1 /* $OpenBSD: ssh-sk-client.c,v 1.9 2021/04/03 06:18:41 djm Exp $ */
3 * Copyright (c) 2019 Google LLC
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/types.h>
21 #include <sys/socket.h>
40 #include "pathnames.h"
44 /* #define DEBUG_SK 1 */
47 start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
49 void (*osigchld)(int);
52 char *helper, *verbosity = NULL;
58 helper = getenv("SSH_SK_HELPER");
59 if (helper == NULL || strlen(helper) == 0)
60 helper = _PATH_SSH_SK_HELPER;
61 if (access(helper, X_OK) != 0) {
63 error_f("helper \"%s\" unusable: %s", helper, strerror(errno));
65 return SSH_ERR_SYSTEM_ERROR;
72 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
73 error("socketpair: %s", strerror(errno));
74 return SSH_ERR_SYSTEM_ERROR;
76 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
77 if ((pid = fork()) == -1) {
79 error("fork: %s", strerror(errno));
82 ssh_signal(SIGCHLD, osigchld);
84 return SSH_ERR_SYSTEM_ERROR;
87 if ((dup2(pair[1], STDIN_FILENO) == -1) ||
88 (dup2(pair[1], STDOUT_FILENO) == -1)) {
89 error_f("dup2: %s", strerror(errno));
94 closefrom(STDERR_FILENO + 1);
95 debug_f("starting %s %s", helper,
96 verbosity == NULL ? "" : verbosity);
97 execlp(helper, helper, verbosity, (char *)NULL);
98 error_f("execlp: %s", strerror(errno));
104 debug3_f("started pid=%ld", (long)pid);
107 *osigchldp = osigchld;
112 reap_helper(pid_t pid)
116 debug3_f("pid=%ld", (long)pid);
119 while (waitpid(pid, &status, 0) == -1) {
120 if (errno == EINTR) {
125 error_f("waitpid: %s", strerror(errno));
127 return SSH_ERR_SYSTEM_ERROR;
129 if (!WIFEXITED(status)) {
130 error_f("helper exited abnormally");
131 return SSH_ERR_AGENT_FAILURE;
132 } else if (WEXITSTATUS(status) != 0) {
133 error_f("helper exited with non-zero exit status");
134 return SSH_ERR_AGENT_FAILURE;
140 client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
142 int oerrno, fd, r2, ll, r = SSH_ERR_INTERNAL_ERROR;
146 void (*osigchld)(int);
147 struct sshbuf *req = NULL, *resp = NULL;
150 if ((r = start_helper(&fd, &pid, &osigchld)) != 0)
153 if ((req = sshbuf_new()) == NULL || (resp = sshbuf_new()) == NULL) {
154 r = SSH_ERR_ALLOC_FAIL;
157 /* Request preamble: type, log_on_stderr, log_level */
158 ll = log_level_get();
159 if ((r = sshbuf_put_u32(req, type)) != 0 ||
160 (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
161 (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
162 (r = sshbuf_putb(req, msg)) != 0) {
163 error_fr(r, "compose");
166 if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) {
170 if ((r = ssh_msg_recv(fd, resp)) != 0) {
171 error_fr(r, "receive");
174 if ((r = sshbuf_get_u8(resp, &version)) != 0) {
175 error_fr(r, "parse version");
178 if (version != SSH_SK_HELPER_VERSION) {
179 error_f("unsupported version: got %u, expected %u",
180 version, SSH_SK_HELPER_VERSION);
181 r = SSH_ERR_INVALID_FORMAT;
184 if ((r = sshbuf_get_u32(resp, &rtype)) != 0) {
185 error_fr(r, "parse message type");
188 if (rtype == SSH_SK_HELPER_ERROR) {
189 if ((r = sshbuf_get_u32(resp, &rerr)) != 0) {
190 error_fr(r, "parse");
193 debug_f("helper returned error -%u", rerr);
194 /* OpenSSH error values are negative; encoded as -err on wire */
195 if (rerr == 0 || rerr >= INT_MAX)
196 r = SSH_ERR_INTERNAL_ERROR;
200 } else if (rtype != type) {
201 error_f("helper returned incorrect message type %u, "
202 "expecting %u", rtype, type);
203 r = SSH_ERR_INTERNAL_ERROR;
211 if ((r2 = reap_helper(pid)) != 0) {
223 ssh_signal(SIGCHLD, osigchld);
230 sshsk_sign(const char *provider, struct sshkey *key,
231 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
232 u_int compat, const char *pin)
234 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
236 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
242 return SSH_ERR_KEY_TYPE_UNKNOWN;
245 if ((kbuf = sshbuf_new()) == NULL ||
246 (req = sshbuf_new()) == NULL) {
247 r = SSH_ERR_ALLOC_FAIL;
251 if ((r = sshkey_private_serialize(key, kbuf)) != 0) {
252 error_fr(r, "encode key");
255 if ((r = sshbuf_put_stringb(req, kbuf)) != 0 ||
256 (r = sshbuf_put_cstring(req, provider)) != 0 ||
257 (r = sshbuf_put_string(req, data, datalen)) != 0 ||
258 (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */
259 (r = sshbuf_put_u32(req, compat)) != 0 ||
260 (r = sshbuf_put_cstring(req, pin)) != 0) {
261 error_fr(r, "compose");
265 if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
266 SSH_FP_DEFAULT)) == NULL) {
267 error_f("sshkey_fingerprint failed");
268 r = SSH_ERR_ALLOC_FAIL;
271 if ((r = client_converse(req, &resp, SSH_SK_HELPER_SIGN)) != 0)
274 if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) {
275 error_fr(r, "parse signature");
276 r = SSH_ERR_INVALID_FORMAT;
279 if (sshbuf_len(resp) != 0) {
280 error_f("trailing data in response");
281 r = SSH_ERR_INVALID_FORMAT;
289 freezero(*sigp, *lenp);
301 sshsk_enroll(int type, const char *provider_path, const char *device,
302 const char *application, const char *userid, uint8_t flags,
303 const char *pin, struct sshbuf *challenge_buf,
304 struct sshkey **keyp, struct sshbuf *attest)
306 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
307 struct sshbuf *kbuf = NULL, *abuf = NULL, *req = NULL, *resp = NULL;
308 struct sshkey *key = NULL;
312 sshbuf_reset(attest);
315 return SSH_ERR_KEY_TYPE_UNKNOWN;
319 return SSH_ERR_INVALID_ARGUMENT;
321 if ((abuf = sshbuf_new()) == NULL ||
322 (kbuf = sshbuf_new()) == NULL ||
323 (req = sshbuf_new()) == NULL) {
324 r = SSH_ERR_ALLOC_FAIL;
328 if ((r = sshbuf_put_u32(req, (u_int)type)) != 0 ||
329 (r = sshbuf_put_cstring(req, provider_path)) != 0 ||
330 (r = sshbuf_put_cstring(req, device)) != 0 ||
331 (r = sshbuf_put_cstring(req, application)) != 0 ||
332 (r = sshbuf_put_cstring(req, userid)) != 0 ||
333 (r = sshbuf_put_u8(req, flags)) != 0 ||
334 (r = sshbuf_put_cstring(req, pin)) != 0 ||
335 (r = sshbuf_put_stringb(req, challenge_buf)) != 0) {
336 error_fr(r, "compose");
340 if ((r = client_converse(req, &resp, SSH_SK_HELPER_ENROLL)) != 0)
343 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
344 (r = sshbuf_get_stringb(resp, abuf)) != 0) {
345 error_fr(r, "parse");
346 r = SSH_ERR_INVALID_FORMAT;
349 if (sshbuf_len(resp) != 0) {
350 error_f("trailing data in response");
351 r = SSH_ERR_INVALID_FORMAT;
354 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
355 error_fr(r, "encode");
358 if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) {
359 error_fr(r, "encode attestation information");
379 sshsk_load_resident(const char *provider_path, const char *device,
380 const char *pin, struct sshkey ***keysp, size_t *nkeysp)
382 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
383 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
384 struct sshkey *key = NULL, **keys = NULL, **tmp;
390 if ((resp = sshbuf_new()) == NULL ||
391 (kbuf = sshbuf_new()) == NULL ||
392 (req = sshbuf_new()) == NULL) {
393 r = SSH_ERR_ALLOC_FAIL;
397 if ((r = sshbuf_put_cstring(req, provider_path)) != 0 ||
398 (r = sshbuf_put_cstring(req, device)) != 0 ||
399 (r = sshbuf_put_cstring(req, pin)) != 0) {
400 error_fr(r, "compose");
404 if ((r = client_converse(req, &resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
407 while (sshbuf_len(resp) != 0) {
409 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
410 (r = sshbuf_get_cstring(resp, NULL, NULL)) != 0) {
411 error_fr(r, "parse signature");
412 r = SSH_ERR_INVALID_FORMAT;
415 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
416 error_fr(r, "decode key");
419 if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
420 sizeof(*keys))) == NULL) {
421 error_f("recallocarray keys failed");
424 debug_f("keys[%zu]: %s %s", nkeys, sshkey_type(key),
425 key->sk_application);
439 for (i = 0; i < nkeys; i++)
440 sshkey_free(keys[i]);