Annotation of src/usr.bin/ssh/ssh-sk.c, Revision 1.21
1.21 ! djm 1: /* $OpenBSD: ssh-sk.c,v 1.20 2019/12/30 09:21:16 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2019 Google LLC
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* #define DEBUG_SK 1 */
19:
20: #include <dlfcn.h>
21: #include <stddef.h>
22: #include <stdint.h>
23: #include <string.h>
24: #include <stdio.h>
25:
1.15 naddy 26: #ifdef WITH_OPENSSL
1.1 djm 27: #include <openssl/objects.h>
28: #include <openssl/ec.h>
1.15 naddy 29: #endif /* WITH_OPENSSL */
1.1 djm 30:
31: #include "log.h"
32: #include "misc.h"
33: #include "sshbuf.h"
34: #include "sshkey.h"
35: #include "ssherr.h"
36: #include "digest.h"
37:
38: #include "ssh-sk.h"
39: #include "sk-api.h"
1.6 markus 40: #include "crypto_api.h"
1.1 djm 41:
42: struct sshsk_provider {
43: char *path;
44: void *dlhandle;
45:
46: /* Return the version of the middleware API */
47: uint32_t (*sk_api_version)(void);
48:
49: /* Enroll a U2F key (private key generation) */
1.7 markus 50: int (*sk_enroll)(int alg, const uint8_t *challenge,
51: size_t challenge_len, const char *application, uint8_t flags,
1.21 ! djm 52: const char *pin, struct sk_enroll_response **enroll_response);
1.1 djm 53:
54: /* Sign a challenge */
1.7 markus 55: int (*sk_sign)(int alg, const uint8_t *message, size_t message_len,
1.1 djm 56: const char *application,
57: const uint8_t *key_handle, size_t key_handle_len,
1.21 ! djm 58: uint8_t flags, const char *pin,
! 59: struct sk_sign_response **sign_response);
1.20 djm 60:
61: /* Enumerate resident keys */
62: int (*sk_load_resident_keys)(const char *pin,
63: struct sk_resident_key ***rks, size_t *nrks);
1.1 djm 64: };
65:
1.12 djm 66: /* Built-in version */
67: int ssh_sk_enroll(int alg, const uint8_t *challenge,
68: size_t challenge_len, const char *application, uint8_t flags,
1.21 ! djm 69: const char *pin, struct sk_enroll_response **enroll_response);
1.12 djm 70: int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len,
71: const char *application,
72: const uint8_t *key_handle, size_t key_handle_len,
1.21 ! djm 73: uint8_t flags, const char *pin, struct sk_sign_response **sign_response);
1.20 djm 74: int ssh_sk_load_resident_keys(const char *pin,
75: struct sk_resident_key ***rks, size_t *nrks);
1.12 djm 76:
1.1 djm 77: static void
78: sshsk_free(struct sshsk_provider *p)
79: {
80: if (p == NULL)
81: return;
82: free(p->path);
83: if (p->dlhandle != NULL)
84: dlclose(p->dlhandle);
85: free(p);
86: }
87:
88: static struct sshsk_provider *
89: sshsk_open(const char *path)
90: {
91: struct sshsk_provider *ret = NULL;
92: uint32_t version;
93:
94: if ((ret = calloc(1, sizeof(*ret))) == NULL) {
95: error("%s: calloc failed", __func__);
96: return NULL;
97: }
98: if ((ret->path = strdup(path)) == NULL) {
99: error("%s: strdup failed", __func__);
100: goto fail;
1.12 djm 101: }
102: /* Skip the rest if we're using the linked in middleware */
103: if (strcasecmp(ret->path, "internal") == 0) {
104: ret->sk_enroll = ssh_sk_enroll;
105: ret->sk_sign = ssh_sk_sign;
1.20 djm 106: ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
1.12 djm 107: return ret;
1.1 djm 108: }
109: if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
110: error("Security key provider %s dlopen failed: %s",
111: path, dlerror());
112: goto fail;
113: }
114: if ((ret->sk_api_version = dlsym(ret->dlhandle,
115: "sk_api_version")) == NULL) {
116: error("Security key provider %s dlsym(sk_api_version) "
117: "failed: %s", path, dlerror());
118: goto fail;
119: }
120: version = ret->sk_api_version();
121: debug("%s: provider %s implements version 0x%08lx", __func__,
122: ret->path, (u_long)version);
123: if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
124: error("Security key provider %s implements unsupported version "
125: "0x%08lx (supported: 0x%08lx)", path, (u_long)version,
126: (u_long)SSH_SK_VERSION_MAJOR);
127: goto fail;
128: }
129: if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
130: error("Security key provider %s dlsym(sk_enroll) "
131: "failed: %s", path, dlerror());
132: goto fail;
133: }
134: if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
135: error("Security key provider %s dlsym(sk_sign) failed: %s",
136: path, dlerror());
137: goto fail;
138: }
1.20 djm 139: if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
140: "sk_load_resident_keys")) == NULL) {
141: error("Security key provider %s dlsym(sk_load_resident_keys) "
142: "failed: %s", path, dlerror());
143: goto fail;
144: }
1.1 djm 145: /* success */
146: return ret;
147: fail:
148: sshsk_free(ret);
149: return NULL;
150: }
151:
152: static void
153: sshsk_free_enroll_response(struct sk_enroll_response *r)
154: {
155: if (r == NULL)
156: return;
157: freezero(r->key_handle, r->key_handle_len);
158: freezero(r->public_key, r->public_key_len);
159: freezero(r->signature, r->signature_len);
160: freezero(r->attestation_cert, r->attestation_cert_len);
161: freezero(r, sizeof(*r));
1.17 djm 162: }
1.1 djm 163:
164: static void
165: sshsk_free_sign_response(struct sk_sign_response *r)
166: {
167: if (r == NULL)
168: return;
169: freezero(r->sig_r, r->sig_r_len);
170: freezero(r->sig_s, r->sig_s_len);
171: freezero(r, sizeof(*r));
1.17 djm 172: }
1.1 djm 173:
1.15 naddy 174: #ifdef WITH_OPENSSL
1.2 markus 175: /* Assemble key from response */
176: static int
177: sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
178: {
179: struct sshkey *key = NULL;
180: struct sshbuf *b = NULL;
181: EC_POINT *q = NULL;
182: int r;
183:
184: *keyp = NULL;
185: if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
186: error("%s: sshkey_new failed", __func__);
187: r = SSH_ERR_ALLOC_FAIL;
188: goto out;
189: }
190: key->ecdsa_nid = NID_X9_62_prime256v1;
191: if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
192: (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
193: (b = sshbuf_new()) == NULL) {
194: error("%s: allocation failed", __func__);
195: r = SSH_ERR_ALLOC_FAIL;
196: goto out;
197: }
198: if ((r = sshbuf_put_string(b,
199: resp->public_key, resp->public_key_len)) != 0) {
200: error("%s: buffer error: %s", __func__, ssh_err(r));
201: goto out;
202: }
203: if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
204: error("%s: parse key: %s", __func__, ssh_err(r));
205: r = SSH_ERR_INVALID_FORMAT;
206: goto out;
207: }
208: if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
209: error("Security key returned invalid ECDSA key");
210: r = SSH_ERR_KEY_INVALID_EC_VALUE;
211: goto out;
212: }
213: if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
214: /* XXX assume it is a allocation error */
215: error("%s: allocation failed", __func__);
216: r = SSH_ERR_ALLOC_FAIL;
217: goto out;
218: }
219: /* success */
220: *keyp = key;
221: key = NULL; /* transferred */
222: r = 0;
223: out:
224: EC_POINT_free(q);
225: sshkey_free(key);
226: sshbuf_free(b);
227: return r;
228: }
1.15 naddy 229: #endif /* WITH_OPENSSL */
1.2 markus 230:
1.6 markus 231: static int
232: sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
233: {
234: struct sshkey *key = NULL;
235: int r;
236:
237: *keyp = NULL;
238: if (resp->public_key_len != ED25519_PK_SZ) {
239: error("%s: invalid size: %zu", __func__, resp->public_key_len);
240: r = SSH_ERR_INVALID_FORMAT;
241: goto out;
242: }
243: if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
244: error("%s: sshkey_new failed", __func__);
245: r = SSH_ERR_ALLOC_FAIL;
246: goto out;
247: }
248: if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
249: error("%s: malloc failed", __func__);
250: r = SSH_ERR_ALLOC_FAIL;
251: goto out;
252: }
253: memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
254: /* success */
255: *keyp = key;
256: key = NULL; /* transferred */
257: r = 0;
258: out:
259: sshkey_free(key);
260: return r;
261: }
262:
1.19 djm 263: static int
264: sshsk_key_from_response(int alg, const char *application, uint8_t flags,
265: struct sk_enroll_response *resp, struct sshkey **keyp)
266: {
267: struct sshkey *key = NULL;
268: int r = SSH_ERR_INTERNAL_ERROR;
269:
270: *keyp = NULL;
271:
272: /* Check response validity */
1.20 djm 273: if (resp->public_key == NULL || resp->key_handle == NULL) {
1.19 djm 274: error("%s: sk_enroll response invalid", __func__);
275: r = SSH_ERR_INVALID_FORMAT;
276: goto out;
277: }
278: switch (alg) {
279: #ifdef WITH_OPENSSL
280: case SSH_SK_ECDSA:
281: if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
282: goto out;
283: break;
284: #endif /* WITH_OPENSSL */
285: case SSH_SK_ED25519:
286: if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
287: goto out;
288: break;
289: default:
290: error("%s: unsupported algorithm %d", __func__, alg);
291: r = SSH_ERR_INVALID_ARGUMENT;
292: goto out;
293: }
294: key->sk_flags = flags;
295: if ((key->sk_key_handle = sshbuf_new()) == NULL ||
296: (key->sk_reserved = sshbuf_new()) == NULL) {
297: error("%s: allocation failed", __func__);
298: r = SSH_ERR_ALLOC_FAIL;
299: goto out;
300: }
301: if ((key->sk_application = strdup(application)) == NULL) {
302: error("%s: strdup application failed", __func__);
303: r = SSH_ERR_ALLOC_FAIL;
304: goto out;
305: }
306: if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
307: resp->key_handle_len)) != 0) {
308: error("%s: buffer error: %s", __func__, ssh_err(r));
309: goto out;
310: }
311: /* success */
312: r = 0;
313: *keyp = key;
314: key = NULL;
315: out:
316: sshkey_free(key);
317: return r;
318: }
319:
1.1 djm 320: int
1.6 markus 321: sshsk_enroll(int type, const char *provider_path, const char *application,
1.21 ! djm 322: uint8_t flags, const char *pin, struct sshbuf *challenge_buf,
! 323: struct sshkey **keyp, struct sshbuf *attest)
1.1 djm 324: {
325: struct sshsk_provider *skp = NULL;
326: struct sshkey *key = NULL;
327: u_char randchall[32];
328: const u_char *challenge;
329: size_t challenge_len;
330: struct sk_enroll_response *resp = NULL;
331: int r = SSH_ERR_INTERNAL_ERROR;
1.7 markus 332: int alg;
1.1 djm 333:
1.13 djm 334: debug("%s: provider \"%s\", application \"%s\", flags 0x%02x, "
1.21 ! djm 335: "challenge len %zu%s", __func__, provider_path, application,
! 336: flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf),
! 337: (pin != NULL && *pin != '\0') ? " with-pin" : "");
1.13 djm 338:
1.1 djm 339: *keyp = NULL;
340: if (attest)
341: sshbuf_reset(attest);
1.6 markus 342: switch (type) {
1.15 naddy 343: #ifdef WITH_OPENSSL
1.6 markus 344: case KEY_ECDSA_SK:
1.7 markus 345: alg = SSH_SK_ECDSA;
346: break;
1.15 naddy 347: #endif /* WITH_OPENSSL */
1.6 markus 348: case KEY_ED25519_SK:
1.7 markus 349: alg = SSH_SK_ED25519;
1.6 markus 350: break;
351: default:
352: error("%s: unsupported key type", __func__);
353: r = SSH_ERR_INVALID_ARGUMENT;
354: goto out;
355: }
1.1 djm 356: if (provider_path == NULL) {
357: error("%s: missing provider", __func__);
358: r = SSH_ERR_INVALID_ARGUMENT;
359: goto out;
360: }
361: if (application == NULL || *application == '\0') {
362: error("%s: missing application", __func__);
363: r = SSH_ERR_INVALID_ARGUMENT;
364: goto out;
365: }
366: if (challenge_buf == NULL) {
367: debug("%s: using random challenge", __func__);
368: arc4random_buf(randchall, sizeof(randchall));
369: challenge = randchall;
370: challenge_len = sizeof(randchall);
371: } else if (sshbuf_len(challenge_buf) == 0) {
372: error("Missing enrollment challenge");
373: r = SSH_ERR_INVALID_ARGUMENT;
374: goto out;
375: } else {
376: challenge = sshbuf_ptr(challenge_buf);
377: challenge_len = sshbuf_len(challenge_buf);
378: debug3("%s: using explicit challenge len=%zd",
379: __func__, challenge_len);
380: }
381: if ((skp = sshsk_open(provider_path)) == NULL) {
382: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
383: goto out;
384: }
385: /* XXX validate flags? */
386: /* enroll key */
1.7 markus 387: if ((r = skp->sk_enroll(alg, challenge, challenge_len, application,
1.21 ! djm 388: flags, pin, &resp)) != 0) {
1.1 djm 389: error("Security key provider %s returned failure %d",
390: provider_path, r);
391: r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */
392: goto out;
393: }
1.19 djm 394:
395: if ((r = sshsk_key_from_response(alg, application, flags,
396: resp, &key)) != 0)
1.1 djm 397: goto out;
1.19 djm 398:
1.1 djm 399: /* Optionally fill in the attestation information */
400: if (attest != NULL) {
401: if ((r = sshbuf_put_cstring(attest, "sk-attest-v00")) != 0 ||
402: (r = sshbuf_put_u32(attest, 1)) != 0 || /* XXX U2F ver */
403: (r = sshbuf_put_string(attest,
404: resp->attestation_cert, resp->attestation_cert_len)) != 0 ||
405: (r = sshbuf_put_string(attest,
406: resp->signature, resp->signature_len)) != 0 ||
407: (r = sshbuf_put_u32(attest, flags)) != 0 || /* XXX right? */
408: (r = sshbuf_put_string(attest, NULL, 0)) != 0) {
409: error("%s: buffer error: %s", __func__, ssh_err(r));
410: goto out;
411: }
412: }
413: /* success */
414: *keyp = key;
415: key = NULL; /* transferred */
416: r = 0;
417: out:
418: sshsk_free(skp);
419: sshkey_free(key);
420: sshsk_free_enroll_response(resp);
421: explicit_bzero(randchall, sizeof(randchall));
422: return r;
423: }
424:
1.15 naddy 425: #ifdef WITH_OPENSSL
1.3 markus 426: static int
1.9 markus 427: sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
1.3 markus 428: {
429: struct sshbuf *inner_sig = NULL;
430: int r = SSH_ERR_INTERNAL_ERROR;
431:
1.8 markus 432: /* Check response validity */
1.11 markus 433: if (resp->sig_r == NULL || resp->sig_s == NULL) {
1.8 markus 434: error("%s: sk_sign response invalid", __func__);
435: r = SSH_ERR_INVALID_FORMAT;
436: goto out;
437: }
1.3 markus 438: if ((inner_sig = sshbuf_new()) == NULL) {
439: r = SSH_ERR_ALLOC_FAIL;
440: goto out;
441: }
1.9 markus 442: /* Prepare and append inner signature object */
1.3 markus 443: if ((r = sshbuf_put_bignum2_bytes(inner_sig,
444: resp->sig_r, resp->sig_r_len)) != 0 ||
445: (r = sshbuf_put_bignum2_bytes(inner_sig,
1.16 djm 446: resp->sig_s, resp->sig_s_len)) != 0) {
1.3 markus 447: debug("%s: buffer error: %s", __func__, ssh_err(r));
448: goto out;
449: }
1.16 djm 450: if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
451: (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
452: (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
1.9 markus 453: debug("%s: buffer error: %s", __func__, ssh_err(r));
454: goto out;
455: }
1.3 markus 456: #ifdef DEBUG_SK
457: fprintf(stderr, "%s: sig_r:\n", __func__);
458: sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
459: fprintf(stderr, "%s: sig_s:\n", __func__);
460: sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
1.9 markus 461: fprintf(stderr, "%s: inner:\n", __func__);
462: sshbuf_dump(inner_sig, stderr);
1.5 markus 463: #endif
464: r = 0;
1.9 markus 465: out:
1.5 markus 466: sshbuf_free(inner_sig);
467: return r;
468: }
1.15 naddy 469: #endif /* WITH_OPENSSL */
1.5 markus 470:
471: static int
1.9 markus 472: sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
1.5 markus 473: {
474: int r = SSH_ERR_INTERNAL_ERROR;
475:
1.8 markus 476: /* Check response validity */
477: if (resp->sig_r == NULL) {
478: error("%s: sk_sign response invalid", __func__);
479: r = SSH_ERR_INVALID_FORMAT;
480: goto out;
481: }
1.9 markus 482: if ((r = sshbuf_put_string(sig,
1.5 markus 483: resp->sig_r, resp->sig_r_len)) != 0 ||
1.9 markus 484: (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
485: (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
1.5 markus 486: debug("%s: buffer error: %s", __func__, ssh_err(r));
487: goto out;
488: }
489: #ifdef DEBUG_SK
490: fprintf(stderr, "%s: sig_r:\n", __func__);
491: sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
1.3 markus 492: #endif
493: r = 0;
1.9 markus 494: out:
495: return 0;
1.3 markus 496: }
497:
1.1 djm 498: int
1.18 djm 499: sshsk_sign(const char *provider_path, struct sshkey *key,
1.1 djm 500: u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
1.21 ! djm 501: u_int compat, const char *pin)
1.1 djm 502: {
503: struct sshsk_provider *skp = NULL;
504: int r = SSH_ERR_INTERNAL_ERROR;
1.7 markus 505: int type, alg;
1.1 djm 506: struct sk_sign_response *resp = NULL;
507: struct sshbuf *inner_sig = NULL, *sig = NULL;
508: uint8_t message[32];
1.13 djm 509:
1.21 ! djm 510: debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__,
! 511: provider_path, sshkey_type(key), key->sk_flags,
! 512: (pin != NULL && *pin != '\0') ? " with-pin" : "");
1.1 djm 513:
514: if (sigp != NULL)
515: *sigp = NULL;
516: if (lenp != NULL)
517: *lenp = 0;
1.5 markus 518: type = sshkey_type_plain(key->type);
519: switch (type) {
1.15 naddy 520: #ifdef WITH_OPENSSL
1.5 markus 521: case KEY_ECDSA_SK:
1.7 markus 522: alg = SSH_SK_ECDSA;
523: break;
1.15 naddy 524: #endif /* WITH_OPENSSL */
1.5 markus 525: case KEY_ED25519_SK:
1.7 markus 526: alg = SSH_SK_ED25519;
1.5 markus 527: break;
528: default:
529: return SSH_ERR_INVALID_ARGUMENT;
530: }
1.1 djm 531: if (provider_path == NULL ||
532: key->sk_key_handle == NULL ||
533: key->sk_application == NULL || *key->sk_application == '\0') {
534: r = SSH_ERR_INVALID_ARGUMENT;
535: goto out;
536: }
537: if ((skp = sshsk_open(provider_path)) == NULL) {
538: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
539: goto out;
540: }
541:
542: /* hash data to be signed before it goes to the security key */
543: if ((r = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
544: message, sizeof(message))) != 0) {
545: error("%s: hash application failed: %s", __func__, ssh_err(r));
546: r = SSH_ERR_INTERNAL_ERROR;
547: goto out;
548: }
1.7 markus 549: if ((r = skp->sk_sign(alg, message, sizeof(message),
1.1 djm 550: key->sk_application,
551: sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle),
1.21 ! djm 552: key->sk_flags, pin, &resp)) != 0) {
1.1 djm 553: debug("%s: sk_sign failed with code %d", __func__, r);
554: goto out;
555: }
1.9 markus 556: /* Assemble signature */
557: if ((sig = sshbuf_new()) == NULL) {
558: r = SSH_ERR_ALLOC_FAIL;
559: goto out;
560: }
561: if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
562: debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
563: goto out;
564: }
1.5 markus 565: switch (type) {
1.15 naddy 566: #ifdef WITH_OPENSSL
1.5 markus 567: case KEY_ECDSA_SK:
1.9 markus 568: if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
1.5 markus 569: goto out;
570: break;
1.15 naddy 571: #endif /* WITH_OPENSSL */
1.5 markus 572: case KEY_ED25519_SK:
1.9 markus 573: if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
1.5 markus 574: goto out;
575: break;
576: }
1.1 djm 577: #ifdef DEBUG_SK
1.5 markus 578: fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
579: __func__, resp->flags, resp->counter);
1.1 djm 580: fprintf(stderr, "%s: hashed message:\n", __func__);
581: sshbuf_dump_data(message, sizeof(message), stderr);
582: fprintf(stderr, "%s: sigbuf:\n", __func__);
583: sshbuf_dump(sig, stderr);
584: #endif
585: if (sigp != NULL) {
586: if ((*sigp = malloc(sshbuf_len(sig))) == NULL) {
587: r = SSH_ERR_ALLOC_FAIL;
588: goto out;
589: }
590: memcpy(*sigp, sshbuf_ptr(sig), sshbuf_len(sig));
591: }
592: if (lenp != NULL)
593: *lenp = sshbuf_len(sig);
594: /* success */
595: r = 0;
596: out:
597: explicit_bzero(message, sizeof(message));
598: sshsk_free(skp);
599: sshsk_free_sign_response(resp);
600: sshbuf_free(sig);
601: sshbuf_free(inner_sig);
602: return r;
603: }
1.20 djm 604:
605: static void
606: sshsk_free_sk_resident_keys(struct sk_resident_key **rks, size_t nrks)
607: {
608: size_t i;
609:
610: if (nrks == 0 || rks == NULL)
611: return;
612: for (i = 0; i < nrks; i++) {
613: free(rks[i]->application);
614: freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
615: freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
616: freezero(rks[i]->key.signature, rks[i]->key.signature_len);
617: freezero(rks[i]->key.attestation_cert,
618: rks[i]->key.attestation_cert_len);
619: freezero(rks[i], sizeof(**rks));
620: }
621: free(rks);
622: }
623:
624: int
625: sshsk_load_resident(const char *provider_path, const char *pin,
626: struct sshkey ***keysp, size_t *nkeysp)
627: {
628: struct sshsk_provider *skp = NULL;
629: int r = SSH_ERR_INTERNAL_ERROR;
630: struct sk_resident_key **rks = NULL;
631: size_t i, nrks = 0, nkeys = 0;
632: struct sshkey *key = NULL, **keys = NULL, **tmp;
633: uint8_t flags;
634:
635: debug("%s: provider \"%s\"%s", __func__, provider_path,
636: (pin != NULL && *pin != '\0') ? ", have-pin": "");
637:
638: if (keysp == NULL || nkeysp == NULL)
639: return SSH_ERR_INVALID_ARGUMENT;
640: *keysp = NULL;
641: *nkeysp = 0;
642:
643: if ((skp = sshsk_open(provider_path)) == NULL) {
644: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
645: goto out;
646: }
647: if ((r = skp->sk_load_resident_keys(pin, &rks, &nrks)) != 0) {
648: error("Security key provider %s returned failure %d",
649: provider_path, r);
650: r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */
651: goto out;
652: }
653: for (i = 0; i < nrks; i++) {
654: debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"",
655: __func__, i, rks[i]->slot, rks[i]->alg,
656: rks[i]->application);
657: /* XXX need better filter here */
658: if (strncmp(rks[i]->application, "ssh:", 4) != 0)
659: continue;
660: switch (rks[i]->alg) {
661: case SSH_SK_ECDSA:
662: case SSH_SK_ED25519:
663: break;
664: default:
665: continue;
666: }
667: /* XXX where to get flags? */
668: flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY;
669: if ((r = sshsk_key_from_response(rks[i]->alg,
670: rks[i]->application, flags, &rks[i]->key, &key)) != 0)
671: goto out;
672: if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
673: sizeof(*tmp))) == NULL) {
674: error("%s: recallocarray failed", __func__);
675: r = SSH_ERR_ALLOC_FAIL;
676: goto out;
677: }
678: keys = tmp;
679: keys[nkeys++] = key;
680: key = NULL;
681: /* XXX synthesise comment */
682: }
683: /* success */
684: *keysp = keys;
685: *nkeysp = nkeys;
686: keys = NULL;
687: nkeys = 0;
688: r = 0;
689: out:
690: sshsk_free(skp);
691: sshsk_free_sk_resident_keys(rks, nrks);
692: sshkey_free(key);
693: if (nkeys != 0) {
694: for (i = 0; i < nkeys; i++)
695: sshkey_free(keys[i]);
696: free(keys);
697: }
698: return r;
699: }
700: