diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:21:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:58:19 +1100 |
| commit | 27753a8e21887d47fe6b5c78a4aed0efe558a850 (patch) | |
| tree | 761ebebce5fb94c32eef432db246abd81865c7d0 /ssh-sk-helper.c | |
| parent | 14cea36df397677b8f8568204300ef654114fd76 (diff) | |
upstream: implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
Diffstat (limited to 'ssh-sk-helper.c')
| -rw-r--r-- | ssh-sk-helper.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index 3dc149b95..ac528cfcf 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-sk-helper.c,v 1.4 2019/12/13 19:11:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk-helper.c,v 1.5 2019/12/30 09:21:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
| 4 | * | 4 | * |
| @@ -148,6 +148,50 @@ process_enroll(struct sshbuf *req) | |||
| 148 | return resp; | 148 | return resp; |
| 149 | } | 149 | } |
| 150 | 150 | ||
| 151 | static struct sshbuf * | ||
| 152 | process_load_resident(struct sshbuf *req) | ||
| 153 | { | ||
| 154 | int r; | ||
| 155 | char *provider, *pin; | ||
| 156 | struct sshbuf *kbuf, *resp; | ||
| 157 | struct sshkey **keys = NULL; | ||
| 158 | size_t nkeys = 0, i; | ||
| 159 | |||
| 160 | if ((resp = sshbuf_new()) == NULL || | ||
| 161 | (kbuf = sshbuf_new()) == NULL) | ||
| 162 | fatal("%s: sshbuf_new failed", __progname); | ||
| 163 | |||
| 164 | if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || | ||
| 165 | (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) | ||
| 166 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
| 167 | if (sshbuf_len(req) != 0) | ||
| 168 | fatal("%s: trailing data in request", __progname); | ||
| 169 | |||
| 170 | if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) | ||
| 171 | fatal("%s: sshsk_load_resident failed: %s", | ||
| 172 | __progname, ssh_err(r)); | ||
| 173 | |||
| 174 | for (i = 0; i < nkeys; i++) { | ||
| 175 | debug("%s: key %zu %s %s", __func__, i, | ||
| 176 | sshkey_type(keys[i]), keys[i]->sk_application); | ||
| 177 | sshbuf_reset(kbuf); | ||
| 178 | if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0) | ||
| 179 | fatal("%s: serialize private key: %s", | ||
| 180 | __progname, ssh_err(r)); | ||
| 181 | if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 || | ||
| 182 | (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */ | ||
| 183 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
| 184 | } | ||
| 185 | |||
| 186 | for (i = 0; i < nkeys; i++) | ||
| 187 | sshkey_free(keys[i]); | ||
| 188 | free(keys); | ||
| 189 | sshbuf_free(kbuf); | ||
| 190 | free(provider); | ||
| 191 | freezero(pin, strlen(pin)); | ||
| 192 | return resp; | ||
| 193 | } | ||
| 194 | |||
| 151 | int | 195 | int |
| 152 | main(int argc, char **argv) | 196 | main(int argc, char **argv) |
| 153 | { | 197 | { |
| @@ -212,6 +256,9 @@ main(int argc, char **argv) | |||
| 212 | case SSH_SK_HELPER_ENROLL: | 256 | case SSH_SK_HELPER_ENROLL: |
| 213 | resp = process_enroll(req); | 257 | resp = process_enroll(req); |
| 214 | break; | 258 | break; |
| 259 | case SSH_SK_HELPER_LOAD_RESIDENT: | ||
| 260 | resp = process_load_resident(req); | ||
| 261 | break; | ||
| 215 | default: | 262 | default: |
| 216 | fatal("%s: unsupported request type %u", __progname, rtype); | 263 | fatal("%s: unsupported request type %u", __progname, rtype); |
| 217 | } | 264 | } |