summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c55
1 files changed, 41 insertions, 14 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5fadad7cc..096908f3b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,15 +12,11 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.75 2001/08/02 00:10:17 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
19 19
20#ifdef SMARTCARD
21#include <sectok.h>
22#endif
23
24#include "xmalloc.h" 20#include "xmalloc.h"
25#include "key.h" 21#include "key.h"
26#include "rsa.h" 22#include "rsa.h"
@@ -32,6 +28,11 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $");
32#include "log.h" 28#include "log.h"
33#include "readpass.h" 29#include "readpass.h"
34 30
31#ifdef SMARTCARD
32#include <sectok.h>
33#include <openssl/engine.h>
34#include "scard.h"
35#endif
35 36
36/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 37/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
37int bits = 1024; 38int bits = 1024;
@@ -410,7 +411,7 @@ get_AUT0(char *aut0)
410} 411}
411 412
412static void 413static void
413do_upload(struct passwd *pw, int reader) 414do_upload(struct passwd *pw, const char *sc_reader_id)
414{ 415{
415 Key *prv = NULL; 416 Key *prv = NULL;
416 struct stat st; 417 struct stat st;
@@ -441,14 +442,19 @@ do_upload(struct passwd *pw, int reader)
441 COPY_RSA_KEY(dmp1, 4); 442 COPY_RSA_KEY(dmp1, 4);
442 COPY_RSA_KEY(n, 5); 443 COPY_RSA_KEY(n, 5);
443 len = BN_num_bytes(prv->rsa->n); 444 len = BN_num_bytes(prv->rsa->n);
444 fd = sectok_open(reader, STONOWAIT, &sw); 445 fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
445 if (fd < 0) { 446 if (fd < 0) {
446 error("sectok_open failed: %s", sectok_get_sw(sw)); 447 error("sectok_open failed: %s", sectok_get_sw(sw));
448 goto done;
449 }
450 if (! sectok_cardpresent(fd)) {
451 error("smartcard in reader %s not present",
452 sc_reader_id);
447 goto done; 453 goto done;
448 } 454 }
449 ret = sectok_reset(fd, 0, NULL, &sw); 455 ret = sectok_reset(fd, 0, NULL, &sw);
450 if (ret <= 0) { 456 if (ret <= 0) {
451 error("sectok_reset failed: %s", sectok_get_sw(sw)); 457 error("sectok_reset failed: %s", sectok_get_sw(sw));
452 goto done; 458 goto done;
453 } 459 }
454 if ((cla = cyberflex_inq_class(fd)) < 0) { 460 if ((cla = cyberflex_inq_class(fd)) < 0) {
@@ -495,6 +501,20 @@ done:
495 sectok_close(fd); 501 sectok_close(fd);
496 exit(status); 502 exit(status);
497} 503}
504
505static void
506do_download(struct passwd *pw, const char *sc_reader_id)
507{
508 Key *pub = NULL;
509
510 pub = sc_get_key(sc_reader_id);
511 if (pub == NULL)
512 fatal("cannot read public key from smartcard");
513 key_write(pub, stdout);
514 key_free(pub);
515 fprintf(stdout, "\n");
516 exit(0);
517}
498#endif 518#endif
499 519
500static void 520static void
@@ -784,10 +804,11 @@ int
784main(int ac, char **av) 804main(int ac, char **av)
785{ 805{
786 char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; 806 char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
807 char *reader_id = NULL;
787 Key *private, *public; 808 Key *private, *public;
788 struct passwd *pw; 809 struct passwd *pw;
789 int opt, type, fd, reader = -1;
790 struct stat st; 810 struct stat st;
811 int opt, type, fd, download = 0;
791 FILE *f; 812 FILE *f;
792 813
793 extern int optind; 814 extern int optind;
@@ -810,7 +831,7 @@ main(int ac, char **av)
810 exit(1); 831 exit(1);
811 } 832 }
812 833
813 while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) { 834 while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:D:P:N:C:")) != -1) {
814 switch (opt) { 835 switch (opt) {
815 case 'b': 836 case 'b':
816 bits = atoi(optarg); 837 bits = atoi(optarg);
@@ -870,8 +891,10 @@ main(int ac, char **av)
870 case 't': 891 case 't':
871 key_type_name = optarg; 892 key_type_name = optarg;
872 break; 893 break;
894 case 'D':
895 download = 1;
873 case 'u': 896 case 'u':
874 reader = atoi(optarg); /*XXX*/ 897 reader_id = optarg;
875 break; 898 break;
876 case '?': 899 case '?':
877 default: 900 default:
@@ -898,12 +921,16 @@ main(int ac, char **av)
898 do_convert_from_ssh2(pw); 921 do_convert_from_ssh2(pw);
899 if (print_public) 922 if (print_public)
900 do_print_public(pw); 923 do_print_public(pw);
901 if (reader != -1) 924 if (reader_id != NULL) {
902#ifdef SMARTCARD 925#ifdef SMARTCARD
903 do_upload(pw, reader); 926 if (download)
927 do_download(pw, reader_id);
928 else
929 do_upload(pw, reader_id);
904#else 930#else
905 fatal("no support for smartcards."); 931 fatal("no support for smartcards.");
906#endif 932#endif
933 }
907 934
908 arc4random_stir(); 935 arc4random_stir();
909 936
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 14:05:21 +0000