[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Oct 29 22:31:47 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3748

            Bug ID: 3748
           Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com"
                    signature type not supported from ssh agent
           Product: Portable OpenSSH
           Version: 9.7p1
          Hardware: 68k
                OS: Mac OS X
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bmhomer13 at gmail.com

Hi,

A "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type was
added in this commit:
https://github.com/openssh/openssh-portable/commit/bb52e70fa5330070ec9a23069c311d9e277bbd6f

We have an SSH agent which tries to return this webauthn signature type
for an "sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com" cert.

However, this fails with the following output on the client side:

```
debug1: Server accepts key:  ECDSA-SK-CERT
SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0 authenticator agent
debug3: sign_and_send_pubkey: using publickey with ECDSA-SK-CERT
SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0
debug1: sign_and_send_pubkey: no separate private key for certificate
""
debug3: sign_and_send_pubkey: signing using
sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com
SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0
agent key ECDSA-SK-CERT
SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0 returned incorrect
signature type
debug3: sign_and_send_pubkey: signing using
sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com
SHA256:1FFCks/uvL5MVUBOcr8f3mNlLpdaw1Qt1CHA7JNqZp0
sign_and_send_pubkey: signing failed for ECDSA-SK-CERT "" from agent:
signature algorithm not supported
```

This error comes from here:
https://github.com/openssh/openssh-portable/blob/ef7c26cd2f0f9a8222f851d1e551f6dfd3113f8b/sshconnect2.c#L1438

I believe there may be a bug in the `key_sig_algorithm` function
(https://github.com/openssh/openssh-portable/blob/ef7c26cd2f0f9a8222f851d1e551f6dfd3113f8b/sshconnect2.c#L1153)
which assumes that the signature algorithm will only different from the
key algorithm for RSA keys/certs.
However, based on my understanding it should be possible to use
"webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" for
"sk-ecdsa-sha2-nistp256 at openssh.com" keys
(there is an example of this here:
https://github.com/openssh/openssh-portable/blob/master/regress/unittests/sshsig/webauthn.html).

Perhaps I'm missing something here, it would be great if someone could
clarify the current state of webauthn support in general. Many thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list