|
Lines 138-143
int print_generic = 0;
Link Here
|
| 138 |
|
138 |
|
| 139 |
char *key_type_name = NULL; |
139 |
char *key_type_name = NULL; |
| 140 |
|
140 |
|
|
|
141 |
/* Load key from this PKCS#11 provider */ |
| 142 |
char *pkcs11provider = NULL; |
| 141 |
|
143 |
|
| 142 |
/* argv0 */ |
144 |
/* argv0 */ |
| 143 |
extern char *__progname; |
145 |
extern char *__progname; |
|
Lines 647-653
do_print_public(struct passwd *pw)
Link Here
|
| 647 |
} |
649 |
} |
| 648 |
|
650 |
|
| 649 |
static void |
651 |
static void |
| 650 |
do_download(struct passwd *pw, char *pkcs11provider) |
652 |
do_download(struct passwd *pw) |
| 651 |
{ |
653 |
{ |
| 652 |
#ifdef ENABLE_PKCS11 |
654 |
#ifdef ENABLE_PKCS11 |
| 653 |
Key **keys = NULL; |
655 |
Key **keys = NULL; |
|
Lines 1310-1315
prepare_options_buf(Buffer *c, int which
Link Here
|
| 1310 |
add_string_option(c, "source-address", certflags_src_addr); |
1312 |
add_string_option(c, "source-address", certflags_src_addr); |
| 1311 |
} |
1313 |
} |
| 1312 |
|
1314 |
|
|
|
1315 |
static Key * |
| 1316 |
load_pkcs11_key(struct passwd *pw, char *path) |
| 1317 |
{ |
| 1318 |
#ifdef ENABLE_PKCS11 |
| 1319 |
Key **keys = NULL, *public, *private = NULL; |
| 1320 |
int i, nkeys; |
| 1321 |
|
| 1322 |
if ((public = key_load_public(path, NULL)) == NULL) |
| 1323 |
fatal("Couldn't load CA public key \"%s\"", path); |
| 1324 |
|
| 1325 |
nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); |
| 1326 |
debug3("%s: %d keys", __func__, nkeys); |
| 1327 |
if (nkeys <= 0) |
| 1328 |
fatal("cannot read public key from pkcs11"); |
| 1329 |
for (i = 0; i < nkeys; i++) { |
| 1330 |
if (key_equal_public(public, keys[i])) { |
| 1331 |
private = keys[i]; |
| 1332 |
continue; |
| 1333 |
} |
| 1334 |
key_free(keys[i]); |
| 1335 |
} |
| 1336 |
xfree(keys); |
| 1337 |
key_free(public); |
| 1338 |
return private; |
| 1339 |
#else |
| 1340 |
fatal("no pkcs11 support"); |
| 1341 |
#endif /* ENABLE_PKCS11 */ |
| 1342 |
} |
| 1343 |
|
| 1313 |
static void |
1344 |
static void |
| 1314 |
do_ca_sign(struct passwd *pw, int argc, char **argv) |
1345 |
do_ca_sign(struct passwd *pw, int argc, char **argv) |
| 1315 |
{ |
1346 |
{ |
|
Lines 1320-1330
do_ca_sign(struct passwd *pw, int argc,
Link Here
|
| 1320 |
FILE *f; |
1351 |
FILE *f; |
| 1321 |
int v00 = 0; /* legacy keys */ |
1352 |
int v00 = 0; /* legacy keys */ |
| 1322 |
|
1353 |
|
| 1323 |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
|
|
| 1324 |
if ((ca = load_identity(tmp)) == NULL) |
| 1325 |
fatal("Couldn't load CA key \"%s\"", tmp); |
| 1326 |
xfree(tmp); |
| 1327 |
|
| 1328 |
if (key_type_name != NULL) { |
1354 |
if (key_type_name != NULL) { |
| 1329 |
switch (key_type_from_name(key_type_name)) { |
1355 |
switch (key_type_from_name(key_type_name)) { |
| 1330 |
case KEY_RSA_CERT_V00: |
1356 |
case KEY_RSA_CERT_V00: |
|
Lines 1344-1349
do_ca_sign(struct passwd *pw, int argc,
Link Here
|
| 1344 |
} |
1370 |
} |
| 1345 |
} |
1371 |
} |
| 1346 |
|
1372 |
|
|
|
1373 |
pkcs11_init(1); |
| 1374 |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
| 1375 |
if (pkcs11provider != NULL) { |
| 1376 |
if ((ca = load_pkcs11_key(pw, tmp)) == NULL) |
| 1377 |
fatal("No PKCS#11 key matching %s found", ca_key_path); |
| 1378 |
} else if ((ca = load_identity(tmp)) == NULL) |
| 1379 |
fatal("Couldn't load CA key \"%s\"", tmp); |
| 1380 |
xfree(tmp); |
| 1381 |
|
| 1347 |
for (i = 0; i < argc; i++) { |
1382 |
for (i = 0; i < argc; i++) { |
| 1348 |
/* Split list of principals */ |
1383 |
/* Split list of principals */ |
| 1349 |
n = 0; |
1384 |
n = 0; |
|
Lines 1416-1421
do_ca_sign(struct passwd *pw, int argc,
Link Here
|
| 1416 |
key_free(public); |
1451 |
key_free(public); |
| 1417 |
xfree(out); |
1452 |
xfree(out); |
| 1418 |
} |
1453 |
} |
|
|
1454 |
pkcs11_terminate(); |
| 1419 |
exit(0); |
1455 |
exit(0); |
| 1420 |
} |
1456 |
} |
| 1421 |
|
1457 |
|
|
Lines 1717-1724
int
Link Here
|
| 1717 |
main(int argc, char **argv) |
1753 |
main(int argc, char **argv) |
| 1718 |
{ |
1754 |
{ |
| 1719 |
char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; |
1755 |
char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; |
| 1720 |
char out_file[MAXPATHLEN], *pkcs11provider = NULL; |
1756 |
char out_file[MAXPATHLEN], *rr_hostname = NULL; |
| 1721 |
char *rr_hostname = NULL; |
|
|
| 1722 |
Key *private, *public; |
1757 |
Key *private, *public; |
| 1723 |
struct passwd *pw; |
1758 |
struct passwd *pw; |
| 1724 |
struct stat st; |
1759 |
struct stat st; |
|
Lines 1988-1994
main(int argc, char **argv)
Link Here
|
| 1988 |
} |
2023 |
} |
| 1989 |
} |
2024 |
} |
| 1990 |
if (pkcs11provider != NULL) |
2025 |
if (pkcs11provider != NULL) |
| 1991 |
do_download(pw, pkcs11provider); |
2026 |
do_download(pw); |
| 1992 |
|
2027 |
|
| 1993 |
if (do_gen_candidates) { |
2028 |
if (do_gen_candidates) { |
| 1994 |
FILE *out = fopen(out_file, "w"); |
2029 |
FILE *out = fopen(out_file, "w"); |