-/* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.242 2019/11/13 07:53:10 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
error("%s: decode private key: %s", __func__, ssh_err(r));
goto err;
}
- if ((r = sshkey_shield_private(k)) != 0) {
- error("%s: shield private key: %s", __func__, ssh_err(r));
- goto err;
- }
while (sshbuf_len(e->request)) {
if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
error("%s: buffer error: %s", __func__, ssh_err(r));
goto send;
}
}
+ if ((r = sshkey_shield_private(k)) != 0) {
+ error("%s: shield private key: %s", __func__, ssh_err(r));
+ goto err;
+ }
success = 1;
if (lifetime && !death)
-/* $OpenBSD: sshkey-xmss.c,v 1.7 2019/10/14 06:00:02 djm Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */
/*
* Copyright (c) 2017 Markus Friedl. All rights reserved.
*
u_int32_t maxidx; /* restricted # of signatures */
int have_state; /* .state file exists */
int lockfd; /* locked in sshkey_xmss_get_state() */
- int allow_update; /* allow sshkey_xmss_update_state() */
+ u_char allow_update; /* allow sshkey_xmss_update_state() */
char *enc_ciphername;/* encrypt state with cipher */
u_char *enc_keyiv; /* encrypt state with key */
u_int32_t enc_keyiv_len; /* length of enc_keyiv */
{
struct ssh_xmss_state *state = k->xmss_state;
int r = SSH_ERR_INVALID_ARGUMENT;
+ u_char have_stack, have_filename, have_enc;
if (state == NULL)
return SSH_ERR_INVALID_ARGUMENT;
break;
case SSHKEY_SERIALIZE_FULL:
if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
- break;
+ return r;
r = sshkey_xmss_serialize_state(k, b);
break;
+ case SSHKEY_SERIALIZE_SHIELD:
+ /* all of stack/filename/enc are optional */
+ have_stack = state->stack != NULL;
+ if ((r = sshbuf_put_u8(b, have_stack)) != 0)
+ return r;
+ if (have_stack) {
+ state->idx = PEEK_U32(k->xmss_sk); /* update */
+ if ((r = sshkey_xmss_serialize_state(k, b)) != 0)
+ return r;
+ }
+ have_filename = k->xmss_filename != NULL;
+ if ((r = sshbuf_put_u8(b, have_filename)) != 0)
+ return r;
+ if (have_filename &&
+ (r = sshbuf_put_cstring(b, k->xmss_filename)) != 0)
+ return r;
+ have_enc = state->enc_keyiv != NULL;
+ if ((r = sshbuf_put_u8(b, have_enc)) != 0)
+ return r;
+ if (have_enc &&
+ (r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
+ return r;
+ if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 ||
+ (r = sshbuf_put_u8(b, state->allow_update)) != 0)
+ return r;
+ break;
case SSHKEY_SERIALIZE_DEFAULT:
r = 0;
break;
int
sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b)
{
+ struct ssh_xmss_state *state = k->xmss_state;
enum sshkey_serialize_rep opts;
- u_char have_state;
+ u_char have_state, have_stack, have_filename, have_enc;
int r;
if ((r = sshbuf_get_u8(b, &have_state)) != 0)
case SSHKEY_SERIALIZE_DEFAULT:
r = 0;
break;
+ case SSHKEY_SERIALIZE_SHIELD:
+ if ((r = sshbuf_get_u8(b, &have_stack)) != 0)
+ return r;
+ if (have_stack &&
+ (r = sshkey_xmss_deserialize_state(k, b)) != 0)
+ return r;
+ if ((r = sshbuf_get_u8(b, &have_filename)) != 0)
+ return r;
+ if (have_filename &&
+ (r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0)
+ return r;
+ if ((r = sshbuf_get_u8(b, &have_enc)) != 0)
+ return r;
+ if (have_enc &&
+ (r = sshkey_xmss_deserialize_enc_key(k, b)) != 0)
+ return r;
+ if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 ||
+ (r = sshbuf_get_u8(b, &state->allow_update)) != 0)
+ return r;
+ break;
case SSHKEY_SERIALIZE_STATE:
if ((r = sshkey_xmss_deserialize_state(k, b)) != 0)
return r;
-/* $OpenBSD: sshkey.c,v 1.90 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: sshkey.c,v 1.91 2019/11/13 07:53:10 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0)
goto out;
if ((r = sshkey_private_serialize_opt(k, prvbuf,
- SSHKEY_SERIALIZE_FULL)) != 0)
+ SSHKEY_SERIALIZE_SHIELD)) != 0)
goto out;
/* pad to cipher blocksize */
i = 0;
-/* $OpenBSD: sshkey.h,v 1.38 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: sshkey.h,v 1.39 2019/11/13 07:53:10 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
/* Private key serialisation formats, used on the wire */
enum sshkey_serialize_rep {
SSHKEY_SERIALIZE_DEFAULT = 0,
- SSHKEY_SERIALIZE_STATE = 1,
- SSHKEY_SERIALIZE_FULL = 2,
- SSHKEY_SERIALIZE_INFO = 254,
+ SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */
+ SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */
+ SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */
+ SSHKEY_SERIALIZE_INFO = 254, /* minimal information */
};
/* Private key disk formats */
projects / thirdparty / openssh-portable.git / commitdiff
