tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/08/02 00:10:17 

[ssh-keygen.c]
     add -D readerid option (download, i.e. print public RSA key to stdout).
     check for card present when uploading keys.
     use strings instead of ints for smartcard reader ids, too.
This commit is contained in:
Ben Lindstrom 2001-08-06 21:44:05 +00:00
parent a6c8a8d4d5
commit 8282d6a82f
2 changed files with 47 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -102,6 +102,11 @@
[scard.c ssh.c] [scard.c ssh.c]
support finish rsa keys. support finish rsa keys.
free public keys after login -> call finish -> close smartcard. free public keys after login -> call finish -> close smartcard.
- markus@cvs.openbsd.org 2001/08/02 00:10:17
[ssh-keygen.c]
add -D readerid option (download, i.e. print public RSA key to stdout).
check for card present when uploading keys.
use strings instead of ints for smartcard reader ids, too.
20010803 20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@ -6212,4 +6217,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $ $Id: ChangeLog,v 1.1453 2001/08/06 21:44:05 mouring Exp $

55
ssh-keygen.c
View File

@ -12,15 +12,11 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $"); RCSID("$OpenBSD: ssh-keygen.c,v 1.75 2001/08/02 00:10:17 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#ifdef SMARTCARD
#include <sectok.h>
#endif
#include "xmalloc.h" #include "xmalloc.h"
#include "key.h" #include "key.h"
#include "rsa.h" #include "rsa.h"
@ -32,6 +28,11 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.74 2001/08/01 23:33:09 markus Exp $");
#include "log.h" #include "log.h"
#include "readpass.h" #include "readpass.h"
#ifdef SMARTCARD
#include <sectok.h>
#include <openssl/engine.h>
#include "scard.h"
#endif
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024; int bits = 1024;
@ -410,7 +411,7 @@ get_AUT0(char *aut0)
} }
static void static void
do_upload(struct passwd *pw, int reader) do_upload(struct passwd *pw, const char *sc_reader_id)
{ {
Key *prv = NULL; Key *prv = NULL;
struct stat st; struct stat st;
@ -441,14 +442,19 @@ do_upload(struct passwd *pw, int reader)
COPY_RSA_KEY(dmp1, 4); COPY_RSA_KEY(dmp1, 4);
COPY_RSA_KEY(n, 5); COPY_RSA_KEY(n, 5);
len = BN_num_bytes(prv->rsa->n); len = BN_num_bytes(prv->rsa->n);
fd = sectok_open(reader, STONOWAIT, &sw); fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
if (fd < 0) { if (fd < 0) {
error("sectok_open failed: %s", sectok_get_sw(sw)); error("sectok_open failed: %s", sectok_get_sw(sw));
goto done;
}
if (! sectok_cardpresent(fd)) {
error("smartcard in reader %s not present",
sc_reader_id);
goto done; goto done;
} }
ret = sectok_reset(fd, 0, NULL, &sw); ret = sectok_reset(fd, 0, NULL, &sw);
if (ret <= 0) { if (ret <= 0) {
error("sectok_reset failed: %s", sectok_get_sw(sw)); error("sectok_reset failed: %s", sectok_get_sw(sw));
goto done; goto done;
} }
if ((cla = cyberflex_inq_class(fd)) < 0) { if ((cla = cyberflex_inq_class(fd)) < 0) {
@ -495,6 +501,20 @@ done:
sectok_close(fd); sectok_close(fd);
exit(status); exit(status);
} }
static void
do_download(struct passwd *pw, const char *sc_reader_id)
{
Key *pub = NULL;
pub = sc_get_key(sc_reader_id);
if (pub == NULL)
fatal("cannot read public key from smartcard");
key_write(pub, stdout);
key_free(pub);
fprintf(stdout, "\n");
exit(0);
}
#endif #endif
static void static void
@ -784,10 +804,11 @@ int
main(int ac, char **av) main(int ac, char **av)
{ {
char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2; char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
char *reader_id = NULL;
Key *private, *public; Key *private, *public;
struct passwd *pw; struct passwd *pw;
int opt, type, fd, reader = -1;
struct stat st; struct stat st;
int opt, type, fd, download = 0;
FILE *f; FILE *f;
extern int optind; extern int optind;
@ -810,7 +831,7 @@ main(int ac, char **av)
exit(1); exit(1);
} }
while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:P:N:C:")) != -1) { while ((opt = getopt(ac, av, "deiqpclBRxXyb:f:t:u:D:P:N:C:")) != -1) {
switch (opt) { switch (opt) {
case 'b': case 'b':
bits = atoi(optarg); bits = atoi(optarg);
@ -870,8 +891,10 @@ main(int ac, char **av)
case 't': case 't':
key_type_name = optarg; key_type_name = optarg;
break; break;
case 'D':
download = 1;
case 'u': case 'u':
reader = atoi(optarg); /*XXX*/ reader_id = optarg;
break; break;
case '?': case '?':
default: default:
@ -898,12 +921,16 @@ main(int ac, char **av)
do_convert_from_ssh2(pw); do_convert_from_ssh2(pw);
if (print_public) if (print_public)
do_print_public(pw); do_print_public(pw);
if (reader != -1) if (reader_id != NULL) {
#ifdef SMARTCARD #ifdef SMARTCARD
do_upload(pw, reader); if (download)
do_download(pw, reader_id);
else
do_upload(pw, reader_id);
#else #else
fatal("no support for smartcards."); fatal("no support for smartcards.");
#endif #endif
}
arc4random_stir(); arc4random_stir();