1 /*
2 * Copyright (c) 2019 Markus Friedl
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #include "includes.h"
18
19 #ifdef ENABLE_SK_INTERNAL
20
21 #include <stdint.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <stddef.h>
26 #include <stdarg.h>
27 #ifdef HAVE_SHA2_H
28 #include <sha2.h>
29 #endif
30
31 #ifdef WITH_OPENSSL
32 #include <openssl/opensslv.h>
33 #include <openssl/crypto.h>
34 #include <openssl/bn.h>
35 #include <openssl/ec.h>
36 #include <openssl/ecdsa.h>
37 #include <openssl/evp.h>
38 #endif /* WITH_OPENSSL */
39
40 #include <fido.h>
41 #include <fido/credman.h>
42
43 #ifndef SK_STANDALONE
44 # include "log.h"
45 # include "xmalloc.h"
46 /*
47 * If building as part of OpenSSH, then rename exported functions.
48 * This must be done before including sk-api.h.
49 */
50 # define sk_api_version ssh_sk_api_version
51 # define sk_enroll ssh_sk_enroll
52 # define sk_sign ssh_sk_sign
53 # define sk_load_resident_keys ssh_sk_load_resident_keys
54 #endif /* !SK_STANDALONE */
55
56 #include "sk-api.h"
57
58 /* #define SK_DEBUG 1 */
59
60 #define MAX_FIDO_DEVICES 256
61
62 /* Compatibility with OpenSSH 1.0.x */
63 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
64 #define ECDSA_SIG_get0(sig, pr, ps) \
65 do { \
66 (*pr) = sig->r; \
67 (*ps) = sig->s; \
68 } while (0)
69 #endif
70
71 /* Return the version of the middleware API */
72 uint32_t sk_api_version(void);
73
74 /* Enroll a U2F key (private key generation) */
75 int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
76 const char *application, uint8_t flags, const char *pin,
77 struct sk_option **options, struct sk_enroll_response **enroll_response);
78
79 /* Sign a challenge */
80 int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
81 const char *application, const uint8_t *key_handle, size_t key_handle_len,
82 uint8_t flags, const char *pin, struct sk_option **options,
83 struct sk_sign_response **sign_response);
84
85 /* Load resident keys */
86 int sk_load_resident_keys(const char *pin, struct sk_option **options,
87 struct sk_resident_key ***rks, size_t *nrks);
88
89 static void skdebug(const char *func, const char *fmt, ...)
90 __attribute__((__format__ (printf, 2, 3)));
91
92 static void
skdebug(const char * func,const char * fmt,...)93 skdebug(const char *func, const char *fmt, ...)
94 {
95 #if !defined(SK_STANDALONE)
96 char *msg;
97 va_list ap;
98
99 va_start(ap, fmt);
100 xvasprintf(&msg, fmt, ap);
101 va_end(ap);
102 debug("%s: %s", func, msg);
103 free(msg);
104 #elif defined(SK_DEBUG)
105 va_list ap;
106
107 va_start(ap, fmt);
108 fprintf(stderr, "%s: ", func);
109 vfprintf(stderr, fmt, ap);
110 fputc('\n', stderr);
111 va_end(ap);
112 #else
113 (void)func; /* XXX */
114 (void)fmt; /* XXX */
115 #endif
116 }
117
118 uint32_t
sk_api_version(void)119 sk_api_version(void)
120 {
121 return SSH_SK_VERSION_MAJOR;
122 }
123
124 /* Select the first identified FIDO device attached to the system */
125 static char *
pick_first_device(void)126 pick_first_device(void)
127 {
128 char *ret = NULL;
129 fido_dev_info_t *devlist = NULL;
130 size_t olen = 0;
131 int r;
132 const fido_dev_info_t *di;
133
134 if ((devlist = fido_dev_info_new(1)) == NULL) {
135 skdebug(__func__, "fido_dev_info_new failed");
136 goto out;
137 }
138 if ((r = fido_dev_info_manifest(devlist, 1, &olen)) != FIDO_OK) {
139 skdebug(__func__, "fido_dev_info_manifest failed: %s",
140 fido_strerr(r));
141 goto out;
142 }
143 if (olen != 1) {
144 skdebug(__func__, "fido_dev_info_manifest bad len %zu", olen);
145 goto out;
146 }
147 di = fido_dev_info_ptr(devlist, 0);
148 if ((ret = strdup(fido_dev_info_path(di))) == NULL) {
149 skdebug(__func__, "fido_dev_info_path failed");
150 goto out;
151 }
152 out:
153 fido_dev_info_free(&devlist, 1);
154 return ret;
155 }
156
157 /* Check if the specified key handle exists on a given device. */
158 static int
try_device(fido_dev_t * dev,const uint8_t * message,size_t message_len,const char * application,const uint8_t * key_handle,size_t key_handle_len)159 try_device(fido_dev_t *dev, const uint8_t *message, size_t message_len,
160 const char *application, const uint8_t *key_handle, size_t key_handle_len)
161 {
162 fido_assert_t *assert = NULL;
163 int r = FIDO_ERR_INTERNAL;
164
165 if ((assert = fido_assert_new()) == NULL) {
166 skdebug(__func__, "fido_assert_new failed");
167 goto out;
168 }
169 if ((r = fido_assert_set_clientdata_hash(assert, message,
170 message_len)) != FIDO_OK) {
171 skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
172 fido_strerr(r));
173 goto out;
174 }
175 if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
176 skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
177 goto out;
178 }
179 if ((r = fido_assert_allow_cred(assert, key_handle,
180 key_handle_len)) != FIDO_OK) {
181 skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
182 goto out;
183 }
184 if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
185 skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
186 goto out;
187 }
188 r = fido_dev_get_assert(dev, assert, NULL);
189 skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
190 if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
191 /* U2F tokens may return this */
192 r = FIDO_OK;
193 }
194 out:
195 fido_assert_free(&assert);
196
197 return r != FIDO_OK ? -1 : 0;
198 }
199
200 /* Iterate over configured devices looking for a specific key handle */
201 static fido_dev_t *
find_device(const char * path,const uint8_t * message,size_t message_len,const char * application,const uint8_t * key_handle,size_t key_handle_len)202 find_device(const char *path, const uint8_t *message, size_t message_len,
203 const char *application, const uint8_t *key_handle, size_t key_handle_len)
204 {
205 fido_dev_info_t *devlist = NULL;
206 fido_dev_t *dev = NULL;
207 size_t devlist_len = 0, i;
208 int r;
209
210 if (path != NULL) {
211 if ((dev = fido_dev_new()) == NULL) {
212 skdebug(__func__, "fido_dev_new failed");
213 return NULL;
214 }
215 if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
216 skdebug(__func__, "fido_dev_open failed");
217 fido_dev_free(&dev);
218 return NULL;
219 }
220 return dev;
221 }
222
223 if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
224 skdebug(__func__, "fido_dev_info_new failed");
225 goto out;
226 }
227 if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
228 &devlist_len)) != FIDO_OK) {
229 skdebug(__func__, "fido_dev_info_manifest: %s", fido_strerr(r));
230 goto out;
231 }
232
233 skdebug(__func__, "found %zu device(s)", devlist_len);
234
235 for (i = 0; i < devlist_len; i++) {
236 const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
237
238 if (di == NULL) {
239 skdebug(__func__, "fido_dev_info_ptr %zu failed", i);
240 continue;
241 }
242 if ((path = fido_dev_info_path(di)) == NULL) {
243 skdebug(__func__, "fido_dev_info_path %zu failed", i);
244 continue;
245 }
246 skdebug(__func__, "trying device %zu: %s", i, path);
247 if ((dev = fido_dev_new()) == NULL) {
248 skdebug(__func__, "fido_dev_new failed");
249 continue;
250 }
251 if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
252 skdebug(__func__, "fido_dev_open failed");
253 fido_dev_free(&dev);
254 continue;
255 }
256 if (try_device(dev, message, message_len, application,
257 key_handle, key_handle_len) == 0) {
258 skdebug(__func__, "found key");
259 break;
260 }
261 fido_dev_close(dev);
262 fido_dev_free(&dev);
263 }
264
265 out:
266 if (devlist != NULL)
267 fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
268
269 return dev;
270 }
271
272 #ifdef WITH_OPENSSL
273 /*
274 * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
275 * but the API expects a SEC1 octet string.
276 */
277 static int
pack_public_key_ecdsa(const fido_cred_t * cred,struct sk_enroll_response * response)278 pack_public_key_ecdsa(const fido_cred_t *cred,
279 struct sk_enroll_response *response)
280 {
281 const uint8_t *ptr;
282 BIGNUM *x = NULL, *y = NULL;
283 EC_POINT *q = NULL;
284 EC_GROUP *g = NULL;
285 int ret = -1;
286
287 response->public_key = NULL;
288 response->public_key_len = 0;
289
290 if ((x = BN_new()) == NULL ||
291 (y = BN_new()) == NULL ||
292 (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
293 (q = EC_POINT_new(g)) == NULL) {
294 skdebug(__func__, "libcrypto setup failed");
295 goto out;
296 }
297 if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
298 skdebug(__func__, "fido_cred_pubkey_ptr failed");
299 goto out;
300 }
301 if (fido_cred_pubkey_len(cred) != 64) {
302 skdebug(__func__, "bad fido_cred_pubkey_len %zu",
303 fido_cred_pubkey_len(cred));
304 goto out;
305 }
306
307 if (BN_bin2bn(ptr, 32, x) == NULL ||
308 BN_bin2bn(ptr + 32, 32, y) == NULL) {
309 skdebug(__func__, "BN_bin2bn failed");
310 goto out;
311 }
312 if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
313 skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
314 goto out;
315 }
316 response->public_key_len = EC_POINT_point2oct(g, q,
317 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
318 if (response->public_key_len == 0 || response->public_key_len > 2048) {
319 skdebug(__func__, "bad pubkey length %zu",
320 response->public_key_len);
321 goto out;
322 }
323 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
324 skdebug(__func__, "malloc pubkey failed");
325 goto out;
326 }
327 if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
328 response->public_key, response->public_key_len, NULL) == 0) {
329 skdebug(__func__, "EC_POINT_point2oct failed");
330 goto out;
331 }
332 /* success */
333 ret = 0;
334 out:
335 if (ret != 0 && response->public_key != NULL) {
336 memset(response->public_key, 0, response->public_key_len);
337 free(response->public_key);
338 response->public_key = NULL;
339 }
340 EC_POINT_free(q);
341 EC_GROUP_free(g);
342 BN_clear_free(x);
343 BN_clear_free(y);
344 return ret;
345 }
346 #endif /* WITH_OPENSSL */
347
348 static int
pack_public_key_ed25519(const fido_cred_t * cred,struct sk_enroll_response * response)349 pack_public_key_ed25519(const fido_cred_t *cred,
350 struct sk_enroll_response *response)
351 {
352 const uint8_t *ptr;
353 size_t len;
354 int ret = -1;
355
356 response->public_key = NULL;
357 response->public_key_len = 0;
358
359 if ((len = fido_cred_pubkey_len(cred)) != 32) {
360 skdebug(__func__, "bad fido_cred_pubkey_len len %zu", len);
361 goto out;
362 }
363 if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
364 skdebug(__func__, "fido_cred_pubkey_ptr failed");
365 goto out;
366 }
367 response->public_key_len = len;
368 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
369 skdebug(__func__, "malloc pubkey failed");
370 goto out;
371 }
372 memcpy(response->public_key, ptr, len);
373 ret = 0;
374 out:
375 if (ret != 0)
376 free(response->public_key);
377 return ret;
378 }
379
380 static int
pack_public_key(uint32_t alg,const fido_cred_t * cred,struct sk_enroll_response * response)381 pack_public_key(uint32_t alg, const fido_cred_t *cred,
382 struct sk_enroll_response *response)
383 {
384 switch(alg) {
385 #ifdef WITH_OPENSSL
386 case SSH_SK_ECDSA:
387 return pack_public_key_ecdsa(cred, response);
388 #endif /* WITH_OPENSSL */
389 case SSH_SK_ED25519:
390 return pack_public_key_ed25519(cred, response);
391 default:
392 return -1;
393 }
394 }
395
396 static int
fidoerr_to_skerr(int fidoerr)397 fidoerr_to_skerr(int fidoerr)
398 {
399 switch (fidoerr) {
400 case FIDO_ERR_UNSUPPORTED_OPTION:
401 case FIDO_ERR_UNSUPPORTED_ALGORITHM:
402 return SSH_SK_ERR_UNSUPPORTED;
403 case FIDO_ERR_PIN_REQUIRED:
404 case FIDO_ERR_PIN_INVALID:
405 return SSH_SK_ERR_PIN_REQUIRED;
406 default:
407 return -1;
408 }
409 }
410
411 static int
check_enroll_options(struct sk_option ** options,char ** devicep,uint8_t * user_id,size_t user_id_len)412 check_enroll_options(struct sk_option **options, char **devicep,
413 uint8_t *user_id, size_t user_id_len)
414 {
415 size_t i;
416
417 if (options == NULL)
418 return 0;
419 for (i = 0; options[i] != NULL; i++) {
420 if (strcmp(options[i]->name, "device") == 0) {
421 if ((*devicep = strdup(options[i]->value)) == NULL) {
422 skdebug(__func__, "strdup device failed");
423 return -1;
424 }
425 skdebug(__func__, "requested device %s", *devicep);
426 } else if (strcmp(options[i]->name, "user") == 0) {
427 if (strlcpy(user_id, options[i]->value, user_id_len) >=
428 user_id_len) {
429 skdebug(__func__, "user too long");
430 return -1;
431 }
432 skdebug(__func__, "requested user %s",
433 (char *)user_id);
434 } else {
435 skdebug(__func__, "requested unsupported option %s",
436 options[i]->name);
437 if (options[i]->required) {
438 skdebug(__func__, "unknown required option");
439 return -1;
440 }
441 }
442 }
443 return 0;
444 }
445
446 int
sk_enroll(uint32_t alg,const uint8_t * challenge,size_t challenge_len,const char * application,uint8_t flags,const char * pin,struct sk_option ** options,struct sk_enroll_response ** enroll_response)447 sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
448 const char *application, uint8_t flags, const char *pin,
449 struct sk_option **options, struct sk_enroll_response **enroll_response)
450 {
451 fido_cred_t *cred = NULL;
452 fido_dev_t *dev = NULL;
453 const uint8_t *ptr;
454 uint8_t user_id[32];
455 struct sk_enroll_response *response = NULL;
456 size_t len;
457 int cose_alg;
458 int ret = SSH_SK_ERR_GENERAL;
459 int r;
460 char *device = NULL;
461
462 #ifdef SK_DEBUG
463 fido_init(FIDO_DEBUG);
464 #endif
465 if (enroll_response == NULL) {
466 skdebug(__func__, "enroll_response == NULL");
467 goto out;
468 }
469 memset(user_id, 0, sizeof(user_id));
470 if (check_enroll_options(options, &device,
471 user_id, sizeof(user_id)) != 0)
472 goto out; /* error already logged */
473
474 *enroll_response = NULL;
475 switch(alg) {
476 #ifdef WITH_OPENSSL
477 case SSH_SK_ECDSA:
478 cose_alg = COSE_ES256;
479 break;
480 #endif /* WITH_OPENSSL */
481 case SSH_SK_ED25519:
482 cose_alg = COSE_EDDSA;
483 break;
484 default:
485 skdebug(__func__, "unsupported key type %d", alg);
486 goto out;
487 }
488 if (device == NULL && (device = pick_first_device()) == NULL) {
489 ret = SSH_SK_ERR_DEVICE_NOT_FOUND;
490 skdebug(__func__, "pick_first_device failed");
491 goto out;
492 }
493 skdebug(__func__, "using device %s", device);
494 if ((cred = fido_cred_new()) == NULL) {
495 skdebug(__func__, "fido_cred_new failed");
496 goto out;
497 }
498 if ((r = fido_cred_set_type(cred, cose_alg)) != FIDO_OK) {
499 skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
500 goto out;
501 }
502 if ((r = fido_cred_set_clientdata_hash(cred, challenge,
503 challenge_len)) != FIDO_OK) {
504 skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
505 fido_strerr(r));
506 goto out;
507 }
508 if ((r = fido_cred_set_rk(cred, (flags & SSH_SK_RESIDENT_KEY) != 0 ?
509 FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
510 skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
511 goto out;
512 }
513 if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),
514 "openssh", "openssh", NULL)) != FIDO_OK) {
515 skdebug(__func__, "fido_cred_set_user: %s", fido_strerr(r));
516 goto out;
517 }
518 if ((r = fido_cred_set_rp(cred, application, NULL)) != FIDO_OK) {
519 skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
520 goto out;
521 }
522 if ((dev = fido_dev_new()) == NULL) {
523 skdebug(__func__, "fido_dev_new failed");
524 goto out;
525 }
526 if ((r = fido_dev_open(dev, device)) != FIDO_OK) {
527 skdebug(__func__, "fido_dev_open: %s", fido_strerr(r));
528 goto out;
529 }
530 if ((r = fido_dev_make_cred(dev, cred, pin)) != FIDO_OK) {
531 skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
532 ret = fidoerr_to_skerr(r);
533 goto out;
534 }
535 if (fido_cred_x5c_ptr(cred) != NULL) {
536 if ((r = fido_cred_verify(cred)) != FIDO_OK) {
537 skdebug(__func__, "fido_cred_verify: %s",
538 fido_strerr(r));
539 goto out;
540 }
541 } else {
542 skdebug(__func__, "self-attested credential");
543 if ((r = fido_cred_verify_self(cred)) != FIDO_OK) {
544 skdebug(__func__, "fido_cred_verify_self: %s",
545 fido_strerr(r));
546 goto out;
547 }
548 }
549 if ((response = calloc(1, sizeof(*response))) == NULL) {
550 skdebug(__func__, "calloc response failed");
551 goto out;
552 }
553 if (pack_public_key(alg, cred, response) != 0) {
554 skdebug(__func__, "pack_public_key failed");
555 goto out;
556 }
557 if ((ptr = fido_cred_id_ptr(cred)) != NULL) {
558 len = fido_cred_id_len(cred);
559 if ((response->key_handle = calloc(1, len)) == NULL) {
560 skdebug(__func__, "calloc key handle failed");
561 goto out;
562 }
563 memcpy(response->key_handle, ptr, len);
564 response->key_handle_len = len;
565 }
566 if ((ptr = fido_cred_sig_ptr(cred)) != NULL) {
567 len = fido_cred_sig_len(cred);
568 if ((response->signature = calloc(1, len)) == NULL) {
569 skdebug(__func__, "calloc signature failed");
570 goto out;
571 }
572 memcpy(response->signature, ptr, len);
573 response->signature_len = len;
574 }
575 if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
576 len = fido_cred_x5c_len(cred);
577 debug3("%s: attestation cert len=%zu", __func__, len);
578 if ((response->attestation_cert = calloc(1, len)) == NULL) {
579 skdebug(__func__, "calloc attestation cert failed");
580 goto out;
581 }
582 memcpy(response->attestation_cert, ptr, len);
583 response->attestation_cert_len = len;
584 }
585 *enroll_response = response;
586 response = NULL;
587 ret = 0;
588 out:
589 free(device);
590 if (response != NULL) {
591 free(response->public_key);
592 free(response->key_handle);
593 free(response->signature);
594 free(response->attestation_cert);
595 free(response);
596 }
597 if (dev != NULL) {
598 fido_dev_close(dev);
599 fido_dev_free(&dev);
600 }
601 if (cred != NULL) {
602 fido_cred_free(&cred);
603 }
604 return ret;
605 }
606
607 #ifdef WITH_OPENSSL
608 static int
pack_sig_ecdsa(fido_assert_t * assert,struct sk_sign_response * response)609 pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
610 {
611 ECDSA_SIG *sig = NULL;
612 const BIGNUM *sig_r, *sig_s;
613 const unsigned char *cp;
614 size_t sig_len;
615 int ret = -1;
616
617 cp = fido_assert_sig_ptr(assert, 0);
618 sig_len = fido_assert_sig_len(assert, 0);
619 if ((sig = d2i_ECDSA_SIG(NULL, &cp, sig_len)) == NULL) {
620 skdebug(__func__, "d2i_ECDSA_SIG failed");
621 goto out;
622 }
623 ECDSA_SIG_get0(sig, &sig_r, &sig_s);
624 response->sig_r_len = BN_num_bytes(sig_r);
625 response->sig_s_len = BN_num_bytes(sig_s);
626 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
627 (response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
628 skdebug(__func__, "calloc signature failed");
629 goto out;
630 }
631 BN_bn2bin(sig_r, response->sig_r);
632 BN_bn2bin(sig_s, response->sig_s);
633 ret = 0;
634 out:
635 ECDSA_SIG_free(sig);
636 if (ret != 0) {
637 free(response->sig_r);
638 free(response->sig_s);
639 response->sig_r = NULL;
640 response->sig_s = NULL;
641 }
642 return ret;
643 }
644 #endif /* WITH_OPENSSL */
645
646 static int
pack_sig_ed25519(fido_assert_t * assert,struct sk_sign_response * response)647 pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
648 {
649 const unsigned char *ptr;
650 size_t len;
651 int ret = -1;
652
653 ptr = fido_assert_sig_ptr(assert, 0);
654 len = fido_assert_sig_len(assert, 0);
655 if (len != 64) {
656 skdebug(__func__, "bad length %zu", len);
657 goto out;
658 }
659 response->sig_r_len = len;
660 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
661 skdebug(__func__, "calloc signature failed");
662 goto out;
663 }
664 memcpy(response->sig_r, ptr, len);
665 ret = 0;
666 out:
667 if (ret != 0) {
668 free(response->sig_r);
669 response->sig_r = NULL;
670 }
671 return ret;
672 }
673
674 static int
pack_sig(uint32_t alg,fido_assert_t * assert,struct sk_sign_response * response)675 pack_sig(uint32_t alg, fido_assert_t *assert,
676 struct sk_sign_response *response)
677 {
678 switch(alg) {
679 #ifdef WITH_OPENSSL
680 case SSH_SK_ECDSA:
681 return pack_sig_ecdsa(assert, response);
682 #endif /* WITH_OPENSSL */
683 case SSH_SK_ED25519:
684 return pack_sig_ed25519(assert, response);
685 default:
686 return -1;
687 }
688 }
689
690 /* Checks sk_options for sk_sign() and sk_load_resident_keys() */
691 static int
check_sign_load_resident_options(struct sk_option ** options,char ** devicep)692 check_sign_load_resident_options(struct sk_option **options, char **devicep)
693 {
694 size_t i;
695
696 if (options == NULL)
697 return 0;
698 for (i = 0; options[i] != NULL; i++) {
699 if (strcmp(options[i]->name, "device") == 0) {
700 if ((*devicep = strdup(options[i]->value)) == NULL) {
701 skdebug(__func__, "strdup device failed");
702 return -1;
703 }
704 skdebug(__func__, "requested device %s", *devicep);
705 } else {
706 skdebug(__func__, "requested unsupported option %s",
707 options[i]->name);
708 if (options[i]->required) {
709 skdebug(__func__, "unknown required option");
710 return -1;
711 }
712 }
713 }
714 return 0;
715 }
716
717 /* Calculate SHA256(m) */
718 static int
sha256_mem(const void * m,size_t mlen,u_char * d,size_t dlen)719 sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
720 {
721 #ifdef WITH_OPENSSL
722 u_int mdlen;
723 #endif
724
725 if (dlen != 32)
726 return -1;
727 #ifdef WITH_OPENSSL
728 mdlen = dlen;
729 if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL))
730 return -1;
731 #else
732 SHA256Data(m, mlen, d);
733 #endif
734 return 0;
735 }
736
737 int
sk_sign(uint32_t alg,const uint8_t * data,size_t datalen,const char * application,const uint8_t * key_handle,size_t key_handle_len,uint8_t flags,const char * pin,struct sk_option ** options,struct sk_sign_response ** sign_response)738 sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
739 const char *application,
740 const uint8_t *key_handle, size_t key_handle_len,
741 uint8_t flags, const char *pin, struct sk_option **options,
742 struct sk_sign_response **sign_response)
743 {
744 fido_assert_t *assert = NULL;
745 char *device = NULL;
746 fido_dev_t *dev = NULL;
747 struct sk_sign_response *response = NULL;
748 uint8_t message[32];
749 int ret = SSH_SK_ERR_GENERAL;
750 int r;
751
752 #ifdef SK_DEBUG
753 fido_init(FIDO_DEBUG);
754 #endif
755
756 if (sign_response == NULL) {
757 skdebug(__func__, "sign_response == NULL");
758 goto out;
759 }
760 *sign_response = NULL;
761 if (check_sign_load_resident_options(options, &device) != 0)
762 goto out; /* error already logged */
763 /* hash data to be signed before it goes to the security key */
764 if ((r = sha256_mem(data, datalen, message, sizeof(message))) != 0) {
765 skdebug(__func__, "hash message failed");
766 goto out;
767 }
768 if ((dev = find_device(device, message, sizeof(message),
769 application, key_handle, key_handle_len)) == NULL) {
770 skdebug(__func__, "couldn't find device for key handle");
771 goto out;
772 }
773 if ((assert = fido_assert_new()) == NULL) {
774 skdebug(__func__, "fido_assert_new failed");
775 goto out;
776 }
777 if ((r = fido_assert_set_clientdata_hash(assert, message,
778 sizeof(message))) != FIDO_OK) {
779 skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
780 fido_strerr(r));
781 goto out;
782 }
783 if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
784 skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
785 goto out;
786 }
787 if ((r = fido_assert_allow_cred(assert, key_handle,
788 key_handle_len)) != FIDO_OK) {
789 skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
790 goto out;
791 }
792 if ((r = fido_assert_set_up(assert,
793 (flags & SSH_SK_USER_PRESENCE_REQD) ?
794 FIDO_OPT_TRUE : FIDO_OPT_FALSE)) != FIDO_OK) {
795 skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
796 goto out;
797 }
798 if ((r = fido_dev_get_assert(dev, assert, NULL)) != FIDO_OK) {
799 skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
800 goto out;
801 }
802 if ((response = calloc(1, sizeof(*response))) == NULL) {
803 skdebug(__func__, "calloc response failed");
804 goto out;
805 }
806 response->flags = fido_assert_flags(assert, 0);
807 response->counter = fido_assert_sigcount(assert, 0);
808 if (pack_sig(alg, assert, response) != 0) {
809 skdebug(__func__, "pack_sig failed");
810 goto out;
811 }
812 *sign_response = response;
813 response = NULL;
814 ret = 0;
815 out:
816 explicit_bzero(message, sizeof(message));
817 free(device);
818 if (response != NULL) {
819 free(response->sig_r);
820 free(response->sig_s);
821 free(response);
822 }
823 if (dev != NULL) {
824 fido_dev_close(dev);
825 fido_dev_free(&dev);
826 }
827 if (assert != NULL) {
828 fido_assert_free(&assert);
829 }
830 return ret;
831 }
832
833 static int
read_rks(const char * devpath,const char * pin,struct sk_resident_key *** rksp,size_t * nrksp)834 read_rks(const char *devpath, const char *pin,
835 struct sk_resident_key ***rksp, size_t *nrksp)
836 {
837 int ret = SSH_SK_ERR_GENERAL, r = -1;
838 fido_dev_t *dev = NULL;
839 fido_credman_metadata_t *metadata = NULL;
840 fido_credman_rp_t *rp = NULL;
841 fido_credman_rk_t *rk = NULL;
842 size_t i, j, nrp, nrk;
843 const fido_cred_t *cred;
844 struct sk_resident_key *srk = NULL, **tmp;
845
846 if ((dev = fido_dev_new()) == NULL) {
847 skdebug(__func__, "fido_dev_new failed");
848 return ret;
849 }
850 if ((r = fido_dev_open(dev, devpath)) != FIDO_OK) {
851 skdebug(__func__, "fido_dev_open %s failed: %s",
852 devpath, fido_strerr(r));
853 fido_dev_free(&dev);
854 return ret;
855 }
856 if ((metadata = fido_credman_metadata_new()) == NULL) {
857 skdebug(__func__, "alloc failed");
858 goto out;
859 }
860
861 if ((r = fido_credman_get_dev_metadata(dev, metadata, pin)) != 0) {
862 if (r == FIDO_ERR_INVALID_COMMAND) {
863 skdebug(__func__, "device %s does not support "
864 "resident keys", devpath);
865 ret = 0;
866 goto out;
867 }
868 skdebug(__func__, "get metadata for %s failed: %s",
869 devpath, fido_strerr(r));
870 ret = fidoerr_to_skerr(r);
871 goto out;
872 }
873 skdebug(__func__, "existing %llu, remaining %llu",
874 (unsigned long long)fido_credman_rk_existing(metadata),
875 (unsigned long long)fido_credman_rk_remaining(metadata));
876 if ((rp = fido_credman_rp_new()) == NULL) {
877 skdebug(__func__, "alloc rp failed");
878 goto out;
879 }
880 if ((r = fido_credman_get_dev_rp(dev, rp, pin)) != 0) {
881 skdebug(__func__, "get RPs for %s failed: %s",
882 devpath, fido_strerr(r));
883 goto out;
884 }
885 nrp = fido_credman_rp_count(rp);
886 skdebug(__func__, "Device %s has resident keys for %zu RPs",
887 devpath, nrp);
888
889 /* Iterate over RP IDs that have resident keys */
890 for (i = 0; i < nrp; i++) {
891 skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu",
892 i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i),
893 fido_credman_rp_id_hash_len(rp, i));
894
895 /* Skip non-SSH RP IDs */
896 if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0)
897 continue;
898
899 fido_credman_rk_free(&rk);
900 if ((rk = fido_credman_rk_new()) == NULL) {
901 skdebug(__func__, "alloc rk failed");
902 goto out;
903 }
904 if ((r = fido_credman_get_dev_rk(dev, fido_credman_rp_id(rp, i),
905 rk, pin)) != 0) {
906 skdebug(__func__, "get RKs for %s slot %zu failed: %s",
907 devpath, i, fido_strerr(r));
908 goto out;
909 }
910 nrk = fido_credman_rk_count(rk);
911 skdebug(__func__, "RP \"%s\" has %zu resident keys",
912 fido_credman_rp_id(rp, i), nrk);
913
914 /* Iterate over resident keys for this RP ID */
915 for (j = 0; j < nrk; j++) {
916 if ((cred = fido_credman_rk(rk, j)) == NULL) {
917 skdebug(__func__, "no RK in slot %zu", j);
918 continue;
919 }
920 skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
921 "type %d", devpath, fido_credman_rp_id(rp, i), j,
922 fido_cred_type(cred));
923
924 /* build response entry */
925 if ((srk = calloc(1, sizeof(*srk))) == NULL ||
926 (srk->key.key_handle = calloc(1,
927 fido_cred_id_len(cred))) == NULL ||
928 (srk->application = strdup(fido_credman_rp_id(rp,
929 i))) == NULL) {
930 skdebug(__func__, "alloc sk_resident_key");
931 goto out;
932 }
933
934 srk->key.key_handle_len = fido_cred_id_len(cred);
935 memcpy(srk->key.key_handle,
936 fido_cred_id_ptr(cred),
937 srk->key.key_handle_len);
938
939 switch (fido_cred_type(cred)) {
940 case COSE_ES256:
941 srk->alg = SSH_SK_ECDSA;
942 break;
943 case COSE_EDDSA:
944 srk->alg = SSH_SK_ED25519;
945 break;
946 default:
947 skdebug(__func__, "unsupported key type %d",
948 fido_cred_type(cred));
949 goto out; /* XXX free rk and continue */
950 }
951
952 if ((r = pack_public_key(srk->alg, cred,
953 &srk->key)) != 0) {
954 skdebug(__func__, "pack public key failed");
955 goto out;
956 }
957 /* append */
958 if ((tmp = recallocarray(*rksp, *nrksp, (*nrksp) + 1,
959 sizeof(**rksp))) == NULL) {
960 skdebug(__func__, "alloc rksp");
961 goto out;
962 }
963 *rksp = tmp;
964 (*rksp)[(*nrksp)++] = srk;
965 srk = NULL;
966 }
967 }
968 /* Success */
969 ret = 0;
970 out:
971 if (srk != NULL) {
972 free(srk->application);
973 freezero(srk->key.public_key, srk->key.public_key_len);
974 freezero(srk->key.key_handle, srk->key.key_handle_len);
975 freezero(srk, sizeof(*srk));
976 }
977 fido_credman_rp_free(&rp);
978 fido_credman_rk_free(&rk);
979 fido_dev_close(dev);
980 fido_dev_free(&dev);
981 fido_credman_metadata_free(&metadata);
982 return ret;
983 }
984
985 int
sk_load_resident_keys(const char * pin,struct sk_option ** options,struct sk_resident_key *** rksp,size_t * nrksp)986 sk_load_resident_keys(const char *pin, struct sk_option **options,
987 struct sk_resident_key ***rksp, size_t *nrksp)
988 {
989 int ret = SSH_SK_ERR_GENERAL, r = -1;
990 fido_dev_info_t *devlist = NULL;
991 size_t i, ndev = 0, nrks = 0;
992 const fido_dev_info_t *di;
993 struct sk_resident_key **rks = NULL;
994 char *device = NULL;
995 *rksp = NULL;
996 *nrksp = 0;
997
998 if (check_sign_load_resident_options(options, &device) != 0)
999 goto out; /* error already logged */
1000 if (device != NULL) {
1001 skdebug(__func__, "trying %s", device);
1002 if ((r = read_rks(device, pin, &rks, &nrks)) != 0) {
1003 skdebug(__func__, "read_rks failed for %s", device);
1004 ret = r;
1005 goto out;
1006 }
1007 } else {
1008 /* Try all devices */
1009 if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
1010 skdebug(__func__, "fido_dev_info_new failed");
1011 goto out;
1012 }
1013 if ((r = fido_dev_info_manifest(devlist,
1014 MAX_FIDO_DEVICES, &ndev)) != FIDO_OK) {
1015 skdebug(__func__, "fido_dev_info_manifest failed: %s",
1016 fido_strerr(r));
1017 goto out;
1018 }
1019 for (i = 0; i < ndev; i++) {
1020 if ((di = fido_dev_info_ptr(devlist, i)) == NULL) {
1021 skdebug(__func__, "no dev info at %zu", i);
1022 continue;
1023 }
1024 skdebug(__func__, "trying %s", fido_dev_info_path(di));
1025 if ((r = read_rks(fido_dev_info_path(di), pin,
1026 &rks, &nrks)) != 0) {
1027 skdebug(__func__, "read_rks failed for %s",
1028 fido_dev_info_path(di));
1029 /* remember last error */
1030 ret = r;
1031 continue;
1032 }
1033 }
1034 }
1035 /* success, unless we have no keys but a specific error */
1036 if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
1037 ret = 0;
1038 *rksp = rks;
1039 *nrksp = nrks;
1040 rks = NULL;
1041 nrks = 0;
1042 out:
1043 free(device);
1044 for (i = 0; i < nrks; i++) {
1045 free(rks[i]->application);
1046 freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
1047 freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
1048 freezero(rks[i], sizeof(*rks[i]));
1049 }
1050 free(rks);
1051 fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
1052 return ret;
1053 }
1054
1055 #endif /* ENABLE_SK_INTERNAL */
1056