diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-06-21 04:21:04 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-06-21 14:24:35 +1000 |
commit | 4f7a56d5e02e3d04ab69eac1213817a7536d0562 (patch) | |
tree | b17da67f20831b53f9b00c6647c5eb1bdf88d626 /sshkey.h | |
parent | 4cd6b12cc9c10bf59c8b425041f3ea5091285a0f (diff) |
upstream: Add protection for private keys at rest in RAM against
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
Diffstat (limited to 'sshkey.h')
-rw-r--r-- | sshkey.h | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.31 2019/01/20 22:51:37 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.32 2019/06/21 04:21:05 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -123,6 +123,10 @@ struct sshkey { | |||
123 | u_char *xmss_sk; | 123 | u_char *xmss_sk; |
124 | u_char *xmss_pk; | 124 | u_char *xmss_pk; |
125 | struct sshkey_cert *cert; | 125 | struct sshkey_cert *cert; |
126 | u_char *shielded_private; | ||
127 | size_t shielded_len; | ||
128 | u_char *shield_prekey; | ||
129 | size_t shield_prekey_len; | ||
126 | }; | 130 | }; |
127 | 131 | ||
128 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | 132 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES |
@@ -146,6 +150,11 @@ u_int sshkey_size(const struct sshkey *); | |||
146 | 150 | ||
147 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); | 151 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); |
148 | int sshkey_from_private(const struct sshkey *, struct sshkey **); | 152 | int sshkey_from_private(const struct sshkey *, struct sshkey **); |
153 | |||
154 | int sshkey_is_shielded(struct sshkey *); | ||
155 | int sshkey_shield_private(struct sshkey *); | ||
156 | int sshkey_unshield_private(struct sshkey *); | ||
157 | |||
149 | int sshkey_type_from_name(const char *); | 158 | int sshkey_type_from_name(const char *); |
150 | int sshkey_is_cert(const struct sshkey *); | 159 | int sshkey_is_cert(const struct sshkey *); |
151 | int sshkey_type_is_cert(int); | 160 | int sshkey_type_is_cert(int); |
@@ -161,7 +170,7 @@ int sshkey_check_cert_sigtype(const struct sshkey *, const char *); | |||
161 | 170 | ||
162 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); | 171 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); |
163 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ | 172 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ |
164 | typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, | 173 | typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, |
165 | const u_char *, size_t, const char *, u_int, void *); | 174 | const u_char *, size_t, const char *, u_int, void *); |
166 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, | 175 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, |
167 | sshkey_certify_signer *, void *); | 176 | sshkey_certify_signer *, void *); |
@@ -192,7 +201,7 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, | |||
192 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 201 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
193 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 202 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
194 | 203 | ||
195 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 204 | int sshkey_sign(struct sshkey *, u_char **, size_t *, |
196 | const u_char *, size_t, const char *, u_int); | 205 | const u_char *, size_t, const char *, u_int); |
197 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 206 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
198 | const u_char *, size_t, const char *, u_int); | 207 | const u_char *, size_t, const char *, u_int); |
@@ -204,8 +213,8 @@ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | |||
204 | void sshkey_dump_ec_key(const EC_KEY *); | 213 | void sshkey_dump_ec_key(const EC_KEY *); |
205 | 214 | ||
206 | /* private key parsing and serialisation */ | 215 | /* private key parsing and serialisation */ |
207 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | 216 | int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); |
208 | int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, | 217 | int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, |
209 | enum sshkey_serialize_rep); | 218 | enum sshkey_serialize_rep); |
210 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | 219 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); |
211 | 220 | ||
@@ -231,7 +240,7 @@ int sshkey_set_filename(struct sshkey *, const char *); | |||
231 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); | 240 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); |
232 | u_int32_t sshkey_signatures_left(const struct sshkey *); | 241 | u_int32_t sshkey_signatures_left(const struct sshkey *); |
233 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); | 242 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); |
234 | int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, | 243 | int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, |
235 | u_int32_t maxsign, sshkey_printfn *pr); | 244 | u_int32_t maxsign, sshkey_printfn *pr); |
236 | 245 | ||
237 | #ifdef SSHKEY_INTERNAL | 246 | #ifdef SSHKEY_INTERNAL |