summaryrefslogtreecommitdiffstats
path: root/sshsig.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-08-27 03:06:18 +0200
committerDamien Miller <djm@mindrot.org>2020-08-27 03:28:36 +0200
commit9b8ad93824c682ce841f53f3b5762cef4e7cc4dc (patch)
treed4523956d4623b19bf5904d1b92afeb2307f69d3 /sshsig.c
parentupstream: ssh-keyscan(1): simplify conloop() with timercmp(3), (diff)
downloadopenssh-9b8ad93824c682ce841f53f3b5762cef4e7cc4dc.tar.xz
openssh-9b8ad93824c682ce841f53f3b5762cef4e7cc4dc.zip
upstream: support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
Diffstat (limited to 'sshsig.c')
-rw-r--r--sshsig.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/sshsig.c b/sshsig.c
index 15f9cead6..658b8c852 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -151,7 +151,7 @@ done:
static int
sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
- const char *sk_provider, const struct sshbuf *h_message,
+ const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message,
const char *sig_namespace, struct sshbuf **out,
sshsig_signer *signer, void *signer_ctx)
{
@@ -185,14 +185,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
if (signer != NULL) {
if ((r = signer(key, &sig, &slen,
sshbuf_ptr(tosign), sshbuf_len(tosign),
- sign_alg, sk_provider, 0, signer_ctx)) != 0) {
+ sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) {
error("Couldn't sign message: %s", ssh_err(r));
goto done;
}
} else {
if ((r = sshkey_sign(key, &sig, &slen,
sshbuf_ptr(tosign), sshbuf_len(tosign),
- sign_alg, sk_provider, 0)) != 0) {
+ sign_alg, sk_provider, sk_pin, 0)) != 0) {
error("Couldn't sign message: %s", ssh_err(r));
goto done;
}
@@ -430,7 +430,8 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
}
int
-sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider,
+sshsig_signb(struct sshkey *key, const char *hashalg,
+ const char *sk_provider, const char *sk_pin,
const struct sshbuf *message, const char *sig_namespace,
struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
{
@@ -445,7 +446,7 @@ sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider,
error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
goto out;
}
- if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
+ if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
sig_namespace, out, signer, signer_ctx)) != 0)
goto out;
/* success */
@@ -558,7 +559,8 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
}
int
-sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider,
+sshsig_sign_fd(struct sshkey *key, const char *hashalg,
+ const char *sk_provider, const char *sk_pin,
int fd, const char *sig_namespace, struct sshbuf **out,
sshsig_signer *signer, void *signer_ctx)
{
@@ -573,7 +575,7 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider,
error("%s: hash_file failed: %s", __func__, ssh_err(r));
return r;
}
- if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
+ if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
sig_namespace, out, signer, signer_ctx)) != 0)
goto out;
/* success */