diff options
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 21 |
1 files changed, 18 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.22 2019/12/30 09:24:03 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.23 2019/12/30 09:24:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -325,6 +325,20 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags, | |||
325 | return r; | 325 | return r; |
326 | } | 326 | } |
327 | 327 | ||
328 | static int | ||
329 | skerr_to_ssherr(int skerr) | ||
330 | { | ||
331 | switch (skerr) { | ||
332 | case SSH_SK_ERR_UNSUPPORTED: | ||
333 | return SSH_ERR_FEATURE_UNSUPPORTED; | ||
334 | case SSH_SK_ERR_PIN_REQUIRED: | ||
335 | return SSH_ERR_KEY_WRONG_PASSPHRASE; | ||
336 | case SSH_SK_ERR_GENERAL: | ||
337 | default: | ||
338 | return SSH_ERR_INVALID_FORMAT; | ||
339 | } | ||
340 | } | ||
341 | |||
328 | int | 342 | int |
329 | sshsk_enroll(int type, const char *provider_path, const char *application, | 343 | sshsk_enroll(int type, const char *provider_path, const char *application, |
330 | uint8_t flags, const char *pin, struct sshbuf *challenge_buf, | 344 | uint8_t flags, const char *pin, struct sshbuf *challenge_buf, |
@@ -396,7 +410,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
396 | flags, pin, &resp)) != 0) { | 410 | flags, pin, &resp)) != 0) { |
397 | error("Security key provider \"%s\" returned failure %d", | 411 | error("Security key provider \"%s\" returned failure %d", |
398 | provider_path, r); | 412 | provider_path, r); |
399 | r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */ | 413 | r = skerr_to_ssherr(r); |
400 | goto out; | 414 | goto out; |
401 | } | 415 | } |
402 | 416 | ||
@@ -559,6 +573,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, | |||
559 | sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), | 573 | sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
560 | key->sk_flags, pin, &resp)) != 0) { | 574 | key->sk_flags, pin, &resp)) != 0) { |
561 | debug("%s: sk_sign failed with code %d", __func__, r); | 575 | debug("%s: sk_sign failed with code %d", __func__, r); |
576 | r = skerr_to_ssherr(r); | ||
562 | goto out; | 577 | goto out; |
563 | } | 578 | } |
564 | /* Assemble signature */ | 579 | /* Assemble signature */ |
@@ -655,7 +670,7 @@ sshsk_load_resident(const char *provider_path, const char *pin, | |||
655 | if ((r = skp->sk_load_resident_keys(pin, &rks, &nrks)) != 0) { | 670 | if ((r = skp->sk_load_resident_keys(pin, &rks, &nrks)) != 0) { |
656 | error("Security key provider \"%s\" returned failure %d", | 671 | error("Security key provider \"%s\" returned failure %d", |
657 | provider_path, r); | 672 | provider_path, r); |
658 | r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */ | 673 | r = skerr_to_ssherr(r); |
659 | goto out; | 674 | goto out; |
660 | } | 675 | } |
661 | for (i = 0; i < nrks; i++) { | 676 | for (i = 0; i < nrks; i++) { |