diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-10-31 21:22:01 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-01 09:46:09 +1100 |
commit | 07da39f71d36fb547749a5b16aa8892e621a7e4a (patch) | |
tree | dd75cbd723102d887bc11f781cc0a23eee6b2f2f /ssh-sk-helper.c | |
parent | eebec620c9519c4839d781c4d5b6082152998f82 (diff) |
upstream: ssh-agent support for U2F/FIDO keys
feedback & ok markus@
OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
Diffstat (limited to 'ssh-sk-helper.c')
-rw-r--r-- | ssh-sk-helper.c | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c new file mode 100644 index 000000000..0a0c92a44 --- /dev/null +++ b/ssh-sk-helper.c | |||
@@ -0,0 +1,143 @@ | |||
1 | /* $OpenBSD: ssh-sk-helper.c,v 1.1 2019/10/31 21:22:01 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2019 Google LLC | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | /* | ||
19 | * This is a tiny program used to isolate the address space used for | ||
20 | * security key middleware signing operations from ssh-agent. It is similar | ||
21 | * to ssh-pkcs11-helper.c but considerably simpler as the signing operation | ||
22 | * for this case are stateless. | ||
23 | * | ||
24 | * It receives a signing request (key, provider, message, flags) from | ||
25 | * stdin, attempts to perform a signature using the security key provider | ||
26 | * and returns the resultant signature via stdout. | ||
27 | * | ||
28 | * In the future, this program might gain additional functions to support | ||
29 | * FIDO2 tokens such as enumerating resident keys. When this happens it will | ||
30 | * be necessary to crank SSH_SK_HELPER_VERSION below. | ||
31 | */ | ||
32 | |||
33 | #include "includes.h" | ||
34 | |||
35 | #include <stdarg.h> | ||
36 | #include <stdio.h> | ||
37 | #include <stdlib.h> | ||
38 | #include <string.h> | ||
39 | #include <unistd.h> | ||
40 | #include <errno.h> | ||
41 | |||
42 | #include "xmalloc.h" | ||
43 | #include "log.h" | ||
44 | #include "sshkey.h" | ||
45 | #include "authfd.h" | ||
46 | #include "misc.h" | ||
47 | #include "sshbuf.h" | ||
48 | #include "msg.h" | ||
49 | #include "uidswap.h" | ||
50 | #include "sshkey.h" | ||
51 | #include "ssherr.h" | ||
52 | #include "ssh-sk.h" | ||
53 | |||
54 | extern char *__progname; | ||
55 | |||
56 | int | ||
57 | main(int argc, char **argv) | ||
58 | { | ||
59 | SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; | ||
60 | LogLevel log_level = SYSLOG_LEVEL_ERROR; | ||
61 | struct sshbuf *req, *resp, *kbuf; | ||
62 | struct sshkey *key; | ||
63 | uint32_t compat; | ||
64 | const u_char *message; | ||
65 | u_char version, *sig; | ||
66 | size_t msglen, siglen; | ||
67 | char *provider; | ||
68 | int in, out, ch, r, log_stderr = 0; | ||
69 | |||
70 | sanitise_stdfd(); | ||
71 | log_init(__progname, log_level, log_facility, log_stderr); | ||
72 | |||
73 | while ((ch = getopt(argc, argv, "v")) != -1) { | ||
74 | switch (ch) { | ||
75 | case 'v': | ||
76 | log_stderr = 1; | ||
77 | if (log_level == SYSLOG_LEVEL_ERROR) | ||
78 | log_level = SYSLOG_LEVEL_DEBUG1; | ||
79 | else if (log_level < SYSLOG_LEVEL_DEBUG3) | ||
80 | log_level++; | ||
81 | break; | ||
82 | default: | ||
83 | fprintf(stderr, "usage: %s [-v]\n", __progname); | ||
84 | exit(1); | ||
85 | } | ||
86 | } | ||
87 | log_init(__progname, log_level, log_facility, log_stderr); | ||
88 | |||
89 | /* | ||
90 | * Rearrange our file descriptors a little; we don't trust the | ||
91 | * providers not to fiddle with stdin/out. | ||
92 | */ | ||
93 | closefrom(STDERR_FILENO + 1); | ||
94 | if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1) | ||
95 | fatal("%s: dup: %s", __progname, strerror(errno)); | ||
96 | close(STDIN_FILENO); | ||
97 | close(STDOUT_FILENO); | ||
98 | sanitise_stdfd(); /* resets to /dev/null */ | ||
99 | |||
100 | if ((req = sshbuf_new()) == NULL || (resp = sshbuf_new()) == NULL) | ||
101 | fatal("%s: sshbuf_new failed", __progname); | ||
102 | if (ssh_msg_recv(in, req) < 0) | ||
103 | fatal("ssh_msg_recv failed"); | ||
104 | close(in); | ||
105 | debug("%s: received message len %zu", __progname, sshbuf_len(req)); | ||
106 | |||
107 | if ((r = sshbuf_get_u8(req, &version)) != 0) | ||
108 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
109 | if (version != SSH_SK_HELPER_VERSION) { | ||
110 | fatal("unsupported version: received %d, expected %d", | ||
111 | version, SSH_SK_HELPER_VERSION); | ||
112 | } | ||
113 | if ((r = sshbuf_froms(req, &kbuf)) != 0 || | ||
114 | (r = sshkey_private_deserialize(kbuf, &key)) != 0) | ||
115 | fatal("Unable to parse key: %s", ssh_err(r)); | ||
116 | if (sshkey_type_plain(key->type) != KEY_ECDSA_SK) | ||
117 | fatal("Unsupported key type %s", sshkey_ssh_name(key)); | ||
118 | |||
119 | if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || | ||
120 | (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 || | ||
121 | (r = sshbuf_get_u32(req, &compat)) != 0) | ||
122 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
123 | if (sshbuf_len(req) != 0) | ||
124 | fatal("%s: trailing data in request", __progname); | ||
125 | |||
126 | debug("%s: ready to sign with key %s, provider %s: " | ||
127 | "msg len %zu, compat 0x%lx", __progname, sshkey_type(key), | ||
128 | provider, msglen, (u_long)compat); | ||
129 | |||
130 | if ((r = sshsk_ecdsa_sign(provider, key, &sig, &siglen, | ||
131 | message, msglen, compat)) != 0) | ||
132 | fatal("Signing failed: %s", ssh_err(r)); | ||
133 | |||
134 | /* send reply */ | ||
135 | if ((r = sshbuf_put_string(resp, sig, siglen)) != 0) | ||
136 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | ||
137 | debug("%s: reply len %zu", __progname, sshbuf_len(resp)); | ||
138 | if (ssh_msg_send(out, SSH_SK_HELPER_VERSION, resp) == -1) | ||
139 | fatal("ssh_msg_send failed"); | ||
140 | close(out); | ||
141 | |||
142 | return (0); | ||
143 | } | ||