
1987 	char *name, *arg;
1988 	struct sshbuf *options, *option = NULL;
1989 	int r;
1990 
1991 	if ((options = sshbuf_fromb(optbuf)) == NULL)
1992 		fatal("%s: sshbuf_fromb failed", __func__);
1993 	while (sshbuf_len(options) != 0) {
1994 		sshbuf_free(option);
1995 		option = NULL;
1996 		if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 ||
1997 		    (r = sshbuf_froms(options, &option)) != 0)
1998 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
1999 		printf("                %s", name);
2000 		if (!in_critical &&
2001 		    (strcmp(name, "permit-X11-forwarding") == 0 ||
2002 		    strcmp(name, "permit-agent-forwarding") == 0 ||
2003 		    strcmp(name, "permit-port-forwarding") == 0 ||
2004 		    strcmp(name, "permit-pty") == 0 ||
2005 		    strcmp(name, "permit-user-rc") == 0))
2006 			printf("\n");
2007 		else if (in_critical &&
2008 		    (strcmp(name, "force-command") == 0 ||
2009 		    strcmp(name, "source-address") == 0)) {
2010 			if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
2011 				fatal("%s: buffer error: %s",
2012 				    __func__, ssh_err(r));
2013 			printf(" %s\n", arg);
2014 			free(arg);
2015 		} else {
2016 			printf(" UNKNOWN OPTION (len %zu)\n",
2017 			    sshbuf_len(option));
2018 			sshbuf_reset(option);
2019 		}
2020 		free(name);
2021 		if (sshbuf_len(option) != 0)
2022 			fatal("Option corrupt: extra data at end");
2023 	}
2024 	sshbuf_free(option);
2025 	sshbuf_free(options);
2026 }
2027 
2028 static void
print_cert(struct sshkey * key)2029 print_cert(struct sshkey *key)
2030 {
2031 	char valid[64], *key_fp, *ca_fp;
2032 	u_int i;
2033 
2034 	key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
2035 	ca_fp = sshkey_fingerprint(key->cert->signature_key,
2036 	    fingerprint_hash, SSH_FP_DEFAULT);
2037 	if (key_fp == NULL || ca_fp == NULL)
2038 		fatal("%s: sshkey_fingerprint fail", __func__);
2039 	sshkey_format_cert_validity(key->cert, valid, sizeof(valid));
2040 
2041 	printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
2042 	    sshkey_cert_type(key));
2043 	printf("        Public key: %s %s\n", sshkey_type(key), key_fp);
2044 	printf("        Signing CA: %s %s (using %s)\n",
2045 	    sshkey_type(key->cert->signature_key), ca_fp,
2046 	    key->cert->signature_type);
2047 	printf("        Key ID: \"%s\"\n", key->cert->key_id);
2048 	printf("        Serial: %llu\n", (unsigned long long)key->cert->serial);
2049 	printf("        Valid: %s\n", valid);
2050 	printf("        Principals: ");
2051 	if (key->cert->nprincipals == 0)
2052 		printf("(none)\n");
2053 	else {
2054 		for (i = 0; i < key->cert->nprincipals; i++)
2055 			printf("\n                %s",
2056 			    key->cert->principals[i]);
2057 		printf("\n");
2058 	}
2059 	printf("        Critical Options: ");
2060 	if (sshbuf_len(key->cert->critical) == 0)
2061 		printf("(none)\n");
2062 	else {
2063 		printf("\n");
2064 		show_options(key->cert->critical, 1);
2065 	}
2066 	printf("        Extensions: ");
2067 	if (sshbuf_len(key->cert->extensions) == 0)
2068 		printf("(none)\n");
2069 	else {
2070 		printf("\n");
2071 		show_options(key->cert->extensions, 0);
2072 	}
2073 }
2074 
2075 static void
do_show_cert(struct passwd * pw)2076 do_show_cert(struct passwd *pw)
2077 {
2078 	struct sshkey *key = NULL;
2079 	struct stat st;
2080 	int r, is_stdin = 0, ok = 0;
2081 	FILE *f;
2082 	char *cp, *line = NULL;
2083 	const char *path;
2084 	size_t linesize = 0;
2085 	u_long lnum = 0;
2086 
2087 	if (!have_identity)
2088 		ask_filename(pw, "Enter file in which the key is");
2089 	if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1)
2090 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
2091 
2092 	path = identity_file;
2093 	if (strcmp(path, "-") == 0) {
2094 		f = stdin;
2095 		path = "(stdin)";
2096 		is_stdin = 1;
2097 	} else if ((f = fopen(identity_file, "r")) == NULL)
2098 		fatal("fopen %s: %s", identity_file, strerror(errno));
2099 
2100 	while (getline(&line, &linesize, f) != -1) {
2101 		lnum++;
2102 		sshkey_free(key);
2103 		key = NULL;
2104 		/* Trim leading space and comments */
2105 		cp = line + strspn(line, " \t");
2106 		if (*cp == '#' || *cp == '\0')
2107 			continue;
2108 		if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
2109 			fatal("sshkey_new");
2110 		if ((r = sshkey_read(key, &cp)) != 0) {
2111 			error("%s:%lu: invalid key: %s", path,
2112 			    lnum, ssh_err(r));
2113 			continue;
2114 		}
2115 		if (!sshkey_is_cert(key)) {
2116 			error("%s:%lu is not a certificate", path, lnum);
2117 			continue;
2118 		}
2119 		ok = 1;
2120 		if (!is_stdin && lnum == 1)
2121 			printf("%s:\n", path);
2122 		else
2123 			printf("%s:%lu:\n", path, lnum);
2124 		print_cert(key);
2125 	}
2126 	free(line);
2127 	sshkey_free(key);
2128 	fclose(f);
2129 	exit(ok ? 0 : 1);
2130 }
2131 
2132 static void
load_krl(const char * path,struct ssh_krl ** krlp)2133 load_krl(const char *path, struct ssh_krl **krlp)
2134 {
2135 	struct sshbuf *krlbuf;
2136 	int r, fd;
2137 
2138 	if ((krlbuf = sshbuf_new()) == NULL)
2139 		fatal("sshbuf_new failed");
2140 	if ((fd = open(path, O_RDONLY)) == -1)
2141 		fatal("open %s: %s", path, strerror(errno));
2142 	if ((r = sshkey_load_file(fd, krlbuf)) != 0)
2143 		fatal("Unable to load KRL: %s", ssh_err(r));
2144 	close(fd);
2145 	/* XXX check sigs */
2146 	if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
2147 	    *krlp == NULL)
2148 		fatal("Invalid KRL file: %s", ssh_err(r));
2149 	sshbuf_free(krlbuf);
2150 }
2151 
2152 static void
hash_to_blob(const char * cp,u_char ** blobp,size_t * lenp,const char * file,u_long lnum)2153 hash_to_blob(const char *cp, u_char **blobp, size_t *lenp,
2154     const char *file, u_long lnum)
2155 {
2156 	char *tmp;
2157 	size_t tlen;
2158 	struct sshbuf *b;
2159 	int r;
2160 
2161 	if (strncmp(cp, "SHA256:", 7) != 0)
2162 		fatal("%s:%lu: unsupported hash algorithm", file, lnum);
2163 	cp += 7;
2164 
2165 	/*
2166 	 * OpenSSH base64 hashes omit trailing '='
2167 	 * characters; put them back for decode.
2168 	 */
2169 	tlen = strlen(cp);
2170 	tmp = xmalloc(tlen + 4 + 1);
2171 	strlcpy(tmp, cp, tlen + 1);
2172 	while ((tlen % 4) != 0) {
2173 		tmp[tlen++] = '=';
2174 		tmp[tlen] = '\0';
2175 	}
2176 	if ((b = sshbuf_new()) == NULL)
2177 		fatal("%s: sshbuf_new failed", __func__);
2178 	if ((r = sshbuf_b64tod(b, tmp)) != 0)
2179 		fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r));
2180 	free(tmp);
2181 	*lenp = sshbuf_len(b);
2182 	*blobp = xmalloc(*lenp);
2183 	memcpy(*blobp, sshbuf_ptr(b), *lenp);
2184 	sshbuf_free(b);
2185 }
2186 
2187 static void
update_krl_from_file(struct passwd * pw,const char * file,int wild_ca,const struct sshkey * ca,struct ssh_krl * krl)2188 update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
2189     const struct sshkey *ca, struct ssh_krl *krl)
2190 {
2191 	struct sshkey *key = NULL;
2192 	u_long lnum = 0;
2193 	char *path, *cp, *ep, *line = NULL;
2194 	u_char *blob = NULL;
2195 	size_t blen = 0, linesize = 0;
2196 	unsigned long long serial, serial2;
2197 	int i, was_explicit_key, was_sha1, was_sha256, was_hash, r;
2198 	FILE *krl_spec;
2199 
2200 	path = tilde_expand_filename(file, pw->pw_uid);
2201 	if (strcmp(path, "-") == 0) {
2202 		krl_spec = stdin;
2203 		free(path);
2204 		path = xstrdup("(standard input)");
2205 	} else if ((krl_spec = fopen(path, "r")) == NULL)
2206 		fatal("fopen %s: %s", path, strerror(errno));
2207 
2208 	if (!quiet)
2209 		printf("Revoking from %s\n", path);
2210 	while (getline(&line, &linesize, krl_spec) != -1) {
2211 		lnum++;
2212 		was_explicit_key = was_sha1 = was_sha256 = was_hash = 0;
2213 		cp = line + strspn(line, " \t");
2214 		/* Trim trailing space, comments and strip \n */
2215 		for (i = 0, r = -1; cp[i] != '\0'; i++) {
2216 			if (cp[i] == '#' || cp[i] == '\n') {
2217 				cp[i] = '\0';
2218 				break;
2219 			}
2220 			if (cp[i] == ' ' || cp[i] == '\t') {
2221 				/* Remember the start of a span of whitespace */
2222 				if (r == -1)
2223 					r = i;
2224 			} else
2225 				r = -1;
2226 		}
2227 		if (r != -1)
2228 			cp[r] = '\0';
2229 		if (*cp == '\0')
2230 			continue;
2231 		if (strncasecmp(cp, "serial:", 7) == 0) {
2232 			if (ca == NULL && !wild_ca) {
2233 				fatal("revoking certificates by serial number "
2234 				    "requires specification of a CA key");
2235 			}
2236 			cp += 7;
2237 			cp = cp + strspn(cp, " \t");
2238 			errno = 0;
2239 			serial = strtoull(cp, &ep, 0);
2240 			if (*cp == '\0' || (*ep != '\0' && *ep != '-'))
2241 				fatal("%s:%lu: invalid serial \"%s\"",
2242 				    path, lnum, cp);
2243 			if (errno == ERANGE && serial == ULLONG_MAX)
2244 				fatal("%s:%lu: serial out of range",
2245 				    path, lnum);
2246 			serial2 = serial;
2247 			if (*ep == '-') {
2248 				cp = ep + 1;
2249 				errno = 0;
2250 				serial2 = strtoull(cp, &ep, 0);
2251 				if (*cp == '\0' || *ep != '\0')
2252 					fatal("%s:%lu: invalid serial \"%s\"",
2253 					    path, lnum, cp);
2254 				if (errno == ERANGE && serial2 == ULLONG_MAX)
2255 					fatal("%s:%lu: serial out of range",
2256 					    path, lnum);
2257 				if (serial2 <= serial)
2258 					fatal("%s:%lu: invalid serial range "
2259 					    "%llu:%llu", path, lnum,
2260 					    (unsigned long long)serial,
2261 					    (unsigned long long)serial2);
2262 			}
2263 			if (ssh_krl_revoke_cert_by_serial_range(krl,
2264 			    ca, serial, serial2) != 0) {
2265 				fatal("%s: revoke serial failed",
2266 				    __func__);
2267 			}
2268 		} else if (strncasecmp(cp, "id:", 3) == 0) {
2269 			if (ca == NULL && !wild_ca) {
2270 				fatal("revoking certificates by key ID "
2271 				    "requires specification of a CA key");
2272 			}
2273 			cp += 3;
2274 			cp = cp + strspn(cp, " \t");
2275 			if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
2276 				fatal("%s: revoke key ID failed", __func__);
2277 		} else if (strncasecmp(cp, "hash:", 5) == 0) {
2278 			cp += 5;
2279 			cp = cp + strspn(cp, " \t");
2280 			hash_to_blob(cp, &blob, &blen, file, lnum);
2281 			r = ssh_krl_revoke_key_sha256(krl, blob, blen);
2282 		} else {
2283 			if (strncasecmp(cp, "key:", 4) == 0) {
2284 				cp += 4;
2285 				cp = cp + strspn(cp, " \t");
2286 				was_explicit_key = 1;
2287 			} else if (strncasecmp(cp, "sha1:", 5) == 0) {
2288 				cp += 5;
2289 				cp = cp + strspn(cp, " \t");
2290 				was_sha1 = 1;
2291 			} else if (strncasecmp(cp, "sha256:", 7) == 0) {
2292 				cp += 7;
2293 				cp = cp + strspn(cp, " \t");
2294 				was_sha256 = 1;
2295 				/*
2296 				 * Just try to process the line as a key.
2297 				 * Parsing will fail if it isn't.
2298 				 */
2299 			}
2300 			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
2301 				fatal("sshkey_new");
2302 			if ((r = sshkey_read(key, &cp)) != 0)
2303 				fatal("%s:%lu: invalid key: %s",
2304 				    path, lnum, ssh_err(r));
2305 			if (was_explicit_key)
2306 				r = ssh_krl_revoke_key_explicit(krl, key);
2307 			else if (was_sha1) {
2308 				if (sshkey_fingerprint_raw(key,
2309 				    SSH_DIGEST_SHA1, &blob, &blen) != 0) {
2310 					fatal("%s:%lu: fingerprint failed",
2311 					    file, lnum);
2312 				}
2313 				r = ssh_krl_revoke_key_sha1(krl, blob, blen);
2314 			} else if (was_sha256) {
2315 				if (sshkey_fingerprint_raw(key,
2316 				    SSH_DIGEST_SHA256, &blob, &blen) != 0) {
2317 					fatal("%s:%lu: fingerprint failed",
2318 					    file, lnum);
2319 				}
2320 				r = ssh_krl_revoke_key_sha256(krl, blob, blen);
2321 			} else
2322 				r = ssh_krl_revoke_key(krl, key);
2323 			if (r != 0)
2324 				fatal("%s: revoke key failed: %s",
2325 				    __func__, ssh_err(r));
2326 			freezero(blob, blen);
2327 			blob = NULL;
2328 			blen = 0;
2329 			sshkey_free(key);
2330 		}
2331 	}
2332 	if (strcmp(path, "-") != 0)
2333 		fclose(krl_spec);
2334 	free(line);
2335 	free(path);
2336 }
2337 
2338 static void
do_gen_krl(struct passwd * pw,int updating,const char * ca_key_path,unsigned long long krl_version,const char * krl_comment,int argc,char ** argv)2339 do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
2340     unsigned long long krl_version, const char *krl_comment,
2341     int argc, char **argv)
2342 {
2343 	struct ssh_krl *krl;
2344 	struct stat sb;
2345 	struct sshkey *ca = NULL;
2346 	int fd, i, r, wild_ca = 0;
2347 	char *tmp;
2348 	struct sshbuf *kbuf;
2349 
2350 	if (*identity_file == '\0')
2351 		fatal("KRL generation requires an output file");
2352 	if (stat(identity_file, &sb) == -1) {
2353 		if (errno != ENOENT)
2354 			fatal("Cannot access KRL \"%s\": %s",
2355 			    identity_file, strerror(errno));
2356 		if (updating)
2357 			fatal("KRL \"%s\" does not exist", identity_file);
2358 	}
2359 	if (ca_key_path != NULL) {
2360 		if (strcasecmp(ca_key_path, "none") == 0)
2361 			wild_ca = 1;
2362 		else {
2363 			tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
2364 			if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
2365 				fatal("Cannot load CA public key %s: %s",
2366 				    tmp, ssh_err(r));
2367 			free(tmp);
2368 		}
2369 	}
2370 
2371 	if (updating)
2372 		load_krl(identity_file, &krl);
2373 	else if ((krl = ssh_krl_init()) == NULL)
2374 		fatal("couldn't create KRL");
2375 
2376 	if (krl_version != 0)
2377 		ssh_krl_set_version(krl, krl_version);
2378 	if (krl_comment != NULL)
2379 		ssh_krl_set_comment(krl, krl_comment);
2380 
2381 	for (i = 0; i < argc; i++)
2382 		update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
2383 
2384 	if ((kbuf = sshbuf_new()) == NULL)
2385 		fatal("sshbuf_new failed");
2386 	if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
2387 		fatal("Couldn't generate KRL");
2388 	if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
2389 		fatal("open %s: %s", identity_file, strerror(errno));
2390 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) !=
2391 	    sshbuf_len(kbuf))
2392 		fatal("write %s: %s", identity_file, strerror(errno));
2393 	close(fd);
2394 	sshbuf_free(kbuf);
2395 	ssh_krl_free(krl);
2396 	sshkey_free(ca);
2397 }
2398 
2399 static void
do_check_krl(struct passwd * pw,int argc,char ** argv)2400 do_check_krl(struct passwd *pw, int argc, char **argv)
2401 {
2402 	int i, r, ret = 0;
2403 	char *comment;
2404 	struct ssh_krl *krl;
2405 	struct sshkey *k;
2406 
2407 	if (*identity_file == '\0')
2408 		fatal("KRL checking requires an input file");
2409 	load_krl(identity_file, &krl);
2410 	for (i = 0; i < argc; i++) {
2411 		if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0)
2412 			fatal("Cannot load public key %s: %s",
2413 			    argv[i], ssh_err(r));
2414 		r = ssh_krl_check_key(krl, k);
2415 		printf("%s%s%s%s: %s\n", argv[i],
2416 		    *comment ? " (" : "", comment, *comment ? ")" : "",
2417 		    r == 0 ? "ok" : "REVOKED");
2418 		if (r != 0)
2419 			ret = 1;
2420 		sshkey_free(k);
2421 		free(comment);
2422 	}
2423 	ssh_krl_free(krl);
2424 	exit(ret);
2425 }
2426 
2427 static struct sshkey *
load_sign_key(const char * keypath,const struct sshkey * pubkey)2428 load_sign_key(const char *keypath, const struct sshkey *pubkey)
2429 {
2430 	size_t i, slen, plen = strlen(keypath);
2431 	char *privpath = xstrdup(keypath);
2432 	const char *suffixes[] = { "-cert.pub", ".pub", NULL };
2433 	struct sshkey *ret = NULL, *privkey = NULL;
2434 	int r;
2435 
2436 	/*
2437 	 * If passed a public key filename, then try to locate the correponding
2438 	 * private key. This lets us specify certificates on the command-line
2439 	 * and have ssh-keygen find the appropriate private key.
2440 	 */
2441 	for (i = 0; suffixes[i]; i++) {
2442 		slen = strlen(suffixes[i]);
2443 		if (plen <= slen ||
2444 		    strcmp(privpath + plen - slen, suffixes[i]) != 0)
2445 			continue;
2446 		privpath[plen - slen] = '\0';
2447 		debug("%s: %s looks like a public key, using private key "
2448 		    "path %s instead", __func__, keypath, privpath);
2449 	}
2450 	if ((privkey = load_identity(privpath, NULL)) == NULL) {
2451 		error("Couldn't load identity %s", keypath);
2452 		goto done;
2453 	}
2454 	if (!sshkey_equal_public(pubkey, privkey)) {
2455 		error("Public key %s doesn't match private %s",
2456 		    keypath, privpath);
2457 		goto done;
2458 	}
2459 	if (sshkey_is_cert(pubkey) && !sshkey_is_cert(privkey)) {
2460 		/*
2461 		 * Graft the certificate onto the private key to make
2462 		 * it capable of signing.
2463 		 */
2464 		if ((r = sshkey_to_certified(privkey)) != 0) {
2465 			error("%s: sshkey_to_certified: %s", __func__,
2466 			    ssh_err(r));
2467 			goto done;
2468 		}
2469 		if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) {
2470 			error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
2471 			goto done;
2472 		}
2473 	}
2474 	/* success */
2475 	ret = privkey;
2476 	privkey = NULL;
2477  done:
2478 	sshkey_free(privkey);
2479 	free(privpath);
2480 	return ret;
2481 }
2482 
2483 static int
sign_one(struct sshkey * signkey,const char * filename,int fd,const char * sig_namespace,sshsig_signer * signer,void * signer_ctx)2484 sign_one(struct sshkey *signkey, const char *filename, int fd,
2485     const char *sig_namespace, sshsig_signer *signer, void *signer_ctx)
2486 {
2487 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
2488 	int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno;
2489 	char *wfile = NULL;
2490 	char *asig = NULL;
2491 
2492 	if (!quiet) {
2493 		if (fd == STDIN_FILENO)
2494 			fprintf(stderr, "Signing data on standard input\n");
2495 		else
2496 			fprintf(stderr, "Signing file %s\n", filename);
2497 	}
2498 	if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace,
2499 	    &sigbuf, signer, signer_ctx)) != 0) {
2500 		error("Signing %s failed: %s", filename, ssh_err(r));
2501 		goto out;
2502 	}
2503 	if ((r = sshsig_armor(sigbuf, &abuf)) != 0) {
2504 		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
2505 		goto out;
2506 	}
2507 	if ((asig = sshbuf_dup_string(abuf)) == NULL) {
2508 		error("%s: buffer error", __func__);
2509 		r = SSH_ERR_ALLOC_FAIL;
2510 		goto out;
2511 	}
2512 
2513 	if (fd == STDIN_FILENO) {
2514 		fputs(asig, stdout);
2515 		fflush(stdout);
2516 	} else {
2517 		xasprintf(&wfile, "%s.sig", filename);
2518 		if (confirm_overwrite(wfile)) {
2519 			if ((wfd = open(wfile, O_WRONLY|O_CREAT|O_TRUNC,
2520 			    0666)) == -1) {
2521 				oerrno = errno;
2522 				error("Cannot open %s: %s",
2523 				    wfile, strerror(errno));
2524 				errno = oerrno;
2525 				r = SSH_ERR_SYSTEM_ERROR;
2526 				goto out;
2527 			}
2528 			if (atomicio(vwrite, wfd, asig,
2529 			    strlen(asig)) != strlen(asig)) {
2530 				oerrno = errno;
2531 				error("Cannot write to %s: %s",
2532 				    wfile, strerror(errno));
2533 				errno = oerrno;
2534 				r = SSH_ERR_SYSTEM_ERROR;
2535 				goto out;
2536 			}
2537 			if (!quiet) {
2538 				fprintf(stderr, "Write signature to %s\n",
2539 				    wfile);
2540 			}
2541 		}
2542 	}
2543 	/* success */
2544 	r = 0;
2545  out:
2546 	free(wfile);
2547 	free(asig);
2548 	sshbuf_free(abuf);
2549 	sshbuf_free(sigbuf);
2550 	if (wfd != -1)
2551 		close(wfd);
2552 	return r;
2553 }
2554 
2555 static int
sign(const char * keypath,const char * sig_namespace,int argc,char ** argv)2556 sign(const char *keypath, const char *sig_namespace, int argc, char **argv)
2557 {
2558 	int i, fd = -1, r, ret = -1;
2559 	int agent_fd = -1;
2560 	struct sshkey *pubkey = NULL, *privkey = NULL, *signkey = NULL;
2561 	sshsig_signer *signer = NULL;
2562 
2563 	/* Check file arguments. */
2564 	for (i = 0; i < argc; i++) {
2565 		if (strcmp(argv[i], "-") != 0)
2566 			continue;
2567 		if (i > 0 || argc > 1)
2568 			fatal("Cannot sign mix of paths and standard input");
2569 	}
2570 
2571 	if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) {
2572 		error("Couldn't load public key %s: %s", keypath, ssh_err(r));
2573 		goto done;
2574 	}
2575 
2576 	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
2577 		debug("Couldn't get agent socket: %s", ssh_err(r));
2578 	else {
2579 		if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
2580 			signer = agent_signer;
2581 		else
2582 			debug("Couldn't find key in agent: %s", ssh_err(r));
2583 	}
2584 
2585 	if (signer == NULL) {
2586 		/* Not using agent - try to load private key */
2587 		if ((privkey = load_sign_key(keypath, pubkey)) == NULL)
2588 			goto done;
2589 		signkey = privkey;
2590 	} else {
2591 		/* Will use key in agent */
2592 		signkey = pubkey;
2593 	}
2594 
2595 	if (argc == 0) {
2596 		if ((r = sign_one(signkey, "(stdin)", STDIN_FILENO,
2597 		    sig_namespace, signer, &agent_fd)) != 0)
2598 			goto done;
2599 	} else {
2600 		for (i = 0; i < argc; i++) {
2601 			if (strcmp(argv[i], "-") == 0)
2602 				fd = STDIN_FILENO;
2603 			else if ((fd = open(argv[i], O_RDONLY)) == -1) {
2604 				error("Cannot open %s for signing: %s",
2605 				    argv[i], strerror(errno));
2606 				goto done;
2607 			}
2608 			if ((r = sign_one(signkey, argv[i], fd, sig_namespace,
2609 			    signer, &agent_fd)) != 0)
2610 				goto done;
2611 			if (fd != STDIN_FILENO)
2612 				close(fd);
2613 			fd = -1;
2614 		}
2615 	}
2616 
2617 	ret = 0;
2618 done:
2619 	if (fd != -1 && fd != STDIN_FILENO)
2620 		close(fd);
2621 	sshkey_free(pubkey);
2622 	sshkey_free(privkey);
2623 	return ret;
2624 }
2625 
2626 static int
verify(const char * signature,const char * sig_namespace,const char * principal,const char * allowed_keys,const char * revoked_keys)2627 verify(const char *signature, const char *sig_namespace, const char *principal,
2628     const char *allowed_keys, const char *revoked_keys)
2629 {
2630 	int r, ret = -1, sigfd = -1;
2631 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
2632 	struct sshkey *sign_key = NULL;
2633 	char *fp = NULL;
2634 
2635 	if ((abuf = sshbuf_new()) == NULL)
2636 		fatal("%s: sshbuf_new() failed", __func__);
2637 
2638 	if ((sigfd = open(signature, O_RDONLY)) < 0) {
2639 		error("Couldn't open signature file %s", signature);
2640 		goto done;
2641 	}
2642 
2643 	if ((r = sshkey_load_file(sigfd, abuf)) != 0) {
2644 		error("Couldn't read signature file: %s", ssh_err(r));
2645 		goto done;
2646 	}
2647 	if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
2648 		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
2649 		return r;
2650 	}
2651 	if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
2652 	    &sign_key)) != 0)
2653 		goto done; /* sshsig_verify() prints error */
2654 
2655 	if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
2656 	    SSH_FP_DEFAULT)) == NULL)
2657 		fatal("%s: sshkey_fingerprint failed", __func__);
2658 	debug("Valid (unverified) signature from key %s", fp);
2659 	free(fp);
2660 	fp = NULL;
2661 
2662 	if (revoked_keys != NULL) {
2663 		if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) {
2664 			debug3("sshkey_check_revoked failed: %s", ssh_err(r));
2665 			goto done;
2666 		}
2667 	}
2668 
2669 	if (allowed_keys != NULL &&
2670 	    (r = sshsig_check_allowed_keys(allowed_keys, sign_key,
2671 					   principal, sig_namespace)) != 0) {
2672 		debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r));
2673 		goto done;
2674 	}
2675 	/* success */
2676 	ret = 0;
2677 done:
2678 	if (!quiet) {
2679 		if (ret == 0) {
2680 			if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
2681 			    SSH_FP_DEFAULT)) == NULL) {
2682 				fatal("%s: sshkey_fingerprint failed",
2683 				    __func__);
2684 			}
2685 			if (principal == NULL) {
2686 				printf("Good \"%s\" signature with %s key %s\n",
2687 				       sig_namespace, sshkey_type(sign_key), fp);
2688 
2689 			} else {
2690 				printf("Good \"%s\" signature for %s with %s key %s\n",
2691 				       sig_namespace, principal,
2692 				       sshkey_type(sign_key), fp);
2693 			}
2694 		} else {
2695 			printf("Could not verify signature.\n");
2696 		}
2697 	}
2698 	if (sigfd != -1)
2699 		close(sigfd);
2700 	sshbuf_free(sigbuf);
2701 	sshbuf_free(abuf);
2702 	sshkey_free(sign_key);
2703 	free(fp);
2704 	return ret;
2705 }
2706 
2707 static void
usage(void)2708 usage(void)
2709 {
2710 	fprintf(stderr,
2711 	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa] [-m format]\n"
2712 	    "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2713 	    "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-m format]\n"
2714 	    "                   [-f keyfile]\n"
2715 	    "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
2716 	    "       ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
2717 	    "       ssh-keygen -y [-f input_keyfile]\n"
2718 	    "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2719 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
2720 	    "       ssh-keygen -B [-f input_keyfile]\n");
2721 #ifdef ENABLE_PKCS11
2722 	fprintf(stderr,
2723 	    "       ssh-keygen -D pkcs11\n");
2724 #endif
2725 	fprintf(stderr,
2726 	    "       ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"
2727 	    "       ssh-keygen -H [-f known_hosts_file]\n"
2728 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
2729 	    "       ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
2730 #ifdef WITH_OPENSSL
2731 	    "       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
2732 	    "       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
2733 	    "                  [-j start_line] [-K checkpt] [-W generator]\n"
2734 #endif
2735 	    "       ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n"
2736 	    "                  [-D pkcs11_provider] [-n principals] [-O option]\n"
2737 	    "                  [-V validity_interval] [-z serial_number] file ...\n"
2738 	    "       ssh-keygen -L [-f input_keyfile]\n"
2739 	    "       ssh-keygen -A\n"
2740 	    "       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
2741 	    "                  file ...\n"
2742 	    "       ssh-keygen -Q -f krl_file file ...\n"
2743 	    "       ssh-keygen -Y sign -f sign_key -n namespace\n"
2744 	    "       ssh-keygen -Y verify -I signer_identity -s signature_file\n"
2745 	    "                  -n namespace -f allowed_keys [-r revoked_keys]\n"
2746 	    "       ssh-keygen -Y check-novalidate -s signature_file -n namespace\n");
2747 	exit(1);
2748 }
2749 
2750 /*
2751  * Main program for key management.
2752  */
2753 int
main(int argc,char ** argv)2754 main(int argc, char **argv)
2755 {
2756 	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
2757 	char *rr_hostname = NULL, *ep, *fp, *ra;
2758 	struct sshkey *private, *public;
2759 	struct passwd *pw;
2760 	struct stat st;
2761 	int r, opt, type, fd;
2762 	int change_passphrase = 0, change_comment = 0, show_cert = 0;
2763 	int find_host = 0, delete_host = 0, hash_hosts = 0;
2764 	int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
2765 	int prefer_agent = 0, convert_to = 0, convert_from = 0;
2766 	int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
2767 	unsigned long long cert_serial = 0;
2768 	char *identity_comment = NULL, *ca_key_path = NULL;
2769 	u_int32_t bits = 0;
2770 	FILE *f;
2771 	const char *errstr;
2772 	int log_level = SYSLOG_LEVEL_INFO;
2773 	char *sign_op = NULL;
2774 #ifdef WITH_OPENSSL
2775 	/* Moduli generation/screening */
2776 	char out_file[PATH_MAX], *checkpoint = NULL;
2777 	u_int32_t memory = 0, generator_wanted = 0;
2778 	int do_gen_candidates = 0, do_screen_candidates = 0;
2779 	unsigned long start_lineno = 0, lines_to_process = 0;
2780 	BIGNUM *start = NULL;
2781 #endif
2782 
2783 	extern int optind;
2784 	extern char *optarg;
2785 
2786 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
2787 	sanitise_stdfd();
2788 
2789 	__progname = ssh_get_progname(argv[0]);
2790 
2791 	seed_rng();
2792 
2793 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
2794 
2795 	msetlocale();
2796 
2797 	/* we need this for the home * directory.  */
2798 	pw = getpwuid(getuid());
2799 	if (!pw)
2800 		fatal("No user exists for uid %lu", (u_long)getuid());
2801 	if (gethostname(hostname, sizeof(hostname)) == -1)
2802 		fatal("gethostname: %s", strerror(errno));
2803 
2804 	/* Remaining characters: dw */
2805 	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
2806 	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"
2807 	    "a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
2808 		switch (opt) {
2809 		case 'A':
2810 			gen_all_hostkeys = 1;
2811 			break;
2812 		case 'b':
2813 			bits = (u_int32_t)strtonum(optarg, 1, UINT32_MAX,
2814 			    &errstr);
2815 			if (errstr)
2816 				fatal("Bits has bad value %s (%s)",
2817 					optarg, errstr);
2818 			break;
2819 		case 'E':
2820 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
2821 			if (fingerprint_hash == -1)
2822 				fatal("Invalid hash algorithm \"%s\"", optarg);
2823 			break;
2824 		case 'F':
2825 			find_host = 1;
2826 			rr_hostname = optarg;
2827 			break;
2828 		case 'H':
2829 			hash_hosts = 1;
2830 			break;
2831 		case 'I':
2832 			cert_key_id = optarg;
2833 			break;
2834 		case 'R':
2835 			delete_host = 1;
2836 			rr_hostname = optarg;
2837 			break;
2838 		case 'L':
2839 			show_cert = 1;
2840 			break;
2841 		case 'l':
2842 			print_fingerprint = 1;
2843 			break;
2844 		case 'B':
2845 			print_bubblebabble = 1;
2846 			break;
2847 		case 'm':
2848 			if (strcasecmp(optarg, "RFC4716") == 0 ||
2849 			    strcasecmp(optarg, "ssh2") == 0) {
2850 				convert_format = FMT_RFC4716;
2851 				break;
2852 			}
2853 			if (strcasecmp(optarg, "PKCS8") == 0) {
2854 				convert_format = FMT_PKCS8;
2855 				private_key_format = SSHKEY_PRIVATE_PKCS8;
2856 				break;
2857 			}
2858 			if (strcasecmp(optarg, "PEM") == 0) {
2859 				convert_format = FMT_PEM;
2860 				private_key_format = SSHKEY_PRIVATE_PEM;
2861 				break;
2862 			}
2863 			fatal("Unsupported conversion format \"%s\"", optarg);
2864 		case 'n':
2865 			cert_principals = optarg;
2866 			break;
2867 		case 'o':
2868 			/* no-op; new format is already the default */
2869 			break;
2870 		case 'p':
2871 			change_passphrase = 1;
2872 			break;
2873 		case 'c':
2874 			change_comment = 1;
2875 			break;
2876 		case 'f':
2877 			if (strlcpy(identity_file, optarg,
2878 			    sizeof(identity_file)) >= sizeof(identity_file))
2879 				fatal("Identity filename too long");
2880 			have_identity = 1;
2881 			break;
2882 		case 'g':
2883 			print_generic = 1;
2884 			break;
2885 		case 'P':
2886 			identity_passphrase = optarg;
2887 			break;
2888 		case 'N':
2889 			identity_new_passphrase = optarg;
2890 			break;
2891 		case 'Q':
2892 			check_krl = 1;
2893 			break;
2894 		case 'O':
2895 			add_cert_option(optarg);
2896 			break;
2897 		case 'Z':
2898 			openssh_format_cipher = optarg;
2899 			break;
2900 		case 'C':
2901 			identity_comment = optarg;
2902 			break;
2903 		case 'q':
2904 			quiet = 1;
2905 			break;
2906 		case 'e':
2907 		case 'x':
2908 			/* export key */
2909 			convert_to = 1;
2910 			break;
2911 		case 'h':
2912 			cert_key_type = SSH2_CERT_TYPE_HOST;
2913 			certflags_flags = 0;
2914 			break;
2915 		case 'k':
2916 			gen_krl = 1;
2917 			break;
2918 		case 'i':
2919 		case 'X':
2920 			/* import key */
2921 			convert_from = 1;
2922 			break;
2923 		case 'y':
2924 			print_public = 1;
2925 			break;
2926 		case 's':
2927 			ca_key_path = optarg;
2928 			break;
2929 		case 't':
2930 			key_type_name = optarg;
2931 			break;
2932 		case 'D':
2933 			pkcs11provider = optarg;
2934 			break;
2935 		case 'U':
2936 			prefer_agent = 1;
2937 			break;
2938 		case 'u':
2939 			update_krl = 1;
2940 			break;
2941 		case 'v':
2942 			if (log_level == SYSLOG_LEVEL_INFO)
2943 				log_level = SYSLOG_LEVEL_DEBUG1;
2944 			else {
2945 				if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
2946 				    log_level < SYSLOG_LEVEL_DEBUG3)
2947 					log_level++;
2948 			}
2949 			break;
2950 		case 'r':
2951 			rr_hostname = optarg;
2952 			break;
2953 		case 'a':
2954 			rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
2955 			if (errstr)
2956 				fatal("Invalid number: %s (%s)",
2957 					optarg, errstr);
2958 			break;
2959 		case 'V':
2960 			parse_cert_times(optarg);
2961 			break;
2962 		case 'Y':
2963 			sign_op = optarg;
2964 			break;
2965 		case 'z':
2966 			errno = 0;
2967 			if (*optarg == '+') {
2968 				cert_serial_autoinc = 1;
2969 				optarg++;
2970 			}
2971 			cert_serial = strtoull(optarg, &ep, 10);
2972 			if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
2973 			    (errno == ERANGE && cert_serial == ULLONG_MAX))
2974 				fatal("Invalid serial number \"%s\"", optarg);
2975 			break;
2976 #ifdef WITH_OPENSSL
2977 		/* Moduli generation/screening */
2978 		case 'G':
2979 			do_gen_candidates = 1;
2980 			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
2981 			    sizeof(out_file))
2982 				fatal("Output filename too long");
2983 			break;
2984 		case 'J':
2985 			lines_to_process = strtoul(optarg, NULL, 10);
2986 			break;
2987 		case 'j':
2988 			start_lineno = strtoul(optarg, NULL, 10);
2989 			break;
2990 		case 'K':
2991 			if (strlen(optarg) >= PATH_MAX)
2992 				fatal("Checkpoint filename too long");
2993 			checkpoint = xstrdup(optarg);
2994 			break;
2995 		case 'M':
2996 			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX,
2997 			    &errstr);
2998 			if (errstr)
2999 				fatal("Memory limit is %s: %s", errstr, optarg);
3000 			break;
3001 		case 'S':
3002 			/* XXX - also compare length against bits */
3003 			if (BN_hex2bn(&start, optarg) == 0)
3004 				fatal(