sk_sign: set FIDO2 uv attribute explicitely for WinHello

WinHello via libfido2 performs user verification by default. However, if we stick to that, there's no way to differentiate between keys created with or without "-O verify-required". Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check if user verification has been requested. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
author: Corinna Vinschen <vinschen@redhat.com> 2022-02-11 14:33:41 +0100
committer: Damien Miller <djm@mindrot.org> 2022-08-05 14:44:03 +1000
commit: 2886975c0ad9244e60dc5e4be34fde3aa573a4b5 (patch)
tree: 08b8b3010c873e9dc13008515989505f56f096eb /sk-usbhid.c
parent: 242c044ab111a37aad3b0775727c36a4c5f0102c (diff)
download: openssh-git-2886975c0ad9244e60dc5e4be34fde3aa573a4b5.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c
index 06bf0e85..a82110ef 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1216,6 +1216,14 @@ sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
 		skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
 		goto out;
 	}
+	/*
+	 * WinHello requests the PIN by default.  Make "uv" request explicit
+	 * to allow keys with and without -O verify-required to make sense.
+	 */
+	if (pin == NULL && fido_dev_is_winhello (sk->dev) &&
+	    (r = fido_assert_set_uv(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
+		skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
+	}
 	if (pin == NULL && (flags & SSH_SK_USER_VERIFICATION_REQD)) {
 		if (check_sk_options(sk->dev, "uv", &internal_uv) < 0 ||
 		    internal_uv != 1) {
author	Corinna Vinschen <vinschen@redhat.com>	2022-02-11 14:33:41 +0100
committer	Damien Miller <djm@mindrot.org>	2022-08-05 14:44:03 +1000
commit	2886975c0ad9244e60dc5e4be34fde3aa573a4b5 (patch)
tree	08b8b3010c873e9dc13008515989505f56f096eb /sk-usbhid.c
parent	242c044ab111a37aad3b0775727c36a4c5f0102c (diff)
download	openssh-git-2886975c0ad9244e60dc5e4be34fde3aa573a4b5.tar.gz