diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:21:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:58:19 +1100 |
| commit | 27753a8e21887d47fe6b5c78a4aed0efe558a850 (patch) | |
| tree | 761ebebce5fb94c32eef432db246abd81865c7d0 /ssh-sk-helper.c | |
| parent | 14cea36df397677b8f8568204300ef654114fd76 (diff) | |
| download | openssh-git-27753a8e21887d47fe6b5c78a4aed0efe558a850.tar.gz | |
upstream: implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
Diffstat (limited to 'ssh-sk-helper.c')
| -rw-r--r-- | ssh-sk-helper.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index 3dc149b9..ac528cfc 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.4 2019/12/13 19:11:14 djm Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.5 2019/12/30 09:21:59 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -148,6 +148,50 @@ process_enroll(struct sshbuf *req) return resp; } +static struct sshbuf * +process_load_resident(struct sshbuf *req) +{ + int r; + char *provider, *pin; + struct sshbuf *kbuf, *resp; + struct sshkey **keys = NULL; + size_t nkeys = 0, i; + + if ((resp = sshbuf_new()) == NULL || + (kbuf = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __progname); + + if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || + (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) + fatal("%s: buffer error: %s", __progname, ssh_err(r)); + if (sshbuf_len(req) != 0) + fatal("%s: trailing data in request", __progname); + + if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) + fatal("%s: sshsk_load_resident failed: %s", + __progname, ssh_err(r)); + + for (i = 0; i < nkeys; i++) { + debug("%s: key %zu %s %s", __func__, i, + sshkey_type(keys[i]), keys[i]->sk_application); + sshbuf_reset(kbuf); + if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0) + fatal("%s: serialize private key: %s", + __progname, ssh_err(r)); + if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 || + (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */ + fatal("%s: buffer error: %s", __progname, ssh_err(r)); + } + + for (i = 0; i < nkeys; i++) + sshkey_free(keys[i]); + free(keys); + sshbuf_free(kbuf); + free(provider); + freezero(pin, strlen(pin)); + return resp; +} + int main(int argc, char **argv) { @@ -212,6 +256,9 @@ main(int argc, char **argv) case SSH_SK_HELPER_ENROLL: resp = process_enroll(req); break; + case SSH_SK_HELPER_LOAD_RESIDENT: + resp = process_load_resident(req); + break; default: fatal("%s: unsupported request type %u", __progname, rtype); } |