version 1.417, 2020/08/27 01:07:51 |
version 1.418, 2020/08/27 01:08:45 |
|
|
if (skprovider == NULL) |
if (skprovider == NULL) |
fatal("Cannot download keys without provider"); |
fatal("Cannot download keys without provider"); |
|
|
for (i = 0; i < 2; i++) { |
pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); |
if (i == 1) { |
if (!quiet) { |
pin = read_passphrase("Enter PIN for authenticator: ", |
printf("You may need to touch your authenticator " |
RP_ALLOW_STDIN); |
"to authorize key download.\n"); |
} |
|
if ((r = sshsk_load_resident(skprovider, device, pin, |
|
&keys, &nkeys)) != 0) { |
|
if (i == 0 && r == SSH_ERR_KEY_WRONG_PASSPHRASE) |
|
continue; |
|
if (pin != NULL) |
|
freezero(pin, strlen(pin)); |
|
error("Unable to load resident keys: %s", ssh_err(r)); |
|
return -1; |
|
} |
|
} |
} |
|
if ((r = sshsk_load_resident(skprovider, device, pin, |
|
&keys, &nkeys)) != 0) { |
|
if (pin != NULL) |
|
freezero(pin, strlen(pin)); |
|
error("Unable to load resident keys: %s", ssh_err(r)); |
|
return -1; |
|
} |
if (nkeys == 0) |
if (nkeys == 0) |
logit("No keys to download"); |
logit("No keys to download"); |
if (pin != NULL) |
if (pin != NULL) |
|
|
printf("You may need to touch your authenticator " |
printf("You may need to touch your authenticator " |
"to authorize key generation.\n"); |
"to authorize key generation.\n"); |
} |
} |
passphrase = NULL; |
|
if ((attest = sshbuf_new()) == NULL) |
if ((attest = sshbuf_new()) == NULL) |
fatal("sshbuf_new failed"); |
fatal("sshbuf_new failed"); |
|
if ((sk_flags & |
|
(SSH_SK_USER_VERIFICATION_REQD|SSH_SK_RESIDENT_KEY))) { |
|
passphrase = read_passphrase("Enter PIN for " |
|
"authenticator: ", RP_ALLOW_STDIN); |
|
} else { |
|
passphrase = NULL; |
|
} |
for (i = 0 ; ; i++) { |
for (i = 0 ; ; i++) { |
fflush(stdout); |
fflush(stdout); |
r = sshsk_enroll(type, sk_provider, sk_device, |
r = sshsk_enroll(type, sk_provider, sk_device, |
|
|
break; |
break; |
if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
fatal("Key enrollment failed: %s", ssh_err(r)); |
fatal("Key enrollment failed: %s", ssh_err(r)); |
else if (i > 0) |
else if (passphrase != NULL) { |
error("PIN incorrect"); |
error("PIN incorrect"); |
if (passphrase != NULL) { |
|
freezero(passphrase, strlen(passphrase)); |
freezero(passphrase, strlen(passphrase)); |
passphrase = NULL; |
passphrase = NULL; |
} |
} |