summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
Commit message (Collapse)AuthorAgeFilesLines
...
* upstream: Request PIN ahead of time for certain FIDO actionsdjm@openbsd.org2020-08-271-18/+20
| | | | | | | | | | When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727
* upstream: major rework of FIDO token selection logicdjm@openbsd.org2020-08-271-1/+6
| | | | | | | | | | | | | | | | | | | | | | When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@ OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-16/+39
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: ensure that certificate extensions are lexically sorted.djm@openbsd.org2020-08-031-67/+85
| | | | | | | Previously if the user specified a custom extension then the everything would be in order except the custom ones. bz3198 ok dtucker markus OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
* upstream: - Add [-a rounds] in ssh-keygen man page and usage() -solene@openbsd.org2020-07-171-7/+8
| | | | | | | | | Reorder parameters list in the first usage() case - Sentence rewording ok dtucker@ jmc@ noticed usage() missed -a flag too OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
* upstream: Defer creation of ~/.ssh by ssh(1) until we attempt todtucker@openbsd.org2020-06-261-17/+4
| | | | | | | | write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@ OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
* upstream: fix exit status for downloading of FIDO resident keys;djm@openbsd.org2020-05-291-4/+4
| | | | | | from Pedro Martelletto, ok markus@ OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef
* upstream: avoid possible NULL deref; from Pedro Martellettodjm@openbsd.org2020-05-271-3/+5
| | | | OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721
* upstream: preserve group/world read permission on known_hostsdjm@openbsd.org2020-05-271-1/+5
| | | | | | | file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@ OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
* upstream: we have a sshkey_save_public() function to save public keys;djm@openbsd.org2020-05-021-49/+18
| | | | | | | | use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@ OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
* upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org2020-05-011-4/+5
| | | | | | ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
* upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org2020-04-201-10/+14
| | | | | | | fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
* upstream: repair private key fingerprint printing to also printdjm@openbsd.org2020-04-171-9/+8
| | | | | | | comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
* upstream: give ssh-keygen the ability to dump the contents of adjm@openbsd.org2020-04-031-4/+6
| | | | | | binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
* upstream: spelling errors in comments; no code change fromdjm@openbsd.org2020-03-141-2/+2
| | | | OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
* upstream: when downloading FIDO2 resident keys from a token, don'tdjm@openbsd.org2020-03-141-8/+15
| | | | | | | | prompt for a PIN until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@ OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
* upstream: fix use-after-free in do_download_sk; ok djmmarkus@openbsd.org2020-03-131-2/+2
| | | | OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
* upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djmmarkus@openbsd.org2020-03-131-1/+4
| | | | OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc
* upstream: no-touch-required certificate option should be andjm@openbsd.org2020-02-281-2/+2
| | | | | | extension, not a critical option. OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-17/+9
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow moredjm@openbsd.org2020-02-071-6/+12
| | | | | | | than the intended number of prompts (3) and 2) it would SEGV too many incorrect PINs were entered; based on patch by Gabriel Kihlman OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-071-5/+5
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: require FIDO application strings to start with "ssh:"; okdjm@openbsd.org2020-02-041-1/+5
| | | | | | markus@ OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
* upstream: changes to support FIDO attestationdjm@openbsd.org2020-01-291-3/+33
| | | | | | | | | | | | | | | Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@ OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
* upstream: improve the error message for u2f enrollment errors bydjm@openbsd.org2020-01-261-2/+2
| | | | | | | | | | | | | making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@ OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
* upstream: factor out reading/writing sshbufs to dedicateddjm@openbsd.org2020-01-261-38/+10
| | | | | | functions; feedback and ok markus@ OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
* Put EC key export inside OPENSSL_HAS_ECC.Darren Tucker2020-01-251-0/+2
| | | | | Fixes link error when building against an OpenSSL that does not have ECC.
* upstream: expose PKCS#11 key labels/X.509 subjects as commentsdjm@openbsd.org2020-01-251-5/+9
| | | | | | | | | | | | | Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@ OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
* upstream: minor tweaks to ssh-keygen -Y find-principals:djm@openbsd.org2020-01-251-11/+21
| | | | | | | | | | | | emit matched principals one per line to stdout rather than as comma- separated and with a free-text preamble (easy confusion opportunity) emit "not found" error to stderr fix up argument testing for -Y operations and improve error message for unsupported operations OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
* upstream: when signing a certificate with an RSA key, default todjm@openbsd.org2020-01-251-5/+9
| | | | | | | a safe signature algorithm (rsa-sha-512) if not is explicitly specified by the user; ok markus@ OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
* upstream: allow PEM export of DSA and ECDSA keys; bz3091, patchdjm@openbsd.org2020-01-251-1/+9
| | | | | | from Jakub Jelen ok markus@ OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51
* upstream: ssh-keygen -Y find-principals fixes based on feedbackdjm@openbsd.org2020-01-251-14/+13
| | | | | | | | | | | | | | | | from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
* upstream: remove trailing period characters from pub/priv keydjm@openbsd.org2020-01-231-3/+3
| | | | | | | pathnames - they make them needlessly more difficult to cut and paste without error; ok markus@ & dtucker@ OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a
* upstream: add a new signature operations "find-principal" to lookdjm@openbsd.org2020-01-231-9/+75
| | | | | | | up the principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@ OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
* upstream: For ssh-keygen -lF only add a space after key fingerprintclaudio@openbsd.org2020-01-221-3/+5
| | | | | | | when there is a comment. This makes copy-paste of fingerprints into ssh easier. OK djm@ OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd
* upstream: don't #ifdef out the KRL code when compiling withoutdjm@openbsd.org2020-01-211-9/+1
| | | | | | | libcrypto support; it works just fine and disabling it breaks a few tests. ok dtucker@ OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
* upstream: sync ssh-keygen.1 and ssh-keygen's usage() with eachnaddy@openbsd.org2020-01-211-6/+5
| | | | | | other and reality ok markus@ OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
* upstream: Extends the SK API to accept a set of key/value optionsdjm@openbsd.org2020-01-061-12/+27
| | | | | | | | | | | | | | | | | | | | for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
* upstream: ability to download FIDO2 resident keys from a token viadjm@openbsd.org2020-01-031-61/+163
| | | | | | | | | | | "ssh-keygen -K". This will save public/private keys into the current directory. This is handy if you move a token between hosts. feedback & ok markus@ OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6
* upstream: Remove the -x option currently used fordjm@openbsd.org2019-12-301-23/+22
| | | | | | | | FIDO/U2F-specific key flags. Instead these flags may be specified via -O. ok markus@ OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1
* upstream: translate and return error codes; retry on bad PINdjm@openbsd.org2019-12-301-11/+21
| | | | | | | | | | | | Define some well-known error codes in the SK API and pass them back via ssh-sk-helper. Use the new "wrong PIN" error code to retry PIN prompting during ssh-keygen of resident keys. feedback and ok markus@ OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
* upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org2019-12-301-2/+2
| | | | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
* upstream: basic support for generating FIDO2 resident keysdjm@openbsd.org2019-12-301-1/+3
| | | | | | | | | "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a device-resident key. feedback and ok markus@ OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
* upstream: remove single-letter flags for moduli optionsdjm@openbsd.org2019-12-301-99/+150
| | | | | | | | | | | | | Move all moduli generation options to live under the -O flag. Frees up seven single-letter flags. NB. this change break existing ssh-keygen commandline syntax for moduli- related operations. Very few people use these fortunately. feedback and ok markus@ OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935
* upstream: prepare for use of ssh-keygen -O flag beyond certsdjm@openbsd.org2019-12-301-3/+8
| | | | | | | | | | | | Move list of available certificate options in ssh-keygen.1 to the CERTIFICATES section. Collect options specified by -O but delay parsing/validation of certificate options until we're sure that we're acting as a CA. ok markus@ OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106
* remove a bunch of ENABLE_SK #ifdefsDamien Miller2019-12-141-4/+0
| | | | | | | | | | | The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
* upstream: when acting as a CA and using a security key as the CAdjm@openbsd.org2019-12-111-4/+16
| | | | | | key, remind the user to touch they key to authorise the signature. OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1
* upstream: Print a key touch reminder when generating a securitydjm@openbsd.org2019-11-251-1/+6
| | | | | | key. Most keys require a touch to authorize the operation. OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68
* upstream: allow "ssh-keygen -x no-touch-required" when generating adjm@openbsd.org2019-11-251-13/+15
| | | | | | | | | security key keypair to request one that does not require a touch for each authentication attempt. The default remains to require touch. feedback deraadt; ok markus@ OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
* upstream: add a "no-touch-required" option for authorized_keys anddjm@openbsd.org2019-11-251-8/+17
| | | | | | | | | | a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
View Lorry Controller Status