diff options
| author | Damien Miller <djm@mindrot.org> | 2000-07-21 10:19:44 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-07-21 10:19:44 +1000 |
| commit | 994cf1426d176e2ee9ba310416544c325e04b155 (patch) | |
| tree | 8e8978bcec4c8a2aa83533936f90e7c3070e9def /authfd.c | |
| parent | 9dec7762798a4f9268e6033945c6dde44925d853 (diff) | |
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/07/16 02:27:22
[authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c]
make ssh-add accept dsa keys (the agent does not)
- djm@cvs.openbsd.org 2000/07/17 19:25:02
[sshd.c]
Another closing of stdin; ok deraadt
- markus@cvs.openbsd.org 2000/07/19 18:33:12
[dsa.c]
missing free, reorder
- markus@cvs.openbsd.org 2000/07/20 16:23:14
[ssh-keygen.1]
document input and output files
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 73 |
1 files changed, 54 insertions, 19 deletions
@@ -14,17 +14,21 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.22 2000/07/16 08:27:20 markus Exp $"); #include "ssh.h" #include "rsa.h" -#include "authfd.h" #include "buffer.h" #include "bufaux.h" #include "xmalloc.h" #include "getput.h" #include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/evp.h> +#include "key.h" +#include "authfd.h" +#include "kex.h" /* helper */ int ssh_agent_get_reply(AuthenticationConnection *auth); @@ -138,10 +142,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, * Send a message to the agent requesting for a list of the * identities it can represent. */ - msg[0] = 0; - msg[1] = 0; - msg[2] = 0; - msg[3] = 1; + PUT_32BIT(msg, 1); msg[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES; if (atomicio(write, auth->fd, msg, 5) != 5) { error("write auth->fd: %.100s", strerror(errno)); @@ -336,31 +337,64 @@ error_cleanup: return 1; } +/* Encode key for a message to the agent. */ + +void +ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) +{ + buffer_clear(b); + buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); + buffer_put_int(b, BN_num_bits(key->n)); + buffer_put_bignum(b, key->n); + buffer_put_bignum(b, key->e); + buffer_put_bignum(b, key->d); + /* To keep within the protocol: p < q for ssh. in SSL p > q */ + buffer_put_bignum(b, key->iqmp); /* ssh key->u */ + buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ + buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ + buffer_put_string(b, comment, strlen(comment)); +} + +void +ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment) +{ + buffer_clear(b); + buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); + buffer_put_cstring(b, KEX_DSS); + buffer_put_bignum2(b, key->p); + buffer_put_bignum2(b, key->q); + buffer_put_bignum2(b, key->g); + buffer_put_bignum2(b, key->pub_key); + buffer_put_bignum2(b, key->priv_key); + buffer_put_string(b, comment, strlen(comment)); +} + /* * Adds an identity to the authentication server. This call is not meant to * be used by normal applications. */ int -ssh_add_identity(AuthenticationConnection *auth, - RSA * key, const char *comment) +ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) { Buffer buffer; unsigned char buf[8192]; int len; - /* Format a message to the agent. */ buffer_init(&buffer); - buffer_put_char(&buffer, SSH_AGENTC_ADD_RSA_IDENTITY); - buffer_put_int(&buffer, BN_num_bits(key->n)); - buffer_put_bignum(&buffer, key->n); - buffer_put_bignum(&buffer, key->e); - buffer_put_bignum(&buffer, key->d); - /* To keep within the protocol: p < q for ssh. in SSL p > q */ - buffer_put_bignum(&buffer, key->iqmp); /* ssh key->u */ - buffer_put_bignum(&buffer, key->q); /* ssh key->p, SSL key->q */ - buffer_put_bignum(&buffer, key->p); /* ssh key->q, SSL key->p */ - buffer_put_string(&buffer, comment, strlen(comment)); + + switch (key->type) { + case KEY_RSA: + ssh_encode_identity_rsa(&buffer, key->rsa, comment); + break; + case KEY_DSA: + ssh_encode_identity_dsa(&buffer, key->dsa, comment); + break; + default: + buffer_free(&buffer); + return 0; + break; + } /* Get the length of the message, and format it in the buffer. */ len = buffer_len(&buffer); @@ -487,6 +521,7 @@ ssh_agent_get_reply(AuthenticationConnection *auth) buffer_free(&buffer); switch (type) { case SSH_AGENT_FAILURE: +log("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: return 1; |