diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 64cee4de0..a12b79a56 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.419 2020/08/27 09:46:04 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.420 2020/09/09 03:08:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -3072,6 +3072,27 @@ do_download_sk(const char *skprovider, const char *device) | |||
3072 | } | 3072 | } |
3073 | 3073 | ||
3074 | static void | 3074 | static void |
3075 | save_attestation(struct sshbuf *attest, const char *path) | ||
3076 | { | ||
3077 | mode_t omask; | ||
3078 | int r; | ||
3079 | |||
3080 | if (path == NULL) | ||
3081 | return; /* nothing to do */ | ||
3082 | if (attest == NULL || sshbuf_len(attest) == 0) | ||
3083 | fatal("Enrollment did not return attestation data"); | ||
3084 | omask = umask(077); | ||
3085 | r = sshbuf_write_file(path, attest); | ||
3086 | umask(omask); | ||
3087 | if (r != 0) | ||
3088 | fatal("Unable to write attestation data \"%s\": %s", path, | ||
3089 | ssh_err(r)); | ||
3090 | if (!quiet) | ||
3091 | printf("Your FIDO attestation certificate has been saved in " | ||
3092 | "%s\n", path); | ||
3093 | } | ||
3094 | |||
3095 | static void | ||
3075 | usage(void) | 3096 | usage(void) |
3076 | { | 3097 | { |
3077 | fprintf(stderr, | 3098 | fprintf(stderr, |
@@ -3137,7 +3158,7 @@ main(int argc, char **argv) | |||
3137 | unsigned long long cert_serial = 0; | 3158 | unsigned long long cert_serial = 0; |
3138 | char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL; | 3159 | char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL; |
3139 | char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL; | 3160 | char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL; |
3140 | char *sk_attestaion_path = NULL; | 3161 | char *sk_attestation_path = NULL; |
3141 | struct sshbuf *challenge = NULL, *attest = NULL; | 3162 | struct sshbuf *challenge = NULL, *attest = NULL; |
3142 | size_t i, nopts = 0; | 3163 | size_t i, nopts = 0; |
3143 | u_int32_t bits = 0; | 3164 | u_int32_t bits = 0; |
@@ -3593,7 +3614,7 @@ main(int argc, char **argv) | |||
3593 | } | 3614 | } |
3594 | } else if (strncasecmp(opts[i], | 3615 | } else if (strncasecmp(opts[i], |
3595 | "write-attestation=", 18) == 0) { | 3616 | "write-attestation=", 18) == 0) { |
3596 | sk_attestaion_path = opts[i] + 18; | 3617 | sk_attestation_path = opts[i] + 18; |
3597 | } else if (strncasecmp(opts[i], | 3618 | } else if (strncasecmp(opts[i], |
3598 | "application=", 12) == 0) { | 3619 | "application=", 12) == 0) { |
3599 | sk_application = xstrdup(opts[i] + 12); | 3620 | sk_application = xstrdup(opts[i] + 12); |
@@ -3715,20 +3736,9 @@ main(int argc, char **argv) | |||
3715 | free(fp); | 3736 | free(fp); |
3716 | } | 3737 | } |
3717 | 3738 | ||
3718 | if (sk_attestaion_path != NULL) { | 3739 | if (sk_attestation_path != NULL) |
3719 | if (attest == NULL || sshbuf_len(attest) == 0) { | 3740 | save_attestation(attest, sk_attestation_path); |
3720 | fatal("Enrollment did not return attestation " | 3741 | |
3721 | "certificate"); | ||
3722 | } | ||
3723 | if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) { | ||
3724 | fatal("Unable to write attestation certificate " | ||
3725 | "\"%s\": %s", sk_attestaion_path, ssh_err(r)); | ||
3726 | } | ||
3727 | if (!quiet) { | ||
3728 | printf("Your FIDO attestation certificate has been " | ||
3729 | "saved in %s\n", sk_attestaion_path); | ||
3730 | } | ||
3731 | } | ||
3732 | sshbuf_free(attest); | 3742 | sshbuf_free(attest); |
3733 | sshkey_free(public); | 3743 | sshkey_free(public); |
3734 | 3744 | ||