Attachment 2056 Details for Bug 1914 – Test key in agent

[patch] Test key in agent

testkey.diff (text/plain), 3.30 KB, created by Damien Miller on 2011-06-10 23:45:38 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2011-06-10 23:45:38 AEST

Size: 3.30 KB

patch

obsolete

>From markus.r.friedl@arcor.de Sat May  7 00:42:36 2011
>Date: Fri, 6 May 2011 16:42:15 +0200
>From: Markus Friedl <markus.r.friedl@arcor.de>
>To: Konrad Bucheli <kb@open.ch>
>Cc: openssh-unix-dev@mindrot.org
>Subject: Re: new option ssh-add -v to verify if key is loaded into the agent
>
>On Thu, Apr 07, 2011 at 09:12:08AM +0200, Konrad Bucheli wrote:
>> Dear openssh developers
>> 
>> In a shell script I need to verify if a key belonging to a given public
>> key file is already loaded into the agent. To achieve this, I added a
>> new option -v to ssh-add which does this verification.
>> 
>> The patch bases on openssh v5.8p1. The regression test agent.sh was
>> extended to test this new feature.
>> 
>> Is there any chance for inclusion of attached patch?
>
>fwiw, some of my ssh trees had something like this (restricted
>to ssh v2 keys).
>
>Index: ssh-add.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
>retrieving revision 1.100
>diff -u -p -u -r1.100 ssh-add.c
>--- ssh-add.c	31 Aug 2010 12:33:38 -0000	1.100
>+++ ssh-add.c	6 May 2011 14:34:44 -0000
>@@ -261,6 +261,32 @@ update_card(AuthenticationConnection *ac
> }
> 
> static int
>+test_key(AuthenticationConnection *ac, const char *filename)
>+{
>+	Key *key = NULL;
>+	u_char *sig = NULL;
>+	u_int slen = 0;
>+	int ret = -1;
>+	char data[1024];
>+
>+	if ((key = key_load_public(filename, NULL)) == NULL) {
>+		error("Loading key from '%s' failed", filename);
>+		goto done;
>+	}
>+	arc4random_buf(data, sizeof(data));
>+	if (ssh_agent_sign(ac, key, &sig, &slen, data, sizeof(data)) == -1)
>+		goto done;
>+	if (key_verify(key, sig, slen, data, sizeof(data)) == 1)
>+		ret = 0;
>+ done:
>+	if (sig)
>+		xfree(sig);
>+	if (key)
>+		key_free(key);
>+	return (ret);
>+}
>+
>+static int
> list_identities(AuthenticationConnection *ac, int do_fp)
> {
> 	Key *key;
>@@ -351,6 +377,7 @@ usage(void)
> 	fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
> 	fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
> 	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
>+	fprintf(stderr, "  -T pubkey   Test if ssh-agent can access matching private key.\n");
> }
> 
> int
>@@ -360,6 +387,7 @@ main(int argc, char **argv)
> 	extern int optind;
> 	AuthenticationConnection *ac = NULL;
> 	char *pkcs11provider = NULL;
>+	char *testing = NULL;
> 	int i, ch, deleting = 0, ret = 0;
> 
> 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
>@@ -374,7 +402,7 @@ main(int argc, char **argv)
> 		    "Could not open a connection to your authentication agent.\n");
> 		exit(2);
> 	}
>-	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
>+	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:T:")) != -1) {
> 		switch (ch) {
> 		case 'l':
> 		case 'L':
>@@ -410,6 +438,9 @@ main(int argc, char **argv)
> 				goto done;
> 			}
> 			break;
>+		case 'T':
>+			testing = optarg;
>+			break;
> 		default:
> 			usage();
> 			ret = 1;
>@@ -418,6 +449,10 @@ main(int argc, char **argv)
> 	}
> 	argc -= optind;
> 	argv += optind;
>+	if (testing != NULL) {
>+		ret = (test_key(ac, testing) == 0) ? 0 : 1;
>+		goto done;
>+	}
> 	if (pkcs11provider != NULL) {
> 		if (update_card(ac, !deleting, pkcs11provider) == -1)
> 			ret = 1;
>_______________________________________________
>openssh-unix-dev mailing list
>openssh-unix-dev@mindrot.org
>https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Actions: View | Diff

Attachments on bug 1914: 2055 | 2056 | 2058 | 2162