diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 03:44:03 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 03:44:03 +0000 |
commit | cd392284acc87a4e0a4b687163355b706b9e97cf (patch) | |
tree | 51134fe90b78f32af31f6590cdb455a1ecb26f69 | |
parent | 79073822999e641b8705be9fcd8214b98856dd47 (diff) |
- markus@cvs.openbsd.org 2001/06/26 02:47:07
[ssh-keygen.c]
allow loading a private RSA key to a cyberflex card.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh-keygen.c | 118 |
2 files changed, 103 insertions, 20 deletions
@@ -16,6 +16,9 @@ | |||
16 | - stevesk@cvs.openbsd.org 2001/06/25 20:26:37 | 16 | - stevesk@cvs.openbsd.org 2001/06/25 20:26:37 |
17 | [auth2.c sshconnect2.c] | 17 | [auth2.c sshconnect2.c] |
18 | prototype cleanup; ok markus@ | 18 | prototype cleanup; ok markus@ |
19 | - markus@cvs.openbsd.org 2001/06/26 02:47:07 | ||
20 | [ssh-keygen.c] | ||
21 | allow loading a private RSA key to a cyberflex card. | ||
19 | 22 | ||
20 | 20010629 | 23 | 20010629 |
21 | - (bal) Removed net_aton() since we don't use it any more | 24 | - (bal) Removed net_aton() since we don't use it any more |
@@ -5843,4 +5846,4 @@ | |||
5843 | - Wrote replacements for strlcpy and mkdtemp | 5846 | - Wrote replacements for strlcpy and mkdtemp |
5844 | - Released 1.0pre1 | 5847 | - Released 1.0pre1 |
5845 | 5848 | ||
5846 | $Id: ChangeLog,v 1.1348 2001/07/04 03:42:30 mouring Exp $ | 5849 | $Id: ChangeLog,v 1.1349 2001/07/04 03:44:03 mouring Exp $ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 95fcd6521..8ae261193 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,11 +12,15 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.66 2001/06/26 02:47:07 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
19 | 19 | ||
20 | #ifdef SMARTCARD | ||
21 | #include <sectok.h> | ||
22 | #endif | ||
23 | |||
20 | #include "xmalloc.h" | 24 | #include "xmalloc.h" |
21 | #include "key.h" | 25 | #include "key.h" |
22 | #include "rsa.h" | 26 | #include "rsa.h" |
@@ -28,6 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $"); | |||
28 | #include "log.h" | 32 | #include "log.h" |
29 | #include "readpass.h" | 33 | #include "readpass.h" |
30 | 34 | ||
35 | |||
31 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 36 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
32 | int bits = 1024; | 37 | int bits = 1024; |
33 | 38 | ||
@@ -375,6 +380,92 @@ do_print_public(struct passwd *pw) | |||
375 | exit(0); | 380 | exit(0); |
376 | } | 381 | } |
377 | 382 | ||
383 | #define NUM_RSA_KEY_ELEMENTS 5+1 | ||
384 | #define COPY_RSA_KEY(x, i) \ | ||
385 | do { \ | ||
386 | len = BN_num_bytes(prv->rsa->x); \ | ||
387 | elements[i] = xmalloc(len); \ | ||
388 | error("#bytes %d", len); \ | ||
389 | if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \ | ||
390 | goto done; \ | ||
391 | } while(0) | ||
392 | |||
393 | static void | ||
394 | do_upload(struct passwd *pw, int reader) | ||
395 | { | ||
396 | #ifndef SMARTCARD | ||
397 | fatal("no support for smartcards."); | ||
398 | #else | ||
399 | Key *prv = NULL; | ||
400 | struct stat st; | ||
401 | u_char *elements[NUM_RSA_KEY_ELEMENTS]; | ||
402 | u_char key_fid[2]; | ||
403 | u_char atr[256]; | ||
404 | u_char AUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63}; | ||
405 | int len, status = 1, i, fd = -1, ret; | ||
406 | int cla = 0x00; | ||
407 | |||
408 | if (!have_identity) | ||
409 | ask_filename(pw, "Enter file in which the key is"); | ||
410 | if (stat(identity_file, &st) < 0) { | ||
411 | perror(identity_file); | ||
412 | goto done; | ||
413 | } | ||
414 | prv = load_identity(identity_file); | ||
415 | if (prv == NULL) { | ||
416 | error("load failed"); | ||
417 | goto done; | ||
418 | } | ||
419 | { | ||
420 | prv->type = KEY_RSA; | ||
421 | key_write(prv, stderr); | ||
422 | } | ||
423 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
424 | elements[i] = NULL; | ||
425 | COPY_RSA_KEY(q, 0); | ||
426 | COPY_RSA_KEY(p, 1); | ||
427 | COPY_RSA_KEY(iqmp, 2); | ||
428 | COPY_RSA_KEY(dmq1, 3); | ||
429 | COPY_RSA_KEY(dmp1, 4); | ||
430 | COPY_RSA_KEY(n, 5); | ||
431 | len = BN_num_bytes(prv->rsa->n); | ||
432 | fd = scopen(reader, 0, NULL); | ||
433 | if (fd < 0) { | ||
434 | error("scopen failed %d.", fd); | ||
435 | goto done; | ||
436 | } | ||
437 | ret = screset(fd, atr, NULL); | ||
438 | if (ret <= 0) { | ||
439 | error("screset failed."); | ||
440 | goto done; | ||
441 | } | ||
442 | if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(AUT0)) < 0) { | ||
443 | error("cyberflex_verify_AUT0 failed"); | ||
444 | goto done; | ||
445 | } | ||
446 | key_fid[0] = 0x00; | ||
447 | key_fid[1] = 0x12; | ||
448 | if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements) < 0) | ||
449 | goto done; | ||
450 | log("cyberflex_load_rsa_priv done"); | ||
451 | key_fid[0] = 0x73; | ||
452 | key_fid[1] = 0x68; | ||
453 | if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5]) < 0) | ||
454 | goto done; | ||
455 | log("cyberflex_load_rsa_pub done"); | ||
456 | status = 0; | ||
457 | log("loading key done"); | ||
458 | done: | ||
459 | if (prv) | ||
460 | key_free(prv); | ||
461 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
462 | xfree(elements[i]); | ||
463 | if (fd != -1) | ||
464 | scclose(fd); | ||
465 | exit(status); | ||
466 | #endif | ||
467 | } | ||
468 | |||
378 | static void | 469 | static void |
379 | do_fingerprint(struct passwd *pw) | 470 | do_fingerprint(struct passwd *pw) |
380 | { | 471 | { |
@@ -664,7 +755,7 @@ main(int ac, char **av) | |||
664 | char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; | 755 | char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; |
665 | Key *private, *public; | 756 | Key *private, *public; |
666 | struct passwd *pw; | 757 | struct passwd *pw; |
667 | int opt, type, fd; | 758 | int opt, type, fd, reader = -1; |
668 | struct stat st; | 759 | struct stat st; |
669 | FILE *f; | 760 | FILE *f; |
670 | 761 | ||
@@ -688,7 +779,7 @@ main(int ac, char **av) | |||
688 | exit(1); | 779 | exit(1); |
689 | } | 780 | } |
690 | 781 | ||
691 | while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:P:N:C:")) != -1) { | 782 | while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) { |
692 | switch (opt) { | 783 | switch (opt) { |
693 | case 'b': | 784 | case 'b': |
694 | bits = atoi(optarg); | 785 | bits = atoi(optarg); |
@@ -697,73 +788,60 @@ main(int ac, char **av) | |||
697 | exit(1); | 788 | exit(1); |
698 | } | 789 | } |
699 | break; | 790 | break; |
700 | |||
701 | case 'l': | 791 | case 'l': |
702 | print_fingerprint = 1; | 792 | print_fingerprint = 1; |
703 | break; | 793 | break; |
704 | |||
705 | case 'B': | 794 | case 'B': |
706 | print_bubblebabble = 1; | 795 | print_bubblebabble = 1; |
707 | break; | 796 | break; |
708 | |||
709 | case 'p': | 797 | case 'p': |
710 | change_passphrase = 1; | 798 | change_passphrase = 1; |
711 | break; | 799 | break; |
712 | |||
713 | case 'c': | 800 | case 'c': |
714 | change_comment = 1; | 801 | change_comment = 1; |
715 | break; | 802 | break; |
716 | |||
717 | case 'f': | 803 | case 'f': |
718 | strlcpy(identity_file, optarg, sizeof(identity_file)); | 804 | strlcpy(identity_file, optarg, sizeof(identity_file)); |
719 | have_identity = 1; | 805 | have_identity = 1; |
720 | break; | 806 | break; |
721 | |||
722 | case 'P': | 807 | case 'P': |
723 | identity_passphrase = optarg; | 808 | identity_passphrase = optarg; |
724 | break; | 809 | break; |
725 | |||
726 | case 'N': | 810 | case 'N': |
727 | identity_new_passphrase = optarg; | 811 | identity_new_passphrase = optarg; |
728 | break; | 812 | break; |
729 | |||
730 | case 'C': | 813 | case 'C': |
731 | identity_comment = optarg; | 814 | identity_comment = optarg; |
732 | break; | 815 | break; |
733 | |||
734 | case 'q': | 816 | case 'q': |
735 | quiet = 1; | 817 | quiet = 1; |
736 | break; | 818 | break; |
737 | |||
738 | case 'R': | 819 | case 'R': |
739 | /* unused */ | 820 | /* unused */ |
740 | exit(0); | 821 | exit(0); |
741 | break; | 822 | break; |
742 | |||
743 | case 'e': | 823 | case 'e': |
744 | case 'x': | 824 | case 'x': |
745 | /* export key */ | 825 | /* export key */ |
746 | convert_to_ssh2 = 1; | 826 | convert_to_ssh2 = 1; |
747 | break; | 827 | break; |
748 | |||
749 | case 'i': | 828 | case 'i': |
750 | case 'X': | 829 | case 'X': |
751 | /* import key */ | 830 | /* import key */ |
752 | convert_from_ssh2 = 1; | 831 | convert_from_ssh2 = 1; |
753 | break; | 832 | break; |
754 | |||
755 | case 'y': | 833 | case 'y': |
756 | print_public = 1; | 834 | print_public = 1; |
757 | break; | 835 | break; |
758 | |||
759 | case 'd': | 836 | case 'd': |
760 | key_type_name = "dsa"; | 837 | key_type_name = "dsa"; |
761 | break; | 838 | break; |
762 | |||
763 | case 't': | 839 | case 't': |
764 | key_type_name = optarg; | 840 | key_type_name = optarg; |
765 | break; | 841 | break; |
766 | 842 | case 'u': | |
843 | reader = atoi(optarg); /*XXX*/ | ||
844 | break; | ||
767 | case '?': | 845 | case '?': |
768 | default: | 846 | default: |
769 | usage(); | 847 | usage(); |
@@ -789,6 +867,8 @@ main(int ac, char **av) | |||
789 | do_convert_from_ssh2(pw); | 867 | do_convert_from_ssh2(pw); |
790 | if (print_public) | 868 | if (print_public) |
791 | do_print_public(pw); | 869 | do_print_public(pw); |
870 | if (reader != -1) | ||
871 | do_upload(pw, reader); | ||
792 | 872 | ||
793 | arc4random_stir(); | 873 | arc4random_stir(); |
794 | 874 | ||