Annotation of src/usr.bin/ssh/sk-usbhid.c, Revision 1.26
1.26 ! djm 1: /* $OpenBSD: sk-usbhid.c,v 1.25 2020/08/31 00:17:41 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2019 Markus Friedl
1.22 djm 4: * Copyright (c) 2020 Pedro Martelletto
1.1 djm 5: *
6: * Permission to use, copy, modify, and distribute this software for any
7: * purpose with or without fee is hereby granted, provided that the above
8: * copyright notice and this permission notice appear in all copies.
9: *
10: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: */
18:
19: #include <stdint.h>
20: #include <stdlib.h>
21: #include <string.h>
22: #include <stdio.h>
23: #include <stddef.h>
24: #include <stdarg.h>
1.17 djm 25: #include <sha2.h>
1.1 djm 26:
1.7 naddy 27: #ifdef WITH_OPENSSL
1.1 djm 28: #include <openssl/opensslv.h>
29: #include <openssl/crypto.h>
30: #include <openssl/bn.h>
31: #include <openssl/ec.h>
32: #include <openssl/ecdsa.h>
1.17 djm 33: #include <openssl/evp.h>
1.7 naddy 34: #endif /* WITH_OPENSSL */
1.1 djm 35:
36: #include <fido.h>
1.9 djm 37: #include <fido/credman.h>
1.1 djm 38:
39: #ifndef SK_STANDALONE
1.15 djm 40: # include "log.h"
41: # include "xmalloc.h"
1.22 djm 42: # include "misc.h"
1.15 djm 43: /*
44: * If building as part of OpenSSH, then rename exported functions.
45: * This must be done before including sk-api.h.
46: */
47: # define sk_api_version ssh_sk_api_version
48: # define sk_enroll ssh_sk_enroll
49: # define sk_sign ssh_sk_sign
50: # define sk_load_resident_keys ssh_sk_load_resident_keys
51: #endif /* !SK_STANDALONE */
52:
53: #include "sk-api.h"
1.1 djm 54:
55: /* #define SK_DEBUG 1 */
56:
1.18 djm 57: #ifdef SK_DEBUG
58: #define SSH_FIDO_INIT_ARG FIDO_DEBUG
59: #else
60: #define SSH_FIDO_INIT_ARG 0
61: #endif
62:
1.22 djm 63: #define MAX_FIDO_DEVICES 8
64: #define FIDO_POLL_MS 50
65: #define SELECT_MS 15000
66: #define POLL_SLEEP_NS 200000000
1.1 djm 67:
68: /* Compatibility with OpenSSH 1.0.x */
69: #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
70: #define ECDSA_SIG_get0(sig, pr, ps) \
71: do { \
72: (*pr) = sig->r; \
73: (*ps) = sig->s; \
74: } while (0)
75: #endif
76:
1.22 djm 77: struct sk_usbhid {
78: fido_dev_t *dev;
79: char *path;
80: };
81:
1.1 djm 82: /* Return the version of the middleware API */
83: uint32_t sk_api_version(void);
84:
85: /* Enroll a U2F key (private key generation) */
1.12 djm 86: int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
1.10 djm 87: const char *application, uint8_t flags, const char *pin,
1.12 djm 88: struct sk_option **options, struct sk_enroll_response **enroll_response);
1.1 djm 89:
90: /* Sign a challenge */
1.12 djm 91: int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
1.1 djm 92: const char *application, const uint8_t *key_handle, size_t key_handle_len,
1.12 djm 93: uint8_t flags, const char *pin, struct sk_option **options,
94: struct sk_sign_response **sign_response);
1.1 djm 95:
1.9 djm 96: /* Load resident keys */
1.12 djm 97: int sk_load_resident_keys(const char *pin, struct sk_option **options,
1.9 djm 98: struct sk_resident_key ***rks, size_t *nrks);
99:
1.1 djm 100: static void skdebug(const char *func, const char *fmt, ...)
101: __attribute__((__format__ (printf, 2, 3)));
102:
103: static void
104: skdebug(const char *func, const char *fmt, ...)
105: {
106: #if !defined(SK_STANDALONE)
107: char *msg;
108: va_list ap;
109:
110: va_start(ap, fmt);
111: xvasprintf(&msg, fmt, ap);
112: va_end(ap);
1.2 djm 113: debug("%s: %s", func, msg);
1.1 djm 114: free(msg);
115: #elif defined(SK_DEBUG)
116: va_list ap;
117:
118: va_start(ap, fmt);
119: fprintf(stderr, "%s: ", func);
120: vfprintf(stderr, fmt, ap);
121: fputc('\n', stderr);
122: va_end(ap);
123: #else
124: (void)func; /* XXX */
125: (void)fmt; /* XXX */
126: #endif
127: }
128:
129: uint32_t
130: sk_api_version(void)
131: {
1.15 djm 132: return SSH_SK_VERSION_MAJOR;
1.1 djm 133: }
134:
1.22 djm 135: static struct sk_usbhid *
136: sk_open(const char *path)
137: {
138: struct sk_usbhid *sk;
1.1 djm 139: int r;
140:
1.22 djm 141: if (path == NULL) {
142: skdebug(__func__, "path == NULL");
143: return NULL;
144: }
145: if ((sk = calloc(1, sizeof(*sk))) == NULL) {
146: skdebug(__func__, "calloc sk failed");
147: return NULL;
148: }
149: if ((sk->path = strdup(path)) == NULL) {
150: skdebug(__func__, "strdup path failed");
151: free(sk);
152: return NULL;
153: }
154: if ((sk->dev = fido_dev_new()) == NULL) {
155: skdebug(__func__, "fido_dev_new failed");
156: free(sk->path);
157: free(sk);
158: return NULL;
1.1 djm 159: }
1.22 djm 160: if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
161: skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
1.1 djm 162: fido_strerr(r));
1.22 djm 163: fido_dev_free(&sk->dev);
164: free(sk->path);
165: free(sk);
166: return NULL;
167: }
168: return sk;
169: }
170:
171: static void
172: sk_close(struct sk_usbhid *sk)
173: {
174: if (sk == NULL)
175: return;
176: fido_dev_cancel(sk->dev); /* cancel any pending operation */
177: fido_dev_close(sk->dev);
178: fido_dev_free(&sk->dev);
179: free(sk->path);
180: free(sk);
181: }
182:
183: static struct sk_usbhid **
184: sk_openv(const fido_dev_info_t *devlist, size_t ndevs, size_t *nopen)
185: {
186: const fido_dev_info_t *di;
187: struct sk_usbhid **skv;
188: size_t i;
189:
190: *nopen = 0;
191: if ((skv = calloc(ndevs, sizeof(*skv))) == NULL) {
192: skdebug(__func__, "calloc skv failed");
193: return NULL;
194: }
195: for (i = 0; i < ndevs; i++) {
196: if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
197: skdebug(__func__, "fido_dev_info_ptr failed");
198: else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)
199: skdebug(__func__, "sk_open failed");
200: else
201: (*nopen)++;
1.1 djm 202: }
1.22 djm 203: if (*nopen == 0) {
204: for (i = 0; i < ndevs; i++)
205: sk_close(skv[i]);
206: free(skv);
207: skv = NULL;
1.1 djm 208: }
1.22 djm 209:
210: return skv;
211: }
212:
213: static void
214: sk_closev(struct sk_usbhid **skv, size_t nsk)
215: {
216: size_t i;
217:
218: for (i = 0; i < nsk; i++)
219: sk_close(skv[i]);
220: free(skv);
221: }
222:
223: static int
224: sk_touch_begin(struct sk_usbhid **skv, size_t nsk)
225: {
226: size_t i, ok = 0;
227: int r;
228:
229: for (i = 0; i < nsk; i++)
230: if ((r = fido_dev_get_touch_begin(skv[i]->dev)) != FIDO_OK)
231: skdebug(__func__, "fido_dev_get_touch_begin %s failed:"
232: " %s", skv[i]->path, fido_strerr(r));
233: else
234: ok++;
235:
236: return ok ? 0 : -1;
237: }
238:
239: static int
240: sk_touch_poll(struct sk_usbhid **skv, size_t nsk, int *touch, size_t *idx)
241: {
242: struct timespec ts_pause;
243: size_t npoll, i;
244: int r;
245:
246: ts_pause.tv_sec = 0;
247: ts_pause.tv_nsec = POLL_SLEEP_NS;
248: nanosleep(&ts_pause, NULL);
249: npoll = nsk;
250: for (i = 0; i < nsk; i++) {
251: if (skv[i] == NULL)
252: continue; /* device discarded */
253: skdebug(__func__, "polling %s", skv[i]->path);
254: if ((r = fido_dev_get_touch_status(skv[i]->dev, touch,
255: FIDO_POLL_MS)) != FIDO_OK) {
256: skdebug(__func__, "fido_dev_get_touch_status %s: %s",
257: skv[i]->path, fido_strerr(r));
258: sk_close(skv[i]); /* discard device */
259: skv[i] = NULL;
260: if (--npoll == 0) {
261: skdebug(__func__, "no device left to poll");
262: return -1;
263: }
264: } else if (*touch) {
265: *idx = i;
266: return 0;
267: }
1.1 djm 268: }
1.22 djm 269: *touch = 0;
270: return 0;
271: }
272:
273: /* Calculate SHA256(m) */
274: static int
275: sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
276: {
277: #ifdef WITH_OPENSSL
278: u_int mdlen;
279: #endif
280:
281: if (dlen != 32)
282: return -1;
283: #ifdef WITH_OPENSSL
284: mdlen = dlen;
285: if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL))
286: return -1;
287: #else
288: SHA256Data(m, mlen, d);
289: #endif
290: return 0;
1.1 djm 291: }
292:
1.22 djm 293: /* Check if the specified key handle exists on a given sk. */
1.1 djm 294: static int
1.22 djm 295: sk_try(const struct sk_usbhid *sk, const char *application,
296: const uint8_t *key_handle, size_t key_handle_len)
1.1 djm 297: {
298: fido_assert_t *assert = NULL;
1.22 djm 299: /* generate an invalid signature on FIDO2 tokens */
300: const char *data = "";
301: uint8_t message[32];
1.1 djm 302: int r = FIDO_ERR_INTERNAL;
303:
1.22 djm 304: if (sha256_mem(data, strlen(data), message, sizeof(message)) != 0) {
305: skdebug(__func__, "hash message failed");
306: goto out;
307: }
1.1 djm 308: if ((assert = fido_assert_new()) == NULL) {
309: skdebug(__func__, "fido_assert_new failed");
310: goto out;
311: }
312: if ((r = fido_assert_set_clientdata_hash(assert, message,
1.22 djm 313: sizeof(message))) != FIDO_OK) {
1.1 djm 314: skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
315: fido_strerr(r));
316: goto out;
317: }
318: if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
319: skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
320: goto out;
321: }
322: if ((r = fido_assert_allow_cred(assert, key_handle,
323: key_handle_len)) != FIDO_OK) {
324: skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
325: goto out;
326: }
327: if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
328: skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
329: goto out;
330: }
1.22 djm 331: r = fido_dev_get_assert(sk->dev, assert, NULL);
1.1 djm 332: skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
1.3 djm 333: if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
334: /* U2F tokens may return this */
335: r = FIDO_OK;
336: }
1.1 djm 337: out:
338: fido_assert_free(&assert);
339:
340: return r != FIDO_OK ? -1 : 0;
341: }
342:
1.22 djm 343: static struct sk_usbhid *
344: sk_select_by_cred(const fido_dev_info_t *devlist, size_t ndevs,
345: const char *application, const uint8_t *key_handle, size_t key_handle_len)
1.1 djm 346: {
1.22 djm 347: struct sk_usbhid **skv, *sk;
348: size_t skvcnt, i;
1.1 djm 349:
1.22 djm 350: if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
351: skdebug(__func__, "sk_openv failed");
352: return NULL;
353: }
1.24 djm 354: if (skvcnt == 1) {
355: sk = skv[0];
356: skv[0] = NULL;
357: goto out;
358: }
1.22 djm 359: sk = NULL;
1.24 djm 360: for (i = 0; i < skvcnt; i++) {
1.22 djm 361: if (sk_try(skv[i], application, key_handle,
362: key_handle_len) == 0) {
363: sk = skv[i];
364: skv[i] = NULL;
365: skdebug(__func__, "found key in %s", sk->path);
366: break;
1.12 djm 367: }
1.24 djm 368: }
369: out:
1.22 djm 370: sk_closev(skv, skvcnt);
371: return sk;
372: }
373:
374: static struct sk_usbhid *
375: sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
376: {
377: struct sk_usbhid **skv, *sk;
378: struct timeval tv_start, tv_now, tv_delta;
379: size_t skvcnt, idx;
380: int touch, ms_remain;
381:
382: if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
383: skdebug(__func__, "sk_openv failed");
384: return NULL;
385: }
386: sk = NULL;
387: if (skvcnt < 2) {
388: if (skvcnt == 1) {
389: /* single candidate */
390: sk = skv[0];
391: skv[0] = NULL;
1.12 djm 392: }
1.22 djm 393: goto out;
1.12 djm 394: }
1.22 djm 395: if (sk_touch_begin(skv, skvcnt) == -1) {
396: skdebug(__func__, "sk_touch_begin failed");
397: goto out;
398: }
399: monotime_tv(&tv_start);
400: do {
401: if (sk_touch_poll(skv, skvcnt, &touch, &idx) == -1) {
402: skdebug(__func__, "sk_touch_poll failed");
403: goto out;
404: }
405: if (touch) {
406: sk = skv[idx];
407: skv[idx] = NULL;
408: goto out;
409: }
410: monotime_tv(&tv_now);
411: timersub(&tv_now, &tv_start, &tv_delta);
412: ms_remain = SELECT_MS - tv_delta.tv_sec * 1000 -
413: tv_delta.tv_usec / 1000;
414: } while (ms_remain >= FIDO_POLL_MS);
415: skdebug(__func__, "timeout");
416: out:
417: sk_closev(skv, skvcnt);
418: return sk;
419: }
420:
421: static struct sk_usbhid *
422: sk_probe(const char *application, const uint8_t *key_handle,
423: size_t key_handle_len)
424: {
425: struct sk_usbhid *sk;
426: fido_dev_info_t *devlist;
427: size_t ndevs;
428: int r;
1.12 djm 429:
1.1 djm 430: if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
431: skdebug(__func__, "fido_dev_info_new failed");
1.22 djm 432: return NULL;
1.1 djm 433: }
434: if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
1.22 djm 435: &ndevs)) != FIDO_OK) {
436: skdebug(__func__, "fido_dev_info_manifest failed: %s",
437: fido_strerr(r));
438: fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
439: return NULL;
1.1 djm 440: }
1.22 djm 441: skdebug(__func__, "%zu device(s) detected", ndevs);
442: if (ndevs == 0) {
443: sk = NULL;
444: } else if (application != NULL && key_handle != NULL) {
445: skdebug(__func__, "selecting sk by cred");
446: sk = sk_select_by_cred(devlist, ndevs, application, key_handle,
447: key_handle_len);
448: } else {
449: skdebug(__func__, "selecting sk by touch");
450: sk = sk_select_by_touch(devlist, ndevs);
1.1 djm 451: }
1.22 djm 452: fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
453: return sk;
1.1 djm 454: }
455:
1.7 naddy 456: #ifdef WITH_OPENSSL
1.1 djm 457: /*
458: * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
459: * but the API expects a SEC1 octet string.
460: */
461: static int
1.9 djm 462: pack_public_key_ecdsa(const fido_cred_t *cred,
463: struct sk_enroll_response *response)
1.1 djm 464: {
465: const uint8_t *ptr;
466: BIGNUM *x = NULL, *y = NULL;
467: EC_POINT *q = NULL;
468: EC_GROUP *g = NULL;
469: int ret = -1;
470:
471: response->public_key = NULL;
472: response->public_key_len = 0;
473:
1.5 djm 474: if ((x = BN_new()) == NULL ||
475: (y = BN_new()) == NULL ||
1.1 djm 476: (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
477: (q = EC_POINT_new(g)) == NULL) {
478: skdebug(__func__, "libcrypto setup failed");
479: goto out;
480: }
481: if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
482: skdebug(__func__, "fido_cred_pubkey_ptr failed");
483: goto out;
484: }
485: if (fido_cred_pubkey_len(cred) != 64) {
486: skdebug(__func__, "bad fido_cred_pubkey_len %zu",
487: fido_cred_pubkey_len(cred));
488: goto out;
489: }
490:
491: if (BN_bin2bn(ptr, 32, x) == NULL ||
492: BN_bin2bn(ptr + 32, 32, y) == NULL) {
493: skdebug(__func__, "BN_bin2bn failed");
494: goto out;
495: }
1.5 djm 496: if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
1.1 djm 497: skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
498: goto out;
499: }
500: response->public_key_len = EC_POINT_point2oct(g, q,
1.5 djm 501: POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1.1 djm 502: if (response->public_key_len == 0 || response->public_key_len > 2048) {
503: skdebug(__func__, "bad pubkey length %zu",
504: response->public_key_len);
505: goto out;
506: }
507: if ((response->public_key = malloc(response->public_key_len)) == NULL) {
508: skdebug(__func__, "malloc pubkey failed");
509: goto out;
510: }
511: if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
1.5 djm 512: response->public_key, response->public_key_len, NULL) == 0) {
1.1 djm 513: skdebug(__func__, "EC_POINT_point2oct failed");
514: goto out;
515: }
516: /* success */
517: ret = 0;
518: out:
519: if (ret != 0 && response->public_key != NULL) {
520: memset(response->public_key, 0, response->public_key_len);
521: free(response->public_key);
522: response->public_key = NULL;
523: }
524: EC_POINT_free(q);
525: EC_GROUP_free(g);
1.5 djm 526: BN_clear_free(x);
527: BN_clear_free(y);
1.1 djm 528: return ret;
529: }
1.7 naddy 530: #endif /* WITH_OPENSSL */
1.1 djm 531:
532: static int
1.9 djm 533: pack_public_key_ed25519(const fido_cred_t *cred,
534: struct sk_enroll_response *response)
1.1 djm 535: {
536: const uint8_t *ptr;
537: size_t len;
538: int ret = -1;
539:
540: response->public_key = NULL;
541: response->public_key_len = 0;
542:
543: if ((len = fido_cred_pubkey_len(cred)) != 32) {
544: skdebug(__func__, "bad fido_cred_pubkey_len len %zu", len);
545: goto out;
546: }
547: if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
548: skdebug(__func__, "fido_cred_pubkey_ptr failed");
549: goto out;
550: }
551: response->public_key_len = len;
552: if ((response->public_key = malloc(response->public_key_len)) == NULL) {
553: skdebug(__func__, "malloc pubkey failed");
554: goto out;
555: }
556: memcpy(response->public_key, ptr, len);
557: ret = 0;
558: out:
559: if (ret != 0)
560: free(response->public_key);
561: return ret;
562: }
563:
564: static int
1.12 djm 565: pack_public_key(uint32_t alg, const fido_cred_t *cred,
1.9 djm 566: struct sk_enroll_response *response)
1.1 djm 567: {
568: switch(alg) {
1.7 naddy 569: #ifdef WITH_OPENSSL
1.15 djm 570: case SSH_SK_ECDSA:
1.1 djm 571: return pack_public_key_ecdsa(cred, response);
1.7 naddy 572: #endif /* WITH_OPENSSL */
1.15 djm 573: case SSH_SK_ED25519:
1.1 djm 574: return pack_public_key_ed25519(cred, response);
575: default:
576: return -1;
577: }
578: }
579:
1.11 djm 580: static int
581: fidoerr_to_skerr(int fidoerr)
582: {
583: switch (fidoerr) {
584: case FIDO_ERR_UNSUPPORTED_OPTION:
1.15 djm 585: case FIDO_ERR_UNSUPPORTED_ALGORITHM:
1.11 djm 586: return SSH_SK_ERR_UNSUPPORTED;
587: case FIDO_ERR_PIN_REQUIRED:
588: case FIDO_ERR_PIN_INVALID:
589: return SSH_SK_ERR_PIN_REQUIRED;
590: default:
591: return -1;
592: }
593: }
594:
1.12 djm 595: static int
596: check_enroll_options(struct sk_option **options, char **devicep,
597: uint8_t *user_id, size_t user_id_len)
598: {
599: size_t i;
600:
601: if (options == NULL)
602: return 0;
603: for (i = 0; options[i] != NULL; i++) {
604: if (strcmp(options[i]->name, "device") == 0) {
605: if ((*devicep = strdup(options[i]->value)) == NULL) {
606: skdebug(__func__, "strdup device failed");
607: return -1;
608: }
609: skdebug(__func__, "requested device %s", *devicep);
1.14 djm 610: } else if (strcmp(options[i]->name, "user") == 0) {
1.12 djm 611: if (strlcpy(user_id, options[i]->value, user_id_len) >=
612: user_id_len) {
613: skdebug(__func__, "user too long");
614: return -1;
615: }
616: skdebug(__func__, "requested user %s",
617: (char *)user_id);
618: } else {
619: skdebug(__func__, "requested unsupported option %s",
620: options[i]->name);
621: if (options[i]->required) {
622: skdebug(__func__, "unknown required option");
623: return -1;
624: }
625: }
626: }
627: return 0;
628: }
629:
1.1 djm 630: int
1.12 djm 631: sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
1.10 djm 632: const char *application, uint8_t flags, const char *pin,
1.12 djm 633: struct sk_option **options, struct sk_enroll_response **enroll_response)
1.1 djm 634: {
635: fido_cred_t *cred = NULL;
636: const uint8_t *ptr;
637: uint8_t user_id[32];
1.22 djm 638: struct sk_usbhid *sk = NULL;
1.1 djm 639: struct sk_enroll_response *response = NULL;
640: size_t len;
1.19 djm 641: int credprot;
1.1 djm 642: int cose_alg;
1.11 djm 643: int ret = SSH_SK_ERR_GENERAL;
1.1 djm 644: int r;
645: char *device = NULL;
646:
1.18 djm 647: fido_init(SSH_FIDO_INIT_ARG);
648:
1.6 markus 649: if (enroll_response == NULL) {
650: skdebug(__func__, "enroll_response == NULL");
1.1 djm 651: goto out;
652: }
1.22 djm 653: *enroll_response = NULL;
1.12 djm 654: memset(user_id, 0, sizeof(user_id));
1.22 djm 655: if (check_enroll_options(options, &device, user_id,
656: sizeof(user_id)) != 0)
1.12 djm 657: goto out; /* error already logged */
658:
1.1 djm 659: switch(alg) {
1.7 naddy 660: #ifdef WITH_OPENSSL
1.15 djm 661: case SSH_SK_ECDSA:
1.1 djm 662: cose_alg = COSE_ES256;
663: break;
1.7 naddy 664: #endif /* WITH_OPENSSL */
1.15 djm 665: case SSH_SK_ED25519:
1.1 djm 666: cose_alg = COSE_EDDSA;
667: break;
668: default:
669: skdebug(__func__, "unsupported key type %d", alg);
670: goto out;
671: }
1.22 djm 672: if (device != NULL)
673: sk = sk_open(device);
674: else
675: sk = sk_probe(NULL, NULL, 0);
676: if (sk == NULL) {
677: skdebug(__func__, "failed to find sk");
1.1 djm 678: goto out;
679: }
1.22 djm 680: skdebug(__func__, "using device %s", sk->path);
1.1 djm 681: if ((cred = fido_cred_new()) == NULL) {
682: skdebug(__func__, "fido_cred_new failed");
683: goto out;
684: }
685: if ((r = fido_cred_set_type(cred, cose_alg)) != FIDO_OK) {
686: skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
687: goto out;
688: }
689: if ((r = fido_cred_set_clientdata_hash(cred, challenge,
690: challenge_len)) != FIDO_OK) {
691: skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
692: fido_strerr(r));
1.8 djm 693: goto out;
694: }
1.15 djm 695: if ((r = fido_cred_set_rk(cred, (flags & SSH_SK_RESIDENT_KEY) != 0 ?
1.8 djm 696: FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
697: skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
1.1 djm 698: goto out;
699: }
700: if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),
701: "openssh", "openssh", NULL)) != FIDO_OK) {
702: skdebug(__func__, "fido_cred_set_user: %s", fido_strerr(r));
703: goto out;
704: }
705: if ((r = fido_cred_set_rp(cred, application, NULL)) != FIDO_OK) {
706: skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
707: goto out;
708: }
1.21 djm 709: if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
1.22 djm 710: if (!fido_dev_supports_cred_prot(sk->dev)) {
711: skdebug(__func__, "%s does not support credprot, "
712: "refusing to create unprotected "
713: "resident/verify-required key", sk->path);
1.19 djm 714: ret = SSH_SK_ERR_UNSUPPORTED;
715: goto out;
716: }
1.21 djm 717: if ((flags & SSH_SK_USER_VERIFICATION_REQD))
718: credprot = FIDO_CRED_PROT_UV_REQUIRED;
719: else
720: credprot = FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID;
721:
722: if ((r = fido_cred_set_prot(cred, credprot)) != FIDO_OK) {
1.19 djm 723: skdebug(__func__, "fido_cred_set_prot: %s",
724: fido_strerr(r));
725: ret = fidoerr_to_skerr(r);
726: goto out;
727: }
1.1 djm 728: }
1.22 djm 729: if ((r = fido_dev_make_cred(sk->dev, cred, pin)) != FIDO_OK) {
1.1 djm 730: skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
1.11 djm 731: ret = fidoerr_to_skerr(r);
1.1 djm 732: goto out;
733: }
734: if (fido_cred_x5c_ptr(cred) != NULL) {
735: if ((r = fido_cred_verify(cred)) != FIDO_OK) {
736: skdebug(__func__, "fido_cred_verify: %s",
737: fido_strerr(r));
738: goto out;
739: }
740: } else {
741: skdebug(__func__, "self-attested credential");
742: if ((r = fido_cred_verify_self(cred)) != FIDO_OK) {
743: skdebug(__func__, "fido_cred_verify_self: %s",
744: fido_strerr(r));
745: goto out;
746: }
747: }
748: if ((response = calloc(1, sizeof(*response))) == NULL) {
749: skdebug(__func__, "calloc response failed");
750: goto out;
751: }
752: if (pack_public_key(alg, cred, response) != 0) {
753: skdebug(__func__, "pack_public_key failed");
754: goto out;
755: }
756: if ((ptr = fido_cred_id_ptr(cred)) != NULL) {
757: len = fido_cred_id_len(cred);
758: if ((response->key_handle = calloc(1, len)) == NULL) {
759: skdebug(__func__, "calloc key handle failed");
760: goto out;
761: }
762: memcpy(response->key_handle, ptr, len);
763: response->key_handle_len = len;
764: }
765: if ((ptr = fido_cred_sig_ptr(cred)) != NULL) {
766: len = fido_cred_sig_len(cred);
767: if ((response->signature = calloc(1, len)) == NULL) {
768: skdebug(__func__, "calloc signature failed");
769: goto out;
770: }
771: memcpy(response->signature, ptr, len);
772: response->signature_len = len;
773: }
774: if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
775: len = fido_cred_x5c_len(cred);
1.16 djm 776: debug3("%s: attestation cert len=%zu", __func__, len);
1.1 djm 777: if ((response->attestation_cert = calloc(1, len)) == NULL) {
778: skdebug(__func__, "calloc attestation cert failed");
779: goto out;
780: }
781: memcpy(response->attestation_cert, ptr, len);
782: response->attestation_cert_len = len;
783: }
1.26 ! djm 784: if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) {
! 785: len = fido_cred_authdata_len(cred);
! 786: debug3("%s: authdata len=%zu", __func__, len);
! 787: if ((response->authdata = calloc(1, len)) == NULL) {
! 788: skdebug(__func__, "calloc authdata failed");
! 789: goto out;
! 790: }
! 791: memcpy(response->authdata, ptr, len);
! 792: response->authdata_len = len;
! 793: }
1.6 markus 794: *enroll_response = response;
1.1 djm 795: response = NULL;
796: ret = 0;
797: out:
798: free(device);
799: if (response != NULL) {
800: free(response->public_key);
801: free(response->key_handle);
802: free(response->signature);
803: free(response->attestation_cert);
1.26 ! djm 804: free(response->authdata);
1.1 djm 805: free(response);
806: }
1.22 djm 807: sk_close(sk);
808: fido_cred_free(&cred);
1.1 djm 809: return ret;
810: }
811:
1.7 naddy 812: #ifdef WITH_OPENSSL
1.1 djm 813: static int
814: pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
815: {
816: ECDSA_SIG *sig = NULL;
817: const BIGNUM *sig_r, *sig_s;
818: const unsigned char *cp;
819: size_t sig_len;
820: int ret = -1;
821:
822: cp = fido_assert_sig_ptr(assert, 0);
823: sig_len = fido_assert_sig_len(assert, 0);
824: if ((sig = d2i_ECDSA_SIG(NULL, &cp, sig_len)) == NULL) {
825: skdebug(__func__, "d2i_ECDSA_SIG failed");
826: goto out;
827: }
828: ECDSA_SIG_get0(sig, &sig_r, &sig_s);
829: response->sig_r_len = BN_num_bytes(sig_r);
830: response->sig_s_len = BN_num_bytes(sig_s);
831: if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
832: (response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
833: skdebug(__func__, "calloc signature failed");
834: goto out;
835: }
836: BN_bn2bin(sig_r, response->sig_r);
837: BN_bn2bin(sig_s, response->sig_s);
838: ret = 0;
839: out:
840: ECDSA_SIG_free(sig);
841: if (ret != 0) {
842: free(response->sig_r);
843: free(response->sig_s);
844: response->sig_r = NULL;
845: response->sig_s = NULL;
846: }
847: return ret;
848: }
1.7 naddy 849: #endif /* WITH_OPENSSL */
1.1 djm 850:
851: static int
852: pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
853: {
854: const unsigned char *ptr;
855: size_t len;
856: int ret = -1;
857:
858: ptr = fido_assert_sig_ptr(assert, 0);
859: len = fido_assert_sig_len(assert, 0);
860: if (len != 64) {
861: skdebug(__func__, "bad length %zu", len);
862: goto out;
863: }
864: response->sig_r_len = len;
865: if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
866: skdebug(__func__, "calloc signature failed");
867: goto out;
868: }
869: memcpy(response->sig_r, ptr, len);
870: ret = 0;
871: out:
872: if (ret != 0) {
873: free(response->sig_r);
874: response->sig_r = NULL;
875: }
876: return ret;
877: }
878:
879: static int
1.12 djm 880: pack_sig(uint32_t alg, fido_assert_t *assert,
881: struct sk_sign_response *response)
1.1 djm 882: {
883: switch(alg) {
1.7 naddy 884: #ifdef WITH_OPENSSL
1.15 djm 885: case SSH_SK_ECDSA:
1.1 djm 886: return pack_sig_ecdsa(assert, response);
1.7 naddy 887: #endif /* WITH_OPENSSL */
1.15 djm 888: case SSH_SK_ED25519:
1.1 djm 889: return pack_sig_ed25519(assert, response);
890: default:
891: return -1;
892: }
893: }
894:
1.12 djm 895: /* Checks sk_options for sk_sign() and sk_load_resident_keys() */
896: static int
897: check_sign_load_resident_options(struct sk_option **options, char **devicep)
898: {
899: size_t i;
900:
901: if (options == NULL)
902: return 0;
903: for (i = 0; options[i] != NULL; i++) {
904: if (strcmp(options[i]->name, "device") == 0) {
905: if ((*devicep = strdup(options[i]->value)) == NULL) {
906: skdebug(__func__, "strdup device failed");
907: return -1;
908: }
909: skdebug(__func__, "requested device %s", *devicep);
910: } else {
911: skdebug(__func__, "requested unsupported option %s",
912: options[i]->name);
913: if (options[i]->required) {
914: skdebug(__func__, "unknown required option");
915: return -1;
916: }
917: }
918: }
919: return 0;
920: }
921:
1.1 djm 922: int
1.17 djm 923: sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
1.1 djm 924: const char *application,
925: const uint8_t *key_handle, size_t key_handle_len,
1.12 djm 926: uint8_t flags, const char *pin, struct sk_option **options,
927: struct sk_sign_response **sign_response)
1.1 djm 928: {
929: fido_assert_t *assert = NULL;
1.12 djm 930: char *device = NULL;
1.22 djm 931: struct sk_usbhid *sk = NULL;
1.1 djm 932: struct sk_sign_response *response = NULL;
1.17 djm 933: uint8_t message[32];
1.11 djm 934: int ret = SSH_SK_ERR_GENERAL;
1.1 djm 935: int r;
936:
1.18 djm 937: fido_init(SSH_FIDO_INIT_ARG);
1.1 djm 938:
939: if (sign_response == NULL) {
940: skdebug(__func__, "sign_response == NULL");
941: goto out;
942: }
943: *sign_response = NULL;
1.12 djm 944: if (check_sign_load_resident_options(options, &device) != 0)
945: goto out; /* error already logged */
1.17 djm 946: /* hash data to be signed before it goes to the security key */
947: if ((r = sha256_mem(data, datalen, message, sizeof(message))) != 0) {
948: skdebug(__func__, "hash message failed");
949: goto out;
950: }
1.22 djm 951: if (device != NULL)
952: sk = sk_open(device);
953: else if (pin != NULL || (flags & SSH_SK_USER_VERIFICATION_REQD))
954: sk = sk_probe(NULL, NULL, 0);
955: else
956: sk = sk_probe(application, key_handle, key_handle_len);
957: if (sk == NULL) {
958: skdebug(__func__, "failed to find sk");
1.1 djm 959: goto out;
960: }
961: if ((assert = fido_assert_new()) == NULL) {
962: skdebug(__func__, "fido_assert_new failed");
963: goto out;
964: }
965: if ((r = fido_assert_set_clientdata_hash(assert, message,
1.17 djm 966: sizeof(message))) != FIDO_OK) {
1.1 djm 967: skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
968: fido_strerr(r));
969: goto out;
970: }
971: if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
972: skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
973: goto out;
974: }
975: if ((r = fido_assert_allow_cred(assert, key_handle,
976: key_handle_len)) != FIDO_OK) {
977: skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
978: goto out;
979: }
980: if ((r = fido_assert_set_up(assert,
1.15 djm 981: (flags & SSH_SK_USER_PRESENCE_REQD) ?
1.1 djm 982: FIDO_OPT_TRUE : FIDO_OPT_FALSE)) != FIDO_OK) {
983: skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
984: goto out;
985: }
1.21 djm 986: if (pin == NULL && (flags & SSH_SK_USER_VERIFICATION_REQD) &&
987: (r = fido_assert_set_uv(assert, FIDO_OPT_TRUE)) != FIDO_OK) {
988: skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
989: ret = FIDO_ERR_PIN_REQUIRED;
990: goto out;
991: }
1.22 djm 992: if ((r = fido_dev_get_assert(sk->dev, assert, pin)) != FIDO_OK) {
1.1 djm 993: skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
1.21 djm 994: ret = fidoerr_to_skerr(r);
1.1 djm 995: goto out;
996: }
997: if ((response = calloc(1, sizeof(*response))) == NULL) {
998: skdebug(__func__, "calloc response failed");
999: goto out;
1000: }
1001: response->flags = fido_assert_flags(assert, 0);
1002: response->counter = fido_assert_sigcount(assert, 0);
1003: if (pack_sig(alg, assert, response) != 0) {
1004: skdebug(__func__, "pack_sig failed");
1005: goto out;
1006: }
1007: *sign_response = response;
1008: response = NULL;
1009: ret = 0;
1010: out:
1.17 djm 1011: explicit_bzero(message, sizeof(message));
1.12 djm 1012: free(device);
1.1 djm 1013: if (response != NULL) {
1014: free(response->sig_r);
1015: free(response->sig_s);
1016: free(response);
1017: }
1.22 djm 1018: sk_close(sk);
1019: fido_assert_free(&assert);
1.1 djm 1020: return ret;
1021: }
1.9 djm 1022:
1023: static int
1.22 djm 1024: read_rks(struct sk_usbhid *sk, const char *pin,
1.9 djm 1025: struct sk_resident_key ***rksp, size_t *nrksp)
1026: {
1.11 djm 1027: int ret = SSH_SK_ERR_GENERAL, r = -1;
1.9 djm 1028: fido_credman_metadata_t *metadata = NULL;
1029: fido_credman_rp_t *rp = NULL;
1030: fido_credman_rk_t *rk = NULL;
1031: size_t i, j, nrp, nrk;
1032: const fido_cred_t *cred;
1033: struct sk_resident_key *srk = NULL, **tmp;
1034:
1.22 djm 1035: if (pin == NULL) {
1036: skdebug(__func__, "no PIN specified");
1037: ret = SSH_SK_ERR_PIN_REQUIRED;
1038: goto out;
1.9 djm 1039: }
1040: if ((metadata = fido_credman_metadata_new()) == NULL) {
1041: skdebug(__func__, "alloc failed");
1042: goto out;
1043: }
1044:
1.22 djm 1045: if ((r = fido_credman_get_dev_metadata(sk->dev, metadata, pin)) != 0) {
1.9 djm 1046: if (r == FIDO_ERR_INVALID_COMMAND) {
1047: skdebug(__func__, "device %s does not support "
1.22 djm 1048: "resident keys", sk->path);
1.11 djm 1049: ret = 0;
1.9 djm 1050: goto out;
1051: }
1052: skdebug(__func__, "get metadata for %s failed: %s",
1.22 djm 1053: sk->path, fido_strerr(r));
1.12 djm 1054: ret = fidoerr_to_skerr(r);
1.9 djm 1055: goto out;
1056: }
1057: skdebug(__func__, "existing %llu, remaining %llu",
1058: (unsigned long long)fido_credman_rk_existing(metadata),
1059: (unsigned long long)fido_credman_rk_remaining(metadata));
1060: if ((rp = fido_credman_rp_new()) == NULL) {
1061: skdebug(__func__, "alloc rp failed");
1062: goto out;
1063: }
1.22 djm 1064: if ((r = fido_credman_get_dev_rp(sk->dev, rp, pin)) != 0) {
1.9 djm 1065: skdebug(__func__, "get RPs for %s failed: %s",
1.22 djm 1066: sk->path, fido_strerr(r));
1.9 djm 1067: goto out;
1068: }
1069: nrp = fido_credman_rp_count(rp);
1070: skdebug(__func__, "Device %s has resident keys for %zu RPs",
1.22 djm 1071: sk->path, nrp);
1.9 djm 1072:
1073: /* Iterate over RP IDs that have resident keys */
1074: for (i = 0; i < nrp; i++) {
1075: skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu",
1076: i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i),
1077: fido_credman_rp_id_hash_len(rp, i));
1078:
1079: /* Skip non-SSH RP IDs */
1080: if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0)
1081: continue;
1082:
1083: fido_credman_rk_free(&rk);
1084: if ((rk = fido_credman_rk_new()) == NULL) {
1085: skdebug(__func__, "alloc rk failed");
1086: goto out;
1087: }
1.22 djm 1088: if ((r = fido_credman_get_dev_rk(sk->dev,
1089: fido_credman_rp_id(rp, i), rk, pin)) != 0) {
1.9 djm 1090: skdebug(__func__, "get RKs for %s slot %zu failed: %s",
1.22 djm 1091: sk->path, i, fido_strerr(r));
1.9 djm 1092: goto out;
1093: }
1094: nrk = fido_credman_rk_count(rk);
1095: skdebug(__func__, "RP \"%s\" has %zu resident keys",
1096: fido_credman_rp_id(rp, i), nrk);
1097:
1098: /* Iterate over resident keys for this RP ID */
1099: for (j = 0; j < nrk; j++) {
1100: if ((cred = fido_credman_rk(rk, j)) == NULL) {
1101: skdebug(__func__, "no RK in slot %zu", j);
1102: continue;
1103: }
1104: skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
1.22 djm 1105: "type %d flags 0x%02x prot 0x%02x", sk->path,
1.21 djm 1106: fido_credman_rp_id(rp, i), j, fido_cred_type(cred),
1107: fido_cred_flags(cred), fido_cred_prot(cred));
1.9 djm 1108:
1109: /* build response entry */
1110: if ((srk = calloc(1, sizeof(*srk))) == NULL ||
1111: (srk->key.key_handle = calloc(1,
1112: fido_cred_id_len(cred))) == NULL ||
1113: (srk->application = strdup(fido_credman_rp_id(rp,
1114: i))) == NULL) {
1115: skdebug(__func__, "alloc sk_resident_key");
1116: goto out;
1117: }
1118:
1119: srk->key.key_handle_len = fido_cred_id_len(cred);
1.23 djm 1120: memcpy(srk->key.key_handle, fido_cred_id_ptr(cred),
1.9 djm 1121: srk->key.key_handle_len);
1122:
1123: switch (fido_cred_type(cred)) {
1124: case COSE_ES256:
1.15 djm 1125: srk->alg = SSH_SK_ECDSA;
1.9 djm 1126: break;
1127: case COSE_EDDSA:
1.15 djm 1128: srk->alg = SSH_SK_ED25519;
1.9 djm 1129: break;
1130: default:
1131: skdebug(__func__, "unsupported key type %d",
1132: fido_cred_type(cred));
1.15 djm 1133: goto out; /* XXX free rk and continue */
1.9 djm 1134: }
1.23 djm 1135:
1136: if (fido_cred_prot(cred) == FIDO_CRED_PROT_UV_REQUIRED)
1137: srk->flags |= SSH_SK_USER_VERIFICATION_REQD;
1.9 djm 1138:
1139: if ((r = pack_public_key(srk->alg, cred,
1140: &srk->key)) != 0) {
1141: skdebug(__func__, "pack public key failed");
1142: goto out;
1143: }
1144: /* append */
1145: if ((tmp = recallocarray(*rksp, *nrksp, (*nrksp) + 1,
1146: sizeof(**rksp))) == NULL) {
1147: skdebug(__func__, "alloc rksp");
1148: goto out;
1149: }
1150: *rksp = tmp;
1151: (*rksp)[(*nrksp)++] = srk;
1152: srk = NULL;
1153: }
1154: }
1155: /* Success */
1.11 djm 1156: ret = 0;
1.9 djm 1157: out:
1158: if (srk != NULL) {
1159: free(srk->application);
1160: freezero(srk->key.public_key, srk->key.public_key_len);
1161: freezero(srk->key.key_handle, srk->key.key_handle_len);
1162: freezero(srk, sizeof(*srk));
1163: }
1164: fido_credman_rp_free(&rp);
1165: fido_credman_rk_free(&rk);
1166: fido_credman_metadata_free(&metadata);
1.11 djm 1167: return ret;
1.9 djm 1168: }
1169:
1170: int
1.12 djm 1171: sk_load_resident_keys(const char *pin, struct sk_option **options,
1.9 djm 1172: struct sk_resident_key ***rksp, size_t *nrksp)
1173: {
1.11 djm 1174: int ret = SSH_SK_ERR_GENERAL, r = -1;
1.22 djm 1175: size_t i, nrks = 0;
1.9 djm 1176: struct sk_resident_key **rks = NULL;
1.22 djm 1177: struct sk_usbhid *sk = NULL;
1.12 djm 1178: char *device = NULL;
1.22 djm 1179:
1.9 djm 1180: *rksp = NULL;
1181: *nrksp = 0;
1.18 djm 1182:
1183: fido_init(SSH_FIDO_INIT_ARG);
1.9 djm 1184:
1.12 djm 1185: if (check_sign_load_resident_options(options, &device) != 0)
1186: goto out; /* error already logged */
1.22 djm 1187: if (device != NULL)
1188: sk = sk_open(device);
1189: else
1190: sk = sk_probe(NULL, NULL, 0);
1191: if (sk == NULL) {
1192: skdebug(__func__, "failed to find sk");
1193: goto out;
1194: }
1195: skdebug(__func__, "trying %s", sk->path);
1196: if ((r = read_rks(sk, pin, &rks, &nrks)) != 0) {
1197: skdebug(__func__, "read_rks failed for %s", sk->path);
1198: ret = r;
1199: goto out;
1.9 djm 1200: }
1.12 djm 1201: /* success, unless we have no keys but a specific error */
1202: if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
1203: ret = 0;
1.9 djm 1204: *rksp = rks;
1205: *nrksp = nrks;
1206: rks = NULL;
1207: nrks = 0;
1208: out:
1.22 djm 1209: sk_close(sk);
1.9 djm 1210: for (i = 0; i < nrks; i++) {
1211: free(rks[i]->application);
1212: freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
1213: freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
1214: freezero(rks[i], sizeof(*rks[i]));
1215: }
1216: free(rks);
1.11 djm 1217: return ret;
1.9 djm 1218: }
1219: