Annotation of src/usr.bin/ssh/ssh-sk.c, Revision 1.23
1.23 ! djm 1: /* $OpenBSD: ssh-sk.c,v 1.22 2019/12/30 09:24:03 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2019 Google LLC
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* #define DEBUG_SK 1 */
19:
20: #include <dlfcn.h>
21: #include <stddef.h>
22: #include <stdint.h>
23: #include <string.h>
24: #include <stdio.h>
25:
1.15 naddy 26: #ifdef WITH_OPENSSL
1.1 djm 27: #include <openssl/objects.h>
28: #include <openssl/ec.h>
1.15 naddy 29: #endif /* WITH_OPENSSL */
1.1 djm 30:
31: #include "log.h"
32: #include "misc.h"
33: #include "sshbuf.h"
34: #include "sshkey.h"
35: #include "ssherr.h"
36: #include "digest.h"
37:
38: #include "ssh-sk.h"
39: #include "sk-api.h"
1.6 markus 40: #include "crypto_api.h"
1.1 djm 41:
42: struct sshsk_provider {
43: char *path;
44: void *dlhandle;
45:
46: /* Return the version of the middleware API */
47: uint32_t (*sk_api_version)(void);
48:
49: /* Enroll a U2F key (private key generation) */
1.7 markus 50: int (*sk_enroll)(int alg, const uint8_t *challenge,
51: size_t challenge_len, const char *application, uint8_t flags,
1.21 djm 52: const char *pin, struct sk_enroll_response **enroll_response);
1.1 djm 53:
54: /* Sign a challenge */
1.7 markus 55: int (*sk_sign)(int alg, const uint8_t *message, size_t message_len,
1.1 djm 56: const char *application,
57: const uint8_t *key_handle, size_t key_handle_len,
1.21 djm 58: uint8_t flags, const char *pin,
59: struct sk_sign_response **sign_response);
1.20 djm 60:
61: /* Enumerate resident keys */
62: int (*sk_load_resident_keys)(const char *pin,
63: struct sk_resident_key ***rks, size_t *nrks);
1.1 djm 64: };
65:
1.12 djm 66: /* Built-in version */
67: int ssh_sk_enroll(int alg, const uint8_t *challenge,
68: size_t challenge_len, const char *application, uint8_t flags,
1.21 djm 69: const char *pin, struct sk_enroll_response **enroll_response);
1.12 djm 70: int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len,
71: const char *application,
72: const uint8_t *key_handle, size_t key_handle_len,
1.21 djm 73: uint8_t flags, const char *pin, struct sk_sign_response **sign_response);
1.20 djm 74: int ssh_sk_load_resident_keys(const char *pin,
75: struct sk_resident_key ***rks, size_t *nrks);
1.12 djm 76:
1.1 djm 77: static void
78: sshsk_free(struct sshsk_provider *p)
79: {
80: if (p == NULL)
81: return;
82: free(p->path);
83: if (p->dlhandle != NULL)
84: dlclose(p->dlhandle);
85: free(p);
86: }
87:
88: static struct sshsk_provider *
89: sshsk_open(const char *path)
90: {
91: struct sshsk_provider *ret = NULL;
92: uint32_t version;
93:
94: if ((ret = calloc(1, sizeof(*ret))) == NULL) {
95: error("%s: calloc failed", __func__);
96: return NULL;
97: }
98: if ((ret->path = strdup(path)) == NULL) {
99: error("%s: strdup failed", __func__);
100: goto fail;
1.12 djm 101: }
102: /* Skip the rest if we're using the linked in middleware */
103: if (strcasecmp(ret->path, "internal") == 0) {
104: ret->sk_enroll = ssh_sk_enroll;
105: ret->sk_sign = ssh_sk_sign;
1.20 djm 106: ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
1.12 djm 107: return ret;
1.1 djm 108: }
109: if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
1.22 djm 110: error("Security key provider \"%s\" dlopen failed: %s",
1.1 djm 111: path, dlerror());
112: goto fail;
113: }
114: if ((ret->sk_api_version = dlsym(ret->dlhandle,
115: "sk_api_version")) == NULL) {
1.22 djm 116: error("Security key provider \"%s\" dlsym(sk_api_version) "
1.1 djm 117: "failed: %s", path, dlerror());
118: goto fail;
119: }
120: version = ret->sk_api_version();
121: debug("%s: provider %s implements version 0x%08lx", __func__,
122: ret->path, (u_long)version);
123: if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
1.22 djm 124: error("Security key provider \"%s\" implements unsupported "
125: "version 0x%08lx (supported: 0x%08lx)",
126: path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR);
1.1 djm 127: goto fail;
128: }
129: if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
130: error("Security key provider %s dlsym(sk_enroll) "
131: "failed: %s", path, dlerror());
132: goto fail;
133: }
134: if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
1.22 djm 135: error("Security key provider \"%s\" dlsym(sk_sign) failed: %s",
1.1 djm 136: path, dlerror());
137: goto fail;
138: }
1.20 djm 139: if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
140: "sk_load_resident_keys")) == NULL) {
1.22 djm 141: error("Security key provider \"%s\" "
142: "dlsym(sk_load_resident_keys) failed: %s", path, dlerror());
1.20 djm 143: goto fail;
144: }
1.1 djm 145: /* success */
146: return ret;
147: fail:
148: sshsk_free(ret);
149: return NULL;
150: }
151:
152: static void
153: sshsk_free_enroll_response(struct sk_enroll_response *r)
154: {
155: if (r == NULL)
156: return;
157: freezero(r->key_handle, r->key_handle_len);
158: freezero(r->public_key, r->public_key_len);
159: freezero(r->signature, r->signature_len);
160: freezero(r->attestation_cert, r->attestation_cert_len);
161: freezero(r, sizeof(*r));
1.17 djm 162: }
1.1 djm 163:
164: static void
165: sshsk_free_sign_response(struct sk_sign_response *r)
166: {
167: if (r == NULL)
168: return;
169: freezero(r->sig_r, r->sig_r_len);
170: freezero(r->sig_s, r->sig_s_len);
171: freezero(r, sizeof(*r));
1.17 djm 172: }
1.1 djm 173:
1.15 naddy 174: #ifdef WITH_OPENSSL
1.2 markus 175: /* Assemble key from response */
176: static int
177: sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
178: {
179: struct sshkey *key = NULL;
180: struct sshbuf *b = NULL;
181: EC_POINT *q = NULL;
182: int r;
183:
184: *keyp = NULL;
185: if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
186: error("%s: sshkey_new failed", __func__);
187: r = SSH_ERR_ALLOC_FAIL;
188: goto out;
189: }
190: key->ecdsa_nid = NID_X9_62_prime256v1;
191: if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
192: (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
193: (b = sshbuf_new()) == NULL) {
194: error("%s: allocation failed", __func__);
195: r = SSH_ERR_ALLOC_FAIL;
196: goto out;
197: }
198: if ((r = sshbuf_put_string(b,
199: resp->public_key, resp->public_key_len)) != 0) {
200: error("%s: buffer error: %s", __func__, ssh_err(r));
201: goto out;
202: }
203: if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
204: error("%s: parse key: %s", __func__, ssh_err(r));
205: r = SSH_ERR_INVALID_FORMAT;
206: goto out;
207: }
208: if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
209: error("Security key returned invalid ECDSA key");
210: r = SSH_ERR_KEY_INVALID_EC_VALUE;
211: goto out;
212: }
213: if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
214: /* XXX assume it is a allocation error */
215: error("%s: allocation failed", __func__);
216: r = SSH_ERR_ALLOC_FAIL;
217: goto out;
218: }
219: /* success */
220: *keyp = key;
221: key = NULL; /* transferred */
222: r = 0;
223: out:
224: EC_POINT_free(q);
225: sshkey_free(key);
226: sshbuf_free(b);
227: return r;
228: }
1.15 naddy 229: #endif /* WITH_OPENSSL */
1.2 markus 230:
1.6 markus 231: static int
232: sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
233: {
234: struct sshkey *key = NULL;
235: int r;
236:
237: *keyp = NULL;
238: if (resp->public_key_len != ED25519_PK_SZ) {
239: error("%s: invalid size: %zu", __func__, resp->public_key_len);
240: r = SSH_ERR_INVALID_FORMAT;
241: goto out;
242: }
243: if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
244: error("%s: sshkey_new failed", __func__);
245: r = SSH_ERR_ALLOC_FAIL;
246: goto out;
247: }
248: if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
249: error("%s: malloc failed", __func__);
250: r = SSH_ERR_ALLOC_FAIL;
251: goto out;
252: }
253: memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
254: /* success */
255: *keyp = key;
256: key = NULL; /* transferred */
257: r = 0;
258: out:
259: sshkey_free(key);
260: return r;
261: }
262:
1.19 djm 263: static int
264: sshsk_key_from_response(int alg, const char *application, uint8_t flags,
265: struct sk_enroll_response *resp, struct sshkey **keyp)
266: {
267: struct sshkey *key = NULL;
268: int r = SSH_ERR_INTERNAL_ERROR;
269:
270: *keyp = NULL;
271:
272: /* Check response validity */
1.20 djm 273: if (resp->public_key == NULL || resp->key_handle == NULL) {
1.19 djm 274: error("%s: sk_enroll response invalid", __func__);
275: r = SSH_ERR_INVALID_FORMAT;
276: goto out;
277: }
278: switch (alg) {
279: #ifdef WITH_OPENSSL
280: case SSH_SK_ECDSA:
281: if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
282: goto out;
283: break;
284: #endif /* WITH_OPENSSL */
285: case SSH_SK_ED25519:
286: if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
287: goto out;
288: break;
289: default:
290: error("%s: unsupported algorithm %d", __func__, alg);
291: r = SSH_ERR_INVALID_ARGUMENT;
292: goto out;
293: }
294: key->sk_flags = flags;
295: if ((key->sk_key_handle = sshbuf_new()) == NULL ||
296: (key->sk_reserved = sshbuf_new()) == NULL) {
297: error("%s: allocation failed", __func__);
298: r = SSH_ERR_ALLOC_FAIL;
299: goto out;
300: }
301: if ((key->sk_application = strdup(application)) == NULL) {
302: error("%s: strdup application failed", __func__);
303: r = SSH_ERR_ALLOC_FAIL;
304: goto out;
305: }
306: if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
307: resp->key_handle_len)) != 0) {
308: error("%s: buffer error: %s", __func__, ssh_err(r));
309: goto out;
310: }
311: /* success */
312: r = 0;
313: *keyp = key;
314: key = NULL;
315: out:
316: sshkey_free(key);
317: return r;
318: }
319:
1.23 ! djm 320: static int
! 321: skerr_to_ssherr(int skerr)
! 322: {
! 323: switch (skerr) {
! 324: case SSH_SK_ERR_UNSUPPORTED:
! 325: return SSH_ERR_FEATURE_UNSUPPORTED;
! 326: case SSH_SK_ERR_PIN_REQUIRED:
! 327: return SSH_ERR_KEY_WRONG_PASSPHRASE;
! 328: case SSH_SK_ERR_GENERAL:
! 329: default:
! 330: return SSH_ERR_INVALID_FORMAT;
! 331: }
! 332: }
! 333:
1.1 djm 334: int
1.6 markus 335: sshsk_enroll(int type, const char *provider_path, const char *application,
1.21 djm 336: uint8_t flags, const char *pin, struct sshbuf *challenge_buf,
337: struct sshkey **keyp, struct sshbuf *attest)
1.1 djm 338: {
339: struct sshsk_provider *skp = NULL;
340: struct sshkey *key = NULL;
341: u_char randchall[32];
342: const u_char *challenge;
343: size_t challenge_len;
344: struct sk_enroll_response *resp = NULL;
345: int r = SSH_ERR_INTERNAL_ERROR;
1.7 markus 346: int alg;
1.1 djm 347:
1.13 djm 348: debug("%s: provider \"%s\", application \"%s\", flags 0x%02x, "
1.21 djm 349: "challenge len %zu%s", __func__, provider_path, application,
350: flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf),
351: (pin != NULL && *pin != '\0') ? " with-pin" : "");
1.13 djm 352:
1.1 djm 353: *keyp = NULL;
354: if (attest)
355: sshbuf_reset(attest);
1.6 markus 356: switch (type) {
1.15 naddy 357: #ifdef WITH_OPENSSL
1.6 markus 358: case KEY_ECDSA_SK:
1.7 markus 359: alg = SSH_SK_ECDSA;
360: break;
1.15 naddy 361: #endif /* WITH_OPENSSL */
1.6 markus 362: case KEY_ED25519_SK:
1.7 markus 363: alg = SSH_SK_ED25519;
1.6 markus 364: break;
365: default:
366: error("%s: unsupported key type", __func__);
367: r = SSH_ERR_INVALID_ARGUMENT;
368: goto out;
369: }
1.1 djm 370: if (provider_path == NULL) {
371: error("%s: missing provider", __func__);
372: r = SSH_ERR_INVALID_ARGUMENT;
373: goto out;
374: }
375: if (application == NULL || *application == '\0') {
376: error("%s: missing application", __func__);
377: r = SSH_ERR_INVALID_ARGUMENT;
378: goto out;
379: }
380: if (challenge_buf == NULL) {
381: debug("%s: using random challenge", __func__);
382: arc4random_buf(randchall, sizeof(randchall));
383: challenge = randchall;
384: challenge_len = sizeof(randchall);
385: } else if (sshbuf_len(challenge_buf) == 0) {
386: error("Missing enrollment challenge");
387: r = SSH_ERR_INVALID_ARGUMENT;
388: goto out;
389: } else {
390: challenge = sshbuf_ptr(challenge_buf);
391: challenge_len = sshbuf_len(challenge_buf);
392: debug3("%s: using explicit challenge len=%zd",
393: __func__, challenge_len);
394: }
395: if ((skp = sshsk_open(provider_path)) == NULL) {
396: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
397: goto out;
398: }
399: /* XXX validate flags? */
400: /* enroll key */
1.7 markus 401: if ((r = skp->sk_enroll(alg, challenge, challenge_len, application,
1.21 djm 402: flags, pin, &resp)) != 0) {
1.22 djm 403: error("Security key provider \"%s\" returned failure %d",
1.1 djm 404: provider_path, r);
1.23 ! djm 405: r = skerr_to_ssherr(r);
1.1 djm 406: goto out;
407: }
1.19 djm 408:
409: if ((r = sshsk_key_from_response(alg, application, flags,
410: resp, &key)) != 0)
1.1 djm 411: goto out;
1.19 djm 412:
1.1 djm 413: /* Optionally fill in the attestation information */
414: if (attest != NULL) {
415: if ((r = sshbuf_put_cstring(attest, "sk-attest-v00")) != 0 ||
416: (r = sshbuf_put_u32(attest, 1)) != 0 || /* XXX U2F ver */
417: (r = sshbuf_put_string(attest,
418: resp->attestation_cert, resp->attestation_cert_len)) != 0 ||
419: (r = sshbuf_put_string(attest,
420: resp->signature, resp->signature_len)) != 0 ||
421: (r = sshbuf_put_u32(attest, flags)) != 0 || /* XXX right? */
422: (r = sshbuf_put_string(attest, NULL, 0)) != 0) {
423: error("%s: buffer error: %s", __func__, ssh_err(r));
424: goto out;
425: }
426: }
427: /* success */
428: *keyp = key;
429: key = NULL; /* transferred */
430: r = 0;
431: out:
432: sshsk_free(skp);
433: sshkey_free(key);
434: sshsk_free_enroll_response(resp);
435: explicit_bzero(randchall, sizeof(randchall));
436: return r;
437: }
438:
1.15 naddy 439: #ifdef WITH_OPENSSL
1.3 markus 440: static int
1.9 markus 441: sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
1.3 markus 442: {
443: struct sshbuf *inner_sig = NULL;
444: int r = SSH_ERR_INTERNAL_ERROR;
445:
1.8 markus 446: /* Check response validity */
1.11 markus 447: if (resp->sig_r == NULL || resp->sig_s == NULL) {
1.8 markus 448: error("%s: sk_sign response invalid", __func__);
449: r = SSH_ERR_INVALID_FORMAT;
450: goto out;
451: }
1.3 markus 452: if ((inner_sig = sshbuf_new()) == NULL) {
453: r = SSH_ERR_ALLOC_FAIL;
454: goto out;
455: }
1.9 markus 456: /* Prepare and append inner signature object */
1.3 markus 457: if ((r = sshbuf_put_bignum2_bytes(inner_sig,
458: resp->sig_r, resp->sig_r_len)) != 0 ||
459: (r = sshbuf_put_bignum2_bytes(inner_sig,
1.16 djm 460: resp->sig_s, resp->sig_s_len)) != 0) {
1.3 markus 461: debug("%s: buffer error: %s", __func__, ssh_err(r));
462: goto out;
463: }
1.16 djm 464: if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
465: (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
466: (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
1.9 markus 467: debug("%s: buffer error: %s", __func__, ssh_err(r));
468: goto out;
469: }
1.3 markus 470: #ifdef DEBUG_SK
471: fprintf(stderr, "%s: sig_r:\n", __func__);
472: sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
473: fprintf(stderr, "%s: sig_s:\n", __func__);
474: sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
1.9 markus 475: fprintf(stderr, "%s: inner:\n", __func__);
476: sshbuf_dump(inner_sig, stderr);
1.5 markus 477: #endif
478: r = 0;
1.9 markus 479: out:
1.5 markus 480: sshbuf_free(inner_sig);
481: return r;
482: }
1.15 naddy 483: #endif /* WITH_OPENSSL */
1.5 markus 484:
485: static int
1.9 markus 486: sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
1.5 markus 487: {
488: int r = SSH_ERR_INTERNAL_ERROR;
489:
1.8 markus 490: /* Check response validity */
491: if (resp->sig_r == NULL) {
492: error("%s: sk_sign response invalid", __func__);
493: r = SSH_ERR_INVALID_FORMAT;
494: goto out;
495: }
1.9 markus 496: if ((r = sshbuf_put_string(sig,
1.5 markus 497: resp->sig_r, resp->sig_r_len)) != 0 ||
1.9 markus 498: (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
499: (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
1.5 markus 500: debug("%s: buffer error: %s", __func__, ssh_err(r));
501: goto out;
502: }
503: #ifdef DEBUG_SK
504: fprintf(stderr, "%s: sig_r:\n", __func__);
505: sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
1.3 markus 506: #endif
507: r = 0;
1.9 markus 508: out:
509: return 0;
1.3 markus 510: }
511:
1.1 djm 512: int
1.18 djm 513: sshsk_sign(const char *provider_path, struct sshkey *key,
1.1 djm 514: u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
1.21 djm 515: u_int compat, const char *pin)
1.1 djm 516: {
517: struct sshsk_provider *skp = NULL;
518: int r = SSH_ERR_INTERNAL_ERROR;
1.7 markus 519: int type, alg;
1.1 djm 520: struct sk_sign_response *resp = NULL;
521: struct sshbuf *inner_sig = NULL, *sig = NULL;
522: uint8_t message[32];
1.13 djm 523:
1.21 djm 524: debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__,
525: provider_path, sshkey_type(key), key->sk_flags,
526: (pin != NULL && *pin != '\0') ? " with-pin" : "");
1.1 djm 527:
528: if (sigp != NULL)
529: *sigp = NULL;
530: if (lenp != NULL)
531: *lenp = 0;
1.5 markus 532: type = sshkey_type_plain(key->type);
533: switch (type) {
1.15 naddy 534: #ifdef WITH_OPENSSL
1.5 markus 535: case KEY_ECDSA_SK:
1.7 markus 536: alg = SSH_SK_ECDSA;
537: break;
1.15 naddy 538: #endif /* WITH_OPENSSL */
1.5 markus 539: case KEY_ED25519_SK:
1.7 markus 540: alg = SSH_SK_ED25519;
1.5 markus 541: break;
542: default:
543: return SSH_ERR_INVALID_ARGUMENT;
544: }
1.1 djm 545: if (provider_path == NULL ||
546: key->sk_key_handle == NULL ||
547: key->sk_application == NULL || *key->sk_application == '\0') {
548: r = SSH_ERR_INVALID_ARGUMENT;
549: goto out;
550: }
551: if ((skp = sshsk_open(provider_path)) == NULL) {
552: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
553: goto out;
554: }
555:
556: /* hash data to be signed before it goes to the security key */
557: if ((r = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
558: message, sizeof(message))) != 0) {
559: error("%s: hash application failed: %s", __func__, ssh_err(r));
560: r = SSH_ERR_INTERNAL_ERROR;
561: goto out;
562: }
1.7 markus 563: if ((r = skp->sk_sign(alg, message, sizeof(message),
1.1 djm 564: key->sk_application,
565: sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle),
1.21 djm 566: key->sk_flags, pin, &resp)) != 0) {
1.1 djm 567: debug("%s: sk_sign failed with code %d", __func__, r);
1.23 ! djm 568: r = skerr_to_ssherr(r);
1.1 djm 569: goto out;
570: }
1.9 markus 571: /* Assemble signature */
572: if ((sig = sshbuf_new()) == NULL) {
573: r = SSH_ERR_ALLOC_FAIL;
574: goto out;
575: }
576: if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
577: debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
578: goto out;
579: }
1.5 markus 580: switch (type) {
1.15 naddy 581: #ifdef WITH_OPENSSL
1.5 markus 582: case KEY_ECDSA_SK:
1.9 markus 583: if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
1.5 markus 584: goto out;
585: break;
1.15 naddy 586: #endif /* WITH_OPENSSL */
1.5 markus 587: case KEY_ED25519_SK:
1.9 markus 588: if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
1.5 markus 589: goto out;
590: break;
591: }
1.1 djm 592: #ifdef DEBUG_SK
1.5 markus 593: fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
594: __func__, resp->flags, resp->counter);
1.1 djm 595: fprintf(stderr, "%s: hashed message:\n", __func__);
596: sshbuf_dump_data(message, sizeof(message), stderr);
597: fprintf(stderr, "%s: sigbuf:\n", __func__);
598: sshbuf_dump(sig, stderr);
599: #endif
600: if (sigp != NULL) {
601: if ((*sigp = malloc(sshbuf_len(sig))) == NULL) {
602: r = SSH_ERR_ALLOC_FAIL;
603: goto out;
604: }
605: memcpy(*sigp, sshbuf_ptr(sig), sshbuf_len(sig));
606: }
607: if (lenp != NULL)
608: *lenp = sshbuf_len(sig);
609: /* success */
610: r = 0;
611: out:
612: explicit_bzero(message, sizeof(message));
613: sshsk_free(skp);
614: sshsk_free_sign_response(resp);
615: sshbuf_free(sig);
616: sshbuf_free(inner_sig);
617: return r;
618: }
1.20 djm 619:
620: static void
621: sshsk_free_sk_resident_keys(struct sk_resident_key **rks, size_t nrks)
622: {
623: size_t i;
624:
625: if (nrks == 0 || rks == NULL)
626: return;
627: for (i = 0; i < nrks; i++) {
628: free(rks[i]->application);
629: freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
630: freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
631: freezero(rks[i]->key.signature, rks[i]->key.signature_len);
632: freezero(rks[i]->key.attestation_cert,
633: rks[i]->key.attestation_cert_len);
634: freezero(rks[i], sizeof(**rks));
635: }
636: free(rks);
637: }
638:
639: int
640: sshsk_load_resident(const char *provider_path, const char *pin,
641: struct sshkey ***keysp, size_t *nkeysp)
642: {
643: struct sshsk_provider *skp = NULL;
644: int r = SSH_ERR_INTERNAL_ERROR;
645: struct sk_resident_key **rks = NULL;
646: size_t i, nrks = 0, nkeys = 0;
647: struct sshkey *key = NULL, **keys = NULL, **tmp;
648: uint8_t flags;
649:
650: debug("%s: provider \"%s\"%s", __func__, provider_path,
651: (pin != NULL && *pin != '\0') ? ", have-pin": "");
652:
653: if (keysp == NULL || nkeysp == NULL)
654: return SSH_ERR_INVALID_ARGUMENT;
655: *keysp = NULL;
656: *nkeysp = 0;
657:
658: if ((skp = sshsk_open(provider_path)) == NULL) {
659: r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
660: goto out;
661: }
662: if ((r = skp->sk_load_resident_keys(pin, &rks, &nrks)) != 0) {
1.22 djm 663: error("Security key provider \"%s\" returned failure %d",
1.20 djm 664: provider_path, r);
1.23 ! djm 665: r = skerr_to_ssherr(r);
1.20 djm 666: goto out;
667: }
668: for (i = 0; i < nrks; i++) {
669: debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"",
670: __func__, i, rks[i]->slot, rks[i]->alg,
671: rks[i]->application);
672: /* XXX need better filter here */
673: if (strncmp(rks[i]->application, "ssh:", 4) != 0)
674: continue;
675: switch (rks[i]->alg) {
676: case SSH_SK_ECDSA:
677: case SSH_SK_ED25519:
678: break;
679: default:
680: continue;
681: }
682: /* XXX where to get flags? */
683: flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY;
684: if ((r = sshsk_key_from_response(rks[i]->alg,
685: rks[i]->application, flags, &rks[i]->key, &key)) != 0)
686: goto out;
687: if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
688: sizeof(*tmp))) == NULL) {
689: error("%s: recallocarray failed", __func__);
690: r = SSH_ERR_ALLOC_FAIL;
691: goto out;
692: }
693: keys = tmp;
694: keys[nkeys++] = key;
695: key = NULL;
696: /* XXX synthesise comment */
697: }
698: /* success */
699: *keysp = keys;
700: *nkeysp = nkeys;
701: keys = NULL;
702: nkeys = 0;
703: r = 0;
704: out:
705: sshsk_free(skp);
706: sshsk_free_sk_resident_keys(rks, nrks);
707: sshkey_free(key);
708: if (nkeys != 0) {
709: for (i = 0; i < nkeys; i++)
710: sshkey_free(keys[i]);
711: free(keys);
712: }
713: return r;
714: }
715: