version 1.419, 2020/08/27 09:46:04 |
version 1.420, 2020/09/09 03:08:01 |
|
|
} |
} |
|
|
static void |
static void |
|
save_attestation(struct sshbuf *attest, const char *path) |
|
{ |
|
mode_t omask; |
|
int r; |
|
|
|
if (path == NULL) |
|
return; /* nothing to do */ |
|
if (attest == NULL || sshbuf_len(attest) == 0) |
|
fatal("Enrollment did not return attestation data"); |
|
omask = umask(077); |
|
r = sshbuf_write_file(path, attest); |
|
umask(omask); |
|
if (r != 0) |
|
fatal("Unable to write attestation data \"%s\": %s", path, |
|
ssh_err(r)); |
|
if (!quiet) |
|
printf("Your FIDO attestation certificate has been saved in " |
|
"%s\n", path); |
|
} |
|
|
|
static void |
usage(void) |
usage(void) |
{ |
{ |
fprintf(stderr, |
fprintf(stderr, |
|
|
unsigned long long cert_serial = 0; |
unsigned long long cert_serial = 0; |
char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL; |
char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL; |
char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL; |
char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL; |
char *sk_attestaion_path = NULL; |
char *sk_attestation_path = NULL; |
struct sshbuf *challenge = NULL, *attest = NULL; |
struct sshbuf *challenge = NULL, *attest = NULL; |
size_t i, nopts = 0; |
size_t i, nopts = 0; |
u_int32_t bits = 0; |
u_int32_t bits = 0; |
|
|
} |
} |
} else if (strncasecmp(opts[i], |
} else if (strncasecmp(opts[i], |
"write-attestation=", 18) == 0) { |
"write-attestation=", 18) == 0) { |
sk_attestaion_path = opts[i] + 18; |
sk_attestation_path = opts[i] + 18; |
} else if (strncasecmp(opts[i], |
} else if (strncasecmp(opts[i], |
"application=", 12) == 0) { |
"application=", 12) == 0) { |
sk_application = xstrdup(opts[i] + 12); |
sk_application = xstrdup(opts[i] + 12); |
|
|
free(fp); |
free(fp); |
} |
} |
|
|
if (sk_attestaion_path != NULL) { |
if (sk_attestation_path != NULL) |
if (attest == NULL || sshbuf_len(attest) == 0) { |
save_attestation(attest, sk_attestation_path); |
fatal("Enrollment did not return attestation " |
|
"certificate"); |
|
} |
|
if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) { |
|
fatal("Unable to write attestation certificate " |
|
"\"%s\": %s", sk_attestaion_path, ssh_err(r)); |
|
} |
|
if (!quiet) { |
|
printf("Your FIDO attestation certificate has been " |
|
"saved in %s\n", sk_attestaion_path); |
|
} |
|
} |
|
sshbuf_free(attest); |
sshbuf_free(attest); |
sshkey_free(public); |
sshkey_free(public); |
|
|