- markus@cvs.openbsd.org 2001/06/26 02:47:07

[ssh-keygen.c] allow loading a private RSA key to a cyberflex card.
author: Ben Lindstrom <mouring@eviladmin.org> 2001-07-04 03:44:03 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-07-04 03:44:03 +0000
commit: cd392284acc87a4e0a4b687163355b706b9e97cf (patch)
tree: 51134fe90b78f32af31f6590cdb455a1ecb26f69
parent: 79073822999e641b8705be9fcd8214b98856dd47 (diff)
2 files changed, 103 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 5507cab0d..2d9df43b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
   - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
     [auth2.c sshconnect2.c]
     prototype cleanup; ok markus@
+   - markus@cvs.openbsd.org 2001/06/26 02:47:07
+     [ssh-keygen.c]
+     allow loading a private RSA key to a cyberflex card.
 20010629
 - (bal) Removed net_aton() since we don't use it any more
@@ -5843,4 +5846,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1348 2001/07/04 03:42:30 mouring Exp $
+$Id: ChangeLog,v 1.1349 2001/07/04 03:44:03 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 95fcd6521..8ae261193 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,11 +12,15 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.66 2001/06/26 02:47:07 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#ifdef SMARTCARD
+#include <sectok.h>
+#endif
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
@@ -28,6 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
 #include "log.h"
 #include "readpass.h"
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -375,6 +380,92 @@ do_print_public(struct passwd *pw)
        exit(0);
 }
+#define NUM_RSA_KEY_ELEMENTS 5+1
+#define COPY_RSA_KEY(x, i) \
+        do { \
+                len = BN_num_bytes(prv->rsa->x); \
+                elements[i] = xmalloc(len); \
+error("#bytes %d", len); \
+                if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
+                        goto done; \
+        } while(0)
+static void
+do_upload(struct passwd *pw, int reader)
+{
+#ifndef SMARTCARD
+        fatal("no support for smartcards.");
+#else
+        Key *prv = NULL;
+        struct stat st;
+        u_char *elements[NUM_RSA_KEY_ELEMENTS];
+        u_char key_fid[2];
+        u_char atr[256];
+        u_char AUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
+        int len, status = 1, i, fd = -1, ret;
+        int cla = 0x00;
+        if (!have_identity)
+                ask_filename(pw, "Enter file in which the key is");
+        if (stat(identity_file, &st) < 0) {
+                perror(identity_file);
+                goto done;
+        }
+        prv = load_identity(identity_file);
+        if (prv == NULL) {
+                error("load failed");
+                goto done;
+        }
+{
+        prv->type = KEY_RSA;
+        key_write(prv, stderr);
+}
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                elements[i] = NULL;
+        COPY_RSA_KEY(q, 0);
+        COPY_RSA_KEY(p, 1);
+        COPY_RSA_KEY(iqmp, 2);
+        COPY_RSA_KEY(dmq1, 3);
+        COPY_RSA_KEY(dmp1, 4);
+        COPY_RSA_KEY(n, 5);
+        len = BN_num_bytes(prv->rsa->n);
+        fd = scopen(reader, 0, NULL);
+        if (fd < 0) {
+                error("scopen failed %d.", fd);
+                goto done;
+        }
+        ret = screset(fd, atr, NULL);
+        if (ret <= 0) {
+                error("screset failed.");
+                goto done;
+        }
+        if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(AUT0)) < 0) {
+                error("cyberflex_verify_AUT0 failed");
+                goto done;
+        }
+        key_fid[0] = 0x00;
+        key_fid[1] = 0x12;
+        if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements) < 0)
+                goto done;
+        log("cyberflex_load_rsa_priv done");
+        key_fid[0] = 0x73;
+        key_fid[1] = 0x68;
+        if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5]) < 0)
+                goto done;
+        log("cyberflex_load_rsa_pub done");
+        status = 0;
+        log("loading key done");
+done:
+        if (prv)
+                key_free(prv);
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                xfree(elements[i]);
+        if (fd != -1)
+                scclose(fd);
+        exit(status);
+#endif
+}
 static void
 do_fingerprint(struct passwd *pw)
 {
@@ -664,7 +755,7 @@ main(int ac, char **av)
        char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
        Key *private, *public;
        struct passwd *pw;
-        int opt, type, fd;
+        int opt, type, fd, reader = -1;
        struct stat st;
        FILE *f;
@@ -688,7 +779,7 @@ main(int ac, char **av)
                exit(1);
        }
-        while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:P:N:C:")) != -1) {
+        while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) {
                switch (opt) {
                case 'b':
                        bits = atoi(optarg);
@@ -697,73 +788,60 @@ main(int ac, char **av)
                                exit(1);
                        }
                        break;
                case 'l':
                        print_fingerprint = 1;
                        break;
                case 'B':
                        print_bubblebabble = 1;
                        break;
                case 'p':
                        change_passphrase = 1;
                        break;
                case 'c':
                        change_comment = 1;
                        break;
                case 'f':
                        strlcpy(identity_file, optarg, sizeof(identity_file));
                        have_identity = 1;
                        break;
                case 'P':
                        identity_passphrase = optarg;
                        break;
                case 'N':
                        identity_new_passphrase = optarg;
                        break;
                case 'C':
                        identity_comment = optarg;
                        break;
                case 'q':
                        quiet = 1;
                        break;
                case 'R':
                        /* unused */
                        exit(0);
                        break;
                case 'e':
                case 'x':
                        /* export key */
                        convert_to_ssh2 = 1;
                        break;
                case 'i':
                case 'X':
                        /* import key */
                        convert_from_ssh2 = 1;
                        break;
                case 'y':
                        print_public = 1;
                        break;
                case 'd':
                        key_type_name = "dsa";
                        break;
                case 't':
                        key_type_name = optarg;
                        break;
+                case 'u':
+                        reader = atoi(optarg); /*XXX*/
+                        break;
                case '?':
                default:
                        usage();
@@ -789,6 +867,8 @@ main(int ac, char **av)
                do_convert_from_ssh2(pw);
        if (print_public)
                do_print_public(pw);
+        if (reader != -1)
+                do_upload(pw, reader);
        arc4random_stir();
author	Ben Lindstrom <mouring@eviladmin.org>	2001-07-04 03:44:03 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-07-04 03:44:03 +0000
commit	cd392284acc87a4e0a4b687163355b706b9e97cf (patch)
tree	51134fe90b78f32af31f6590cdb455a1ecb26f69
parent	79073822999e641b8705be9fcd8214b98856dd47 (diff)

diff --git a/ChangeLog b/ChangeLog index 5507cab0d..2d9df43b5 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -16,6 +16,9 @@
16	- stevesk@cvs.openbsd.org 2001/06/25 20:26:37	16	- stevesk@cvs.openbsd.org 2001/06/25 20:26:37
17	[auth2.c sshconnect2.c]	17	[auth2.c sshconnect2.c]
18	prototype cleanup; ok markus@	18	prototype cleanup; ok markus@
		19	- markus@cvs.openbsd.org 2001/06/26 02:47:07
		20	[ssh-keygen.c]
		21	allow loading a private RSA key to a cyberflex card.
19		22
20	20010629	23	20010629
21	- (bal) Removed net_aton() since we don't use it any more	24	- (bal) Removed net_aton() since we don't use it any more
@@ -5843,4 +5846,4 @@
5843	- Wrote replacements for strlcpy and mkdtemp	5846	- Wrote replacements for strlcpy and mkdtemp
5844	- Released 1.0pre1	5847	- Released 1.0pre1
5845		5848
5846	$Id: ChangeLog,v 1.1348 2001/07/04 03:42:30 mouring Exp $	5849	$Id: ChangeLog,v 1.1349 2001/07/04 03:44:03 mouring Exp $


diff --git a/ssh-keygen.c b/ssh-keygen.c index 95fcd6521..8ae261193 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,11 +12,15 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.66 2001/06/26 02:47:07 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
19		19
		20	#ifdef SMARTCARD
		21	#include <sectok.h>
		22	#endif
		23
20	#include "xmalloc.h"	24	#include "xmalloc.h"
21	#include "key.h"	25	#include "key.h"
22	#include "rsa.h"	26	#include "rsa.h"
@@ -28,6 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
28	#include "log.h"	32	#include "log.h"
29	#include "readpass.h"	33	#include "readpass.h"
30		34
		35
31	/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */	36	/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
32	int bits = 1024;	37	int bits = 1024;
33		38
@@ -375,6 +380,92 @@ do_print_public(struct passwd *pw)
375	exit(0);	380	exit(0);
376	}	381	}
377		382
		383	#define NUM_RSA_KEY_ELEMENTS 5+1
		384	#define COPY_RSA_KEY(x, i) \
		385	do { \
		386	len = BN_num_bytes(prv->rsa->x); \
		387	elements[i] = xmalloc(len); \
		388	error("#bytes %d", len); \
		389	if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
		390	goto done; \
		391	} while(0)
		392
		393	static void
		394	do_upload(struct passwd *pw, int reader)
		395	{
		396	#ifndef SMARTCARD
		397	fatal("no support for smartcards.");
		398	#else
		399	Key *prv = NULL;
		400	struct stat st;
		401	u_char *elements[NUM_RSA_KEY_ELEMENTS];
		402	u_char key_fid[2];
		403	u_char atr[256];
		404	u_char AUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
		405	int len, status = 1, i, fd = -1, ret;
		406	int cla = 0x00;
		407
		408	if (!have_identity)
		409	ask_filename(pw, "Enter file in which the key is");
		410	if (stat(identity_file, &st) < 0) {
		411	perror(identity_file);
		412	goto done;
		413	}
		414	prv = load_identity(identity_file);
		415	if (prv == NULL) {
		416	error("load failed");
		417	goto done;
		418	}
		419	{
		420	prv->type = KEY_RSA;
		421	key_write(prv, stderr);
		422	}
		423	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		424	elements[i] = NULL;
		425	COPY_RSA_KEY(q, 0);
		426	COPY_RSA_KEY(p, 1);
		427	COPY_RSA_KEY(iqmp, 2);
		428	COPY_RSA_KEY(dmq1, 3);
		429	COPY_RSA_KEY(dmp1, 4);
		430	COPY_RSA_KEY(n, 5);
		431	len = BN_num_bytes(prv->rsa->n);
		432	fd = scopen(reader, 0, NULL);
		433	if (fd < 0) {
		434	error("scopen failed %d.", fd);
		435	goto done;
		436	}
		437	ret = screset(fd, atr, NULL);
		438	if (ret <= 0) {
		439	error("screset failed.");
		440	goto done;
		441	}
		442	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(AUT0)) < 0) {
		443	error("cyberflex_verify_AUT0 failed");
		444	goto done;
		445	}
		446	key_fid[0] = 0x00;
		447	key_fid[1] = 0x12;
		448	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements) < 0)
		449	goto done;
		450	log("cyberflex_load_rsa_priv done");
		451	key_fid[0] = 0x73;
		452	key_fid[1] = 0x68;
		453	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5]) < 0)
		454	goto done;
		455	log("cyberflex_load_rsa_pub done");
		456	status = 0;
		457	log("loading key done");
		458	done:
		459	if (prv)
		460	key_free(prv);
		461	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		462	xfree(elements[i]);
		463	if (fd != -1)
		464	scclose(fd);
		465	exit(status);
		466	#endif
		467	}
		468
378	static void	469	static void
379	do_fingerprint(struct passwd *pw)	470	do_fingerprint(struct passwd *pw)
380	{	471	{
@@ -664,7 +755,7 @@ main(int ac, char **av)
664	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;	755	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;
665	Key private, public;	756	Key private, public;
666	struct passwd *pw;	757	struct passwd *pw;
667	int opt, type, fd;	758	int opt, type, fd, reader = -1;
668	struct stat st;	759	struct stat st;
669	FILE *f;	760	FILE *f;
670		761
@@ -688,7 +779,7 @@ main(int ac, char **av)
688	exit(1);	779	exit(1);
689	}	780	}
690		781
691	while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:P:N:C:")) != -1) {	782	while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) {
692	switch (opt) {	783	switch (opt) {
693	case 'b':	784	case 'b':
694	bits = atoi(optarg);	785	bits = atoi(optarg);
@@ -697,73 +788,60 @@ main(int ac, char **av)
697	exit(1);	788	exit(1);
698	}	789	}
699	break;	790	break;
700
701	case 'l':	791	case 'l':
702	print_fingerprint = 1;	792	print_fingerprint = 1;
703	break;	793	break;
704
705	case 'B':	794	case 'B':
706	print_bubblebabble = 1;	795	print_bubblebabble = 1;
707	break;	796	break;
708
709	case 'p':	797	case 'p':
710	change_passphrase = 1;	798	change_passphrase = 1;
711	break;	799	break;
712
713	case 'c':	800	case 'c':
714	change_comment = 1;	801	change_comment = 1;
715	break;	802	break;
716
717	case 'f':	803	case 'f':
718	strlcpy(identity_file, optarg, sizeof(identity_file));	804	strlcpy(identity_file, optarg, sizeof(identity_file));
719	have_identity = 1;	805	have_identity = 1;
720	break;	806	break;
721
722	case 'P':	807	case 'P':
723	identity_passphrase = optarg;	808	identity_passphrase = optarg;
724	break;	809	break;
725
726	case 'N':	810	case 'N':
727	identity_new_passphrase = optarg;	811	identity_new_passphrase = optarg;
728	break;	812	break;
729
730	case 'C':	813	case 'C':
731	identity_comment = optarg;	814	identity_comment = optarg;
732	break;	815	break;
733
734	case 'q':	816	case 'q':
735	quiet = 1;	817	quiet = 1;
736	break;	818	break;
737
738	case 'R':	819	case 'R':
739	/* unused */	820	/* unused */
740	exit(0);	821	exit(0);
741	break;	822	break;
742
743	case 'e':	823	case 'e':
744	case 'x':	824	case 'x':
745	/* export key */	825	/* export key */
746	convert_to_ssh2 = 1;	826	convert_to_ssh2 = 1;
747	break;	827	break;
748
749	case 'i':	828	case 'i':
750	case 'X':	829	case 'X':
751	/* import key */	830	/* import key */
752	convert_from_ssh2 = 1;	831	convert_from_ssh2 = 1;
753	break;	832	break;
754
755	case 'y':	833	case 'y':
756	print_public = 1;	834	print_public = 1;
757	break;	835	break;
758
759	case 'd':	836	case 'd':
760	key_type_name = "dsa";	837	key_type_name = "dsa";
761	break;	838	break;
762
763	case 't':	839	case 't':
764	key_type_name = optarg;	840	key_type_name = optarg;
765	break;	841	break;
766		842	case 'u':
		843	reader = atoi(optarg); /XXX/
		844	break;
767	case '?':	845	case '?':
768	default:	846	default:
769	usage();	847	usage();
@@ -789,6 +867,8 @@ main(int ac, char **av)
789	do_convert_from_ssh2(pw);	867	do_convert_from_ssh2(pw);
790	if (print_public)	868	if (print_public)
791	do_print_public(pw);	869	do_print_public(pw);
		870	if (reader != -1)
		871	do_upload(pw, reader);
792		872
793	arc4random_stir();	873	arc4random_stir();
794		874