mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-27 14:44:21 +08:00
- markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c] change sc_get_key to sc_get_keys and hide smartcard details in scard.c
This commit is contained in:
parent
5facb2bbc4
commit
0936a5bb72
@ -28,6 +28,9 @@
|
||||
- markus@cvs.openbsd.org 2002/03/25 09:25:06
|
||||
[auth-rh-rsa.c]
|
||||
rm bogus comment
|
||||
- markus@cvs.openbsd.org 2002/03/25 17:34:27
|
||||
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
|
||||
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
|
||||
|
||||
20020324
|
||||
- (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
|
||||
@ -8042,4 +8045,4 @@
|
||||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1986 2002/03/26 03:08:47 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1987 2002/03/26 03:17:42 mouring Exp $
|
||||
|
76
scard.c
76
scard.c
@ -24,9 +24,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef SMARTCARD
|
||||
RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
|
||||
RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $");
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <sectok.h>
|
||||
|
||||
@ -36,13 +35,17 @@ RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
|
||||
#include "readpass.h"
|
||||
#include "scard.h"
|
||||
|
||||
#ifdef OPENSSL_VERSION_NUMBER
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#define RSA_get_default_openssl_method RSA_get_default_method
|
||||
#define DSA_get_default_openssl_method DSA_get_default_method
|
||||
#define DH_get_default_openssl_method DH_get_default_method
|
||||
#define ENGINE_set_BN_mod_exp(x,y)
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#define USE_ENGINE
|
||||
#define RSA_get_default_method RSA_get_default_openssl_method
|
||||
#else
|
||||
#endif
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#define sc_get_rsa sc_get_engine
|
||||
#else
|
||||
#define sc_get_rsa sc_get_rsa_method
|
||||
#endif
|
||||
|
||||
#define CLA_SSH 0x05
|
||||
@ -143,8 +146,7 @@ sc_read_pubkey(Key * k)
|
||||
n = NULL;
|
||||
|
||||
if (sc_fd < 0) {
|
||||
status = sc_init();
|
||||
if (status < 0 )
|
||||
if (sc_init() < 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -317,18 +319,13 @@ sc_finish(RSA *rsa)
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/* engine for overloading private key operations */
|
||||
|
||||
static ENGINE *smart_engine = NULL;
|
||||
static RSA_METHOD smart_rsa;
|
||||
|
||||
ENGINE *
|
||||
sc_get_engine(void)
|
||||
static RSA_METHOD *
|
||||
sc_get_rsa_method(void)
|
||||
{
|
||||
const RSA_METHOD *def;
|
||||
|
||||
def = RSA_get_default_openssl_method();
|
||||
static RSA_METHOD smart_rsa;
|
||||
const RSA_METHOD *def = RSA_get_default_method();
|
||||
|
||||
/* use the OpenSSL version */
|
||||
memcpy(&smart_rsa, def, sizeof(smart_rsa));
|
||||
@ -343,13 +340,22 @@ sc_get_engine(void)
|
||||
orig_finish = def->finish;
|
||||
smart_rsa.finish = sc_finish;
|
||||
|
||||
return &smart_rsa;
|
||||
}
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
static ENGINE *
|
||||
sc_get_engine(void)
|
||||
{
|
||||
static ENGINE *smart_engine = NULL;
|
||||
|
||||
if ((smart_engine = ENGINE_new()) == NULL)
|
||||
fatal("ENGINE_new failed");
|
||||
|
||||
ENGINE_set_id(smart_engine, "sectok");
|
||||
ENGINE_set_name(smart_engine, "libsectok");
|
||||
|
||||
ENGINE_set_RSA(smart_engine, &smart_rsa);
|
||||
ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
|
||||
ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
|
||||
ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
|
||||
ENGINE_set_RAND(smart_engine, RAND_SSLeay());
|
||||
@ -357,6 +363,7 @@ sc_get_engine(void)
|
||||
|
||||
return smart_engine;
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
sc_close(void)
|
||||
@ -367,11 +374,11 @@ sc_close(void)
|
||||
}
|
||||
}
|
||||
|
||||
Key *
|
||||
sc_get_key(const char *id, const char *pin)
|
||||
Key **
|
||||
sc_get_keys(const char *id, const char *pin)
|
||||
{
|
||||
Key *k;
|
||||
int status;
|
||||
Key *k, *n, **keys;
|
||||
int status, nkeys = 2;
|
||||
|
||||
if (sc_reader_id != NULL)
|
||||
xfree(sc_reader_id);
|
||||
@ -395,7 +402,26 @@ sc_get_key(const char *id, const char *pin)
|
||||
key_free(k);
|
||||
return NULL;
|
||||
}
|
||||
return k;
|
||||
keys = xmalloc((nkeys+1) * sizeof(Key *));
|
||||
|
||||
n = key_new(KEY_RSA1);
|
||||
BN_copy(n->rsa->n, k->rsa->n);
|
||||
BN_copy(n->rsa->e, k->rsa->e);
|
||||
RSA_set_method(n->rsa, sc_get_rsa());
|
||||
n->flags |= KEY_FLAG_EXT;
|
||||
keys[0] = n;
|
||||
|
||||
n = key_new(KEY_RSA);
|
||||
BN_copy(n->rsa->n, k->rsa->n);
|
||||
BN_copy(n->rsa->e, k->rsa->e);
|
||||
RSA_set_method(n->rsa, sc_get_rsa());
|
||||
n->flags |= KEY_FLAG_EXT;
|
||||
keys[1] = n;
|
||||
|
||||
keys[2] = NULL;
|
||||
|
||||
key_free(k);
|
||||
return keys;
|
||||
}
|
||||
|
||||
#define NUM_RSA_KEY_ELEMENTS 5+1
|
||||
|
7
scard.h
7
scard.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: scard.h,v 1.9 2002/03/21 21:54:34 rees Exp $ */
|
||||
/* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -24,8 +24,6 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifndef SCARD_H
|
||||
#define SCARD_H
|
||||
|
||||
@ -35,8 +33,7 @@
|
||||
#define SCARD_ERROR_NOCARD -2
|
||||
#define SCARD_ERROR_APPLET -3
|
||||
|
||||
Key *sc_get_key(const char*, const char*);
|
||||
ENGINE *sc_get_engine(void);
|
||||
Key **sc_get_keys(const char*, const char*);
|
||||
void sc_close(void);
|
||||
int sc_put_key(Key *, const char*);
|
||||
|
||||
|
98
ssh-agent.c
98
ssh-agent.c
@ -34,7 +34,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.84 2002/03/25 17:34:27 markus Exp $");
|
||||
|
||||
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
|
||||
#include <sys/queue.h>
|
||||
@ -57,7 +57,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
|
||||
#include "log.h"
|
||||
|
||||
#ifdef SMARTCARD
|
||||
#include <openssl/engine.h>
|
||||
#include "scard.h"
|
||||
#endif
|
||||
|
||||
@ -452,50 +451,39 @@ send:
|
||||
static void
|
||||
process_add_smartcard_key (SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key *n = NULL, *k = NULL;
|
||||
Key **keys, *k;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int success = 0;
|
||||
int i, version, success = 0;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||
pin = buffer_get_string(&e->input, NULL);
|
||||
k = sc_get_key(sc_reader_id, pin);
|
||||
keys = sc_get_keys(sc_reader_id, pin);
|
||||
xfree(sc_reader_id);
|
||||
xfree(pin);
|
||||
|
||||
if (k == NULL) {
|
||||
error("sc_get_pubkey failed");
|
||||
if (keys == NULL || keys[0] == NULL) {
|
||||
error("sc_get_keys failed");
|
||||
goto send;
|
||||
}
|
||||
success = 1;
|
||||
|
||||
tab = idtab_lookup(1);
|
||||
k->type = KEY_RSA1;
|
||||
if (lookup_identity(k, 1) == NULL) {
|
||||
Identity *id = xmalloc(sizeof(Identity));
|
||||
n = key_new(KEY_RSA1);
|
||||
BN_copy(n->rsa->n, k->rsa->n);
|
||||
BN_copy(n->rsa->e, k->rsa->e);
|
||||
RSA_set_method(n->rsa, sc_get_engine());
|
||||
id->key = n;
|
||||
id->comment = xstrdup("rsa1 smartcard");
|
||||
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
|
||||
tab->nentries++;
|
||||
for (i = 0; keys[i] != NULL; i++) {
|
||||
k = keys[i];
|
||||
version = k->type == KEY_RSA1 ? 1 : 2;
|
||||
tab = idtab_lookup(version);
|
||||
if (lookup_identity(k, version) == NULL) {
|
||||
id = xmalloc(sizeof(Identity));
|
||||
id->key = k;
|
||||
id->comment = xstrdup("smartcard key");
|
||||
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
|
||||
tab->nentries++;
|
||||
success = 1;
|
||||
} else {
|
||||
key_free(k);
|
||||
}
|
||||
keys[i] = NULL;
|
||||
}
|
||||
k->type = KEY_RSA;
|
||||
tab = idtab_lookup(2);
|
||||
if (lookup_identity(k, 2) == NULL) {
|
||||
Identity *id = xmalloc(sizeof(Identity));
|
||||
n = key_new(KEY_RSA);
|
||||
BN_copy(n->rsa->n, k->rsa->n);
|
||||
BN_copy(n->rsa->e, k->rsa->e);
|
||||
RSA_set_method(n->rsa, sc_get_engine());
|
||||
id->key = n;
|
||||
id->comment = xstrdup("rsa smartcard");
|
||||
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
|
||||
tab->nentries++;
|
||||
}
|
||||
key_free(k);
|
||||
xfree(keys);
|
||||
send:
|
||||
buffer_put_int(&e->output, 1);
|
||||
buffer_put_char(&e->output,
|
||||
@ -505,41 +493,37 @@ send:
|
||||
static void
|
||||
process_remove_smartcard_key(SocketEntry *e)
|
||||
{
|
||||
Key *k = NULL;
|
||||
int success = 0;
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key **keys, *k = NULL;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||
pin = buffer_get_string(&e->input, NULL);
|
||||
k = sc_get_key(sc_reader_id, pin);
|
||||
keys = sc_get_keys(sc_reader_id, pin);
|
||||
xfree(sc_reader_id);
|
||||
xfree(pin);
|
||||
|
||||
if (k == NULL) {
|
||||
error("sc_get_pubkey failed");
|
||||
} else {
|
||||
Identity *id;
|
||||
k->type = KEY_RSA1;
|
||||
id = lookup_identity(k, 1);
|
||||
if (id != NULL) {
|
||||
Idtab *tab = idtab_lookup(1);
|
||||
TAILQ_REMOVE(&tab->idlist, id, next);
|
||||
free_identity(id);
|
||||
if (keys == NULL || keys[0] == NULL) {
|
||||
error("sc_get_keys failed");
|
||||
goto send;
|
||||
}
|
||||
for (i = 0; keys[i] != NULL; i++) {
|
||||
k = keys[i];
|
||||
version = k->type == KEY_RSA1 ? 1 : 2;
|
||||
if ((id = lookup_identity(k, version)) != NULL) {
|
||||
tab = idtab_lookup(version);
|
||||
TAILQ_REMOVE(&tab->idlist, id, next);
|
||||
tab->nentries--;
|
||||
success = 1;
|
||||
}
|
||||
k->type = KEY_RSA;
|
||||
id = lookup_identity(k, 2);
|
||||
if (id != NULL) {
|
||||
Idtab *tab = idtab_lookup(2);
|
||||
TAILQ_REMOVE(&tab->idlist, id, next);
|
||||
free_identity(id);
|
||||
tab->nentries--;
|
||||
success = 1;
|
||||
}
|
||||
key_free(k);
|
||||
keys[i] = NULL;
|
||||
}
|
||||
|
||||
xfree(keys);
|
||||
send:
|
||||
buffer_put_int(&e->output, 1);
|
||||
buffer_put_char(&e->output,
|
||||
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
|
||||
|
18
ssh-keygen.c
18
ssh-keygen.c
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.96 2002/03/21 21:54:34 rees Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.97 2002/03/25 17:34:27 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -416,14 +416,18 @@ do_upload(struct passwd *pw, const char *sc_reader_id)
|
||||
static void
|
||||
do_download(struct passwd *pw, const char *sc_reader_id)
|
||||
{
|
||||
Key *pub = NULL;
|
||||
Key **keys = NULL;
|
||||
int i;
|
||||
|
||||
pub = sc_get_key(sc_reader_id, NULL);
|
||||
if (pub == NULL)
|
||||
keys = sc_get_keys(sc_reader_id, NULL);
|
||||
if (keys == NULL)
|
||||
fatal("cannot read public key from smartcard");
|
||||
key_write(pub, stdout);
|
||||
key_free(pub);
|
||||
fprintf(stdout, "\n");
|
||||
for (i = 0; keys[i]; i++) {
|
||||
key_write(keys[i], stdout);
|
||||
key_free(keys[i]);
|
||||
fprintf(stdout, "\n");
|
||||
}
|
||||
xfree(keys);
|
||||
exit(0);
|
||||
}
|
||||
#endif /* SMARTCARD */
|
||||
|
54
ssh.c
54
ssh.c
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
|
||||
RCSID("$OpenBSD: ssh.c,v 1.167 2002/03/25 17:34:27 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
@ -70,7 +70,6 @@ RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
|
||||
#include "sshtty.h"
|
||||
|
||||
#ifdef SMARTCARD
|
||||
#include <openssl/engine.h>
|
||||
#include "scard.h"
|
||||
#endif
|
||||
|
||||
@ -1187,40 +1186,29 @@ static void
|
||||
load_public_identity_files(void)
|
||||
{
|
||||
char *filename;
|
||||
Key *public;
|
||||
int i = 0;
|
||||
|
||||
Key *public;
|
||||
#ifdef SMARTCARD
|
||||
Key **keys;
|
||||
|
||||
if (options.smartcard_device != NULL &&
|
||||
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
|
||||
(public = sc_get_key(options.smartcard_device, NULL)) != NULL ) {
|
||||
Key *new;
|
||||
|
||||
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
|
||||
options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2;
|
||||
memmove(&options.identity_files[2], &options.identity_files[0],
|
||||
sizeof(char *) * options.num_identity_files);
|
||||
options.num_identity_files += 2;
|
||||
i = 2;
|
||||
|
||||
/* XXX ssh1 vs ssh2 */
|
||||
new = key_new(KEY_RSA);
|
||||
new->flags = KEY_FLAG_EXT;
|
||||
BN_copy(new->rsa->n, public->rsa->n);
|
||||
BN_copy(new->rsa->e, public->rsa->e);
|
||||
RSA_set_method(new->rsa, sc_get_engine());
|
||||
options.identity_keys[0] = new;
|
||||
options.identity_files[0] = xstrdup("smartcard rsa key");;
|
||||
|
||||
new = key_new(KEY_RSA1);
|
||||
new->flags = KEY_FLAG_EXT;
|
||||
BN_copy(new->rsa->n, public->rsa->n);
|
||||
BN_copy(new->rsa->e, public->rsa->e);
|
||||
RSA_set_method(new->rsa, sc_get_engine());
|
||||
options.identity_keys[1] = new;
|
||||
options.identity_files[1] = xstrdup("smartcard rsa1 key");
|
||||
|
||||
key_free(public);
|
||||
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
|
||||
(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
|
||||
int count = 0;
|
||||
for (i = 0; keys[i] != NULL; i++) {
|
||||
count++;
|
||||
if (options.num_identity_files + 1 > SSH_MAX_IDENTITY_FILES)
|
||||
options.num_identity_files = SSH_MAX_IDENTITY_FILES - 1;
|
||||
memmove(&options.identity_files[1], &options.identity_files[0],
|
||||
sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
|
||||
memmove(&options.identity_keys[1], &options.identity_keys[0],
|
||||
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
|
||||
options.num_identity_files++;
|
||||
options.identity_keys[0] = keys[i];
|
||||
options.identity_files[0] = xstrdup("smartcard key");;
|
||||
}
|
||||
i = count;
|
||||
xfree(keys);
|
||||
}
|
||||
#endif /* SMARTCARD */
|
||||
for (; i < options.num_identity_files; i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user