Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable support for FIDO2/U2F security keys #541

Merged
merged 35 commits into from
Dec 18, 2021
Merged

Enable support for FIDO2/U2F security keys #541

merged 35 commits into from
Dec 18, 2021

Commits on Nov 11, 2021

  1. sk-usbhid: use fido_{assert,cred}_set_clientdata()

    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    3c200c2 View commit details
    Browse the repository at this point in the history

  2. sk-usbhid: always prefer windows://hello if device == NULL

    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    41c396c View commit details
    Browse the repository at this point in the history

  3. sk-usbhid: randomise user_id by default 

    requested by akshayku@
    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    bb6503c View commit details
    Browse the repository at this point in the history

  4. ssh-sk-client: use posix_spawn() to run ssh-sk-helper

    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    867d766 View commit details
    Browse the repository at this point in the history

  5. ssh-keygen: don't prompt for FIDO PINs by default on Windows 

    only prompt for a FIDO PIN if sshsk_enroll() fails with
SSH_ERR_KEY_WRONG_PASSPHRASE, which never happens when sk-usbhid
uses webauthn.dll and means we are communicating directly with
a security key.
    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    e582f7b View commit details
    Browse the repository at this point in the history

  6. ssh: don't prompt for FIDO PINs by default on Windows 

    only prompt for a FIDO PIN if sshsk_sign() fails with
SSH_ERR_KEY_WRONG_PASSPHRASE, which never happens when sk-usbhid
uses webauthn.dll and means we are communicating directly with
a security key.
    @martelletto
    martelletto committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    ba76466 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2021

  1. fetch libfido2 using an auxiliary script

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    3123f25 View commit details
    Browse the repository at this point in the history

  2. build definitions for libfido2

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    fff6e73 View commit details
    Browse the repository at this point in the history

  3. build ssh-sk-helper

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    bd0c9b9 View commit details
    Browse the repository at this point in the history

  4. enable ssh-sk

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    73a3af6 View commit details
    Browse the repository at this point in the history

  5. gitignore bits

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    6de170f View commit details
    Browse the repository at this point in the history

  6. README blurb

    @martelletto
    martelletto committed Nov 19, 2021
    Configuration menu
    Copy the full SHA
    98e9c68 View commit details
    Browse the repository at this point in the history

Commits on Nov 29, 2021

  1. sshsig: don't prompt for FIDO PINs by default on Windows 

    only prompt for a FIDO PIN if sshsig_wrap_sign() fails with
SSH_ERR_KEY_WRONG_PASSPHRASE, which never happens when sk-usbhid
uses webauthn.dll and means we are communicating directly with
a security key.
    @martelletto
    martelletto committed Nov 29, 2021
    Configuration menu
    Copy the full SHA
    0d4e6f6 View commit details
    Browse the repository at this point in the history

  2. ssh-keygen -s: don't prompt for FIDO PINs by default on Windows 

    only prompt for a FIDO PIN if sshkey_certify() fails with
SSH_ERR_KEY_WRONG_PASSPHRASE, which never happens when sk-usbhid
uses webauthn.dll and means we are communicating directly with
a security key.
    @martelletto
    martelletto committed Nov 29, 2021
    Configuration menu
    Copy the full SHA
    14e3877 View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2021

  1. sk-usbhid: +#ifdef WINDOWS; requested by bagajjal@

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    1e3d6d4 View commit details
    Browse the repository at this point in the history

  2. sshsig: merge sshsig_sign_fd(), requested by bagajjal@

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    3dd1a01 View commit details
    Browse the repository at this point in the history

  3. ssh-sk-client: merge start_helper(), requested by bagajjal@

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    dee6c5e View commit details
    Browse the repository at this point in the history

  4. identity_sign: add a clarification comment

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    783697f View commit details
    Browse the repository at this point in the history

  5. pathnames: adjust _PATH_SSH_SK_HELPER on Windows

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    ed39b66 View commit details
    Browse the repository at this point in the history

  6. fix previous

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    3e47db8 View commit details
    Browse the repository at this point in the history

  7. ssh-sk-client: use GetModuleFileNameW(), requested by bagajjal@

    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    6b54b8d View commit details
    Browse the repository at this point in the history

  8. ssh-keygen: move Windows-specific bits under #ifdef WINDOWS; requeste… 

    …d by bagajjal@
    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    7606c43 View commit details
    Browse the repository at this point in the history

  9. sk-usbhid: move Windows-specific bits under #ifdef WINDOWS; requested… 

    … by bagajjal@
    @martelletto
    martelletto committed Dec 1, 2021
    Configuration menu
    Copy the full SHA
    b6c982f View commit details
    Browse the repository at this point in the history

Commits on Dec 8, 2021

  1. config.h: define HAVE_FIDO_DEV_GET_TOUCH_{BEGIN,STATUS} 

    these are needed by sk-usbhid.c when operating in environments
with multiple authenticators attached.
    @martelletto
    martelletto committed Dec 8, 2021
    Configuration menu
    Copy the full SHA
    deecf32 View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2021

  1. ssh-add: don't consider a sk_provider a key constraint 

    unless explicitly specified, don't consider a sk_provider a
key constraint, allowing ssh-sk keys using the default internal
provider to be added with SSH2_AGENTC_ADD_IDENTITY instead of
SSH2_AGENTC_ADD_ID_CONSTRAINED.
    @martelletto
    martelletto committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    7393b48 View commit details
    Browse the repository at this point in the history

  2. ssh-agent: promote sk_provider == NULL to "internal" 

    a sk_provider is required by ssh-sk-helper. as such, treat ssh-sk
keys without a provider as belonging to the "internal" provider.
    @martelletto
    martelletto committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    b31d77e View commit details
    Browse the repository at this point in the history

  3. README: mention FIDO2 ssh-agent support

    @martelletto
    martelletto committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    e7b9c09 View commit details
    Browse the repository at this point in the history

Commits on Dec 14, 2021

  1. sk-usbhid: clarify arc4random_buf() usage in sk_enroll()

    @martelletto
    martelletto committed Dec 14, 2021
    Configuration menu
    Copy the full SHA
    7892043 View commit details
    Browse the repository at this point in the history

  2. sk-usbhid: more comments, ifdef blocks 

    no functional change
    @martelletto
    martelletto committed Dec 14, 2021
    Configuration menu
    Copy the full SHA
    6bd15af View commit details
    Browse the repository at this point in the history

  3. Win32-OpenSSH.sln: specify ssh-sk-helper's dependencies

    @martelletto
    martelletto committed Dec 14, 2021
    Configuration menu
    Copy the full SHA
    ebc802a View commit details
    Browse the repository at this point in the history

Commits on Dec 16, 2021

  1. Win32-OpenSSH.sln: move ssh-sk-helper to 'core'

    @martelletto
    martelletto committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    f6e5ad4 View commit details
    Browse the repository at this point in the history

  2. sk-usbhid: another #ifndef WINDOWS chunk

    @martelletto
    martelletto committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    843d4d7 View commit details
    Browse the repository at this point in the history

  3. empty commit to trigger ci

    @martelletto
    martelletto committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    524298e View commit details
    Browse the repository at this point in the history

  4. (another) empty commit to trigger ci

    @martelletto
    martelletto committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    b543208 View commit details
    Browse the repository at this point in the history

Commits on Dec 17, 2021

  1. another attempt to get ci to pass

    @martelletto
    martelletto committed Dec 17, 2021
    Configuration menu
    Copy the full SHA
    dd2561c View commit details
    Browse the repository at this point in the history