version 1.92, 2014/01/31 16:39:19 |
version 1.93, 2014/04/29 18:01:49 |
|
|
#include <sys/un.h> |
#include <sys/un.h> |
#include <sys/socket.h> |
#include <sys/socket.h> |
|
|
#include <openssl/evp.h> |
|
#include <openssl/crypto.h> |
|
|
|
#include <fcntl.h> |
#include <fcntl.h> |
#include <stdlib.h> |
#include <stdlib.h> |
#include <signal.h> |
#include <signal.h> |
|
|
Key * |
Key * |
ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) |
ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) |
{ |
{ |
|
#ifdef WITH_SSH1 |
int keybits; |
int keybits; |
u_int bits; |
u_int bits; |
|
#endif |
u_char *blob; |
u_char *blob; |
u_int blen; |
u_int blen; |
Key *key = NULL; |
Key *key = NULL; |
|
|
* error if the packet is too short or contains corrupt data. |
* error if the packet is too short or contains corrupt data. |
*/ |
*/ |
switch (version) { |
switch (version) { |
|
#ifdef WITH_SSH1 |
case 1: |
case 1: |
key = key_new(KEY_RSA1); |
key = key_new(KEY_RSA1); |
bits = buffer_get_int(&auth->identities); |
bits = buffer_get_int(&auth->identities); |
|
|
logit("Warning: identity keysize mismatch: actual %d, announced %u", |
logit("Warning: identity keysize mismatch: actual %d, announced %u", |
BN_num_bits(key->rsa->n), bits); |
BN_num_bits(key->rsa->n), bits); |
break; |
break; |
|
#endif |
case 2: |
case 2: |
blob = buffer_get_string(&auth->identities, &blen); |
blob = buffer_get_string(&auth->identities, &blen); |
*comment = buffer_get_string(&auth->identities, NULL); |
*comment = buffer_get_string(&auth->identities, NULL); |
|
|
* supported) and 1 corresponding to protocol version 1.1. |
* supported) and 1 corresponding to protocol version 1.1. |
*/ |
*/ |
|
|
|
#ifdef WITH_SSH1 |
int |
int |
ssh_decrypt_challenge(AuthenticationConnection *auth, |
ssh_decrypt_challenge(AuthenticationConnection *auth, |
Key* key, BIGNUM *challenge, |
Key* key, BIGNUM *challenge, |
|
|
buffer_free(&buffer); |
buffer_free(&buffer); |
return success; |
return success; |
} |
} |
|
#endif |
|
|
/* ask agent to sign data, returns -1 on error, 0 on success */ |
/* ask agent to sign data, returns -1 on error, 0 on success */ |
int |
int |
|
|
|
|
/* Encode key for a message to the agent. */ |
/* Encode key for a message to the agent. */ |
|
|
|
#ifdef WITH_SSH1 |
static void |
static void |
ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
{ |
{ |
|
|
buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ |
buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ |
buffer_put_cstring(b, comment); |
buffer_put_cstring(b, comment); |
} |
} |
|
#endif |
|
|
static void |
static void |
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
|
|
buffer_init(&msg); |
buffer_init(&msg); |
|
|
switch (key->type) { |
switch (key->type) { |
|
#ifdef WITH_SSH1 |
case KEY_RSA1: |
case KEY_RSA1: |
type = constrained ? |
type = constrained ? |
SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : |
SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : |
|
|
buffer_put_char(&msg, type); |
buffer_put_char(&msg, type); |
ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
break; |
break; |
|
#endif |
|
#ifdef WITH_OPENSSL |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
|
|
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_ECDSA: |
case KEY_ECDSA: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
type = constrained ? |
type = constrained ? |
|
|
|
|
buffer_init(&msg); |
buffer_init(&msg); |
|
|
|
#ifdef WITH_SSH1 |
if (key->type == KEY_RSA1) { |
if (key->type == KEY_RSA1) { |
buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
buffer_put_bignum(&msg, key->rsa->e); |
buffer_put_bignum(&msg, key->rsa->e); |
buffer_put_bignum(&msg, key->rsa->n); |
buffer_put_bignum(&msg, key->rsa->n); |
} else if (key->type != KEY_UNSPEC) { |
} else |
|
#endif |
|
if (key->type != KEY_UNSPEC) { |
key_to_blob(key, &blob, &blen); |
key_to_blob(key, &blob, &blen); |
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
buffer_put_string(&msg, blob, blen); |
buffer_put_string(&msg, blob, blen); |