version 1.6, 2019/12/30 09:23:28 |
version 1.7, 2020/01/06 02:00:46 |
|
|
return resp; |
return resp; |
} |
} |
|
|
|
/* If the specified string is zero length, then free it and replace with NULL */ |
|
static void |
|
null_empty(char **s) |
|
{ |
|
if (s == NULL || *s == NULL || **s != '\0') |
|
return; |
|
|
|
free(*s); |
|
*s = NULL; |
|
} |
|
|
static struct sshbuf * |
static struct sshbuf * |
process_sign(struct sshbuf *req) |
process_sign(struct sshbuf *req) |
{ |
{ |
|
|
"msg len %zu, compat 0x%lx", __progname, sshkey_type(key), |
"msg len %zu, compat 0x%lx", __progname, sshkey_type(key), |
provider, msglen, (u_long)compat); |
provider, msglen, (u_long)compat); |
|
|
if (*pin == 0) { |
null_empty(&pin); |
free(pin); |
|
pin = NULL; |
|
} |
|
|
|
if ((r = sshsk_sign(provider, key, &sig, &siglen, |
if ((r = sshsk_sign(provider, key, &sig, &siglen, |
message, msglen, compat, pin)) != 0) { |
message, msglen, compat, pin)) != 0) { |
|
|
{ |
{ |
int r; |
int r; |
u_int type; |
u_int type; |
char *provider, *application, *pin; |
char *provider, *application, *pin, *device, *userid; |
uint8_t flags; |
uint8_t flags; |
struct sshbuf *challenge, *attest, *kbuf, *resp; |
struct sshbuf *challenge, *attest, *kbuf, *resp; |
struct sshkey *key; |
struct sshkey *key; |
|
|
|
|
if ((r = sshbuf_get_u32(req, &type)) != 0 || |
if ((r = sshbuf_get_u32(req, &type)) != 0 || |
(r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || |
(r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || |
|
(r = sshbuf_get_cstring(req, &device, NULL)) != 0 || |
(r = sshbuf_get_cstring(req, &application, NULL)) != 0 || |
(r = sshbuf_get_cstring(req, &application, NULL)) != 0 || |
|
(r = sshbuf_get_cstring(req, &userid, NULL)) != 0 || |
(r = sshbuf_get_u8(req, &flags)) != 0 || |
(r = sshbuf_get_u8(req, &flags)) != 0 || |
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0 || |
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0 || |
(r = sshbuf_froms(req, &challenge)) != 0) |
(r = sshbuf_froms(req, &challenge)) != 0) |
|
|
sshbuf_free(challenge); |
sshbuf_free(challenge); |
challenge = NULL; |
challenge = NULL; |
} |
} |
if (*pin == 0) { |
null_empty(&device); |
free(pin); |
null_empty(&userid); |
pin = NULL; |
null_empty(&pin); |
} |
|
|
|
if ((r = sshsk_enroll((int)type, provider, application, flags, pin, |
if ((r = sshsk_enroll((int)type, provider, device, application, userid, |
challenge, &key, attest)) != 0) { |
flags, pin, challenge, &key, attest)) != 0) { |
resp = reply_error(r, "Enrollment failed: %s", ssh_err(r)); |
resp = reply_error(r, "Enrollment failed: %s", ssh_err(r)); |
goto out; |
goto out; |
} |
} |
|
|
process_load_resident(struct sshbuf *req) |
process_load_resident(struct sshbuf *req) |
{ |
{ |
int r; |
int r; |
char *provider, *pin; |
char *provider, *pin, *device; |
struct sshbuf *kbuf, *resp; |
struct sshbuf *kbuf, *resp; |
struct sshkey **keys = NULL; |
struct sshkey **keys = NULL; |
size_t nkeys = 0, i; |
size_t nkeys = 0, i; |
|
|
fatal("%s: sshbuf_new failed", __progname); |
fatal("%s: sshbuf_new failed", __progname); |
|
|
if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || |
if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || |
|
(r = sshbuf_get_cstring(req, &device, NULL)) != 0 || |
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0) |
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0) |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
if (sshbuf_len(req) != 0) |
if (sshbuf_len(req) != 0) |
fatal("%s: trailing data in request", __progname); |
fatal("%s: trailing data in request", __progname); |
|
|
if (*pin == 0) { |
null_empty(&device); |
free(pin); |
null_empty(&pin); |
pin = NULL; |
|
} |
|
|
|
if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) { |
if ((r = sshsk_load_resident(provider, device, pin, |
|
&keys, &nkeys)) != 0) { |
resp = reply_error(r, " sshsk_load_resident failed: %s", |
resp = reply_error(r, " sshsk_load_resident failed: %s", |
ssh_err(r)); |
ssh_err(r)); |
goto out; |
goto out; |