Webauthn signatures working in the wild, and client-agent support

Damien Miller djm at mindrot.org
Tue Sep 20 10:05:28 AEST 2022


On Mon, 19 Sep 2022, Carlos Cabanero wrote:

> Between sshconnect2.c:sign_and_send_pubkey() and identity_sign(),
> there is a call to key_sig_algorithm and its output is used for
> SSH2_MSG_USERAUTH, and so on... key_sig_algorithm makes use of
> sshkey:sshkey_ssh_name_from_type_nid. The issue there is that webauthn
> and sk both are declared as the same type: KEY_ECDSA_SK.
> 
> At the moment webauthn-sk is considered just a signature only type,
> per sshkey:keytypes, and per your "experiment", the pubkey type is
> made sk-ecdsa. But, trying to force things, if you create the pubkey
> as webauthn-sk-ecdsa, sshd will log you in if you add webkey-sk-ecdsa
> as an Allowed Pubkey Method.
> 
> As you said, it is a violation that the key and signature are
> different, but could a case be made to grant webauthn-sk-ecdsa the
> full "key type" status? At the end of the day, it is not fully true
> that KEY_ECDSA_SK and Webauthn represent the same type of key, even if
> until now things have been "forced" to fit that way.

Well, this is similar to what I suggested wrt having the agent send the
keys back as "webauthn-sk-ecdsa-sha2-nistp256" but a little more
officially :)

There are two ways to do this. One is keeping the key type id
as KEY_ECDSA_SK and adding a key->flags entry to indicate that it's
webauthn-only. Another is a whole separate key type.

At the moment, adding a new key type means a lot of duplicated
boilerplate code. I have some WIP changes to reduce this[1], but even
after they land it there is so much overlap with regular ecdsa-sk keys
it probably makes more sense to go the other way.

-d

[1] https://github.com/djmdjm/openssh-wip/pull/10/commits


More information about the openssh-unix-dev mailing list