openssh/sk-usbhid.c
djm@openbsd.org 24c0f752ad upstream: changes to support FIDO attestation
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.

Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.

ok markus@

OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
2020-01-29 18:52:55 +11:00

1025 lines
27 KiB
C

/*
* Copyright (c) 2019 Markus Friedl
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifdef ENABLE_SK_INTERNAL
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <stddef.h>
#include <stdarg.h>
#ifdef WITH_OPENSSL
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#endif /* WITH_OPENSSL */
#include <fido.h>
#include <fido/credman.h>
#ifndef SK_STANDALONE
# include "log.h"
# include "xmalloc.h"
/*
* If building as part of OpenSSH, then rename exported functions.
* This must be done before including sk-api.h.
*/
# define sk_api_version ssh_sk_api_version
# define sk_enroll ssh_sk_enroll
# define sk_sign ssh_sk_sign
# define sk_load_resident_keys ssh_sk_load_resident_keys
#endif /* !SK_STANDALONE */
#include "sk-api.h"
/* #define SK_DEBUG 1 */
#define MAX_FIDO_DEVICES 256
/* Compatibility with OpenSSH 1.0.x */
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
#define ECDSA_SIG_get0(sig, pr, ps) \
do { \
(*pr) = sig->r; \
(*ps) = sig->s; \
} while (0)
#endif
/* Return the version of the middleware API */
uint32_t sk_api_version(void);
/* Enroll a U2F key (private key generation) */
int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
const char *application, uint8_t flags, const char *pin,
struct sk_option **options, struct sk_enroll_response **enroll_response);
/* Sign a challenge */
int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
const char *application, const uint8_t *key_handle, size_t key_handle_len,
uint8_t flags, const char *pin, struct sk_option **options,
struct sk_sign_response **sign_response);
/* Load resident keys */
int sk_load_resident_keys(const char *pin, struct sk_option **options,
struct sk_resident_key ***rks, size_t *nrks);
static void skdebug(const char *func, const char *fmt, ...)
__attribute__((__format__ (printf, 2, 3)));
static void
skdebug(const char *func, const char *fmt, ...)
{
#if !defined(SK_STANDALONE)
char *msg;
va_list ap;
va_start(ap, fmt);
xvasprintf(&msg, fmt, ap);
va_end(ap);
debug("%s: %s", func, msg);
free(msg);
#elif defined(SK_DEBUG)
va_list ap;
va_start(ap, fmt);
fprintf(stderr, "%s: ", func);
vfprintf(stderr, fmt, ap);
fputc('\n', stderr);
va_end(ap);
#else
(void)func; /* XXX */
(void)fmt; /* XXX */
#endif
}
uint32_t
sk_api_version(void)
{
return SSH_SK_VERSION_MAJOR;
}
/* Select the first identified FIDO device attached to the system */
static char *
pick_first_device(void)
{
char *ret = NULL;
fido_dev_info_t *devlist = NULL;
size_t olen = 0;
int r;
const fido_dev_info_t *di;
if ((devlist = fido_dev_info_new(1)) == NULL) {
skdebug(__func__, "fido_dev_info_new failed");
goto out;
}
if ((r = fido_dev_info_manifest(devlist, 1, &olen)) != FIDO_OK) {
skdebug(__func__, "fido_dev_info_manifest failed: %s",
fido_strerr(r));
goto out;
}
if (olen != 1) {
skdebug(__func__, "fido_dev_info_manifest bad len %zu", olen);
goto out;
}
di = fido_dev_info_ptr(devlist, 0);
if ((ret = strdup(fido_dev_info_path(di))) == NULL) {
skdebug(__func__, "fido_dev_info_path failed");
goto out;
}
out:
fido_dev_info_free(&devlist, 1);
return ret;
}
/* Check if the specified key handle exists on a given device. */
static int
try_device(fido_dev_t *dev, const uint8_t *message, size_t message_len,
const char *application, const uint8_t *key_handle, size_t key_handle_len)
{
fido_assert_t *assert = NULL;
int r = FIDO_ERR_INTERNAL;
if ((assert = fido_assert_new()) == NULL) {
skdebug(__func__, "fido_assert_new failed");
goto out;
}
if ((r = fido_assert_set_clientdata_hash(assert, message,
message_len)) != FIDO_OK) {
skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
fido_strerr(r));
goto out;
}
if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
goto out;
}
if ((r = fido_assert_allow_cred(assert, key_handle,
key_handle_len)) != FIDO_OK) {
skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
goto out;
}
if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
goto out;
}
r = fido_dev_get_assert(dev, assert, NULL);
skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
/* U2F tokens may return this */
r = FIDO_OK;
}
out:
fido_assert_free(&assert);
return r != FIDO_OK ? -1 : 0;
}
/* Iterate over configured devices looking for a specific key handle */
static fido_dev_t *
find_device(const char *path, const uint8_t *message, size_t message_len,
const char *application, const uint8_t *key_handle, size_t key_handle_len)
{
fido_dev_info_t *devlist = NULL;
fido_dev_t *dev = NULL;
size_t devlist_len = 0, i;
int r;
if (path != NULL) {
if ((dev = fido_dev_new()) == NULL) {
skdebug(__func__, "fido_dev_new failed");
return NULL;
}
if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
skdebug(__func__, "fido_dev_open failed");
fido_dev_free(&dev);
return NULL;
}
return dev;
}
if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
skdebug(__func__, "fido_dev_info_new failed");
goto out;
}
if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
&devlist_len)) != FIDO_OK) {
skdebug(__func__, "fido_dev_info_manifest: %s", fido_strerr(r));
goto out;
}
skdebug(__func__, "found %zu device(s)", devlist_len);
for (i = 0; i < devlist_len; i++) {
const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
if (di == NULL) {
skdebug(__func__, "fido_dev_info_ptr %zu failed", i);
continue;
}
if ((path = fido_dev_info_path(di)) == NULL) {
skdebug(__func__, "fido_dev_info_path %zu failed", i);
continue;
}
skdebug(__func__, "trying device %zu: %s", i, path);
if ((dev = fido_dev_new()) == NULL) {
skdebug(__func__, "fido_dev_new failed");
continue;
}
if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
skdebug(__func__, "fido_dev_open failed");
fido_dev_free(&dev);
continue;
}
if (try_device(dev, message, message_len, application,
key_handle, key_handle_len) == 0) {
skdebug(__func__, "found key");
break;
}
fido_dev_close(dev);
fido_dev_free(&dev);
}
out:
if (devlist != NULL)
fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
return dev;
}
#ifdef WITH_OPENSSL
/*
* The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
* but the API expects a SEC1 octet string.
*/
static int
pack_public_key_ecdsa(const fido_cred_t *cred,
struct sk_enroll_response *response)
{
const uint8_t *ptr;
BIGNUM *x = NULL, *y = NULL;
EC_POINT *q = NULL;
EC_GROUP *g = NULL;
int ret = -1;
response->public_key = NULL;
response->public_key_len = 0;
if ((x = BN_new()) == NULL ||
(y = BN_new()) == NULL ||
(g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
(q = EC_POINT_new(g)) == NULL) {
skdebug(__func__, "libcrypto setup failed");
goto out;
}
if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
skdebug(__func__, "fido_cred_pubkey_ptr failed");
goto out;
}
if (fido_cred_pubkey_len(cred) != 64) {
skdebug(__func__, "bad fido_cred_pubkey_len %zu",
fido_cred_pubkey_len(cred));
goto out;
}
if (BN_bin2bn(ptr, 32, x) == NULL ||
BN_bin2bn(ptr + 32, 32, y) == NULL) {
skdebug(__func__, "BN_bin2bn failed");
goto out;
}
if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
goto out;
}
response->public_key_len = EC_POINT_point2oct(g, q,
POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
if (response->public_key_len == 0 || response->public_key_len > 2048) {
skdebug(__func__, "bad pubkey length %zu",
response->public_key_len);
goto out;
}
if ((response->public_key = malloc(response->public_key_len)) == NULL) {
skdebug(__func__, "malloc pubkey failed");
goto out;
}
if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
response->public_key, response->public_key_len, NULL) == 0) {
skdebug(__func__, "EC_POINT_point2oct failed");
goto out;
}
/* success */
ret = 0;
out:
if (ret != 0 && response->public_key != NULL) {
memset(response->public_key, 0, response->public_key_len);
free(response->public_key);
response->public_key = NULL;
}
EC_POINT_free(q);
EC_GROUP_free(g);
BN_clear_free(x);
BN_clear_free(y);
return ret;
}
#endif /* WITH_OPENSSL */
static int
pack_public_key_ed25519(const fido_cred_t *cred,
struct sk_enroll_response *response)
{
const uint8_t *ptr;
size_t len;
int ret = -1;
response->public_key = NULL;
response->public_key_len = 0;
if ((len = fido_cred_pubkey_len(cred)) != 32) {
skdebug(__func__, "bad fido_cred_pubkey_len len %zu", len);
goto out;
}
if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
skdebug(__func__, "fido_cred_pubkey_ptr failed");
goto out;
}
response->public_key_len = len;
if ((response->public_key = malloc(response->public_key_len)) == NULL) {
skdebug(__func__, "malloc pubkey failed");
goto out;
}
memcpy(response->public_key, ptr, len);
ret = 0;
out:
if (ret != 0)
free(response->public_key);
return ret;
}
static int
pack_public_key(uint32_t alg, const fido_cred_t *cred,
struct sk_enroll_response *response)
{
switch(alg) {
#ifdef WITH_OPENSSL
case SSH_SK_ECDSA:
return pack_public_key_ecdsa(cred, response);
#endif /* WITH_OPENSSL */
case SSH_SK_ED25519:
return pack_public_key_ed25519(cred, response);
default:
return -1;
}
}
static int
fidoerr_to_skerr(int fidoerr)
{
switch (fidoerr) {
case FIDO_ERR_UNSUPPORTED_OPTION:
case FIDO_ERR_UNSUPPORTED_ALGORITHM:
return SSH_SK_ERR_UNSUPPORTED;
case FIDO_ERR_PIN_REQUIRED:
case FIDO_ERR_PIN_INVALID:
return SSH_SK_ERR_PIN_REQUIRED;
default:
return -1;
}
}
static int
check_enroll_options(struct sk_option **options, char **devicep,
uint8_t *user_id, size_t user_id_len)
{
size_t i;
if (options == NULL)
return 0;
for (i = 0; options[i] != NULL; i++) {
if (strcmp(options[i]->name, "device") == 0) {
if ((*devicep = strdup(options[i]->value)) == NULL) {
skdebug(__func__, "strdup device failed");
return -1;
}
skdebug(__func__, "requested device %s", *devicep);
} else if (strcmp(options[i]->name, "user") == 0) {
if (strlcpy(user_id, options[i]->value, user_id_len) >=
user_id_len) {
skdebug(__func__, "user too long");
return -1;
}
skdebug(__func__, "requested user %s",
(char *)user_id);
} else {
skdebug(__func__, "requested unsupported option %s",
options[i]->name);
if (options[i]->required) {
skdebug(__func__, "unknown required option");
return -1;
}
}
}
return 0;
}
int
sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
const char *application, uint8_t flags, const char *pin,
struct sk_option **options, struct sk_enroll_response **enroll_response)
{
fido_cred_t *cred = NULL;
fido_dev_t *dev = NULL;
const uint8_t *ptr;
uint8_t user_id[32];
struct sk_enroll_response *response = NULL;
size_t len;
int cose_alg;
int ret = SSH_SK_ERR_GENERAL;
int r;
char *device = NULL;
#ifdef SK_DEBUG
fido_init(FIDO_DEBUG);
#endif
if (enroll_response == NULL) {
skdebug(__func__, "enroll_response == NULL");
goto out;
}
memset(user_id, 0, sizeof(user_id));
if (check_enroll_options(options, &device,
user_id, sizeof(user_id)) != 0)
goto out; /* error already logged */
*enroll_response = NULL;
switch(alg) {
#ifdef WITH_OPENSSL
case SSH_SK_ECDSA:
cose_alg = COSE_ES256;
break;
#endif /* WITH_OPENSSL */
case SSH_SK_ED25519:
cose_alg = COSE_EDDSA;
break;
default:
skdebug(__func__, "unsupported key type %d", alg);
goto out;
}
if (device == NULL && (device = pick_first_device()) == NULL) {
ret = SSH_SK_ERR_DEVICE_NOT_FOUND;
skdebug(__func__, "pick_first_device failed");
goto out;
}
skdebug(__func__, "using device %s", device);
if ((cred = fido_cred_new()) == NULL) {
skdebug(__func__, "fido_cred_new failed");
goto out;
}
if ((r = fido_cred_set_type(cred, cose_alg)) != FIDO_OK) {
skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
goto out;
}
if ((r = fido_cred_set_clientdata_hash(cred, challenge,
challenge_len)) != FIDO_OK) {
skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
fido_strerr(r));
goto out;
}
if ((r = fido_cred_set_rk(cred, (flags & SSH_SK_RESIDENT_KEY) != 0 ?
FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
goto out;
}
if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),
"openssh", "openssh", NULL)) != FIDO_OK) {
skdebug(__func__, "fido_cred_set_user: %s", fido_strerr(r));
goto out;
}
if ((r = fido_cred_set_rp(cred, application, NULL)) != FIDO_OK) {
skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
goto out;
}
if ((dev = fido_dev_new()) == NULL) {
skdebug(__func__, "fido_dev_new failed");
goto out;
}
if ((r = fido_dev_open(dev, device)) != FIDO_OK) {
skdebug(__func__, "fido_dev_open: %s", fido_strerr(r));
goto out;
}
if ((r = fido_dev_make_cred(dev, cred, pin)) != FIDO_OK) {
skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
ret = fidoerr_to_skerr(r);
goto out;
}
if (fido_cred_x5c_ptr(cred) != NULL) {
if ((r = fido_cred_verify(cred)) != FIDO_OK) {
skdebug(__func__, "fido_cred_verify: %s",
fido_strerr(r));
goto out;
}
} else {
skdebug(__func__, "self-attested credential");
if ((r = fido_cred_verify_self(cred)) != FIDO_OK) {
skdebug(__func__, "fido_cred_verify_self: %s",
fido_strerr(r));
goto out;
}
}
if ((response = calloc(1, sizeof(*response))) == NULL) {
skdebug(__func__, "calloc response failed");
goto out;
}
if (pack_public_key(alg, cred, response) != 0) {
skdebug(__func__, "pack_public_key failed");
goto out;
}
if ((ptr = fido_cred_id_ptr(cred)) != NULL) {
len = fido_cred_id_len(cred);
if ((response->key_handle = calloc(1, len)) == NULL) {
skdebug(__func__, "calloc key handle failed");
goto out;
}
memcpy(response->key_handle, ptr, len);
response->key_handle_len = len;
}
if ((ptr = fido_cred_sig_ptr(cred)) != NULL) {
len = fido_cred_sig_len(cred);
if ((response->signature = calloc(1, len)) == NULL) {
skdebug(__func__, "calloc signature failed");
goto out;
}
memcpy(response->signature, ptr, len);
response->signature_len = len;
}
if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
len = fido_cred_x5c_len(cred);
debug3("%s: attestation cert len=%zu", __func__, len);
if ((response->attestation_cert = calloc(1, len)) == NULL) {
skdebug(__func__, "calloc attestation cert failed");
goto out;
}
memcpy(response->attestation_cert, ptr, len);
response->attestation_cert_len = len;
}
*enroll_response = response;
response = NULL;
ret = 0;
out:
free(device);
if (response != NULL) {
free(response->public_key);
free(response->key_handle);
free(response->signature);
free(response->attestation_cert);
free(response);
}
if (dev != NULL) {
fido_dev_close(dev);
fido_dev_free(&dev);
}
if (cred != NULL) {
fido_cred_free(&cred);
}
return ret;
}
#ifdef WITH_OPENSSL
static int
pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
{
ECDSA_SIG *sig = NULL;
const BIGNUM *sig_r, *sig_s;
const unsigned char *cp;
size_t sig_len;
int ret = -1;
cp = fido_assert_sig_ptr(assert, 0);
sig_len = fido_assert_sig_len(assert, 0);
if ((sig = d2i_ECDSA_SIG(NULL, &cp, sig_len)) == NULL) {
skdebug(__func__, "d2i_ECDSA_SIG failed");
goto out;
}
ECDSA_SIG_get0(sig, &sig_r, &sig_s);
response->sig_r_len = BN_num_bytes(sig_r);
response->sig_s_len = BN_num_bytes(sig_s);
if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
(response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
skdebug(__func__, "calloc signature failed");
goto out;
}
BN_bn2bin(sig_r, response->sig_r);
BN_bn2bin(sig_s, response->sig_s);
ret = 0;
out:
ECDSA_SIG_free(sig);
if (ret != 0) {
free(response->sig_r);
free(response->sig_s);
response->sig_r = NULL;
response->sig_s = NULL;
}
return ret;
}
#endif /* WITH_OPENSSL */
static int
pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
{
const unsigned char *ptr;
size_t len;
int ret = -1;
ptr = fido_assert_sig_ptr(assert, 0);
len = fido_assert_sig_len(assert, 0);
if (len != 64) {
skdebug(__func__, "bad length %zu", len);
goto out;
}
response->sig_r_len = len;
if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
skdebug(__func__, "calloc signature failed");
goto out;
}
memcpy(response->sig_r, ptr, len);
ret = 0;
out:
if (ret != 0) {
free(response->sig_r);
response->sig_r = NULL;
}
return ret;
}
static int
pack_sig(uint32_t alg, fido_assert_t *assert,
struct sk_sign_response *response)
{
switch(alg) {
#ifdef WITH_OPENSSL
case SSH_SK_ECDSA:
return pack_sig_ecdsa(assert, response);
#endif /* WITH_OPENSSL */
case SSH_SK_ED25519:
return pack_sig_ed25519(assert, response);
default:
return -1;
}
}
/* Checks sk_options for sk_sign() and sk_load_resident_keys() */
static int
check_sign_load_resident_options(struct sk_option **options, char **devicep)
{
size_t i;
if (options == NULL)
return 0;
for (i = 0; options[i] != NULL; i++) {
if (strcmp(options[i]->name, "device") == 0) {
if ((*devicep = strdup(options[i]->value)) == NULL) {
skdebug(__func__, "strdup device failed");
return -1;
}
skdebug(__func__, "requested device %s", *devicep);
} else {
skdebug(__func__, "requested unsupported option %s",
options[i]->name);
if (options[i]->required) {
skdebug(__func__, "unknown required option");
return -1;
}
}
}
return 0;
}
int
sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
const char *application,
const uint8_t *key_handle, size_t key_handle_len,
uint8_t flags, const char *pin, struct sk_option **options,
struct sk_sign_response **sign_response)
{
fido_assert_t *assert = NULL;
char *device = NULL;
fido_dev_t *dev = NULL;
struct sk_sign_response *response = NULL;
int ret = SSH_SK_ERR_GENERAL;
int r;
#ifdef SK_DEBUG
fido_init(FIDO_DEBUG);
#endif
if (sign_response == NULL) {
skdebug(__func__, "sign_response == NULL");
goto out;
}
*sign_response = NULL;
if (check_sign_load_resident_options(options, &device) != 0)
goto out; /* error already logged */
if ((dev = find_device(device, message, message_len,
application, key_handle, key_handle_len)) == NULL) {
skdebug(__func__, "couldn't find device for key handle");
goto out;
}
if ((assert = fido_assert_new()) == NULL) {
skdebug(__func__, "fido_assert_new failed");
goto out;
}
if ((r = fido_assert_set_clientdata_hash(assert, message,
message_len)) != FIDO_OK) {
skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
fido_strerr(r));
goto out;
}
if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
goto out;
}
if ((r = fido_assert_allow_cred(assert, key_handle,
key_handle_len)) != FIDO_OK) {
skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
goto out;
}
if ((r = fido_assert_set_up(assert,
(flags & SSH_SK_USER_PRESENCE_REQD) ?
FIDO_OPT_TRUE : FIDO_OPT_FALSE)) != FIDO_OK) {
skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
goto out;
}
if ((r = fido_dev_get_assert(dev, assert, NULL)) != FIDO_OK) {
skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
goto out;
}
if ((response = calloc(1, sizeof(*response))) == NULL) {
skdebug(__func__, "calloc response failed");
goto out;
}
response->flags = fido_assert_flags(assert, 0);
response->counter = fido_assert_sigcount(assert, 0);
if (pack_sig(alg, assert, response) != 0) {
skdebug(__func__, "pack_sig failed");
goto out;
}
*sign_response = response;
response = NULL;
ret = 0;
out:
free(device);
if (response != NULL) {
free(response->sig_r);
free(response->sig_s);
free(response);
}
if (dev != NULL) {
fido_dev_close(dev);
fido_dev_free(&dev);
}
if (assert != NULL) {
fido_assert_free(&assert);
}
return ret;
}
static int
read_rks(const char *devpath, const char *pin,
struct sk_resident_key ***rksp, size_t *nrksp)
{
int ret = SSH_SK_ERR_GENERAL, r = -1;
fido_dev_t *dev = NULL;
fido_credman_metadata_t *metadata = NULL;
fido_credman_rp_t *rp = NULL;
fido_credman_rk_t *rk = NULL;
size_t i, j, nrp, nrk;
const fido_cred_t *cred;
struct sk_resident_key *srk = NULL, **tmp;
if ((dev = fido_dev_new()) == NULL) {
skdebug(__func__, "fido_dev_new failed");
return ret;
}
if ((r = fido_dev_open(dev, devpath)) != FIDO_OK) {
skdebug(__func__, "fido_dev_open %s failed: %s",
devpath, fido_strerr(r));
fido_dev_free(&dev);
return ret;
}
if ((metadata = fido_credman_metadata_new()) == NULL) {
skdebug(__func__, "alloc failed");
goto out;
}
if ((r = fido_credman_get_dev_metadata(dev, metadata, pin)) != 0) {
if (r == FIDO_ERR_INVALID_COMMAND) {
skdebug(__func__, "device %s does not support "
"resident keys", devpath);
ret = 0;
goto out;
}
skdebug(__func__, "get metadata for %s failed: %s",
devpath, fido_strerr(r));
ret = fidoerr_to_skerr(r);
goto out;
}
skdebug(__func__, "existing %llu, remaining %llu",
(unsigned long long)fido_credman_rk_existing(metadata),
(unsigned long long)fido_credman_rk_remaining(metadata));
if ((rp = fido_credman_rp_new()) == NULL) {
skdebug(__func__, "alloc rp failed");
goto out;
}
if ((r = fido_credman_get_dev_rp(dev, rp, pin)) != 0) {
skdebug(__func__, "get RPs for %s failed: %s",
devpath, fido_strerr(r));
goto out;
}
nrp = fido_credman_rp_count(rp);
skdebug(__func__, "Device %s has resident keys for %zu RPs",
devpath, nrp);
/* Iterate over RP IDs that have resident keys */
for (i = 0; i < nrp; i++) {
skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu",
i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i),
fido_credman_rp_id_hash_len(rp, i));
/* Skip non-SSH RP IDs */
if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0)
continue;
fido_credman_rk_free(&rk);
if ((rk = fido_credman_rk_new()) == NULL) {
skdebug(__func__, "alloc rk failed");
goto out;
}
if ((r = fido_credman_get_dev_rk(dev, fido_credman_rp_id(rp, i),
rk, pin)) != 0) {
skdebug(__func__, "get RKs for %s slot %zu failed: %s",
devpath, i, fido_strerr(r));
goto out;
}
nrk = fido_credman_rk_count(rk);
skdebug(__func__, "RP \"%s\" has %zu resident keys",
fido_credman_rp_id(rp, i), nrk);
/* Iterate over resident keys for this RP ID */
for (j = 0; j < nrk; j++) {
if ((cred = fido_credman_rk(rk, j)) == NULL) {
skdebug(__func__, "no RK in slot %zu", j);
continue;
}
skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
"type %d", devpath, fido_credman_rp_id(rp, i), j,
fido_cred_type(cred));
/* build response entry */
if ((srk = calloc(1, sizeof(*srk))) == NULL ||
(srk->key.key_handle = calloc(1,
fido_cred_id_len(cred))) == NULL ||
(srk->application = strdup(fido_credman_rp_id(rp,
i))) == NULL) {
skdebug(__func__, "alloc sk_resident_key");
goto out;
}
srk->key.key_handle_len = fido_cred_id_len(cred);
memcpy(srk->key.key_handle,
fido_cred_id_ptr(cred),
srk->key.key_handle_len);
switch (fido_cred_type(cred)) {
case COSE_ES256:
srk->alg = SSH_SK_ECDSA;
break;
case COSE_EDDSA:
srk->alg = SSH_SK_ED25519;
break;
default:
skdebug(__func__, "unsupported key type %d",
fido_cred_type(cred));
goto out; /* XXX free rk and continue */
}
if ((r = pack_public_key(srk->alg, cred,
&srk->key)) != 0) {
skdebug(__func__, "pack public key failed");
goto out;
}
/* append */
if ((tmp = recallocarray(*rksp, *nrksp, (*nrksp) + 1,
sizeof(**rksp))) == NULL) {
skdebug(__func__, "alloc rksp");
goto out;
}
*rksp = tmp;
(*rksp)[(*nrksp)++] = srk;
srk = NULL;
}
}
/* Success */
ret = 0;
out:
if (srk != NULL) {
free(srk->application);
freezero(srk->key.public_key, srk->key.public_key_len);
freezero(srk->key.key_handle, srk->key.key_handle_len);
freezero(srk, sizeof(*srk));
}
fido_credman_rp_free(&rp);
fido_credman_rk_free(&rk);
fido_dev_close(dev);
fido_dev_free(&dev);
fido_credman_metadata_free(&metadata);
return ret;
}
int
sk_load_resident_keys(const char *pin, struct sk_option **options,
struct sk_resident_key ***rksp, size_t *nrksp)
{
int ret = SSH_SK_ERR_GENERAL, r = -1;
fido_dev_info_t *devlist = NULL;
size_t i, ndev = 0, nrks = 0;
const fido_dev_info_t *di;
struct sk_resident_key **rks = NULL;
char *device = NULL;
*rksp = NULL;
*nrksp = 0;
if (check_sign_load_resident_options(options, &device) != 0)
goto out; /* error already logged */
if (device != NULL) {
skdebug(__func__, "trying %s", device);
if ((r = read_rks(device, pin, &rks, &nrks)) != 0) {
skdebug(__func__, "read_rks failed for %s", device);
ret = r;
goto out;
}
} else {
/* Try all devices */
if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
skdebug(__func__, "fido_dev_info_new failed");
goto out;
}
if ((r = fido_dev_info_manifest(devlist,
MAX_FIDO_DEVICES, &ndev)) != FIDO_OK) {
skdebug(__func__, "fido_dev_info_manifest failed: %s",
fido_strerr(r));
goto out;
}
for (i = 0; i < ndev; i++) {
if ((di = fido_dev_info_ptr(devlist, i)) == NULL) {
skdebug(__func__, "no dev info at %zu", i);
continue;
}
skdebug(__func__, "trying %s", fido_dev_info_path(di));
if ((r = read_rks(fido_dev_info_path(di), pin,
&rks, &nrks)) != 0) {
skdebug(__func__, "read_rks failed for %s",
fido_dev_info_path(di));
/* remember last error */
ret = r;
continue;
}
}
}
/* success, unless we have no keys but a specific error */
if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
ret = 0;
*rksp = rks;
*nrksp = nrks;
rks = NULL;
nrks = 0;
out:
free(device);
for (i = 0; i < nrks; i++) {
free(rks[i]->application);
freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
freezero(rks[i], sizeof(*rks[i]));
}
free(rks);
fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
return ret;
}
#endif /* ENABLE_SK_INTERNAL */