Merged silc_1_0_branch to trunk.

[silc.git] / lib / silcutil / silcapputil.c

diff --git a/lib/silcutil/silcapputil.c b/lib/silcutil/silcapputil.c
index 4d05f16c4c806822b308c2a85b180d1358a996d5..1f486afad170656c23a30f0b0a18d9450654a4a6 100644 (file)
--- a/lib/silcutil/silcapputil.c
+++ b/lib/silcutil/silcapputil.c
@@ -175,11 +175,22 @@ New pair of keys will be created.  Please, answer to following questions.\n\
   }
 
   if (!pass) {
-    memset(line, 0, sizeof(line));
-    snprintf(line, sizeof(line), "Private key passphrase: ");
-    pass = silc_get_input(line, TRUE);
-    if (!pass)
+    char *pass2 = NULL;
+    pass = silc_get_input("Private key passphrase: ", TRUE);
+    if (!pass) {
       pass = strdup("");
+    } else {
+      while (TRUE) {
+       printf("\n");
+       pass2 = silc_get_input("Retype private key passphrase: ", TRUE);
+       if (!pass2)
+         pass2 = strdup("");
+       if (!strcmp(pass, pass2))
+         break;
+       fprintf(stderr, "\nPassphrases do not match");
+      }
+      silc_free(pass2);
+    }
   }
 
   /* Generate keys */
@@ -252,7 +263,9 @@ bool silc_load_key_pair(const char *pub_filename,
                                SILC_PKCS_FILE_PEM) == FALSE)
     if (silc_pkcs_load_public_key((char *)pub_filename, return_public_key,
                                  SILC_PKCS_FILE_BIN) == FALSE) {
-      memset(pass, 0, strlen(pass));
+      if (pass)
+       memset(pass, 0, strlen(pass));
+      silc_free(pass);
       return FALSE;
     }
 
@@ -269,6 +282,7 @@ bool silc_load_key_pair(const char *pub_filename,
                                   (unsigned char *)pass, strlen(pass),
                                   SILC_PKCS_FILE_PEM) == FALSE) {
       memset(pass, 0, strlen(pass));
+      silc_free(pass);
       return FALSE;
     }
 
@@ -279,6 +293,7 @@ bool silc_load_key_pair(const char *pub_filename,
   }
 
   memset(pass, 0, strlen(pass));
+  silc_free(pass);
   return TRUE;
 }
 
@@ -342,3 +357,71 @@ bool silc_show_public_key(const char *pub_filename)
 
   return TRUE;
 }
+
+/* Change private key passphrase */
+
+bool silc_change_private_key_passphrase(const char *prv_filename,
+                                       const char *old_passphrase,
+                                       const char *new_passphrase)
+{
+  SilcPrivateKey private_key;
+  bool base64 = FALSE;
+  char *pass;
+
+  pass = old_passphrase ? strdup(old_passphrase) : NULL;
+  if (!pass) {
+    pass = silc_get_input("Old passphrase: ", TRUE);
+    if (!pass)
+      pass = strdup("");
+  }
+
+  if (silc_pkcs_load_private_key((char *)prv_filename, &private_key,
+                                (unsigned char *)pass, strlen(pass),
+                                SILC_PKCS_FILE_BIN) == FALSE) {
+    base64 = TRUE;
+    if (silc_pkcs_load_private_key((char *)prv_filename, &private_key,
+                                  (unsigned char *)pass, strlen(pass),
+                                  SILC_PKCS_FILE_PEM) == FALSE) {
+      memset(pass, 0, strlen(pass));
+      silc_free(pass);
+      fprintf(stderr, "Could not load private key `%s' file\n", prv_filename);
+      return FALSE;
+    }
+  }
+
+  memset(pass, 0, strlen(pass));
+  silc_free(pass);
+
+  pass = new_passphrase ? strdup(new_passphrase) : NULL;
+  if (!pass) {
+    char *pass2 = NULL;
+    fprintf(stdout, "\n");
+    pass = silc_get_input("New passphrase: ", TRUE);
+    if (!pass) {
+      pass = strdup("");
+    } else {
+      while (TRUE) {
+       printf("\n");
+       pass2 = silc_get_input("Retype new passphrase: ", TRUE);
+       if (!pass2)
+         pass2 = strdup("");
+       if (!strcmp(pass, pass2))
+         break;
+       fprintf(stderr, "\nPassphrases do not match");
+      }
+      silc_free(pass2);
+    }
+  }
+
+  silc_pkcs_save_private_key((char *)prv_filename, private_key,
+                            (unsigned char *)pass, strlen(pass),
+                            base64 ? SILC_PKCS_FILE_PEM : SILC_PKCS_FILE_BIN);
+
+  fprintf(stdout, "\nPassphrase changed\n");
+
+  memset(pass, 0, strlen(pass));
+  silc_free(pass);
+
+  silc_pkcs_private_key_free(private_key);
+  return TRUE;
+}