int main()
{
int pass;
srandom(ssh_time());
ssh_event_loop_initialize();
random_state = ssh_random_allocate();
create_server_keys(&hostkey, &serverkey, &hostkey_blob, &hostkey_blob_len);
pingpong_success = FALSE;
for (pass = 0; pass < 10; pass++)
{
#ifdef DEBUG
ssh_debug("========== iteration %d ==========", pass);
#endif
disconnect_test();
simple_password_test(NULL);
}
if (!pingpong_success)
ssh_fatal("main: no successful pingpong");
pingpong_success = FALSE;
for (pass = 0; pass < 100; pass++)
{
#ifdef DEBUG
ssh_debug("========== iteration dual-%d ==========", pass);
#endif
disconnect_test();
simple_password_test(dual_policy);
}
if (!pingpong_success)
ssh_fatal("main: no successful pingpong");
ssh_private_key_free(hostkey);
ssh_private_key_free(serverkey);
ssh_xfree(hostkey_blob);
ssh_random_free(random_state);
ssh_event_loop_uninitialize();
return 0;
}
void listener_callback(SshIpError status, SshStream stream, void *context)
{
SshPrivateKey private_host_key, private_server_key;
unsigned char *blob;
unsigned int blob_len = 0;
Handler c;
TestCase *testcase = context;
SshTransportParams params;
if (status != SSH_IP_NEW_CONNECTION)
ssh_fatal("listener_callback: status %d", status);
#ifdef DEBUG
ssh_debug("listener: new connection");
#endif
create_server_keys(&private_host_key, &private_server_key, &blob, &blob_len);
params = ssh_transport_create_params();
update_algs(params, testcase->s_to_c_algs);
c = ssh_xcalloc(sizeof(*c), 1);
c->stream = ssh_transport_server_wrap(stream, random_state, SSH_VERSION,
params,
private_host_key, private_server_key,
blob, blob_len, NULL, NULL);
ssh_private_key_free(private_host_key);
ssh_private_key_free(private_server_key);
ssh_xfree(blob);
c->script = testcase->server_script;
c->side = "server";
c->name = testcase->name;
ssh_stream_set_callback(c->stream, handler_callback, (void *)c);
server_handler = c;
ssh_tcp_destroy_listener(listener);
}
void
ssh_eap_uninit_token(SshEapToken t)
{
switch (t->type)
{
case SSH_EAP_TOKEN_USERNAME:
case SSH_EAP_TOKEN_SHARED_SECRET:
case SSH_EAP_TOKEN_SALT:
#ifdef SSHDIST_EAP_SIM
case SSH_EAP_TOKEN_SIM_CHALLENGE:
#endif /* SSHDIST_EAP_SIM */
#ifdef SSHDIST_EAP_AKA
case SSH_EAP_TOKEN_AKA_CHALLENGE:
case SSH_EAP_TOKEN_AKA_SYNCH_REQ:
#endif /* SSHDIST_EAP_AKA */
ssh_free(t->token.buffer.dptr);
t->token.buffer.dptr = NULL;
t->token.buffer.len = 0;
break;
#ifdef SSHDIST_EAP_AKA
case SSH_EAP_TOKEN_AKA_AUTH_REJECT:
#endif /* SSHDIST_EAP_AKA */
break;
#ifdef SSHDIST_EAP_AKA_DASH
case SSH_EAP_TOKEN_AKA_DASH_KDF_INPUT:
break;
#endif /* SSHDIST_EAP_AKA_DASH */
case SSH_EAP_TOKEN_PRIVATE_KEY:
ssh_private_key_free(t->token.prvkey.private_key);
ssh_free(t->token.prvkey.id_data);
break;
case SSH_EAP_TOKEN_CERTIFICATE_AUTHORITY:
ssh_free(t->token.cas);
break;
case SSH_EAP_TOKEN_NONE:
break;
default:
SSH_NOTREACHED;
}
t->type = SSH_EAP_TOKEN_NONE;
}
/* Frees client configuration data. */
void ssh_config_free(SshConfig config)
{
int i;
/* free all allocated memory */
ssh_xfree(config->random_seed_file);
ssh_xfree(config->pgp_public_key_file);
ssh_xfree(config->pgp_secret_key_file);
ssh_xfree(config->port);
ssh_xfree(config->ciphers);
ssh_xfree(config->identity_file);
ssh_xfree(config->authorization_file);
ssh_xfree(config->escape_char);
ssh_xfree(config->listen_address);
ssh_xfree(config->host_key_file);
ssh_xfree(config->password_prompt);
ssh_xfree(config->public_host_key_file);
ssh_xfree(config->host_to_connect);
ssh_xfree(config->login_as_user);
ssh_xfree(config->local_forwards);
ssh_xfree(config->remote_forwards);
ssh_config_free_list(config->allowed_hosts);
ssh_config_free_list(config->denied_hosts);
ssh_config_free_list(config->allowed_shosts);
ssh_config_free_list(config->denied_shosts);
ssh_xfree(config->forced_command);
/* Free subsystem-strings */
if (config->no_subsystems > 0 && config->subsystems != NULL)
for (i = 0; i < config->no_subsystems; i++)
ssh_xfree(config->subsystems[i]);
ssh_xfree(config->subsystems);
/* free the host key */
if (config->client == FALSE)
{
if (config->private_host_key != NULL)
ssh_private_key_free(config->private_host_key);
ssh_xfree(config->public_host_key_blob);
}
ssh_xfree(config->signer_path);
memset(config, 0, sizeof(*config));
ssh_xfree(config);
}
void ssh_sign_cb(SshCryptoStatus status,
const unsigned char *signature_buffer,
size_t signature_buffer_len,
void *context)
{
SshPrivateKey key = (SshPrivateKey)context;
if (status == SSH_CRYPTO_OK)
{
/* OK, the signature was computed succesfully and the
signature is in the signature_buffer and its length is
in signature_buffer_len. */
printf("The test data was signed OK. \n");
}
else
{
/* There was some error in generating the signature. */
printf("There were an error generating the signature.\n");
}
/* Test if we can quit the test. */
ssh_private_key_free(key);
ssh_end_test();
}
void
ikev2_fallback_negotiation_free(SshIkev2Fb fb, SshIkev2FbNegotiation neg)
{
SSH_ASSERT(neg->ref_count > 0);
neg->ref_count--;
if (neg->ref_count > 0)
{
SSH_DEBUG(SSH_D_NICETOKNOW,
("Fallback negotiation %p has still %d references",
neg, neg->ref_count));
return;
}
SSH_DEBUG(SSH_D_NICETOKNOW, ("Freeing fallback negotiation %p", neg));
if (neg->aggr_mode_responder)
fb->num_aggr_mode_responder_active--;
if (neg->ed)
ikev2_free_exchange_data(neg->ike_sa, neg->ed);
if (neg->ike_sa)
ssh_ikev2_ike_sa_free(neg->ike_sa);
#ifdef SSHDIST_IKE_CERT_AUTH
if (neg->private_key)
ssh_private_key_free(neg->private_key);
if (neg->public_key)
ssh_public_key_free(neg->public_key);
if (neg->cert_encodings)
ssh_free(neg->cert_encodings);
if (neg->cert_lengths)
ssh_free(neg->cert_lengths);
if (neg->certs)
{
int i;
for (i = 0; i < neg->number_of_certificates; i++)
ssh_free(neg->certs[i]);
ssh_free(neg->certs);
}
#endif /* SSHDIST_IKE_CERT_AUTH */
#ifdef SSHDIST_IKE_XAUTH
if (neg->attrs)
ikev2_fb_xauth_free_attributes(neg->attrs);
if (neg->v1_attrs)
ikev2_fb_xauth_free_v1_attributes(neg->v1_attrs);
#endif /* SSHDIST_IKE_XAUTH */
if (neg->transform_index)
ssh_free(neg->transform_index);
if (neg->selected)
ikev2_fb_free_sa_indexes(neg->selected, 1);
if (neg->psk)
ssh_free(neg->psk);
if (neg->sav2)
ssh_ikev2_sa_free(neg->server->sad_handle, neg->sav2);
if (neg->ikev1_id)
ssh_ike_id_free(neg->ikev1_id);
#ifdef DEBUG_LIGHT
memset(neg, 'F', sizeof(*neg));
#endif /* DEBUG_LIGHT */
neg->next = fb->negotiation_freelist;
fb->negotiation_freelist = neg;
return;
}
SshEapToken
ssh_eap_dup_token(SshEapToken src)
{
SshEapToken dst;
dst = ssh_calloc(1, sizeof(*dst));
if (dst == NULL)
return NULL;
dst->type = src->type;
switch (src->type)
{
case SSH_EAP_TOKEN_PRIVATE_KEY:
if (src->token.prvkey.private_key != NULL)
{
if (ssh_private_key_copy(src->token.prvkey.private_key,
&dst->token.prvkey.private_key)
!= SSH_CRYPTO_OK)
{
ssh_free(dst);
return NULL;
}
if (src->token.prvkey.id_data != NULL)
{
dst->token.prvkey.id_data
= ssh_memdup(src->token.prvkey.id_data,
src->token.prvkey.id_data_size);
if (dst->token.prvkey.id_data == NULL)
{
ssh_private_key_free(dst->token.prvkey.private_key);
ssh_free(dst);
return NULL;
}
dst->token.prvkey.id_data_size = src->token.prvkey.id_data_size;
}
}
break;
case SSH_EAP_TOKEN_CERTIFICATE_AUTHORITY:
{
int cnt;
int i;
/* Count the ca count. */
for (cnt = 0; src->token.cas && src->token.cas[cnt]; cnt++)
;
if (cnt == 0)
{
SSH_DEBUG(SSH_D_ERROR, ("Cannot duplicate token, no"
" CA's to duplicate."));
ssh_free(dst);
return NULL;
}
dst->token.cas = ssh_calloc(cnt + 1, sizeof(unsigned char *));
if (dst->token.cas == NULL)
{
ssh_free(dst);
return NULL;
}
for (i = 0; i < cnt; i++)
dst->token.cas[i] = src->token.cas[i];
break;
}
#ifdef SSHDIST_EAP_SIM
case SSH_EAP_TOKEN_SIM_CHALLENGE:
#endif /* SSHDIST_EAP_SIM */
#ifdef SSHDIST_EAP_AKA
case SSH_EAP_TOKEN_AKA_CHALLENGE:
case SSH_EAP_TOKEN_AKA_SYNCH_REQ:
#endif /* SSHDIST_EAP_AKA */
case SSH_EAP_TOKEN_USERNAME:
case SSH_EAP_TOKEN_SHARED_SECRET:
case SSH_EAP_TOKEN_SALT:
if (src->token.buffer.dptr != NULL)
{
dst->token.buffer.dptr = ssh_malloc(src->token.buffer.len);
if (dst->token.buffer.dptr == NULL)
{
ssh_free(dst);
return NULL;
}
dst->token.buffer.len = src->token.buffer.len;
memcpy(dst->token.buffer.dptr, src->token.buffer.dptr,
src->token.buffer.len);
}
else
{
dst->token.buffer.dptr = NULL;
dst->token.buffer.len = 0;
}
break;
case SSH_EAP_TOKEN_COUNTER32:
dst->token.counter32 = src->token.counter32;
break;
#ifdef SSHDIST_EAP_AKA_DASH
case SSH_EAP_TOKEN_AKA_DASH_KDF_INPUT:
dst->token.success = src->token.success;
break;
#endif /* SSHDIST_EAP_AKA_DASH */
#ifdef SSHDIST_EAP_AKA
case SSH_EAP_TOKEN_AKA_AUTH_REJECT:
#endif /* SSHDIST_EAP_AKA */
case SSH_EAP_TOKEN_NONE:
break;
default:
SSH_NOTREACHED;
}
SSH_DEBUG(SSH_D_MY, ("duplicated token at %p", dst));
return dst;
}
void add_file(SshAgent agent, const char *filename)
{
SshPrivateKey key = NULL;
char *saved_comment, *comment = NULL, *pass;
int query_cnt;
unsigned char *certs = NULL;
size_t certs_len;
char privname[500], pubname[500];
unsigned long magic;
struct stat st;
if (action == ADD_URL)
{
printf("Adding URL identity: %s\n", filename);
snprintf(privname, sizeof(privname), "%s", filename);
if (have_attrs)
ssh_agent_add_with_attrs(agent, NULL, NULL, 0, privname,
path_limit, path_constraint, use_limit,
forbid_compat, key_timeout,
agent_completion, (void *)agent);
else
ssh_agent_add(agent, NULL, NULL, 0, privname,
agent_completion, (void *)agent);
return;
}
else if (action == DELETE_URL)
{
printf("Deleting URL identity: %s\n", filename);
snprintf(privname, sizeof(privname), "%s", filename);
ssh_agent_delete(agent, NULL, 0, privname,
agent_completion, (void *)agent);
return;
}
#ifdef WITH_PGP
if (pgp_mode == PGP_KEY_NONE)
#endif /* WITH_PGP */
{
/* Construct the names of the public and private key files. */
if (strlen(filename) > 4 &&
strcmp(filename + strlen(filename) - 4, ".pub") == 0)
{
snprintf(pubname, sizeof(pubname), "%s", filename);
snprintf(privname, sizeof(privname), "%s", filename);
privname[strlen(privname) - 4] = '\0';
}
else
{
snprintf(pubname, sizeof(pubname), "%s.pub", filename);
snprintf(privname, sizeof(privname), "%s", filename);
}
if (action == ADD)
printf("Adding identity: %s\n", pubname);
else if (action == DELETE)
printf("Deleting identity: %s\n", pubname);
if (stat(pubname, &st) < 0)
{
printf("Public key file %s does not exist.\n", pubname);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
if (stat(privname, &st) < 0)
{
printf("Private key file %s does not exist.\n", privname);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
/* Read the public key blob. */
magic = ssh2_key_blob_read(user,
pubname,
TRUE,
&saved_comment,
&certs,
&certs_len,
NULL);
if (magic != SSH_KEY_MAGIC_PUBLIC)
{
printf("Bad public key file %s\n", pubname);
ssh_xfree(certs);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
if (action == ADD)
{
/* Loop until we manage to load the file, or a maximum number of
attempts have been made. First try with an empty passphrase. */
pass = ssh_xstrdup("");
query_cnt = 0;
while ((key = ssh_privkey_read(user,
privname,
pass,
&comment,
NULL)) == NULL)
{
char buf[1024];
FILE *f;
/* Free the old passphrase. */
memset(pass, 0, strlen(pass));
ssh_xfree(pass);
query_cnt++;
if (query_cnt > 5)
{
fprintf(stderr,
"You don't seem to know the correct passphrase.\n");
exit(EXIT_STATUS_BADPASS);
}
/* Ask for a passphrase. */
if (!use_stdin && getenv("DISPLAY") && !isatty(fileno(stdin)))
{
snprintf(buf, sizeof(buf),
"ssh-askpass2 '%sEnter passphrase for %.100s'",
((query_cnt <= 1) ?
"" :
"You entered wrong passphrase. "),
saved_comment);
f = popen(buf, "r");
if (!fgets(buf, sizeof(buf), f))
{
pclose(f);
ssh_xfree(saved_comment);
exit(EXIT_STATUS_BADPASS);
}
pclose(f);
if (strchr(buf, '\n'))
*strchr(buf, '\n') = 0;
pass = ssh_xstrdup(buf);
}
else
{
if (query_cnt <= 1)
{
if ((strcmp(privname, saved_comment) == 0) ||
(((strlen(privname) + 4) == strlen(saved_comment)) &&
(strncmp(privname,
saved_comment,
strlen(privname)) == 0)))
{
printf("Need passphrase for %s.\n",
privname);
}
else
{
printf("Need passphrase for %s (%s).\n",
privname, saved_comment);
}
}
else
{
printf("Bad passphrase.\n");
}
pass = ssh_read_passphrase("Enter passphrase: ", use_stdin);
if (pass == NULL || strcmp(pass, "") == 0)
{
ssh_xfree(saved_comment);
ssh_xfree(pass);
exit(EXIT_STATUS_BADPASS);
}
}
}
memset(pass, 0, strlen(pass));
ssh_xfree(pass);
ssh_xfree(saved_comment);
/* Construct a comment for the key by combining file name and
comment in the file. */
if ((saved_comment = strrchr(privname, '/')) != NULL)
saved_comment++;
else
saved_comment = privname;
saved_comment = ssh_string_concat_3(saved_comment, ": ", comment);
}
else
{
/* Construct a comment for the key by combining file name and
comment in the file. */
if ((saved_comment = strrchr(privname, '/')) != NULL)
saved_comment++;
else
saved_comment = privname;
if (comment)
saved_comment = ssh_string_concat_3(saved_comment, ": ", comment);
else
saved_comment = ssh_xstrdup(saved_comment);
}
if (action == ADD)
{
/* Send the key to the authentication agent. */
if (have_attrs)
ssh_agent_add_with_attrs(agent, key, certs, certs_len,
saved_comment, path_limit,
path_constraint, use_limit,
forbid_compat, key_timeout,
agent_completion, (void *)agent);
else
ssh_agent_add(agent, key, certs, certs_len, saved_comment,
agent_completion, (void *)agent);
ssh_private_key_free(key);
}
else if (action == DELETE)
{
ssh_agent_delete(agent, certs, certs_len, saved_comment,
agent_completion, (void *)agent);
}
ssh_xfree(saved_comment);
}
#ifdef WITH_PGP
else
{
unsigned char *blob, *public_blob;
size_t blob_len, public_blob_len;
Boolean found = FALSE;
unsigned long id;
char *endptr;
SshPgpSecretKey pgp_key;
SshPrivateKey key;
char buf[1024];
FILE *f;
comment = NULL;
switch (pgp_mode)
{
case PGP_KEY_NAME:
found = ssh2_find_pgp_secret_key_with_name(user,
pgp_keyring,
filename,
&blob,
&blob_len,
&comment);
break;
case PGP_KEY_FINGERPRINT:
found = ssh2_find_pgp_secret_key_with_fingerprint(user,
pgp_keyring,
filename,
&blob,
&blob_len,
&comment);
break;
case PGP_KEY_ID:
id = strtoul(filename, &endptr, 0);
if ((*filename != '\0') && (*endptr == '\0'))
{
found = ssh2_find_pgp_secret_key_with_id(user,
pgp_keyring,
id,
&blob,
&blob_len,
&comment);
}
else
{
fprintf(stderr, "%s: invalid pgp key id \"%s\".\n",
av0, filename);
found = FALSE;
}
break;
default:
ssh_fatal("internal error");
}
if (! found)
{
fprintf(stderr, "%s: pgp key \"%s\" not found.\n",
av0, filename);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
if (ssh_pgp_secret_key_decode(blob, blob_len, &pgp_key) == 0)
{
fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n",
av0, filename);
memset(blob, 'F', blob_len);
ssh_xfree(blob);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
if ((public_blob_len = ssh_encode_pubkeyblob(pgp_key->public_key->key,
&public_blob)) == 0)
{
fprintf(stderr, "%s: unable to encode pgp key \"%s\".\n",
av0, filename);
ssh_pgp_secret_key_free(pgp_key);
memset(blob, 'F', blob_len);
ssh_xfree(blob);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
if (action == ADD)
{
query_cnt = 0;
while ((pgp_key->key == NULL) &&
(pgp_key->decryption_failed == TRUE))
{
query_cnt++;
if (query_cnt > 5)
{
fprintf(stderr,
"You don't seem to know the correct passphrase.\n");
exit(EXIT_STATUS_BADPASS);
}
/* Ask for a passphrase. */
if (!use_stdin && getenv("DISPLAY") && !isatty(fileno(stdin)))
{
snprintf(buf, sizeof(buf),
"ssh-askpass2 '%sEnter passphrase for \"%.100s\"'",
((query_cnt <= 1) ?
"" :
"You entered wrong passphrase. "),
comment);
f = popen(buf, "r");
if (!fgets(buf, sizeof(buf), f))
{
pclose(f);
fprintf(stderr, "No passphrase.\n");
exit(EXIT_STATUS_BADPASS);
}
pclose(f);
if (strchr(buf, '\n'))
*strchr(buf, '\n') = 0;
pass = ssh_xstrdup(buf);
}
else
{
if (query_cnt <= 1)
printf("Need passphrase for \"%s\".\n", comment);
else
printf("Bad passphrase.\n");
pass = ssh_read_passphrase("Enter passphrase: ", use_stdin);
if (pass == NULL || strcmp(pass, "") == 0)
{
ssh_xfree(pass);
fprintf(stderr, "No passphrase.\n");
exit(EXIT_STATUS_BADPASS);
}
}
ssh_pgp_secret_key_free(pgp_key);
if (ssh_pgp_secret_key_decode_with_passphrase(blob,
blob_len,
pass,
&pgp_key) == 0)
{
memset(pass, 0, strlen(pass));
ssh_xfree(pass);
fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n",
av0, filename);
memset(blob, 'F', blob_len);
ssh_xfree(blob);
ssh_xfree(public_blob);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
memset(pass, 0, strlen(pass));
ssh_xfree(pass);
}
if (pgp_key->key == NULL)
{
fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n",
av0, filename);
ssh_xfree(public_blob);
ssh_pgp_secret_key_free(pgp_key);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
memset(blob, 'F', blob_len);
ssh_xfree(blob);
if (ssh_private_key_copy(pgp_key->key, &key) != SSH_CRYPTO_OK)
{
fprintf(stderr, "%s: unable to export pgp key \"%s\".\n",
av0, filename);
ssh_pgp_secret_key_free(pgp_key);
(*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent);
return;
}
ssh_pgp_secret_key_free(pgp_key);
if (have_attrs)
ssh_agent_add_with_attrs(agent, key,
public_blob, public_blob_len,
comment, path_limit,
path_constraint, use_limit,
forbid_compat, key_timeout,
agent_completion, (void *)agent);
else
ssh_agent_add(agent, key,
public_blob, public_blob_len, comment,
agent_completion, (void *)agent);
ssh_xfree(comment);
ssh_xfree(public_blob);
ssh_private_key_free(key);
return;
}
else if (action == DELETE)
{
ssh_agent_delete(agent,
public_blob,
public_blob_len,
filename,
agent_completion,
(void *)agent);
ssh_pgp_secret_key_free(pgp_key);
memset(blob, 'F', blob_len);
ssh_xfree(blob);
ssh_xfree(public_blob);
return;
}
}
#endif /* WITH_PGP */
}
int main(int argc, char **argv)
{
SshExternalKeyTestCtx test_ctx;
int i;
SshPrivateKey prv_key;
SshPublicKey pub_key;
SshMPInteger n;
parse_arguments(argc, argv);
ssh_pk_provider_register(&ssh_pk_if_modn_generator);
/* Initialize the event loop and the test context. */
ssh_event_loop_initialize();
ssh_debug_set_level_string(debug_level_string);
ssh_global_init();
/* Initialize the crypto library. */
if (ssh_crypto_library_initialize() != SSH_CRYPTO_OK)
ssh_fatal("Cannot initialize the crypto library");
test_ctx = ssh_xcalloc(1, sizeof(*test_ctx));
test_ctx->accelerated_encrypts_left = default_accelerated_encrypts;
test_ctx->timer = ssh_time_measure_allocate();
SSH_DEBUG(3, ("Reading the test key. Please wait...."));
prv_key = get_prv_key("accelerator-test.prv");
if (ssh_private_key_select_scheme(prv_key,
SSH_PKF_ENCRYPT, "rsa-none-none",
SSH_PKF_END) != SSH_CRYPTO_OK)
ssh_fatal("Could not select the scheme for private key");
if (ssh_private_key_derive_public_key(prv_key, &pub_key)
!= SSH_CRYPTO_OK)
{
ssh_fatal("Can not derive a public key from a "
"stored private key");
}
if (ssh_public_key_select_scheme(pub_key,
SSH_PKF_ENCRYPT, "rsa-none-none",
SSH_PKF_END) != SSH_CRYPTO_OK)
ssh_fatal("Could not select the scheme for public key");
n = ssh_mprz_malloc();
/* Get information about the RSA key. E and N are needed for nFast. */
if (ssh_public_key_get_info(pub_key,
SSH_PKF_MODULO_N, n,
SSH_PKF_END)
!= SSH_CRYPTO_OK)
{
return FALSE;
}
#if 0
n_bytes = (ssh_mprz_get_size(n, 2) + 7) / 8;
if (n_bytes == 0 || (n_bytes & 3) != 0)
n_bytes += (4 - (n_bytes & 3));
test_ctx->big_buf = ssh_xmalloc(n_bytes);
test_ctx->big_buf_len = n_bytes;
ssh_mprz_get_buf(test_ctx->big_buf, test_ctx->big_buf_len, n);
ssh_mprz_free(n);
test_ctx->big_buf_len = 128;
test_ctx->big_buf[0] = 1;
#else
#if 0
n_bytes = ssh_mprz_get_size(n, 8);
test_ctx->big_buf = ssh_xmalloc(n_bytes);
test_ctx->big_buf_len = n_bytes;
ssh_mprz_init(&r);
ssh_mprz_rand(&r, n_bytes * 8);
ssh_mprz_mod(&r, &r, n);
ssh_mprz_get_buf(test_ctx->big_buf, test_ctx->big_buf_len, &r);
ssh_mprz_free(n);
ssh_mprz_clear(&r);
#else
test_ctx->big_buf = ssh_xmalloc(129);
test_ctx->big_buf_len = 129;
memcpy(test_ctx->big_buf,
"\x00\x50\xe7\x85\x86\x40\xf8\x9b"
"\xb8\xeb\x19\x64\xd8\x51\x33\xd7"
"\x4f\xac\x32\x5d\x03\x66\x3d\x0c"
"\xbe\xfd\x40\x29\x82\xb7\x61\x09"
"\x15\x37\x4f\xe1\xd0\x57\xb0\x6d"
"\x16\x49\x73\x25\x20\x3d\xa8\xfa"
"\xf6\xb4\x72\xec\x75\xc8\x42\xc7"
"\x99\x64\x63\x23\x29\xe0\x65\xa1"
"\x2a\xc2\xb7\xf1\x5b\xb4\x9b\x30"
"\xdb\xc7\x22\xb9\xf9\xde\xb5\x09"
"\xb5\xe0\x0a\xca\xc5\xf9\xaf\x8f"
"\x54\xf2\x9a\x06\x2b\xc1\xc2\x65"
"\x87\xb3\xd5\xec\xd3\x8a\x2f\xa7"
"\x5f\x69\x34\xe7\x7f\xeb\xaf\x56"
"\x3c\x3d\x71\x3f\x73\xba\x8b\xa7"
"\xd3\xe5\x6d\x98\xc8\x01\x6b\x18"
"\x14",
129);
#endif
#endif
test_ctx->pub_key = pub_key;
test_ctx->prv_key = prv_key;
test_ek_add(test_ctx);
#ifndef WIN32
ssh_register_signal(SIGUSR1, test_signal_handler, test_ctx);
#endif
ssh_event_loop_run();
/* Uninitialize. */
for (i = 0; i < test_ctx->num_prv_keys; i++)
ssh_private_key_free(test_ctx->prv_keys[i]);
for (i = 0; i < test_ctx->num_pub_keys; i++)
ssh_public_key_free(test_ctx->pub_keys[i]);
ssh_xfree(test_ctx->prv_keys);
ssh_xfree(test_ctx->pub_keys);
ssh_xfree(test_ctx);
return 0;
}
void ikev2_fb_request_certificates_cb(SshIkev2Error error_code,
SshPrivateKey private_key_out,
int number_of_certificates,
SshIkev2CertEncoding *cert_encs,
const unsigned char **certs,
size_t *cert_lengths,
void *context)
{
SshIkev2FbNegotiation neg = (SshIkev2FbNegotiation) context;
SshIkeCertificateEncodingType *ikev1_cert_encodings = NULL;
SshPrivateKey private_key_copy = NULL;
unsigned char **ikev1_certs = NULL;
size_t *ikev1_cert_lengths = NULL;
int i;
SSH_IKEV2_FB_V2_COMPLETE_CALL(neg);
if (error_code != SSH_IKEV2_ERROR_OK)
{
SSH_DEBUG(SSH_D_FAIL, ("Private key/Certificate lookup failed, "
"error '%s'",
ssh_ikev2_error_to_string(error_code)));
goto error;
}
if (number_of_certificates == 0)
{
SSH_DEBUG(SSH_D_FAIL, ("No certificates found"));
goto error;
}
SSH_ASSERT(private_key_out != NULL);
if (ssh_private_key_copy(private_key_out, &private_key_copy)
!= SSH_CRYPTO_OK)
{
SSH_DEBUG(SSH_D_FAIL, ("Private key copy failed"));
goto error;
}
/* Copy the returned certificates */
ikev1_cert_encodings = ssh_calloc(number_of_certificates,
sizeof(SshIkeCertificateEncodingType));
ikev1_certs = ssh_calloc(number_of_certificates,
sizeof(unsigned char *));
ikev1_cert_lengths = ssh_calloc(number_of_certificates,
sizeof(size_t));
if (ikev1_cert_encodings == NULL || ikev1_certs == NULL ||
ikev1_cert_lengths == NULL)
{
SSH_DEBUG(SSH_D_FAIL, ("Memory allocation failure"));
goto error;
}
for (i = 0; i < number_of_certificates; i++)
{
ikev1_cert_encodings[i] =
ikev2_fb_v2_cert_encoding_to_v1(cert_encs[i]);
ikev1_cert_lengths[i] = cert_lengths[i];
if (!(ikev1_certs[i] = ssh_memdup(certs[i], cert_lengths[i])))
{
SSH_DEBUG(SSH_D_FAIL, ("Certificate copy failed"));
goto error;
}
}
/* Save the certificates and private key. */
neg->number_of_certificates = number_of_certificates;
neg->cert_encodings = ikev1_cert_encodings;
neg->certs = ikev1_certs;
neg->cert_lengths = ikev1_cert_lengths;
neg->private_key = private_key_copy;
SSH_DEBUG(SSH_D_LOWOK, ("Found %d certificates", number_of_certificates));
SSH_FSM_CONTINUE_AFTER_CALLBACK(neg->sub_thread);
return;
error:
if (private_key_copy)
ssh_private_key_free(private_key_copy);
if (ikev1_certs)
for (i = 0; i < number_of_certificates; i++)
ssh_free(ikev1_certs[i]);
ssh_free(ikev1_certs);
ssh_free(ikev1_cert_encodings);
ssh_free(ikev1_cert_lengths);
SSH_FSM_CONTINUE_AFTER_CALLBACK(neg->sub_thread);
}
