1 /* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */
3 * Copyright (c) 2019 Google LLC
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/types.h>
21 #include <sys/socket.h>
40 #include "pathnames.h"
44 /* #define DEBUG_SK 1 */
47 start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
49 void (*osigchld)(int);
52 char *helper, *verbosity = NULL;
58 helper = getenv("SSH_SK_HELPER");
59 if (helper == NULL || strlen(helper) == 0)
60 helper = _PATH_SSH_SK_HELPER;
61 if (access(helper, X_OK) != 0) {
63 error_f("helper \"%s\" unusable: %s", helper, strerror(errno));
65 return SSH_ERR_SYSTEM_ERROR;
72 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
73 error("socketpair: %s", strerror(errno));
74 return SSH_ERR_SYSTEM_ERROR;
76 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
77 if ((pid = fork()) == -1) {
79 error("fork: %s", strerror(errno));
82 ssh_signal(SIGCHLD, osigchld);
84 return SSH_ERR_SYSTEM_ERROR;
87 if ((dup2(pair[1], STDIN_FILENO) == -1) ||
88 (dup2(pair[1], STDOUT_FILENO) == -1)) {
89 error_f("dup2: %s", strerror(errno));
94 closefrom(STDERR_FILENO + 1);
95 debug_f("starting %s %s", helper,
96 verbosity == NULL ? "" : verbosity);
97 execlp(helper, helper, verbosity, (char *)NULL);
98 error_f("execlp: %s", strerror(errno));
104 debug3_f("started pid=%ld", (long)pid);
107 *osigchldp = osigchld;
112 reap_helper(pid_t pid)
116 debug3_f("pid=%ld", (long)pid);
119 while (waitpid(pid, &status, 0) == -1) {
120 if (errno == EINTR) {
125 error_f("waitpid: %s", strerror(errno));
127 return SSH_ERR_SYSTEM_ERROR;
129 if (!WIFEXITED(status)) {
130 error_f("helper exited abnormally");
131 return SSH_ERR_AGENT_FAILURE;
132 } else if (WEXITSTATUS(status) != 0) {
133 error_f("helper exited with non-zero exit status");
134 return SSH_ERR_AGENT_FAILURE;
140 client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
142 int oerrno, fd, r2, ll, r = SSH_ERR_INTERNAL_ERROR;
146 void (*osigchld)(int);
147 struct sshbuf *req = NULL, *resp = NULL;
150 if ((r = start_helper(&fd, &pid, &osigchld)) != 0)
153 if ((req = sshbuf_new()) == NULL || (resp = sshbuf_new()) == NULL) {
154 r = SSH_ERR_ALLOC_FAIL;
157 /* Request preamble: type, log_on_stderr, log_level */
158 ll = log_level_get();
159 if ((r = sshbuf_put_u32(req, type)) != 0 ||
160 (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
161 (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
162 (r = sshbuf_putb(req, msg)) != 0) {
163 error_fr(r, "compose");
166 if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) {
170 if ((r = ssh_msg_recv(fd, resp)) != 0) {
171 error_fr(r, "receive");
174 if ((r = sshbuf_get_u8(resp, &version)) != 0) {
175 error_fr(r, "parse version");
178 if (version != SSH_SK_HELPER_VERSION) {
179 error_f("unsupported version: got %u, expected %u",
180 version, SSH_SK_HELPER_VERSION);
181 r = SSH_ERR_INVALID_FORMAT;
184 if ((r = sshbuf_get_u32(resp, &rtype)) != 0) {
185 error_fr(r, "parse message type");
188 if (rtype == SSH_SK_HELPER_ERROR) {
189 if ((r = sshbuf_get_u32(resp, &rerr)) != 0) {
190 error_fr(r, "parse");
193 debug_f("helper returned error -%u", rerr);
194 /* OpenSSH error values are negative; encoded as -err on wire */
195 if (rerr == 0 || rerr >= INT_MAX)
196 r = SSH_ERR_INTERNAL_ERROR;
200 } else if (rtype != type) {
201 error_f("helper returned incorrect message type %u, "
202 "expecting %u", rtype, type);
203 r = SSH_ERR_INTERNAL_ERROR;
211 if ((r2 = reap_helper(pid)) != 0) {
223 ssh_signal(SIGCHLD, osigchld);
230 sshsk_sign(const char *provider, struct sshkey *key,
231 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
232 u_int compat, const char *pin)
234 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
235 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
241 return SSH_ERR_KEY_TYPE_UNKNOWN;
244 if ((kbuf = sshbuf_new()) == NULL ||
245 (req = sshbuf_new()) == NULL) {
246 r = SSH_ERR_ALLOC_FAIL;
250 if ((r = sshkey_private_serialize(key, kbuf)) != 0) {
251 error_fr(r, "encode key");
254 if ((r = sshbuf_put_stringb(req, kbuf)) != 0 ||
255 (r = sshbuf_put_cstring(req, provider)) != 0 ||
256 (r = sshbuf_put_string(req, data, datalen)) != 0 ||
257 (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */
258 (r = sshbuf_put_u32(req, compat)) != 0 ||
259 (r = sshbuf_put_cstring(req, pin)) != 0) {
260 error_fr(r, "compose");
264 if ((r = client_converse(req, &resp, SSH_SK_HELPER_SIGN)) != 0)
267 if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) {
268 error_fr(r, "parse signature");
269 r = SSH_ERR_INVALID_FORMAT;
272 if (sshbuf_len(resp) != 0) {
273 error_f("trailing data in response");
274 r = SSH_ERR_INVALID_FORMAT;
282 freezero(*sigp, *lenp);
294 sshsk_enroll(int type, const char *provider_path, const char *device,
295 const char *application, const char *userid, uint8_t flags,
296 const char *pin, struct sshbuf *challenge_buf,
297 struct sshkey **keyp, struct sshbuf *attest)
299 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
300 struct sshbuf *kbuf = NULL, *abuf = NULL, *req = NULL, *resp = NULL;
301 struct sshkey *key = NULL;
305 sshbuf_reset(attest);
308 return SSH_ERR_KEY_TYPE_UNKNOWN;
312 return SSH_ERR_INVALID_ARGUMENT;
314 if ((abuf = sshbuf_new()) == NULL ||
315 (kbuf = sshbuf_new()) == NULL ||
316 (req = sshbuf_new()) == NULL) {
317 r = SSH_ERR_ALLOC_FAIL;
321 if ((r = sshbuf_put_u32(req, (u_int)type)) != 0 ||
322 (r = sshbuf_put_cstring(req, provider_path)) != 0 ||
323 (r = sshbuf_put_cstring(req, device)) != 0 ||
324 (r = sshbuf_put_cstring(req, application)) != 0 ||
325 (r = sshbuf_put_cstring(req, userid)) != 0 ||
326 (r = sshbuf_put_u8(req, flags)) != 0 ||
327 (r = sshbuf_put_cstring(req, pin)) != 0 ||
328 (r = sshbuf_put_stringb(req, challenge_buf)) != 0) {
329 error_fr(r, "compose");
333 if ((r = client_converse(req, &resp, SSH_SK_HELPER_ENROLL)) != 0)
336 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
337 (r = sshbuf_get_stringb(resp, abuf)) != 0) {
338 error_fr(r, "parse");
339 r = SSH_ERR_INVALID_FORMAT;
342 if (sshbuf_len(resp) != 0) {
343 error_f("trailing data in response");
344 r = SSH_ERR_INVALID_FORMAT;
347 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
348 error_fr(r, "encode");
351 if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) {
352 error_fr(r, "encode attestation information");
372 sshsk_free_resident_key(struct sshsk_resident_key *srk)
376 sshkey_free(srk->key);
377 freezero(srk->user_id, srk->user_id_len);
383 sshsk_free_resident_keys(struct sshsk_resident_key **srks, size_t nsrks)
387 if (srks == NULL || nsrks == 0)
390 for (i = 0; i < nsrks; i++)
391 sshsk_free_resident_key(srks[i]);
396 sshsk_load_resident(const char *provider_path, const char *device,
397 const char *pin, u_int flags, struct sshsk_resident_key ***srksp,
400 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
401 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
402 struct sshkey *key = NULL;
403 struct sshsk_resident_key *srk = NULL, **srks = NULL, **tmp;
404 u_char *userid = NULL;
405 size_t userid_len = 0, nsrks = 0;
410 if ((kbuf = sshbuf_new()) == NULL ||
411 (req = sshbuf_new()) == NULL) {
412 r = SSH_ERR_ALLOC_FAIL;
416 if ((r = sshbuf_put_cstring(req, provider_path)) != 0 ||
417 (r = sshbuf_put_cstring(req, device)) != 0 ||
418 (r = sshbuf_put_cstring(req, pin)) != 0 ||
419 (r = sshbuf_put_u32(req, flags)) != 0) {
420 error_fr(r, "compose");
424 if ((r = client_converse(req, &resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
427 while (sshbuf_len(resp) != 0) {
428 /* key, comment, user_id */
429 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
430 (r = sshbuf_get_cstring(resp, NULL, NULL)) != 0 ||
431 (r = sshbuf_get_string(resp, &userid, &userid_len)) != 0) {
432 error_fr(r, "parse");
433 r = SSH_ERR_INVALID_FORMAT;
436 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
437 error_fr(r, "decode key");
440 if ((srk = calloc(1, sizeof(*srk))) == NULL) {
441 error_f("calloc failed");
446 srk->user_id = userid;
447 srk->user_id_len = userid_len;
450 if ((tmp = recallocarray(srks, nsrks, nsrks + 1,
451 sizeof(*srks))) == NULL) {
452 error_f("recallocarray keys failed");
455 debug_f("srks[%zu]: %s %s uidlen %zu", nsrks,
456 sshkey_type(srk->key), srk->key->sk_application,
471 sshsk_free_resident_key(srk);
472 sshsk_free_resident_keys(srks, nsrks);
473 freezero(userid, userid_len);