otto@openbsd.org | 0323d9b | 2019-06-06 05:13:13 +0000 | [diff] [blame] | 1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.19 2019/06/06 05:13:13 otto Exp $ */ |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
| 4 | * |
| 5 | * Permission to use, copy, modify, and distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above |
| 7 | * copyright notice and this permission notice appear in all copies. |
| 8 | * |
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | */ |
| 17 | |
Damien Miller | 8ad0fbd | 2010-02-12 09:49:06 +1100 | [diff] [blame] | 18 | #include "includes.h" |
| 19 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 20 | #include <sys/types.h> |
Damien Miller | 8ad0fbd | 2010-02-12 09:49:06 +1100 | [diff] [blame] | 21 | #ifdef HAVE_SYS_TIME_H |
| 22 | # include <sys/time.h> |
| 23 | #endif |
| 24 | |
| 25 | #include "openbsd-compat/sys-queue.h" |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 26 | |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 27 | #include <errno.h> |
| 28 | #include <poll.h> |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 29 | #include <stdarg.h> |
| 30 | #include <string.h> |
| 31 | #include <unistd.h> |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 32 | |
| 33 | #include "xmalloc.h" |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 34 | #include "sshbuf.h" |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 35 | #include "log.h" |
| 36 | #include "misc.h" |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 37 | #include "sshkey.h" |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 38 | #include "authfd.h" |
| 39 | #include "ssh-pkcs11.h" |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 40 | #include "ssherr.h" |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 41 | |
Damien Miller | 47f9a41 | 2010-03-14 08:37:49 +1100 | [diff] [blame] | 42 | #ifdef ENABLE_PKCS11 |
| 43 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 44 | /* borrows code from sftp-server and ssh-agent */ |
| 45 | |
| 46 | struct pkcs11_keyinfo { |
markus@openbsd.org | 54d90ac | 2017-05-30 08:52:19 +0000 | [diff] [blame] | 47 | struct sshkey *key; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 48 | char *providername; |
| 49 | TAILQ_ENTRY(pkcs11_keyinfo) next; |
| 50 | }; |
| 51 | |
| 52 | TAILQ_HEAD(, pkcs11_keyinfo) pkcs11_keylist; |
| 53 | |
| 54 | #define MAX_MSG_LENGTH 10240 /*XXX*/ |
| 55 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 56 | /* input and output queue */ |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 57 | struct sshbuf *iqueue; |
| 58 | struct sshbuf *oqueue; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 59 | |
| 60 | static void |
markus@openbsd.org | 54d90ac | 2017-05-30 08:52:19 +0000 | [diff] [blame] | 61 | add_key(struct sshkey *k, char *name) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 62 | { |
| 63 | struct pkcs11_keyinfo *ki; |
| 64 | |
| 65 | ki = xcalloc(1, sizeof(*ki)); |
| 66 | ki->providername = xstrdup(name); |
| 67 | ki->key = k; |
| 68 | TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next); |
| 69 | } |
| 70 | |
| 71 | static void |
| 72 | del_keys_by_name(char *name) |
| 73 | { |
| 74 | struct pkcs11_keyinfo *ki, *nxt; |
| 75 | |
| 76 | for (ki = TAILQ_FIRST(&pkcs11_keylist); ki; ki = nxt) { |
| 77 | nxt = TAILQ_NEXT(ki, next); |
| 78 | if (!strcmp(ki->providername, name)) { |
| 79 | TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 80 | free(ki->providername); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 81 | sshkey_free(ki->key); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 82 | free(ki); |
| 83 | } |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | /* lookup matching 'private' key */ |
markus@openbsd.org | 54d90ac | 2017-05-30 08:52:19 +0000 | [diff] [blame] | 88 | static struct sshkey * |
| 89 | lookup_key(struct sshkey *k) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 90 | { |
| 91 | struct pkcs11_keyinfo *ki; |
| 92 | |
| 93 | TAILQ_FOREACH(ki, &pkcs11_keylist, next) { |
| 94 | debug("check %p %s", ki, ki->providername); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 95 | if (sshkey_equal(k, ki->key)) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 96 | return (ki->key); |
| 97 | } |
| 98 | return (NULL); |
| 99 | } |
| 100 | |
| 101 | static void |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 102 | send_msg(struct sshbuf *m) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 103 | { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 104 | int r; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 105 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 106 | if ((r = sshbuf_put_stringb(oqueue, m)) != 0) |
| 107 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 108 | } |
| 109 | |
| 110 | static void |
| 111 | process_add(void) |
| 112 | { |
| 113 | char *name, *pin; |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 114 | struct sshkey **keys = NULL; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 115 | int r, i, nkeys; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 116 | u_char *blob; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 117 | size_t blen; |
| 118 | struct sshbuf *msg; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 119 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 120 | if ((msg = sshbuf_new()) == NULL) |
| 121 | fatal("%s: sshbuf_new failed", __func__); |
| 122 | if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
| 123 | (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
| 124 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 125 | if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 126 | if ((r = sshbuf_put_u8(msg, |
| 127 | SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
| 128 | (r = sshbuf_put_u32(msg, nkeys)) != 0) |
| 129 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 130 | for (i = 0; i < nkeys; i++) { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 131 | if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { |
| 132 | debug("%s: sshkey_to_blob: %s", |
| 133 | __func__, ssh_err(r)); |
Damien Miller | f1e44ea | 2013-12-05 10:23:21 +1100 | [diff] [blame] | 134 | continue; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 135 | } |
| 136 | if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
| 137 | (r = sshbuf_put_cstring(msg, name)) != 0) |
| 138 | fatal("%s: buffer error: %s", |
| 139 | __func__, ssh_err(r)); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 140 | free(blob); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 141 | add_key(keys[i], name); |
| 142 | } |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 143 | } else { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 144 | if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
| 145 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 146 | if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) |
| 147 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 148 | } |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 149 | free(keys); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 150 | free(pin); |
| 151 | free(name); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 152 | send_msg(msg); |
| 153 | sshbuf_free(msg); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 154 | } |
| 155 | |
| 156 | static void |
| 157 | process_del(void) |
| 158 | { |
| 159 | char *name, *pin; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 160 | struct sshbuf *msg; |
| 161 | int r; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 162 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 163 | if ((msg = sshbuf_new()) == NULL) |
| 164 | fatal("%s: sshbuf_new failed", __func__); |
| 165 | if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
| 166 | (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
| 167 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 168 | del_keys_by_name(name); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 169 | if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? |
| 170 | SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) |
| 171 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 172 | free(pin); |
| 173 | free(name); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 174 | send_msg(msg); |
| 175 | sshbuf_free(msg); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | static void |
| 179 | process_sign(void) |
| 180 | { |
| 181 | u_char *blob, *data, *signature = NULL; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 182 | size_t blen, dlen, slen = 0; |
| 183 | int r, ok = -1; |
markus@openbsd.org | 54d90ac | 2017-05-30 08:52:19 +0000 | [diff] [blame] | 184 | struct sshkey *key, *found; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 185 | struct sshbuf *msg; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 186 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 187 | /* XXX support SHA2 signature flags */ |
| 188 | if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || |
| 189 | (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || |
| 190 | (r = sshbuf_get_u32(iqueue, NULL)) != 0) |
| 191 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 192 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 193 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) |
| 194 | error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); |
| 195 | else { |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 196 | if ((found = lookup_key(key)) != NULL) { |
Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 197 | #ifdef WITH_OPENSSL |
| 198 | int ret; |
| 199 | |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 200 | if (key->type == KEY_RSA) { |
| 201 | slen = RSA_size(key->rsa); |
| 202 | signature = xmalloc(slen); |
| 203 | ret = RSA_private_encrypt(dlen, data, signature, |
| 204 | found->rsa, RSA_PKCS1_PADDING); |
| 205 | if (ret != -1) { |
| 206 | slen = ret; |
| 207 | ok = 0; |
| 208 | } |
Darren Tucker | 97370f6 | 2019-05-17 10:54:51 +1000 | [diff] [blame] | 209 | #ifdef OPENSSL_HAS_ECC |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 210 | } else if (key->type == KEY_ECDSA) { |
dtucker@openbsd.org | 5c8d14c | 2019-05-16 08:47:27 +0000 | [diff] [blame] | 211 | u_int xslen = ECDSA_size(key->ecdsa); |
| 212 | |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 213 | signature = xmalloc(xslen); |
| 214 | /* "The parameter type is ignored." */ |
| 215 | ret = ECDSA_sign(-1, data, dlen, signature, |
| 216 | &xslen, found->ecdsa); |
| 217 | if (ret != 0) |
| 218 | ok = 0; |
| 219 | else |
| 220 | error("%s: ECDSA_sign" |
| 221 | " returns %d", __func__, ret); |
| 222 | slen = xslen; |
Darren Tucker | 97370f6 | 2019-05-17 10:54:51 +1000 | [diff] [blame] | 223 | #endif /* OPENSSL_HAS_ECC */ |
djm@openbsd.org | 93f0210 | 2019-01-20 22:51:37 +0000 | [diff] [blame] | 224 | } else |
| 225 | error("%s: don't know how to sign with key " |
| 226 | "type %d", __func__, (int)key->type); |
Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 227 | #endif /* WITH_OPENSSL */ |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 228 | } |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 229 | sshkey_free(key); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 230 | } |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 231 | if ((msg = sshbuf_new()) == NULL) |
| 232 | fatal("%s: sshbuf_new failed", __func__); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 233 | if (ok == 0) { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 234 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
| 235 | (r = sshbuf_put_string(msg, signature, slen)) != 0) |
| 236 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 237 | } else { |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 238 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) |
| 239 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 240 | } |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 241 | free(data); |
| 242 | free(blob); |
| 243 | free(signature); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 244 | send_msg(msg); |
| 245 | sshbuf_free(msg); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 246 | } |
| 247 | |
| 248 | static void |
| 249 | process(void) |
| 250 | { |
| 251 | u_int msg_len; |
| 252 | u_int buf_len; |
| 253 | u_int consumed; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 254 | u_char type; |
| 255 | const u_char *cp; |
| 256 | int r; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 257 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 258 | buf_len = sshbuf_len(iqueue); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 259 | if (buf_len < 5) |
| 260 | return; /* Incomplete message. */ |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 261 | cp = sshbuf_ptr(iqueue); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 262 | msg_len = get_u32(cp); |
| 263 | if (msg_len > MAX_MSG_LENGTH) { |
| 264 | error("bad message len %d", msg_len); |
| 265 | cleanup_exit(11); |
| 266 | } |
| 267 | if (buf_len < msg_len + 4) |
| 268 | return; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 269 | if ((r = sshbuf_consume(iqueue, 4)) != 0 || |
| 270 | (r = sshbuf_get_u8(iqueue, &type)) != 0) |
| 271 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 272 | buf_len -= 4; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 273 | switch (type) { |
| 274 | case SSH_AGENTC_ADD_SMARTCARD_KEY: |
| 275 | debug("process_add"); |
| 276 | process_add(); |
| 277 | break; |
| 278 | case SSH_AGENTC_REMOVE_SMARTCARD_KEY: |
| 279 | debug("process_del"); |
| 280 | process_del(); |
| 281 | break; |
| 282 | case SSH2_AGENTC_SIGN_REQUEST: |
| 283 | debug("process_sign"); |
| 284 | process_sign(); |
| 285 | break; |
| 286 | default: |
| 287 | error("Unknown message %d", type); |
| 288 | break; |
| 289 | } |
| 290 | /* discard the remaining bytes from the current packet */ |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 291 | if (buf_len < sshbuf_len(iqueue)) { |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 292 | error("iqueue grew unexpectedly"); |
| 293 | cleanup_exit(255); |
| 294 | } |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 295 | consumed = buf_len - sshbuf_len(iqueue); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 296 | if (msg_len < consumed) { |
| 297 | error("msg_len %d < consumed %d", msg_len, consumed); |
| 298 | cleanup_exit(255); |
| 299 | } |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 300 | if (msg_len > consumed) { |
| 301 | if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) |
| 302 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 303 | } |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 304 | } |
| 305 | |
| 306 | void |
| 307 | cleanup_exit(int i) |
| 308 | { |
| 309 | /* XXX */ |
| 310 | _exit(i); |
| 311 | } |
| 312 | |
djm@openbsd.org | c7670b0 | 2019-01-21 12:53:35 +0000 | [diff] [blame] | 313 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 314 | int |
| 315 | main(int argc, char **argv) |
| 316 | { |
djm@openbsd.org | c7670b0 | 2019-01-21 12:53:35 +0000 | [diff] [blame] | 317 | int r, ch, in, out, max, log_stderr = 0; |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 318 | ssize_t len; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 319 | SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
| 320 | LogLevel log_level = SYSLOG_LEVEL_ERROR; |
| 321 | char buf[4*4096]; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 322 | extern char *__progname; |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 323 | struct pollfd pfd[2]; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 324 | |
Damien Miller | dfa4156 | 2010-02-12 10:06:28 +1100 | [diff] [blame] | 325 | __progname = ssh_get_progname(argv[0]); |
djm@openbsd.org | c7670b0 | 2019-01-21 12:53:35 +0000 | [diff] [blame] | 326 | seed_rng(); |
| 327 | TAILQ_INIT(&pkcs11_keylist); |
Damien Miller | dfa4156 | 2010-02-12 10:06:28 +1100 | [diff] [blame] | 328 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 329 | log_init(__progname, log_level, log_facility, log_stderr); |
| 330 | |
djm@openbsd.org | c7670b0 | 2019-01-21 12:53:35 +0000 | [diff] [blame] | 331 | while ((ch = getopt(argc, argv, "v")) != -1) { |
| 332 | switch (ch) { |
| 333 | case 'v': |
| 334 | log_stderr = 1; |
| 335 | if (log_level == SYSLOG_LEVEL_ERROR) |
| 336 | log_level = SYSLOG_LEVEL_DEBUG1; |
| 337 | else if (log_level < SYSLOG_LEVEL_DEBUG3) |
| 338 | log_level++; |
| 339 | break; |
| 340 | default: |
| 341 | fprintf(stderr, "usage: %s [-v]\n", __progname); |
| 342 | exit(1); |
| 343 | } |
| 344 | } |
| 345 | |
| 346 | log_init(__progname, log_level, log_facility, log_stderr); |
| 347 | |
| 348 | pkcs11_init(0); |
| 349 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 350 | in = STDIN_FILENO; |
| 351 | out = STDOUT_FILENO; |
| 352 | |
| 353 | max = 0; |
| 354 | if (in > max) |
| 355 | max = in; |
| 356 | if (out > max) |
| 357 | max = out; |
| 358 | |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 359 | if ((iqueue = sshbuf_new()) == NULL) |
| 360 | fatal("%s: sshbuf_new failed", __func__); |
| 361 | if ((oqueue = sshbuf_new()) == NULL) |
| 362 | fatal("%s: sshbuf_new failed", __func__); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 363 | |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 364 | while (1) { |
| 365 | memset(pfd, 0, sizeof(pfd)); |
| 366 | pfd[0].fd = in; |
| 367 | pfd[1].fd = out; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 368 | |
| 369 | /* |
| 370 | * Ensure that we can read a full buffer and handle |
| 371 | * the worst-case length packet it can generate, |
| 372 | * otherwise apply backpressure by stopping reads. |
| 373 | */ |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 374 | if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 && |
| 375 | (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 376 | pfd[0].events = POLLIN; |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 377 | else if (r != SSH_ERR_NO_BUFFER_SPACE) |
| 378 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 379 | |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 380 | if (sshbuf_len(oqueue) > 0) |
| 381 | pfd[1].events = POLLOUT; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 382 | |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 383 | if ((r = poll(pfd, 2, -1 /* INFTIM */)) <= 0) { |
| 384 | if (r == 0 || errno == EINTR) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 385 | continue; |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 386 | fatal("poll: %s", strerror(errno)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 387 | } |
| 388 | |
| 389 | /* copy stdin to iqueue */ |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 390 | if ((pfd[0].revents & (POLLIN|POLLERR)) != 0) { |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 391 | len = read(in, buf, sizeof buf); |
| 392 | if (len == 0) { |
| 393 | debug("read eof"); |
| 394 | cleanup_exit(0); |
| 395 | } else if (len < 0) { |
| 396 | error("read: %s", strerror(errno)); |
| 397 | cleanup_exit(1); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 398 | } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { |
| 399 | fatal("%s: buffer error: %s", |
| 400 | __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 401 | } |
| 402 | } |
| 403 | /* send oqueue to stdout */ |
djm@openbsd.org | 2c22387 | 2019-01-23 02:01:10 +0000 | [diff] [blame] | 404 | if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { |
| 405 | len = write(out, sshbuf_ptr(oqueue), |
| 406 | sshbuf_len(oqueue)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 407 | if (len < 0) { |
| 408 | error("write: %s", strerror(errno)); |
| 409 | cleanup_exit(1); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 410 | } else if ((r = sshbuf_consume(oqueue, len)) != 0) { |
| 411 | fatal("%s: buffer error: %s", |
| 412 | __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 413 | } |
| 414 | } |
| 415 | |
| 416 | /* |
| 417 | * Process requests from client if we can fit the results |
| 418 | * into the output buffer, otherwise stop processing input |
| 419 | * and let the output queue drain. |
| 420 | */ |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 421 | if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 422 | process(); |
markus@openbsd.org | b0d3413 | 2018-01-08 15:18:46 +0000 | [diff] [blame] | 423 | else if (r != SSH_ERR_NO_BUFFER_SPACE) |
| 424 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 425 | } |
| 426 | } |
Damien Miller | dfa4156 | 2010-02-12 10:06:28 +1100 | [diff] [blame] | 427 | #else /* ENABLE_PKCS11 */ |
| 428 | int |
| 429 | main(int argc, char **argv) |
| 430 | { |
| 431 | extern char *__progname; |
| 432 | |
| 433 | __progname = ssh_get_progname(argv[0]); |
| 434 | log_init(__progname, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTH, 0); |
| 435 | fatal("PKCS#11 support disabled at compile time"); |
| 436 | } |
| 437 | #endif /* ENABLE_PKCS11 */ |