Commit Graph

44 Commits

Author SHA1 Message Date
djm@openbsd.org 29ef8a0486
upstream: Ensure FIDO/PKCS11 libraries contain expected symbols
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.

Feedback deraadt; ok markus

OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe
2023-07-20 00:21:31 +10:00
djm@openbsd.org 9ab929ca2d upstream: when enrolling a resident key on a security token, check
if a credential with matching application and user ID strings already exists.
if so, prompt the user for confirmation before overwriting the credential.

patch from Pedro Martelletto via GHPR329

NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
implementations will need to adjust

OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
2022-07-20 13:38:47 +10:00
Damien Miller 7d25b37fb2 fix possible NULL deref when built without FIDO
Analysis/fix from kircher in bz3443; ok dtucker@
2022-06-24 13:46:39 +10:00
djm@openbsd.org 52423f64e1 upstream: ssh-sk: free a resident key's user id
From Pedro Martelletto; ok dtucker & me

OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9
2022-01-14 14:40:40 +11:00
djm@openbsd.org f3c34df860 upstream: Better handle FIDO keys on tokens that provide user
verification (UV) on the device itself, including biometric keys.

Query the token during key creation to determine whether it supports
on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag
in the key so that ssh(1) doesn't automatically prompty for PIN later.

When making signatures with the key, query the token's capabilities
again and check whether the token is able (right now) to perform user-
verification without a PIN. If it is then the PIN prompt is bypassed
and user verification delegated to the token. If not (e.g. the token
is biometric capable, but no biometric are enrolled), then fall back
to user verification via the usual PIN prompt.

Work by Pedro Martelletto; ok myself and markus@

NB. cranks SSH_SK_VERSION_MAJOR

OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27
2021-11-03 10:07:23 +11:00
djm@openbsd.org 0001d04e55 upstream: When downloading resident keys from a FIDO token, pass
back the user ID that was used when the key was created and append it to the
filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3
2021-10-28 13:56:59 +11:00
Damien Miller 872595572b fix FIDO key support for !OPENSSL_HAS_ECC case
ok dtucker
2021-10-01 16:36:24 +10:00
djm@openbsd.org 473201783f upstream: a bit more debugging behind #ifdef DEBUG_SK
OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993
2021-02-26 11:18:26 +11:00
djm@openbsd.org 88e3d4de31 upstream: unbreak SK_DEBUG builds
from https://github.com/openssh/openssh-portable/pull/225 by
ZenithalHourlyRate

OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb
2021-02-18 13:17:43 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org c767735241 upstream: when writing an attestation blob for a FIDO key, record all
the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.

spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@

OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
2020-09-09 13:11:34 +10:00
djm@openbsd.org b649b3daa6 upstream: preserve verify-required for resident FIDO keys
When downloading a resident, verify-required key from a FIDO token,
preserve the verify-required in the private key that is written to
disk. Previously we weren't doing that because of lack of support
in the middleware API.

from Pedro Martelletto; ok markus@ and myself

OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517
2020-08-27 11:28:36 +10:00
djm@openbsd.org 59d2de956e upstream: when signing a challenge using a FIDO toke, perform the
hashing in the middleware layer rather than in ssh code. This allows
middlewares that call APIs that perform the hashing implicitly (including
Microsoft's AFAIK). ok markus@

OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
2020-05-01 13:13:29 +10:00
markus@openbsd.org 1b378c0d98 upstream: return correct error in sshsk_ed25519_sig; ok djm
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625
2020-03-13 13:18:09 +11:00
djm@openbsd.org dd992520be upstream: better error message when trying to use a FIDO key
function and SecurityKeyProvider is empty

OpenBSD-Commit-ID: e56602c2ee8c82f835d30e4dc8ee2e4a7896be24
2020-02-28 12:27:41 +11:00
naddy@openbsd.org a47f6a6c0e upstream: Replace "security key" with "authenticator" in program
messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
djm@openbsd.org 24c0f752ad upstream: changes to support FIDO attestation
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.

Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.

ok markus@

OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
2020-01-29 18:52:55 +11:00
djm@openbsd.org 59d01f1d72 upstream: improve the error message for u2f enrollment errors by
making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to a useful
ssherr.h status code. more detail remains visible via -v of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
2020-01-26 10:18:42 +11:00
Darren Tucker 429170f273 Wrap stdint.h inside HAVE_STDINT_H. 2020-01-14 14:41:47 +11:00
djm@openbsd.org c312ca077c upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
2020-01-06 13:12:46 +11:00
djm@openbsd.org 43ce96427b upstream: translate and return error codes; retry on bad PIN
Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.

Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.

feedback and ok markus@

OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
2019-12-30 21:01:51 +11:00
djm@openbsd.org d433596736 upstream: improve some error messages; ok markus@
OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81
2019-12-30 21:00:42 +11:00
djm@openbsd.org c54cd1892c upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
2019-12-30 20:59:33 +11:00
djm@openbsd.org 14cea36df3 upstream: resident keys support in SK API
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.

Implement support for this in the usbhid middleware.

feedback and ok markus@

OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
2019-12-30 20:58:19 +11:00
djm@openbsd.org 2fe05fcb4a upstream: Factor out parsing of struct sk_enroll_response
We'll reuse this for extracting resident keys from a device.

feedback and ok markus@

OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273
2019-12-30 20:57:59 +11:00
djm@openbsd.org b52ec0ba39 upstream: use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
2019-12-14 07:17:44 +11:00
djm@openbsd.org d8b2838c5d upstream: remove stray semicolon after closing brace of function;
from Michael Forney

OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7
2019-11-28 09:38:11 +11:00
djm@openbsd.org a70d92f236 upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne

NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.

OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
2019-11-20 09:27:29 +11:00
naddy@openbsd.org 723a536986 upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
addition; ok djm@

OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
2019-11-20 09:26:59 +11:00
djm@openbsd.org 9a1225e8ca upstream: tweak debug message
OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9
2019-11-18 11:54:56 +11:00
djm@openbsd.org 4103a3ec7c upstream: a little debug() in the security key interface
OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8
2019-11-17 09:44:43 +11:00
djm@openbsd.org 6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
markus@openbsd.org dffd02e297 upstream: fix check for sig_s; noted by qsa at qualys.com
OpenBSD-Commit-ID: 34198084e4afb424a859f52c04bb2c9668a52867
2019-11-15 08:50:10 +11:00
djm@openbsd.org fccff339ca upstream: allow an empty attestation certificate returned by a
security key enrollment - these are possible for tokens that only offer self-
attestation. This also needs support from the middleware.

ok markus@

OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
2019-11-13 10:15:47 +11:00
markus@openbsd.org b556cc3cbf upstream: remove extra layer for ed25519 signature; ok djm@
OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47
2019-11-13 08:54:09 +11:00
markus@openbsd.org 3fcf69ace1 upstream: check sig_r and sig_s for ssh-sk keys; ok djm
OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc
2019-11-13 08:54:09 +11:00
markus@openbsd.org fd1a3b5e38 upstream: update sk-api to version 2 for ed25519 support; ok djm
OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a
2019-11-13 08:49:59 +11:00
markus@openbsd.org 7c32b51edb upstream: implement sshsk_ed25519_assemble(); ok djm
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
2019-11-13 08:49:52 +11:00
markus@openbsd.org fe05a36dc0 upstream: implement sshsk_ed25519_inner_sig(); ok djm
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
2019-11-13 08:49:52 +11:00
markus@openbsd.org e03a29e655 upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
2019-11-13 08:49:52 +11:00
markus@openbsd.org bc7b5d6187 upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@
OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
2019-11-13 08:48:48 +11:00
markus@openbsd.org cef84a062d upstream: factor out sshsk_ecdsa_assemble(); ok djm@
OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
2019-11-13 08:48:48 +11:00
Damien Miller 764d51e044 autoconf pieces for U2F support
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
2019-11-01 13:35:34 +11:00
djm@openbsd.org ed3467c1e1 upstream: U2F/FIDO middleware interface
Supports enrolling (generating) keys and signatures.

feedback & ok markus@

OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01 09:46:09 +11:00