sk-usbhid.c 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263
  1. /* $OpenBSD: sk-usbhid.c,v 1.27 2020/10/03 03:40:38 djm Exp $ */
  2. /*
  3. * Copyright (c) 2019 Markus Friedl
  4. * Copyright (c) 2020 Pedro Martelletto
  5. *
  6. * Permission to use, copy, modify, and distribute this software for any
  7. * purpose with or without fee is hereby granted, provided that the above
  8. * copyright notice and this permission notice appear in all copies.
  9. *
  10. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  13. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17. */
  18. #include "includes.h"
  19. #ifdef ENABLE_SK_INTERNAL
  20. #include <stdint.h>
  21. #include <stdlib.h>
  22. #include <string.h>
  23. #include <stdio.h>
  24. #include <stddef.h>
  25. #include <stdarg.h>
  26. #include <time.h>
  27. #ifdef HAVE_SHA2_H
  28. #include <sha2.h>
  29. #endif
  30. #ifdef WITH_OPENSSL
  31. #include <openssl/opensslv.h>
  32. #include <openssl/crypto.h>
  33. #include <openssl/bn.h>
  34. #include <openssl/ec.h>
  35. #include <openssl/ecdsa.h>
  36. #include <openssl/evp.h>
  37. #endif /* WITH_OPENSSL */
  38. #include <fido.h>
  39. #include <fido/credman.h>
  40. /* backwards compat for libfido2 */
  41. #ifndef HAVE_FIDO_CRED_PROT
  42. #define fido_cred_prot(x) (0)
  43. #endif
  44. #ifndef HAVE_FIDO_CRED_SET_PROT
  45. #define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION)
  46. #endif
  47. #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
  48. #define fido_dev_supports_cred_prot(x) (0)
  49. #endif
  50. #ifndef HAVE_FIDO_DEV_GET_TOUCH_BEGIN
  51. #define fido_dev_get_touch_begin(x) (FIDO_ERR_UNSUPPORTED_OPTION)
  52. #endif
  53. #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
  54. #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
  55. #endif
  56. #ifndef FIDO_CRED_PROT_UV_REQUIRED
  57. #define FIDO_CRED_PROT_UV_REQUIRED 0
  58. #endif
  59. #ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID
  60. #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
  61. #endif
  62. #ifndef SK_STANDALONE
  63. # include "log.h"
  64. # include "xmalloc.h"
  65. # include "misc.h"
  66. /*
  67. * If building as part of OpenSSH, then rename exported functions.
  68. * This must be done before including sk-api.h.
  69. */
  70. # define sk_api_version ssh_sk_api_version
  71. # define sk_enroll ssh_sk_enroll
  72. # define sk_sign ssh_sk_sign
  73. # define sk_load_resident_keys ssh_sk_load_resident_keys
  74. #endif /* !SK_STANDALONE */
  75. #include "sk-api.h"
  76. /* #define SK_DEBUG 1 */
  77. #ifdef SK_DEBUG
  78. #define SSH_FIDO_INIT_ARG FIDO_DEBUG
  79. #else
  80. #define SSH_FIDO_INIT_ARG 0
  81. #endif
  82. #define MAX_FIDO_DEVICES 8
  83. #define FIDO_POLL_MS 50
  84. #define SELECT_MS 15000
  85. #define POLL_SLEEP_NS 200000000
  86. /* Compatibility with OpenSSH 1.0.x */
  87. #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
  88. #define ECDSA_SIG_get0(sig, pr, ps) \
  89. do { \
  90. (*pr) = sig->r; \
  91. (*ps) = sig->s; \
  92. } while (0)
  93. #endif
  94. struct sk_usbhid {
  95. fido_dev_t *dev;
  96. char *path;
  97. };
  98. /* Return the version of the middleware API */
  99. uint32_t sk_api_version(void);
  100. /* Enroll a U2F key (private key generation) */
  101. int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
  102. const char *application, uint8_t flags, const char *pin,
  103. struct sk_option **options, struct sk_enroll_response **enroll_response);
  104. /* Sign a challenge */
  105. int sk_sign(uint32_t alg, const uint8_t *data, size_t data_len,
  106. const char *application, const uint8_t *key_handle, size_t key_handle_len,
  107. uint8_t flags, const char *pin, struct sk_option **options,
  108. struct sk_sign_response **sign_response);
  109. /* Load resident keys */
  110. int sk_load_resident_keys(const char *pin, struct sk_option **options,
  111. struct sk_resident_key ***rks, size_t *nrks);
  112. static void skdebug(const char *func, const char *fmt, ...)
  113. __attribute__((__format__ (printf, 2, 3)));
  114. static void
  115. skdebug(const char *func, const char *fmt, ...)
  116. {
  117. #if !defined(SK_STANDALONE)
  118. char *msg;
  119. va_list ap;
  120. va_start(ap, fmt);
  121. xvasprintf(&msg, fmt, ap);
  122. va_end(ap);
  123. debug("%s: %s", func, msg);
  124. free(msg);
  125. #elif defined(SK_DEBUG)
  126. va_list ap;
  127. va_start(ap, fmt);
  128. fprintf(stderr, "%s: ", func);
  129. vfprintf(stderr, fmt, ap);
  130. fputc('\n', stderr);
  131. va_end(ap);
  132. #else
  133. (void)func; /* XXX */
  134. (void)fmt; /* XXX */
  135. #endif
  136. }
  137. uint32_t
  138. sk_api_version(void)
  139. {
  140. return SSH_SK_VERSION_MAJOR;
  141. }
  142. static struct sk_usbhid *
  143. sk_open(const char *path)
  144. {
  145. struct sk_usbhid *sk;
  146. int r;
  147. if (path == NULL) {
  148. skdebug(__func__, "path == NULL");
  149. return NULL;
  150. }
  151. if ((sk = calloc(1, sizeof(*sk))) == NULL) {
  152. skdebug(__func__, "calloc sk failed");
  153. return NULL;
  154. }
  155. if ((sk->path = strdup(path)) == NULL) {
  156. skdebug(__func__, "strdup path failed");
  157. free(sk);
  158. return NULL;
  159. }
  160. if ((sk->dev = fido_dev_new()) == NULL) {
  161. skdebug(__func__, "fido_dev_new failed");
  162. free(sk->path);
  163. free(sk);
  164. return NULL;
  165. }
  166. if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
  167. skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
  168. fido_strerr(r));
  169. fido_dev_free(&sk->dev);
  170. free(sk->path);
  171. free(sk);
  172. return NULL;
  173. }
  174. return sk;
  175. }
  176. static void
  177. sk_close(struct sk_usbhid *sk)
  178. {
  179. if (sk == NULL)
  180. return;
  181. fido_dev_cancel(sk->dev); /* cancel any pending operation */
  182. fido_dev_close(sk->dev);
  183. fido_dev_free(&sk->dev);
  184. free(sk->path);
  185. free(sk);
  186. }
  187. static struct sk_usbhid **
  188. sk_openv(const fido_dev_info_t *devlist, size_t ndevs, size_t *nopen)
  189. {
  190. const fido_dev_info_t *di;
  191. struct sk_usbhid **skv;
  192. size_t i;
  193. *nopen = 0;
  194. if ((skv = calloc(ndevs, sizeof(*skv))) == NULL) {
  195. skdebug(__func__, "calloc skv failed");
  196. return NULL;
  197. }
  198. for (i = 0; i < ndevs; i++) {
  199. if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
  200. skdebug(__func__, "fido_dev_info_ptr failed");
  201. else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)
  202. skdebug(__func__, "sk_open failed");
  203. else
  204. (*nopen)++;
  205. }
  206. if (*nopen == 0) {
  207. for (i = 0; i < ndevs; i++)
  208. sk_close(skv[i]);
  209. free(skv);
  210. skv = NULL;
  211. }
  212. return skv;
  213. }
  214. static void
  215. sk_closev(struct sk_usbhid **skv, size_t nsk)
  216. {
  217. size_t i;
  218. for (i = 0; i < nsk; i++)
  219. sk_close(skv[i]);
  220. free(skv);
  221. }
  222. static int
  223. sk_touch_begin(struct sk_usbhid **skv, size_t nsk)
  224. {
  225. size_t i, ok = 0;
  226. int r;
  227. for (i = 0; i < nsk; i++)
  228. if ((r = fido_dev_get_touch_begin(skv[i]->dev)) != FIDO_OK)
  229. skdebug(__func__, "fido_dev_get_touch_begin %s failed:"
  230. " %s", skv[i]->path, fido_strerr(r));
  231. else
  232. ok++;
  233. return ok ? 0 : -1;
  234. }
  235. static int
  236. sk_touch_poll(struct sk_usbhid **skv, size_t nsk, int *touch, size_t *idx)
  237. {
  238. struct timespec ts_pause;
  239. size_t npoll, i;
  240. int r;
  241. ts_pause.tv_sec = 0;
  242. ts_pause.tv_nsec = POLL_SLEEP_NS;
  243. nanosleep(&ts_pause, NULL);
  244. npoll = nsk;
  245. for (i = 0; i < nsk; i++) {
  246. if (skv[i] == NULL)
  247. continue; /* device discarded */
  248. skdebug(__func__, "polling %s", skv[i]->path);
  249. if ((r = fido_dev_get_touch_status(skv[i]->dev, touch,
  250. FIDO_POLL_MS)) != FIDO_OK) {
  251. skdebug(__func__, "fido_dev_get_touch_status %s: %s",
  252. skv[i]->path, fido_strerr(r));
  253. sk_close(skv[i]); /* discard device */
  254. skv[i] = NULL;
  255. if (--npoll == 0) {
  256. skdebug(__func__, "no device left to poll");
  257. return -1;
  258. }
  259. } else if (*touch) {
  260. *idx = i;
  261. return 0;
  262. }
  263. }
  264. *touch = 0;
  265. return 0;
  266. }
  267. /* Calculate SHA256(m) */
  268. static int
  269. sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
  270. {
  271. #ifdef WITH_OPENSSL
  272. u_int mdlen;
  273. #endif
  274. if (dlen != 32)
  275. return -1;
  276. #ifdef WITH_OPENSSL
  277. mdlen = dlen;
  278. if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL))
  279. return -1;
  280. #else
  281. SHA256Data(m, mlen, d);
  282. #endif
  283. return 0;
  284. }
  285. /* Check if the specified key handle exists on a given sk. */
  286. static int
  287. sk_try(const struct sk_usbhid *sk, const char *application,
  288. const uint8_t *key_handle, size_t key_handle_len)
  289. {
  290. fido_assert_t *assert = NULL;
  291. /* generate an invalid signature on FIDO2 tokens */
  292. const char *data = "";
  293. uint8_t message[32];
  294. int r = FIDO_ERR_INTERNAL;
  295. if (sha256_mem(data, strlen(data), message, sizeof(message)) != 0) {
  296. skdebug(__func__, "hash message failed");
  297. goto out;
  298. }
  299. if ((assert = fido_assert_new()) == NULL) {
  300. skdebug(__func__, "fido_assert_new failed");
  301. goto out;
  302. }
  303. if ((r = fido_assert_set_clientdata_hash(assert, message,
  304. sizeof(message))) != FIDO_OK) {
  305. skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
  306. fido_strerr(r));
  307. goto out;
  308. }
  309. if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
  310. skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
  311. goto out;
  312. }
  313. if ((r = fido_assert_allow_cred(assert, key_handle,
  314. key_handle_len)) != FIDO_OK) {
  315. skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
  316. goto out;
  317. }
  318. if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
  319. skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
  320. goto out;
  321. }
  322. r = fido_dev_get_assert(sk->dev, assert, NULL);
  323. skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
  324. if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
  325. /* U2F tokens may return this */
  326. r = FIDO_OK;
  327. }
  328. out:
  329. fido_assert_free(&assert);
  330. return r != FIDO_OK ? -1 : 0;
  331. }
  332. static struct sk_usbhid *
  333. sk_select_by_cred(const fido_dev_info_t *devlist, size_t ndevs,
  334. const char *application, const uint8_t *key_handle, size_t key_handle_len)
  335. {
  336. struct sk_usbhid **skv, *sk;
  337. size_t skvcnt, i;
  338. if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
  339. skdebug(__func__, "sk_openv failed");
  340. return NULL;
  341. }
  342. if (skvcnt == 1) {
  343. sk = skv[0];
  344. skv[0] = NULL;
  345. goto out;
  346. }
  347. sk = NULL;
  348. for (i = 0; i < skvcnt; i++) {
  349. if (sk_try(skv[i], application, key_handle,
  350. key_handle_len) == 0) {
  351. sk = skv[i];
  352. skv[i] = NULL;
  353. skdebug(__func__, "found key in %s", sk->path);
  354. break;
  355. }
  356. }
  357. out:
  358. sk_closev(skv, skvcnt);
  359. return sk;
  360. }
  361. static struct sk_usbhid *
  362. sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
  363. {
  364. struct sk_usbhid **skv, *sk;
  365. struct timeval tv_start, tv_now, tv_delta;
  366. size_t skvcnt, idx;
  367. int touch, ms_remain;
  368. if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
  369. skdebug(__func__, "sk_openv failed");
  370. return NULL;
  371. }
  372. sk = NULL;
  373. if (skvcnt < 2) {
  374. if (skvcnt == 1) {
  375. /* single candidate */
  376. sk = skv[0];
  377. skv[0] = NULL;
  378. }
  379. goto out;
  380. }
  381. #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
  382. skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
  383. goto out;
  384. #endif
  385. if (sk_touch_begin(skv, skvcnt) == -1) {
  386. skdebug(__func__, "sk_touch_begin failed");
  387. goto out;
  388. }
  389. monotime_tv(&tv_start);
  390. do {
  391. if (sk_touch_poll(skv, skvcnt, &touch, &idx) == -1) {
  392. skdebug(__func__, "sk_touch_poll failed");
  393. goto out;
  394. }
  395. if (touch) {
  396. sk = skv[idx];
  397. skv[idx] = NULL;
  398. goto out;
  399. }
  400. monotime_tv(&tv_now);
  401. timersub(&tv_now, &tv_start, &tv_delta);
  402. ms_remain = SELECT_MS - tv_delta.tv_sec * 1000 -
  403. tv_delta.tv_usec / 1000;
  404. } while (ms_remain >= FIDO_POLL_MS);
  405. skdebug(__func__, "timeout");
  406. out:
  407. sk_closev(skv, skvcnt);
  408. return sk;
  409. }
  410. static struct sk_usbhid *
  411. sk_probe(const char *application, const uint8_t *key_handle,
  412. size_t key_handle_len)
  413. {
  414. struct sk_usbhid *sk;
  415. fido_dev_info_t *devlist;
  416. size_t ndevs;
  417. int r;
  418. if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
  419. skdebug(__func__, "fido_dev_info_new failed");
  420. return NULL;
  421. }
  422. if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
  423. &ndevs)) != FIDO_OK) {
  424. skdebug(__func__, "fido_dev_info_manifest failed: %s",
  425. fido_strerr(r));
  426. fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
  427. return NULL;
  428. }
  429. skdebug(__func__, "%zu device(s) detected", ndevs);
  430. if (ndevs == 0) {
  431. sk = NULL;
  432. } else if (application != NULL && key_handle != NULL) {
  433. skdebug(__func__, "selecting sk by cred");
  434. sk = sk_select_by_cred(devlist, ndevs, application, key_handle,
  435. key_handle_len);
  436. } else {
  437. skdebug(__func__, "selecting sk by touch");
  438. sk = sk_select_by_touch(devlist, ndevs);
  439. }
  440. fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
  441. return sk;
  442. }
  443. #ifdef WITH_OPENSSL
  444. /*
  445. * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
  446. * but the API expects a SEC1 octet string.
  447. */
  448. static int
  449. pack_public_key_ecdsa(const fido_cred_t *cred,
  450. struct sk_enroll_response *response)
  451. {
  452. const uint8_t *ptr;
  453. BIGNUM *x = NULL, *y = NULL;
  454. EC_POINT *q = NULL;
  455. EC_GROUP *g = NULL;
  456. int ret = -1;
  457. response->public_key = NULL;
  458. response->public_key_len = 0;
  459. if ((x = BN_new()) == NULL ||
  460. (y = BN_new()) == NULL ||
  461. (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
  462. (q = EC_POINT_new(g)) == NULL) {
  463. skdebug(__func__, "libcrypto setup failed");
  464. goto out;
  465. }
  466. if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
  467. skdebug(__func__, "fido_cred_pubkey_ptr failed");
  468. goto out;
  469. }
  470. if (fido_cred_pubkey_len(cred) != 64) {
  471. skdebug(__func__, "bad fido_cred_pubkey_len %zu",
  472. fido_cred_pubkey_len(cred));
  473. goto out;
  474. }
  475. if (BN_bin2bn(ptr, 32, x) == NULL ||
  476. BN_bin2bn(ptr + 32, 32, y) == NULL) {
  477. skdebug(__func__, "BN_bin2bn failed");
  478. goto out;
  479. }
  480. if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
  481. skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
  482. goto out;
  483. }
  484. response->public_key_len = EC_POINT_point2oct(g, q,
  485. POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
  486. if (response->public_key_len == 0 || response->public_key_len > 2048) {
  487. skdebug(__func__, "bad pubkey length %zu",
  488. response->public_key_len);
  489. goto out;
  490. }
  491. if ((response->public_key = malloc(response->public_key_len)) == NULL) {
  492. skdebug(__func__, "malloc pubkey failed");
  493. goto out;
  494. }
  495. if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
  496. response->public_key, response->public_key_len, NULL) == 0) {
  497. skdebug(__func__, "EC_POINT_point2oct failed");
  498. goto out;
  499. }
  500. /* success */
  501. ret = 0;
  502. out:
  503. if (ret != 0 && response->public_key != NULL) {
  504. memset(response->public_key, 0, response->public_key_len);
  505. free(response->public_key);
  506. response->public_key = NULL;
  507. }
  508. EC_POINT_free(q);
  509. EC_GROUP_free(g);
  510. BN_clear_free(x);
  511. BN_clear_free(y);
  512. return ret;
  513. }
  514. #endif /* WITH_OPENSSL */
  515. static int
  516. pack_public_key_ed25519(const fido_cred_t *cred,
  517. struct sk_enroll_response *response)
  518. {
  519. const uint8_t *ptr;
  520. size_t len;
  521. int ret = -1;
  522. response->public_key = NULL;
  523. response->public_key_len = 0;
  524. if ((len = fido_cred_pubkey_len(cred)) != 32) {
  525. skdebug(__func__, "bad fido_cred_pubkey_len len %zu", len);
  526. goto out;
  527. }
  528. if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
  529. skdebug(__func__, "fido_cred_pubkey_ptr failed");
  530. goto out;
  531. }
  532. response->public_key_len = len;
  533. if ((response->public_key = malloc(response->public_key_len)) == NULL) {
  534. skdebug(__func__, "malloc pubkey failed");
  535. goto out;
  536. }
  537. memcpy(response->public_key, ptr, len);
  538. ret = 0;
  539. out:
  540. if (ret != 0)
  541. free(response->public_key);
  542. return ret;
  543. }
  544. static int
  545. pack_public_key(uint32_t alg, const fido_cred_t *cred,
  546. struct sk_enroll_response *response)
  547. {
  548. switch(alg) {
  549. #ifdef WITH_OPENSSL
  550. case SSH_SK_ECDSA:
  551. return pack_public_key_ecdsa(cred, response);
  552. #endif /* WITH_OPENSSL */
  553. case SSH_SK_ED25519:
  554. return pack_public_key_ed25519(cred, response);
  555. default:
  556. return -1;
  557. }
  558. }
  559. static int
  560. fidoerr_to_skerr(int fidoerr)
  561. {
  562. switch (fidoerr) {
  563. case FIDO_ERR_UNSUPPORTED_OPTION:
  564. case FIDO_ERR_UNSUPPORTED_ALGORITHM:
  565. return SSH_SK_ERR_UNSUPPORTED;
  566. case FIDO_ERR_PIN_REQUIRED:
  567. case FIDO_ERR_PIN_INVALID:
  568. return SSH_SK_ERR_PIN_REQUIRED;
  569. default:
  570. return -1;
  571. }
  572. }
  573. static int
  574. check_enroll_options(struct sk_option **options, char **devicep,
  575. uint8_t *user_id, size_t user_id_len)
  576. {
  577. size_t i;
  578. if (options == NULL)
  579. return 0;
  580. for (i = 0; options[i] != NULL; i++) {
  581. if (strcmp(options[i]->name, "device") == 0) {
  582. if ((*devicep = strdup(options[i]->value)) == NULL) {
  583. skdebug(__func__, "strdup device failed");
  584. return -1;
  585. }
  586. skdebug(__func__, "requested device %s", *devicep);
  587. } else if (strcmp(options[i]->name, "user") == 0) {
  588. if (strlcpy(user_id, options[i]->value, user_id_len) >=
  589. user_id_len) {
  590. skdebug(__func__, "user too long");
  591. return -1;
  592. }
  593. skdebug(__func__, "requested user %s",
  594. (char *)user_id);
  595. } else {
  596. skdebug(__func__, "requested unsupported option %s",
  597. options[i]->name);
  598. if (options[i]->required) {
  599. skdebug(__func__, "unknown required option");
  600. return -1;
  601. }
  602. }
  603. }
  604. return 0;
  605. }
  606. int
  607. sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
  608. const char *application, uint8_t flags, const char *pin,
  609. struct sk_option **options, struct sk_enroll_response **enroll_response)
  610. {
  611. fido_cred_t *cred = NULL;
  612. const uint8_t *ptr;
  613. uint8_t user_id[32];
  614. struct sk_usbhid *sk = NULL;
  615. struct sk_enroll_response *response = NULL;
  616. size_t len;
  617. int credprot;
  618. int cose_alg;
  619. int ret = SSH_SK_ERR_GENERAL;
  620. int r;
  621. char *device = NULL;
  622. fido_init(SSH_FIDO_INIT_ARG);
  623. if (enroll_response == NULL) {
  624. skdebug(__func__, "enroll_response == NULL");
  625. goto out;
  626. }
  627. *enroll_response = NULL;
  628. memset(user_id, 0, sizeof(user_id));
  629. if (check_enroll_options(options, &device, user_id,
  630. sizeof(user_id)) != 0)
  631. goto out; /* error already logged */
  632. switch(alg) {
  633. #ifdef WITH_OPENSSL
  634. case SSH_SK_ECDSA:
  635. cose_alg = COSE_ES256;
  636. break;
  637. #endif /* WITH_OPENSSL */
  638. case SSH_SK_ED25519:
  639. cose_alg = COSE_EDDSA;
  640. break;
  641. default:
  642. skdebug(__func__, "unsupported key type %d", alg);
  643. goto out;
  644. }
  645. if (device != NULL)
  646. sk = sk_open(device);
  647. else
  648. sk = sk_probe(NULL, NULL, 0);
  649. if (sk == NULL) {
  650. skdebug(__func__, "failed to find sk");
  651. goto out;
  652. }
  653. skdebug(__func__, "using device %s", sk->path);
  654. if ((cred = fido_cred_new()) == NULL) {
  655. skdebug(__func__, "fido_cred_new failed");
  656. goto out;
  657. }
  658. if ((r = fido_cred_set_type(cred, cose_alg)) != FIDO_OK) {
  659. skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
  660. goto out;
  661. }
  662. if ((r = fido_cred_set_clientdata_hash(cred, challenge,
  663. challenge_len)) != FIDO_OK) {
  664. skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
  665. fido_strerr(r));
  666. goto out;
  667. }
  668. if ((r = fido_cred_set_rk(cred, (flags & SSH_SK_RESIDENT_KEY) != 0 ?
  669. FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
  670. skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
  671. goto out;
  672. }
  673. if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),
  674. "openssh", "openssh", NULL)) != FIDO_OK) {
  675. skdebug(__func__, "fido_cred_set_user: %s", fido_strerr(r));
  676. goto out;
  677. }
  678. if ((r = fido_cred_set_rp(cred, application, NULL)) != FIDO_OK) {
  679. skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
  680. goto out;
  681. }
  682. if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
  683. #if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \
  684. !defined(HAVE_FIDO_CRED_SET_PROT)
  685. skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
  686. ret = SSH_SK_ERR_UNSUPPORTED;
  687. goto out;
  688. credprot = 0; (void)credprot; /* avoid warning */
  689. #endif
  690. if (!fido_dev_supports_cred_prot(sk->dev)) {
  691. skdebug(__func__, "%s does not support credprot, "
  692. "refusing to create unprotected "
  693. "resident/verify-required key", sk->path);
  694. ret = SSH_SK_ERR_UNSUPPORTED;
  695. goto out;
  696. }
  697. if ((flags & SSH_SK_USER_VERIFICATION_REQD))
  698. credprot = FIDO_CRED_PROT_UV_REQUIRED;
  699. else
  700. credprot = FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID;
  701. if ((r = fido_cred_set_prot(cred, credprot)) != FIDO_OK) {
  702. skdebug(__func__, "fido_cred_set_prot: %s",
  703. fido_strerr(r));
  704. ret = fidoerr_to_skerr(r);
  705. goto out;
  706. }
  707. }
  708. if ((r = fido_dev_make_cred(sk->dev, cred, pin)) != FIDO_OK) {
  709. skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
  710. ret = fidoerr_to_skerr(r);
  711. goto out;
  712. }
  713. if (fido_cred_x5c_ptr(cred) != NULL) {
  714. if ((r = fido_cred_verify(cred)) != FIDO_OK) {
  715. skdebug(__func__, "fido_cred_verify: %s",
  716. fido_strerr(r));
  717. goto out;
  718. }
  719. } else {
  720. skdebug(__func__, "self-attested credential");
  721. if ((r = fido_cred_verify_self(cred)) != FIDO_OK) {
  722. skdebug(__func__, "fido_cred_verify_self: %s",
  723. fido_strerr(r));
  724. goto out;
  725. }
  726. }
  727. if ((response = calloc(1, sizeof(*response))) == NULL) {
  728. skdebug(__func__, "calloc response failed");
  729. goto out;
  730. }
  731. if (pack_public_key(alg, cred, response) != 0) {
  732. skdebug(__func__, "pack_public_key failed");
  733. goto out;
  734. }
  735. if ((ptr = fido_cred_id_ptr(cred)) != NULL) {
  736. len = fido_cred_id_len(cred);
  737. if ((response->key_handle = calloc(1, len)) == NULL) {
  738. skdebug(__func__, "calloc key handle failed");
  739. goto out;
  740. }
  741. memcpy(response->key_handle, ptr, len);
  742. response->key_handle_len = len;
  743. }
  744. if ((ptr = fido_cred_sig_ptr(cred)) != NULL) {
  745. len = fido_cred_sig_len(cred);
  746. if ((response->signature = calloc(1, len)) == NULL) {
  747. skdebug(__func__, "calloc signature failed");
  748. goto out;
  749. }
  750. memcpy(response->signature, ptr, len);
  751. response->signature_len = len;
  752. }
  753. if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
  754. len = fido_cred_x5c_len(cred);
  755. debug3("%s: attestation cert len=%zu", __func__, len);
  756. if ((response->attestation_cert = calloc(1, len)) == NULL) {
  757. skdebug(__func__, "calloc attestation cert failed");
  758. goto out;
  759. }
  760. memcpy(response->attestation_cert, ptr, len);
  761. response->attestation_cert_len = len;
  762. }
  763. if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) {
  764. len = fido_cred_authdata_len(cred);
  765. debug3("%s: authdata len=%zu", __func__, len);
  766. if ((response->authdata = calloc(1, len)) == NULL) {
  767. skdebug(__func__, "calloc authdata failed");
  768. goto out;
  769. }
  770. memcpy(response->authdata, ptr, len);
  771. response->authdata_len = len;
  772. }
  773. *enroll_response = response;
  774. response = NULL;
  775. ret = 0;
  776. out:
  777. free(device);
  778. if (response != NULL) {
  779. free(response->public_key);
  780. free(response->key_handle);
  781. free(response->signature);
  782. free(response->attestation_cert);
  783. free(response->authdata);
  784. free(response);
  785. }
  786. sk_close(sk);
  787. fido_cred_free(&cred);
  788. return ret;
  789. }
  790. #ifdef WITH_OPENSSL
  791. static int
  792. pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
  793. {
  794. ECDSA_SIG *sig = NULL;
  795. const BIGNUM *sig_r, *sig_s;
  796. const unsigned char *cp;
  797. size_t sig_len;
  798. int ret = -1;
  799. cp = fido_assert_sig_ptr(assert, 0);
  800. sig_len = fido_assert_sig_len(assert, 0);
  801. if ((sig = d2i_ECDSA_SIG(NULL, &cp, sig_len)) == NULL) {
  802. skdebug(__func__, "d2i_ECDSA_SIG failed");
  803. goto out;
  804. }
  805. ECDSA_SIG_get0(sig, &sig_r, &sig_s);
  806. response->sig_r_len = BN_num_bytes(sig_r);
  807. response->sig_s_len = BN_num_bytes(sig_s);
  808. if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
  809. (response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
  810. skdebug(__func__, "calloc signature failed");
  811. goto out;
  812. }
  813. BN_bn2bin(sig_r, response->sig_r);
  814. BN_bn2bin(sig_s, response->sig_s);
  815. ret = 0;
  816. out:
  817. ECDSA_SIG_free(sig);
  818. if (ret != 0) {
  819. free(response->sig_r);
  820. free(response->sig_s);
  821. response->sig_r = NULL;
  822. response->sig_s = NULL;
  823. }
  824. return ret;
  825. }
  826. #endif /* WITH_OPENSSL */
  827. static int
  828. pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
  829. {
  830. const unsigned char *ptr;
  831. size_t len;
  832. int ret = -1;
  833. ptr = fido_assert_sig_ptr(assert, 0);
  834. len = fido_assert_sig_len(assert, 0);
  835. if (len != 64) {
  836. skdebug(__func__, "bad length %zu", len);
  837. goto out;
  838. }
  839. response->sig_r_len = len;
  840. if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
  841. skdebug(__func__, "calloc signature failed");
  842. goto out;
  843. }
  844. memcpy(response->sig_r, ptr, len);
  845. ret = 0;
  846. out:
  847. if (ret != 0) {
  848. free(response->sig_r);
  849. response->sig_r = NULL;
  850. }
  851. return ret;
  852. }
  853. static int
  854. pack_sig(uint32_t alg, fido_assert_t *assert,
  855. struct sk_sign_response *response)
  856. {
  857. switch(alg) {
  858. #ifdef WITH_OPENSSL
  859. case SSH_SK_ECDSA:
  860. return pack_sig_ecdsa(assert, response);
  861. #endif /* WITH_OPENSSL */
  862. case SSH_SK_ED25519:
  863. return pack_sig_ed25519(assert, response);
  864. default:
  865. return -1;
  866. }
  867. }
  868. /* Checks sk_options for sk_sign() and sk_load_resident_keys() */
  869. static int
  870. check_sign_load_resident_options(struct sk_option **options, char **devicep)
  871. {
  872. size_t i;
  873. if (options == NULL)
  874. return 0;
  875. for (i = 0; options[i] != NULL; i++) {
  876. if (strcmp(options[i]->name, "device") == 0) {
  877. if ((*devicep = strdup(options[i]->value)) == NULL) {
  878. skdebug(__func__, "strdup device failed");
  879. return -1;
  880. }
  881. skdebug(__func__, "requested device %s", *devicep);
  882. } else {
  883. skdebug(__func__, "requested unsupported option %s",
  884. options[i]->name);
  885. if (options[i]->required) {
  886. skdebug(__func__, "unknown required option");
  887. return -1;
  888. }
  889. }
  890. }
  891. return 0;
  892. }
  893. int
  894. sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
  895. const char *application,
  896. const uint8_t *key_handle, size_t key_handle_len,
  897. uint8_t flags, const char *pin, struct sk_option **options,
  898. struct sk_sign_response **sign_response)
  899. {
  900. fido_assert_t *assert = NULL;
  901. char *device = NULL;
  902. struct sk_usbhid *sk = NULL;
  903. struct sk_sign_response *response = NULL;
  904. uint8_t message[32];
  905. int ret = SSH_SK_ERR_GENERAL;
  906. int r;
  907. fido_init(SSH_FIDO_INIT_ARG);
  908. if (sign_response == NULL) {
  909. skdebug(__func__, "sign_response == NULL");
  910. goto out;
  911. }
  912. *sign_response = NULL;
  913. if (check_sign_load_resident_options(options, &device) != 0)
  914. goto out; /* error already logged */
  915. /* hash data to be signed before it goes to the security key */
  916. if ((r = sha256_mem(data, datalen, message, sizeof(message))) != 0) {
  917. skdebug(__func__, "hash message failed");
  918. goto out;
  919. }
  920. if (device != NULL)
  921. sk = sk_open(device);
  922. else if (pin != NULL || (flags & SSH_SK_USER_VERIFICATION_REQD))
  923. sk = sk_probe(NULL, NULL, 0);
  924. else
  925. sk = sk_probe(application, key_handle, key_handle_len);
  926. if (sk == NULL) {
  927. skdebug(__func__, "failed to find sk");
  928. goto out;
  929. }
  930. if ((assert = fido_assert_new()) == NULL) {
  931. skdebug(__func__, "fido_assert_new failed");
  932. goto out;
  933. }
  934. if ((r = fido_assert_set_clientdata_hash(assert, message,
  935. sizeof(message))) != FIDO_OK) {
  936. skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
  937. fido_strerr(r));
  938. goto out;
  939. }
  940. if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
  941. skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
  942. goto out;
  943. }
  944. if ((r = fido_assert_allow_cred(assert, key_handle,
  945. key_handle_len)) != FIDO_OK) {
  946. skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
  947. goto out;
  948. }
  949. if ((r = fido_assert_set_up(assert,
  950. (flags & SSH_SK_USER_PRESENCE_REQD) ?
  951. FIDO_OPT_TRUE : FIDO_OPT_FALSE)) != FIDO_OK) {
  952. skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
  953. goto out;
  954. }
  955. if (pin == NULL && (flags & SSH_SK_USER_VERIFICATION_REQD) &&
  956. (r = fido_assert_set_uv(assert, FIDO_OPT_TRUE)) != FIDO_OK) {
  957. skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
  958. ret = FIDO_ERR_PIN_REQUIRED;
  959. goto out;
  960. }
  961. if ((r = fido_dev_get_assert(sk->dev, assert, pin)) != FIDO_OK) {
  962. skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
  963. ret = fidoerr_to_skerr(r);
  964. goto out;
  965. }
  966. if ((response = calloc(1, sizeof(*response))) == NULL) {
  967. skdebug(__func__, "calloc response failed");
  968. goto out;
  969. }
  970. response->flags = fido_assert_flags(assert, 0);
  971. response->counter = fido_assert_sigcount(assert, 0);
  972. if (pack_sig(alg, assert, response) != 0) {
  973. skdebug(__func__, "pack_sig failed");
  974. goto out;
  975. }
  976. *sign_response = response;
  977. response = NULL;
  978. ret = 0;
  979. out:
  980. explicit_bzero(message, sizeof(message));
  981. free(device);
  982. if (response != NULL) {
  983. free(response->sig_r);
  984. free(response->sig_s);
  985. free(response);
  986. }
  987. sk_close(sk);
  988. fido_assert_free(&assert);
  989. return ret;
  990. }
  991. static int
  992. read_rks(struct sk_usbhid *sk, const char *pin,
  993. struct sk_resident_key ***rksp, size_t *nrksp)
  994. {
  995. int ret = SSH_SK_ERR_GENERAL, r = -1;
  996. fido_credman_metadata_t *metadata = NULL;
  997. fido_credman_rp_t *rp = NULL;
  998. fido_credman_rk_t *rk = NULL;
  999. size_t i, j, nrp, nrk;
  1000. const fido_cred_t *cred;
  1001. struct sk_resident_key *srk = NULL, **tmp;
  1002. if (pin == NULL) {
  1003. skdebug(__func__, "no PIN specified");
  1004. ret = SSH_SK_ERR_PIN_REQUIRED;
  1005. goto out;
  1006. }
  1007. if ((metadata = fido_credman_metadata_new()) == NULL) {
  1008. skdebug(__func__, "alloc failed");
  1009. goto out;
  1010. }
  1011. if ((r = fido_credman_get_dev_metadata(sk->dev, metadata, pin)) != 0) {
  1012. if (r == FIDO_ERR_INVALID_COMMAND) {
  1013. skdebug(__func__, "device %s does not support "
  1014. "resident keys", sk->path);
  1015. ret = 0;
  1016. goto out;
  1017. }
  1018. skdebug(__func__, "get metadata for %s failed: %s",
  1019. sk->path, fido_strerr(r));
  1020. ret = fidoerr_to_skerr(r);
  1021. goto out;
  1022. }
  1023. skdebug(__func__, "existing %llu, remaining %llu",
  1024. (unsigned long long)fido_credman_rk_existing(metadata),
  1025. (unsigned long long)fido_credman_rk_remaining(metadata));
  1026. if ((rp = fido_credman_rp_new()) == NULL) {
  1027. skdebug(__func__, "alloc rp failed");
  1028. goto out;
  1029. }
  1030. if ((r = fido_credman_get_dev_rp(sk->dev, rp, pin)) != 0) {
  1031. skdebug(__func__, "get RPs for %s failed: %s",
  1032. sk->path, fido_strerr(r));
  1033. goto out;
  1034. }
  1035. nrp = fido_credman_rp_count(rp);
  1036. skdebug(__func__, "Device %s has resident keys for %zu RPs",
  1037. sk->path, nrp);
  1038. /* Iterate over RP IDs that have resident keys */
  1039. for (i = 0; i < nrp; i++) {
  1040. skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu",
  1041. i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i),
  1042. fido_credman_rp_id_hash_len(rp, i));
  1043. /* Skip non-SSH RP IDs */
  1044. if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0)
  1045. continue;
  1046. fido_credman_rk_free(&rk);
  1047. if ((rk = fido_credman_rk_new()) == NULL) {
  1048. skdebug(__func__, "alloc rk failed");
  1049. goto out;
  1050. }
  1051. if ((r = fido_credman_get_dev_rk(sk->dev,
  1052. fido_credman_rp_id(rp, i), rk, pin)) != 0) {
  1053. skdebug(__func__, "get RKs for %s slot %zu failed: %s",
  1054. sk->path, i, fido_strerr(r));
  1055. goto out;
  1056. }
  1057. nrk = fido_credman_rk_count(rk);
  1058. skdebug(__func__, "RP \"%s\" has %zu resident keys",
  1059. fido_credman_rp_id(rp, i), nrk);
  1060. /* Iterate over resident keys for this RP ID */
  1061. for (j = 0; j < nrk; j++) {
  1062. if ((cred = fido_credman_rk(rk, j)) == NULL) {
  1063. skdebug(__func__, "no RK in slot %zu", j);
  1064. continue;
  1065. }
  1066. skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
  1067. "type %d flags 0x%02x prot 0x%02x", sk->path,
  1068. fido_credman_rp_id(rp, i), j, fido_cred_type(cred),
  1069. fido_cred_flags(cred), fido_cred_prot(cred));
  1070. /* build response entry */
  1071. if ((srk = calloc(1, sizeof(*srk))) == NULL ||
  1072. (srk->key.key_handle = calloc(1,
  1073. fido_cred_id_len(cred))) == NULL ||
  1074. (srk->application = strdup(fido_credman_rp_id(rp,
  1075. i))) == NULL) {
  1076. skdebug(__func__, "alloc sk_resident_key");
  1077. goto out;
  1078. }
  1079. srk->key.key_handle_len = fido_cred_id_len(cred);
  1080. memcpy(srk->key.key_handle, fido_cred_id_ptr(cred),
  1081. srk->key.key_handle_len);
  1082. switch (fido_cred_type(cred)) {
  1083. case COSE_ES256:
  1084. srk->alg = SSH_SK_ECDSA;
  1085. break;
  1086. case COSE_EDDSA:
  1087. srk->alg = SSH_SK_ED25519;
  1088. break;
  1089. default:
  1090. skdebug(__func__, "unsupported key type %d",
  1091. fido_cred_type(cred));
  1092. goto out; /* XXX free rk and continue */
  1093. }
  1094. if (fido_cred_prot(cred) == FIDO_CRED_PROT_UV_REQUIRED)
  1095. srk->flags |= SSH_SK_USER_VERIFICATION_REQD;
  1096. if ((r = pack_public_key(srk->alg, cred,
  1097. &srk->key)) != 0) {
  1098. skdebug(__func__, "pack public key failed");
  1099. goto out;
  1100. }
  1101. /* append */
  1102. if ((tmp = recallocarray(*rksp, *nrksp, (*nrksp) + 1,
  1103. sizeof(**rksp))) == NULL) {
  1104. skdebug(__func__, "alloc rksp");
  1105. goto out;
  1106. }
  1107. *rksp = tmp;
  1108. (*rksp)[(*nrksp)++] = srk;
  1109. srk = NULL;
  1110. }
  1111. }
  1112. /* Success */
  1113. ret = 0;
  1114. out:
  1115. if (srk != NULL) {
  1116. free(srk->application);
  1117. freezero(srk->key.public_key, srk->key.public_key_len);
  1118. freezero(srk->key.key_handle, srk->key.key_handle_len);
  1119. freezero(srk, sizeof(*srk));
  1120. }
  1121. fido_credman_rp_free(&rp);
  1122. fido_credman_rk_free(&rk);
  1123. fido_credman_metadata_free(&metadata);
  1124. return ret;
  1125. }
  1126. int
  1127. sk_load_resident_keys(const char *pin, struct sk_option **options,
  1128. struct sk_resident_key ***rksp, size_t *nrksp)
  1129. {
  1130. int ret = SSH_SK_ERR_GENERAL, r = -1;
  1131. size_t i, nrks = 0;
  1132. struct sk_resident_key **rks = NULL;
  1133. struct sk_usbhid *sk = NULL;
  1134. char *device = NULL;
  1135. *rksp = NULL;
  1136. *nrksp = 0;
  1137. fido_init(SSH_FIDO_INIT_ARG);
  1138. if (check_sign_load_resident_options(options, &device) != 0)
  1139. goto out; /* error already logged */
  1140. if (device != NULL)
  1141. sk = sk_open(device);
  1142. else
  1143. sk = sk_probe(NULL, NULL, 0);
  1144. if (sk == NULL) {
  1145. skdebug(__func__, "failed to find sk");
  1146. goto out;
  1147. }
  1148. skdebug(__func__, "trying %s", sk->path);
  1149. if ((r = read_rks(sk, pin, &rks, &nrks)) != 0) {
  1150. skdebug(__func__, "read_rks failed for %s", sk->path);
  1151. ret = r;
  1152. goto out;
  1153. }
  1154. /* success, unless we have no keys but a specific error */
  1155. if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
  1156. ret = 0;
  1157. *rksp = rks;
  1158. *nrksp = nrks;
  1159. rks = NULL;
  1160. nrks = 0;
  1161. out:
  1162. sk_close(sk);
  1163. for (i = 0; i < nrks; i++) {
  1164. free(rks[i]->application);
  1165. freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
  1166. freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
  1167. freezero(rks[i], sizeof(*rks[i]));
  1168. }
  1169. free(rks);
  1170. return ret;
  1171. }
  1172. #endif /* ENABLE_SK_INTERNAL */