diff --git a/ChangeLog b/ChangeLog index 1f018a92c..054dfe4d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -102,6 +102,11 @@ [scard.c ssh.c] support finish rsa keys. free public keys after login -> call finish -> close smartcard. + - markus@cvs.openbsd.org 2001/08/02 00:10:17 + [ssh-keygen.c] + add -D readerid option (download, i.e. print public RSA key to stdout). + check for card present when uploading keys. + use strings instead of ints for smartcard reader ids, too. 20010803 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on @@ -6212,4 +6217,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $ +$Id: ChangeLog,v 1.1453 2001/08/06 21:44:05 mouring Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 5fadad7cc..096908f3b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,15 +12,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.75 2001/08/02 00:10:17 markus Exp $"); #include #include -#ifdef SMARTCARD -#include -#endif - #include "xmalloc.h" #include "key.h" #include "rsa.h" @@ -32,6 +28,11 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); #include "log.h" #include "readpass.h" +#ifdef SMARTCARD +#include +#include +#include "scard.h" +#endif /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -410,7 +411,7 @@ get_AUT0(char *aut0) } static void -do_upload(struct passwd *pw, int reader) +do_upload(struct passwd *pw, const char *sc_reader_id) { Key *prv = NULL; struct stat st; @@ -441,14 +442,19 @@ do_upload(struct passwd *pw, int reader) COPY_RSA_KEY(dmp1, 4); COPY_RSA_KEY(n, 5); len = BN_num_bytes(prv->rsa->n); - fd = sectok_open(reader, STONOWAIT, &sw); + fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw); if (fd < 0) { - error("sectok_open failed: %s", sectok_get_sw(sw)); + error("sectok_open failed: %s", sectok_get_sw(sw)); + goto done; + } + if (! sectok_cardpresent(fd)) { + error("smartcard in reader %s not present", + sc_reader_id); goto done; } ret = sectok_reset(fd, 0, NULL, &sw); if (ret <= 0) { - error("sectok_reset failed: %s", sectok_get_sw(sw)); + error("sectok_reset failed: %s", sectok_get_sw(sw)); goto done; } if ((cla = cyberflex_inq_class(fd)) < 0) { @@ -495,6 +501,20 @@ done: sectok_close(fd); exit(status); } + +static void +do_download(struct passwd *pw, const char *sc_reader_id) +{ + Key *pub = NULL; + + pub = sc_get_key(sc_reader_id); + if (pub == NULL) + fatal("cannot read public key from smartcard"); + key_write(pub, stdout); + key_free(pub); + fprintf(stdout, "\n"); + exit(0); +} #endif static void @@ -784,10 +804,11 @@ int main(int ac, char **av) { char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; + char *reader_id = NULL; Key *private, *public; struct passwd *pw; - int opt, type, fd, reader = -1; struct stat st; + int opt, type, fd, download = 0; FILE *f; extern int optind; @@ -810,7 +831,7 @@ main(int ac, char **av) exit(1); } - while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) { + while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:D:P:N:C:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -870,8 +891,10 @@ main(int ac, char **av) case 't': key_type_name = optarg; break; + case 'D': + download = 1; case 'u': - reader = atoi(optarg); /*XXX*/ + reader_id = optarg; break; case '?': default: @@ -898,12 +921,16 @@ main(int ac, char **av) do_convert_from_ssh2(pw); if (print_public) do_print_public(pw); - if (reader != -1) + if (reader_id != NULL) { #ifdef SMARTCARD - do_upload(pw, reader); + if (download) + do_download(pw, reader_id); + else + do_upload(pw, reader_id); #else fatal("no support for smartcards."); #endif + } arc4random_stir();