summaryrefslogtreecommitdiff
path: root/ssh-ecdsa-sk.c
AgeCommit message (Collapse)Author
2020-06-26upstream: some clarifying commentsdjm@openbsd.org
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
2020-06-22upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org
webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
2020-06-22upstream: refactor ECDSA-SK verification a little ahead of addingdjm@openbsd.org
support for FIDO webauthn signature verification support; ok markus@ OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
2020-01-20Fix building without openssl.Ruben Kerkhof
This fixes the following when there are no openssl headers on the system: ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
2019-12-15Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.Darren Tucker
Fixes build when linking against OpenSSLs built with no-ec.
2019-12-14remove a bunch of ENABLE_SK #ifdefsDamien Miller
The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
2019-11-27upstream: more debugging; behind DEBUG_SKdjm@openbsd.org
OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
2019-11-25upstream: Add new structure for signature optionsdjm@openbsd.org
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25upstream: memleak in error pathdjm@openbsd.org
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
2019-11-20Include openssl compat header.Darren Tucker
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
2019-11-20upstream: adjust on-wire signature encoding for ecdsa-sk keys todjm@openbsd.org
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
2019-11-01autoconf pieces for U2F supportDamien Miller
Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
2019-11-01upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7