diff options
| author |   djm <djm@openbsd.org> | 2020-08-27 01:06:18 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2020-08-27 01:06:18 +0000 |
| commit | 1f63d3c42be16452c97f44894c80b18dc54f3611 (patch) | |
| tree | 387ab4ad5c3dd6225a7cdf9b2934148a670872ad /usr.bin/ssh/sshkey.c | |
| parent | Improve detection of the proper boot device by picking the disk that (diff) | |
| download | wireguard-openbsd-1f63d3c42be16452c97f44894c80b18dc54f3611.tar.xz wireguard-openbsd-1f63d3c42be16452c97f44894c80b18dc54f3611.zip | |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
Diffstat (limited to 'usr.bin/ssh/sshkey.c')
| -rw-r--r-- | usr.bin/ssh/sshkey.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index 3b8e81c16f4..c795e3901ab 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.110 2020/06/24 15:07:33 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.111 2020/08/27 01:06:19 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2682,7 +2682,7 @@ int sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, const char *sk_provider, u_int compat) + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { int was_shielded = sshkey_is_shielded(key); int r2, r = SSH_ERR_INTERNAL_ERROR; @@ -2719,7 +2719,7 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA_SK_CERT: case KEY_ECDSA_SK: r = sshsk_sign(sk_provider, key, sigp, lenp, data, - datalen, compat, /* XXX PIN */ NULL); + datalen, compat, sk_pin); break; #ifdef WITH_XMSS case KEY_XMSS: @@ -2839,7 +2839,8 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, - const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx) + const char *sk_provider, const char *sk_pin, + sshkey_certify_signer *signer, void *signer_ctx) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2975,7 +2976,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, /* Sign the whole mess */ if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0) + sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) goto out; /* Check and update signature_type against what was actually used */ if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) @@ -3005,19 +3006,20 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, static int default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *alg, const char *sk_provider, u_int compat, void *ctx) + const char *alg, const char *sk_provider, const char *sk_pin, + u_int compat, void *ctx) { if (ctx != NULL) return SSH_ERR_INVALID_ARGUMENT; return sshkey_sign(key, sigp, lenp, data, datalen, alg, - sk_provider, compat); + sk_provider, sk_pin, compat); } int sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, - const char *sk_provider) + const char *sk_provider, const char *sk_pin) { - return sshkey_certify_custom(k, ca, alg, sk_provider, + return sshkey_certify_custom(k, ca, alg, sk_provider, sk_pin, default_key_sign, NULL); } |