diff options
Diffstat (limited to 'ssh-sk-client.c')
-rw-r--r-- | ssh-sk-client.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/ssh-sk-client.c b/ssh-sk-client.c index d3d37f792..9121570dc 100644 --- a/ssh-sk-client.c +++ b/ssh-sk-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk-client.c,v 1.4 2020/01/06 02:00:46 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk-client.c,v 1.5 2020/01/10 23:43:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -129,24 +129,32 @@ reap_helper(pid_t pid) | |||
129 | } | 129 | } |
130 | 130 | ||
131 | static int | 131 | static int |
132 | client_converse(struct sshbuf *req, struct sshbuf **respp, u_int msg) | 132 | client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type) |
133 | { | 133 | { |
134 | int oerrno, fd, r2, r = SSH_ERR_INTERNAL_ERROR; | 134 | int oerrno, fd, r2, ll, r = SSH_ERR_INTERNAL_ERROR; |
135 | u_int rmsg, rerr; | 135 | u_int rtype, rerr; |
136 | pid_t pid; | 136 | pid_t pid; |
137 | u_char version; | 137 | u_char version; |
138 | void (*osigchld)(int); | 138 | void (*osigchld)(int); |
139 | struct sshbuf *resp = NULL; | 139 | struct sshbuf *req = NULL, *resp = NULL; |
140 | *respp = NULL; | 140 | *respp = NULL; |
141 | 141 | ||
142 | if ((r = start_helper(&fd, &pid, &osigchld)) != 0) | 142 | if ((r = start_helper(&fd, &pid, &osigchld)) != 0) |
143 | return r; | 143 | return r; |
144 | 144 | ||
145 | if ((resp = sshbuf_new()) == NULL) { | 145 | if ((req = sshbuf_new()) == NULL || (resp = sshbuf_new()) == NULL) { |
146 | r = SSH_ERR_ALLOC_FAIL; | 146 | r = SSH_ERR_ALLOC_FAIL; |
147 | goto out; | 147 | goto out; |
148 | } | 148 | } |
149 | 149 | /* Request preamble: type, log_on_stderr, log_level */ | |
150 | ll = log_level_get(); | ||
151 | if ((r = sshbuf_put_u32(req, type)) != 0 || | ||
152 | (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 || | ||
153 | (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 || | ||
154 | (r = sshbuf_putb(req, msg)) != 0) { | ||
155 | error("%s: build: %s", __func__, ssh_err(r)); | ||
156 | goto out; | ||
157 | } | ||
150 | if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) { | 158 | if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) { |
151 | error("%s: send: %s", __func__, ssh_err(r)); | 159 | error("%s: send: %s", __func__, ssh_err(r)); |
152 | goto out; | 160 | goto out; |
@@ -165,11 +173,11 @@ client_converse(struct sshbuf *req, struct sshbuf **respp, u_int msg) | |||
165 | r = SSH_ERR_INVALID_FORMAT; | 173 | r = SSH_ERR_INVALID_FORMAT; |
166 | goto out; | 174 | goto out; |
167 | } | 175 | } |
168 | if ((r = sshbuf_get_u32(resp, &rmsg)) != 0) { | 176 | if ((r = sshbuf_get_u32(resp, &rtype)) != 0) { |
169 | error("%s: parse message type: %s", __func__, ssh_err(r)); | 177 | error("%s: parse message type: %s", __func__, ssh_err(r)); |
170 | goto out; | 178 | goto out; |
171 | } | 179 | } |
172 | if (rmsg == SSH_SK_HELPER_ERROR) { | 180 | if (rtype == SSH_SK_HELPER_ERROR) { |
173 | if ((r = sshbuf_get_u32(resp, &rerr)) != 0) { | 181 | if ((r = sshbuf_get_u32(resp, &rerr)) != 0) { |
174 | error("%s: parse error: %s", __func__, ssh_err(r)); | 182 | error("%s: parse error: %s", __func__, ssh_err(r)); |
175 | goto out; | 183 | goto out; |
@@ -181,9 +189,9 @@ client_converse(struct sshbuf *req, struct sshbuf **respp, u_int msg) | |||
181 | else | 189 | else |
182 | r = -(int)rerr; | 190 | r = -(int)rerr; |
183 | goto out; | 191 | goto out; |
184 | } else if (rmsg != msg) { | 192 | } else if (rtype != type) { |
185 | error("%s: helper returned incorrect message type %u, " | 193 | error("%s: helper returned incorrect message type %u, " |
186 | "expecting %u", __func__, rmsg, msg); | 194 | "expecting %u", __func__, rtype, type); |
187 | r = SSH_ERR_INTERNAL_ERROR; | 195 | r = SSH_ERR_INTERNAL_ERROR; |
188 | goto out; | 196 | goto out; |
189 | } | 197 | } |
@@ -202,6 +210,7 @@ client_converse(struct sshbuf *req, struct sshbuf **respp, u_int msg) | |||
202 | *respp = resp; | 210 | *respp = resp; |
203 | resp = NULL; | 211 | resp = NULL; |
204 | } | 212 | } |
213 | sshbuf_free(req); | ||
205 | sshbuf_free(resp); | 214 | sshbuf_free(resp); |
206 | signal(SIGCHLD, osigchld); | 215 | signal(SIGCHLD, osigchld); |
207 | errno = oerrno; | 216 | errno = oerrno; |
@@ -235,8 +244,7 @@ sshsk_sign(const char *provider, struct sshkey *key, | |||
235 | error("%s: serialize private key: %s", __func__, ssh_err(r)); | 244 | error("%s: serialize private key: %s", __func__, ssh_err(r)); |
236 | goto out; | 245 | goto out; |
237 | } | 246 | } |
238 | if ((r = sshbuf_put_u32(req, SSH_SK_HELPER_SIGN)) != 0 || | 247 | if ((r = sshbuf_put_stringb(req, kbuf)) != 0 || |
239 | (r = sshbuf_put_stringb(req, kbuf)) != 0 || | ||
240 | (r = sshbuf_put_cstring(req, provider)) != 0 || | 248 | (r = sshbuf_put_cstring(req, provider)) != 0 || |
241 | (r = sshbuf_put_string(req, data, datalen)) != 0 || | 249 | (r = sshbuf_put_string(req, data, datalen)) != 0 || |
242 | (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */ | 250 | (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */ |
@@ -309,8 +317,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device, | |||
309 | goto out; | 317 | goto out; |
310 | } | 318 | } |
311 | 319 | ||
312 | if ((r = sshbuf_put_u32(req, SSH_SK_HELPER_ENROLL)) != 0 || | 320 | if ((r = sshbuf_put_u32(req, (u_int)type)) != 0 || |
313 | (r = sshbuf_put_u32(req, (u_int)type)) != 0 || | ||
314 | (r = sshbuf_put_cstring(req, provider_path)) != 0 || | 321 | (r = sshbuf_put_cstring(req, provider_path)) != 0 || |
315 | (r = sshbuf_put_cstring(req, device)) != 0 || | 322 | (r = sshbuf_put_cstring(req, device)) != 0 || |
316 | (r = sshbuf_put_cstring(req, application)) != 0 || | 323 | (r = sshbuf_put_cstring(req, application)) != 0 || |
@@ -379,8 +386,7 @@ sshsk_load_resident(const char *provider_path, const char *device, | |||
379 | goto out; | 386 | goto out; |
380 | } | 387 | } |
381 | 388 | ||
382 | if ((r = sshbuf_put_u32(req, SSH_SK_HELPER_LOAD_RESIDENT)) != 0 || | 389 | if ((r = sshbuf_put_cstring(req, provider_path)) != 0 || |
383 | (r = sshbuf_put_cstring(req, provider_path)) != 0 || | ||
384 | (r = sshbuf_put_cstring(req, device)) != 0 || | 390 | (r = sshbuf_put_cstring(req, device)) != 0 || |
385 | (r = sshbuf_put_cstring(req, pin)) != 0) { | 391 | (r = sshbuf_put_cstring(req, pin)) != 0) { |
386 | error("%s: compose: %s", __func__, ssh_err(r)); | 392 | error("%s: compose: %s", __func__, ssh_err(r)); |