[Bug 3748] "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3748

Jó Ágila Bitsch <jgilab at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3881|0                           |1
        is obsolete|                            |

--- Comment #10 from Jó Ágila Bitsch <jgilab at gmail.com> ---
Comment on attachment 3881
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3881
patch for allowing webauthn signatures via ssh agent

>diff --git a/sshkey.c b/sshkey.c
>index 9e31411e2..57a61fd7b 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -315,6 +315,9 @@ sshkey_match_keyname_to_sigalgs(const char *keyname, const char *sigalgs)
> 		    sigalgs, 0) == 1 ||
> 		    match_pattern_list("rsa-sha2-512-cert-v01 at openssh.com",
> 		    sigalgs, 0) == 1;
>+	} else if (ktype == KEY_ECDSA_SK) {
>+		return match_pattern_list("sk-ecdsa-sha2-nistp256 at openssh.com", sigalgs, 0) == 1 ||
>+		    match_pattern_list("webauthn-sk-ecdsa-sha2-nistp256 at openssh.com", sigalgs, 0) == 1;
> 	} else
> 		return match_pattern_list(keyname, sigalgs, 0) == 1;
> }
>@@ -2162,17 +2165,14 @@ int
> sshkey_check_sigtype(const u_char *sig, size_t siglen,
>     const char *requested_alg)
> {
>-	const char *expected_alg;
> 	char *sigtype = NULL;
> 	int r;
> 
> 	if (requested_alg == NULL)
> 		return 0;
>-	if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
>-		return SSH_ERR_INVALID_ARGUMENT;
> 	if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0)
> 		return r;
>-	r = strcmp(expected_alg, sigtype) == 0;
>+	r = sshkey_match_keyname_to_sigalgs(requested_alg, sigtype);
> 	free(sigtype);
> 	return r ? 0 : SSH_ERR_SIGN_ALG_UNSUPPORTED;
> }

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.