# # # patch "cmd_agent.cc" # from [039dc49d3a42a45e894571e9d09e9416319ad39e] # to [3d88573490bfeabb9c5b441c065facdbcbda2663] # # patch "key_store.cc" # from [f61ede1345701254c293cd7410c8abce4e9c8be2] # to [271e3ecac273faa7a7d0957037dde742875c323a] # # patch "keys.cc" # from [8ff512bb3363e0a9ce3c44b4b06437007a5ff53c] # to [96067cb8ad18c9df8ff49c0286a5053cf63ede54] # ============================================================ --- cmd_agent.cc 039dc49d3a42a45e894571e9d09e9416319ad39e +++ cmd_agent.cc 3d88573490bfeabb9c5b441c065facdbcbda2663 @@ -35,9 +35,9 @@ agent_export(string const & name, app_st app.keys.get_key_ids(idx(args,0)(), keys); for (vector::const_iterator i = keys.begin(); i != keys.end(); ++i) { + app.keys.get_key_pair(*i, key); shared_ptr priv = get_private_key(app.lua, *i, key.priv); - utf8 new_phrase; get_passphrase(app.lua, *i, new_phrase, true, true, "enter new passphrase"); Pipe p; ============================================================ --- key_store.cc f61ede1345701254c293cd7410c8abce4e9c8be2 +++ key_store.cc 271e3ecac273faa7a7d0957037dde742875c323a @@ -5,7 +5,6 @@ #include "packet.hh" #include "keys.hh" #include "globish.hh" -#include "ssh_agent.hh" using std::make_pair; using std::istringstream; ============================================================ --- keys.cc 8ff512bb3363e0a9ce3c44b4b06437007a5ff53c +++ keys.cc 96067cb8ad18c9df8ff49c0286a5053cf63ede54 @@ -357,48 +357,55 @@ make_signature(app_state & app, E(!app.opts.ssh_sign.empty(), F("--ssh-sign requires a value ['yes', 'no', or 'check']")); E(app.opts.ssh_sign == "yes" || app.opts.ssh_sign == "no" || app.opts.ssh_sign == "check", F("--ssh-sign must be set to 'yes', 'no', or 'check'")); + + keypair key; + app.keys.get_key_pair(id, key); + string sig_string; + //sign with ssh-agent (if connected) if (app.opts.ssh_sign == "yes" || app.opts.ssh_sign == "check") { scoped_ptr a(new ssh_agent()); a->connect(); vector ssh_keys = a->get_keys(); - vector mtn_keys; - keypair key; - app.keys.get_keys(mtn_keys); - for (vector::const_iterator - i = mtn_keys.begin(); i != mtn_keys.end(); ++i) { - app.keys.get_key_pair(*i, key); - rsa_pub_key pub; - decode_base64(key.pub, pub); - SecureVector pub_block; - pub_block.set(reinterpret_cast(pub().data()), pub().size()); - L(FL("building verifier for %d-byte pub key") % pub_block.size()); - shared_ptr x509_key = + if (ssh_keys.size() <= 0) { + L(FL("make_signature: no rsa keys received from ssh-agent")); + } else { + vector mtn_keys; + app.keys.get_keys(mtn_keys); + for (vector::const_iterator + i = mtn_keys.begin(); i != mtn_keys.end(); ++i) { + //grab the monotone public key as an RSA_PublicKey + app.keys.get_key_pair(*i, key); + rsa_pub_key pub; + decode_base64(key.pub, pub); + SecureVector pub_block; + pub_block.set(reinterpret_cast(pub().data()), pub().size()); + L(FL("make_signature: building %d-byte pub key") % pub_block.size()); + shared_ptr x509_key = shared_ptr(Botan::X509::load_key(pub_block)); - shared_ptr pub_key = shared_dynamic_cast(x509_key); - if (!pub_key) - throw informative_failure("Failed to get RSA verifying key"); + shared_ptr pub_key = shared_dynamic_cast(x509_key); - if (ssh_keys.size() <= 0) { - L(FL("make_signature: no rsa keys received from ssh-agent")); - break; - } - for (vector::const_iterator - si = ssh_keys.begin(); si != ssh_keys.end(); ++si) { - if ((*pub_key).get_e() == (*si).get_e() - && (*pub_key).get_n() == (*si).get_n()) { - L(FL(" ssh key matches monotone key")); - a->sign_data(*si, tosign, sig_string); + if (!pub_key) + throw informative_failure("Failed to get monotone RSA public key"); + + //if monotone key matches ssh-agent key, sign with ssh-agent + for (vector::const_iterator + si = ssh_keys.begin(); si != ssh_keys.end(); ++si) { + if ((*pub_key).get_e() == (*si).get_e() + && (*pub_key).get_n() == (*si).get_n()) { + L(FL("make_signature: ssh key matches monotone key, signing with ssh-agent")); + a->sign_data(*si, tosign, sig_string); + break; + } + } + if (sig_string.length() > 0) { break; } } - if (sig_string.length() > 0) { - break; + if (sig_string.length() <= 0) { + L(FL("make_signature: monotone and ssh-agent keys do not match, will use monotone signing")); } } - if (sig_string.length() <= 0) { - L(FL("make_signature: monotone and ssh-agent keys do not match, will use monotone signing")); - } } string ssh_sig = sig_string; if (ssh_sig.length() <= 0 || app.opts.ssh_sign == "check") { // || app.opts.ssh_sign == "no" @@ -434,12 +441,21 @@ make_signature(app_state & app, } if (app.opts.ssh_sign == "check" && ssh_sig.length() > 0) { - E(ssh_sig == sig_string, F("make_signature: ssh signature (%i) != monotone sugnature (%i)\nssh signature : %s\nmonotone signature: %s") % ssh_sig.length() % sig_string.length() % encode_hexenc(ssh_sig) % encode_hexenc(sig_string)); + E(ssh_sig == sig_string, + F("make_signature: ssh signature (%i) != monotone signature (%i)\n" + "ssh signature : %s\n" + "monotone signature: %s") + % ssh_sig.length() + % sig_string.length() + % encode_hexenc(ssh_sig) + % encode_hexenc(sig_string)); L(FL("make_signature: signatures from ssh-agent and monotone are the same")); } - - L(FL("produced %d-byte signature") % sig_string.size()); + + L(FL("make_signature: produced %d-byte signature") % sig_string.size()); encode_base64(rsa_sha1_signature(sig_string), signature); + + E(check_signature(app, id, key.pub, tosign, signature), F("make_signature: signature is not valid")); } bool