Commit Graph

23 Commits

Author SHA1 Message Date
guenther@openbsd.org 51875897b8
upstream: Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@

OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
2023-03-08 17:26:53 +11:00
djm@openbsd.org 2726764269
upstream: refactor sshkey_private_deserialize
feedback/ok markus@

OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
2022-10-28 12:47:01 +11:00
djm@openbsd.org 2519a7077a
upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@

OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
2022-10-28 12:47:01 +11:00
djm@openbsd.org 3fbc58bb24
upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@

OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
2022-10-28 12:47:00 +11:00
djm@openbsd.org a1deb6cdbb
upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@

OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
2022-10-28 12:46:59 +11:00
djm@openbsd.org 7d00799c93
upstream: refactor sshkey_from_private()
feedback/ok markus@

OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
2022-10-28 12:46:59 +11:00
djm@openbsd.org 262647c2e9
upstream: factor out key generation
feedback/ok markus@

OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
2022-10-28 12:46:58 +11:00
djm@openbsd.org 591fed94e6
upstream: factor out public key serialization
feedback/ok markus@

OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
2022-10-28 12:46:57 +11:00
djm@openbsd.org 1e78844ae2
upstream: factor out sshkey_equal_public()
feedback/ok markus@

OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
2022-10-28 12:46:56 +11:00
djm@openbsd.org 25de1c01a8
upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.

lots of feedback + ok markus@

OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
2022-10-28 12:46:56 +11:00
djm@openbsd.org 37f2da069c upstream: some clarifying comments
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
2020-06-26 15:18:07 +10:00
djm@openbsd.org bb52e70fa5 upstream: Add support for FIDO webauthn (verification only).
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@

OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
2020-06-22 16:27:27 +10:00
djm@openbsd.org 64bc121097 upstream: refactor ECDSA-SK verification a little ahead of adding
support for FIDO webauthn signature verification support; ok markus@

OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
2020-06-22 16:11:14 +10:00
Ruben Kerkhof 0488dc2d30 Fix building without openssl.
This fixes the following when there are no openssl headers on the system:
ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
2020-01-20 21:14:46 +11:00
Darren Tucker fff8ff6dd5 Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.
Fixes build when linking against OpenSSLs built with no-ec.
2019-12-15 18:27:02 +11:00
Damien Miller 9244990ecd remove a bunch of ENABLE_SK #ifdefs
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.

Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
2019-12-14 09:21:46 +11:00
djm@openbsd.org e0d38ae9bc upstream: more debugging; behind DEBUG_SK
OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
2019-11-27 10:44:29 +11:00
djm@openbsd.org b7e74ea072 upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25 12:23:33 +11:00
djm@openbsd.org d2b0f88178 upstream: memleak in error path
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
2019-11-25 12:22:43 +11:00
Darren Tucker 2f95d43dc2 Include openssl compat header.
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
2019-11-20 16:34:11 +11:00
djm@openbsd.org a70d92f236 upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne

NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.

OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
2019-11-20 09:27:29 +11:00
Damien Miller 764d51e044 autoconf pieces for U2F support
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
2019-11-01 13:35:34 +11:00
djm@openbsd.org 02bb0768a9 upstream: Initial infrastructure for U2F/FIDO support
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01 09:46:08 +11:00