Bugzilla – Attachment 2056 Details for
Bug 1914
ssh-add: add an option to cryptographically verify if agent can access the matching private key of a given public key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Test key in agent
testkey.diff (text/plain), 3.30 KB, created by
Damien Miller
on 2011-06-10 23:45:38 AEST
(
hide
)
Description:
Test key in agent
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2011-06-10 23:45:38 AEST
Size:
3.30 KB
patch
obsolete
>From markus.r.friedl@arcor.de Sat May 7 00:42:36 2011 >Date: Fri, 6 May 2011 16:42:15 +0200 >From: Markus Friedl <markus.r.friedl@arcor.de> >To: Konrad Bucheli <kb@open.ch> >Cc: openssh-unix-dev@mindrot.org >Subject: Re: new option ssh-add -v to verify if key is loaded into the agent > >On Thu, Apr 07, 2011 at 09:12:08AM +0200, Konrad Bucheli wrote: >> Dear openssh developers >> >> In a shell script I need to verify if a key belonging to a given public >> key file is already loaded into the agent. To achieve this, I added a >> new option -v to ssh-add which does this verification. >> >> The patch bases on openssh v5.8p1. The regression test agent.sh was >> extended to test this new feature. >> >> Is there any chance for inclusion of attached patch? > >fwiw, some of my ssh trees had something like this (restricted >to ssh v2 keys). > >Index: ssh-add.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v >retrieving revision 1.100 >diff -u -p -u -r1.100 ssh-add.c >--- ssh-add.c 31 Aug 2010 12:33:38 -0000 1.100 >+++ ssh-add.c 6 May 2011 14:34:44 -0000 >@@ -261,6 +261,32 @@ update_card(AuthenticationConnection *ac > } > > static int >+test_key(AuthenticationConnection *ac, const char *filename) >+{ >+ Key *key = NULL; >+ u_char *sig = NULL; >+ u_int slen = 0; >+ int ret = -1; >+ char data[1024]; >+ >+ if ((key = key_load_public(filename, NULL)) == NULL) { >+ error("Loading key from '%s' failed", filename); >+ goto done; >+ } >+ arc4random_buf(data, sizeof(data)); >+ if (ssh_agent_sign(ac, key, &sig, &slen, data, sizeof(data)) == -1) >+ goto done; >+ if (key_verify(key, sig, slen, data, sizeof(data)) == 1) >+ ret = 0; >+ done: >+ if (sig) >+ xfree(sig); >+ if (key) >+ key_free(key); >+ return (ret); >+} >+ >+static int > list_identities(AuthenticationConnection *ac, int do_fp) > { > Key *key; >@@ -351,6 +377,7 @@ usage(void) > fprintf(stderr, " -c Require confirmation to sign using identities\n"); > fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); > fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); >+ fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); > } > > int >@@ -360,6 +387,7 @@ main(int argc, char **argv) > extern int optind; > AuthenticationConnection *ac = NULL; > char *pkcs11provider = NULL; >+ char *testing = NULL; > int i, ch, deleting = 0, ret = 0; > > /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ >@@ -374,7 +402,7 @@ main(int argc, char **argv) > "Could not open a connection to your authentication agent.\n"); > exit(2); > } >- while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { >+ while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:T:")) != -1) { > switch (ch) { > case 'l': > case 'L': >@@ -410,6 +438,9 @@ main(int argc, char **argv) > goto done; > } > break; >+ case 'T': >+ testing = optarg; >+ break; > default: > usage(); > ret = 1; >@@ -418,6 +449,10 @@ main(int argc, char **argv) > } > argc -= optind; > argv += optind; >+ if (testing != NULL) { >+ ret = (test_key(ac, testing) == 0) ? 0 : 1; >+ goto done; >+ } > if (pkcs11provider != NULL) { > if (update_card(ac, !deleting, pkcs11provider) == -1) > ret = 1; >_______________________________________________ >openssh-unix-dev mailing list >openssh-unix-dev@mindrot.org >https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1914
:
2055
| 2056 |
2058
|
2162