Commit Graph

67 Commits

Author SHA1 Message Date
djm@openbsd.org
13cc78d016
upstream: be more strict in parsing key type names. Only allow
shortnames (e.g "rsa") in user-interface code and require full SSH protocol
names (e.g. "ssh-rsa") everywhere else.

Prompted by bz3725; ok markus@

OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
2024-09-04 15:38:50 +10:00
djm@openbsd.org
7bdfc20516
upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.
DSA remains unconverted as it will be removed within six months.

Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).

ok tb@

OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
2024-08-15 12:07:59 +10:00
jsg@openbsd.org
dcd79fa141
upstream: remove prototypes with no matching function; ok djm@
OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693
2024-05-22 14:21:13 +10:00
djm@openbsd.org
c1c2ca1365
upstream: better validate CASignatureAlgorithms in ssh_config and
sshd_config.

Previously this directive would accept certificate algorithm names, but
these were unusable in practice as OpenSSH does not support CA chains.

part of bz3577; ok dtucker@

OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912
2023-06-21 15:13:56 +10:00
djm@openbsd.org
2726764269
upstream: refactor sshkey_private_deserialize
feedback/ok markus@

OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
2022-10-28 12:47:01 +11:00
djm@openbsd.org
2519a7077a
upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@

OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
2022-10-28 12:47:01 +11:00
djm@openbsd.org
3fbc58bb24
upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@

OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
2022-10-28 12:47:00 +11:00
djm@openbsd.org
a1deb6cdbb
upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@

OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
2022-10-28 12:46:59 +11:00
djm@openbsd.org
7d00799c93
upstream: refactor sshkey_from_private()
feedback/ok markus@

OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
2022-10-28 12:46:59 +11:00
djm@openbsd.org
262647c2e9
upstream: factor out key generation
feedback/ok markus@

OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
2022-10-28 12:46:58 +11:00
djm@openbsd.org
591fed94e6
upstream: factor out public key serialization
feedback/ok markus@

OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
2022-10-28 12:46:57 +11:00
djm@openbsd.org
1e78844ae2
upstream: factor out sshkey_equal_public()
feedback/ok markus@

OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
2022-10-28 12:46:56 +11:00
djm@openbsd.org
25de1c01a8
upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.

lots of feedback + ok markus@

OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
2022-10-28 12:46:56 +11:00
djm@openbsd.org
07d8771bac
upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@

OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
2022-09-17 20:38:40 +10:00
djm@openbsd.org
fdb1d58d0d upstream: add a helper function to match a key type to a list of
signature algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required. ok markus@

OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
2022-01-07 09:21:38 +11:00
djm@openbsd.org
d0bb1ce731 upstream: Let allowed signers files used by ssh-keygen(1)
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@

OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
2021-07-23 14:07:19 +10:00
djm@openbsd.org
3b44f2513c upstream: move check_host_cert() from sshconnect,c to sshkey.c and
refactor it to make it more generally usable and testable.

ok markus@

OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
2021-01-26 12:21:48 +11:00
dtucker@openbsd.org
4d94b031ff upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.
The log calls are themselves now macros, and preprocessor directives inside
macro arguments are undefined behaviour which some compilers (eg old GCCs)
choke on.  It also makes the code tidier.  ok deraadt@

OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
2020-11-09 00:02:27 +11:00
dtucker@openbsd.org
eab2888cfc upstream: Adapt XMSS to new logging infrastructure. With markus@, ok
djm@.

OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
2020-10-20 10:15:02 +11:00
djm@openbsd.org
9b8ad93824 upstream: support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
2020-08-27 11:28:36 +10:00
djm@openbsd.org
f290ab0833 upstream: add sshkey_parse_pubkey_from_private_fileblob_type()
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.

ok markus@

OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08 10:14:21 +10:00
djm@openbsd.org
c54cd1892c upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
2019-12-30 20:59:33 +11:00
djm@openbsd.org
27753a8e21 upstream: implement loading of resident keys in ssh-sk-helper
feedback and ok markus@

OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
2019-12-30 20:58:19 +11:00
djm@openbsd.org
611073fb40 upstream: perform security key enrollment via ssh-sk-helper too.
This means that ssh-keygen no longer needs to link against ssh-sk-helper, and
only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
2019-12-14 07:20:28 +11:00
djm@openbsd.org
b52ec0ba39 upstream: use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
2019-12-14 07:17:44 +11:00
djm@openbsd.org
b7e74ea072 upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25 12:23:33 +11:00
markus@openbsd.org
bf219920b7 upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
to delay the call to shield   until we have received key specific options. -
when serializing xmss keys for shield we need to deal with   all optional
components (e.g. state might not be loaded). ok djm@

OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
2019-11-15 08:50:10 +11:00
markus@openbsd.org
2c55744a56 upstream: enable ed25519 support; ok djm
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13 08:54:09 +11:00
markus@openbsd.org
7c096c456f upstream: implement ssh-ed25519-sk verification; ok djm@
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
2019-11-13 08:48:48 +11:00
djm@openbsd.org
9a14c64c38 upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
djm@openbsd.org
02bb0768a9 upstream: Initial infrastructure for U2F/FIDO support
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01 09:46:08 +11:00
djm@openbsd.org
f8df0413f0 upstream: make get_sigtype public as sshkey_get_sigtype(); ok
markus@

OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
2019-09-03 18:39:31 +10:00
djm@openbsd.org
eb0d8e708a upstream: support PKCS8 as an optional format for storage of
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
private keys to disk.

The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).

adapted from patch by Jakub Jelen via bz3013; ok markus

OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
2019-07-15 23:21:18 +10:00
djm@openbsd.org
4f7a56d5e0 upstream: Add protection for private keys at rest in RAM against
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).

Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.

Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.

Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.

been in snaps for a bit already; thanks deraadt@

ok dtucker@ deraadt@

OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
2019-06-21 14:24:35 +10:00
djm@openbsd.org
93f02107f4 upstream: add support for ECDSA keys in PKCS#11 tokens
Work by markus@ and Pedro Martelletto, feedback and ok me@

OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
2019-01-21 10:54:37 +11:00
djm@openbsd.org
6da046f9c3 upstream: garbage-collect moribund ssh_new_private() API.
OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
2018-09-14 14:19:06 +10:00
djm@openbsd.org
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@

OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-09-13 12:12:33 +10:00
djm@openbsd.org
ba9e788315 upstream: add sshkey_check_cert_sigtype() that checks a
cert->signature_type against a supplied whitelist; ok markus

OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
2018-09-12 16:49:21 +10:00
djm@openbsd.org
a70fd4ad7b upstream: add cert->signature_type field and keep it in sync with
certificate signature wrt loading and certification operations; ok markus@

OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
2018-09-12 16:49:21 +10:00
djm@openbsd.org
b4d4eda633 upstream: some finesse to fix RSA-SHA2 certificate authentication
for certs hosted in ssh-agent

OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
2018-07-03 23:26:47 +10:00
djm@openbsd.org
4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
Darren Tucker
1323f120d0 Check for attributes on prototype args.
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
do not accept __attribute__ on function pointer prototype args.  Check for
this and hide them if they're not accepted.
2018-02-27 08:51:56 +11:00
markus@openbsd.org
1b11ea7c58 upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
djm@openbsd.org
04c7e28f83 upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@

OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-12-19 15:21:37 +11:00
djm@openbsd.org
931c78dfd7 upstream commit
sshkey_sigtype() function to return the type of a
signature; ok markus@

OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
2017-12-19 15:20:44 +11:00
djm@openbsd.org
83fa3a0448 upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-21 14:17:32 +10:00
djm@openbsd.org
a98339edbc upstream commit
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus

Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-06-28 11:13:19 +10:00
djm@openbsd.org
6026f48dfc upstream commit
missing prototype.

Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
2017-06-13 22:15:08 +10:00
djm@openbsd.org
bd636f4091 upstream commit
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@

Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
2017-05-08 09:21:22 +10:00
naddy@openbsd.org
768405fddf upstream commit
remove miscellaneous SSH1 leftovers; ok markus@

Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
2017-05-08 09:18:27 +10:00