Overview
Comment: | Better matching of requested blob to one of our certificates |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | fd3c9977892f23e41c79e08ee21c23777c00a2fb |
User & Date: | rkeene on 2019-02-04 23:17:59 |
Other Links: | manifest | tags |
Context
2019-06-05
| ||
18:12 | Work on getting an SSH agent UI going check-in: 4ce30d9e04 user: rkeene tags: ssh-agent-ui | |
2019-02-06
| ||
17:58 | Disable SSH Agent by default for this release check-in: eb5db5feea user: rkeene tags: trunk | |
2019-02-04
| ||
23:17 | Better matching of requested blob to one of our certificates check-in: fd3c997789 user: rkeene tags: trunk | |
17:32 | More X.509v3 support for SSH agent check-in: 0defa19481 user: rkeene tags: trunk | |
Changes
Modified build/chrome/ssh-agent.js from [f7f7a0c55f] to [7141592f34].
199 199 0x80 | ((charcode >> 6) & 0x3f), 200 200 0x80 | (charcode & 0x3f)); 201 201 } 202 202 } 203 203 204 204 return utf8; 205 205 } 206 + 207 +function cackeySSHAgentDecodeFromUTF8Array(inputArray) { 208 + var hexString; 209 + var output; 210 + 211 + hexString = cackeySSHAgentEncodeBinaryToHex(inputArray, "%"); 212 + 213 + output = decodeURIComponent(hexString) 214 + 215 + return(output); 216 +} 206 217 207 218 function cackeySSHAgentEncodeString(string) { 208 219 var result; 209 220 210 221 result = cackeySSHAgentEncodeLV(cackeySSHAgentEncodeToUTF8Array(string)); 211 222 212 223 return(result); 213 224 } 214 225 215 -function cackeySSHAgentEncodeBinaryToHex(binaryString) { 226 +function cackeySSHAgentDecodeString(input) { 227 + var output; 228 + 229 + output = cackeySSHAgentDecodeLV(input); 230 + output.value = cackeySSHAgentDecodeFromUTF8Array(output.value); 231 + 232 + return(output); 233 +} 234 + 235 +function cackeySSHAgentEncodeBinaryToHex(binaryString, prefix) { 216 236 var buffer; 237 + 238 + if (!prefix) { 239 + prefix = ""; 240 + } 217 241 218 242 switch (typeof(binaryString)) { 219 243 case "string": 220 244 buffer = binaryString.split("").map(function(c) { 221 - return(c.charCodeAt(0).toString(16).padStart(2, '0')); 245 + return(prefix + c.charCodeAt(0).toString(16).padStart(2, '0')); 222 246 }).join(""); 223 247 break; 224 248 default: 225 249 buffer = []; 226 250 new Uint8Array(binaryString).map(function(c) { 227 - buffer.push(c.toString(16).padStart(2, '0')); 251 + buffer.push(prefix + c.toString(16).padStart(2, '0')); 228 252 }); 229 253 buffer = buffer.join(""); 230 254 break; 231 255 } 232 256 233 257 return(buffer); 234 258 } ................................................................................ 329 353 }; 330 354 } 331 355 332 356 return(result); 333 357 } 334 358 335 359 function cackeySSHAgentDecodeCert(requestArray) { 360 + var type; 361 + var decodeError; 362 + var publicKeyType, publicKeyBlob; 363 + var output; 364 + 365 + try { 366 + type = cackeySSHAgentDecodeString(requestArray); 367 + } catch (decodeError) { 368 + /* 369 + * x509v3-sign-rsa requests are un-prefixed :-( 370 + */ 371 + type = {} 372 + type.value = requestArray; 373 + type.output = []; 374 + } 375 + 376 + /* It might be an x509v3-sign-rsa, which is unprefixed -- try to guess */ 377 + if (type.value[0] == 0x30) { 378 + type = "x509v3-sign-rsa"; 379 + } else { 380 + requestArray = type.output; 381 + type = type.value; 382 + } 383 + 384 + switch (type) { 385 + case "ssh-rsa": 386 + case "x509v3-sign-rsa": 387 + publicKeyType = "RSA"; 388 + publicKeyBlob = requestArray; 389 + break; 390 + case "x509v3-ssh-rsa": 391 + publicKeyType = "RSA"; 392 + publicKeyBlob = cackeySSHAgentDecodeArray(requestArray).value[0]; 393 + break; 394 + } 395 + 396 + output = { 397 + publicKeyType: publicKeyType, 398 + publicKeyBlob: publicKeyBlob 399 + }; 400 + 401 + return(output); 402 +} 403 + 404 +function cackeySSHAgentCompareRequestAndKey(key1, key2) { 405 + var ignoredError; 406 + 407 + try { 408 + key1 = cackeySSHAgentDecodeCert(key1); 409 + key2 = cackeySSHAgentDecodeCert(key2); 410 + } catch (ignoredError) { 411 + return(false); 412 + } 413 + 414 + if (key1.publicKeyType !== key2.publicKeyType) { 415 + return(false); 416 + } 417 + 418 + if (key1.publicKeyBlob.join(",") === key2.publicKeyBlob.join(",")) { 419 + return(true); 420 + } 421 + 422 + return(false); 336 423 } 337 424 338 425 /* 339 426 * Command Handlers 340 427 */ 341 428 async function cackeySSHAgentCommandRequestIdentity(request) { 342 429 var response; ................................................................................ 426 513 * Find the certificate that matches the requested key 427 514 */ 428 515 certs = await cackeySSHAgentGetCertificates(); 429 516 certToUse = null; 430 517 cackeySSHAgentGetSSHKeyTypes().forEach(function(sshKeyType) { 431 518 certs.forEach(function(cert) { 432 519 var key; 520 + 521 + if (certToUse) { 522 + return; 523 + } 433 524 434 525 key = cackeySSHAgentEncodeCertToKeyAndID(cert.certificate, sshKeyType); 435 526 436 - if (key.key.join() == keyInfo.join()) { 527 + if (cackeySSHAgentCompareRequestAndKey(key.key, keyInfo)) { 437 528 certToUse = cert; 438 529 certToUseType = key.publicKeyType; 439 530 } 440 531 }); 441 532 }); 442 533 443 534 /*