diff options
| author |   djm <djm@openbsd.org> | 2019-10-31 21:23:19 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2019-10-31 21:23:19 +0000 |
| commit | e3a62e69c8337933ee4e376a64c01c759045aa4b (patch) | |
| tree | 9365d610c3cdca7ba23a10a1770c908b0e833e57 | |
| parent | ssh-agent support for U2F/FIDO keys (diff) | |
| download | wireguard-openbsd-e3a62e69c8337933ee4e376a64c01c759045aa4b.tar.xz wireguard-openbsd-e3a62e69c8337933ee4e376a64c01c759045aa4b.zip | |
Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
| -rw-r--r-- | usr.bin/ssh/Makefile.inc | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/krl.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor_wrap.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor_wrap.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 18 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-sk-helper/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh/Makefile | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_api.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 17 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/sshkey.c | 26 | ||||
| -rw-r--r-- | usr.bin/ssh/sshkey.h | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/sshsig.c | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/sshsig.h | 11 |
20 files changed, 94 insertions, 86 deletions
diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 2b603ff1ada..9430a881aec 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.71 2019/10/31 21:16:20 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.72 2019/10/31 21:23:19 djm Exp $ .include <bsd.own.mk> @@ -71,6 +71,7 @@ SRCS_KEY+= ssh-ecdsa-sk.c SRCS_KEY+= ssh-rsa.c SRCS_KEY+= sshbuf-getput-crypto.c SRCS_KEY+= digest-openssl.c +SRCS_KEY+= ssh-sk.c .else SRCS_KEY+= cipher-aesctr.c SRCS_KEY+= rijndael.c @@ -111,12 +112,10 @@ SRCS_UTL+= match.c SRCS_PKCS11+= ssh-pkcs11.c SRCS_PKCS11_CLIENT+= ssh-pkcs11-client.c SRCS_MODULI+= moduli.c -SRCS_SK+= ssh-sk.c .else SRCS_PKCS11+= SRCS_PKCS11_CLIENT+= SRCS_MODULI+= -SRCS_SK+= .endif WITH_XMSS?= no diff --git a/usr.bin/ssh/krl.c b/usr.bin/ssh/krl.c index 0edba9a0265..212ea198ae6 100644 --- a/usr.bin/ssh/krl.c +++ b/usr.bin/ssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.45 2019/10/31 21:23:19 djm Exp $ */ #include <sys/types.h> #include <sys/tree.h> @@ -811,7 +811,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, goto out; if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, - sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) + sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0) goto out; KRL_DBG(("%s: signature sig len %zu", __func__, slen)); if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index fafc6669537..a4f6d1dfe16 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.200 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -612,7 +612,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, - compat)) != 0) + NULL, compat)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 57ebd082bf3..71bb86fac6a 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.114 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -210,7 +210,8 @@ mm_choose_dh(int min, int nbits, int max) int mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) + const u_char *data, size_t datalen, const char *hostkey_alg, + const char *sk_provider, u_int compat) { struct kex *kex = *pmonitor->m_pkex; struct sshbuf *m; @@ -218,7 +219,8 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, int r; debug3("%s entering", __func__); - + if (sk_provider != NULL) + fatal("%s: sk_provider != NULL", __func__); if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshbuf_put_u32(m, ndx)) != 0 || diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h index 08620f918da..c1efc879ede 100644 --- a/usr.bin/ssh/monitor_wrap.h +++ b/usr.bin/ssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.42 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.43 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -45,7 +45,7 @@ int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); #endif int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int compat); + const u_char *, size_t, const char *, const char *, u_int compat); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); diff --git a/usr.bin/ssh/ssh-add/Makefile b/usr.bin/ssh/ssh-add/Makefile index 265fe983698..61cd7054361 100644 --- a/usr.bin/ssh/ssh-add/Makefile +++ b/usr.bin/ssh/ssh-add/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.26 2019/10/31 21:19:56 djm Exp $ +# $OpenBSD: Makefile,v 1.27 2019/10/31 21:23:19 djm Exp $ .PATH: ${.CURDIR}/.. SRCS= ssh-add.c SRCS+= atomicio.c authfd.c cleanup.c fatal.c readpass.c -SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} ${SRCS_SK} +SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} PROG= ssh-add diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 7dd2eb1ee8a..4b844d58a96 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.238 2019/10/31 21:22:01 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.239 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -415,12 +415,13 @@ process_sign_request2(SocketEntry *e) if ((r = provider_sign(id->sk_provider, id->key, &signature, &slen, data, dlen, agent_decode_alg(key, flags), compat)) != 0) { - error("%s: sshkey_sign: %s", __func__, ssh_err(r)); + error("%s: sign: %s", __func__, ssh_err(r)); goto send; } } else { if ((r = sshkey_sign(id->key, &signature, &slen, - data, dlen, agent_decode_alg(key, flags), compat)) != 0) { + data, dlen, agent_decode_alg(key, flags), + NULL, compat)) != 0) { error("%s: sshkey_sign: %s", __func__, ssh_err(r)); goto send; } diff --git a/usr.bin/ssh/ssh-agent/Makefile b/usr.bin/ssh/ssh-agent/Makefile index a34925f57a6..df8972ac9cc 100644 --- a/usr.bin/ssh/ssh-agent/Makefile +++ b/usr.bin/ssh/ssh-agent/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.33 2019/10/31 21:22:01 djm Exp $ +# $OpenBSD: Makefile,v 1.34 2019/10/31 21:23:19 djm Exp $ .PATH: ${.CURDIR}/.. SRCS= ssh-agent.c ${SRCS_PKCS11_CLIENT} SRCS+= atomicio.c compat.c fatal.c readpass.c msg.c -SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} ${SRCS_SK} +SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} PROG= ssh-agent BINOWN= root diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 7f97e78ef34..5b4012191b4 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.357 2019/10/31 21:17:09 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.358 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -562,8 +562,10 @@ do_convert_private_ssh2(struct sshbuf *b) error("%s: remaining bytes in key blob %d", __func__, rlen); /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { + if (sshkey_sign(key, &sig, &slen, data, sizeof(data), + NULL, NULL, 0) != 0 || + sshkey_verify(key, sig, slen, data, sizeof(data), + NULL, 0) != 0) { sshkey_free(key); free(sig); return NULL; @@ -1688,7 +1690,7 @@ load_pkcs11_key(char *path) static int agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) + const char *alg, const char *sk_provider, u_int compat, void *ctx) { int *agent_fdp = (int *)ctx; @@ -1800,11 +1802,13 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { if ((r = sshkey_certify_custom(public, ca, - key_type_name, agent_signer, &agent_fd)) != 0) + key_type_name, sk_provider, agent_signer, + &agent_fd)) != 0) fatal("Couldn't certify key %s via agent: %s", tmp, ssh_err(r)); } else { - if ((sshkey_certify(public, ca, key_type_name)) != 0) + if ((sshkey_certify(public, ca, key_type_name, + sk_provider)) != 0) fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); } @@ -2488,7 +2492,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, else fprintf(stderr, "Signing file %s\n", filename); } - if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, + if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) { error("Signing %s failed: %s", filename, ssh_err(r)); goto out; diff --git a/usr.bin/ssh/ssh-keygen/Makefile b/usr.bin/ssh/ssh-keygen/Makefile index ad41fb96584..6fbae1f8213 100644 --- a/usr.bin/ssh/ssh-keygen/Makefile +++ b/usr.bin/ssh/ssh-keygen/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.33 2019/10/31 21:17:09 djm Exp $ +# $OpenBSD: Makefile,v 1.34 2019/10/31 21:23:19 djm Exp $ .PATH: ${.CURDIR}/.. @@ -6,7 +6,7 @@ SRCS= ssh-keygen.c ${SRCS_MODULI} SRCS+= atomicio.c authfd.c cleanup.c dns.c fatal.c hmac.c hostfile.c \ readpass.c utf8.c sshsig.c SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} \ - ${SRCS_PKCS11} ${SRCS_SK} + ${SRCS_PKCS11} PROG= ssh-keygen diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 0c4ef6a41f6..49271a24bc9 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.61 2019/10/02 00:42:30 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.62 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -272,8 +272,8 @@ main(int argc, char **argv) sshkey_type(key), fp ? fp : ""); } - if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) - != 0) + if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, + NULL, NULL, 0)) != 0) fatal("sshkey_sign failed: %s", ssh_err(r)); free(data); diff --git a/usr.bin/ssh/ssh-sk-helper/Makefile b/usr.bin/ssh/ssh-sk-helper/Makefile index cf5883491dd..c1c657c7619 100644 --- a/usr.bin/ssh/ssh-sk-helper/Makefile +++ b/usr.bin/ssh/ssh-sk-helper/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.1 2019/10/31 21:22:01 djm Exp $ +# $OpenBSD: Makefile,v 1.2 2019/10/31 21:23:19 djm Exp $ .PATH: ${.CURDIR}/.. SRCS= ssh-sk-helper.c SRCS+= atomicio.c fatal.c cleanup.c msg.c -SRCS+= ${SRCS_KEY} ${SRCS_UTL} ${SRCS_BASE} ${SRCS_SK} +SRCS+= ${SRCS_KEY} ${SRCS_UTL} ${SRCS_BASE} PROG= ssh-sk-helper diff --git a/usr.bin/ssh/ssh/Makefile b/usr.bin/ssh/ssh/Makefile index f060401dcb9..a7887a86dbc 100644 --- a/usr.bin/ssh/ssh/Makefile +++ b/usr.bin/ssh/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.76 2019/10/31 21:18:28 djm Exp $ +# $OpenBSD: Makefile,v 1.77 2019/10/31 21:23:19 djm Exp $ .PATH: ${.CURDIR}/.. @@ -6,8 +6,7 @@ SRCS= ssh.c readconf.c clientloop.c sshtty.c sshconnect.c sshconnect2.c mux.c SRCS+= atomicio.c authfd.c compat.c dns.c fatal.c \ hostfile.c msg.c readpass.c utf8.c SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXC} ${SRCS_KEY} ${SRCS_KEYP} \ - ${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11} \ - ${SRCS_SK} + ${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11} PROG= ssh diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 511c034acaa..7d25da36c1c 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.19 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -50,7 +50,7 @@ int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, */ int use_privsep = 0; int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, - u_char *, u_int, char *, u_int); + const u_char *, u_int, const char *, const char *, u_int); #ifdef WITH_OPENSSL DH *mm_choose_dh(int, int, int); @@ -62,7 +62,8 @@ u_int session_id2_len = 0; int mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen, char *alg, u_int compat) + const u_char *data, u_int datalen, const char *alg, const char *sk_provider, + u_int compat) { return (-1); } @@ -562,5 +563,5 @@ _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, const u_char *data, size_t dlen, const char *alg) { return sshkey_sign(privkey, signature, slen, data, dlen, - alg, ssh->compat); + alg, NULL, ssh->compat); } diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 87acf9a72d1..87951e809cf 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1170,19 +1170,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, } sign_key = prv; } - - if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) { - if (options.sk_provider == NULL) { - /* Shouldn't happen here; checked in pubkey_prepare() */ - fatal("%s: missing SecurityKeyProvider", __func__); - } - if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key, - sigp, lenp, data, datalen, compat)) != 0) { - debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r)); - goto out; - } - } else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, - alg, compat)) != 0) { + if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, + alg, options.sk_provider, compat)) != 0) { debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); goto out; } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 3e42ce6b393..0414679f230 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.538 2019/10/29 07:47:27 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2028,17 +2028,17 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, if (use_privsep) { if (privkey) { if (mm_sshkey_sign(ssh, privkey, signature, slenp, - data, dlen, alg, ssh->compat) < 0) + data, dlen, alg, NULL, ssh->compat) < 0) fatal("%s: privkey sign failed", __func__); } else { if (mm_sshkey_sign(ssh, pubkey, signature, slenp, - data, dlen, alg, ssh->compat) < 0) + data, dlen, alg, NULL, ssh->compat) < 0) fatal("%s: pubkey sign failed", __func__); } } else { if (privkey) { if (sshkey_sign(privkey, signature, slenp, data, dlen, - alg, ssh->compat) < 0) + alg, NULL, ssh->compat) < 0) fatal("%s: privkey sign failed", __func__); } else { if ((r = ssh_agent_sign(auth_sock, pubkey, diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index 4c6caacf998..da08a7f0801 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.85 2019/10/31 21:15:14 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.86 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -52,6 +52,7 @@ #define SSHKEY_INTERNAL #include "sshkey.h" #include "match.h" +#include "ssh-sk.h" #ifdef WITH_XMSS #include "sshkey-xmss.h" @@ -2611,7 +2612,8 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, int sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg, u_int compat) + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, u_int compat) { int was_shielded = sshkey_is_shielded(key); int r2, r = SSH_ERR_INTERNAL_ERROR; @@ -2634,6 +2636,11 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA: r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); break; + case KEY_ECDSA_SK_CERT: + case KEY_ECDSA_SK: + r = sshsk_ecdsa_sign(sk_provider, key, sigp, lenp, + data, datalen, compat); + break; case KEY_RSA_CERT: case KEY_RSA: r = ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); @@ -2751,7 +2758,7 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, - sshkey_certify_signer *signer, void *signer_ctx) + const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2881,7 +2888,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, /* Sign the whole mess */ if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, 0, signer_ctx)) != 0) + sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0) goto out; /* Check and update signature_type against what was actually used */ if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) @@ -2911,17 +2918,20 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, static int default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, u_int compat, void *ctx) + const char *alg, const char *sk_provider, u_int compat, void *ctx) { if (ctx != NULL) return SSH_ERR_INVALID_ARGUMENT; - return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); + return sshkey_sign(key, sigp, lenp, data, datalen, alg, + sk_provider, compat); } int -sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, + const char *sk_provider) { - return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); + return sshkey_certify_custom(k, ca, alg, sk_provider, + default_key_sign, NULL); } int diff --git a/usr.bin/ssh/sshkey.h b/usr.bin/ssh/sshkey.h index bec1a338955..c5f0d085280 100644 --- a/usr.bin/ssh/sshkey.h +++ b/usr.bin/ssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.35 2019/10/31 21:15:14 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.36 2019/10/31 21:23:19 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -183,12 +183,13 @@ size_t sshkey_format_cert_validity(const struct sshkey_cert *, char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); int sshkey_check_cert_sigtype(const struct sshkey *, const char *); -int sshkey_certify(struct sshkey *, struct sshkey *, const char *); +int sshkey_certify(struct sshkey *, struct sshkey *, + const char *, const char *); /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int, void *); + const u_char *, size_t, const char *, const char *, u_int, void *); int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, - sshkey_certify_signer *, void *); + const char *, sshkey_certify_signer *, void *); int sshkey_ecdsa_nid_from_name(const char *); int sshkey_curve_name_to_nid(const char *); @@ -217,7 +218,7 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); int sshkey_sign(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); + const u_char *, size_t, const char *, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); int sshkey_check_sigtype(const u_char *, size_t, const char *); diff --git a/usr.bin/ssh/sshsig.c b/usr.bin/ssh/sshsig.c index b44e964d999..5fe11f248c2 100644 --- a/usr.bin/ssh/sshsig.c +++ b/usr.bin/ssh/sshsig.c @@ -149,8 +149,9 @@ done: static int sshsig_wrap_sign(struct sshkey *key, const char *hashalg, - const struct sshbuf *h_message, const char *sig_namespace, - struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) + const char *sk_provider, const struct sshbuf *h_message, + const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx) { int r; size_t slen = 0; @@ -182,14 +183,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if (signer != NULL) { if ((r = signer(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0, signer_ctx)) != 0) { + sign_alg, sk_provider, 0, signer_ctx)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } } else { if ((r = sshkey_sign(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0)) != 0) { + sign_alg, sk_provider, 0)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } @@ -423,7 +424,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) } int -sshsig_signb(struct sshkey *key, const char *hashalg, +sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, const struct sshbuf *message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -438,8 +439,8 @@ sshsig_signb(struct sshkey *key, const char *hashalg, error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); goto out; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; @@ -549,7 +550,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) } int -sshsig_sign_fd(struct sshkey *key, const char *hashalg, +sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, int fd, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -564,8 +565,8 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, error("%s: hash_file failed: %s", __func__, ssh_err(r)); return r; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; diff --git a/usr.bin/ssh/sshsig.h b/usr.bin/ssh/sshsig.h index e3eeb601bd1..487db116c17 100644 --- a/usr.bin/ssh/sshsig.h +++ b/usr.bin/ssh/sshsig.h @@ -22,7 +22,7 @@ struct sshkey; struct sshsigopt; typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int, void *); + const u_char *, size_t, const char *, const char *, u_int, void *); /* Buffer-oriented API */ @@ -32,8 +32,9 @@ typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, * out is populated with the detached signature, or NULL on failure. */ int sshsig_signb(struct sshkey *key, const char *hashalg, - const struct sshbuf *message, const char *sig_namespace, - struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); + const char *sk_provider, const struct sshbuf *message, + const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx); /* * Verifies that a detached signature is valid and optionally returns key @@ -52,8 +53,8 @@ int sshsig_verifyb(struct sshbuf *signature, * out is populated with the detached signature, or NULL on failure. */ int sshsig_sign_fd(struct sshkey *key, const char *hashalg, - int fd, const char *sig_namespace, struct sshbuf **out, - sshsig_signer *signer, void *signer_ctx); + const char *sk_provider, int fd, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); /* * Verifies that a detached signature over a file is valid and optionally |