diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-12 22:36:44 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-13 10:15:47 +1100 |
commit | e44bb61824e36d0d181a08489c16c378c486a974 (patch) | |
tree | 5993043d43eb51fe1f33d95466e01dc7bee751e2 | |
parent | 4671211068441519011ac0e38c588317f4157ba1 (diff) |
upstream: security keys typically need to be tapped/touched in
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.
ok markus@
OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
-rw-r--r-- | ssh-agent.c | 13 | ||||
-rw-r--r-- | ssh-keygen.c | 14 | ||||
-rw-r--r-- | sshconnect2.c | 17 |
3 files changed, 38 insertions, 6 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index dd9f85ae7..eb17b18b2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.240 2019/11/12 19:33:08 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -289,9 +289,10 @@ provider_sign(const char *provider, struct sshkey *key, | |||
289 | { | 289 | { |
290 | int status, pair[2], r = SSH_ERR_INTERNAL_ERROR; | 290 | int status, pair[2], r = SSH_ERR_INTERNAL_ERROR; |
291 | pid_t pid; | 291 | pid_t pid; |
292 | char *helper, *verbosity = NULL; | 292 | char *helper, *verbosity = NULL, *fp = NULL; |
293 | struct sshbuf *kbuf, *req, *resp; | 293 | struct sshbuf *kbuf, *req, *resp; |
294 | u_char version; | 294 | u_char version; |
295 | struct notifier_ctx *notifier = NULL; | ||
295 | 296 | ||
296 | debug3("%s: start for provider %s", __func__, provider); | 297 | debug3("%s: start for provider %s", __func__, provider); |
297 | 298 | ||
@@ -344,10 +345,17 @@ provider_sign(const char *provider, struct sshkey *key, | |||
344 | error("%s: send: %s", __func__, ssh_err(r)); | 345 | error("%s: send: %s", __func__, ssh_err(r)); |
345 | goto out; | 346 | goto out; |
346 | } | 347 | } |
348 | if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, | ||
349 | SSH_FP_DEFAULT)) == NULL) | ||
350 | fatal("%s: sshkey_fingerprint failed", __func__); | ||
351 | notifier = notify_start(0, | ||
352 | "Confirm user presence for key %s %s", sshkey_type(key), fp); | ||
347 | if ((r = ssh_msg_recv(pair[0], resp)) != 0) { | 353 | if ((r = ssh_msg_recv(pair[0], resp)) != 0) { |
348 | error("%s: receive: %s", __func__, ssh_err(r)); | 354 | error("%s: receive: %s", __func__, ssh_err(r)); |
349 | goto out; | 355 | goto out; |
350 | } | 356 | } |
357 | notify_complete(notifier); | ||
358 | notifier = NULL; | ||
351 | if ((r = sshbuf_get_u8(resp, &version)) != 0) { | 359 | if ((r = sshbuf_get_u8(resp, &version)) != 0) { |
352 | error("%s: parse version: %s", __func__, ssh_err(r)); | 360 | error("%s: parse version: %s", __func__, ssh_err(r)); |
353 | goto out; | 361 | goto out; |
@@ -375,6 +383,7 @@ provider_sign(const char *provider, struct sshkey *key, | |||
375 | if (errno != EINTR) | 383 | if (errno != EINTR) |
376 | fatal("%s: waitpid: %s", __func__, ssh_err(r)); | 384 | fatal("%s: waitpid: %s", __func__, ssh_err(r)); |
377 | } | 385 | } |
386 | notify_complete(notifier); | ||
378 | if (!WIFEXITED(status)) { | 387 | if (!WIFEXITED(status)) { |
379 | error("%s: helper %s exited abnormally", __func__, helper); | 388 | error("%s: helper %s exited abnormally", __func__, helper); |
380 | if (r == 0) | 389 | if (r == 0) |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7b8dce7d8..46d642e17 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.362 2019/11/12 19:33:08 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.363 2019/11/12 22:36:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2506,8 +2506,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, | |||
2506 | { | 2506 | { |
2507 | struct sshbuf *sigbuf = NULL, *abuf = NULL; | 2507 | struct sshbuf *sigbuf = NULL, *abuf = NULL; |
2508 | int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno; | 2508 | int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno; |
2509 | char *wfile = NULL; | 2509 | char *wfile = NULL, *asig = NULL, *fp = NULL; |
2510 | char *asig = NULL; | ||
2511 | 2510 | ||
2512 | if (!quiet) { | 2511 | if (!quiet) { |
2513 | if (fd == STDIN_FILENO) | 2512 | if (fd == STDIN_FILENO) |
@@ -2515,6 +2514,15 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, | |||
2515 | else | 2514 | else |
2516 | fprintf(stderr, "Signing file %s\n", filename); | 2515 | fprintf(stderr, "Signing file %s\n", filename); |
2517 | } | 2516 | } |
2517 | if (signer == NULL && sshkey_is_sk(signkey) && | ||
2518 | (signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { | ||
2519 | if ((fp = sshkey_fingerprint(signkey, fingerprint_hash, | ||
2520 | SSH_FP_DEFAULT)) == NULL) | ||
2521 | fatal("%s: sshkey_fingerprint failed", __func__); | ||
2522 | fprintf(stderr, "Confirm user presence for key %s %s\n", | ||
2523 | sshkey_type(signkey), fp); | ||
2524 | free(fp); | ||
2525 | } | ||
2518 | if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, | 2526 | if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, |
2519 | &sigbuf, signer, signer_ctx)) != 0) { | 2527 | &sigbuf, signer, signer_ctx)) != 0) { |
2520 | error("Signing %s failed: %s", filename, ssh_err(r)); | 2528 | error("Signing %s failed: %s", filename, ssh_err(r)); |
diff --git a/sshconnect2.c b/sshconnect2.c index 4e5cddf14..c8db626df 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.311 2019/11/12 19:33:08 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.312 2019/11/12 22:36:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -73,6 +73,7 @@ | |||
73 | #include "ssherr.h" | 73 | #include "ssherr.h" |
74 | #include "utf8.h" | 74 | #include "utf8.h" |
75 | #include "ssh-sk.h" | 75 | #include "ssh-sk.h" |
76 | #include "sk-api.h" | ||
76 | 77 | ||
77 | #ifdef GSSAPI | 78 | #ifdef GSSAPI |
78 | #include "ssh-gss.h" | 79 | #include "ssh-gss.h" |
@@ -1149,6 +1150,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1149 | { | 1150 | { |
1150 | struct sshkey *sign_key = NULL, *prv = NULL; | 1151 | struct sshkey *sign_key = NULL, *prv = NULL; |
1151 | int r = SSH_ERR_INTERNAL_ERROR; | 1152 | int r = SSH_ERR_INTERNAL_ERROR; |
1153 | struct notifier_ctx *notifier = NULL; | ||
1154 | char *fp = NULL; | ||
1152 | 1155 | ||
1153 | *sigp = NULL; | 1156 | *sigp = NULL; |
1154 | *lenp = 0; | 1157 | *lenp = 0; |
@@ -1177,12 +1180,24 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1177 | goto out; | 1180 | goto out; |
1178 | } | 1181 | } |
1179 | sign_key = prv; | 1182 | sign_key = prv; |
1183 | if (sshkey_is_sk(sign_key) && | ||
1184 | (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { | ||
1185 | /* XXX match batch mode should just skip these keys? */ | ||
1186 | if ((fp = sshkey_fingerprint(sign_key, | ||
1187 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) | ||
1188 | fatal("%s: sshkey_fingerprint", __func__); | ||
1189 | notifier = notify_start(options.batch_mode, | ||
1190 | "Confirm user presence for key %s %s", | ||
1191 | sshkey_type(sign_key), fp); | ||
1192 | free(fp); | ||
1193 | } | ||
1180 | } | 1194 | } |
1181 | if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, | 1195 | if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, |
1182 | alg, options.sk_provider, compat)) != 0) { | 1196 | alg, options.sk_provider, compat)) != 0) { |
1183 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); | 1197 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
1184 | goto out; | 1198 | goto out; |
1185 | } | 1199 | } |
1200 | notify_complete(notifier); | ||
1186 | /* | 1201 | /* |
1187 | * PKCS#11 tokens may not support all signature algorithms, | 1202 | * PKCS#11 tokens may not support all signature algorithms, |
1188 | * so check what we get back. | 1203 | * so check what we get back. |