| version 1.31, 2021/10/01 04:50:36 |
version 1.32, 2021/10/28 02:54:18 |
|
|
| fido_credman_metadata_t *metadata = NULL; |
fido_credman_metadata_t *metadata = NULL; |
| fido_credman_rp_t *rp = NULL; |
fido_credman_rp_t *rp = NULL; |
| fido_credman_rk_t *rk = NULL; |
fido_credman_rk_t *rk = NULL; |
| size_t i, j, nrp, nrk; |
size_t i, j, nrp, nrk, user_id_len; |
| const fido_cred_t *cred; |
const fido_cred_t *cred; |
| |
const char *rp_id, *rp_name, *user_name; |
| struct sk_resident_key *srk = NULL, **tmp; |
struct sk_resident_key *srk = NULL, **tmp; |
| |
const u_char *user_id; |
| |
|
| if (pin == NULL) { |
if (pin == NULL) { |
| skdebug(__func__, "no PIN specified"); |
skdebug(__func__, "no PIN specified"); |
|
|
| |
|
| /* Iterate over RP IDs that have resident keys */ |
/* Iterate over RP IDs that have resident keys */ |
| for (i = 0; i < nrp; i++) { |
for (i = 0; i < nrp; i++) { |
| |
rp_id = fido_credman_rp_id(rp, i); |
| |
rp_name = fido_credman_rp_name(rp, i); |
| skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu", |
skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu", |
| i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i), |
i, rp_name == NULL ? "(none)" : rp_name, |
| |
rp_id == NULL ? "(none)" : rp_id, |
| fido_credman_rp_id_hash_len(rp, i)); |
fido_credman_rp_id_hash_len(rp, i)); |
| |
|
| /* Skip non-SSH RP IDs */ |
/* Skip non-SSH RP IDs */ |
| if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0) |
if (rp_id == NULL || |
| |
strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0) |
| continue; |
continue; |
| |
|
| fido_credman_rk_free(&rk); |
fido_credman_rk_free(&rk); |
|
|
| skdebug(__func__, "no RK in slot %zu", j); |
skdebug(__func__, "no RK in slot %zu", j); |
| continue; |
continue; |
| } |
} |
| skdebug(__func__, "Device %s RP \"%s\" slot %zu: " |
if ((user_name = fido_cred_user_name(cred)) == NULL) |
| "type %d flags 0x%02x prot 0x%02x", sk->path, |
user_name = ""; |
| fido_credman_rp_id(rp, i), j, fido_cred_type(cred), |
user_id = fido_cred_user_id_ptr(cred); |
| |
user_id_len = fido_cred_user_id_len(cred); |
| |
skdebug(__func__, "Device %s RP \"%s\" user \"%s\" " |
| |
"uidlen %zu slot %zu: type %d flags 0x%02x " |
| |
"prot 0x%02x", sk->path, rp_id, user_name, |
| |
user_id_len, j, fido_cred_type(cred), |
| fido_cred_flags(cred), fido_cred_prot(cred)); |
fido_cred_flags(cred), fido_cred_prot(cred)); |
| |
|
| /* build response entry */ |
/* build response entry */ |
| if ((srk = calloc(1, sizeof(*srk))) == NULL || |
if ((srk = calloc(1, sizeof(*srk))) == NULL || |
| (srk->key.key_handle = calloc(1, |
(srk->key.key_handle = calloc(1, |
| fido_cred_id_len(cred))) == NULL || |
fido_cred_id_len(cred))) == NULL || |
| (srk->application = strdup(fido_credman_rp_id(rp, |
(srk->application = strdup(rp_id)) == NULL || |
| i))) == NULL) { |
(user_id_len > 0 && |
| |
(srk->user_id = calloc(1, user_id_len)) == NULL)) { |
| skdebug(__func__, "alloc sk_resident_key"); |
skdebug(__func__, "alloc sk_resident_key"); |
| goto out; |
goto out; |
| } |
} |
|
|
| srk->key.key_handle_len = fido_cred_id_len(cred); |
srk->key.key_handle_len = fido_cred_id_len(cred); |
| memcpy(srk->key.key_handle, fido_cred_id_ptr(cred), |
memcpy(srk->key.key_handle, fido_cred_id_ptr(cred), |
| srk->key.key_handle_len); |
srk->key.key_handle_len); |
| |
srk->user_id_len = user_id_len; |
| |
if (srk->user_id_len != 0) |
| |
memcpy(srk->user_id, user_id, srk->user_id_len); |
| |
|
| switch (fido_cred_type(cred)) { |
switch (fido_cred_type(cred)) { |
| case COSE_ES256: |
case COSE_ES256: |
|
|
| free(srk->application); |
free(srk->application); |
| freezero(srk->key.public_key, srk->key.public_key_len); |
freezero(srk->key.public_key, srk->key.public_key_len); |
| freezero(srk->key.key_handle, srk->key.key_handle_len); |
freezero(srk->key.key_handle, srk->key.key_handle_len); |
| |
freezero(srk->user_id, srk->user_id_len); |
| freezero(srk, sizeof(*srk)); |
freezero(srk, sizeof(*srk)); |
| } |
} |
| fido_credman_rp_free(&rp); |
fido_credman_rp_free(&rp); |
|
|
| free(rks[i]->application); |
free(rks[i]->application); |
| freezero(rks[i]->key.public_key, rks[i]->key.public_key_len); |
freezero(rks[i]->key.public_key, rks[i]->key.public_key_len); |
| freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len); |
freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len); |
| |
freezero(rks[i]->user_id, rks[i]->user_id_len); |
| freezero(rks[i], sizeof(*rks[i])); |
freezero(rks[i], sizeof(*rks[i])); |
| } |
} |
| free(rks); |
free(rks); |
![[BACK]](/icons/back.gif){kind=icon}
Return to sk-usbhid.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh