upstream: Make it possible to load certs from PKCS#11 tokens

Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.

feedback/ok markus@

OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f

Author: djmdjm

PROTOCOL.agent

@@ -81,4 +81,35 @@ the constraint is:
 
 This option is only valid for XMSS keys.
 
-$OpenBSD: PROTOCOL.agent,v 1.20 2023/10/03 23:56:10 djm Exp $
+3. associated-certs-v00@openssh.com key constraint extension
+
+The key constraint extension allows certificates to be associated
+with private keys as they are loaded from a PKCS#11 token.
+
+	byte		SSH_AGENT_CONSTRAIN_EXTENSION (0xff)
+	string		associated-certs-v00@openssh.com
+	bool		certs_only
+	string		certsblob
+
+Where "certsblob" constists of one or more certificates encoded as public
+key blobs:
+
+	string[]	certificates
+
+This extension is only valid for SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED
+requests. When an agent receives this extension, it will attempt to match
+each certificate in the request with a corresponding private key loaded
+from the requested PKCS#11 token. When a matching key is found, the
+agent will graft the certificate contents to the token-hosted private key
+and store the result for subsequent use by regular agent operations.
+
+If the "certs_only" flag is set, then this extension will cause ONLY
+the resultant certificates to be loaded to the agent. The default
+behaviour is to load the PKCS#11-hosted private key as well as the
+resultant certificate.
+
+A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS
+if any key (plain private or certificate) was successfully loaded, or
+SSH_AGENT_FAILURE if no key was loaded.
+
+$OpenBSD: PROTOCOL.agent,v 1.21 2023/12/18 14:46:56 djm Exp $

authfd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.133 2023/03/09 21:06:24 jcs Exp $ */
+/* $OpenBSD: authfd.c,v 1.134 2023/12/18 14:46:56 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -504,9 +504,10 @@ encode_dest_constraint(struct sshbuf *m, const struct dest_constraint *dc)
 }
 
 static int
-encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
-    const char *provider, struct dest_constraint **dest_constraints,
-    size_t ndest_constraints)
+encode_constraints(struct sshbuf *m, u_int life, u_int confirm,
+    u_int maxsign, const char *provider,
+    struct dest_constraint **dest_constraints, size_t ndest_constraints,
+    int cert_only, struct sshkey **certs, size_t ncerts)
 {
 	int r;
 	struct sshbuf *b = NULL;
@@ -550,6 +551,27 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
 		    "restrict-destination-v00@openssh.com")) != 0 ||
 		    (r = sshbuf_put_stringb(m, b)) != 0)
 			goto out;
+		sshbuf_free(b);
+		b = NULL;
+	}
+	if (ncerts != 0) {
+		if ((b = sshbuf_new()) == NULL) {
+			r = SSH_ERR_ALLOC_FAIL;
+			goto out;
+		}
+		for (i = 0; i < ncerts; i++) {
+			if ((r = sshkey_puts(certs[i], b)) != 0)
+				goto out;
+		}
+		if ((r = sshbuf_put_u8(m,
+		    SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
+		    (r = sshbuf_put_cstring(m,
+		    "associated-certs-v00@openssh.com")) != 0 ||
+		    (r = sshbuf_put_u8(m, cert_only != 0)) != 0 ||
+		    (r = sshbuf_put_stringb(m, b)) != 0)
+			goto out;
+		sshbuf_free(b);
+		b = NULL;
 	}
 	r = 0;
  out:
@@ -607,7 +629,7 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
 	}
 	if (constrained &&
 	    (r = encode_constraints(msg, life, confirm, maxsign,
-	    provider, dest_constraints, ndest_constraints)) != 0)
+	    provider, dest_constraints, ndest_constraints, 0, NULL, 0)) != 0)
 		goto out;
 	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
@@ -662,10 +684,11 @@ ssh_remove_identity(int sock, const struct sshkey *key)
 int
 ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
     u_int life, u_int confirm,
-    struct dest_constraint **dest_constraints, size_t ndest_constraints)
+    struct dest_constraint **dest_constraints, size_t ndest_constraints,
+    int cert_only, struct sshkey **certs, size_t ncerts)
 {
 	struct sshbuf *msg;
-	int r, constrained = (life || confirm || dest_constraints);
+	int r, constrained = (life || confirm || dest_constraints || certs);
 	u_char type;
 
 	if (add) {
@@ -683,7 +706,8 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
 		goto out;
 	if (constrained &&
 	    (r = encode_constraints(msg, life, confirm, 0, NULL,
-	    dest_constraints, ndest_constraints)) != 0)
+	    dest_constraints, ndest_constraints,
+	    cert_only, certs, ncerts)) != 0)
 		goto out;
 	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;

authfd.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.51 2021/12/19 22:10:24 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.52 2023/12/18 14:46:56 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -56,7 +56,8 @@ int	ssh_remove_identity(int sock, const struct sshkey *key);
 int	ssh_update_card(int sock, int add, const char *reader_id,
 	    const char *pin, u_int life, u_int confirm,
 	    struct dest_constraint **dest_constraints,
-	    size_t ndest_constraints);
+	    size_t ndest_constraints,
+	    int cert_only, struct sshkey **certs, size_t ncerts);
 int	ssh_remove_all_identities(int sock, int version);
 
 int	ssh_agent_sign(int sock, const struct sshkey *key,

ssh-add.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.84 2022/02/04 02:49:17 dtucker Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.85 2023/12/18 14:46:56 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,15 +35,15 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 4 2022 $
+.Dd $Mdocdate: December 18 2023 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
 .Nm ssh-add
 .Nd adds private key identities to the OpenSSH authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdKkLlqvXx
+.Op Fl cCDdKkLlqvXx
 .Op Fl E Ar fingerprint_hash
 .Op Fl H Ar hostkey_file
 .Op Fl h Ar destination_constraint
@@ -52,6 +52,8 @@
 .Op Ar
 .Nm ssh-add
 .Fl s Ar pkcs11
+.Op Fl vC
+.Op Ar certificate ...
 .Nm ssh-add
 .Fl e Ar pkcs11
 .Nm ssh-add
@@ -100,6 +102,9 @@ Confirmation is performed by
 Successful confirmation is signaled by a zero exit status from
 .Xr ssh-askpass 1 ,
 rather than text entered into the requester.
+.It Fl C
+When loading keys into or deleting keys from the agent, process
+certificates only and skip plain keys.
 .It Fl D
 Deletes all identities from the agent.
 .It Fl d
@@ -228,6 +233,9 @@ internal USB HID support.
 .It Fl s Ar pkcs11
 Add keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
+Certificate files may optionally be listed as command-line arguments.
+If these are present, then they will be loaded into the agent using any
+corresponding private keys loaded from the PKCS#11 token.
 .It Fl T Ar pubkey ...
 Tests whether the private keys that correspond to the specified
 .Ar pubkey