commit | c0506d92c455270e65de7a7142b887668a4e1e0c | [log] [tgz] |
---|---|---|
author | Fabian Henneke <fabian@henneke.me> | Sun Jul 02 07:57:22 2017 |
committer | Mike Frysinger <vapier@chromium.org> | Sun Sep 03 23:31:15 2017 |
tree | 4a42e8d9751b946978098c157422a581273fe7cf | |
parent | f1fccf1ba6a15270518f1672d23ff38365c350c2 [diff] |
nassh: Add an agent backend for smart card keys Implements a 'gsc' backend for the SSH agent introduced in the previous commit. This backend enables the use of private keys stored on OpenPGP-enabled smart cards for SSH authentication. It relies on the Google Smart Card Connector client library to communicate with the Smart Card Connector app (khpfeaanjngmcnplbdlpegiifgpfgdco), which offers an NaCl port of PCSC-Lite and works with many popular smart cards. So far, only the requests SSH_AGENTC_REQUEST_IDENTITIES and SSH_AGENTC_SIGN_REQUEST are supported, together with their respective responses. When asked for SSH identities, the backend will read the authentication subkeys from all connected smart card readers. The backend only supports the OpenPGP applet and thus only identities of 'ssh-rsa' type. Support for the PIV applet and ECC identities can be added with only minor changes to the overall structure. The implementation introduces the following new classes: * nassh.agent.backends.GSC: Implementation of the interface nassh.agent.Backend which provides SSH identities stored on smart cards. * nassh.agent.backends.GSC.CommandAPDU: Represents command APDUs used in smart card communication. * nassh.agent.backends.GSC.DataObject: Represents a data object stored on a smart card. * nassh.agent.backends.GSC.SmartCardManager: Manages the lifecycle of a connection to a smart card reader and provides convenience functions for the command APDUs used in the SSH authentication scheme. * nassh.agent.backends.GSC.StatusBytes: Represents status bytes returned by smart cards. BUG=chromium:712699 Change-Id: I1a650141a7047e7973d4702df185ea5f55592300 Reviewed-on: https://chromium-review.googlesource.com/550116 Tested-by: Fabian Henneke <fabian.henneke@gmail.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>
This repository contains the libdot JavaScript library and some web applications that make use of it.
The official copy of this repository is hosted at https://chromium.googlesource.com/apps/libapps.
There is also a mirror on github at https://github.com/libapps/libapps-mirror. Keep in mind that this mirror may occasionally be behind the official repository.
All changes must go through the Gerrit code review server on https://chromium-review.googlesource.com. Github pull requests cannot be accepted. Please see the HACK.md document in this directory for the details.
libdot/ is a small set of JS libraries initially developed as part of hterm, now available as shared code. It provides a base layer for web applications. The code is intended to work in any modern browser, in either a plain web page or a “privileged” environment such as a Chrome platform application or Firefox extension. In practice, it's only been put to use in Chrome platform applications so far.
hterm/ is a JS library that provides a terminal emulator. It is reasonably fast, reasonably correct, and reasonably portable across browsers.
nassh/ is the Secure Shell Chrome App (currently a “v1.5” app, soon to become a “v2” or platform app) that combines hterm with a NaCl build of OpenSSH to provide a PuTTY-like app for Chrome users.
ssh_client/ is the NaCl port of OpenSSH. It is used by nassh to create the Secure Shell App.
wash/ is a library for cross-origin virtual filesystems, similar to the Plan 9 filesystem. This directory also contains a simple bash-like shell environment for exploring these filesystems. The code in this directory is a work-in-progress.