mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
2005-02-19 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do not use elems_secret member of key_spec. (ssh_key_type_spec): Removed member: elems_secret. (ssh_key_types): Removed elems_secret data. (ssh_sexp_construct): Renamed to ... (sexp_key_construct): ... this; changed callers. (ssh_sexp_extract): Renamed to ... (sexp_key_extract): ... this; changed callers. (ssh_sexp_extract_key_type): Renamed to ... (sexp_extract_identifier): ... this; changed callers; use make_cstring(). Added more comments.
This commit is contained in:
parent
cd42f5e45f
commit
823eaefb0b
@ -1,3 +1,18 @@
|
|||||||
|
2005-02-19 Moritz Schulte <moritz@g10code.com>
|
||||||
|
|
||||||
|
* command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do
|
||||||
|
not use elems_secret member of key_spec.
|
||||||
|
(ssh_key_type_spec): Removed member: elems_secret.
|
||||||
|
(ssh_key_types): Removed elems_secret data.
|
||||||
|
(ssh_sexp_construct): Renamed to ...
|
||||||
|
(sexp_key_construct): ... this; changed callers.
|
||||||
|
(ssh_sexp_extract): Renamed to ...
|
||||||
|
(sexp_key_extract): ... this; changed callers.
|
||||||
|
(ssh_sexp_extract_key_type): Renamed to ...
|
||||||
|
(sexp_extract_identifier): ... this; changed callers; use
|
||||||
|
make_cstring().
|
||||||
|
Added more comments.
|
||||||
|
|
||||||
2005-02-18 Moritz Schulte <moritz@g10code.com>
|
2005-02-18 Moritz Schulte <moritz@g10code.com>
|
||||||
|
|
||||||
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
|
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
|
||||||
|
@ -75,12 +75,17 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Basic types. */
|
/*
|
||||||
|
* Basic types.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Type for a request handler. */
|
||||||
typedef gpg_error_t (*ssh_request_handler_t) (ctrl_t ctrl,
|
typedef gpg_error_t (*ssh_request_handler_t) (ctrl_t ctrl,
|
||||||
estream_t request,
|
estream_t request,
|
||||||
estream_t response);
|
estream_t response);
|
||||||
|
|
||||||
|
/* Type, which is used for associating request handlers with the
|
||||||
|
appropriate request IDs. */
|
||||||
typedef struct ssh_request_spec
|
typedef struct ssh_request_spec
|
||||||
{
|
{
|
||||||
unsigned char type;
|
unsigned char type;
|
||||||
@ -88,22 +93,51 @@ typedef struct ssh_request_spec
|
|||||||
const char *identifier;
|
const char *identifier;
|
||||||
} ssh_request_spec_t;
|
} ssh_request_spec_t;
|
||||||
|
|
||||||
|
/* Type for "key modifier functions", which are necessary since
|
||||||
|
OpenSSH and GnuPG treat key material slightly different. A key
|
||||||
|
modifier is called right after a new key identity has been received
|
||||||
|
in order to "sanitize" the material. */
|
||||||
typedef gpg_error_t (*ssh_key_modifier_t) (const char *elems,
|
typedef gpg_error_t (*ssh_key_modifier_t) (const char *elems,
|
||||||
gcry_mpi_t *mpis);
|
gcry_mpi_t *mpis);
|
||||||
|
|
||||||
|
/* The encoding of a generated signature is dependent on the
|
||||||
|
algorithm; therefore algorithm specific signature encoding
|
||||||
|
functions are necessary. */
|
||||||
typedef gpg_error_t (*ssh_signature_encoder_t) (estream_t signature_blob,
|
typedef gpg_error_t (*ssh_signature_encoder_t) (estream_t signature_blob,
|
||||||
gcry_mpi_t *mpis);
|
gcry_mpi_t *mpis);
|
||||||
|
|
||||||
|
/* Type, which is used for boundling all the algorithm specific
|
||||||
|
information together in a single object. */
|
||||||
typedef struct ssh_key_type_spec
|
typedef struct ssh_key_type_spec
|
||||||
{
|
{
|
||||||
|
/* Algorithm identifier as used by OpenSSH. */
|
||||||
const char *ssh_identifier;
|
const char *ssh_identifier;
|
||||||
|
|
||||||
|
/* Algorithm identifier as used by GnuPG. */
|
||||||
const char *identifier;
|
const char *identifier;
|
||||||
|
|
||||||
|
/* List of MPI names for secret keys; order matches the one of the
|
||||||
|
agent protocol. */
|
||||||
const char *elems_key_secret;
|
const char *elems_key_secret;
|
||||||
|
|
||||||
|
/* List of MPI names for public keys; order matches the one of the
|
||||||
|
agent protocol. */
|
||||||
const char *elems_key_public;
|
const char *elems_key_public;
|
||||||
const char *elems_secret;
|
|
||||||
|
/* List of MPI names for signature data. */
|
||||||
const char *elems_signature;
|
const char *elems_signature;
|
||||||
|
|
||||||
|
/* List of MPI names for secret keys; order matches the one, which
|
||||||
|
is required by gpg-agent's key access layer. */
|
||||||
const char *elems_sexp_order;
|
const char *elems_sexp_order;
|
||||||
|
|
||||||
|
/* Key modifier function. */
|
||||||
ssh_key_modifier_t key_modifier;
|
ssh_key_modifier_t key_modifier;
|
||||||
|
|
||||||
|
/* Signature encoder function. */
|
||||||
ssh_signature_encoder_t signature_encoder;
|
ssh_signature_encoder_t signature_encoder;
|
||||||
|
|
||||||
|
/* Misc flags. */
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
} ssh_key_type_spec_t;
|
} ssh_key_type_spec_t;
|
||||||
|
|
||||||
@ -166,12 +200,12 @@ static ssh_request_spec_t request_specs[] =
|
|||||||
static ssh_key_type_spec_t ssh_key_types[] =
|
static ssh_key_type_spec_t ssh_key_types[] =
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
"ssh-rsa", "rsa", "nedupq", "en", "dupq", "s", "nedpqu",
|
"ssh-rsa", "rsa", "nedupq", "en", "s", "nedpqu",
|
||||||
ssh_key_modifier_rsa, ssh_signature_encoder_rsa,
|
ssh_key_modifier_rsa, ssh_signature_encoder_rsa,
|
||||||
SPEC_FLAG_USE_PKCS1V2
|
SPEC_FLAG_USE_PKCS1V2
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ssh-dss", "dsa", "pqgyx", "pqgy", "x", "rs", "pqgyx",
|
"ssh-dss", "dsa", "pqgyx", "pqgy", "rs", "pqgyx",
|
||||||
NULL, ssh_signature_encoder_dsa,
|
NULL, ssh_signature_encoder_dsa,
|
||||||
0
|
0
|
||||||
},
|
},
|
||||||
@ -206,7 +240,8 @@ realloc_secure (void *a, size_t n)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Create and return a new C-string from DATA/DATA_N (i.e.: add
|
||||||
|
NUL-termination); return NULL on OOM. */
|
||||||
static char *
|
static char *
|
||||||
make_cstring (const char *data, size_t data_n)
|
make_cstring (const char *data, size_t data_n)
|
||||||
{
|
{
|
||||||
@ -604,6 +639,7 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* Free the list of MPIs MPI_LIST. */
|
||||||
static void
|
static void
|
||||||
mpint_list_free (gcry_mpi_t *mpi_list)
|
mpint_list_free (gcry_mpi_t *mpi_list)
|
||||||
{
|
{
|
||||||
@ -622,29 +658,27 @@ static gpg_error_t
|
|||||||
ssh_receive_mpint_list (estream_t stream, int secret,
|
ssh_receive_mpint_list (estream_t stream, int secret,
|
||||||
ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list)
|
ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list)
|
||||||
{
|
{
|
||||||
const char *elems_secret;
|
unsigned int elems_public_n;
|
||||||
const char *elems;
|
const char *elems_public;
|
||||||
unsigned int elems_n;
|
unsigned int elems_n;
|
||||||
gcry_mpi_t *mpis;
|
const char *elems;
|
||||||
unsigned int i;
|
|
||||||
gpg_error_t err;
|
|
||||||
int elem_is_secret;
|
int elem_is_secret;
|
||||||
|
gcry_mpi_t *mpis;
|
||||||
|
gpg_error_t err;
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
mpis = NULL;
|
mpis = NULL;
|
||||||
err = 0;
|
err = 0;
|
||||||
|
|
||||||
if (secret)
|
if (secret)
|
||||||
{
|
elems = key_spec.elems_key_secret;
|
||||||
elems = key_spec.elems_key_secret;
|
|
||||||
elems_secret = key_spec.elems_secret;
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
elems = key_spec.elems_key_public;
|
||||||
elems = key_spec.elems_key_public;
|
|
||||||
elems_secret = "";
|
|
||||||
}
|
|
||||||
elems_n = strlen (elems);
|
elems_n = strlen (elems);
|
||||||
|
|
||||||
|
elems_public = key_spec.elems_key_public;
|
||||||
|
elems_public_n = strlen (elems_public);
|
||||||
|
|
||||||
mpis = xtrymalloc (sizeof (*mpis) * (elems_n + 1));
|
mpis = xtrymalloc (sizeof (*mpis) * (elems_n + 1));
|
||||||
if (! mpis)
|
if (! mpis)
|
||||||
{
|
{
|
||||||
@ -654,9 +688,11 @@ ssh_receive_mpint_list (estream_t stream, int secret,
|
|||||||
|
|
||||||
memset (mpis, 0, sizeof (*mpis) * (elems_n + 1));
|
memset (mpis, 0, sizeof (*mpis) * (elems_n + 1));
|
||||||
|
|
||||||
|
elem_is_secret = 0;
|
||||||
for (i = 0; i < elems_n; i++)
|
for (i = 0; i < elems_n; i++)
|
||||||
{
|
{
|
||||||
elem_is_secret = strchr (elems_secret, elems[i]) ? 1 : 0;
|
if (secret)
|
||||||
|
elem_is_secret = ! strchr (elems_public, elems[i]);
|
||||||
err = stream_read_mpi (stream, elem_is_secret, &mpis[i]);
|
err = stream_read_mpi (stream, elem_is_secret, &mpis[i]);
|
||||||
if (err)
|
if (err)
|
||||||
break;
|
break;
|
||||||
@ -676,6 +712,7 @@ ssh_receive_mpint_list (estream_t stream, int secret,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Key modifier function for RSA. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis)
|
ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis)
|
||||||
{
|
{
|
||||||
@ -709,6 +746,7 @@ ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Signature encoder function for RSA. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
||||||
{
|
{
|
||||||
@ -732,7 +770,7 @@ ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Signature encoder function for DSA. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
||||||
{
|
{
|
||||||
@ -781,9 +819,9 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
/* */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_sexp_construct (gcry_sexp_t *sexp,
|
sexp_key_construct (gcry_sexp_t *sexp,
|
||||||
ssh_key_type_spec_t key_spec, int secret,
|
ssh_key_type_spec_t key_spec, int secret,
|
||||||
gcry_mpi_t *mpis, const char *comment)
|
gcry_mpi_t *mpis, const char *comment)
|
||||||
{
|
{
|
||||||
@ -871,8 +909,9 @@ ssh_sexp_construct (gcry_sexp_t *sexp,
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_sexp_extract (gcry_sexp_t sexp,
|
sexp_key_extract (gcry_sexp_t sexp,
|
||||||
ssh_key_type_spec_t key_spec, int *secret,
|
ssh_key_type_spec_t key_spec, int *secret,
|
||||||
gcry_mpi_t **mpis, const char **comment)
|
gcry_mpi_t **mpis, const char **comment)
|
||||||
{
|
{
|
||||||
@ -1002,17 +1041,19 @@ ssh_sexp_extract (gcry_sexp_t sexp,
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Extract the car from SEXP, and create a newly created C-string it,
|
||||||
|
which is to be stored in IDENTIFIER. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_sexp_extract_key_type (gcry_sexp_t sexp, const char **key_type)
|
sexp_extract_identifier (gcry_sexp_t sexp, const char **identifier)
|
||||||
{
|
{
|
||||||
|
char *identifier_new;
|
||||||
gcry_sexp_t sublist;
|
gcry_sexp_t sublist;
|
||||||
char *key_type_new;
|
|
||||||
const char *data;
|
const char *data;
|
||||||
size_t data_n;
|
size_t data_n;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
|
|
||||||
|
identifier_new = NULL;
|
||||||
err = 0;
|
err = 0;
|
||||||
key_type_new = NULL;
|
|
||||||
|
|
||||||
sublist = gcry_sexp_nth (sexp, 1);
|
sublist = gcry_sexp_nth (sexp, 1);
|
||||||
if (! sublist)
|
if (! sublist)
|
||||||
@ -1028,16 +1069,14 @@ ssh_sexp_extract_key_type (gcry_sexp_t sexp, const char **key_type)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
key_type_new = xtrymalloc (data_n + 1);
|
identifier_new = make_cstring (data, data_n);
|
||||||
if (! key_type_new)
|
if (! identifier_new)
|
||||||
{
|
{
|
||||||
err = gpg_error_from_errno (errno);
|
err = gpg_err_code_from_errno (errno);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
strncpy (key_type_new, data, data_n);
|
*identifier = identifier_new;
|
||||||
key_type_new[data_n] = 0;
|
|
||||||
*key_type = key_type_new;
|
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
@ -1121,7 +1160,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = ssh_sexp_construct (&key, spec, secret, mpi_list, comment);
|
err = sexp_key_construct (&key, spec, secret, mpi_list, comment);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
@ -1221,7 +1260,7 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public)
|
|||||||
comment = NULL;
|
comment = NULL;
|
||||||
blob = NULL;
|
blob = NULL;
|
||||||
|
|
||||||
err = ssh_sexp_extract_key_type (key_public, &key_type);
|
err = sexp_extract_identifier (key_public, &key_type);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
@ -1229,7 +1268,7 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public)
|
|||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
err = ssh_sexp_extract (key_public, spec, NULL, &mpi_list, &comment);
|
err = sexp_key_extract (key_public, spec, NULL, &mpi_list, &comment);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
@ -1303,11 +1342,11 @@ key_secret_to_public (gcry_sexp_t *key_public,
|
|||||||
comment = NULL;
|
comment = NULL;
|
||||||
mpis = NULL;
|
mpis = NULL;
|
||||||
|
|
||||||
err = ssh_sexp_extract (key_secret, spec, &is_secret, &mpis, &comment);
|
err = sexp_key_extract (key_secret, spec, &is_secret, &mpis, &comment);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
err = ssh_sexp_construct (key_public, spec, 0, mpis, comment);
|
err = sexp_key_construct (key_public, spec, 0, mpis, comment);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
@ -1415,7 +1454,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
|
|||||||
xfree (buffer);
|
xfree (buffer);
|
||||||
buffer = NULL;
|
buffer = NULL;
|
||||||
|
|
||||||
err = ssh_sexp_extract_key_type (key_secret, &key_type);
|
err = sexp_extract_identifier (key_secret, &key_type);
|
||||||
if (err)
|
if (err)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user