diff options
author | Damien Miller <djm@mindrot.org> | 2000-07-21 10:19:44 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-07-21 10:19:44 +1000 |
commit | 994cf1426d176e2ee9ba310416544c325e04b155 (patch) | |
tree | 8e8978bcec4c8a2aa83533936f90e7c3070e9def /authfd.c | |
parent | 9dec7762798a4f9268e6033945c6dde44925d853 (diff) |
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/07/16 02:27:22
[authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c]
make ssh-add accept dsa keys (the agent does not)
- djm@cvs.openbsd.org 2000/07/17 19:25:02
[sshd.c]
Another closing of stdin; ok deraadt
- markus@cvs.openbsd.org 2000/07/19 18:33:12
[dsa.c]
missing free, reorder
- markus@cvs.openbsd.org 2000/07/20 16:23:14
[ssh-keygen.1]
document input and output files
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 73 |
1 files changed, 54 insertions, 19 deletions
@@ -14,17 +14,21 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); | 17 | RCSID("$OpenBSD: authfd.c,v 1.22 2000/07/16 08:27:20 markus Exp $"); |
18 | 18 | ||
19 | #include "ssh.h" | 19 | #include "ssh.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
21 | #include "authfd.h" | ||
22 | #include "buffer.h" | 21 | #include "buffer.h" |
23 | #include "bufaux.h" | 22 | #include "bufaux.h" |
24 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
25 | #include "getput.h" | 24 | #include "getput.h" |
26 | 25 | ||
27 | #include <openssl/rsa.h> | 26 | #include <openssl/rsa.h> |
27 | #include <openssl/dsa.h> | ||
28 | #include <openssl/evp.h> | ||
29 | #include "key.h" | ||
30 | #include "authfd.h" | ||
31 | #include "kex.h" | ||
28 | 32 | ||
29 | /* helper */ | 33 | /* helper */ |
30 | int ssh_agent_get_reply(AuthenticationConnection *auth); | 34 | int ssh_agent_get_reply(AuthenticationConnection *auth); |
@@ -138,10 +142,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, | |||
138 | * Send a message to the agent requesting for a list of the | 142 | * Send a message to the agent requesting for a list of the |
139 | * identities it can represent. | 143 | * identities it can represent. |
140 | */ | 144 | */ |
141 | msg[0] = 0; | 145 | PUT_32BIT(msg, 1); |
142 | msg[1] = 0; | ||
143 | msg[2] = 0; | ||
144 | msg[3] = 1; | ||
145 | msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES; | 146 | msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES; |
146 | if (atomicio(write, auth->fd, msg, 5) != 5) { | 147 | if (atomicio(write, auth->fd, msg, 5) != 5) { |
147 | error("write auth->fd: %.100s", strerror(errno)); | 148 | error("write auth->fd: %.100s", strerror(errno)); |
@@ -336,31 +337,64 @@ error_cleanup: | |||
336 | return 1; | 337 | return 1; |
337 | } | 338 | } |
338 | 339 | ||
340 | /* Encode key for a message to the agent. */ | ||
341 | |||
342 | void | ||
343 | ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) | ||
344 | { | ||
345 | buffer_clear(b); | ||
346 | buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); | ||
347 | buffer_put_int(b, BN_num_bits(key->n)); | ||
348 | buffer_put_bignum(b, key->n); | ||
349 | buffer_put_bignum(b, key->e); | ||
350 | buffer_put_bignum(b, key->d); | ||
351 | /* To keep within the protocol: p < q for ssh. in SSL p > q */ | ||
352 | buffer_put_bignum(b, key->iqmp); /* ssh key->u */ | ||
353 | buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ | ||
354 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ | ||
355 | buffer_put_string(b, comment, strlen(comment)); | ||
356 | } | ||
357 | |||
358 | void | ||
359 | ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment) | ||
360 | { | ||
361 | buffer_clear(b); | ||
362 | buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); | ||
363 | buffer_put_cstring(b, KEX_DSS); | ||
364 | buffer_put_bignum2(b, key->p); | ||
365 | buffer_put_bignum2(b, key->q); | ||
366 | buffer_put_bignum2(b, key->g); | ||
367 | buffer_put_bignum2(b, key->pub_key); | ||
368 | buffer_put_bignum2(b, key->priv_key); | ||
369 | buffer_put_string(b, comment, strlen(comment)); | ||
370 | } | ||
371 | |||
339 | /* | 372 | /* |
340 | * Adds an identity to the authentication server. This call is not meant to | 373 | * Adds an identity to the authentication server. This call is not meant to |
341 | * be used by normal applications. | 374 | * be used by normal applications. |
342 | */ | 375 | */ |
343 | 376 | ||
344 | int | 377 | int |
345 | ssh_add_identity(AuthenticationConnection *auth, | 378 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) |
346 | RSA * key, const char *comment) | ||
347 | { | 379 | { |
348 | Buffer buffer; | 380 | Buffer buffer; |
349 | unsigned char buf[8192]; | 381 | unsigned char buf[8192]; |
350 | int len; | 382 | int len; |
351 | 383 | ||
352 | /* Format a message to the agent. */ | ||
353 | buffer_init(&buffer); | 384 | buffer_init(&buffer); |
354 | buffer_put_char(&buffer, SSH_AGENTC_ADD_RSA_IDENTITY); | 385 | |
355 | buffer_put_int(&buffer, BN_num_bits(key->n)); | 386 | switch (key->type) { |
356 | buffer_put_bignum(&buffer, key->n); | 387 | case KEY_RSA: |
357 | buffer_put_bignum(&buffer, key->e); | 388 | ssh_encode_identity_rsa(&buffer, key->rsa, comment); |
358 | buffer_put_bignum(&buffer, key->d); | 389 | break; |
359 | /* To keep within the protocol: p < q for ssh. in SSL p > q */ | 390 | case KEY_DSA: |
360 | buffer_put_bignum(&buffer, key->iqmp); /* ssh key->u */ | 391 | ssh_encode_identity_dsa(&buffer, key->dsa, comment); |
361 | buffer_put_bignum(&buffer, key->q); /* ssh key->p, SSL key->q */ | 392 | break; |
362 | buffer_put_bignum(&buffer, key->p); /* ssh key->q, SSL key->p */ | 393 | default: |
363 | buffer_put_string(&buffer, comment, strlen(comment)); | 394 | buffer_free(&buffer); |
395 | return 0; | ||
396 | break; | ||
397 | } | ||
364 | 398 | ||
365 | /* Get the length of the message, and format it in the buffer. */ | 399 | /* Get the length of the message, and format it in the buffer. */ |
366 | len = buffer_len(&buffer); | 400 | len = buffer_len(&buffer); |
@@ -487,6 +521,7 @@ ssh_agent_get_reply(AuthenticationConnection *auth) | |||
487 | buffer_free(&buffer); | 521 | buffer_free(&buffer); |
488 | switch (type) { | 522 | switch (type) { |
489 | case SSH_AGENT_FAILURE: | 523 | case SSH_AGENT_FAILURE: |
524 | log("SSH_AGENT_FAILURE"); | ||
490 | return 0; | 525 | return 0; |
491 | case SSH_AGENT_SUCCESS: | 526 | case SSH_AGENT_SUCCESS: |
492 | return 1; | 527 | return 1; |