summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:40:04 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:40:04 +0000
commit6818bfbf3084af380eea97ac91237a9a201d9504 (patch)
tree363ea94d9e6cf0a1230289b074901de6dfe98fa6
parent020a8699a946b9cefd850af82a22d953fd786e98 (diff)
- markus@cvs.openbsd.org 2001/08/01 23:33:09
[ssh-keygen.c] allow uploading RSA keys for non-default AUT0 (sha1 over passphrase like sectok).
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--ssh-keygen.c49
2 files changed, 42 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 996169ee4..e42edd183 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -94,6 +94,10 @@
94 - markus@cvs.openbsd.org 2001/08/01 22:16:45 94 - markus@cvs.openbsd.org 2001/08/01 22:16:45
95 [ssh.1 sshd.8] 95 [ssh.1 sshd.8]
96 refer to current ietf drafts for protocol v2 96 refer to current ietf drafts for protocol v2
97 - markus@cvs.openbsd.org 2001/08/01 23:33:09
98 [ssh-keygen.c]
99 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
100 like sectok).
97 101
9820010803 10220010803
99 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on 103 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6204,4 +6208,4 @@
6204 - Wrote replacements for strlcpy and mkdtemp 6208 - Wrote replacements for strlcpy and mkdtemp
6205 - Released 1.0pre1 6209 - Released 1.0pre1
6206 6210
6207$Id: ChangeLog,v 1.1450 2001/08/06 21:38:10 mouring Exp $ 6211$Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 003357321..5fadad7cc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.73 2001/07/26 20:04:27 rees Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -380,6 +380,7 @@ do_print_public(struct passwd *pw)
380 exit(0); 380 exit(0);
381} 381}
382 382
383#ifdef SMARTCARD
383#define NUM_RSA_KEY_ELEMENTS 5+1 384#define NUM_RSA_KEY_ELEMENTS 5+1
384#define COPY_RSA_KEY(x, i) \ 385#define COPY_RSA_KEY(x, i) \
385 do { \ 386 do { \
@@ -390,17 +391,33 @@ do_print_public(struct passwd *pw)
390 goto done; \ 391 goto done; \
391 } while(0) 392 } while(0)
392 393
394static int
395get_AUT0(char *aut0)
396{
397 EVP_MD *evp_md = EVP_sha1();
398 EVP_MD_CTX md;
399 char *pass;
400
401 pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
402 if (pass == NULL)
403 return -1;
404 EVP_DigestInit(&md, evp_md);
405 EVP_DigestUpdate(&md, pass, strlen(pass));
406 EVP_DigestFinal(&md, aut0, NULL);
407 memset(pass, 0, strlen(pass));
408 xfree(pass);
409 return 0;
410}
411
393static void 412static void
394do_upload(struct passwd *pw, int reader) 413do_upload(struct passwd *pw, int reader)
395{ 414{
396#ifndef SMARTCARD
397 fatal("no support for smartcards.");
398#else
399 Key *prv = NULL; 415 Key *prv = NULL;
400 struct stat st; 416 struct stat st;
401 u_char *elements[NUM_RSA_KEY_ELEMENTS]; 417 u_char *elements[NUM_RSA_KEY_ELEMENTS];
402 u_char key_fid[2]; 418 u_char key_fid[2];
403 u_char AUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63}; 419 u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
420 u_char AUT0[EVP_MAX_MD_SIZE];
404 int len, status = 1, i, fd = -1, ret; 421 int len, status = 1, i, fd = -1, ret;
405 int sw = 0, cla = 0x00; 422 int sw = 0, cla = 0x00;
406 423
@@ -424,23 +441,27 @@ do_upload(struct passwd *pw, int reader)
424 COPY_RSA_KEY(dmp1, 4); 441 COPY_RSA_KEY(dmp1, 4);
425 COPY_RSA_KEY(n, 5); 442 COPY_RSA_KEY(n, 5);
426 len = BN_num_bytes(prv->rsa->n); 443 len = BN_num_bytes(prv->rsa->n);
427 fd = sectok_open(reader, 0, &sw); 444 fd = sectok_open(reader, STONOWAIT, &sw);
428 if (fd < 0) { 445 if (fd < 0) {
429 error("sectok_open failed"); 446 error("sectok_open failed: %s", sectok_get_sw(sw));
430 goto done; 447 goto done;
431 } 448 }
432 ret = sectok_reset(fd, 0, NULL, &sw); 449 ret = sectok_reset(fd, 0, NULL, &sw);
433 if (ret <= 0) { 450 if (ret <= 0) {
434 error("sectok_reset failed"); 451 error("sectok_reset failed: %s", sectok_get_sw(sw));
435 goto done; 452 goto done;
436 } 453 }
437 if ((cla = cyberflex_inq_class(fd)) < 0) { 454 if ((cla = cyberflex_inq_class(fd)) < 0) {
438 error("cyberflex_inq_class failed"); 455 error("cyberflex_inq_class failed");
439 goto done; 456 goto done;
440 } 457 }
441 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(AUT0)) < 0) { 458 memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
442 error("cyberflex_verify_AUT0 failed"); 459 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
443 goto done; 460 if (get_AUT0(AUT0) < 0 ||
461 cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
462 error("cyberflex_verify_AUT0 failed");
463 goto done;
464 }
444 } 465 }
445 key_fid[0] = 0x00; 466 key_fid[0] = 0x00;
446 key_fid[1] = 0x12; 467 key_fid[1] = 0x12;
@@ -473,8 +494,8 @@ done:
473 if (fd != -1) 494 if (fd != -1)
474 sectok_close(fd); 495 sectok_close(fd);
475 exit(status); 496 exit(status);
476#endif
477} 497}
498#endif
478 499
479static void 500static void
480do_fingerprint(struct passwd *pw) 501do_fingerprint(struct passwd *pw)
@@ -878,7 +899,11 @@ main(int ac, char **av)
878 if (print_public) 899 if (print_public)
879 do_print_public(pw); 900 do_print_public(pw);
880 if (reader != -1) 901 if (reader != -1)
902#ifdef SMARTCARD
881 do_upload(pw, reader); 903 do_upload(pw, reader);
904#else
905 fatal("no support for smartcards.");
906#endif
882 907
883 arc4random_stir(); 908 arc4random_stir();
884 909
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-27 12:19:17 +0000