version 1.31, 2021/10/01 04:50:36 |
version 1.32, 2021/10/28 02:54:18 |
|
|
fido_credman_metadata_t *metadata = NULL; |
fido_credman_metadata_t *metadata = NULL; |
fido_credman_rp_t *rp = NULL; |
fido_credman_rp_t *rp = NULL; |
fido_credman_rk_t *rk = NULL; |
fido_credman_rk_t *rk = NULL; |
size_t i, j, nrp, nrk; |
size_t i, j, nrp, nrk, user_id_len; |
const fido_cred_t *cred; |
const fido_cred_t *cred; |
|
const char *rp_id, *rp_name, *user_name; |
struct sk_resident_key *srk = NULL, **tmp; |
struct sk_resident_key *srk = NULL, **tmp; |
|
const u_char *user_id; |
|
|
if (pin == NULL) { |
if (pin == NULL) { |
skdebug(__func__, "no PIN specified"); |
skdebug(__func__, "no PIN specified"); |
|
|
|
|
/* Iterate over RP IDs that have resident keys */ |
/* Iterate over RP IDs that have resident keys */ |
for (i = 0; i < nrp; i++) { |
for (i = 0; i < nrp; i++) { |
|
rp_id = fido_credman_rp_id(rp, i); |
|
rp_name = fido_credman_rp_name(rp, i); |
skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu", |
skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu", |
i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i), |
i, rp_name == NULL ? "(none)" : rp_name, |
|
rp_id == NULL ? "(none)" : rp_id, |
fido_credman_rp_id_hash_len(rp, i)); |
fido_credman_rp_id_hash_len(rp, i)); |
|
|
/* Skip non-SSH RP IDs */ |
/* Skip non-SSH RP IDs */ |
if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0) |
if (rp_id == NULL || |
|
strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0) |
continue; |
continue; |
|
|
fido_credman_rk_free(&rk); |
fido_credman_rk_free(&rk); |
|
|
skdebug(__func__, "no RK in slot %zu", j); |
skdebug(__func__, "no RK in slot %zu", j); |
continue; |
continue; |
} |
} |
skdebug(__func__, "Device %s RP \"%s\" slot %zu: " |
if ((user_name = fido_cred_user_name(cred)) == NULL) |
"type %d flags 0x%02x prot 0x%02x", sk->path, |
user_name = ""; |
fido_credman_rp_id(rp, i), j, fido_cred_type(cred), |
user_id = fido_cred_user_id_ptr(cred); |
|
user_id_len = fido_cred_user_id_len(cred); |
|
skdebug(__func__, "Device %s RP \"%s\" user \"%s\" " |
|
"uidlen %zu slot %zu: type %d flags 0x%02x " |
|
"prot 0x%02x", sk->path, rp_id, user_name, |
|
user_id_len, j, fido_cred_type(cred), |
fido_cred_flags(cred), fido_cred_prot(cred)); |
fido_cred_flags(cred), fido_cred_prot(cred)); |
|
|
/* build response entry */ |
/* build response entry */ |
if ((srk = calloc(1, sizeof(*srk))) == NULL || |
if ((srk = calloc(1, sizeof(*srk))) == NULL || |
(srk->key.key_handle = calloc(1, |
(srk->key.key_handle = calloc(1, |
fido_cred_id_len(cred))) == NULL || |
fido_cred_id_len(cred))) == NULL || |
(srk->application = strdup(fido_credman_rp_id(rp, |
(srk->application = strdup(rp_id)) == NULL || |
i))) == NULL) { |
(user_id_len > 0 && |
|
(srk->user_id = calloc(1, user_id_len)) == NULL)) { |
skdebug(__func__, "alloc sk_resident_key"); |
skdebug(__func__, "alloc sk_resident_key"); |
goto out; |
goto out; |
} |
} |
|
|
srk->key.key_handle_len = fido_cred_id_len(cred); |
srk->key.key_handle_len = fido_cred_id_len(cred); |
memcpy(srk->key.key_handle, fido_cred_id_ptr(cred), |
memcpy(srk->key.key_handle, fido_cred_id_ptr(cred), |
srk->key.key_handle_len); |
srk->key.key_handle_len); |
|
srk->user_id_len = user_id_len; |
|
if (srk->user_id_len != 0) |
|
memcpy(srk->user_id, user_id, srk->user_id_len); |
|
|
switch (fido_cred_type(cred)) { |
switch (fido_cred_type(cred)) { |
case COSE_ES256: |
case COSE_ES256: |
|
|
free(srk->application); |
free(srk->application); |
freezero(srk->key.public_key, srk->key.public_key_len); |
freezero(srk->key.public_key, srk->key.public_key_len); |
freezero(srk->key.key_handle, srk->key.key_handle_len); |
freezero(srk->key.key_handle, srk->key.key_handle_len); |
|
freezero(srk->user_id, srk->user_id_len); |
freezero(srk, sizeof(*srk)); |
freezero(srk, sizeof(*srk)); |
} |
} |
fido_credman_rp_free(&rp); |
fido_credman_rp_free(&rp); |
|
|
free(rks[i]->application); |
free(rks[i]->application); |
freezero(rks[i]->key.public_key, rks[i]->key.public_key_len); |
freezero(rks[i]->key.public_key, rks[i]->key.public_key_len); |
freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len); |
freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len); |
|
freezero(rks[i]->user_id, rks[i]->user_id_len); |
freezero(rks[i], sizeof(*rks[i])); |
freezero(rks[i], sizeof(*rks[i])); |
} |
} |
free(rks); |
free(rks); |