Check-in [fd3c997789]
Overview
Comment:Better matching of requested blob to one of our certificates
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:fd3c9977892f23e41c79e08ee21c23777c00a2fb
User & Date: rkeene on 2019-02-04 23:17:59
Other Links: manifest | tags
Context
2019-06-05
18:12
Work on getting an SSH agent UI going check-in: 4ce30d9e04 user: rkeene tags: ssh-agent-ui
2019-02-06
17:58
Disable SSH Agent by default for this release check-in: eb5db5feea user: rkeene tags: trunk
2019-02-04
23:17
Better matching of requested blob to one of our certificates check-in: fd3c997789 user: rkeene tags: trunk
17:32
More X.509v3 support for SSH agent check-in: 0defa19481 user: rkeene tags: trunk
Changes

Modified build/chrome/ssh-agent.js from [f7f7a0c55f] to [7141592f34].

   199    199   			          0x80 | ((charcode >> 6) & 0x3f), 
   200    200   			          0x80 | (charcode & 0x3f));
   201    201   		}
   202    202   	}
   203    203   
   204    204   	return utf8;
   205    205   }
          206  +
          207  +function cackeySSHAgentDecodeFromUTF8Array(inputArray) {
          208  +	var hexString;
          209  +	var output;
          210  +
          211  +	hexString = cackeySSHAgentEncodeBinaryToHex(inputArray, "%");
          212  +
          213  +	output = decodeURIComponent(hexString)
          214  +
          215  +	return(output);
          216  +}
   206    217   
   207    218   function cackeySSHAgentEncodeString(string) {
   208    219   	var result;
   209    220   
   210    221   	result = cackeySSHAgentEncodeLV(cackeySSHAgentEncodeToUTF8Array(string));
   211    222   
   212    223   	return(result);
   213    224   }
   214    225   
   215         -function cackeySSHAgentEncodeBinaryToHex(binaryString) {
          226  +function cackeySSHAgentDecodeString(input) {
          227  +	var output;
          228  +
          229  +	output = cackeySSHAgentDecodeLV(input);
          230  +	output.value = cackeySSHAgentDecodeFromUTF8Array(output.value);
          231  +
          232  +	return(output);
          233  +}
          234  +
          235  +function cackeySSHAgentEncodeBinaryToHex(binaryString, prefix) {
   216    236   	var buffer;
          237  +
          238  +	if (!prefix) {
          239  +		prefix = "";
          240  +	}
   217    241   
   218    242   	switch (typeof(binaryString)) {
   219    243   		case "string":
   220    244   			buffer = binaryString.split("").map(function(c) {
   221         -				return(c.charCodeAt(0).toString(16).padStart(2, '0'));
          245  +				return(prefix + c.charCodeAt(0).toString(16).padStart(2, '0'));
   222    246   			}).join("");
   223    247   			break;
   224    248   		default:
   225    249   			buffer = [];
   226    250   			new Uint8Array(binaryString).map(function(c) {
   227         -				buffer.push(c.toString(16).padStart(2, '0'));
          251  +				buffer.push(prefix + c.toString(16).padStart(2, '0'));
   228    252   			});
   229    253   			buffer = buffer.join("");
   230    254   			break;
   231    255   	}
   232    256   
   233    257   	return(buffer);
   234    258   }
................................................................................
   329    353   		};
   330    354   	}
   331    355   
   332    356   	return(result);
   333    357   }
   334    358   
   335    359   function cackeySSHAgentDecodeCert(requestArray) {
          360  +	var type;
          361  +	var decodeError;
          362  +	var publicKeyType, publicKeyBlob;
          363  +	var output;
          364  +
          365  +	try {
          366  +		type = cackeySSHAgentDecodeString(requestArray);
          367  +	} catch (decodeError) {
          368  +		/*
          369  +		 * x509v3-sign-rsa requests are un-prefixed :-(
          370  +		 */
          371  +		type = {}
          372  +		type.value = requestArray;
          373  +		type.output = [];
          374  +	}
          375  +
          376  +	/* It might be an x509v3-sign-rsa, which is unprefixed -- try to guess */
          377  +	if (type.value[0] == 0x30) {
          378  +		type = "x509v3-sign-rsa";
          379  +	} else {
          380  +		requestArray = type.output;
          381  +		type = type.value;
          382  +	}
          383  +
          384  +	switch (type) {
          385  +		case "ssh-rsa":
          386  +		case "x509v3-sign-rsa":
          387  +			publicKeyType = "RSA";
          388  +			publicKeyBlob = requestArray;
          389  +			break;
          390  +		case "x509v3-ssh-rsa":
          391  +			publicKeyType = "RSA";
          392  +			publicKeyBlob = cackeySSHAgentDecodeArray(requestArray).value[0];
          393  +			break;
          394  +	}
          395  +
          396  +	output = {
          397  +		publicKeyType: publicKeyType,
          398  +		publicKeyBlob: publicKeyBlob
          399  +	};
          400  +
          401  +	return(output);
          402  +}
          403  +
          404  +function cackeySSHAgentCompareRequestAndKey(key1, key2) {
          405  +	var ignoredError;
          406  +
          407  +	try {
          408  +		key1 = cackeySSHAgentDecodeCert(key1);
          409  +		key2 = cackeySSHAgentDecodeCert(key2);
          410  +	} catch (ignoredError) {
          411  +		return(false);
          412  +	}
          413  +
          414  +	if (key1.publicKeyType !== key2.publicKeyType) {
          415  +		return(false);
          416  +	}
          417  +
          418  +	if (key1.publicKeyBlob.join(",") === key2.publicKeyBlob.join(",")) {
          419  +		return(true);
          420  +	}
          421  +
          422  +	return(false);
   336    423   }
   337    424   
   338    425   /*
   339    426    * Command Handlers
   340    427    */
   341    428   async function cackeySSHAgentCommandRequestIdentity(request) {
   342    429   	var response;
................................................................................
   426    513   	 * Find the certificate that matches the requested key
   427    514   	 */
   428    515   	certs = await cackeySSHAgentGetCertificates();
   429    516   	certToUse = null;
   430    517   	cackeySSHAgentGetSSHKeyTypes().forEach(function(sshKeyType) {
   431    518   		certs.forEach(function(cert) {
   432    519   			var key;
          520  +
          521  +			if (certToUse) {
          522  +				return;
          523  +			}
   433    524   
   434    525   			key = cackeySSHAgentEncodeCertToKeyAndID(cert.certificate, sshKeyType);
   435    526   
   436         -			if (key.key.join() == keyInfo.join()) {
          527  +			if (cackeySSHAgentCompareRequestAndKey(key.key, keyInfo)) {
   437    528   				certToUse = cert;
   438    529   				certToUseType = key.publicKeyType;
   439    530   			}
   440    531   		});
   441    532   	});
   442    533   
   443    534   	/*