diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | ssh-keygen.c | 55 |
2 files changed, 47 insertions, 15 deletions
| @@ -102,6 +102,11 @@ | |||
| 102 | [scard.c ssh.c] | 102 | [scard.c ssh.c] |
| 103 | support finish rsa keys. | 103 | support finish rsa keys. |
| 104 | free public keys after login -> call finish -> close smartcard. | 104 | free public keys after login -> call finish -> close smartcard. |
| 105 | - markus@cvs.openbsd.org 2001/08/02 00:10:17 | ||
| 106 | [ssh-keygen.c] | ||
| 107 | add -D readerid option (download, i.e. print public RSA key to stdout). | ||
| 108 | check for card present when uploading keys. | ||
| 109 | use strings instead of ints for smartcard reader ids, too. | ||
| 105 | 110 | ||
| 106 | 20010803 | 111 | 20010803 |
| 107 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 112 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
| @@ -6212,4 +6217,4 @@ | |||
| 6212 | - Wrote replacements for strlcpy and mkdtemp | 6217 | - Wrote replacements for strlcpy and mkdtemp |
| 6213 | - Released 1.0pre1 | 6218 | - Released 1.0pre1 |
| 6214 | 6219 | ||
| 6215 | $Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $ | 6220 | $Id: ChangeLog,v 1.1453 2001/08/06 21:44:05 mouring Exp $ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 5fadad7cc..096908f3b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,15 +12,11 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.75 2001/08/02 00:10:17 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| 19 | 19 | ||
| 20 | #ifdef SMARTCARD | ||
| 21 | #include <sectok.h> | ||
| 22 | #endif | ||
| 23 | |||
| 24 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
| 25 | #include "key.h" | 21 | #include "key.h" |
| 26 | #include "rsa.h" | 22 | #include "rsa.h" |
| @@ -32,6 +28,11 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); | |||
| 32 | #include "log.h" | 28 | #include "log.h" |
| 33 | #include "readpass.h" | 29 | #include "readpass.h" |
| 34 | 30 | ||
| 31 | #ifdef SMARTCARD | ||
| 32 | #include <sectok.h> | ||
| 33 | #include <openssl/engine.h> | ||
| 34 | #include "scard.h" | ||
| 35 | #endif | ||
| 35 | 36 | ||
| 36 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 37 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
| 37 | int bits = 1024; | 38 | int bits = 1024; |
| @@ -410,7 +411,7 @@ get_AUT0(char *aut0) | |||
| 410 | } | 411 | } |
| 411 | 412 | ||
| 412 | static void | 413 | static void |
| 413 | do_upload(struct passwd *pw, int reader) | 414 | do_upload(struct passwd *pw, const char *sc_reader_id) |
| 414 | { | 415 | { |
| 415 | Key *prv = NULL; | 416 | Key *prv = NULL; |
| 416 | struct stat st; | 417 | struct stat st; |
| @@ -441,14 +442,19 @@ do_upload(struct passwd *pw, int reader) | |||
| 441 | COPY_RSA_KEY(dmp1, 4); | 442 | COPY_RSA_KEY(dmp1, 4); |
| 442 | COPY_RSA_KEY(n, 5); | 443 | COPY_RSA_KEY(n, 5); |
| 443 | len = BN_num_bytes(prv->rsa->n); | 444 | len = BN_num_bytes(prv->rsa->n); |
| 444 | fd = sectok_open(reader, STONOWAIT, &sw); | 445 | fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw); |
| 445 | if (fd < 0) { | 446 | if (fd < 0) { |
| 446 | error("sectok_open failed: %s", sectok_get_sw(sw)); | 447 | error("sectok_open failed: %s", sectok_get_sw(sw)); |
| 448 | goto done; | ||
| 449 | } | ||
| 450 | if (! sectok_cardpresent(fd)) { | ||
| 451 | error("smartcard in reader %s not present", | ||
| 452 | sc_reader_id); | ||
| 447 | goto done; | 453 | goto done; |
| 448 | } | 454 | } |
| 449 | ret = sectok_reset(fd, 0, NULL, &sw); | 455 | ret = sectok_reset(fd, 0, NULL, &sw); |
| 450 | if (ret <= 0) { | 456 | if (ret <= 0) { |
| 451 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | 457 | error("sectok_reset failed: %s", sectok_get_sw(sw)); |
| 452 | goto done; | 458 | goto done; |
| 453 | } | 459 | } |
| 454 | if ((cla = cyberflex_inq_class(fd)) < 0) { | 460 | if ((cla = cyberflex_inq_class(fd)) < 0) { |
| @@ -495,6 +501,20 @@ done: | |||
| 495 | sectok_close(fd); | 501 | sectok_close(fd); |
| 496 | exit(status); | 502 | exit(status); |
| 497 | } | 503 | } |
| 504 | |||
| 505 | static void | ||
| 506 | do_download(struct passwd *pw, const char *sc_reader_id) | ||
| 507 | { | ||
| 508 | Key *pub = NULL; | ||
| 509 | |||
| 510 | pub = sc_get_key(sc_reader_id); | ||
| 511 | if (pub == NULL) | ||
| 512 | fatal("cannot read public key from smartcard"); | ||
| 513 | key_write(pub, stdout); | ||
| 514 | key_free(pub); | ||
| 515 | fprintf(stdout, "\n"); | ||
| 516 | exit(0); | ||
| 517 | } | ||
| 498 | #endif | 518 | #endif |
| 499 | 519 | ||
| 500 | static void | 520 | static void |
| @@ -784,10 +804,11 @@ int | |||
| 784 | main(int ac, char **av) | 804 | main(int ac, char **av) |
| 785 | { | 805 | { |
| 786 | char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; | 806 | char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; |
| 807 | char *reader_id = NULL; | ||
| 787 | Key *private, *public; | 808 | Key *private, *public; |
| 788 | struct passwd *pw; | 809 | struct passwd *pw; |
| 789 | int opt, type, fd, reader = -1; | ||
| 790 | struct stat st; | 810 | struct stat st; |
| 811 | int opt, type, fd, download = 0; | ||
| 791 | FILE *f; | 812 | FILE *f; |
| 792 | 813 | ||
| 793 | extern int optind; | 814 | extern int optind; |
| @@ -810,7 +831,7 @@ main(int ac, char **av) | |||
| 810 | exit(1); | 831 | exit(1); |
| 811 | } | 832 | } |
| 812 | 833 | ||
| 813 | while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) { | 834 | while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:D:P:N:C:")) != -1) { |
| 814 | switch (opt) { | 835 | switch (opt) { |
| 815 | case 'b': | 836 | case 'b': |
| 816 | bits = atoi(optarg); | 837 | bits = atoi(optarg); |
| @@ -870,8 +891,10 @@ main(int ac, char **av) | |||
| 870 | case 't': | 891 | case 't': |
| 871 | key_type_name = optarg; | 892 | key_type_name = optarg; |
| 872 | break; | 893 | break; |
| 894 | case 'D': | ||
| 895 | download = 1; | ||
| 873 | case 'u': | 896 | case 'u': |
| 874 | reader = atoi(optarg); /*XXX*/ | 897 | reader_id = optarg; |
| 875 | break; | 898 | break; |
| 876 | case '?': | 899 | case '?': |
| 877 | default: | 900 | default: |
| @@ -898,12 +921,16 @@ main(int ac, char **av) | |||
| 898 | do_convert_from_ssh2(pw); | 921 | do_convert_from_ssh2(pw); |
| 899 | if (print_public) | 922 | if (print_public) |
| 900 | do_print_public(pw); | 923 | do_print_public(pw); |
| 901 | if (reader != -1) | 924 | if (reader_id != NULL) { |
| 902 | #ifdef SMARTCARD | 925 | #ifdef SMARTCARD |
| 903 | do_upload(pw, reader); | 926 | if (download) |
| 927 | do_download(pw, reader_id); | ||
| 928 | else | ||
| 929 | do_upload(pw, reader_id); | ||
| 904 | #else | 930 | #else |
| 905 | fatal("no support for smartcards."); | 931 | fatal("no support for smartcards."); |
| 906 | #endif | 932 | #endif |
| 933 | } | ||
| 907 | 934 | ||
| 908 | arc4random_stir(); | 935 | arc4random_stir(); |
| 909 | 936 | ||