diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 84 |
1 files changed, 24 insertions, 60 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7f5185f8e..005f9c7ab 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.176 2010/01/11 10:51:07 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.177 2010/02/08 10:50:20 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -49,8 +49,8 @@ | |||
49 | #include "hostfile.h" | 49 | #include "hostfile.h" |
50 | #include "dns.h" | 50 | #include "dns.h" |
51 | 51 | ||
52 | #ifdef SMARTCARD | 52 | #ifdef ENABLE_PKCS11 |
53 | #include "scard.h" | 53 | #include "ssh-pkcs11.h" |
54 | #endif | 54 | #endif |
55 | 55 | ||
56 | /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ | 56 | /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
@@ -459,51 +459,29 @@ do_print_public(struct passwd *pw) | |||
459 | exit(0); | 459 | exit(0); |
460 | } | 460 | } |
461 | 461 | ||
462 | #ifdef SMARTCARD | ||
463 | static void | 462 | static void |
464 | do_upload(struct passwd *pw, const char *sc_reader_id) | 463 | do_download(struct passwd *pw, const char *pkcs11provider) |
465 | { | ||
466 | Key *prv = NULL; | ||
467 | struct stat st; | ||
468 | int ret; | ||
469 | |||
470 | if (!have_identity) | ||
471 | ask_filename(pw, "Enter file in which the key is"); | ||
472 | if (stat(identity_file, &st) < 0) { | ||
473 | perror(identity_file); | ||
474 | exit(1); | ||
475 | } | ||
476 | prv = load_identity(identity_file); | ||
477 | if (prv == NULL) { | ||
478 | error("load failed"); | ||
479 | exit(1); | ||
480 | } | ||
481 | ret = sc_put_key(prv, sc_reader_id); | ||
482 | key_free(prv); | ||
483 | if (ret < 0) | ||
484 | exit(1); | ||
485 | logit("loading key done"); | ||
486 | exit(0); | ||
487 | } | ||
488 | |||
489 | static void | ||
490 | do_download(struct passwd *pw, const char *sc_reader_id) | ||
491 | { | 464 | { |
465 | #ifdef ENABLE_PKCS11 | ||
492 | Key **keys = NULL; | 466 | Key **keys = NULL; |
493 | int i; | 467 | int i, nkeys; |
494 | 468 | ||
495 | keys = sc_get_keys(sc_reader_id, NULL); | 469 | pkcs11_init(0); |
496 | if (keys == NULL) | 470 | nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
497 | fatal("cannot read public key from smartcard"); | 471 | if (nkeys <= 0) |
498 | for (i = 0; keys[i]; i++) { | 472 | fatal("cannot read public key from pkcs11"); |
473 | for (i = 0; i < nkeys; i++) { | ||
499 | key_write(keys[i], stdout); | 474 | key_write(keys[i], stdout); |
500 | key_free(keys[i]); | 475 | key_free(keys[i]); |
501 | fprintf(stdout, "\n"); | 476 | fprintf(stdout, "\n"); |
502 | } | 477 | } |
503 | xfree(keys); | 478 | xfree(keys); |
479 | pkcs11_terminate(); | ||
504 | exit(0); | 480 | exit(0); |
481 | #else | ||
482 | fatal("no pkcs11 support"); | ||
483 | #endif /* ENABLE_PKCS11 */ | ||
505 | } | 484 | } |
506 | #endif /* SMARTCARD */ | ||
507 | 485 | ||
508 | static void | 486 | static void |
509 | do_fingerprint(struct passwd *pw) | 487 | do_fingerprint(struct passwd *pw) |
@@ -1044,9 +1022,9 @@ usage(void) | |||
1044 | fprintf(stderr, " -b bits Number of bits in the key to create.\n"); | 1022 | fprintf(stderr, " -b bits Number of bits in the key to create.\n"); |
1045 | fprintf(stderr, " -C comment Provide new comment.\n"); | 1023 | fprintf(stderr, " -C comment Provide new comment.\n"); |
1046 | fprintf(stderr, " -c Change comment in private and public key files.\n"); | 1024 | fprintf(stderr, " -c Change comment in private and public key files.\n"); |
1047 | #ifdef SMARTCARD | 1025 | #ifdef ENABLE_PKCS11 |
1048 | fprintf(stderr, " -D reader Download public key from smartcard.\n"); | 1026 | fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); |
1049 | #endif /* SMARTCARD */ | 1027 | #endif |
1050 | fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n"); | 1028 | fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n"); |
1051 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); | 1029 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); |
1052 | fprintf(stderr, " -f filename Filename of the key file.\n"); | 1030 | fprintf(stderr, " -f filename Filename of the key file.\n"); |
@@ -1065,9 +1043,6 @@ usage(void) | |||
1065 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); | 1043 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); |
1066 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); | 1044 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); |
1067 | fprintf(stderr, " -t type Specify type of key to create.\n"); | 1045 | fprintf(stderr, " -t type Specify type of key to create.\n"); |
1068 | #ifdef SMARTCARD | ||
1069 | fprintf(stderr, " -U reader Upload private key to smartcard.\n"); | ||
1070 | #endif /* SMARTCARD */ | ||
1071 | fprintf(stderr, " -v Verbose.\n"); | 1046 | fprintf(stderr, " -v Verbose.\n"); |
1072 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); | 1047 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); |
1073 | fprintf(stderr, " -y Read private key file and print public key.\n"); | 1048 | fprintf(stderr, " -y Read private key file and print public key.\n"); |
@@ -1082,12 +1057,12 @@ int | |||
1082 | main(int argc, char **argv) | 1057 | main(int argc, char **argv) |
1083 | { | 1058 | { |
1084 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; | 1059 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; |
1085 | char out_file[MAXPATHLEN], *reader_id = NULL; | 1060 | char out_file[MAXPATHLEN], *pkcs11provider = NULL; |
1086 | char *rr_hostname = NULL; | 1061 | char *rr_hostname = NULL; |
1087 | Key *private, *public; | 1062 | Key *private, *public; |
1088 | struct passwd *pw; | 1063 | struct passwd *pw; |
1089 | struct stat st; | 1064 | struct stat st; |
1090 | int opt, type, fd, download = 0; | 1065 | int opt, type, fd; |
1091 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; | 1066 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
1092 | int do_gen_candidates = 0, do_screen_candidates = 0; | 1067 | int do_gen_candidates = 0, do_screen_candidates = 0; |
1093 | BIGNUM *start = NULL; | 1068 | BIGNUM *start = NULL; |
@@ -1120,7 +1095,7 @@ main(int argc, char **argv) | |||
1120 | } | 1095 | } |
1121 | 1096 | ||
1122 | while ((opt = getopt(argc, argv, | 1097 | while ((opt = getopt(argc, argv, |
1123 | "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { | 1098 | "degiqpclBHvxXyF:b:f:t:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
1124 | switch (opt) { | 1099 | switch (opt) { |
1125 | case 'b': | 1100 | case 'b': |
1126 | bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); | 1101 | bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); |
@@ -1192,10 +1167,7 @@ main(int argc, char **argv) | |||
1192 | key_type_name = optarg; | 1167 | key_type_name = optarg; |
1193 | break; | 1168 | break; |
1194 | case 'D': | 1169 | case 'D': |
1195 | download = 1; | 1170 | pkcs11provider = optarg; |
1196 | /*FALLTHROUGH*/ | ||
1197 | case 'U': | ||
1198 | reader_id = optarg; | ||
1199 | break; | 1171 | break; |
1200 | case 'v': | 1172 | case 'v': |
1201 | if (log_level == SYSLOG_LEVEL_INFO) | 1173 | if (log_level == SYSLOG_LEVEL_INFO) |
@@ -1303,16 +1275,8 @@ main(int argc, char **argv) | |||
1303 | exit(0); | 1275 | exit(0); |
1304 | } | 1276 | } |
1305 | } | 1277 | } |
1306 | if (reader_id != NULL) { | 1278 | if (pkcs11provider != NULL) |
1307 | #ifdef SMARTCARD | 1279 | do_download(pw, pkcs11provider); |
1308 | if (download) | ||
1309 | do_download(pw, reader_id); | ||
1310 | else | ||
1311 | do_upload(pw, reader_id); | ||
1312 | #else /* SMARTCARD */ | ||
1313 | fatal("no support for smartcards."); | ||
1314 | #endif /* SMARTCARD */ | ||
1315 | } | ||
1316 | 1280 | ||
1317 | if (do_gen_candidates) { | 1281 | if (do_gen_candidates) { |
1318 | FILE *out = fopen(out_file, "w"); | 1282 | FILE *out = fopen(out_file, "w"); |