version 1.14, 2019/11/16 23:17:20 |
version 1.15, 2019/11/18 16:08:57 |
|
|
#include <string.h> |
#include <string.h> |
#include <stdio.h> |
#include <stdio.h> |
|
|
|
#ifdef WITH_OPENSSL |
#include <openssl/objects.h> |
#include <openssl/objects.h> |
#include <openssl/ec.h> |
#include <openssl/ec.h> |
|
#endif /* WITH_OPENSSL */ |
|
|
#include "log.h" |
#include "log.h" |
#include "misc.h" |
#include "misc.h" |
|
|
freezero(r, sizeof(*r)); |
freezero(r, sizeof(*r)); |
}; |
}; |
|
|
|
#ifdef WITH_OPENSSL |
/* Assemble key from response */ |
/* Assemble key from response */ |
static int |
static int |
sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
|
|
sshbuf_free(b); |
sshbuf_free(b); |
return r; |
return r; |
} |
} |
|
#endif /* WITH_OPENSSL */ |
|
|
static int |
static int |
sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
|
|
if (attest) |
if (attest) |
sshbuf_reset(attest); |
sshbuf_reset(attest); |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
alg = SSH_SK_ECDSA; |
alg = SSH_SK_ECDSA; |
break; |
break; |
|
#endif /* WITH_OPENSSL */ |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
alg = SSH_SK_ED25519; |
alg = SSH_SK_ED25519; |
break; |
break; |
|
|
goto out; |
goto out; |
} |
} |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) |
if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) |
goto out; |
goto out; |
break; |
break; |
|
#endif /* WITH_OPENSSL */ |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) |
if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) |
goto out; |
goto out; |
|
|
return r; |
return r; |
} |
} |
|
|
|
#ifdef WITH_OPENSSL |
static int |
static int |
sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
{ |
{ |
|
|
sshbuf_free(inner_sig); |
sshbuf_free(inner_sig); |
return r; |
return r; |
} |
} |
|
#endif /* WITH_OPENSSL */ |
|
|
static int |
static int |
sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
|
|
*lenp = 0; |
*lenp = 0; |
type = sshkey_type_plain(key->type); |
type = sshkey_type_plain(key->type); |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
alg = SSH_SK_ECDSA; |
alg = SSH_SK_ECDSA; |
break; |
break; |
|
#endif /* WITH_OPENSSL */ |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
alg = SSH_SK_ED25519; |
alg = SSH_SK_ED25519; |
break; |
break; |
|
|
goto out; |
goto out; |
} |
} |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) |
if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) |
goto out; |
goto out; |
break; |
break; |
|
#endif /* WITH_OPENSSL */ |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
if ((r = sshsk_ed25519_sig(resp, sig)) != 0) |
if ((r = sshsk_ed25519_sig(resp, sig)) != 0) |
goto out; |
goto out; |