upstream: Implement missing pieces of FIDO/webauthn signature support,

mostly related to certificate handling and enable acceptance of this
signature format by default.  bz3748 GHPR624 GHPR625

Feedback tb / James Zhang; ok tb

OpenBSD-Commit-ID: ce3327b508086b24a3f7a6507aa5c49d8e9505e6

diff --git a/myproposal.h b/myproposal.h
index 8fe9276c21f9351c70ec57ad298583f9f3a80cfc..d992d8b12db051bcd8d9c7d6c8c1c6958d61792c 100644 (file)
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.77 2024/12/02 14:06:42 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.78 2026/02/05 22:05:49 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -47,6 +47,7 @@
        "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
        "sk-ssh-ed25519-cert-v01@openssh.com," \
        "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
+       "webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
        "rsa-sha2-512-cert-v01@openssh.com," \
        "rsa-sha2-256-cert-v01@openssh.com," \
        "ssh-ed25519," \
@@ -55,6 +56,7 @@
        "ecdsa-sha2-nistp521," \
        "sk-ssh-ed25519@openssh.com," \
        "sk-ecdsa-sha2-nistp256@openssh.com," \
+       "webauthn-sk-ecdsa-sha2-nistp256@openssh.com," \
        "rsa-sha2-512," \
        "rsa-sha2-256"
 
@@ -87,6 +89,7 @@
        "ecdsa-sha2-nistp521," \
        "sk-ssh-ed25519@openssh.com," \
        "sk-ecdsa-sha2-nistp256@openssh.com," \
+       "webauthn-sk-ecdsa-sha2-nistp256@openssh.com," \
        "rsa-sha2-512," \
        "rsa-sha2-256"
 

diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c
index 3588b11a4a8b469c071cc8664880775d28a350fd..9be9e6b48833d52b33234e3f4817cb8fa0488933 100644 (file)
--- a/ssh-ecdsa-sk.c
+++ b/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa-sk.c,v 1.19 2024/08/15 00:51:51 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa-sk.c,v 1.20 2026/02/05 22:05:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -273,7 +273,9 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
                ret = SSH_ERR_INVALID_FORMAT;
                goto out;
        }
-       if (strcmp(ktype, "webauthn-sk-ecdsa-sha2-nistp256@openssh.com") == 0)
+       if (strcmp(ktype, "webauthn-sk-ecdsa-sha2-nistp256@openssh.com") == 0 ||
+           strcmp(ktype, "webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com")
+             == 0)
                is_webauthn = 1;
        else if (strcmp(ktype, "sk-ecdsa-sha2-nistp256@openssh.com") != 0) {
                ret = SSH_ERR_INVALID_FORMAT;
@@ -489,4 +491,16 @@ const struct sshkey_impl sshkey_ecdsa_sk_webauthn_impl = {
        /* .funcs = */          &sshkey_ecdsa_sk_funcs,
 };
 
+const struct sshkey_impl sshkey_ecdsa_sk_webauthn_cert_impl = {
+       /* .name = */           "webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
+       /* .shortname = */      "ECDSA-SK-CERT",
+       /* .sigalg = */         NULL,
+       /* .type = */           KEY_ECDSA_SK_CERT,
+       /* .nid = */            NID_X9_62_prime256v1,
+       /* .cert = */           1,
+       /* .sigonly = */        1,
+       /* .keybits = */        256,
+       /* .funcs = */          &sshkey_ecdsa_sk_funcs,
+};
+
 #endif /* OPENSSL_HAS_ECC */

diff --git a/ssh_config.5 b/ssh_config.5
index f7066cbaab78f8ebf8d485db698f080a9bc16efb..6e9bde1acf467507ab97a8af12241fa5789b0436 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.420 2025/10/04 21:41:35 naddy Exp $
-.Dd $Mdocdate: October 4 2025 $
+.\" $OpenBSD: ssh_config.5,v 1.421 2026/02/05 22:05:49 djm Exp $
+.Dd $Mdocdate: February 5 2026 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1020,12 +1020,14 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
@@ -1066,11 +1068,13 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com
 sk-ssh-ed25519@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
@@ -1689,12 +1693,14 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp

diff --git a/sshconnect2.c b/sshconnect2.c
index 53e1f197de8315eaab768282ef4a4dca0f8e933f..5e99d293fd5e59a6c5f1844464e7cdcbe0b81301 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.379 2026/01/21 23:58:20 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.380 2026/02/05 22:05:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1273,7 +1273,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
         * PKCS#11 tokens may not support all signature algorithms,
         * so check what we get back.
         */
-       if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
+       if ((id->key->flags & SSHKEY_FLAG_EXT) != 0 &&
+           (r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
                debug_fr(r, "sshkey_check_sigtype");
                goto out;
        }

diff --git a/sshd_config.5 b/sshd_config.5
index 80cb2cecbd8847d98e2f24d35826c05cb6fdaa41..e0e23a77f46c7492730ae916636c662e9a6f2e77 100644 (file)
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.393 2026/01/22 15:30:07 millert Exp $
-.Dd $Mdocdate: January 22 2026 $
+.\" $OpenBSD: sshd_config.5,v 1.394 2026/02/05 22:05:49 djm Exp $
+.Dd $Mdocdate: February 5 2026 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -788,12 +788,14 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
@@ -872,12 +874,14 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
@@ -1738,12 +1742,14 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
+webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
 rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp

diff --git a/sshkey.c b/sshkey.c
index 51706533206fa94d749a8fa99b1e37a16f538919..96c4c6c07ca468a5ac6ae86ac1aa540f9065b9c9 100644 (file)
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.159 2025/12/22 01:49:03 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.160 2026/02/05 22:05:49 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -96,6 +96,7 @@ extern const struct sshkey_impl sshkey_ed25519_sk_cert_impl;
 extern const struct sshkey_impl sshkey_ecdsa_sk_impl;
 extern const struct sshkey_impl sshkey_ecdsa_sk_cert_impl;
 extern const struct sshkey_impl sshkey_ecdsa_sk_webauthn_impl;
+extern const struct sshkey_impl sshkey_ecdsa_sk_webauthn_cert_impl;
 #  endif /* ENABLE_SK */
 extern const struct sshkey_impl sshkey_ecdsa_nistp256_impl;
 extern const struct sshkey_impl sshkey_ecdsa_nistp256_cert_impl;
@@ -135,6 +136,7 @@ const struct sshkey_impl * const keyimpls[] = {
        &sshkey_ecdsa_sk_impl,
        &sshkey_ecdsa_sk_cert_impl,
        &sshkey_ecdsa_sk_webauthn_impl,
+       &sshkey_ecdsa_sk_webauthn_cert_impl,
 #  endif /* ENABLE_SK */
 # endif /* OPENSSL_HAS_ECC */
        &sshkey_rsa_impl,
@@ -300,6 +302,17 @@ sshkey_match_keyname_to_sigalgs(const char *keyname, const char *sigalgs)
                    sigalgs, 0) == 1 ||
                    match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
                    sigalgs, 0) == 1;
+       } else if (ktype == KEY_ECDSA_SK) {
+               return match_pattern_list("sk-ecdsa-sha2-nistp256@openssh.com",
+                   sigalgs, 0) == 1 || match_pattern_list(
+                   "webauthn-sk-ecdsa-sha2-nistp256@openssh.com",
+                   sigalgs, 0) == 1;
+       } else if (ktype == KEY_ECDSA_SK_CERT) {
+               return match_pattern_list(
+                   "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
+                   sigalgs, 0) == 1 || match_pattern_list(
+                   "webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
+                   sigalgs, 0) == 1;
        } else
                return match_pattern_list(keyname, sigalgs, 0) == 1;
 }