version 1.14.2.1, 2019/06/10 21:41:12 |
version 1.14.2.2, 2020/04/13 07:45:20 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.17 2019/01/23 02:01:10 djm Exp $ */ |
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.22 2020/01/25 00:03:36 djm Exp $ */ |
/* |
/* |
* Copyright (c) 2010 Markus Friedl. All rights reserved. |
* Copyright (c) 2010 Markus Friedl. All rights reserved. |
* |
* |
Line 23 __RCSID("$NetBSD$"); |
|
Line 23 __RCSID("$NetBSD$"); |
|
#include <sys/time.h> |
#include <sys/time.h> |
#include <sys/param.h> |
#include <sys/param.h> |
|
|
|
#include <stdlib.h> |
#include <errno.h> |
#include <errno.h> |
#include <poll.h> |
#include <poll.h> |
#include <stdarg.h> |
#include <stdarg.h> |
Line 38 __RCSID("$NetBSD$"); |
|
Line 39 __RCSID("$NetBSD$"); |
|
#include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
#include "ssherr.h" |
#include "ssherr.h" |
|
|
|
#ifdef WITH_OPENSSL |
|
|
/* borrows code from sftp-server and ssh-agent */ |
/* borrows code from sftp-server and ssh-agent */ |
|
|
struct pkcs11_keyinfo { |
struct pkcs11_keyinfo { |
struct sshkey *key; |
struct sshkey *key; |
char *providername; |
char *providername, *label; |
TAILQ_ENTRY(pkcs11_keyinfo) next; |
TAILQ_ENTRY(pkcs11_keyinfo) next; |
}; |
}; |
|
|
Line 55 struct sshbuf *iqueue; |
|
Line 58 struct sshbuf *iqueue; |
|
struct sshbuf *oqueue; |
struct sshbuf *oqueue; |
|
|
static void |
static void |
add_key(struct sshkey *k, char *name) |
add_key(struct sshkey *k, char *name, char *label) |
{ |
{ |
struct pkcs11_keyinfo *ki; |
struct pkcs11_keyinfo *ki; |
|
|
ki = xcalloc(1, sizeof(*ki)); |
ki = xcalloc(1, sizeof(*ki)); |
ki->providername = xstrdup(name); |
ki->providername = xstrdup(name); |
ki->key = k; |
ki->key = k; |
|
ki->label = xstrdup(label); |
TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next); |
TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next); |
} |
} |
|
|
Line 75 del_keys_by_name(char *name) |
|
Line 79 del_keys_by_name(char *name) |
|
if (!strcmp(ki->providername, name)) { |
if (!strcmp(ki->providername, name)) { |
TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
free(ki->providername); |
free(ki->providername); |
|
free(ki->label); |
sshkey_free(ki->key); |
sshkey_free(ki->key); |
free(ki); |
free(ki); |
} |
} |
Line 88 lookup_key(struct sshkey *k) |
|
Line 93 lookup_key(struct sshkey *k) |
|
struct pkcs11_keyinfo *ki; |
struct pkcs11_keyinfo *ki; |
|
|
TAILQ_FOREACH(ki, &pkcs11_keylist, next) { |
TAILQ_FOREACH(ki, &pkcs11_keylist, next) { |
debug("check %p %s", ki, ki->providername); |
debug("check %p %s %s", ki, ki->providername, ki->label); |
if (sshkey_equal(k, ki->key)) |
if (sshkey_equal(k, ki->key)) |
return (ki->key); |
return (ki->key); |
} |
} |
Line 113 process_add(void) |
|
Line 118 process_add(void) |
|
u_char *blob; |
u_char *blob; |
size_t blen; |
size_t blen; |
struct sshbuf *msg; |
struct sshbuf *msg; |
|
char **labels = NULL; |
|
|
if ((msg = sshbuf_new()) == NULL) |
if ((msg = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal("%s: sshbuf_new failed", __func__); |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { |
if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { |
if ((r = sshbuf_put_u8(msg, |
if ((r = sshbuf_put_u8(msg, |
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
(r = sshbuf_put_u32(msg, nkeys)) != 0) |
(r = sshbuf_put_u32(msg, nkeys)) != 0) |
Line 131 process_add(void) |
|
Line 137 process_add(void) |
|
continue; |
continue; |
} |
} |
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
(r = sshbuf_put_cstring(msg, name)) != 0) |
(r = sshbuf_put_cstring(msg, labels[i])) != 0) |
fatal("%s: buffer error: %s", |
fatal("%s: buffer error: %s", |
__func__, ssh_err(r)); |
__func__, ssh_err(r)); |
free(blob); |
free(blob); |
add_key(keys[i], name); |
add_key(keys[i], name, labels[i]); |
|
free(labels[i]); |
} |
} |
} else { |
} else { |
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
Line 143 process_add(void) |
|
Line 150 process_add(void) |
|
if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) |
if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} |
} |
free(keys); |
free(labels); |
|
free(keys); /* keys themselves are transferred to pkcs11_keylist */ |
free(pin); |
free(pin); |
free(name); |
free(name); |
send_msg(msg); |
send_msg(msg); |
Line 192 process_sign(void) |
|
Line 200 process_sign(void) |
|
else { |
else { |
if ((found = lookup_key(key)) != NULL) { |
if ((found = lookup_key(key)) != NULL) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
u_int xslen; |
|
int ret; |
int ret; |
|
|
if (key->type == KEY_RSA) { |
if (key->type == KEY_RSA) { |
Line 205 process_sign(void) |
|
Line 212 process_sign(void) |
|
ok = 0; |
ok = 0; |
} |
} |
} else if (key->type == KEY_ECDSA) { |
} else if (key->type == KEY_ECDSA) { |
xslen = ECDSA_size(key->ecdsa); |
u_int xslen = ECDSA_size(key->ecdsa); |
|
|
signature = xmalloc(xslen); |
signature = xmalloc(xslen); |
/* "The parameter type is ignored." */ |
/* "The parameter type is ignored." */ |
ret = ECDSA_sign(-1, data, dlen, signature, |
ret = ECDSA_sign(-1, data, dlen, signature, |
Line 317 main(int argc, char **argv) |
|
Line 325 main(int argc, char **argv) |
|
extern char *__progname; |
extern char *__progname; |
struct pollfd pfd[2]; |
struct pollfd pfd[2]; |
|
|
ssh_malloc_init(); /* must be called before any mallocs */ |
|
TAILQ_INIT(&pkcs11_keylist); |
TAILQ_INIT(&pkcs11_keylist); |
|
|
log_init(__progname, log_level, log_facility, log_stderr); |
log_init(__progname, log_level, log_facility, log_stderr); |
Line 417 main(int argc, char **argv) |
|
Line 424 main(int argc, char **argv) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} |
} |
} |
} |
|
|
|
#else /* WITH_OPENSSL */ |
|
void |
|
cleanup_exit(int i) |
|
{ |
|
_exit(i); |
|
} |
|
|
|
int |
|
main(int argc, char **argv) |
|
{ |
|
fprintf(stderr, "PKCS#11 code is not enabled\n"); |
|
return 1; |
|
} |
|
#endif /* WITH_OPENSSL */ |