From 8282d6a82f12cd5a3af77599766108177d89283d Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Mon, 6 Aug 2001 21:44:05 +0000
Subject:    - markus@cvs.openbsd.org 2001/08/02 00:10:17      [ssh-keygen.c]  
    add -D readerid option (download, i.e. print public RSA key to stdout).   
   check for card present when uploading keys.      use strings instead of
 ints for smartcard reader ids, too.

---
 ChangeLog    |  7 ++++++-
 ssh-keygen.c | 55 +++++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1f018a92c..054dfe4d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -102,6 +102,11 @@
      [scard.c ssh.c]
      support finish rsa keys.
      free public keys after login -> call finish -> close smartcard.
+   - markus@cvs.openbsd.org 2001/08/02 00:10:17
+     [ssh-keygen.c]
+     add -D readerid option (download, i.e. print public RSA key to stdout).
+     check for card present when uploading keys.
+     use strings instead of ints for smartcard reader ids, too.
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6212,4 +6217,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $
+$Id: ChangeLog,v 1.1453 2001/08/06 21:44:05 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5fadad7cc..096908f3b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,15 +12,11 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.75 2001/08/02 00:10:17 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
-#ifdef SMARTCARD
-#include <sectok.h>
-#endif
-
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
@@ -32,6 +28,11 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $");
 #include "log.h"
 #include "readpass.h"
 
+#ifdef SMARTCARD
+#include <sectok.h>
+#include <openssl/engine.h>
+#include "scard.h"
+#endif
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -410,7 +411,7 @@ get_AUT0(char *aut0)
 }
 
 static void
-do_upload(struct passwd *pw, int reader)
+do_upload(struct passwd *pw, const char *sc_reader_id)
 {
 	Key *prv = NULL;
 	struct stat st;
@@ -441,14 +442,19 @@ do_upload(struct passwd *pw, int reader)
 	COPY_RSA_KEY(dmp1, 4);
 	COPY_RSA_KEY(n, 5);
 	len = BN_num_bytes(prv->rsa->n);
-	fd = sectok_open(reader, STONOWAIT, &sw);
+	fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
 	if (fd < 0) {
-                error("sectok_open failed: %s", sectok_get_sw(sw));
+		error("sectok_open failed: %s", sectok_get_sw(sw));
+		goto done;
+	}
+	if (! sectok_cardpresent(fd)) {
+		error("smartcard in reader %s not present",
+		    sc_reader_id);
 		goto done;
 	}
 	ret = sectok_reset(fd, 0, NULL, &sw);
 	if (ret <= 0) {
-                error("sectok_reset failed: %s", sectok_get_sw(sw));
+		error("sectok_reset failed: %s", sectok_get_sw(sw));
 		goto done;
 	}
 	if ((cla = cyberflex_inq_class(fd)) < 0) {
@@ -495,6 +501,20 @@ done:
 		sectok_close(fd);
 	exit(status);
 }
+
+static void
+do_download(struct passwd *pw, const char *sc_reader_id)
+{
+	Key *pub = NULL;
+
+	pub = sc_get_key(sc_reader_id);
+	if (pub == NULL)
+		fatal("cannot read public key from smartcard");
+	key_write(pub, stdout);
+	key_free(pub);
+	fprintf(stdout, "\n");
+	exit(0);
+}
 #endif
 
 static void
@@ -784,10 +804,11 @@ int
 main(int ac, char **av)
 {
 	char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
+	char *reader_id = NULL;
 	Key *private, *public;
 	struct passwd *pw;
-	int opt, type, fd, reader = -1;
 	struct stat st;
+	int opt, type, fd, download = 0;
 	FILE *f;
 
 	extern int optind;
@@ -810,7 +831,7 @@ main(int ac, char **av)
 		exit(1);
 	}
 
-	while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) {
+	while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:D:P:N:C:")) != -1) {
 		switch (opt) {
 		case 'b':
 			bits = atoi(optarg);
@@ -870,8 +891,10 @@ main(int ac, char **av)
 		case 't':
 			key_type_name = optarg;
 			break;
+		case 'D':
+			download = 1;
 		case 'u':
-			reader = atoi(optarg); /*XXX*/
+			reader_id = optarg;
 			break;
 		case '?':
 		default:
@@ -898,12 +921,16 @@ main(int ac, char **av)
 		do_convert_from_ssh2(pw);
 	if (print_public)
 		do_print_public(pw);
-	if (reader != -1)
+	if (reader_id != NULL) {
 #ifdef SMARTCARD
-		do_upload(pw, reader);
+		if (download)
+			do_download(pw, reader_id);
+		else
+			do_upload(pw, reader_id);
 #else
 		fatal("no support for smartcards.");
 #endif
+	}
 
 	arc4random_stir();
 
-- 
cgit v1.2.3