=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.445 retrieving revision 1.457 diff -u -r1.445 -r1.457 --- src/usr.bin/ssh/ssh-keygen.c 2022/01/05 04:50:11 1.445 +++ src/usr.bin/ssh/ssh-keygen.c 2022/07/20 03:33:22 1.457 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.445 2022/01/05 04:50:11 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.457 2022/07/20 03:33:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -121,6 +121,7 @@ #define CERTOPT_PTY (1<<3) #define CERTOPT_USER_RC (1<<4) #define CERTOPT_NO_REQUIRE_USER_PRESENCE (1<<5) +#define CERTOPT_REQUIRE_VERIFY (1<<6) #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) static u_int32_t certflags_flags = CERTOPT_DEFAULT; @@ -573,10 +574,13 @@ error_f("remaining bytes in key blob %d", rlen); /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), - NULL, NULL, NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL) != 0) { + if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data), + NULL, NULL, NULL, 0)) != 0) + error_fr(r, "signing with converted key failed"); + else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), + NULL, 0, NULL)) != 0) + error_fr(r, "verification with converted key failed"); + if (r != 0) { sshkey_free(key); free(sig); return NULL; @@ -1023,7 +1027,6 @@ } key_types[] = { #ifdef WITH_OPENSSL { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, - { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, #endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, @@ -1649,6 +1652,8 @@ cert_ext_add("force-command", certflags_command, 1); if (certflags_src_addr != NULL) cert_ext_add("source-address", certflags_src_addr, 1); + if ((certflags_flags & CERTOPT_REQUIRE_VERIFY) != 0) + cert_ext_add("verify-required", NULL, 1); /* extensions */ if ((certflags_flags & CERTOPT_X_FWD) != 0) cert_ext_add("permit-X11-forwarding", NULL, 0); @@ -1970,6 +1975,10 @@ certflags_flags &= ~CERTOPT_NO_REQUIRE_USER_PRESENCE; else if (strcasecmp(opt, "no-touch-required") == 0) certflags_flags |= CERTOPT_NO_REQUIRE_USER_PRESENCE; + else if (strcasecmp(opt, "no-verify-required") == 0) + certflags_flags &= ~CERTOPT_REQUIRE_VERIFY; + else if (strcasecmp(opt, "verify-required") == 0) + certflags_flags |= CERTOPT_REQUIRE_VERIFY; else if (strncasecmp(opt, "force-command=", 14) == 0) { val = opt + 14; if (*val == '\0') @@ -2028,6 +2037,9 @@ fatal_fr(r, "parse critical"); printf(" %s\n", arg); free(arg); + } else if (in_critical && + strcmp(name, "verify-required") == 0) { + printf("\n"); } else if (sshbuf_len(option) > 0) { hex = sshbuf_dtob16(option); printf(" UNKNOWN OPTION: %s (len %zu)\n", @@ -2437,9 +2449,10 @@ { size_t i, slen, plen = strlen(keypath); char *privpath = xstrdup(keypath); - const char *suffixes[] = { "-cert.pub", ".pub", NULL }; + static const char * const suffixes[] = { "-cert.pub", ".pub", NULL }; struct sshkey *ret = NULL, *privkey = NULL; - int r; + int r, waspub = 0; + struct stat st; /* * If passed a public key filename, then try to locate the corresponding @@ -2454,11 +2467,17 @@ privpath[plen - slen] = '\0'; debug_f("%s looks like a public key, using private key " "path %s instead", keypath, privpath); + waspub = 1; } - if ((privkey = load_identity(privpath, NULL)) == NULL) { - error("Couldn't load identity %s", keypath); - goto done; - } + if (waspub && stat(privpath, &st) != 0 && errno == ENOENT) + fatal("No private key found for public key \"%s\"", keypath); + if ((r = sshkey_load_private(privpath, "", &privkey, NULL)) != 0 && + (r != SSH_ERR_KEY_WRONG_PASSPHRASE)) { + debug_fr(r, "load private key \"%s\"", privpath); + fatal("No private key found for \"%s\"", privpath); + } else if (privkey == NULL) + privkey = load_identity(privpath, NULL); + if (!sshkey_equal_public(pubkey, privkey)) { error("Public key %s doesn't match private %s", keypath, privpath); @@ -2624,8 +2643,8 @@ static int -sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv, - char * const *opts, size_t nopts) +sig_sign(const char *keypath, const char *sig_namespace, int require_agent, + int argc, char **argv, char * const *opts, size_t nopts) { int i, fd = -1, r, ret = -1; int agent_fd = -1; @@ -2649,13 +2668,18 @@ goto done; } - if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { + if (require_agent) + fatal("Couldn't get agent socket"); debug_r(r, "Couldn't get agent socket"); - else { + } else { if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0) signer = agent_signer; - else + else { + if (require_agent) + fatal("Couldn't find key in agent"); debug_r(r, "Couldn't find key in agent"); + } } if (signer == NULL) { @@ -2982,40 +3006,46 @@ #endif /* WITH_OPENSSL */ } +/* Read and confirm a passphrase */ static char * -private_key_passphrase(void) +read_check_passphrase(const char *prompt1, const char *prompt2, + const char *retry_prompt) { char *passphrase1, *passphrase2; - /* Ask for a passphrase (twice). */ - if (identity_passphrase) - passphrase1 = xstrdup(identity_passphrase); - else if (identity_new_passphrase) - passphrase1 = xstrdup(identity_new_passphrase); - else { -passphrase_again: - passphrase1 = - read_passphrase("Enter passphrase (empty for no " - "passphrase): ", RP_ALLOW_STDIN); - passphrase2 = read_passphrase("Enter same passphrase again: ", - RP_ALLOW_STDIN); - if (strcmp(passphrase1, passphrase2) != 0) { - /* - * The passphrases do not match. Clear them and - * retry. - */ - freezero(passphrase1, strlen(passphrase1)); + for (;;) { + passphrase1 = read_passphrase(prompt1, RP_ALLOW_STDIN); + passphrase2 = read_passphrase(prompt2, RP_ALLOW_STDIN); + if (strcmp(passphrase1, passphrase2) == 0) { freezero(passphrase2, strlen(passphrase2)); - printf("Passphrases do not match. Try again.\n"); - goto passphrase_again; + return passphrase1; } - /* Clear the other copy of the passphrase. */ + /* The passphrases do not match. Clear them and retry. */ + freezero(passphrase1, strlen(passphrase1)); freezero(passphrase2, strlen(passphrase2)); + fputs(retry_prompt, stdout); + fputc('\n', stdout); + fflush(stdout); } - return passphrase1; + /* NOTREACHED */ + return NULL; } static char * +private_key_passphrase(void) +{ + if (identity_passphrase) + return xstrdup(identity_passphrase); + if (identity_new_passphrase) + return xstrdup(identity_new_passphrase); + + return read_check_passphrase( + "Enter passphrase (empty for no passphrase): ", + "Enter same passphrase again: ", + "Passphrases do not match. Try again."); +} + +static char * sk_suffix(const char *application, const uint8_t *user, size_t userlen) { char *ret, *cp; @@ -3163,6 +3193,23 @@ "%s\n", path); } +static int +confirm_sk_overwrite(const char *application, const char *user) +{ + char yesno[3]; + + printf("A resident key scoped to '%s' with user id '%s' already " + "exists.\n", application == NULL ? "ssh:" : application, + user == NULL ? "null" : user); + printf("Overwrite key in token (y/n)? "); + fflush(stdout); + if (fgets(yesno, sizeof(yesno), stdin) == NULL) + return 0; + if (yesno[0] != 'y' && yesno[0] != 'Y') + return 0; + return 1; +} + static void usage(void) { @@ -3497,6 +3544,7 @@ return sig_match_principals(identity_file, cert_key_id, opts, nopts); } else if (strncmp(sign_op, "sign", 4) == 0) { + /* NB. cert_principals is actually namespace, via -n */ if (cert_principals == NULL || *cert_principals == '\0') { error("Too few arguments for sign: " @@ -3509,8 +3557,15 @@ exit(1); } return sig_sign(identity_file, cert_principals, - argc, argv, opts, nopts); + prefer_agent, argc, argv, opts, nopts); } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { + /* NB. cert_principals is actually namespace, via -n */ + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for check-novalidate: " + "missing namespace"); + exit(1); + } if (ca_key_path == NULL) { error("Too few arguments for check-novalidate: " "missing signature file"); @@ -3519,6 +3574,7 @@ return sig_verify(ca_key_path, cert_principals, NULL, NULL, NULL, opts, nopts); } else if (strncmp(sign_op, "verify", 6) == 0) { + /* NB. cert_principals is actually namespace, via -n */ if (cert_principals == NULL || *cert_principals == '\0') { error("Too few arguments for verify: " @@ -3537,7 +3593,7 @@ } if (cert_key_id == NULL) { error("Too few arguments for verify: " - "missing principal ID"); + "missing principal identity"); exit(1); } return sig_verify(ca_key_path, cert_principals, @@ -3717,10 +3773,6 @@ "FIDO authenticator enrollment", opts[i]); } } - if (!quiet) { - printf("You may need to touch your authenticator " - "to authorize key generation.\n"); - } if ((attest = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); if ((sk_flags & @@ -3730,7 +3782,14 @@ } else { passphrase = NULL; } - for (i = 0 ; ; i++) { + r = 0; + for (i = 0 ;;) { + if (!quiet) { + printf("You may need to touch your " + "authenticator%s to authorize key " + "generation.\n", + r == 0 ? "" : " again"); + } fflush(stdout); r = sshsk_enroll(type, sk_provider, sk_device, sk_application == NULL ? "ssh:" : sk_application, @@ -3738,6 +3797,13 @@ &private, attest); if (r == 0) break; + if (r == SSH_ERR_KEY_BAD_PERMISSIONS && + (sk_flags & SSH_SK_RESIDENT_KEY) != 0 && + (sk_flags & SSH_SK_FORCE_OPERATION) == 0 && + confirm_sk_overwrite(sk_application, sk_user)) { + sk_flags |= SSH_SK_FORCE_OPERATION; + continue; + } if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal_r(r, "Key enrollment failed"); else if (passphrase != NULL) { @@ -3745,15 +3811,10 @@ freezero(passphrase, strlen(passphrase)); passphrase = NULL; } - if (i >= 3) + if (++i >= 3) fatal("Too many incorrect PINs"); passphrase = read_passphrase("Enter PIN for " "authenticator: ", RP_ALLOW_STDIN); - if (!quiet) { - printf("You may need to touch your " - "authenticator (again) to authorize " - "key generation.\n"); - } } if (passphrase != NULL) { freezero(passphrase, strlen(passphrase));