version 1.359, 2022/07/01 03:39:44 |
version 1.360, 2022/08/19 06:07:47 |
|
|
const u_char *data, size_t datalen, u_int compat, const char *alg) |
const u_char *data, size_t datalen, u_int compat, const char *alg) |
{ |
{ |
struct sshkey *sign_key = NULL, *prv = NULL; |
struct sshkey *sign_key = NULL, *prv = NULL; |
int retried = 0, r = SSH_ERR_INTERNAL_ERROR; |
int is_agent = 0, retried = 0, r = SSH_ERR_INTERNAL_ERROR; |
struct notifier_ctx *notifier = NULL; |
struct notifier_ctx *notifier = NULL; |
char *fp = NULL, *pin = NULL, *prompt = NULL; |
char *fp = NULL, *pin = NULL, *prompt = NULL; |
|
|
|
|
if (id->key != NULL && |
if (id->key != NULL && |
(id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) { |
(id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) { |
sign_key = id->key; |
sign_key = id->key; |
|
is_agent = 1; |
} else { |
} else { |
/* Load the private key from the file. */ |
/* Load the private key from the file. */ |
if ((prv = load_identity_file(id)) == NULL) |
if ((prv = load_identity_file(id)) == NULL) |
|
|
goto out; |
goto out; |
} |
} |
sign_key = prv; |
sign_key = prv; |
if (sshkey_is_sk(sign_key)) { |
} |
if ((sign_key->sk_flags & |
|
SSH_SK_USER_VERIFICATION_REQD)) { |
|
retry_pin: |
retry_pin: |
xasprintf(&prompt, "Enter PIN for %s key %s: ", |
/* Prompt for touch for non-agent FIDO keys that request UP */ |
sshkey_type(sign_key), id->filename); |
if (!is_agent && sshkey_is_sk(sign_key) && |
pin = read_passphrase(prompt, 0); |
(sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
} |
/* XXX should batch mode just skip these? */ |
if ((sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { |
if ((fp = sshkey_fingerprint(sign_key, |
/* XXX should batch mode just skip these? */ |
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) |
if ((fp = sshkey_fingerprint(sign_key, |
fatal_f("fingerprint failed"); |
options.fingerprint_hash, |
notifier = notify_start(options.batch_mode, |
SSH_FP_DEFAULT)) == NULL) |
"Confirm user presence for key %s %s", |
fatal_f("fingerprint failed"); |
sshkey_type(sign_key), fp); |
notifier = notify_start(options.batch_mode, |
free(fp); |
"Confirm user presence for key %s %s", |
|
sshkey_type(sign_key), fp); |
|
free(fp); |
|
} |
|
} |
|
} |
} |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
alg, options.sk_provider, pin, compat)) != 0) { |
alg, options.sk_provider, pin, compat)) != 0) { |
debug_fr(r, "sshkey_sign"); |
debug_fr(r, "sshkey_sign"); |
if (pin == NULL && !retried && sshkey_is_sk(sign_key) && |
if (!retried && pin == NULL && !is_agent && |
|
sshkey_is_sk(sign_key) && |
r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
notify_complete(notifier, NULL); |
notify_complete(notifier, NULL); |
notifier = NULL; |
notifier = NULL; |
|
xasprintf(&prompt, "Enter PIN for %s key %s: ", |
|
sshkey_type(sign_key), id->filename); |
|
pin = read_passphrase(prompt, 0); |
retried = 1; |
retried = 1; |
goto retry_pin; |
goto retry_pin; |
} |
} |