From 02bb0768a937e50bbb236efc2bbdddb1991b1c85 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 31 Oct 2019 21:15:14 +0000 Subject: upstream: Initial infrastructure for U2F/FIDO support Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7 --- sshkey.c | 205 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 179 insertions(+), 26 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index ef90563b3..d87fee8ee 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.84 2019/10/09 00:04:42 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.85 2019/10/31 21:15:14 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -125,6 +125,8 @@ static const struct keytype keytypes[] = { { "ecdsa-sha2-nistp521", "ECDSA", NULL, KEY_ECDSA, NID_secp521r1, 0, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ + { "sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL, + KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 0 }, # endif /* OPENSSL_HAS_ECC */ { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, KEY_RSA_CERT, 0, 1, 0 }, @@ -143,6 +145,8 @@ static const struct keytype keytypes[] = { { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ + { "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, + KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ { NULL, NULL, NULL, -1, -1, 0, 0 } @@ -211,13 +215,26 @@ sshkey_type_from_name(const char *name) return KEY_UNSPEC; } +static int +key_type_is_ecdsa_variant(int type) +{ + switch (type) { + case KEY_ECDSA: + case KEY_ECDSA_CERT: + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: + return 1; + } + return 0; +} + int sshkey_ecdsa_nid_from_name(const char *name) { const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) + if (!key_type_is_ecdsa_variant(kt->type)) continue; if (kt->name != NULL && strcmp(name, kt->name) == 0) return kt->nid; @@ -313,6 +330,8 @@ sshkey_size(const struct sshkey *k) return BN_num_bits(dsa_p); case KEY_ECDSA: case KEY_ECDSA_CERT: + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -331,6 +350,7 @@ sshkey_type_is_valid_ca(int type) case KEY_RSA: case KEY_DSA: case KEY_ECDSA: + case KEY_ECDSA_SK: case KEY_ED25519: case KEY_XMSS: return 1; @@ -358,6 +378,8 @@ sshkey_type_plain(int type) return KEY_DSA; case KEY_ECDSA_CERT: return KEY_ECDSA; + case KEY_ECDSA_SK_CERT: + return KEY_ECDSA_SK; case KEY_ED25519_CERT: return KEY_ED25519; case KEY_XMSS_CERT: @@ -533,6 +555,8 @@ sshkey_new(int type) break; case KEY_ECDSA: case KEY_ECDSA_CERT: + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: /* Cannot do anything until we know the group */ break; #endif /* WITH_OPENSSL */ @@ -577,6 +601,12 @@ sshkey_free(struct sshkey *k) k->dsa = NULL; break; # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: + free(k->sk_application); + sshbuf_free(k->sk_key_handle); + sshbuf_free(k->sk_reserved); + /* FALLTHROUGH */ case KEY_ECDSA: case KEY_ECDSA_CERT: EC_KEY_free(k->ecdsa); @@ -676,6 +706,13 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) BN_cmp(dsa_g_a, dsa_g_b) == 0 && BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0; # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: + if (a->sk_application == NULL || b->sk_application == NULL) + return 0; + if (strcmp(a->sk_application, b->sk_application) != 0) + return 0; + /* FALLTHROUGH */ case KEY_ECDSA_CERT: case KEY_ECDSA: if (a->ecdsa == NULL || b->ecdsa == NULL || @@ -751,6 +788,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, #ifdef WITH_OPENSSL case KEY_DSA_CERT: case KEY_ECDSA_CERT: + case KEY_ECDSA_SK_CERT: case KEY_RSA_CERT: #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: @@ -777,6 +815,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: + case KEY_ECDSA_SK: if (key->ecdsa == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((ret = sshbuf_put_cstring(b, typename)) != 0 || @@ -784,6 +823,11 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) return ret; + if (type == KEY_ECDSA_SK) { + if ((ret = sshbuf_put_cstring(b, + key->sk_application)) != 0) + return ret; + } break; # endif case KEY_RSA: @@ -1217,7 +1261,7 @@ peek_type_nid(const char *s, size_t l, int *nid) continue; if (memcmp(s, kt->name, l) == 0) { *nid = -1; - if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT) + if (key_type_is_ecdsa_variant(kt->type)) *nid = kt->nid; return kt->type; } @@ -1243,9 +1287,11 @@ sshkey_read(struct sshkey *ret, char **cpp) case KEY_RSA: case KEY_DSA: case KEY_ECDSA: + case KEY_ECDSA_SK: case KEY_ED25519: case KEY_DSA_CERT: case KEY_ECDSA_CERT: + case KEY_ECDSA_SK_CERT: case KEY_RSA_CERT: case KEY_ED25519_CERT: #ifdef WITH_XMSS @@ -1302,7 +1348,7 @@ sshkey_read(struct sshkey *ret, char **cpp) sshkey_free(k); return SSH_ERR_KEY_TYPE_MISMATCH; } - if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) { + if (key_type_is_ecdsa_variant(type) && curve_nid != k->ecdsa_nid) { sshkey_free(k); return SSH_ERR_EC_CURVE_MISMATCH; } @@ -1346,6 +1392,19 @@ sshkey_read(struct sshkey *ret, char **cpp) k->ecdsa_nid = -1; #ifdef DEBUG_PK sshkey_dump_ec_key(ret->ecdsa); +#endif + break; + case KEY_ECDSA_SK: + EC_KEY_free(ret->ecdsa); + ret->ecdsa = k->ecdsa; + ret->ecdsa_nid = k->ecdsa_nid; + ret->sk_application = k->sk_application; + k->ecdsa = NULL; + k->ecdsa_nid = -1; + k->sk_application = NULL; +#ifdef DEBUG_PK + sshkey_dump_ec_key(ret->ecdsa); + fprintf(stderr, "App: %s\n", ret->sk_application); #endif break; # endif /* OPENSSL_HAS_ECC */ @@ -1747,15 +1806,14 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) #endif /* WITH_OPENSSL */ *pkp = NULL; + if ((n = sshkey_new(k->type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); DSA_get0_key(k->dsa, &dsa_pub_key, NULL); if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || @@ -1780,10 +1838,8 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } + case KEY_ECDSA_SK: + case KEY_ECDSA_SK_CERT: n->ecdsa_nid = k->ecdsa_nid; n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); if (n->ecdsa == NULL) { @@ -1795,14 +1851,15 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + if (k->type != KEY_ECDSA_SK && k->type != KEY_ECDSA_SK_CERT) + break; + /* Append security-key application string */ + if ((n->sk_application = strdup(k->sk_application)) == NULL) + goto out; break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: case KEY_RSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || (rsa_e_dup = BN_dup(rsa_e)) == NULL) { @@ -1818,10 +1875,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } if (k->ed25519_pk != NULL) { if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -1833,10 +1886,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: - if ((n = sshkey_new(k->type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) goto out; if (k->xmss_pk != NULL) { @@ -2329,6 +2378,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, #endif break; case KEY_ECDSA_CERT: + case KEY_ECDSA_SK_CERT: /* Skip nonce */ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; @@ -2337,6 +2387,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, /* FALLTHROUGH */ # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: + case KEY_ECDSA_SK: if ((key = sshkey_new(type)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -2377,6 +2428,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, #ifdef DEBUG_PK sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); #endif + if (type == KEY_ECDSA_SK || type == KEY_ECDSA_SK_CERT) { + /* Parse additional security-key application string */ + if (sshbuf_get_cstring(b, &key->sk_application, + NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + fprintf(stderr, "App: %s\n", key->sk_application); +#endif + } break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -2665,6 +2727,10 @@ sshkey_verify(const struct sshkey *key, case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); + case KEY_ECDSA_SK_CERT: + case KEY_ECDSA_SK: + return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, + compat); # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: @@ -2700,6 +2766,9 @@ sshkey_to_certified(struct sshkey *k) case KEY_ECDSA: newtype = KEY_ECDSA_CERT; break; + case KEY_ECDSA_SK: + newtype = KEY_ECDSA_SK_CERT; + break; #endif /* WITH_OPENSSL */ case KEY_ED25519: newtype = KEY_ED25519_CERT; @@ -2797,12 +2866,18 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: + case KEY_ECDSA_SK_CERT: if ((ret = sshbuf_put_cstring(cert, sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || (ret = sshbuf_put_ec(cert, EC_KEY_get0_public_key(k->ecdsa), EC_KEY_get0_group(k->ecdsa))) != 0) goto out; + if (k->type == KEY_ECDSA_SK_CERT) { + if ((ret = sshbuf_put_cstring(cert, + k->sk_application)) != 0) + goto out; + } break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: @@ -3082,6 +3157,28 @@ sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, EC_KEY_get0_private_key(key->ecdsa))) != 0) goto out; break; + case KEY_ECDSA_SK: + if ((r = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || + (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || + (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) + goto out; + break; + case KEY_ECDSA_SK_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || + (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) + goto out; + break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -3270,6 +3367,60 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshkey_ec_validate_private(k->ecdsa)) != 0) goto out; break; + case KEY_ECDSA_SK: + if ((k = sshkey_new(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) + goto out; + if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + r = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + if ((k->sk_key_handle = sshbuf_new()) == NULL || + (k->sk_reserved = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (k->ecdsa == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || + (r = sshbuf_get_cstring(buf, &k->sk_application, + NULL)) != 0 || + (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) + goto out; + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa))) != 0) + goto out; + break; + case KEY_ECDSA_SK_CERT: + if ((r = sshkey_froms(buf, &k)) != 0) + goto out; + if ((k->sk_key_handle = sshbuf_new()) == NULL || + (k->sk_reserved = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &k->sk_application, + NULL)) != 0 || + (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) + goto out; + if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa))) != 0) + goto out; + break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: if ((k = sshkey_new(type)) == NULL) { @@ -4090,6 +4241,9 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, #ifdef WITH_XMSS case KEY_XMSS: #endif /* WITH_XMSS */ +#ifdef WITH_OPENSSL + case KEY_ECDSA_SK: +#endif /* WITH_OPENSSL */ return sshkey_private_to_blob2(key, blob, passphrase, comment, openssh_format_cipher, openssh_format_rounds); default: @@ -4111,7 +4265,6 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, #endif /* WITH_OPENSSL */ } - #ifdef WITH_OPENSSL static int translate_libcrypto_error(unsigned long pem_err) -- cgit v1.2.3 From 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 31 Oct 2019 21:23:19 +0000 Subject: upstream: Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c --- krl.c | 4 ++-- monitor.c | 4 ++-- monitor_wrap.c | 8 +++++--- monitor_wrap.h | 4 ++-- ssh-agent.c | 7 ++++--- ssh-keygen.c | 18 +++++++++++------- ssh-keysign.c | 6 +++--- ssh_api.c | 9 +++++---- sshconnect2.c | 17 +++-------------- sshd.c | 8 ++++---- sshkey.c | 26 ++++++++++++++++++-------- sshkey.h | 11 ++++++----- sshsig.c | 21 +++++++++++---------- sshsig.h | 11 ++++++----- 14 files changed, 82 insertions(+), 72 deletions(-) (limited to 'sshkey.c') diff --git a/krl.c b/krl.c index a7f690955..89cb433bd 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.45 2019/10/31 21:23:19 djm Exp $ */ #include "includes.h" @@ -813,7 +813,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, goto out; if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, - sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) + sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0) goto out; KRL_DBG(("%s: signature sig len %zu", __func__, slen)); if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) diff --git a/monitor.c b/monitor.c index 00af44f98..a884d5f9d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.200 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -678,7 +678,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, - compat)) != 0) + NULL, compat)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && diff --git a/monitor_wrap.c b/monitor_wrap.c index 4169b7604..d20dc5191 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.114 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max) int mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) + const u_char *data, size_t datalen, const char *hostkey_alg, + const char *sk_provider, u_int compat) { struct kex *kex = *pmonitor->m_pkex; struct sshbuf *m; @@ -223,7 +224,8 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, int r; debug3("%s entering", __func__); - + if (sk_provider != NULL) + fatal("%s: sk_provider != NULL", __func__); if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshbuf_put_u32(m, ndx)) != 0 || diff --git a/monitor_wrap.h b/monitor_wrap.h index 191277f3a..76330fc60 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.42 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.43 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -45,7 +45,7 @@ int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); #endif int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int compat); + const u_char *, size_t, const char *, const char *, u_int compat); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); diff --git a/ssh-agent.c b/ssh-agent.c index 6bf9536fb..07f19c53a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.238 2019/10/31 21:22:01 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.239 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -430,12 +430,13 @@ process_sign_request2(SocketEntry *e) if ((r = provider_sign(id->sk_provider, id->key, &signature, &slen, data, dlen, agent_decode_alg(key, flags), compat)) != 0) { - error("%s: sshkey_sign: %s", __func__, ssh_err(r)); + error("%s: sign: %s", __func__, ssh_err(r)); goto send; } } else { if ((r = sshkey_sign(id->key, &signature, &slen, - data, dlen, agent_decode_alg(key, flags), compat)) != 0) { + data, dlen, agent_decode_alg(key, flags), + NULL, compat)) != 0) { error("%s: sshkey_sign: %s", __func__, ssh_err(r)); goto send; } diff --git a/ssh-keygen.c b/ssh-keygen.c index ad7a2b4e0..14bf2560d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.357 2019/10/31 21:17:09 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.358 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -577,8 +577,10 @@ do_convert_private_ssh2(struct sshbuf *b) error("%s: remaining bytes in key blob %d", __func__, rlen); /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { + if (sshkey_sign(key, &sig, &slen, data, sizeof(data), + NULL, NULL, 0) != 0 || + sshkey_verify(key, sig, slen, data, sizeof(data), + NULL, 0) != 0) { sshkey_free(key); free(sig); return NULL; @@ -1709,7 +1711,7 @@ load_pkcs11_key(char *path) static int agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) + const char *alg, const char *sk_provider, u_int compat, void *ctx) { int *agent_fdp = (int *)ctx; @@ -1821,11 +1823,13 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { if ((r = sshkey_certify_custom(public, ca, - key_type_name, agent_signer, &agent_fd)) != 0) + key_type_name, sk_provider, agent_signer, + &agent_fd)) != 0) fatal("Couldn't certify key %s via agent: %s", tmp, ssh_err(r)); } else { - if ((sshkey_certify(public, ca, key_type_name)) != 0) + if ((sshkey_certify(public, ca, key_type_name, + sk_provider)) != 0) fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); } @@ -2507,7 +2511,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, else fprintf(stderr, "Signing file %s\n", filename); } - if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, + if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) { error("Signing %s failed: %s", filename, ssh_err(r)); goto out; diff --git a/ssh-keysign.c b/ssh-keysign.c index 6cfd5b46c..d6aa6361d 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.61 2019/10/02 00:42:30 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.62 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -277,8 +277,8 @@ main(int argc, char **argv) sshkey_type(key), fp ? fp : ""); } - if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) - != 0) + if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, + NULL, NULL, 0)) != 0) fatal("sshkey_sign failed: %s", ssh_err(r)); free(data); diff --git a/ssh_api.c b/ssh_api.c index 03dac0982..e0b195521 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.19 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -54,7 +54,7 @@ int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, */ int use_privsep = 0; int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, - u_char *, u_int, char *, u_int); + const u_char *, u_int, const char *, const char *, u_int); #ifdef WITH_OPENSSL DH *mm_choose_dh(int, int, int); @@ -66,7 +66,8 @@ u_int session_id2_len = 0; int mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen, char *alg, u_int compat) + const u_char *data, u_int datalen, const char *alg, const char *sk_provider, + u_int compat) { return (-1); } @@ -568,5 +569,5 @@ _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, const u_char *data, size_t dlen, const char *alg) { return sshkey_sign(privkey, signature, slen, data, dlen, - alg, ssh->compat); + alg, NULL, ssh->compat); } diff --git a/sshconnect2.c b/sshconnect2.c index 62f0c3e76..867d463d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1178,19 +1178,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, } sign_key = prv; } - - if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) { - if (options.sk_provider == NULL) { - /* Shouldn't happen here; checked in pubkey_prepare() */ - fatal("%s: missing SecurityKeyProvider", __func__); - } - if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key, - sigp, lenp, data, datalen, compat)) != 0) { - debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r)); - goto out; - } - } else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, - alg, compat)) != 0) { + if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, + alg, options.sk_provider, compat)) != 0) { debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); goto out; } diff --git a/sshd.c b/sshd.c index cf7af1c61..e782a99f2 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.538 2019/10/29 07:47:27 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2209,17 +2209,17 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, if (use_privsep) { if (privkey) { if (mm_sshkey_sign(ssh, privkey, signature, slenp, - data, dlen, alg, ssh->compat) < 0) + data, dlen, alg, NULL, ssh->compat) < 0) fatal("%s: privkey sign failed", __func__); } else { if (mm_sshkey_sign(ssh, pubkey, signature, slenp, - data, dlen, alg, ssh->compat) < 0) + data, dlen, alg, NULL, ssh->compat) < 0) fatal("%s: pubkey sign failed", __func__); } } else { if (privkey) { if (sshkey_sign(privkey, signature, slenp, data, dlen, - alg, ssh->compat) < 0) + alg, NULL, ssh->compat) < 0) fatal("%s: privkey sign failed", __func__); } else { if ((r = ssh_agent_sign(auth_sock, pubkey, diff --git a/sshkey.c b/sshkey.c index d87fee8ee..4744dfbef 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.85 2019/10/31 21:15:14 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.86 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -57,6 +57,7 @@ #define SSHKEY_INTERNAL #include "sshkey.h" #include "match.h" +#include "ssh-sk.h" #ifdef WITH_XMSS #include "sshkey-xmss.h" @@ -2658,7 +2659,8 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, int sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg, u_int compat) + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, u_int compat) { int was_shielded = sshkey_is_shielded(key); int r2, r = SSH_ERR_INTERNAL_ERROR; @@ -2682,6 +2684,11 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA: r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); break; + case KEY_ECDSA_SK_CERT: + case KEY_ECDSA_SK: + r = sshsk_ecdsa_sign(sk_provider, key, sigp, lenp, + data, datalen, compat); + break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: @@ -2802,7 +2809,7 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, - sshkey_certify_signer *signer, void *signer_ctx) + const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2934,7 +2941,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, /* Sign the whole mess */ if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, 0, signer_ctx)) != 0) + sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0) goto out; /* Check and update signature_type against what was actually used */ if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) @@ -2964,17 +2971,20 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, static int default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) + const char *alg, const char *sk_provider, u_int compat, void *ctx) { if (ctx != NULL) return SSH_ERR_INVALID_ARGUMENT; - return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); + return sshkey_sign(key, sigp, lenp, data, datalen, alg, + sk_provider, compat); } int -sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, + const char *sk_provider) { - return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); + return sshkey_certify_custom(k, ca, alg, sk_provider, + default_key_sign, NULL); } int diff --git a/sshkey.h b/sshkey.h index 2edcb13ab..1d36a24a9 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.35 2019/10/31 21:15:14 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.36 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -189,12 +189,13 @@ size_t sshkey_format_cert_validity(const struct sshkey_cert *, char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); int sshkey_check_cert_sigtype(const struct sshkey *, const char *); -int sshkey_certify(struct sshkey *, struct sshkey *, const char *); +int sshkey_certify(struct sshkey *, struct sshkey *, + const char *, const char *); /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int, void *); + const u_char *, size_t, const char *, const char *, u_int, void *); int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, - sshkey_certify_signer *, void *); + const char *, sshkey_certify_signer *, void *); int sshkey_ecdsa_nid_from_name(const char *); int sshkey_curve_name_to_nid(const char *); @@ -223,7 +224,7 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); int sshkey_sign(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); + const u_char *, size_t, const char *, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); int sshkey_check_sigtype(const u_char *, size_t, const char *); diff --git a/sshsig.c b/sshsig.c index b19cd077d..8c7aba1b9 100644 --- a/sshsig.c +++ b/sshsig.c @@ -151,8 +151,9 @@ done: static int sshsig_wrap_sign(struct sshkey *key, const char *hashalg, - const struct sshbuf *h_message, const char *sig_namespace, - struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) + const char *sk_provider, const struct sshbuf *h_message, + const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx) { int r; size_t slen = 0; @@ -184,14 +185,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if (signer != NULL) { if ((r = signer(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0, signer_ctx)) != 0) { + sign_alg, sk_provider, 0, signer_ctx)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } } else { if ((r = sshkey_sign(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0)) != 0) { + sign_alg, sk_provider, 0)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } @@ -425,7 +426,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) } int -sshsig_signb(struct sshkey *key, const char *hashalg, +sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, const struct sshbuf *message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -440,8 +441,8 @@ sshsig_signb(struct sshkey *key, const char *hashalg, error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); goto out; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; @@ -551,7 +552,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) } int -sshsig_sign_fd(struct sshkey *key, const char *hashalg, +sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, int fd, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -566,8 +567,8 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, error("%s: hash_file failed: %s", __func__, ssh_err(r)); return r; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; diff --git a/sshsig.h b/sshsig.h index e3eeb601b..487db116c 100644 --- a/sshsig.h +++ b/sshsig.h @@ -22,7 +22,7 @@ struct sshkey; struct sshsigopt; typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int, void *); + const u_char *, size_t, const char *, const char *, u_int, void *); /* Buffer-oriented API */ @@ -32,8 +32,9 @@ typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, * out is populated with the detached signature, or NULL on failure. */ int sshsig_signb(struct sshkey *key, const char *hashalg, - const struct sshbuf *message, const char *sig_namespace, - struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); + const char *sk_provider, const struct sshbuf *message, + const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx); /* * Verifies that a detached signature is valid and optionally returns key @@ -52,8 +53,8 @@ int sshsig_verifyb(struct sshbuf *signature, * out is populated with the detached signature, or NULL on failure. */ int sshsig_sign_fd(struct sshkey *key, const char *hashalg, - int fd, const char *sig_namespace, struct sshbuf **out, - sshsig_signer *signer, void *signer_ctx); + const char *sk_provider, int fd, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); /* * Verifies that a detached signature over a file is valid and optionally -- cgit v1.2.3 From 03f9205f0fb49ea2507eacc143737a8511ae5a4e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 1 Nov 2019 14:49:25 +1100 Subject: conditionalise SK sign/verify on ENABLE_SK Spotted by Darren and his faux-Vax --- sshkey.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 4744dfbef..861d77689 100644 --- a/sshkey.c +++ b/sshkey.c @@ -2684,11 +2684,13 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA: r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); break; +# ifdef ENABLE_SK case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: r = sshsk_ecdsa_sign(sk_provider, key, sigp, lenp, data, datalen, compat); break; +# endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: @@ -2734,10 +2736,12 @@ sshkey_verify(const struct sshkey *key, case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); +# ifdef ENABLE_SK case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, compat); +# endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: -- cgit v1.2.3 From 7c096c456f33f3d2682736d4735cc10e790276e9 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Tue, 12 Nov 2019 19:29:24 +0000 Subject: upstream: implement ssh-ed25519-sk verification; ok djm@ OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6 --- Makefile.in | 2 +- ssh-ed25519-sk.c | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sshkey.c | 6 ++- sshkey.h | 7 ++- 4 files changed, 142 insertions(+), 3 deletions(-) create mode 100644 ssh-ed25519-sk.c (limited to 'sshkey.c') diff --git a/Makefile.in b/Makefile.in index fddc82576..3acfab5c5 100644 --- a/Makefile.in +++ b/Makefile.in @@ -94,7 +94,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ readpass.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o dispatch.o mac.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \ - ssh-rsa.o dh.o \ + ssh-ed25519-sk.o ssh-rsa.o dh.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ ssh-pkcs11.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o \ diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c new file mode 100644 index 000000000..f42c88303 --- /dev/null +++ b/ssh-ed25519-sk.c @@ -0,0 +1,130 @@ +/* $OpenBSD: ssh-ed25519-sk.c,v 1.1 2019/11/12 19:29:24 markus Exp $ */ +/* + * Copyright (c) 2019 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#define SSHKEY_INTERNAL +#include +#include + +#include "crypto_api.h" + +#include +#include + +#include "log.h" +#include "sshbuf.h" +#include "sshkey.h" +#include "ssherr.h" +#include "ssh.h" +#include "digest.h" + +int +ssh_ed25519_sk_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + struct sshbuf *b = NULL; + struct sshbuf *sigbuf = NULL; + struct sshbuf *encoded = NULL; + char *ktype = NULL; + const u_char *sigblob; + const u_char *sm; + u_char *m = NULL; + u_char apphash[32]; + u_char msghash[32]; + u_char sig_flags; + u_int sig_counter; + size_t len; + unsigned long long smlen = 0, mlen = 0; + int r = SSH_ERR_INTERNAL_ERROR; + int ret; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_ED25519_SK || + key->ed25519_pk == NULL || + signature == NULL || signaturelen == 0) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_froms(b, &sigbuf) != 0 || + sshbuf_get_string_direct(sigbuf, &sigblob, &len) != 0 || + sshbuf_get_u8(sigbuf, &sig_flags) != 0 || + sshbuf_get_u32(sigbuf, &sig_counter) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + r = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if (len > crypto_sign_ed25519_BYTES) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application, + strlen(key->sk_application), apphash, sizeof(apphash)) != 0 || + ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, + msghash, sizeof(msghash)) != 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((encoded = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshbuf_put(encoded, sigblob, len) != 0 || + sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 || + sshbuf_put_u8(encoded, sig_flags) != 0 || + sshbuf_put_u32(encoded, sig_counter) != 0 || + sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + sm = sshbuf_ptr(encoded); + smlen = sshbuf_len(encoded); + mlen = smlen; + if ((m = malloc(smlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, + key->ed25519_pk)) != 0) { + debug2("%s: crypto_sign_ed25519_open failed: %d", + __func__, ret); + } + if (ret != 0 || mlen != smlen - len) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* XXX compare 'm' and 'sm + len' ? */ + /* success */ + r = 0; + out: + if (m != NULL) { + explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ + free(m); + } + sshbuf_free(b); + sshbuf_free(sigbuf); + sshbuf_free(encoded); + free(ktype); + return r; +} diff --git a/sshkey.c b/sshkey.c index 861d77689..b72f38a2f 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.86 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.87 2019/11/12 19:29:24 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2750,6 +2750,10 @@ sshkey_verify(const struct sshkey *key, case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, + compat); #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: diff --git a/sshkey.h b/sshkey.h index 1d36a24a9..8cd12bd95 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.36 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.37 2019/11/12 19:29:25 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -67,6 +67,8 @@ enum sshkey_types { KEY_XMSS_CERT, KEY_ECDSA_SK, KEY_ECDSA_SK_CERT, + KEY_ED25519_SK, + KEY_ED25519_SK_CERT, KEY_UNSPEC }; @@ -291,6 +293,9 @@ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, int ssh_ed25519_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); +int ssh_ed25519_sk_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_xmss_verify(const struct sshkey *key, -- cgit v1.2.3 From e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Tue, 12 Nov 2019 19:30:50 +0000 Subject: upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19 --- ssh-sk-helper.c | 4 ++-- ssh-sk.c | 4 ++-- ssh-sk.h | 8 ++++---- sshkey.c | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index ced00d955..a996f5898 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.1 2019/10/31 21:22:01 djm Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.2 2019/11/12 19:30:50 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -128,7 +128,7 @@ main(int argc, char **argv) "msg len %zu, compat 0x%lx", __progname, sshkey_type(key), provider, msglen, (u_long)compat); - if ((r = sshsk_ecdsa_sign(provider, key, &sig, &siglen, + if ((r = sshsk_sign(provider, key, &sig, &siglen, message, msglen, compat)) != 0) fatal("Signing failed: %s", ssh_err(r)); diff --git a/ssh-sk.c b/ssh-sk.c index 0f2e311d0..e11fd1912 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.3 2019/11/12 19:30:21 markus Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.4 2019/11/12 19:30:50 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -342,7 +342,7 @@ out: } int -sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key, +sshsk_sign(const char *provider_path, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { diff --git a/ssh-sk.h b/ssh-sk.h index 5033e6f68..7800609c4 100644 --- a/ssh-sk.h +++ b/ssh-sk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.2 2019/10/31 21:22:01 djm Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.3 2019/11/12 19:30:50 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -39,12 +39,12 @@ int sshsk_enroll(const char *provider_path, const char *application, struct sshbuf *attest); /* - * Calculate an ECDSA_SK signature using the specified key and provider - * middleware. + * Calculate an ECDSA_SK signature using the specified key + * and provider middleware. * * Returns 0 on success or a ssherr.h error code on failure. */ -int sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key, +int sshsk_sign(const char *provider_path, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); diff --git a/sshkey.c b/sshkey.c index b72f38a2f..ed8f4ef00 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.87 2019/11/12 19:29:24 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.88 2019/11/12 19:30:50 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2687,8 +2687,8 @@ sshkey_sign(struct sshkey *key, # ifdef ENABLE_SK case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: - r = sshsk_ecdsa_sign(sk_provider, key, sigp, lenp, - data, datalen, compat); + r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, + compat); break; # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ -- cgit v1.2.3 From fe05a36dc0ea884c8c2395d53d804fe4f4202b26 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Tue, 12 Nov 2019 19:31:18 +0000 Subject: upstream: implement sshsk_ed25519_inner_sig(); ok djm OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910 --- ssh-sk.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++------ ssh-sk.h | 4 ++-- sshkey.c | 7 ++++++- 3 files changed, 61 insertions(+), 9 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-sk.c b/ssh-sk.c index e11fd1912..335f45773 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.4 2019/11/12 19:30:50 markus Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -330,8 +330,37 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp) sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); fprintf(stderr, "%s: sig_s:\n", __func__); sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr); - fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", - __func__, resp->flags, resp->counter); +#endif + *retp = inner_sig; + inner_sig = NULL; + r = 0; +out: + sshbuf_free(inner_sig); + return r; +} + +static int +sshsk_ed25519_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp) +{ + struct sshbuf *inner_sig = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + *retp = NULL; + if ((inner_sig = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* Prepare inner signature object */ + if ((r = sshbuf_put_string(inner_sig, + resp->sig_r, resp->sig_r_len)) != 0 || + (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || + (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { + debug("%s: buffer error: %s", __func__, ssh_err(r)); + goto out; + } +#ifdef DEBUG_SK + fprintf(stderr, "%s: sig_r:\n", __func__); + sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); #endif *retp = inner_sig; inner_sig = NULL; @@ -348,6 +377,7 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, { struct sshsk_provider *skp = NULL; int r = SSH_ERR_INTERNAL_ERROR; + int type; struct sk_sign_response *resp = NULL; struct sshbuf *inner_sig = NULL, *sig = NULL; uint8_t message[32]; @@ -356,8 +386,15 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, *sigp = NULL; if (lenp != NULL) *lenp = 0; + type = sshkey_type_plain(key->type); + switch (type) { + case KEY_ECDSA_SK: + case KEY_ED25519_SK: + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } if (provider_path == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA_SK || key->sk_key_handle == NULL || key->sk_application == NULL || *key->sk_application == '\0') { r = SSH_ERR_INVALID_ARGUMENT; @@ -383,8 +420,16 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, goto out; } /* Prepare inner signature object */ - if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0) - goto out; + switch (type) { + case KEY_ECDSA_SK: + if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0) + goto out; + break; + case KEY_ED25519_SK: + if ((r = sshsk_ed25519_inner_sig(resp, &inner_sig)) != 0) + goto out; + break; + } /* Assemble outer signature */ if ((sig = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -396,6 +441,8 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, goto out; } #ifdef DEBUG_SK + fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", + __func__, resp->flags, resp->counter); fprintf(stderr, "%s: hashed message:\n", __func__); sshbuf_dump_data(message, sizeof(message), stderr); fprintf(stderr, "%s: inner:\n", __func__); diff --git a/ssh-sk.h b/ssh-sk.h index 7800609c4..7e785b33a 100644 --- a/ssh-sk.h +++ b/ssh-sk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.3 2019/11/12 19:30:50 markus Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.4 2019/11/12 19:31:18 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -39,7 +39,7 @@ int sshsk_enroll(const char *provider_path, const char *application, struct sshbuf *attest); /* - * Calculate an ECDSA_SK signature using the specified key + * Calculate an ECDSA_SK or ED25519_SK signature using the specified key * and provider middleware. * * Returns 0 on success or a ssherr.h error code on failure. diff --git a/sshkey.c b/sshkey.c index ed8f4ef00..269f37b39 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.88 2019/11/12 19:30:50 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.89 2019/11/12 19:31:18 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2701,6 +2701,11 @@ sshkey_sign(struct sshkey *key, case KEY_ED25519_CERT: r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); break; + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, + compat); + break; #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: -- cgit v1.2.3 From 2c55744a56de0ffc81fe445a1e7fc5cd308712b3 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Tue, 12 Nov 2019 19:33:08 +0000 Subject: upstream: enable ed25519 support; ok djm OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e --- authfd.c | 4 +- myproposal.h | 4 +- pathnames.h | 3 +- readconf.c | 4 +- ssh-add.c | 5 +- ssh-agent.c | 4 +- ssh-keygen.c | 25 ++++++--- ssh-sk-helper.c | 4 +- sshconnect.c | 4 +- sshconnect2.c | 13 ++--- sshkey.c | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- sshkey.h | 7 +-- 12 files changed, 200 insertions(+), 31 deletions(-) (limited to 'sshkey.c') diff --git a/authfd.c b/authfd.c index 1f0cd2ab3..e014f765c 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.118 2019/10/31 21:19:14 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.119 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -484,6 +484,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, #endif case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: case KEY_XMSS: case KEY_XMSS_CERT: type = constrained ? diff --git a/myproposal.h b/myproposal.h index a22649a2e..90bb67bb3 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.60 2019/11/01 02:32:05 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.61 2019/11/12 19:33:08 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -149,6 +149,7 @@ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + "sk-ssh-ed25519-cert-v01@openssh.com," \ "ssh-ed25519-cert-v01@openssh.com," \ "rsa-sha2-512-cert-v01@openssh.com," \ "rsa-sha2-256-cert-v01@openssh.com," \ @@ -157,6 +158,7 @@ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," \ + "sk-ssh-ed25519@openssh.com," \ "ssh-ed25519," \ "rsa-sha2-512," \ "rsa-sha2-256," \ diff --git a/pathnames.h b/pathnames.h index 3a1bd1977..f7ca5a75a 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.30 2019/10/31 21:22:01 djm Exp $ */ +/* $OpenBSD: pathnames.h,v 1.31 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen @@ -78,6 +78,7 @@ #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" #define _PATH_SSH_CLIENT_ID_XMSS _PATH_SSH_USER_DIR "/id_xmss" #define _PATH_SSH_CLIENT_ID_ECDSA_SK _PATH_SSH_USER_DIR "/id_ecdsa_sk" +#define _PATH_SSH_CLIENT_ID_ED25519_SK _PATH_SSH_USER_DIR "/id_ed25519_sk" /* * Configuration file in user's home directory. This file need not be diff --git a/readconf.c b/readconf.c index f18194580..3d99367c3 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.310 2019/10/31 21:18:28 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.311 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2055,6 +2055,8 @@ fill_default_options(Options * options) #endif add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519, 0); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_ED25519_SK, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); } if (options->escape_char == -1) diff --git a/ssh-add.c b/ssh-add.c index 3c8849ac4..696b156d5 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.143 2019/10/31 21:19:56 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.144 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -81,6 +81,7 @@ static char *default_files[] = { #endif #endif /* WITH_OPENSSL */ _PATH_SSH_CLIENT_ID_ED25519, + _PATH_SSH_CLIENT_ID_ED25519_SK, _PATH_SSH_CLIENT_ID_XMSS, NULL }; @@ -312,7 +313,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, ssh_free_identitylist(idlist); } - if (sshkey_type_plain(private->type) != KEY_ECDSA_SK) + if (!sshkey_is_sk(private)) skprovider = NULL; /* Don't send constraint for other keys */ else if (skprovider == NULL) { fprintf(stderr, "Cannot load security key %s without " diff --git a/ssh-agent.c b/ssh-agent.c index 07f19c53a..dd9f85ae7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.239 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.240 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -622,7 +622,7 @@ process_add_identity(SocketEntry *e) } } if (sk_provider != NULL) { - if (sshkey_type_plain(k->type) != KEY_ECDSA_SK) { + if (!sshkey_is_sk(k)) { error("Cannot add provider: %s is not a security key", sshkey_type(k)); free(sk_provider); diff --git a/ssh-keygen.c b/ssh-keygen.c index ac34f314b..030b3684e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.361 2019/11/08 03:54:02 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.362 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -287,6 +287,10 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_ED25519_CERT: name = _PATH_SSH_CLIENT_ID_ED25519; break; + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + name = _PATH_SSH_CLIENT_ID_ED25519_SK; + break; case KEY_XMSS: case KEY_XMSS_CERT: name = _PATH_SSH_CLIENT_ID_XMSS; @@ -3255,16 +3259,23 @@ main(int argc, char **argv) printf("Generating public/private %s key pair.\n", key_type_name); if (type == KEY_ECDSA_SK) { + switch (type) { + case KEY_ECDSA_SK: + case KEY_ED25519_SK: #ifndef ENABLE_SK fatal("Security key support was disabled at compile time"); #else /* ENABLE_SK */ - if (sshsk_enroll(sk_provider, - cert_key_id == NULL ? "ssh:" : cert_key_id, - sk_flags, NULL, &private, NULL) != 0) - exit(1); /* error message already printed */ + if (sshsk_enroll(type, sk_provider, + cert_key_id == NULL ? "ssh:" : cert_key_id, + sk_flags, NULL, &private, NULL) != 0) + exit(1); /* error message already printed */ + break; #endif /* ENABLE_SK */ - } else if ((r = sshkey_generate(type, bits, &private)) != 0) - fatal("sshkey_generate failed"); + default: + if ((r = sshkey_generate(type, bits, &private)) != 0) + fatal("sshkey_generate failed"); + break; + } if ((r = sshkey_from_private(private, &public)) != 0) fatal("sshkey_from_private failed: %s\n", ssh_err(r)); diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index a996f5898..0acb8d172 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.2 2019/11/12 19:30:50 markus Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.3 2019/11/12 19:33:08 markus Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -114,7 +114,7 @@ main(int argc, char **argv) if ((r = sshbuf_froms(req, &kbuf)) != 0 || (r = sshkey_private_deserialize(kbuf, &key)) != 0) fatal("Unable to parse key: %s", ssh_err(r)); - if (sshkey_type_plain(key->type) != KEY_ECDSA_SK) + if (!sshkey_is_sk(key)) fatal("Unsupported key type %s", sshkey_ssh_name(key)); if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || diff --git a/sshconnect.c b/sshconnect.c index 177775f6e..7e9369ee3 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.321 2019/10/31 21:20:38 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.322 2019/11/12 19:33:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1425,7 +1425,7 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private, close(auth_sock); return; } - if (sshkey_type_plain(private->type) == KEY_ECDSA_SK) + if (sshkey_is_sk(private)) skprovider = options.sk_provider; if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, (options.add_keys_to_agent == 3), 0, skprovider)) == 0) diff --git a/sshconnect2.c b/sshconnect2.c index 867d463d6..4e5cddf14 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.311 2019/11/12 19:33:08 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -611,7 +611,7 @@ format_identity(Identity *id) if (id->key) { if ((id->key->flags & SSHKEY_FLAG_EXT) != 0) note = " token"; - else if (sshkey_type_plain(id->key->type) == KEY_ECDSA_SK) + else if (sshkey_is_sk(id->key)) note = " security-key"; } xasprintf(&ret, "%s %s%s%s%s%s%s", @@ -1468,8 +1468,7 @@ load_identity_file(Identity *id) quit = 1; break; } - if (private != NULL && - sshkey_type_plain(private->type) == KEY_ECDSA_SK && + if (private != NULL && sshkey_is_sk(private) && options.sk_provider == NULL) { debug("key \"%s\" is a security key, but no " "provider specified", id->filename); @@ -1554,8 +1553,7 @@ pubkey_prepare(Authctxt *authctxt) options.identity_files[i]); continue; } - if (key && sshkey_type_plain(key->type) == KEY_ECDSA_SK && - options.sk_provider == NULL) { + if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { debug("%s: ignoring security key %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); @@ -1579,8 +1577,7 @@ pubkey_prepare(Authctxt *authctxt) options.identity_files[i]); continue; } - if (key && sshkey_type_plain(key->type) == KEY_ECDSA_SK && - options.sk_provider == NULL) { + if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { debug("%s: ignoring security key certificate %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); diff --git a/sshkey.c b/sshkey.c index 269f37b39..1b66d4ec7 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.89 2019/11/12 19:31:18 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.90 2019/11/12 19:33:08 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -107,6 +107,10 @@ static const struct keytype keytypes[] = { { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, KEY_ED25519_CERT, 0, 1, 0 }, + { "sk-ssh-ed25519@openssh.com", "ED25519-SK", NULL, + KEY_ED25519_SK, 0, 0, 0 }, + { "sk-ssh-ed25519-cert-v01@openssh.com", "ED25519-SK-CERT", NULL, + KEY_ED25519_SK_CERT, 0, 1, 0 }, #ifdef WITH_XMSS { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, @@ -337,6 +341,8 @@ sshkey_size(const struct sshkey *k) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: case KEY_XMSS: case KEY_XMSS_CERT: return 256; /* XXX */ @@ -353,6 +359,7 @@ sshkey_type_is_valid_ca(int type) case KEY_ECDSA: case KEY_ECDSA_SK: case KEY_ED25519: + case KEY_ED25519_SK: case KEY_XMSS: return 1; default: @@ -368,6 +375,20 @@ sshkey_is_cert(const struct sshkey *k) return sshkey_type_is_cert(k->type); } +int +sshkey_is_sk(const struct sshkey *k) +{ + if (k == NULL) + return 0; + switch (sshkey_type_plain(k->type)) { + case KEY_ECDSA_SK: + case KEY_ED25519_SK: + return 1; + default: + return 0; + } +} + /* Return the cert-less equivalent to a certified key type */ int sshkey_type_plain(int type) @@ -383,6 +404,8 @@ sshkey_type_plain(int type) return KEY_ECDSA_SK; case KEY_ED25519_CERT: return KEY_ED25519; + case KEY_ED25519_SK_CERT: + return KEY_ED25519_SK; case KEY_XMSS_CERT: return KEY_XMSS; default: @@ -563,6 +586,8 @@ sshkey_new(int type) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: case KEY_XMSS: case KEY_XMSS_CERT: /* no need to prealloc */ @@ -615,6 +640,12 @@ sshkey_free(struct sshkey *k) break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + free(k->sk_application); + sshbuf_free(k->sk_key_handle); + sshbuf_free(k->sk_reserved); + /* FALLTHROUGH */ case KEY_ED25519: case KEY_ED25519_CERT: freezero(k->ed25519_pk, ED25519_PK_SZ); @@ -734,6 +765,13 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) return 1; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + if (a->sk_application == NULL || b->sk_application == NULL) + return 0; + if (strcmp(a->sk_application, b->sk_application) != 0) + return 0; + /* FALLTHROUGH */ case KEY_ED25519: case KEY_ED25519_CERT: return a->ed25519_pk != NULL && b->ed25519_pk != NULL && @@ -842,12 +880,18 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, break; #endif /* WITH_OPENSSL */ case KEY_ED25519: + case KEY_ED25519_SK: if (key->ed25519_pk == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((ret = sshbuf_put_cstring(b, typename)) != 0 || (ret = sshbuf_put_string(b, key->ed25519_pk, ED25519_PK_SZ)) != 0) return ret; + if (type == KEY_ED25519_SK) { + if ((ret = sshbuf_put_cstring(b, + key->sk_application)) != 0) + return ret; + } break; #ifdef WITH_XMSS case KEY_XMSS: @@ -1290,11 +1334,13 @@ sshkey_read(struct sshkey *ret, char **cpp) case KEY_ECDSA: case KEY_ECDSA_SK: case KEY_ED25519: + case KEY_ED25519_SK: case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_ECDSA_SK_CERT: case KEY_RSA_CERT: case KEY_ED25519_CERT: + case KEY_ED25519_SK_CERT: #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: @@ -1418,6 +1464,13 @@ sshkey_read(struct sshkey *ret, char **cpp) /* XXX */ #endif break; + case KEY_ED25519_SK: + freezero(ret->ed25519_pk, ED25519_PK_SZ); + ret->ed25519_pk = k->ed25519_pk; + ret->sk_application = k->sk_application; + k->ed25519_pk = NULL; + k->sk_application = NULL; + break; #ifdef WITH_XMSS case KEY_XMSS: free(ret->xmss_pk); @@ -1876,6 +1929,8 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: if (k->ed25519_pk != NULL) { if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -1883,6 +1938,12 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) } memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); } + if (k->type != KEY_ED25519_SK && + k->type != KEY_ED25519_SK_CERT) + break; + /* Append security-key application string */ + if ((n->sk_application = strdup(k->sk_application)) == NULL) + goto out; break; #ifdef WITH_XMSS case KEY_XMSS: @@ -2444,6 +2505,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: + case KEY_ED25519_SK_CERT: /* Skip nonce */ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; @@ -2451,6 +2513,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, } /* FALLTHROUGH */ case KEY_ED25519: + case KEY_ED25519_SK: if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) goto out; if (len != ED25519_PK_SZ) { @@ -2461,6 +2524,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_ALLOC_FAIL; goto out; } + if (type == KEY_ED25519_SK || type == KEY_ED25519_SK_CERT) { + /* Parse additional security-key application string */ + if (sshbuf_get_cstring(b, &key->sk_application, + NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } +#ifdef DEBUG_PK + fprintf(stderr, "App: %s\n", key->sk_application); +#endif + } key->ed25519_pk = pk; pk = NULL; break; @@ -2790,6 +2864,9 @@ sshkey_to_certified(struct sshkey *k) newtype = KEY_ECDSA_SK_CERT; break; #endif /* WITH_OPENSSL */ + case KEY_ED25519_SK: + newtype = KEY_ED25519_SK_CERT; + break; case KEY_ED25519: newtype = KEY_ED25519_CERT; break; @@ -3223,6 +3300,29 @@ sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, ED25519_SK_SZ)) != 0) goto out; break; + case KEY_ED25519_SK: + if ((r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || + (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) + goto out; + break; + case KEY_ED25519_SK_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_pk, + ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || + (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) + goto out; + break; #ifdef WITH_XMSS case KEY_XMSS: if (key->xmss_name == NULL) { @@ -3532,6 +3632,57 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) k->ed25519_sk = ed25519_sk; ed25519_pk = ed25519_sk = NULL; /* transferred */ break; + case KEY_ED25519_SK: + if ((k = sshkey_new(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0) + goto out; + if (pklen != ED25519_PK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((k->sk_key_handle = sshbuf_new()) == NULL || + (k->sk_reserved = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &k->sk_application, + NULL)) != 0 || + (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) + goto out; + k->ed25519_pk = ed25519_pk; + ed25519_pk = NULL; + break; + case KEY_ED25519_SK_CERT: + if ((r = sshkey_froms(buf, &k)) != 0 || + (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0) + goto out; + if (k->type != type) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (pklen != ED25519_PK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((k->sk_key_handle = sshbuf_new()) == NULL || + (k->sk_reserved = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &k->sk_application, + NULL)) != 0 || + (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) + goto out; + k->ed25519_pk = ed25519_pk; + ed25519_pk = NULL; /* transferred */ + break; #ifdef WITH_XMSS case KEY_XMSS: if ((k = sshkey_new(type)) == NULL) { @@ -4261,6 +4412,7 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, break; /* see below */ #endif /* WITH_OPENSSL */ case KEY_ED25519: + case KEY_ED25519_SK: #ifdef WITH_XMSS case KEY_XMSS: #endif /* WITH_XMSS */ diff --git a/sshkey.h b/sshkey.h index 8cd12bd95..1fb8369f0 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.37 2019/11/12 19:29:25 markus Exp $ */ +/* $OpenBSD: sshkey.h,v 1.38 2019/11/12 19:33:08 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -129,7 +129,7 @@ struct sshkey { /* KEY_ECDSA and KEY_ECDSA_SK */ int ecdsa_nid; /* NID of curve */ EC_KEY *ecdsa; - /* KEY_ED25519 */ + /* KEY_ED25519 and KEY_ED25519_SK */ u_char *ed25519_sk; u_char *ed25519_pk; /* KEY_XMSS */ @@ -138,7 +138,7 @@ struct sshkey { void *xmss_state; /* depends on xmss_name, opaque */ u_char *xmss_sk; u_char *xmss_pk; - /* KEY_ECDSA_SK */ + /* KEY_ECDSA_SK and KEY_ED25519_SK */ char *sk_application; uint8_t sk_flags; struct sshbuf *sk_key_handle; @@ -180,6 +180,7 @@ int sshkey_unshield_private(struct sshkey *); int sshkey_type_from_name(const char *); int sshkey_is_cert(const struct sshkey *); +int sshkey_is_sk(const struct sshkey *); int sshkey_type_is_cert(int); int sshkey_type_plain(int); int sshkey_to_certified(struct sshkey *); -- cgit v1.2.3 From 1e0b248d47c96be944868a735553af8482300a07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 14 Nov 2019 16:08:17 +1100 Subject: Put sshsk_sign call inside ifdef ENABLE_SK. Fixes build against OpenSSL configured without ECC. --- sshkey.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 1b66d4ec7..80186206c 100644 --- a/sshkey.c +++ b/sshkey.c @@ -2775,11 +2775,13 @@ sshkey_sign(struct sshkey *key, case KEY_ED25519_CERT: r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); break; +#ifdef ENABLE_SK case KEY_ED25519_SK: case KEY_ED25519_SK_CERT: r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, compat); break; +#endif /* ENABLE_SK */ #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: -- cgit v1.2.3 From bf219920b70cafbf29ebc9890ef67d0efa54e738 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 13 Nov 2019 07:53:10 +0000 Subject: upstream: fix shield/unshield for xmss keys: - in ssh-agent we need to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f --- ssh-agent.c | 10 +++++----- sshkey-xmss.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- sshkey.c | 4 ++-- sshkey.h | 9 +++++---- 4 files changed, 64 insertions(+), 15 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-agent.c b/ssh-agent.c index eb17b18b2..c62c263a6 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.242 2019/11/13 07:53:10 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -560,10 +560,6 @@ process_add_identity(SocketEntry *e) error("%s: decode private key: %s", __func__, ssh_err(r)); goto err; } - if ((r = sshkey_shield_private(k)) != 0) { - error("%s: shield private key: %s", __func__, ssh_err(r)); - goto err; - } while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { error("%s: buffer error: %s", __func__, ssh_err(r)); @@ -645,6 +641,10 @@ process_add_identity(SocketEntry *e) goto send; } } + if ((r = sshkey_shield_private(k)) != 0) { + error("%s: shield private key: %s", __func__, ssh_err(r)); + goto err; + } success = 1; if (lifetime && !death) diff --git a/sshkey-xmss.c b/sshkey-xmss.c index e8e2e3816..88e9ddf4d 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.7 2019/10/14 06:00:02 djm Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -69,7 +69,7 @@ struct ssh_xmss_state { u_int32_t maxidx; /* restricted # of signatures */ int have_state; /* .state file exists */ int lockfd; /* locked in sshkey_xmss_get_state() */ - int allow_update; /* allow sshkey_xmss_update_state() */ + u_char allow_update; /* allow sshkey_xmss_update_state() */ char *enc_ciphername;/* encrypt state with cipher */ u_char *enc_keyiv; /* encrypt state with key */ u_int32_t enc_keyiv_len; /* length of enc_keyiv */ @@ -716,6 +716,7 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b, { struct ssh_xmss_state *state = k->xmss_state; int r = SSH_ERR_INVALID_ARGUMENT; + u_char have_stack, have_filename, have_enc; if (state == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -727,9 +728,35 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b, break; case SSHKEY_SERIALIZE_FULL: if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0) - break; + return r; r = sshkey_xmss_serialize_state(k, b); break; + case SSHKEY_SERIALIZE_SHIELD: + /* all of stack/filename/enc are optional */ + have_stack = state->stack != NULL; + if ((r = sshbuf_put_u8(b, have_stack)) != 0) + return r; + if (have_stack) { + state->idx = PEEK_U32(k->xmss_sk); /* update */ + if ((r = sshkey_xmss_serialize_state(k, b)) != 0) + return r; + } + have_filename = k->xmss_filename != NULL; + if ((r = sshbuf_put_u8(b, have_filename)) != 0) + return r; + if (have_filename && + (r = sshbuf_put_cstring(b, k->xmss_filename)) != 0) + return r; + have_enc = state->enc_keyiv != NULL; + if ((r = sshbuf_put_u8(b, have_enc)) != 0) + return r; + if (have_enc && + (r = sshkey_xmss_serialize_enc_key(k, b)) != 0) + return r; + if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 || + (r = sshbuf_put_u8(b, state->allow_update)) != 0) + return r; + break; case SSHKEY_SERIALIZE_DEFAULT: r = 0; break; @@ -808,8 +835,9 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b) int sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) { + struct ssh_xmss_state *state = k->xmss_state; enum sshkey_serialize_rep opts; - u_char have_state; + u_char have_state, have_stack, have_filename, have_enc; int r; if ((r = sshbuf_get_u8(b, &have_state)) != 0) @@ -820,6 +848,26 @@ sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) case SSHKEY_SERIALIZE_DEFAULT: r = 0; break; + case SSHKEY_SERIALIZE_SHIELD: + if ((r = sshbuf_get_u8(b, &have_stack)) != 0) + return r; + if (have_stack && + (r = sshkey_xmss_deserialize_state(k, b)) != 0) + return r; + if ((r = sshbuf_get_u8(b, &have_filename)) != 0) + return r; + if (have_filename && + (r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0) + return r; + if ((r = sshbuf_get_u8(b, &have_enc)) != 0) + return r; + if (have_enc && + (r = sshkey_xmss_deserialize_enc_key(k, b)) != 0) + return r; + if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 || + (r = sshbuf_get_u8(b, &state->allow_update)) != 0) + return r; + break; case SSHKEY_SERIALIZE_STATE: if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) return r; diff --git a/sshkey.c b/sshkey.c index 80186206c..190426e28 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.90 2019/11/12 19:33:08 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.91 2019/11/13 07:53:10 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2045,7 +2045,7 @@ sshkey_shield_private(struct sshkey *k) if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) goto out; if ((r = sshkey_private_serialize_opt(k, prvbuf, - SSHKEY_SERIALIZE_FULL)) != 0) + SSHKEY_SERIALIZE_SHIELD)) != 0) goto out; /* pad to cipher blocksize */ i = 0; diff --git a/sshkey.h b/sshkey.h index 1fb8369f0..a34a4cb48 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.38 2019/11/12 19:33:08 markus Exp $ */ +/* $OpenBSD: sshkey.h,v 1.39 2019/11/13 07:53:10 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -87,9 +87,10 @@ enum sshkey_fp_rep { /* Private key serialisation formats, used on the wire */ enum sshkey_serialize_rep { SSHKEY_SERIALIZE_DEFAULT = 0, - SSHKEY_SERIALIZE_STATE = 1, - SSHKEY_SERIALIZE_FULL = 2, - SSHKEY_SERIALIZE_INFO = 254, + SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */ + SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */ + SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */ + SSHKEY_SERIALIZE_INFO = 254, /* minimal information */ }; /* Private key disk formats */ -- cgit v1.2.3 From 4f5e331cb8e11face3025aa6578662dde489c3ad Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 13 Nov 2019 22:00:21 +0000 Subject: upstream: in order to be able to figure out the number of signatures left on a shielded key, we need to transfer the number of signatures left from the private to the public key. ok djm@ OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574 --- sshkey.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 190426e28..8db947436 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.91 2019/11/13 07:53:10 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.92 2019/11/13 22:00:21 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1951,6 +1951,7 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) goto out; if (k->xmss_pk != NULL) { + u_int32_t left; size_t pklen = sshkey_xmss_pklen(k); if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { r = SSH_ERR_INTERNAL_ERROR; @@ -1961,6 +1962,10 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) goto out; } memcpy(n->xmss_pk, k->xmss_pk, pklen); + /* simulate number of signatures left on pubkey */ + left = sshkey_xmss_signatures_left(k); + if (left) + sshkey_xmss_enable_maxsign(n, left); } break; #endif /* WITH_XMSS */ -- cgit v1.2.3 From fd1a96490cef7f945a1b3b5df4e90c8a1070f425 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 15 Nov 2019 06:00:20 +0000 Subject: upstream: remove most uses of BN_CTX We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a --- moduli.c | 12 +++---- sk-usbhid.c | 15 ++++---- sshbuf-getput-crypto.c | 12 ++----- sshkey.c | 92 ++++++++++++++++++-------------------------------- 4 files changed, 47 insertions(+), 84 deletions(-) (limited to 'sshkey.c') diff --git a/moduli.c b/moduli.c index 4f6f8da8d..8dd36b1cf 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.36 2019/10/04 03:26:58 dtucker Exp $ */ +/* $OpenBSD: moduli.c,v 1.37 2019/11/15 06:00:20 djm Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -578,7 +578,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) { BIGNUM *q, *p, *a; - BN_CTX *ctx; char *cp, *lp; u_int32_t count_in = 0, count_out = 0, count_possible = 0; u_int32_t generator_known, in_tests, in_tries, in_type, in_size; @@ -602,8 +601,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, fatal("BN_new failed"); if ((q = BN_new()) == NULL) fatal("BN_new failed"); - if ((ctx = BN_CTX_new()) == NULL) - fatal("BN_CTX_new failed"); debug2("%.24s Final %u Miller-Rabin trials (%x generator)", ctime(&time_start), trials, generator_wanted); @@ -753,7 +750,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ - is_prime = BN_is_prime_ex(q, 1, ctx, NULL); + is_prime = BN_is_prime_ex(q, 1, NULL, NULL); if (is_prime < 0) fatal("BN_is_prime_ex failed"); if (is_prime == 0) { @@ -769,7 +766,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ - is_prime = BN_is_prime_ex(p, trials, ctx, NULL); + is_prime = BN_is_prime_ex(p, trials, NULL, NULL); if (is_prime < 0) fatal("BN_is_prime_ex failed"); if (is_prime == 0) { @@ -779,7 +776,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, debug("%10u: p is almost certainly prime", count_in); /* recheck q more rigorously */ - is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL); + is_prime = BN_is_prime_ex(q, trials - 1, NULL, NULL); if (is_prime < 0) fatal("BN_is_prime_ex failed"); if (is_prime == 0) { @@ -802,7 +799,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, free(lp); BN_free(p); BN_free(q); - BN_CTX_free(ctx); if (checkpoint_file != NULL) unlink(checkpoint_file); diff --git a/sk-usbhid.c b/sk-usbhid.c index 180f2eab9..d008b0a9a 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -282,15 +282,13 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) BIGNUM *x = NULL, *y = NULL; EC_POINT *q = NULL; EC_GROUP *g = NULL; - BN_CTX *bn_ctx = NULL; int ret = -1; response->public_key = NULL; response->public_key_len = 0; - if ((bn_ctx = BN_CTX_new()) == NULL || - (x = BN_CTX_get(bn_ctx)) == NULL || - (y = BN_CTX_get(bn_ctx)) == NULL || + if ((x = BN_new()) == NULL || + (y = BN_new()) == NULL || (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || (q = EC_POINT_new(g)) == NULL) { skdebug(__func__, "libcrypto setup failed"); @@ -311,12 +309,12 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) skdebug(__func__, "BN_bin2bn failed"); goto out; } - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bn_ctx) != 1) { + if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) { skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); goto out; } response->public_key_len = EC_POINT_point2oct(g, q, - POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); if (response->public_key_len == 0 || response->public_key_len > 2048) { skdebug(__func__, "bad pubkey length %zu", response->public_key_len); @@ -327,7 +325,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) goto out; } if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED, - response->public_key, response->public_key_len, bn_ctx) == 0) { + response->public_key, response->public_key_len, NULL) == 0) { skdebug(__func__, "EC_POINT_point2oct failed"); goto out; } @@ -341,7 +339,8 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) } EC_POINT_free(q); EC_GROUP_free(g); - BN_CTX_free(bn_ctx); + BN_clear_free(x); + BN_clear_free(y); return ret; } diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index ecbfa550f..2e61d3bcd 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.8 2019/11/15 06:00:20 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -154,23 +154,17 @@ int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) { u_char d[SSHBUF_MAX_ECPOINT]; - BN_CTX *bn_ctx; size_t len; int ret; - if ((bn_ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { - BN_CTX_free(bn_ctx); + NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) { return SSH_ERR_INVALID_ARGUMENT; } if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - d, len, bn_ctx) != len) { - BN_CTX_free(bn_ctx); + d, len, NULL) != len) { return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ } - BN_CTX_free(bn_ctx); ret = sshbuf_put_string(buf, d, len); explicit_bzero(d, len); return ret; diff --git a/sshkey.c b/sshkey.c index 8db947436..40e764dd4 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.92 2019/11/13 22:00:21 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.93 2019/11/15 06:00:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -706,9 +706,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) const BIGNUM *rsa_e_b, *rsa_n_b; const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; -# if defined(OPENSSL_HAS_ECC) - BN_CTX *bnctx; -# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ if (a == NULL || b == NULL || @@ -751,17 +748,12 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) EC_KEY_get0_public_key(a->ecdsa) == NULL || EC_KEY_get0_public_key(b->ecdsa) == NULL) return 0; - if ((bnctx = BN_CTX_new()) == NULL) - return 0; if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || + EC_KEY_get0_group(b->ecdsa), NULL) != 0 || EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), EC_KEY_get0_public_key(a->ecdsa), - EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { - BN_CTX_free(bnctx); + EC_KEY_get0_public_key(b->ecdsa), NULL) != 0) return 0; - } - BN_CTX_free(bnctx); return 1; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -1659,7 +1651,6 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k) }; int nid; u_int i; - BN_CTX *bnctx; const EC_GROUP *g = EC_KEY_get0_group(k); /* @@ -1672,18 +1663,13 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k) */ if ((nid = EC_GROUP_get_curve_name(g)) > 0) return nid; - if ((bnctx = BN_CTX_new()) == NULL) - return -1; for (i = 0; nids[i] != -1; i++) { - if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) { - BN_CTX_free(bnctx); + if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) return -1; - } - if (EC_GROUP_cmp(g, eg, bnctx) == 0) + if (EC_GROUP_cmp(g, eg, NULL) == 0) break; EC_GROUP_free(eg); } - BN_CTX_free(bnctx); if (nids[i] != -1) { /* Use the group with the NID attached */ EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); @@ -3788,9 +3774,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) int sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) { - BN_CTX *bnctx; EC_POINT *nq = NULL; - BIGNUM *order, *x, *y, *tmp; + BIGNUM *order = NULL, *x = NULL, *y = NULL, *tmp = NULL; int ret = SSH_ERR_KEY_INVALID_EC_VALUE; /* @@ -3801,10 +3786,6 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) * EC_POINT_oct2point then the caller will need to explicitly check. */ - if ((bnctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - BN_CTX_start(bnctx); - /* * We shouldn't ever hit this case because bignum_get_ecpoint() * refuses to load GF2m points. @@ -3817,18 +3798,18 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) if (EC_POINT_is_at_infinity(group, public)) goto out; - if ((x = BN_CTX_get(bnctx)) == NULL || - (y = BN_CTX_get(bnctx)) == NULL || - (order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) { + if ((x = BN_new()) == NULL || + (y = BN_new()) == NULL || + (order = BN_new()) == NULL || + (tmp = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ - if (EC_GROUP_get_order(group, order, bnctx) != 1 || + if (EC_GROUP_get_order(group, order, NULL) != 1 || EC_POINT_get_affine_coordinates_GFp(group, public, - x, y, bnctx) != 1) { + x, y, NULL) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -3841,7 +3822,7 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) { + if (EC_POINT_mul(group, nq, NULL, public, order, NULL) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -3857,7 +3838,10 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) goto out; ret = 0; out: - BN_CTX_free(bnctx); + BN_clear_free(x); + BN_clear_free(y); + BN_clear_free(order); + BN_clear_free(tmp); EC_POINT_free(nq); return ret; } @@ -3865,22 +3849,16 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) int sshkey_ec_validate_private(const EC_KEY *key) { - BN_CTX *bnctx; - BIGNUM *order, *tmp; + BIGNUM *order = NULL, *tmp = NULL; int ret = SSH_ERR_KEY_INVALID_EC_VALUE; - if ((bnctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - BN_CTX_start(bnctx); - - if ((order = BN_CTX_get(bnctx)) == NULL || - (tmp = BN_CTX_get(bnctx)) == NULL) { + if ((order = BN_new()) == NULL || (tmp = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } /* log2(private) > log2(order)/2 */ - if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) { + if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, NULL) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -3897,47 +3875,43 @@ sshkey_ec_validate_private(const EC_KEY *key) goto out; ret = 0; out: - BN_CTX_free(bnctx); + BN_clear_free(order); + BN_clear_free(tmp); return ret; } void sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) { - BIGNUM *x, *y; - BN_CTX *bnctx; + BIGNUM *x = NULL, *y = NULL; if (point == NULL) { fputs("point=(NULL)\n", stderr); return; } - if ((bnctx = BN_CTX_new()) == NULL) { - fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); - return; - } - BN_CTX_start(bnctx); - if ((x = BN_CTX_get(bnctx)) == NULL || - (y = BN_CTX_get(bnctx)) == NULL) { - fprintf(stderr, "%s: BN_CTX_get failed\n", __func__); - return; + if ((x = BN_new()) == NULL || (y = BN_new()) == NULL) { + fprintf(stderr, "%s: BN_new failed\n", __func__); + goto out; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != NID_X9_62_prime_field) { fprintf(stderr, "%s: group is not a prime field\n", __func__); - return; + goto out; } - if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, - bnctx) != 1) { + if (EC_POINT_get_affine_coordinates_GFp(group, point, + x, y, NULL) != 1) { fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", __func__); - return; + goto out; } fputs("x=", stderr); BN_print_fp(stderr, x); fputs("\ny=", stderr); BN_print_fp(stderr, y); fputs("\n", stderr); - BN_CTX_free(bnctx); + out: + BN_clear_free(x); + BN_clear_free(y); } void -- cgit v1.2.3 From 857f49e91eeae6feb781ef5f5e26c38ca3d953ec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Nov 2019 14:15:26 +1100 Subject: Move ifdef OPENSSL_HAS_ECC. Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef. ok djm@ --- sshkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 40e764dd4..90dcec079 100644 --- a/sshkey.c +++ b/sshkey.c @@ -2430,6 +2430,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, DSA_print_fp(stderr, key->dsa, 8); #endif break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA_SK_CERT: /* Skip nonce */ @@ -2438,7 +2439,6 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, goto out; } /* FALLTHROUGH */ -# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_SK: if ((key = sshkey_new(type)) == NULL) { -- cgit v1.2.3 From 740c4bc9875cbb4b9fc03fd5eac19df080f20df5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 18 Nov 2019 06:39:02 +0000 Subject: upstream: fix bug that prevented certification of ed25519-sk keys OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996 --- sshkey.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 90dcec079..8916f8027 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.93 2019/11/15 06:00:20 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.94 2019/11/18 06:39:02 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2978,9 +2978,15 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: + case KEY_ED25519_SK_CERT: if ((ret = sshbuf_put_string(cert, k->ed25519_pk, ED25519_PK_SZ)) != 0) goto out; + if (k->type == KEY_ED25519_SK_CERT) { + if ((ret = sshbuf_put_cstring(cert, + k->sk_application)) != 0) + goto out; + } break; #ifdef WITH_XMSS case KEY_XMSS_CERT: -- cgit v1.2.3 From 4bfc0503ad94a2a7190686a89649567c20b8534f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 18 Nov 2019 06:58:00 +0000 Subject: upstream: fix a bug that prevented serialisation of ed25519-sk keys OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9 --- sshkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 8916f8027..48dd8bea9 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.94 2019/11/18 06:39:02 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.95 2019/11/18 06:58:00 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -823,6 +823,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, case KEY_RSA_CERT: #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: + case KEY_ED25519_SK_CERT: #ifdef WITH_XMSS case KEY_XMSS_CERT: #endif /* WITH_XMSS */ -- cgit v1.2.3 From b7e74ea072919b31391bc0f5ff653f80b9f5e84f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 25 Nov 2019 00:51:37 +0000 Subject: upstream: Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49 --- auth2-hostbased.c | 4 ++-- auth2-pubkey.c | 11 +++++++++-- clientloop.c | 5 +++-- kexgen.c | 4 ++-- kexgexc.c | 4 ++-- krl.c | 4 ++-- monitor.c | 14 +++++++++++--- monitor_wrap.c | 23 +++++++++++++++++++---- monitor_wrap.h | 5 +++-- ssh-add.c | 4 ++-- ssh-ecdsa-sk.c | 21 ++++++++++++++++++--- ssh-ed25519-sk.c | 20 ++++++++++++++++++-- ssh-keygen.c | 13 ++++++++++--- sshkey.c | 19 ++++++++++++++----- sshkey.h | 18 ++++++++++++++---- sshsig.c | 22 ++++++++++++++-------- sshsig.h | 6 ++++-- 17 files changed, 147 insertions(+), 50 deletions(-) (limited to 'sshkey.c') diff --git a/auth2-hostbased.c b/auth2-hostbased.c index d46047084..5e9b7c65d 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.41 2019/09/06 04:53:27 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.42 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -151,7 +151,7 @@ userauth_hostbased(struct ssh *ssh) if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser, chost, key)) && PRIVSEP(sshkey_verify(key, sig, slen, - sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) + sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0) authenticated = 1; auth2_record_key(authctxt, authenticated, key); diff --git a/auth2-pubkey.c b/auth2-pubkey.c index df12c2c60..2b6986709 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.95 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -98,6 +98,7 @@ userauth_pubkey(struct ssh *ssh) int r, pktype; int authenticated = 0; struct sshauthopt *authopts = NULL; + struct sshkey_sig_details *sig_details = NULL; if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || @@ -213,9 +214,14 @@ userauth_pubkey(struct ssh *ssh) PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, - ssh->compat)) == 0) { + ssh->compat, &sig_details)) == 0) { authenticated = 1; } + if (sig_details != NULL) { + debug("%s: sk_counter = %u, sk_flags = 0x%02x", + __func__, sig_details->sk_counter, + sig_details->sk_flags); + } auth2_record_key(authctxt, authenticated, key); } else { debug("%s: test pkalg %s pkblob %s%s%s", @@ -266,6 +272,7 @@ done: free(key_s); free(ca_s); free(sig); + sshkey_sig_details_free(sig_details); return authenticated; } diff --git a/clientloop.c b/clientloop.c index 068506210..880abfda2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.328 2019/11/13 04:47:52 deraadt Exp $ */ +/* $OpenBSD: clientloop.c,v 1.329 2019/11/25 00:51:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2003,7 +2003,8 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; if ((r = sshkey_verify(ctx->keys[i], sig, siglen, sshbuf_ptr(signdata), sshbuf_len(signdata), - use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { + use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0, + NULL)) != 0) { error("%s: server gave bad signature for %s key %zu", __func__, sshkey_type(ctx->keys[i]), i); goto out; diff --git a/kexgen.c b/kexgen.c index bb996b504..69348b964 100644 --- a/kexgen.c +++ b/kexgen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgen.c,v 1.3 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: kexgen.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -212,7 +212,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - kex->hostkey_alg, ssh->compat)) != 0) + kex->hostkey_alg, ssh->compat, NULL)) != 0) goto out; if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) diff --git a/kexgexc.c b/kexgexc.c index 1c65b8a18..323a659b7 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -199,7 +199,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, kex->hostkey_alg, ssh->compat)) != 0) + hashlen, kex->hostkey_alg, ssh->compat, NULL)) != 0) goto out; if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) diff --git a/krl.c b/krl.c index 89cb433bd..aa8318cf1 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.45 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.46 2019/11/25 00:51:37 djm Exp $ */ #include "includes.h" @@ -1079,7 +1079,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, } /* Check signature over entire KRL up to this point */ if ((r = sshkey_verify(key, blob, blen, - sshbuf_ptr(buf), sig_off, NULL, 0)) != 0) + sshbuf_ptr(buf), sig_off, NULL, 0, NULL)) != 0) goto out; /* Check if this key has already signed this KRL */ for (i = 0; i < nca_used; i++) { diff --git a/monitor.c b/monitor.c index 1186c1dd5..40ff43ee2 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.201 2019/11/19 22:21:15 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.202 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1391,6 +1391,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) char *sigalg; size_t signaturelen, datalen, bloblen; int r, ret, valid_data = 0, encoded_ret; + struct sshkey_sig_details *sig_details = NULL; if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || @@ -1430,7 +1431,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) fatal("%s: bad signature data blob", __func__); ret = sshkey_verify(key, signature, signaturelen, data, datalen, - sigalg, ssh->compat); + sigalg, ssh->compat, &sig_details); debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key, (ret == 0) ? "verified" : "unverified", (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); @@ -1450,8 +1451,15 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) /* encode ret != 0 as positive integer, since we're sending u32 */ encoded_ret = (ret != 0); - if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) + if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 || + (r = sshbuf_put_u8(m, sig_details != NULL != 0)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sig_details != NULL) { + if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 || + (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } + sshkey_sig_details_free(sig_details); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); return ret == 0; diff --git a/monitor_wrap.c b/monitor_wrap.c index 5b42c0e56..06599e3b1 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.115 2019/11/18 16:10:05 naddy Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.116 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -495,15 +495,19 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, int mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, - const u_char *data, size_t datalen, const char *sigalg, u_int compat) + const u_char *data, size_t datalen, const char *sigalg, u_int compat, + struct sshkey_sig_details **sig_detailsp) { struct sshbuf *m; u_int encoded_ret = 0; int r; + u_char sig_details_present, flags; + u_int counter; debug3("%s entering", __func__); - + if (sig_detailsp != NULL) + *sig_detailsp = NULL; if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshkey_puts(key, m)) != 0 || @@ -518,8 +522,19 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, m); - if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0) + if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 || + (r = sshbuf_get_u8(m, &sig_details_present)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sig_details_present && encoded_ret == 0) { + if ((r = sshbuf_get_u32(m, &counter)) != 0 || + (r = sshbuf_get_u8(m, &flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sig_detailsp != NULL) { + *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp)); + (*sig_detailsp)->sk_counter = counter; + (*sig_detailsp)->sk_flags = flags; + } + } sshbuf_free(m); diff --git a/monitor_wrap.h b/monitor_wrap.h index 76330fc60..23ab096aa 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.43 2019/10/31 21:23:19 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.44 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -38,6 +38,7 @@ struct monitor; struct Authctxt; struct sshkey; struct sshauthopt; +struct sshkey_sig_details; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); @@ -57,7 +58,7 @@ int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *, const char *, struct sshkey *); int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, const char *, u_int); + const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); diff --git a/ssh-add.c b/ssh-add.c index 6b1962bc2..1d85e9d60 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.146 2019/11/18 16:10:05 naddy Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.147 2019/11/25 00:51:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -451,7 +451,7 @@ test_key(int agent_fd, const char *filename) goto done; } if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0)) != 0) { + NULL, 0, NULL)) != 0) { error("Signature verification failed for %s: %s", filename, ssh_err(r)); goto done; diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c index f33fac714..b2f31ae2d 100644 --- a/ssh-ecdsa-sk.c +++ b/ssh-ecdsa-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa-sk.c,v 1.3 2019/11/25 00:38:17 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa-sk.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -53,7 +53,8 @@ int ssh_ecdsa_sk_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, u_int compat, + struct sshkey_sig_details **detailsp) { ECDSA_SIG *sig = NULL; BIGNUM *sig_r = NULL, *sig_s = NULL; @@ -63,10 +64,13 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, int ret = SSH_ERR_INTERNAL_ERROR; struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL; char *ktype = NULL; + struct sshkey_sig_details *details = NULL; #ifdef DEBUG_SK char *tmp = NULL; #endif + if (detailsp != NULL) + *detailsp = NULL; if (key == NULL || key->ecdsa == NULL || sshkey_type_plain(key->type) != KEY_ECDSA_SK || signature == NULL || signaturelen == 0) @@ -149,6 +153,12 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed, sighash, sizeof(sighash))) != 0) goto out; + if ((details = calloc(1, sizeof(*details))) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + details->sk_counter = sig_counter; + details->sk_flags = sig_flags; #ifdef DEBUG_SK fprintf(stderr, "%s: signed buf:\n", __func__); sshbuf_dump(original_signed, stderr); @@ -168,13 +178,18 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - + /* success */ + if (detailsp != NULL) { + *detailsp = details; + details = NULL; + } out: explicit_bzero(&sig_flags, sizeof(sig_flags)); explicit_bzero(&sig_counter, sizeof(sig_counter)); explicit_bzero(msghash, sizeof(msghash)); explicit_bzero(sighash, sizeof(msghash)); explicit_bzero(apphash, sizeof(apphash)); + sshkey_sig_details_free(details); sshbuf_free(original_signed); sshbuf_free(sigbuf); sshbuf_free(b); diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c index 622cb45c2..d11fde6fd 100644 --- a/ssh-ed25519-sk.c +++ b/ssh-ed25519-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519-sk.c,v 1.2 2019/11/12 19:34:40 markus Exp $ */ +/* $OpenBSD: ssh-ed25519-sk.c,v 1.3 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -33,7 +33,8 @@ int ssh_ed25519_sk_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, u_int compat, + struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; struct sshbuf *encoded = NULL; @@ -49,6 +50,10 @@ ssh_ed25519_sk_verify(const struct sshkey *key, unsigned long long smlen = 0, mlen = 0; int r = SSH_ERR_INTERNAL_ERROR; int ret; + struct sshkey_sig_details *details = NULL; + + if (detailsp != NULL) + *detailsp = NULL; if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519_SK || @@ -84,6 +89,12 @@ ssh_ed25519_sk_verify(const struct sshkey *key, r = SSH_ERR_INVALID_ARGUMENT; goto out; } + if ((details = calloc(1, sizeof(*details))) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + details->sk_counter = sig_counter; + details->sk_flags = sig_flags; if ((encoded = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -115,11 +126,16 @@ ssh_ed25519_sk_verify(const struct sshkey *key, /* XXX compare 'm' and 'sm + len' ? */ /* success */ r = 0; + if (detailsp != NULL) { + *detailsp = details; + details = NULL; + } out: if (m != NULL) { explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ free(m); } + sshkey_sig_details_free(details); sshbuf_free(b); sshbuf_free(encoded); free(ktype); diff --git a/ssh-keygen.c b/ssh-keygen.c index e869989d7..08dd7cb8a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.370 2019/11/25 00:51:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -584,7 +584,7 @@ do_convert_private_ssh2(struct sshbuf *b) if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, NULL, 0) != 0 || sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0) != 0) { + NULL, 0, NULL) != 0) { sshkey_free(key); free(sig); return NULL; @@ -2657,7 +2657,9 @@ verify(const char *signature, const char *sig_namespace, const char *principal, struct sshbuf *sigbuf = NULL, *abuf = NULL; struct sshkey *sign_key = NULL; char *fp = NULL; + struct sshkey_sig_details *sig_details = NULL; + memset(&sig_details, 0, sizeof(sig_details)); if ((abuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new() failed", __func__); @@ -2675,13 +2677,17 @@ verify(const char *signature, const char *sig_namespace, const char *principal, return r; } if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, - &sign_key)) != 0) + &sign_key, &sig_details)) != 0) goto done; /* sshsig_verify() prints error */ if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint failed", __func__); debug("Valid (unverified) signature from key %s", fp); + if (sig_details != NULL) { + debug2("%s: signature details: counter = %u, flags = 0x%02x", + __func__, sig_details->sk_counter, sig_details->sk_flags); + } free(fp); fp = NULL; @@ -2726,6 +2732,7 @@ done: sshbuf_free(sigbuf); sshbuf_free(abuf); sshkey_free(sign_key); + sshkey_sig_details_free(sig_details); free(fp); return ret; } diff --git a/sshkey.c b/sshkey.c index 48dd8bea9..920c0dc3c 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.95 2019/11/18 06:58:00 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.96 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2301,7 +2301,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) goto out; } if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, - sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) + sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0) goto out; if ((ret = sshkey_get_sigtype(sig, slen, &key->cert->signature_type)) != 0) @@ -2796,8 +2796,11 @@ sshkey_sign(struct sshkey *key, int sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, - const u_char *data, size_t dlen, const char *alg, u_int compat) + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { + if (detailsp != NULL) + *detailsp = NULL; if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; switch (key->type) { @@ -2813,7 +2816,7 @@ sshkey_verify(const struct sshkey *key, case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, - compat); + compat, detailsp); # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: @@ -2826,7 +2829,7 @@ sshkey_verify(const struct sshkey *key, case KEY_ED25519_SK: case KEY_ED25519_SK_CERT: return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, - compat); + compat, detailsp); #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: @@ -4661,6 +4664,12 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, passphrase, keyp, commentp); } +void +sshkey_sig_details_free(struct sshkey_sig_details *details) +{ + freezero(details, sizeof(*details)); +} + #ifdef WITH_XMSS /* * serialize the key with the current state and forward the state diff --git a/sshkey.h b/sshkey.h index a34a4cb48..56c0a9cdf 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.39 2019/11/13 07:53:10 markus Exp $ */ +/* $OpenBSD: sshkey.h,v 1.40 2019/11/25 00:51:37 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,6 +156,12 @@ struct sshkey { #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES +/* Additional fields contained in signature */ +struct sshkey_sig_details { + uint32_t sk_counter; /* U2F signature counter */ + uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */ +}; + struct sshkey *sshkey_new(int); void sshkey_free(struct sshkey *); int sshkey_equal_public(const struct sshkey *, @@ -230,7 +236,7 @@ int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); int sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, const char *, u_int); + const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); int sshkey_check_sigtype(const u_char *, size_t, const char *); const char *sshkey_sigalg_by_name(const char *); int sshkey_get_sigtype(const u_char *, size_t, char **); @@ -270,6 +276,8 @@ int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, u_int32_t maxsign, sshkey_printfn *pr); +void sshkey_sig_details_free(struct sshkey_sig_details *); + #ifdef SSHKEY_INTERNAL int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, @@ -289,7 +297,8 @@ int ssh_ecdsa_verify(const struct sshkey *key, const u_char *data, size_t datalen, u_int compat); int ssh_ecdsa_sk_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); + const u_char *data, size_t datalen, u_int compat, + struct sshkey_sig_details **detailsp); int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_ed25519_verify(const struct sshkey *key, @@ -297,7 +306,8 @@ int ssh_ed25519_verify(const struct sshkey *key, const u_char *data, size_t datalen, u_int compat); int ssh_ed25519_sk_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); + const u_char *data, size_t datalen, u_int compat, + struct sshkey_sig_details **detailsp); int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_xmss_verify(const struct sshkey *key, diff --git a/sshsig.c b/sshsig.c index 8c7aba1b9..abba3f67b 100644 --- a/sshsig.c +++ b/sshsig.c @@ -286,7 +286,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) static int sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, const struct sshbuf *h_message, const char *expect_namespace, - struct sshkey **sign_keyp) + struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) { int r = SSH_ERR_INTERNAL_ERROR; struct sshbuf *buf = NULL, *toverify = NULL; @@ -296,6 +296,8 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, size_t siglen; debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); + if (sig_details != NULL) + *sig_details = NULL; if (sign_keyp != NULL) *sign_keyp = NULL; @@ -361,7 +363,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, } } if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), - sshbuf_len(toverify), NULL, 0)) != 0) { + sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { error("Signature verification failed: %s", ssh_err(r)); goto done; } @@ -453,15 +455,17 @@ sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, int sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, - const char *expect_namespace, struct sshkey **sign_keyp) + const char *expect_namespace, struct sshkey **sign_keyp, + struct sshkey_sig_details **sig_details) { struct sshbuf *b = NULL; int r = SSH_ERR_INTERNAL_ERROR; char *hashalg = NULL; + if (sig_details != NULL) + *sig_details = NULL; if (sign_keyp != NULL) *sign_keyp = NULL; - if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; debug("%s: signature made with hash \"%s\"", __func__, hashalg); @@ -470,7 +474,7 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, - sign_keyp)) != 0) + sign_keyp, sig_details)) != 0) goto out; /* success */ r = 0; @@ -579,15 +583,17 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, int sshsig_verify_fd(struct sshbuf *signature, int fd, - const char *expect_namespace, struct sshkey **sign_keyp) + const char *expect_namespace, struct sshkey **sign_keyp, + struct sshkey_sig_details **sig_details) { struct sshbuf *b = NULL; int r = SSH_ERR_INTERNAL_ERROR; char *hashalg = NULL; + if (sig_details != NULL) + *sig_details = NULL; if (sign_keyp != NULL) *sign_keyp = NULL; - if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; debug("%s: signature made with hash \"%s\"", __func__, hashalg); @@ -596,7 +602,7 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, - sign_keyp)) != 0) + sign_keyp, sig_details)) != 0) goto out; /* success */ r = 0; diff --git a/sshsig.h b/sshsig.h index 487db116c..386c8b5d7 100644 --- a/sshsig.h +++ b/sshsig.h @@ -20,6 +20,7 @@ struct sshbuf; struct sshkey; struct sshsigopt; +struct sshkey_sig_details; typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, const char *, u_int, void *); @@ -43,7 +44,7 @@ int sshsig_signb(struct sshkey *key, const char *hashalg, */ int sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, const char *sig_namespace, - struct sshkey **sign_keyp); + struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details); /* File/FD-oriented API */ @@ -62,7 +63,8 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg, * Returns 0 on success or a negative SSH_ERR_* error code on failure. */ int sshsig_verify_fd(struct sshbuf *signature, int fd, - const char *sig_namespace, struct sshkey **sign_keyp); + const char *sig_namespace, struct sshkey **sign_keyp, + struct sshkey_sig_details **sig_details); /* Utility functions */ -- cgit v1.2.3 From b52ec0ba3983859514aa7b57d6100fa9759fe696 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 13 Dec 2019 19:09:10 +0000 Subject: upstream: use ssh-sk-helper for all security key signing operations This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f --- ssh-agent.c | 160 ++++++++---------------------------------------------------- ssh-sk.c | 4 +- ssh-sk.h | 7 +-- sshkey.c | 15 ++---- sshkey.h | 5 +- 5 files changed, 33 insertions(+), 158 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-agent.c b/ssh-agent.c index 1d4b779f6..09d12dc3f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.250 2019/11/19 16:02:32 jmc Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.251 2019/12/13 19:09:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -90,7 +90,7 @@ #include "ssherr.h" #include "pathnames.h" #include "ssh-pkcs11.h" -#include "ssh-sk.h" +#include "sk-api.h" #ifndef DEFAULT_PROVIDER_WHITELIST # define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" @@ -282,130 +282,6 @@ agent_decode_alg(struct sshkey *key, u_int flags) return NULL; } -static int -provider_sign(const char *provider, struct sshkey *key, - u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, - const char *alg, u_int compat) -{ - int status, pair[2], r = SSH_ERR_INTERNAL_ERROR; - pid_t pid; - char *helper, *verbosity = NULL, *fp = NULL; - struct sshbuf *kbuf, *req, *resp; - u_char version; - struct notifier_ctx *notifier = NULL; - - debug3("%s: start for provider %s", __func__, provider); - - *sigp = NULL; - *lenp = 0; - - helper = getenv("SSH_SK_HELPER"); - if (helper == NULL || strlen(helper) == 0) - helper = _PATH_SSH_SK_HELPER; - if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) - verbosity = "-vvv"; - - /* Start helper */ - if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { - error("socketpair: %s", strerror(errno)); - return SSH_ERR_SYSTEM_ERROR; - } - if ((pid = fork()) == -1) { - error("fork: %s", strerror(errno)); - close(pair[0]); - close(pair[1]); - return SSH_ERR_SYSTEM_ERROR; - } - if (pid == 0) { - if ((dup2(pair[1], STDIN_FILENO) == -1) || - (dup2(pair[1], STDOUT_FILENO) == -1)) - fatal("%s: dup2: %s", __func__, ssh_err(r)); - close(pair[0]); - close(pair[1]); - closefrom(STDERR_FILENO + 1); - debug("%s: starting %s %s", __func__, helper, - verbosity == NULL ? "" : verbosity); - execlp(helper, helper, verbosity, (char *)NULL); - fatal("%s: execlp: %s", __func__, strerror(errno)); - } - close(pair[1]); - - if ((kbuf = sshbuf_new()) == NULL || - (req = sshbuf_new()) == NULL || - (resp = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - - if ((r = sshkey_private_serialize(key, kbuf)) != 0 || - (r = sshbuf_put_stringb(req, kbuf)) != 0 || - (r = sshbuf_put_cstring(req, provider)) != 0 || - (r = sshbuf_put_string(req, data, datalen)) != 0 || - (r = sshbuf_put_u32(req, compat)) != 0) - fatal("%s: compose: %s", __func__, ssh_err(r)); - - if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, - SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); - notifier = notify_start(0, - "Confirm user presence for key %s %s", sshkey_type(key), fp); - - if ((r = ssh_msg_send(pair[0], SSH_SK_HELPER_VERSION, req)) != 0) { - error("%s: send: %s", __func__, ssh_err(r)); - goto out; - } - if ((r = ssh_msg_recv(pair[0], resp)) != 0) { - error("%s: receive: %s", __func__, ssh_err(r)); - goto out; - } - if ((r = sshbuf_get_u8(resp, &version)) != 0) { - error("%s: parse version: %s", __func__, ssh_err(r)); - goto out; - } - if (version != SSH_SK_HELPER_VERSION) { - error("%s: unsupported version: got %u, expected %u", - __func__, version, SSH_SK_HELPER_VERSION); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) { - error("%s: parse signature: %s", __func__, ssh_err(r)); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshbuf_len(resp) != 0) { - error("%s: trailing data in response", __func__); - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* success */ - r = 0; - out: - while (waitpid(pid, &status, 0) == -1) { - if (errno != EINTR) - fatal("%s: waitpid: %s", __func__, ssh_err(r)); - } - notify_complete(notifier); - if (!WIFEXITED(status)) { - error("%s: helper %s exited abnormally", __func__, helper); - if (r == 0) - r = SSH_ERR_SYSTEM_ERROR; - } else if (WEXITSTATUS(status) != 0) { - error("%s: helper %s exited with non-zero exit status", - __func__, helper); - if (r == 0) - r = SSH_ERR_SYSTEM_ERROR; - } - if (r != 0) { - freezero(*sigp, *lenp); - *sigp = NULL; - *lenp = 0; - } - sshbuf_free(kbuf); - sshbuf_free(req); - sshbuf_free(resp); - return r; -} - /* ssh2 only */ static void process_sign_request2(SocketEntry *e) @@ -415,9 +291,11 @@ process_sign_request2(SocketEntry *e) size_t dlen, slen = 0; u_int compat = 0, flags; int r, ok = -1; + char *fp = NULL; struct sshbuf *msg; struct sshkey *key = NULL; struct identity *id; + struct notifier_ctx *notifier = NULL; if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); @@ -436,25 +314,27 @@ process_sign_request2(SocketEntry *e) verbose("%s: user refused key", __func__); goto send; } - if (id->sk_provider != NULL) { - if ((r = provider_sign(id->sk_provider, id->key, &signature, - &slen, data, dlen, agent_decode_alg(key, flags), - compat)) != 0) { - error("%s: sign: %s", __func__, ssh_err(r)); - goto send; - } - } else { - if ((r = sshkey_sign(id->key, &signature, &slen, - data, dlen, agent_decode_alg(key, flags), - NULL, compat)) != 0) { - error("%s: sshkey_sign: %s", __func__, ssh_err(r)); - goto send; - } + if (sshkey_is_sk(id->key) && + (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { + if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, + SSH_FP_DEFAULT)) == NULL) + fatal("%s: fingerprint failed", __func__); + notifier = notify_start(0, + "Confirm user presence for key %s %s", + sshkey_type(id->key), fp); + } + if ((r = sshkey_sign(id->key, &signature, &slen, + data, dlen, agent_decode_alg(key, flags), + id->sk_provider, compat)) != 0) { + error("%s: sshkey_sign: %s", __func__, ssh_err(r)); + goto send; } /* Success */ ok = 0; send: + notify_complete(notifier); sshkey_free(key); + free(fp); if (ok == 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || (r = sshbuf_put_string(msg, signature, slen)) != 0) diff --git a/ssh-sk.c b/ssh-sk.c index 7c63536e2..9e5637353 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.17 2019/11/27 22:32:11 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.18 2019/12/13 19:09:10 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -464,7 +464,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) } int -sshsk_sign(const char *provider_path, const struct sshkey *key, +sshsk_sign(const char *provider_path, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { diff --git a/ssh-sk.h b/ssh-sk.h index bb593160a..4d667884e 100644 --- a/ssh-sk.h +++ b/ssh-sk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.5 2019/11/12 19:31:45 markus Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.6 2019/12/13 19:09:10 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -21,9 +21,6 @@ struct sshbuf; struct sshkey; -/* Version of protocol between ssh-agent and ssh-sk-helper */ -#define SSH_SK_HELPER_VERSION 1 - /* * Enroll (generate) a new security-key hosted private key of given type * via the specified provider middleware. @@ -44,7 +41,7 @@ int sshsk_enroll(int type, const char *provider_path, const char *application, * * Returns 0 on success or a ssherr.h error code on failure. */ -int sshsk_sign(const char *provider_path, const struct sshkey *key, +int sshsk_sign(const char *provider_path, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); diff --git a/sshkey.c b/sshkey.c index 920c0dc3c..674303c37 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.96 2019/11/25 00:51:37 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.97 2019/12/13 19:09:10 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2750,13 +2750,6 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA: r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); break; -# ifdef ENABLE_SK - case KEY_ECDSA_SK_CERT: - case KEY_ECDSA_SK: - r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, - compat); - break; -# endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: @@ -2770,8 +2763,10 @@ sshkey_sign(struct sshkey *key, #ifdef ENABLE_SK case KEY_ED25519_SK: case KEY_ED25519_SK_CERT: - r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, - compat); + case KEY_ECDSA_SK_CERT: + case KEY_ECDSA_SK: + r = sshsk_sign(sk_provider, key, sigp, lenp, data, + datalen, compat); break; #endif /* ENABLE_SK */ #ifdef WITH_XMSS diff --git a/sshkey.h b/sshkey.h index 56c0a9cdf..d96dcb8b0 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.40 2019/11/25 00:51:37 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.41 2019/12/13 19:09:10 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -51,6 +51,9 @@ #define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) +/* Version of protocol expected from ssh-sk-helper */ +#define SSH_SK_HELPER_VERSION 1 + struct sshbuf; /* Key types */ -- cgit v1.2.3 From 9244990ecdcfa36bb9371058111685b05f201c1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Dec 2019 09:21:46 +1100 Subject: remove a bunch of ENABLE_SK #ifdefs The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc. --- ssh-ecdsa-sk.c | 3 --- ssh-keygen.c | 4 ---- ssh-sk-client.c | 8 ++++++++ sshkey.c | 4 ---- 4 files changed, 8 insertions(+), 11 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c index 40f0dc8c0..7a2355c1a 100644 --- a/ssh-ecdsa-sk.c +++ b/ssh-ecdsa-sk.c @@ -29,8 +29,6 @@ #include "includes.h" -#ifdef ENABLE_SK - #include #include @@ -203,4 +201,3 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, free(ktype); return ret; } -#endif /* ENABLE_SK */ diff --git a/ssh-keygen.c b/ssh-keygen.c index e90b85ffa..24e246c0b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -3303,9 +3303,6 @@ main(int argc, char **argv) switch (type) { case KEY_ECDSA_SK: case KEY_ED25519_SK: -#ifndef ENABLE_SK - fatal("Security key support was disabled at compile time"); -#else /* ENABLE_SK */ if (!quiet) { printf("You may need to touch your security key " "to authorize key generation.\n"); @@ -3316,7 +3313,6 @@ main(int argc, char **argv) sk_flags, NULL, &private, NULL) != 0) exit(1); /* error message already printed */ break; -#endif /* ENABLE_SK */ default: if ((r = sshkey_generate(type, bits, &private)) != 0) fatal("sshkey_generate failed"); diff --git a/ssh-sk-client.c b/ssh-sk-client.c index 92ac0e7e1..8a7ac97c4 100644 --- a/ssh-sk-client.c +++ b/ssh-sk-client.c @@ -198,6 +198,10 @@ sshsk_sign(const char *provider, struct sshkey *key, *sigp = NULL; *lenp = 0; +#ifndef ENABLE_SK + return SSH_ERR_KEY_TYPE_UNKNOWN; +#endif + if ((kbuf = sshbuf_new()) == NULL || (req = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -266,6 +270,10 @@ sshsk_enroll(int type, const char *provider_path, const char *application, if (attest != NULL) sshbuf_reset(attest); +#ifndef ENABLE_SK + return SSH_ERR_KEY_TYPE_UNKNOWN; +#endif + if (type < 0) return SSH_ERR_INVALID_ARGUMENT; diff --git a/sshkey.c b/sshkey.c index 674303c37..3bab2e893 100644 --- a/sshkey.c +++ b/sshkey.c @@ -2760,7 +2760,6 @@ sshkey_sign(struct sshkey *key, case KEY_ED25519_CERT: r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); break; -#ifdef ENABLE_SK case KEY_ED25519_SK: case KEY_ED25519_SK_CERT: case KEY_ECDSA_SK_CERT: @@ -2768,7 +2767,6 @@ sshkey_sign(struct sshkey *key, r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, compat); break; -#endif /* ENABLE_SK */ #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: @@ -2807,12 +2805,10 @@ sshkey_verify(const struct sshkey *key, case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); -# ifdef ENABLE_SK case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, compat, detailsp); -# endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: -- cgit v1.2.3 From c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 30 Dec 2019 09:23:28 +0000 Subject: upstream: SK API and sk-helper error/PIN passing Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71 --- sk-api.h | 8 ++--- sk-usbhid.c | 10 +++--- ssh-keygen.c | 4 +-- ssh-sk-client.c | 47 +++++++++++++++++++------ ssh-sk-helper.c | 106 ++++++++++++++++++++++++++++++++++++++++++++------------ ssh-sk.c | 31 +++++++++-------- ssh-sk.h | 17 ++++++--- sshkey.c | 4 +-- sshkey.h | 10 +----- 9 files changed, 165 insertions(+), 72 deletions(-) (limited to 'sshkey.c') diff --git a/sk-api.h b/sk-api.h index 10f1fdb10..4f9f43ee6 100644 --- a/sk-api.h +++ b/sk-api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-api.h,v 1.4 2019/12/30 09:21:16 djm Exp $ */ +/* $OpenBSD: sk-api.h,v 1.5 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -59,7 +59,7 @@ struct sk_resident_key { struct sk_enroll_response key; }; -#define SSH_SK_VERSION_MAJOR 0x00020000 /* current API version */ +#define SSH_SK_VERSION_MAJOR 0x00030000 /* current API version */ #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 /* Return the version of the middleware API */ @@ -67,13 +67,13 @@ uint32_t sk_api_version(void); /* Enroll a U2F key (private key generation) */ int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, - const char *application, uint8_t flags, + const char *application, uint8_t flags, const char *pin, struct sk_enroll_response **enroll_response); /* Sign a challenge */ int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, struct sk_sign_response **sign_response); /* Enumerate all resident keys */ int sk_load_resident_keys(const char *pin, diff --git a/sk-usbhid.c b/sk-usbhid.c index fa4424483..54ce0bddf 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -54,7 +54,7 @@ } while (0) #endif -#define SK_VERSION_MAJOR 0x00020000 /* current API version */ +#define SK_VERSION_MAJOR 0x00030000 /* current API version */ /* Flags */ #define SK_USER_PRESENCE_REQD 0x01 @@ -105,13 +105,13 @@ uint32_t sk_api_version(void); /* Enroll a U2F key (private key generation) */ int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, - const char *application, uint8_t flags, + const char *application, uint8_t flags, const char *pin, struct sk_enroll_response **enroll_response); /* Sign a challenge */ int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, struct sk_sign_response **sign_response); /* Load resident keys */ int sk_load_resident_keys(const char *pin, @@ -414,7 +414,7 @@ pack_public_key(int alg, const fido_cred_t *cred, int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, - const char *application, uint8_t flags, + const char *application, uint8_t flags, const char *pin, struct sk_enroll_response **enroll_response) { fido_cred_t *cred = NULL; @@ -652,7 +652,7 @@ int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response) + uint8_t flags, const char *pin, struct sk_sign_response **sign_response) { fido_assert_t *assert = NULL; fido_dev_t *dev = NULL; diff --git a/ssh-keygen.c b/ssh-keygen.c index 48342c09d..79e2e92b5 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.377 2019/12/30 09:19:52 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.378 2019/12/30 09:23:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -3368,7 +3368,7 @@ main(int argc, char **argv) fflush(stdout); if (sshsk_enroll(type, sk_provider, cert_key_id == NULL ? "ssh:" : cert_key_id, - sk_flags, NULL, &private, NULL) != 0) + sk_flags, NULL, NULL, &private, NULL) != 0) exit(1); /* error message already printed */ break; default: diff --git a/ssh-sk-client.c b/ssh-sk-client.c index b2f062455..0033a6655 100644 --- a/ssh-sk-client.c +++ b/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.2 2019/12/30 09:21:59 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.3 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -128,14 +129,14 @@ reap_helper(pid_t pid) } static int -client_converse(struct sshbuf *req, struct sshbuf **respp) +client_converse(struct sshbuf *req, struct sshbuf **respp, u_int msg) { int oerrno, fd, r2, r = SSH_ERR_INTERNAL_ERROR; + u_int rmsg, rerr; pid_t pid; u_char version; void (*osigchld)(int); struct sshbuf *resp = NULL; - *respp = NULL; if ((r = start_helper(&fd, &pid, &osigchld)) != 0) @@ -164,6 +165,28 @@ client_converse(struct sshbuf *req, struct sshbuf **respp) r = SSH_ERR_INVALID_FORMAT; goto out; } + if ((r = sshbuf_get_u32(resp, &rmsg)) != 0) { + error("%s: parse message type: %s", __func__, ssh_err(r)); + goto out; + } + if (rmsg == SSH_SK_HELPER_ERROR) { + if ((r = sshbuf_get_u32(resp, &rerr)) != 0) { + error("%s: parse error: %s", __func__, ssh_err(r)); + goto out; + } + debug("%s: helper returned error -%u", __func__, rerr); + /* OpenSSH error values are negative; encoded as -err on wire */ + if (rerr == 0 || rerr >= INT_MAX) + r = SSH_ERR_INTERNAL_ERROR; + else + r = -(int)rerr; + goto out; + } else if (rmsg != msg) { + error("%s: helper returned incorrect message type %u, " + "expecting %u", __func__, rmsg, msg); + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } /* success */ r = 0; out: @@ -189,7 +212,7 @@ client_converse(struct sshbuf *req, struct sshbuf **respp) int sshsk_sign(const char *provider, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - u_int compat) + u_int compat, const char *pin) { int oerrno, r = SSH_ERR_INTERNAL_ERROR; char *fp = NULL; @@ -217,7 +240,8 @@ sshsk_sign(const char *provider, struct sshkey *key, (r = sshbuf_put_cstring(req, provider)) != 0 || (r = sshbuf_put_string(req, data, datalen)) != 0 || (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */ - (r = sshbuf_put_u32(req, compat)) != 0) { + (r = sshbuf_put_u32(req, compat)) != 0 || + (r = sshbuf_put_cstring(req, pin)) != 0) { error("%s: compose: %s", __func__, ssh_err(r)); goto out; } @@ -228,7 +252,7 @@ sshsk_sign(const char *provider, struct sshkey *key, r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = client_converse(req, &resp)) != 0) + if ((r = client_converse(req, &resp, SSH_SK_HELPER_SIGN)) != 0) goto out; if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) { @@ -259,8 +283,8 @@ sshsk_sign(const char *provider, struct sshkey *key, int sshsk_enroll(int type, const char *provider_path, const char *application, - uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, - struct sshbuf *attest) + uint8_t flags, const char *pin, struct sshbuf *challenge_buf, + struct sshkey **keyp, struct sshbuf *attest) { int oerrno, r = SSH_ERR_INTERNAL_ERROR; struct sshbuf *kbuf = NULL, *abuf = NULL, *req = NULL, *resp = NULL; @@ -289,12 +313,13 @@ sshsk_enroll(int type, const char *provider_path, const char *application, (r = sshbuf_put_cstring(req, provider_path)) != 0 || (r = sshbuf_put_cstring(req, application)) != 0 || (r = sshbuf_put_u8(req, flags)) != 0 || + (r = sshbuf_put_cstring(req, pin)) != 0 || (r = sshbuf_put_stringb(req, challenge_buf)) != 0) { error("%s: compose: %s", __func__, ssh_err(r)); goto out; } - if ((r = client_converse(req, &resp)) != 0) + if ((r = client_converse(req, &resp, SSH_SK_HELPER_ENROLL)) != 0) goto out; if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 || @@ -358,7 +383,7 @@ sshsk_load_resident(const char *provider_path, const char *pin, goto out; } - if ((r = client_converse(req, &resp)) != 0) + if ((r = client_converse(req, &resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0) goto out; while (sshbuf_len(resp) != 0) { @@ -378,6 +403,8 @@ sshsk_load_resident(const char *provider_path, const char *pin, error("%s: recallocarray keys failed", __func__); goto out; } + debug("%s: keys[%zu]: %s %s", __func__, + nkeys, sshkey_type(key), key->sk_application); keys = tmp; keys[nkeys++] = key; key = NULL; diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index ac528cfcf..590ff8501 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.5 2019/12/30 09:21:59 djm Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.6 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -50,6 +50,33 @@ #ifdef ENABLE_SK extern char *__progname; +static struct sshbuf *reply_error(int r, char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))); + +static struct sshbuf * +reply_error(int r, char *fmt, ...) +{ + char *msg; + va_list ap; + struct sshbuf *resp; + + va_start(ap, fmt); + xvasprintf(&msg, fmt, ap); + va_end(ap); + error("%s: %s", __progname, msg); + free(msg); + + if (r >= 0) + fatal("%s: invalid error code %d", __func__, r); + + if ((resp = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __progname); + if (sshbuf_put_u32(resp, SSH_SK_HELPER_ERROR) != 0 || + sshbuf_put_u32(resp, (u_int)-r) != 0) + fatal("%s: buffer error", __progname); + return resp; +} + static struct sshbuf * process_sign(struct sshbuf *req) { @@ -60,13 +87,14 @@ process_sign(struct sshbuf *req) const u_char *message; u_char *sig; size_t msglen, siglen; - char *provider; + char *provider, *pin; if ((r = sshbuf_froms(req, &kbuf)) != 0 || (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 || (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */ - (r = sshbuf_get_u32(req, &compat)) != 0) + (r = sshbuf_get_u32(req, &compat)) != 0 || + (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (sshbuf_len(req) != 0) fatal("%s: trailing data in request", __progname); @@ -80,19 +108,28 @@ process_sign(struct sshbuf *req) "msg len %zu, compat 0x%lx", __progname, sshkey_type(key), provider, msglen, (u_long)compat); + if (*pin == 0) { + free(pin); + pin = NULL; + } + if ((r = sshsk_sign(provider, key, &sig, &siglen, - message, msglen, compat)) != 0) - fatal("Signing failed: %s", ssh_err(r)); + message, msglen, compat, pin)) != 0) { + resp = reply_error(r, "Signing failed: %s", ssh_err(r)); + goto out; + } if ((resp = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); - if ((r = sshbuf_put_string(resp, sig, siglen)) != 0) + if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_SIGN)) != 0 || + (r = sshbuf_put_string(resp, sig, siglen)) != 0) fatal("%s: buffer error: %s", __progname, ssh_err(r)); - + out: sshbuf_free(kbuf); free(provider); - + if (pin != NULL) + freezero(pin, strlen(pin)); return resp; } @@ -101,14 +138,12 @@ process_enroll(struct sshbuf *req) { int r; u_int type; - char *provider; - char *application; + char *provider, *application, *pin; uint8_t flags; struct sshbuf *challenge, *attest, *kbuf, *resp; struct sshkey *key; - if ((resp = sshbuf_new()) == NULL || - (attest = sshbuf_new()) == NULL || + if ((attest = sshbuf_new()) == NULL || (kbuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); @@ -116,6 +151,7 @@ process_enroll(struct sshbuf *req) (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || (r = sshbuf_get_cstring(req, &application, NULL)) != 0 || (r = sshbuf_get_u8(req, &flags)) != 0 || + (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 || (r = sshbuf_froms(req, &challenge)) != 0) fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (sshbuf_len(req) != 0) @@ -127,23 +163,35 @@ process_enroll(struct sshbuf *req) sshbuf_free(challenge); challenge = NULL; } + if (*pin == 0) { + free(pin); + pin = NULL; + } - if ((r = sshsk_enroll((int)type, provider, application, flags, - challenge, &key, attest)) != 0) - fatal("%s: sshsk_enroll failed: %s", __progname, ssh_err(r)); + if ((r = sshsk_enroll((int)type, provider, application, flags, pin, + challenge, &key, attest)) != 0) { + resp = reply_error(r, "Enrollment failed: %s", ssh_err(r)); + goto out; + } + if ((resp = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __progname); if ((r = sshkey_private_serialize(key, kbuf)) != 0) fatal("%s: serialize private key: %s", __progname, ssh_err(r)); - if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 || + if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_ENROLL)) != 0 || + (r = sshbuf_put_stringb(resp, kbuf)) != 0 || (r = sshbuf_put_stringb(resp, attest)) != 0) fatal("%s: buffer error: %s", __progname, ssh_err(r)); + out: sshkey_free(key); sshbuf_free(kbuf); sshbuf_free(attest); sshbuf_free(challenge); free(provider); free(application); + if (pin != NULL) + freezero(pin, strlen(pin)); return resp; } @@ -157,8 +205,7 @@ process_load_resident(struct sshbuf *req) struct sshkey **keys = NULL; size_t nkeys = 0, i; - if ((resp = sshbuf_new()) == NULL || - (kbuf = sshbuf_new()) == NULL) + if ((kbuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || @@ -167,9 +214,22 @@ process_load_resident(struct sshbuf *req) if (sshbuf_len(req) != 0) fatal("%s: trailing data in request", __progname); - if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) - fatal("%s: sshsk_load_resident failed: %s", - __progname, ssh_err(r)); + if (*pin == 0) { + free(pin); + pin = NULL; + } + + if ((r = sshsk_load_resident(provider, pin, &keys, &nkeys)) != 0) { + resp = reply_error(r, " sshsk_load_resident failed: %s", + ssh_err(r)); + goto out; + } + + if ((resp = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __progname); + + if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0) + fatal("%s: buffer error: %s", __progname, ssh_err(r)); for (i = 0; i < nkeys; i++) { debug("%s: key %zu %s %s", __func__, i, @@ -183,12 +243,14 @@ process_load_resident(struct sshbuf *req) fatal("%s: buffer error: %s", __progname, ssh_err(r)); } + out: for (i = 0; i < nkeys; i++) sshkey_free(keys[i]); free(keys); sshbuf_free(kbuf); free(provider); - freezero(pin, strlen(pin)); + if (pin != NULL) + freezero(pin, strlen(pin)); return resp; } diff --git a/ssh-sk.c b/ssh-sk.c index d48f34e30..a5d3c64d2 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.20 2019/12/30 09:21:16 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.21 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -53,13 +53,14 @@ struct sshsk_provider { /* Enroll a U2F key (private key generation) */ int (*sk_enroll)(int alg, const uint8_t *challenge, size_t challenge_len, const char *application, uint8_t flags, - struct sk_enroll_response **enroll_response); + const char *pin, struct sk_enroll_response **enroll_response); /* Sign a challenge */ int (*sk_sign)(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, + struct sk_sign_response **sign_response); /* Enumerate resident keys */ int (*sk_load_resident_keys)(const char *pin, @@ -69,11 +70,11 @@ struct sshsk_provider { /* Built-in version */ int ssh_sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, const char *application, uint8_t flags, - struct sk_enroll_response **enroll_response); + const char *pin, struct sk_enroll_response **enroll_response); int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, struct sk_sign_response **sign_response); int ssh_sk_load_resident_keys(const char *pin, struct sk_resident_key ***rks, size_t *nrks); @@ -326,8 +327,8 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags, int sshsk_enroll(int type, const char *provider_path, const char *application, - uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, - struct sshbuf *attest) + uint8_t flags, const char *pin, struct sshbuf *challenge_buf, + struct sshkey **keyp, struct sshbuf *attest) { struct sshsk_provider *skp = NULL; struct sshkey *key = NULL; @@ -339,8 +340,9 @@ sshsk_enroll(int type, const char *provider_path, const char *application, int alg; debug("%s: provider \"%s\", application \"%s\", flags 0x%02x, " - "challenge len %zu", __func__, provider_path, application, - flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf)); + "challenge len %zu%s", __func__, provider_path, application, + flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf), + (pin != NULL && *pin != '\0') ? " with-pin" : ""); *keyp = NULL; if (attest) @@ -391,7 +393,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application, /* XXX validate flags? */ /* enroll key */ if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, - flags, &resp)) != 0) { + flags, pin, &resp)) != 0) { error("Security key provider %s returned failure %d", provider_path, r); r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */ @@ -504,7 +506,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) int sshsk_sign(const char *provider_path, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - u_int compat) + u_int compat, const char *pin) { struct sshsk_provider *skp = NULL; int r = SSH_ERR_INTERNAL_ERROR; @@ -513,8 +515,9 @@ sshsk_sign(const char *provider_path, struct sshkey *key, struct sshbuf *inner_sig = NULL, *sig = NULL; uint8_t message[32]; - debug("%s: provider \"%s\", key %s, flags 0x%02x", __func__, - provider_path, sshkey_type(key), key->sk_flags); + debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, + provider_path, sshkey_type(key), key->sk_flags, + (pin != NULL && *pin != '\0') ? " with-pin" : ""); if (sigp != NULL) *sigp = NULL; @@ -554,7 +557,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, if ((r = skp->sk_sign(alg, message, sizeof(message), key->sk_application, sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), - key->sk_flags, &resp)) != 0) { + key->sk_flags, pin, &resp)) != 0) { debug("%s: sk_sign failed with code %d", __func__, r); goto out; } diff --git a/ssh-sk.h b/ssh-sk.h index 1afe839db..348759a98 100644 --- a/ssh-sk.h +++ b/ssh-sk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.7 2019/12/30 09:21:16 djm Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.8 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -21,6 +21,15 @@ struct sshbuf; struct sshkey; +/* Version of protocol expected from ssh-sk-helper */ +#define SSH_SK_HELPER_VERSION 3 + +/* ssh-sk-helper messages */ +#define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ +#define SSH_SK_HELPER_SIGN 1 +#define SSH_SK_HELPER_ENROLL 2 +#define SSH_SK_HELPER_LOAD_RESIDENT 3 + /* * Enroll (generate) a new security-key hosted private key of given type * via the specified provider middleware. @@ -32,8 +41,8 @@ struct sshkey; * information is placed there. */ int sshsk_enroll(int type, const char *provider_path, const char *application, - uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, - struct sshbuf *attest); + uint8_t flags, const char *pin, struct sshbuf *challenge_buf, + struct sshkey **keyp, struct sshbuf *attest); /* * Calculate an ECDSA_SK or ED25519_SK signature using the specified key @@ -43,7 +52,7 @@ int sshsk_enroll(int type, const char *provider_path, const char *application, */ int sshsk_sign(const char *provider_path, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - u_int compat); + u_int compat, const char *pin); /* * Enumerates and loads all SSH-compatible resident keys from a security diff --git a/sshkey.c b/sshkey.c index 3bab2e893..6ccd0e0b9 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.97 2019/12/13 19:09:10 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.98 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2765,7 +2765,7 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: r = sshsk_sign(sk_provider, key, sigp, lenp, data, - datalen, compat); + datalen, compat, /* XXX PIN */ NULL); break; #ifdef WITH_XMSS case KEY_XMSS: diff --git a/sshkey.h b/sshkey.h index 699c6b817..71a3fddcb 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.43 2019/12/30 09:21:59 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.44 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -51,14 +51,6 @@ #define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) -/* Version of protocol expected from ssh-sk-helper */ -#define SSH_SK_HELPER_VERSION 2 - -/* ssh-sk-helper messages */ -#define SSH_SK_HELPER_SIGN 1 -#define SSH_SK_HELPER_ENROLL 2 -#define SSH_SK_HELPER_LOAD_RESIDENT 3 - struct sshbuf; /* Key types */ -- cgit v1.2.3 From 4a05d789b86314fef7303824f69defbc6b96ed60 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 21 Jan 2020 05:56:56 +0000 Subject: upstream: fix ssh-keygen not displaying authenticator touch prompt; reported by jmc@ OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859 --- sshkey.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 6ccd0e0b9..57995ee68 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.98 2019/12/30 09:23:28 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2080,6 +2080,9 @@ sshkey_shield_private(struct sshkey *k) enc = prekey = NULL; /* transferred */ enclen = 0; + /* preserve key fields that are required for correct operation */ + k->sk_flags = kswap->sk_flags; + /* success */ r = 0; -- cgit v1.2.3