diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:21:59 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:58:19 +1100 |
commit | 27753a8e21887d47fe6b5c78a4aed0efe558a850 (patch) | |
tree | 761ebebce5fb94c32eef432db246abd81865c7d0 /ssh-sk-helper.c | |
parent | 14cea36df397677b8f8568204300ef654114fd76 (diff) |
upstream: implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
Diffstat (limited to 'ssh-sk-helper.c')
-rw-r--r-- | ssh-sk-helper.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index 3dc149b95..ac528cfcf 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk-helper.c,v 1.4 2019/12/13 19:11:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk-helper.c,v 1.5 2019/12/30 09:21:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -148,6 +148,50 @@ process_enroll(struct sshbuf *req) | |||
148 | return resp; | 148 | return resp; |
149 | } | 149 | } |
150 | 150 | ||
151 | static struct sshbuf * | ||
152 | process_load_resident(struct sshbuf *req) | ||
153 | { | ||
154 | int r; | ||
155 | char *provider, *pin; | ||
156 | struct sshbuf *kbuf, *resp; | ||
157 | struct sshkey **keys = NULL; | ||
158 | size_t nkeys = 0, i; | ||
159 | |||
160 | if ((resp = sshbuf_new()) == NULL || | ||
161 | (kbuf = sshbuf_new()) == NULL) | ||
162 | fatal("%s: sshbuf_new failed", __progname); | ||
163 | |||
164 | if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || | ||
165 | (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) | ||
166 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
167 | if (sshbuf_len(req) != 0) | ||
168 | fatal("%s: trailing data in request", __progname); | ||
169 | |||
170 | if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) | ||
171 | fatal("%s: sshsk_load_resident failed: %s", | ||
172 | __progname, ssh_err(r)); | ||
173 | |||
174 | for (i = 0; i < nkeys; i++) { | ||
175 | debug("%s: key %zu %s %s", __func__, i, | ||
176 | sshkey_type(keys[i]), keys[i]->sk_application); | ||
177 | sshbuf_reset(kbuf); | ||
178 | if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0) | ||
179 | fatal("%s: serialize private key: %s", | ||
180 | __progname, ssh_err(r)); | ||
181 | if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 || | ||
182 | (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */ | ||
183 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
184 | } | ||
185 | |||
186 | for (i = 0; i < nkeys; i++) | ||
187 | sshkey_free(keys[i]); | ||
188 | free(keys); | ||
189 | sshbuf_free(kbuf); | ||
190 | free(provider); | ||
191 | freezero(pin, strlen(pin)); | ||
192 | return resp; | ||
193 | } | ||
194 | |||
151 | int | 195 | int |
152 | main(int argc, char **argv) | 196 | main(int argc, char **argv) |
153 | { | 197 | { |
@@ -212,6 +256,9 @@ main(int argc, char **argv) | |||
212 | case SSH_SK_HELPER_ENROLL: | 256 | case SSH_SK_HELPER_ENROLL: |
213 | resp = process_enroll(req); | 257 | resp = process_enroll(req); |
214 | break; | 258 | break; |
259 | case SSH_SK_HELPER_LOAD_RESIDENT: | ||
260 | resp = process_load_resident(req); | ||
261 | break; | ||
215 | default: | 262 | default: |
216 | fatal("%s: unsupported request type %u", __progname, rtype); | 263 | fatal("%s: unsupported request type %u", __progname, rtype); |
217 | } | 264 | } |