src: Implements PKCS11 URI support

Imports private and public keys from the engine via PKCS11 URIs. Uses the imported keys to authenticate to the ssh server. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-06 18:29:50 +09:00 · 2019-12-18 22:53:04 +01:00
parent 6bf4ada240
commit 4ea09256f6
7 changed files with 232 additions and 2 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -1055,12 +1055,28 @@ int ssh_userauth_publickey_auto(ssh_session session,
    while (state->it != NULL) {
        const char *privkey_file = state->it->data;
        char pubkey_file[1024] = {0};
+
        if (state->state == SSH_AUTH_AUTO_STATE_PUBKEY) {
            SSH_LOG(SSH_LOG_DEBUG,
                    "Trying to authenticate with %s", privkey_file);
            state->privkey = NULL;
            state->pubkey = NULL;
-            snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
+
+            if (ssh_pki_is_uri(privkey_file)) {
+                char *pub_uri_from_priv = NULL;
+                SSH_LOG(SSH_LOG_INFO,
+                        "Authenticating with PKCS #11 URI.");
+                pub_uri_from_priv = ssh_pki_export_pub_uri_from_priv_uri(privkey_file);
+                if (pub_uri_from_priv == NULL) {
+                    return SSH_ERROR;
+                } else {
+                    snprintf(pubkey_file, sizeof(pubkey_file), "%s",
+                             pub_uri_from_priv);
+                    SAFE_FREE(pub_uri_from_priv);
+                }
+            } else {
+                snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
+            }

            rc = ssh_pki_import_pubkey_file(pubkey_file, &state->pubkey);
            if (rc == SSH_ERROR) {