- markus@cvs.openbsd.org 2001/06/26 05:33:34

[ssh-agent.c] more smartcard support.
author: Ben Lindstrom <mouring@eviladmin.org> 2001-07-04 03:53:15 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-07-04 03:53:15 +0000
commit: 3f471630bbe2e75ab5db9368778551474770f78e (patch)
tree: 718c42a7bb85cbba81978a4e71e1661c58c0b947
parent: db6b276f5a5c88e76bbe6705d19c938736248d54 (diff)
2 files changed, 120 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 41bfff243..d61abbb13 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,9 @@
   - markus@cvs.openbsd.org 2001/06/26 05:07:43
     [ssh-agent.c]
     update usage
+   - markus@cvs.openbsd.org 2001/06/26 05:33:34
+     [ssh-agent.c]
+     more smartcard support.
 20010629
 - (bal) Removed net_aton() since we don't use it any more
@@ -5855,4 +5858,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1352 2001/07/04 03:51:35 mouring Exp $
+$Id: ChangeLog,v 1.1353 2001/07/04 03:53:15 mouring Exp $
diff --git a/ssh-agent.c b/ssh-agent.c
index 3b2934760..41dd777cb 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $   */
+/*      $OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $   */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -56,6 +56,11 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $");
 #include "compat.h"
 #include "log.h"
+#ifdef SMARTCARD
+#include <openssl/engine.h>
+#include "scard.h"
+#endif
 typedef struct {
        int fd;
        enum {
@@ -439,6 +444,106 @@ send:
            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
 }
+#ifdef SMARTCARD
+static void
+process_add_smartcard_key (SocketEntry *e)
+{
+        Idtab *tab;
+        Key *n = NULL, *k = NULL;
+        int success = 0;
+        int sc_reader_num = 0;
+        
+        sc_reader_num = buffer_get_int(&e->input);
+        k = sc_get_key(sc_reader_num);
+        if (k == NULL) {
+                error("sc_get_pubkey failed");
+                goto send;
+        }
+        success = 1;
+        tab = idtab_lookup(1);
+        if (lookup_private_key(k, NULL, 1) == NULL) {
+                if (tab->nentries == 0)
+                        tab->identities = xmalloc(sizeof(Identity));
+                else
+                        tab->identities = xrealloc(tab->identities,
+                            (tab->nentries + 1) * sizeof(Identity));
+                n = key_new(KEY_RSA1);
+                BN_copy(n->rsa->n, k->rsa->n);
+                BN_copy(n->rsa->e, k->rsa->e);
+                RSA_set_method(n->rsa, sc_get_engine());
+                tab->identities[tab->nentries].key = n;
+                tab->identities[tab->nentries].comment =
+                    xstrdup("rsa1 smartcard");
+                tab->nentries++;
+        }
+        tab = idtab_lookup(2);
+        if (lookup_private_key(k, NULL, 2) == NULL) {
+                if (tab->nentries == 0)
+                        tab->identities = xmalloc(sizeof(Identity));
+                else
+                        tab->identities = xrealloc(tab->identities,
+                            (tab->nentries + 1) * sizeof(Identity));
+                n = key_new(KEY_RSA);
+                BN_copy(n->rsa->n, k->rsa->n);
+                BN_copy(n->rsa->e, k->rsa->e);
+                RSA_set_method(n->rsa, sc_get_engine());
+                tab->identities[tab->nentries].key = n;
+                tab->identities[tab->nentries].comment =
+                    xstrdup("rsa smartcard");
+                tab->nentries++;
+        }
+        key_free(k);
+send:
+        buffer_put_int(&e->output, 1);
+        buffer_put_char(&e->output,
+            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
+}
+static void
+process_remove_smartcard_key(SocketEntry *e)
+{
+        Key *k = NULL, *private;
+        int idx;
+        int success = 0;
+        int sc_reader_num = 0;
+        sc_reader_num = buffer_get_int(&e->input);
+        if ((k = sc_get_key(sc_reader_num)) == NULL) {
+                error("sc_get_pubkey failed");
+        } else {
+                private = lookup_private_key(k, &idx, 1);
+                if (private != NULL) {
+                        Idtab *tab = idtab_lookup(1);
+                        key_free(tab->identities[idx].key);
+                        xfree(tab->identities[idx].comment);
+                        if (idx != tab->nentries)
+                                tab->identities[idx] = tab->identities[tab->nentries];
+                        tab->nentries--;
+                        success = 1;
+                }
+                private = lookup_private_key(k, &idx, 2);
+                if (private != NULL) {
+                        Idtab *tab = idtab_lookup(2);
+                        key_free(tab->identities[idx].key);
+                        xfree(tab->identities[idx].comment);
+                        if (idx != tab->nentries)
+                                tab->identities[idx] = tab->identities[tab->nentries];
+                        tab->nentries--;
+                        success = 1;
+                }
+                key_free(k);
+        }
+        buffer_put_int(&e->output, 1);
+        buffer_put_char(&e->output,
+            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
+}
+#endif
 /* dispatch incoming messages */
 static void
@@ -462,6 +567,7 @@ process_message(SocketEntry *e)
        buffer_consume(&e->input, 4);
        type = buffer_get_char(&e->input);
+        debug("type %d", type);
        switch (type) {
        /* ssh1 */
        case SSH_AGENTC_RSA_CHALLENGE:
@@ -495,6 +601,14 @@ process_message(SocketEntry *e)
        case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
                process_remove_all_identities(e, 2);
                break;
+#ifdef SMARTCARD
+        case SSH_AGENTC_ADD_SMARTCARD_KEY:
+                process_add_smartcard_key(e);
+                break; 
+        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
+                process_remove_smartcard_key(e);
+                break; 
+#endif
        default:
                /* Unknown message.  Respond with failure. */
                error("Unknown message %d", type);
author	Ben Lindstrom <mouring@eviladmin.org>	2001-07-04 03:53:15 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-07-04 03:53:15 +0000
commit	3f471630bbe2e75ab5db9368778551474770f78e (patch)
tree	718c42a7bb85cbba81978a4e71e1661c58c0b947
parent	db6b276f5a5c88e76bbe6705d19c938736248d54 (diff)

diff --git a/ChangeLog b/ChangeLog index 41bfff243..d61abbb13 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,9 @@
28	- markus@cvs.openbsd.org 2001/06/26 05:07:43	28	- markus@cvs.openbsd.org 2001/06/26 05:07:43
29	[ssh-agent.c]	29	[ssh-agent.c]
30	update usage	30	update usage
		31	- markus@cvs.openbsd.org 2001/06/26 05:33:34
		32	[ssh-agent.c]
		33	more smartcard support.
31		34
32	20010629	35	20010629
33	- (bal) Removed net_aton() since we don't use it any more	36	- (bal) Removed net_aton() since we don't use it any more
@@ -5855,4 +5858,4 @@
5855	- Wrote replacements for strlcpy and mkdtemp	5858	- Wrote replacements for strlcpy and mkdtemp
5856	- Released 1.0pre1	5859	- Released 1.0pre1
5857		5860
5858	$Id: ChangeLog,v 1.1352 2001/07/04 03:51:35 mouring Exp $	5861	$Id: ChangeLog,v 1.1353 2001/07/04 03:53:15 mouring Exp $


diff --git a/ssh-agent.c b/ssh-agent.c index 3b2934760..41dd777cb 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $ */	1	/* $OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,7 +36,7 @@
36	*/	36	*/
37		37
38	#include "includes.h"	38	#include "includes.h"
39	RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $");	39	RCSID("$OpenBSD: ssh-agent.c,v 1.59 2001/06/26 05:33:34 markus Exp $");
40		40
41	#include <openssl/evp.h>	41	#include <openssl/evp.h>
42	#include <openssl/md5.h>	42	#include <openssl/md5.h>
@@ -56,6 +56,11 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.58 2001/06/26 05:07:43 markus Exp $");
56	#include "compat.h"	56	#include "compat.h"
57	#include "log.h"	57	#include "log.h"
58		58
		59	#ifdef SMARTCARD
		60	#include <openssl/engine.h>
		61	#include "scard.h"
		62	#endif
		63
59	typedef struct {	64	typedef struct {
60	int fd;	65	int fd;
61	enum {	66	enum {
@@ -439,6 +444,106 @@ send:
439	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);	444	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
440	}	445	}
441		446
		447
		448	#ifdef SMARTCARD
		449	static void
		450	process_add_smartcard_key (SocketEntry *e)
		451	{
		452	Idtab *tab;
		453	Key n = NULL, k = NULL;
		454	int success = 0;
		455	int sc_reader_num = 0;
		456
		457	sc_reader_num = buffer_get_int(&e->input);
		458
		459	k = sc_get_key(sc_reader_num);
		460	if (k == NULL) {
		461	error("sc_get_pubkey failed");
		462	goto send;
		463	}
		464	success = 1;
		465
		466	tab = idtab_lookup(1);
		467	if (lookup_private_key(k, NULL, 1) == NULL) {
		468	if (tab->nentries == 0)
		469	tab->identities = xmalloc(sizeof(Identity));
		470	else
		471	tab->identities = xrealloc(tab->identities,
		472	(tab->nentries + 1) * sizeof(Identity));
		473	n = key_new(KEY_RSA1);
		474	BN_copy(n->rsa->n, k->rsa->n);
		475	BN_copy(n->rsa->e, k->rsa->e);
		476	RSA_set_method(n->rsa, sc_get_engine());
		477	tab->identities[tab->nentries].key = n;
		478	tab->identities[tab->nentries].comment =
		479	xstrdup("rsa1 smartcard");
		480	tab->nentries++;
		481	}
		482	tab = idtab_lookup(2);
		483	if (lookup_private_key(k, NULL, 2) == NULL) {
		484	if (tab->nentries == 0)
		485	tab->identities = xmalloc(sizeof(Identity));
		486	else
		487	tab->identities = xrealloc(tab->identities,
		488	(tab->nentries + 1) * sizeof(Identity));
		489	n = key_new(KEY_RSA);
		490	BN_copy(n->rsa->n, k->rsa->n);
		491	BN_copy(n->rsa->e, k->rsa->e);
		492	RSA_set_method(n->rsa, sc_get_engine());
		493	tab->identities[tab->nentries].key = n;
		494	tab->identities[tab->nentries].comment =
		495	xstrdup("rsa smartcard");
		496	tab->nentries++;
		497	}
		498	key_free(k);
		499	send:
		500	buffer_put_int(&e->output, 1);
		501	buffer_put_char(&e->output,
		502	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
		503	}
		504
		505	static void
		506	process_remove_smartcard_key(SocketEntry *e)
		507	{
		508	Key k = NULL, private;
		509	int idx;
		510	int success = 0;
		511	int sc_reader_num = 0;
		512
		513	sc_reader_num = buffer_get_int(&e->input);
		514
		515	if ((k = sc_get_key(sc_reader_num)) == NULL) {
		516	error("sc_get_pubkey failed");
		517	} else {
		518	private = lookup_private_key(k, &idx, 1);
		519	if (private != NULL) {
		520	Idtab *tab = idtab_lookup(1);
		521	key_free(tab->identities[idx].key);
		522	xfree(tab->identities[idx].comment);
		523	if (idx != tab->nentries)
		524	tab->identities[idx] = tab->identities[tab->nentries];
		525	tab->nentries--;
		526	success = 1;
		527	}
		528	private = lookup_private_key(k, &idx, 2);
		529	if (private != NULL) {
		530	Idtab *tab = idtab_lookup(2);
		531	key_free(tab->identities[idx].key);
		532	xfree(tab->identities[idx].comment);
		533	if (idx != tab->nentries)
		534	tab->identities[idx] = tab->identities[tab->nentries];
		535	tab->nentries--;
		536	success = 1;
		537	}
		538	key_free(k);
		539	}
		540
		541	buffer_put_int(&e->output, 1);
		542	buffer_put_char(&e->output,
		543	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
		544	}
		545	#endif
		546
442	/* dispatch incoming messages */	547	/* dispatch incoming messages */
443		548
444	static void	549	static void
@@ -462,6 +567,7 @@ process_message(SocketEntry *e)
462	buffer_consume(&e->input, 4);	567	buffer_consume(&e->input, 4);
463	type = buffer_get_char(&e->input);	568	type = buffer_get_char(&e->input);
464		569
		570	debug("type %d", type);
465	switch (type) {	571	switch (type) {
466	/* ssh1 */	572	/* ssh1 */
467	case SSH_AGENTC_RSA_CHALLENGE:	573	case SSH_AGENTC_RSA_CHALLENGE:
@@ -495,6 +601,14 @@ process_message(SocketEntry *e)
495	case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:	601	case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
496	process_remove_all_identities(e, 2);	602	process_remove_all_identities(e, 2);
497	break;	603	break;
		604	#ifdef SMARTCARD
		605	case SSH_AGENTC_ADD_SMARTCARD_KEY:
		606	process_add_smartcard_key(e);
		607	break;
		608	case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
		609	process_remove_smartcard_key(e);
		610	break;
		611	#endif
498	default:	612	default:
499	/* Unknown message. Respond with failure. */	613	/* Unknown message. Respond with failure. */
500	error("Unknown message %d", type);	614	error("Unknown message %d", type);