Check-in [24e37c4dab]
Overview
Comment:More testing of the Tcl implementation of the SSH agent
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 24e37c4dabf274f87e5522c425afc4e7fb61cf9e
User & Date: rkeene on 2019-06-12 22:41:22
Other Links: manifest | tags
Context
2019-08-08
16:52
Added softokn3 wrapper module check-in: 3eb54f93b1 user: rkeene tags: trunk
2019-06-12
22:41
More testing of the Tcl implementation of the SSH agent check-in: 24e37c4dab user: rkeene tags: trunk
19:40
Tcl-based interface to JS SSH Agent check-in: 7ef094be65 user: rkeene tags: trunk
Changes

Modified build/tcl/ssh-agent.tcl from [757d0fe647] to [3e65cda43f].

1
2

3
4
5
6
7







8

9

10

11















12
13
14
15

16
17
18
19
20
21
22
1
2
3





4
5
6
7
8
9
10
11
12

13
14
15

16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

34
35
36
37
38
39
40
41


+
-
-
-
-
-
+
+
+
+
+
+
+

+
-
+

+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



-
+







#! /usr/bin/env tclsh

if {[info exists ::env(SSH_AGENT_LIB_PATH)]} {
lappend auto_path /home/rkeene/devel/tcl-duktape/build/work /home/rkeene/devel/tuapi /home/rkeene/devel/tclpkcs11-fossil/build/work {*}[glob -nocomplain -directory /opt/appfs/rkeene.org/tcllib/platform/latest/lib/ tcllib*]

package provide pki 0.10
catch {
	source /home/rkeene/devel/tcllib-pki/pki.tcl
	lappend auto_path {*}$::env(SSH_AGENT_LIB_PATH)
}

if {[info exists ::env(SSH_AGENT_PKCS11_MODULE)]} {
	set ::pkcs11ModuleFilename $::env(SSH_AGENT_PKCS11_MODULE)
} else {
	set ::pkcs11ModuleFilename /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so
}

package require duktape
package require duktape 0.7
package require tuapi
package require pki 0.6
package require pki::pkcs11
package require pki::pkcs11 0.9.9

## HACK: Fix up older versions of "pki" to include the raw certificate
##       this is needed
apply {{} {
	set procToUpdate ::pki::x509::parse_cert
	if {![string match "*set ret(raw)*" [info body $procToUpdate]]} {
		set body [info body $procToUpdate]
		set body [string map {
			"::asn::asnGetSequence cert_seq wholething"
			"set ret(raw) $cert_seq; binary scan $ret(raw) H* ret(raw); ::asn::asnGetSequence cert_seq wholething"
		} $body]
		proc $procToUpdate [info args $procToUpdate] $body
	}
}}

proc pkcs11ModuleHandle {} {
	if {![info exists ::pkcs11ModuleHandle]} {
		set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so]
		set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule $::pkcs11ModuleFilename]
	}
	return $::pkcs11ModuleHandle
}

proc pkcs11ModuleUnload {handle} {
	if {[info exists ::pkcs11ModuleHandle] && $handle eq $::pkcs11ModuleHandle} {
		unset ::pkcs11ModuleHandle
107
108
109
110
111
112
113
114
115


116
117
118
119


120
121
122
123
124
125




126
127
128
129
130
131
132
126
127
128
129
130
131
132


133
134

135


136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154







-
-
+
+
-

-
-
+
+






+
+
+
+







			}
		}
		X509.parseCert = __parseCert;
		delete __parseCert;
	}
}

proc initSSHAgent {} {
	foreach file {chrome-emu.js ssh-agent-noasync.js} {
proc readFile {fileName} {
	if {![info exists ::readFile($fileName)]} {
		unset -nocomplain fd
		catch {
			set fd [open $file]
			set js($file) [read $fd]
			set fd [open $fileName]
			set ::readFile($fileName) [read $fd]
		}
		catch {
			close $fd
		}
	}

	return $::readFile($fileName)
}

proc initSSHAgent {} {
	set jsHandle [::duktape::init -safe true]

	::duktape::tcl-function $jsHandle __puts {args} {
		if {[llength $args] ni {1 2}} {
			return -code error "wrong # args: puts ?{stderr|stdout}? message"
		}
		if {[llength $args] == 2} {
142
143
144
145
146
147
148
149

150
151

152
153


154
155
156
157
158
159
160
164
165
166
167
168
169
170

171
172

173
174

175
176
177
178
179
180
181
182
183







-
+

-
+

-
+
+







		runtime = {};
		runtime.puts = __puts;
		runtime.stderr = "stderr";
		delete __puts;
	}

	::duktape::eval $jsHandle {var goog = {DEBUG: false};}
	::duktape::eval $jsHandle $js(chrome-emu.js)
	::duktape::eval $jsHandle [readFile chrome-emu.js]
	addRSAToJS $jsHandle
	::duktape::eval $jsHandle $js(ssh-agent-noasync.js)
	::duktape::eval $jsHandle [readFile ssh-agent-noasync.js]
	::duktape::eval $jsHandle {cackeySSHAgentFeatures.enabled = true;}
	::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = true;}
	::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = false;}
	::duktape::eval $jsHandle {cackeySSHAgentFeatures.legacy = false;}
	::duktape::eval $jsHandle {
		function connection(callback) {
			this.sender = {
				id: "pnhechapfaindjhompbnflcldabbghjo"
			};
			this.onMessage = {
				listeners: [],
336
337
338
339
340
341
342

343



344
345
346
347
348
349
350
359
360
361
362
363
364
365
366

367
368
369
370
371
372
373
374
375
376







+
-
+
+
+







		puts stderr "ERROR: $::errorInfo"
		close $sock
	}
}

proc incomingConnection {sock args} {
	if {[catch {
		if {![info exists ::jsHandle]} {
		set jsHandle [initSSHAgent]
			set ::jsHandle [initSSHAgent]
		}
		set jsHandle $::jsHandle

		::duktape::eval $jsHandle {var socket = new connection(handleDataFromAgent);}
		::duktape::eval $jsHandle "socket.handle = \"$sock\";"
		::duktape::eval $jsHandle {chrome.runtime.externalConnect(socket);}

		fconfigure $sock -translation binary -encoding binary -blocking true
		fileevent $sock readable [list handleData $sock $jsHandle]