2 files changed, 46 insertions, 38 deletions

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 9afb92943..1f4edace5 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.184 2019/12/30 03:30:09 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.185 2019/12/30 09:49:52 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -48,10 +48,10 @@
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
 .Op Fl m Ar format
+.Op Fl O Ar option
 .Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
 .Op Fl N Ar new_passphrase
 .Op Fl w Ar provider
-.Op Fl x Ar flags
 .Nm ssh-keygen
 .Fl p
 .Op Fl f Ar keyfile
@@ -453,7 +453,28 @@ listed in the
 .Sx MODULI GENERATION
 section may be specified.
 .Pp
-This option may be specified multiple times.
+When generating a key that will be hosted on a FIDO authenticator, this
+flag may be used to specify key-specific options.
+Two FIDO authenticator options are supported at present:
+.Pp
+.Cm no-touch-required
+indicates that the generated private key should not require touch
+events (user presence) when making signatures.
+Note that
+.Xr sshd 8
+will refuse such signatures by default, unless overridden via
+an authorized_keys option.
+.Pp
+.Cm resident
+indicates that the key should be stored on the FIDO authenticator itself.
+Resident keys may be supported on FIDO2 tokens and typically require that
+a PIN be set on the token prior to generation.
+Resident keys may be loaded off the token using
+.Xr ssh-add 1 .
+.Pp
+The
+.Fl O
+option may be specified multiple times.
 .It Fl P Ar passphrase
 Provides the (old) passphrase.
 .It Fl p
@@ -573,18 +594,6 @@ The maximum is 3.
 Specifies a path to a library that will be used when creating
 FIDO authenticator-hosted keys, overriding the default of using
 the internal USB HID support.
-.It Fl x Ar flags
-Specifies the authenticator flags to use when enrolling an authenticator-hosted
-key.
-Flags may be specified by name or directly as a hexadecimal value.
-Only one named flag is supported at present:
-.Cm no-touch-required ,
-which indicates that the generated private key should not require touch
-events (user presence) when making signatures.
-Note that
-.Xr sshd 8
-will refuse such signatures by default, unless overridden via
-an authorized_keys option.
 .It Fl Y Cm check-novalidate
 Checks that a signature generated using
 .Nm
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 696891e0e..3640a3c37 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.379 2019/12/30 09:24:45 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.380 2019/12/30 09:49:52 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2932,7 +2932,7 @@ main(int argc, char **argv)
         int prefer_agent = 0, convert_to = 0, convert_from = 0;
         int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
         int do_gen_candidates = 0, do_screen_candidates = 0;
-        unsigned long long ull, cert_serial = 0;
+        unsigned long long cert_serial = 0;
         char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL;
         size_t i, nopts = 0;
         u_int32_t bits = 0;
@@ -2965,10 +2965,10 @@ main(int argc, char **argv)
 
         sk_provider = getenv("SSH_SK_PROVIDER");
 
-        /* Remaining characters: dGjJKSTW */
+        /* Remaining characters: dGjJKSTWx */
         while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvy"
             "C:D:E:F:I:M:N:O:P:R:V:Y:Z:"
-            "a:b:f:g:m:n:r:s:t:w:x:z:")) != -1) {
+            "a:b:f:g:m:n:r:s:t:w:z:")) != -1) {
                 switch (opt) {
                 case 'A':
                         gen_all_hostkeys = 1;
@@ -3130,25 +3130,6 @@ main(int argc, char **argv)
                 case 'w':
                         sk_provider = optarg;
                         break;
-                case 'x':
-                        if (*optarg == '\0')
-                                fatal("Missing security key flags");
-                        if (strcasecmp(optarg, "no-touch-required") == 0)
-                                sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
-                        else if (strcasecmp(optarg, "resident") == 0)
-                                sk_flags |= SSH_SK_RESIDENT_KEY;
-                        else {
-                                ull = strtoull(optarg, &ep, 0);
-                                if (*ep != '\0')
-                                        fatal("Security key flags \"%s\" is "
-                                            "not a number", optarg);
-                                if (ull > 0xff) {
-                                        fatal("Invalid security key "
-                                            "flags 0x%llx", ull);
-                                }
-                                sk_flags = (uint8_t)ull;
-                        }
-                        break;
                 case 'z':
                         errno = 0;
                         if (*optarg == '+') {
@@ -3361,6 +3342,20 @@ main(int argc, char **argv)
         switch (type) {
         case KEY_ECDSA_SK:
         case KEY_ED25519_SK:
+                for (i = 0; i < nopts; i++) {
+                        if (strcasecmp(opts[i], "no-touch-required") == 0) {
+                                sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
+                        } else if (strcasecmp(opts[i], "resident") == 0) {
+                                sk_flags |= SSH_SK_RESIDENT_KEY;
+                        } else {
+                                fatal("Option \"%s\" is unsupported for "
+                                    "FIDO authenticator enrollment", opts[i]);
+                        }
+                }
+                if (!quiet) {
+                        printf("You may need to touch your security key "
+                            "to authorize key generation.\n");
+                }
                 passphrase1 = NULL;
                 for (i = 0 ; i < 3; i++) {
                         if (!quiet) {
@@ -3375,9 +3370,13 @@ main(int argc, char **argv)
                                 break;
                         if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
                                 exit(1); /* error message already printed */
+                        if (passphrase1 != NULL)
+                                freezero(passphrase1, strlen(passphrase1));
                         passphrase1 = read_passphrase("Enter PIN for security "
                             "key: ", RP_ALLOW_STDIN);
                 }
+                if (passphrase1 != NULL)
+                        freezero(passphrase1, strlen(passphrase1));
                 if (i > 3)
                         fatal("Too many incorrect PINs");
                 break;