4 files changed, 140 insertions, 121 deletions
diff --git a/ChangeLog b/ChangeLog
index eceef2214..9edeb08cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -118,6 +118,12 @@
   - markus@cvs.openbsd.org 2002/03/21 16:38:06
     [scard.c]
     make compile w/ openssl 0.9.7
+   - markus@cvs.openbsd.org 2002/03/21 16:54:53
+     [scard.c scard.h ssh-keygen.c]
+     move key upload to scard.[ch]
+   - markus@cvs.openbsd.org 2002/03/21 16:57:15
+     [scard.c]
+     remove const
 20020317
 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
@@ -7964,4 +7970,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1958 2002/03/22 03:28:11 mouring Exp $
+$Id: ChangeLog,v 1.1959 2002/03/22 03:33:43 mouring Exp $
diff --git a/scard.c b/scard.c
index 1d54df86f..7bd72d8ec 100644
--- a/scard.c
+++ b/scard.c
@@ -24,15 +24,16 @@
 #include "includes.h"
 #ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.18 2002/03/21 16:38:06 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $");
 #include <openssl/engine.h>
+#include <openssl/evp.h>
 #include <sectok.h>
 #include "key.h"
 #include "log.h"
 #include "xmalloc.h"
 #include "scard.h"
+#include "readpass.h"
 #ifdef OPENSSL_VERSION_NUMBER
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
@@ -187,7 +188,7 @@ err:
 /* private key operations */
 static int
-sc_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
 {
        u_char *padded = NULL;
@@ -231,7 +232,7 @@ err:
 }
 static int
-sc_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
 {
        u_char *padded = NULL;
@@ -363,4 +364,117 @@ sc_get_key(const char *id)
        }
        return k;
 }
+#define NUM_RSA_KEY_ELEMENTS 5+1
+#define COPY_RSA_KEY(x, i) \
+        do { \
+                len = BN_num_bytes(prv->rsa->x); \
+                elements[i] = xmalloc(len); \
+                debug("#bytes %d", len); \
+                if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
+                        goto done; \
+        } while (0)
+static int
+get_AUT0(char *aut0)
+{
+        const EVP_MD *evp_md = EVP_sha1();
+        EVP_MD_CTX md;
+        char *pass;
+        pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+        if (pass == NULL)
+                return -1;
+        EVP_DigestInit(&md, evp_md);
+        EVP_DigestUpdate(&md, pass, strlen(pass));
+        EVP_DigestFinal(&md, aut0, NULL);
+        memset(pass, 0, strlen(pass));
+        xfree(pass);
+        return 0;
+}
+int
+sc_put_key(Key *prv, const char *id)
+{
+        u_char *elements[NUM_RSA_KEY_ELEMENTS];
+        u_char key_fid[2];
+        u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
+        u_char AUT0[EVP_MAX_MD_SIZE];
+        int len, status = -1, i, fd = -1, ret;
+        int sw = 0, cla = 0x00;
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                elements[i] = NULL;
+        COPY_RSA_KEY(q, 0);
+        COPY_RSA_KEY(p, 1);
+        COPY_RSA_KEY(iqmp, 2);
+        COPY_RSA_KEY(dmq1, 3);
+        COPY_RSA_KEY(dmp1, 4);
+        COPY_RSA_KEY(n, 5);
+        len = BN_num_bytes(prv->rsa->n);
+        fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
+        if (fd < 0) {
+                error("sectok_open failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (! sectok_cardpresent(fd)) {
+                error("smartcard in reader %s not present",
+                    sc_reader_id);
+                goto done;
+        }
+        ret = sectok_reset(fd, 0, NULL, &sw);
+        if (ret <= 0) {
+                error("sectok_reset failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if ((cla = cyberflex_inq_class(fd)) < 0) {
+                error("cyberflex_inq_class failed");
+                goto done;
+        }
+        memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
+        if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
+                if (get_AUT0(AUT0) < 0 ||
+                    cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
+                        error("cyberflex_verify_AUT0 failed");
+                        goto done;
+                }
+        }
+        key_fid[0] = 0x00;
+        key_fid[1] = 0x12;
+        if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
+            &sw) < 0) {
+                error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (!sectok_swOK(sw))
+                goto done;
+        log("cyberflex_load_rsa_priv done");
+        key_fid[0] = 0x73;
+        key_fid[1] = 0x68;
+        if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
+            &sw) < 0) {
+                error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (!sectok_swOK(sw))
+                goto done;
+        log("cyberflex_load_rsa_pub done");
+        status = 0;
+done:
+        memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
+        memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
+        memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
+        memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
+        memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
+        memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                if (elements[i])
+                        xfree(elements[i]);
+        if (fd != -1)
+                sectok_close(fd);
+        return (status);
+}
 #endif /* SMARTCARD */
diff --git a/scard.h b/scard.h
index 6ca99169b..c46eae1be 100644
--- a/scard.h
+++ b/scard.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: scard.h,v 1.7 2002/03/04 17:27:39 stevesk Exp $       */
+/*      $OpenBSD: scard.h,v 1.8 2002/03/21 16:54:53 markus Exp $        */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -29,6 +29,8 @@
 #ifndef SCARD_H
 #define SCARD_H
+#include "key.h"
 #define SCARD_ERROR_FAIL        -1
 #define SCARD_ERROR_NOCARD      -2
 #define SCARD_ERROR_APPLET      -3
@@ -36,5 +38,6 @@
 Key     *sc_get_key(const char*);
 ENGINE  *sc_get_engine(void);
 void     sc_close(void);
+int      sc_put_key(Key *, const char*);
 #endif
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2de87167e..d14c99004 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.94 2002/02/25 16:33:27 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.95 2002/03/21 16:54:53 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -29,8 +29,6 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.94 2002/02/25 16:33:27 markus Exp $");
 #include "readpass.h"
 #ifdef SMARTCARD
-#include <sectok.h>
-#include <openssl/engine.h>
 #include "scard.h"
 #endif
@@ -389,132 +387,30 @@ do_print_public(struct passwd *pw)
 }
 #ifdef SMARTCARD
-#define NUM_RSA_KEY_ELEMENTS 5+1
-#define COPY_RSA_KEY(x, i) \
-        do { \
-                len = BN_num_bytes(prv->rsa->x); \
-                elements[i] = xmalloc(len); \
-                debug("#bytes %d", len); \
-                if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
-                        goto done; \
-        } while (0)
-static int
-get_AUT0(char *aut0)
-{
-        EVP_MD *evp_md = EVP_sha1();
-        EVP_MD_CTX md;
-        char *pass;
-        pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
-        if (pass == NULL)
-                return -1;
-        EVP_DigestInit(&md, evp_md);
-        EVP_DigestUpdate(&md, pass, strlen(pass));
-        EVP_DigestFinal(&md, aut0, NULL);
-        memset(pass, 0, strlen(pass));
-        xfree(pass);
-        return 0;
-}
 static void
 do_upload(struct passwd *pw, const char *sc_reader_id)
 {
        Key *prv = NULL;
        struct stat st;
-        u_char *elements[NUM_RSA_KEY_ELEMENTS];
+        int ret;
-        u_char key_fid[2];
-        u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
-        u_char AUT0[EVP_MAX_MD_SIZE];
-        int len, status = 1, i, fd = -1, ret;
-        int sw = 0, cla = 0x00;
-        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
-                elements[i] = NULL;
        if (!have_identity)
                ask_filename(pw, "Enter file in which the key is");
        if (stat(identity_file, &st) < 0) {
                perror(identity_file);
-                goto done;
+                exit(1);
        }
        prv = load_identity(identity_file);
        if (prv == NULL) {
                error("load failed");
-                goto done;
+                exit(1);
-        }
-        COPY_RSA_KEY(q, 0);
-        COPY_RSA_KEY(p, 1);
-        COPY_RSA_KEY(iqmp, 2);
-        COPY_RSA_KEY(dmq1, 3);
-        COPY_RSA_KEY(dmp1, 4);
-        COPY_RSA_KEY(n, 5);
-        len = BN_num_bytes(prv->rsa->n);
-        fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
-        if (fd < 0) {
-                error("sectok_open failed: %s", sectok_get_sw(sw));
-                goto done;
-        }
-        if (! sectok_cardpresent(fd)) {
-                error("smartcard in reader %s not present",
-                    sc_reader_id);
-                goto done;
-        }
-        ret = sectok_reset(fd, 0, NULL, &sw);
-        if (ret <= 0) {
-                error("sectok_reset failed: %s", sectok_get_sw(sw));
-                goto done;
-        }
-        if ((cla = cyberflex_inq_class(fd)) < 0) {
-                error("cyberflex_inq_class failed");
-                goto done;
-        }
-        memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
-        if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
-                if (get_AUT0(AUT0) < 0 ||
-                    cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
-                        error("cyberflex_verify_AUT0 failed");
-                        goto done;
-                }
-        }
-        key_fid[0] = 0x00;
-        key_fid[1] = 0x12;
-        if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
-            &sw) < 0) {
-                error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
-                goto done;
-        }
-        if (!sectok_swOK(sw))
-                goto done;
-        log("cyberflex_load_rsa_priv done");
-        key_fid[0] = 0x73;
-        key_fid[1] = 0x68;
-        if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
-            &sw) < 0) {
-                error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
-                goto done;
        }
-        if (!sectok_swOK(sw))
+        ret = sc_put_key(prv, sc_reader_id);
-                goto done;
+        key_free(prv);
-        log("cyberflex_load_rsa_pub done");
+        if (ret < 0)
-        status = 0;
+                exit(1);
-        log("loading key done");
+        log("loading key done");
-done:
+        exit(0);
-        memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
-        memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
-        memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
-        memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
-        memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
-        memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
-        if (prv)
-                key_free(prv);
-        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
-                if (elements[i])
-                        xfree(elements[i]);
-        if (fd != -1)
-                sectok_close(fd);
-        exit(status);
 }
 static void

diff --git a/ChangeLog b/ChangeLog index eceef2214..9edeb08cf 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -118,6 +118,12 @@
118	- markus@cvs.openbsd.org 2002/03/21 16:38:06	118	- markus@cvs.openbsd.org 2002/03/21 16:38:06
119	[scard.c]	119	[scard.c]
120	make compile w/ openssl 0.9.7	120	make compile w/ openssl 0.9.7
		121	- markus@cvs.openbsd.org 2002/03/21 16:54:53
		122	[scard.c scard.h ssh-keygen.c]
		123	move key upload to scard.[ch]
		124	- markus@cvs.openbsd.org 2002/03/21 16:57:15
		125	[scard.c]
		126	remove const
121		127
122	20020317	128	20020317
123	- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,	129	- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
@@ -7964,4 +7970,4 @@
7964	- Wrote replacements for strlcpy and mkdtemp	7970	- Wrote replacements for strlcpy and mkdtemp
7965	- Released 1.0pre1	7971	- Released 1.0pre1
7966		7972
7967	$Id: ChangeLog,v 1.1958 2002/03/22 03:28:11 mouring Exp $	7973	$Id: ChangeLog,v 1.1959 2002/03/22 03:33:43 mouring Exp $


diff --git a/scard.c b/scard.c index 1d54df86f..7bd72d8ec 100644 --- a/scard.c +++ b/scard.c
@@ -24,15 +24,16 @@
24		24
25	#include "includes.h"	25	#include "includes.h"
26	#ifdef SMARTCARD	26	#ifdef SMARTCARD
27	RCSID("$OpenBSD: scard.c,v 1.18 2002/03/21 16:38:06 markus Exp $");	27	RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $");
28
29	#include <openssl/engine.h>	28	#include <openssl/engine.h>
		29	#include <openssl/evp.h>
30	#include <sectok.h>	30	#include <sectok.h>
31		31
32	#include "key.h"	32	#include "key.h"
33	#include "log.h"	33	#include "log.h"
34	#include "xmalloc.h"	34	#include "xmalloc.h"
35	#include "scard.h"	35	#include "scard.h"
		36	#include "readpass.h"
36		37
37	#ifdef OPENSSL_VERSION_NUMBER	38	#ifdef OPENSSL_VERSION_NUMBER
38	#if OPENSSL_VERSION_NUMBER >= 0x00907000L	39	#if OPENSSL_VERSION_NUMBER >= 0x00907000L
@@ -187,7 +188,7 @@ err:
187	/* private key operations */	188	/* private key operations */
188		189
189	static int	190	static int
190	sc_private_decrypt(int flen, const u_char from, u_char to, RSA *rsa,	191	sc_private_decrypt(int flen, u_char from, u_char to, RSA *rsa,
191	int padding)	192	int padding)
192	{	193	{
193	u_char *padded = NULL;	194	u_char *padded = NULL;
@@ -231,7 +232,7 @@ err:
231	}	232	}
232		233
233	static int	234	static int
234	sc_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,	235	sc_private_encrypt(int flen, u_char from, u_char to, RSA *rsa,
235	int padding)	236	int padding)
236	{	237	{
237	u_char *padded = NULL;	238	u_char *padded = NULL;
@@ -363,4 +364,117 @@ sc_get_key(const char *id)
363	}	364	}
364	return k;	365	return k;
365	}	366	}
		367
		368	#define NUM_RSA_KEY_ELEMENTS 5+1
		369	#define COPY_RSA_KEY(x, i) \
		370	do { \
		371	len = BN_num_bytes(prv->rsa->x); \
		372	elements[i] = xmalloc(len); \
		373	debug("#bytes %d", len); \
		374	if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
		375	goto done; \
		376	} while (0)
		377
		378	static int
		379	get_AUT0(char *aut0)
		380	{
		381	const EVP_MD *evp_md = EVP_sha1();
		382	EVP_MD_CTX md;
		383	char *pass;
		384
		385	pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
		386	if (pass == NULL)
		387	return -1;
		388	EVP_DigestInit(&md, evp_md);
		389	EVP_DigestUpdate(&md, pass, strlen(pass));
		390	EVP_DigestFinal(&md, aut0, NULL);
		391	memset(pass, 0, strlen(pass));
		392	xfree(pass);
		393	return 0;
		394	}
		395
		396	int
		397	sc_put_key(Key prv, const char id)
		398	{
		399	u_char *elements[NUM_RSA_KEY_ELEMENTS];
		400	u_char key_fid[2];
		401	u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
		402	u_char AUT0[EVP_MAX_MD_SIZE];
		403	int len, status = -1, i, fd = -1, ret;
		404	int sw = 0, cla = 0x00;
		405
		406	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		407	elements[i] = NULL;
		408
		409	COPY_RSA_KEY(q, 0);
		410	COPY_RSA_KEY(p, 1);
		411	COPY_RSA_KEY(iqmp, 2);
		412	COPY_RSA_KEY(dmq1, 3);
		413	COPY_RSA_KEY(dmp1, 4);
		414	COPY_RSA_KEY(n, 5);
		415	len = BN_num_bytes(prv->rsa->n);
		416	fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
		417	if (fd < 0) {
		418	error("sectok_open failed: %s", sectok_get_sw(sw));
		419	goto done;
		420	}
		421	if (! sectok_cardpresent(fd)) {
		422	error("smartcard in reader %s not present",
		423	sc_reader_id);
		424	goto done;
		425	}
		426	ret = sectok_reset(fd, 0, NULL, &sw);
		427	if (ret <= 0) {
		428	error("sectok_reset failed: %s", sectok_get_sw(sw));
		429	goto done;
		430	}
		431	if ((cla = cyberflex_inq_class(fd)) < 0) {
		432	error("cyberflex_inq_class failed");
		433	goto done;
		434	}
		435	memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
		436	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
		437	if (get_AUT0(AUT0) < 0 \|\|
		438	cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
		439	error("cyberflex_verify_AUT0 failed");
		440	goto done;
		441	}
		442	}
		443	key_fid[0] = 0x00;
		444	key_fid[1] = 0x12;
		445	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
		446	&sw) < 0) {
		447	error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
		448	goto done;
		449	}
		450	if (!sectok_swOK(sw))
		451	goto done;
		452	log("cyberflex_load_rsa_priv done");
		453	key_fid[0] = 0x73;
		454	key_fid[1] = 0x68;
		455	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
		456	&sw) < 0) {
		457	error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
		458	goto done;
		459	}
		460	if (!sectok_swOK(sw))
		461	goto done;
		462	log("cyberflex_load_rsa_pub done");
		463	status = 0;
		464
		465	done:
		466	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
		467	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
		468	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
		469	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
		470	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
		471	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
		472
		473	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		474	if (elements[i])
		475	xfree(elements[i]);
		476	if (fd != -1)
		477	sectok_close(fd);
		478	return (status);
		479	}
366	#endif /* SMARTCARD */	480	#endif /* SMARTCARD */


diff --git a/scard.h b/scard.h index 6ca99169b..c46eae1be 100644 --- a/scard.h +++ b/scard.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: scard.h,v 1.7 2002/03/04 17:27:39 stevesk Exp $ */	1	/* $OpenBSD: scard.h,v 1.8 2002/03/21 16:54:53 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -29,6 +29,8 @@
29	#ifndef SCARD_H	29	#ifndef SCARD_H
30	#define SCARD_H	30	#define SCARD_H
31		31
		32	#include "key.h"
		33
32	#define SCARD_ERROR_FAIL -1	34	#define SCARD_ERROR_FAIL -1
33	#define SCARD_ERROR_NOCARD -2	35	#define SCARD_ERROR_NOCARD -2
34	#define SCARD_ERROR_APPLET -3	36	#define SCARD_ERROR_APPLET -3
@@ -36,5 +38,6 @@
36	Key sc_get_key(const char);	38	Key sc_get_key(const char);
37	ENGINE *sc_get_engine(void);	39	ENGINE *sc_get_engine(void);
38	void sc_close(void);	40	void sc_close(void);
		41	int sc_put_key(Key , const char);
39		42
40	#endif	43	#endif


diff --git a/ssh-keygen.c b/ssh-keygen.c index 2de87167e..d14c99004 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.94 2002/02/25 16:33:27 markus Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.95 2002/03/21 16:54:53 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -29,8 +29,6 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.94 2002/02/25 16:33:27 markus Exp $");
29	#include "readpass.h"	29	#include "readpass.h"
30		30
31	#ifdef SMARTCARD	31	#ifdef SMARTCARD
32	#include <sectok.h>
33	#include <openssl/engine.h>
34	#include "scard.h"	32	#include "scard.h"
35	#endif	33	#endif
36		34
@@ -389,132 +387,30 @@ do_print_public(struct passwd *pw)
389	}	387	}
390		388
391	#ifdef SMARTCARD	389	#ifdef SMARTCARD
392	#define NUM_RSA_KEY_ELEMENTS 5+1
393	#define COPY_RSA_KEY(x, i) \
394	do { \
395	len = BN_num_bytes(prv->rsa->x); \
396	elements[i] = xmalloc(len); \
397	debug("#bytes %d", len); \
398	if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
399	goto done; \
400	} while (0)
401
402	static int
403	get_AUT0(char *aut0)
404	{
405	EVP_MD *evp_md = EVP_sha1();
406	EVP_MD_CTX md;
407	char *pass;
408
409	pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
410	if (pass == NULL)
411	return -1;
412	EVP_DigestInit(&md, evp_md);
413	EVP_DigestUpdate(&md, pass, strlen(pass));
414	EVP_DigestFinal(&md, aut0, NULL);
415	memset(pass, 0, strlen(pass));
416	xfree(pass);
417	return 0;
418	}
419
420	static void	390	static void
421	do_upload(struct passwd pw, const char sc_reader_id)	391	do_upload(struct passwd pw, const char sc_reader_id)
422	{	392	{
423	Key *prv = NULL;	393	Key *prv = NULL;
424	struct stat st;	394	struct stat st;
425	u_char *elements[NUM_RSA_KEY_ELEMENTS];	395	int ret;
426	u_char key_fid[2];	396
427	u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
428	u_char AUT0[EVP_MAX_MD_SIZE];
429	int len, status = 1, i, fd = -1, ret;
430	int sw = 0, cla = 0x00;
431
432	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
433	elements[i] = NULL;
434	if (!have_identity)	397	if (!have_identity)
435	ask_filename(pw, "Enter file in which the key is");	398	ask_filename(pw, "Enter file in which the key is");
436	if (stat(identity_file, &st) < 0) {	399	if (stat(identity_file, &st) < 0) {
437	perror(identity_file);	400	perror(identity_file);
438	goto done;	401	exit(1);
439	}	402	}
440	prv = load_identity(identity_file);	403	prv = load_identity(identity_file);
441	if (prv == NULL) {	404	if (prv == NULL) {
442	error("load failed");	405	error("load failed");
443	goto done;	406	exit(1);
444	}
445	COPY_RSA_KEY(q, 0);
446	COPY_RSA_KEY(p, 1);
447	COPY_RSA_KEY(iqmp, 2);
448	COPY_RSA_KEY(dmq1, 3);
449	COPY_RSA_KEY(dmp1, 4);
450	COPY_RSA_KEY(n, 5);
451	len = BN_num_bytes(prv->rsa->n);
452	fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
453	if (fd < 0) {
454	error("sectok_open failed: %s", sectok_get_sw(sw));
455	goto done;
456	}
457	if (! sectok_cardpresent(fd)) {
458	error("smartcard in reader %s not present",
459	sc_reader_id);
460	goto done;
461	}
462	ret = sectok_reset(fd, 0, NULL, &sw);
463	if (ret <= 0) {
464	error("sectok_reset failed: %s", sectok_get_sw(sw));
465	goto done;
466	}
467	if ((cla = cyberflex_inq_class(fd)) < 0) {
468	error("cyberflex_inq_class failed");
469	goto done;
470	}
471	memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
472	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
473	if (get_AUT0(AUT0) < 0 \|\|
474	cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
475	error("cyberflex_verify_AUT0 failed");
476	goto done;
477	}
478	}
479	key_fid[0] = 0x00;
480	key_fid[1] = 0x12;
481	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
482	&sw) < 0) {
483	error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
484	goto done;
485	}
486	if (!sectok_swOK(sw))
487	goto done;
488	log("cyberflex_load_rsa_priv done");
489	key_fid[0] = 0x73;
490	key_fid[1] = 0x68;
491	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
492	&sw) < 0) {
493	error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
494	goto done;
495	}	407	}
496	if (!sectok_swOK(sw))	408	ret = sc_put_key(prv, sc_reader_id);
497	goto done;	409	key_free(prv);
498	log("cyberflex_load_rsa_pub done");	410	if (ret < 0)
499	status = 0;	411	exit(1);
500	log("loading key done");	412	log("loading key done");
501	done:	413	exit(0);
502
503	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
504	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
505	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
506	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
507	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
508	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
509
510	if (prv)
511	key_free(prv);
512	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
513	if (elements[i])
514	xfree(elements[i]);
515	if (fd != -1)
516	sectok_close(fd);
517	exit(status);
518	}	414	}
519		415
520	static void	416	static void