![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.46 / (download) - annotate - [select for diffs], Tue Mar 28 06:12:38 2023 UTC (13 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.45: +1 -9 lines
Diff to previous 1.45 (colored)
Remove compatibility code for OpenSSL versions prior to 1.1.* since -portable no longer supports them.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Sep 14 00:14:37 2022 UTC (20 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.44: +1 -9 lines
Diff to previous 1.44 (colored)
sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen
Revision 1.44 / (download) - annotate - [select for diffs], Fri Sep 2 04:20:02 2022 UTC (20 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.43: +11 -2 lines
Diff to previous 1.43 (colored)
sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
Revision 1.43 / (download) - annotate - [select for diffs], Fri Aug 19 05:53:28 2022 UTC (20 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.42: +1 -5 lines
Diff to previous 1.42 (colored)
remove incorrect check that can break enrolling a resident key (introduced in r1.40)
Revision 1.42 / (download) - annotate - [select for diffs], Wed Aug 17 06:01:57 2022 UTC (21 months ago) by djm
Branch: MAIN
Changes since 1.41: +6 -6 lines
Diff to previous 1.41 (colored)
add an extra flag to sk_probe() to indicate whether we're probing for a FIDO resident key or not. Unused here, but will make like easier for portable
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jul 20 03:31:42 2022 UTC (21 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
sk-usbhid: preserve error code returned by key_lookup() it conveys useful information, such as the supplied pin being wrong. Part of GHPR329 from Pedro Martelletto
Revision 1.40 / (download) - annotate - [select for diffs], Wed Jul 20 03:29:14 2022 UTC (21 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.39: +69 -2 lines
Diff to previous 1.39 (colored)
when enrolling a resident key on a security token, check if a credential with matching application and user ID strings already exists. if so, prompt the user for confirmation before overwriting the credential. patch from Pedro Martelletto via GHPR329 NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware implementations will need to adjust
Revision 1.39 / (download) - annotate - [select for diffs], Fri Apr 29 03:16:48 2022 UTC (2 years ago) by dtucker
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
Don't leak SK device. Patch from Pedro Martelletto via github PR#316. ok djm@
Revision 1.38 / (download) - annotate - [select for diffs], Mon Feb 7 01:25:12 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.37: +12 -53 lines
Diff to previous 1.37 (colored)
use libfido2 1.8.0+ fido_assert_set_clientdata() instead of manually hashing data outselves. Saves a fair bit of code and makes life easier for some -portable platforms.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Dec 7 22:06:45 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.36: +4 -1 lines
Diff to previous 1.36 (colored)
better error message for FIDO keys when we can't match them to a token
Revision 1.36 / (download) - annotate - [select for diffs], Thu Dec 2 23:23:13 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.35: +4 -2 lines
Diff to previous 1.35 (colored)
improve the testing of credentials against inserted FIDO keys a little more: ask the token whether a particular key belongs to it in cases where the token support on-token user- verification (e.g. biometrics) rather than just assuming that it will accept it. Will reduce spurious "Confirm user presence" notifications for key handles that relate to FIDO keys that are not currently inserted in at least some cases. Motivated by bz3366; by Pedro Martelletto
Revision 1.35 / (download) - annotate - [select for diffs], Thu Dec 2 22:40:05 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.34: +43 -43 lines
Diff to previous 1.34 (colored)
move check_sk_options() up so we can use it earlier
Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 3 22:00:56 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)
Many downstreams expect ssh to compile as non-C99...
Revision 1.33 / (download) - annotate - [select for diffs], Tue Nov 2 22:56:40 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.32: +78 -9 lines
Diff to previous 1.32 (colored)
Better handle FIDO keys on tokens that provide user verification (UV) on the device itself, including biometric keys. Query the token during key creation to determine whether it supports on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag in the key so that ssh(1) doesn't automatically prompty for PIN later. When making signatures with the key, query the token's capabilities again and check whether the token is able (right now) to perform user- verification without a PIN. If it is then the PIN prompt is bypassed and user verification delegated to the token. If not (e.g. the token is biometric capable, but no biometric are enrolled), then fall back to user verification via the usual PIN prompt. Work by Pedro Martelletto; ok myself and markus@ NB. cranks SSH_SK_VERSION_MAJOR
Revision 1.32 / (download) - annotate - [select for diffs], Thu Oct 28 02:54:18 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.31: +26 -9 lines
Diff to previous 1.31 (colored)
When downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. feedback Pedro Martelletto; ok markus NB. increments SSH_SK_VERSION_MAJOR
Revision 1.31 / (download) - annotate - [select for diffs], Fri Oct 1 04:50:36 2021 UTC (2 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.30: +6 -2 lines
Diff to previous 1.30 (colored)
unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; ok dtucker@
Revision 1.30 / (download) - annotate - [select for diffs], Mon May 31 06:48:42 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.29: +9 -4 lines
Diff to previous 1.29 (colored)
Hash challenge supplied by client during FIDO key enrollment prior to passing it to libfido2, which does expect a hash. There is no effect for users who are simply generating FIDO keys using ssh-keygen - by default we generate a random 256 bit challenge, but people building attestation workflows around our tools should now have a more consistent experience (esp. fewer failures when they fail to guess the magic 32-byte challenge length requirement). ok markus@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Feb 18 02:15:07 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
make names in function prototypes match those in definition from https://github.com/openssh/openssh-portable/pull/225 by ZenithalHourlyRate
Revision 1.28 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Oct 3 03:40:38 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
want time.h here too
Revision 1.26 / (download) - annotate - [select for diffs], Wed Sep 9 03:08:01 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.25: +12 -1 lines
Diff to previous 1.25 (colored)
when writing an attestation blob for a FIDO key, record all the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Aug 31 00:17:41 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.24: +1 -0 lines
Diff to previous 1.24 (colored)
Add RCS IDs to the few files that are missing them; from Pedro Martelletto
Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 27 09:43:28 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.23: +8 -1 lines
Diff to previous 1.23 (colored)
skip a bit more FIDO token selection logic when only a single token is attached. with Pedro Martelletto
Revision 1.23 / (download) - annotate - [select for diffs], Thu Aug 27 01:08:19 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.22: +4 -2 lines
Diff to previous 1.22 (colored)
preserve verify-required for resident FIDO keys When downloading a resident, verify-required key from a FIDO token, preserve the verify-required in the private key that is written to disk. Previously we weren't doing that because of lack of support in the middleware API. from Pedro Martelletto; ok markus@ and myself
Revision 1.22 / (download) - annotate - [select for diffs], Thu Aug 27 01:07:51 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.21: +326 -252 lines
Diff to previous 1.21 (colored)
major rework of FIDO token selection logic When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.20: +26 -12 lines
Diff to previous 1.20 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 13 22:38:41 2020 UTC (4 years ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
we are still aiming for pre-C99 ...
Revision 1.19 / (download) - annotate - [select for diffs], Wed May 13 10:08:02 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.18: +57 -0 lines
Diff to previous 1.18 (colored)
Enable credProtect extension when generating a resident key. The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" feature to better protect resident keys. This option allows (amone other possibilities) requiring a PIN prior to all operations that may retrieve the key handle. Patch by Pedro Martelletto; ok djm and markus
Revision 1.18 / (download) - annotate - [select for diffs], Wed May 13 09:57:17 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.17: +11 -6 lines
Diff to previous 1.17 (colored)
always call fido_init(); previous behaviour only called fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but this isn't guaranteed in the future.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 28 04:02:29 2020 UTC (4 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.16: +32 -3 lines
Diff to previous 1.16 (colored)
when signing a challenge using a FIDO toke, perform the hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jan 28 08:01:34 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.15: +1 -0 lines
Diff to previous 1.15 (colored)
changes to support FIDO attestation Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jan 25 23:13:09 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.14: +27 -72 lines
Diff to previous 1.14 (colored)
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 6 02:39:30 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)
missing else in check_enroll_options()
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 6 02:24:28 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.12: +1 -2 lines
Diff to previous 1.12 (colored)
fix error message
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 6 02:00:46 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.11: +152 -42 lines
Diff to previous 1.11 (colored)
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Dec 30 09:24:45 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.10: +32 -17 lines
Diff to previous 1.10 (colored)
translate and return error codes; retry on bad PIN Define some well-known error codes in the SK API and pass them back via ssh-sk-helper. Use the new "wrong PIN" error code to retry PIN prompting during ssh-keygen of resident keys. feedback and ok markus@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Dec 30 09:23:28 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.9: +5 -5 lines
Diff to previous 1.9 (colored)
SK API and sk-helper error/PIN passing Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Dec 30 09:21:16 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.8: +232 -6 lines
Diff to previous 1.8 (colored)
resident keys support in SK API Adds a sk_load_resident_keys() function to the security key API that accepts a security key provider and a PIN and returns a list of keys. Implement support for this in the usbhid middleware. feedback and ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Dec 30 09:19:52 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.7: +8 -2 lines
Diff to previous 1.7 (colored)
basic support for generating FIDO2 resident keys "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a device-resident key. feedback and ok markus@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Nov 18 16:08:57 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.6: +12 -0 lines
Diff to previous 1.6 (colored)
add the missing WITH_OPENSSL ifdefs after the ED25519-SK addition; ok djm@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Nov 15 15:41:01 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)
fix typos in sk_enroll
Revision 1.5 / (download) - annotate - [select for diffs], Fri Nov 15 06:00:20 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.4: +7 -8 lines
Diff to previous 1.4 (colored)
remove most uses of BN_CTX We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Nov 15 05:26:56 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
rewrite c99-ism
Revision 1.3 / (download) - annotate - [select for diffs], Fri Nov 15 03:41:57 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.2: +4 -0 lines
Diff to previous 1.2 (colored)
U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when probed to see if they own a key handle. Handle this case so the find_device() look can work for them. Reported by Michael Forney
Revision 1.2 / (download) - annotate - [select for diffs], Fri Nov 15 02:20:06 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
correct function name in debug message
Revision 1.1 / (download) - annotate - [select for diffs], Thu Nov 14 21:27:30 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
directly support U2F/FIDO2 security keys in OpenSSH by linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.