- rees@cvs.openbsd.org 2002/03/21 21:54:34
[scard.c scard.h ssh-keygen.c]
Add PIN-protection for secret key.
+ - rees@cvs.openbsd.org 2002/03/21 22:44:05
+ [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
+ Add PIN-protection for secret key.
20020317
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.48 2002/02/24 19:14:59 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.49 2002/03/21 22:44:05 rees Exp $");
#include <openssl/evp.h>
}
int
-ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id)
+ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin)
{
Buffer msg;
int type;
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
SSH_AGENTC_REMOVE_SMARTCARD_KEY);
buffer_put_cstring(&msg, reader_id);
+ buffer_put_cstring(&msg, pin);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return 0;
-/* $OpenBSD: authfd.h,v 1.23 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: authfd.h,v 1.24 2002/03/21 22:44:05 rees Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int);
-int ssh_update_card(AuthenticationConnection *, int, const char *);
+int ssh_update_card(AuthenticationConnection *, int, const char *, const char *);
int
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.52 2002/03/21 10:21:20 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.53 2002/03/21 22:44:05 rees Exp $");
#include <openssl/evp.h>
static int
update_card(AuthenticationConnection *ac, int add, const char *id)
{
- if (ssh_update_card(ac, add, id)) {
+ char *pin;
+
+ pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+ if (pin == NULL)
+ return -1;
+
+ if (ssh_update_card(ac, add, id, pin)) {
fprintf(stderr, "Card %s: %s\n",
add ? "added" : "removed", id);
return 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.82 2002/03/04 17:27:39 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
{
Idtab *tab;
Key *n = NULL, *k = NULL;
- char *sc_reader_id = NULL;
+ char *sc_reader_id = NULL, *pin;
int success = 0;
sc_reader_id = buffer_get_string(&e->input, NULL);
- k = sc_get_key(sc_reader_id);
+ pin = buffer_get_string(&e->input, NULL);
+ k = sc_get_key(sc_reader_id, pin);
xfree(sc_reader_id);
+ xfree(pin);
if (k == NULL) {
error("sc_get_pubkey failed");
{
Key *k = NULL;
int success = 0;
- char *sc_reader_id = NULL;
+ char *sc_reader_id = NULL, *pin;
sc_reader_id = buffer_get_string(&e->input, NULL);
- k = sc_get_key(sc_reader_id);
+ pin = buffer_get_string(&e->input, NULL);
+ k = sc_get_key(sc_reader_id, pin);
xfree(sc_reader_id);
+ xfree(pin);
if (k == NULL) {
error("sc_get_pubkey failed");
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.165 2002/03/19 10:49:35 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#ifdef SMARTCARD
if (options.smartcard_device != NULL &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
- (public = sc_get_key(options.smartcard_device)) != NULL ) {
+ (public = sc_get_key(options.smartcard_device, NULL)) != NULL ) {
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)