openssh bugs - Jul 2022 - [Bug 3463] New: cannot get ed25519-sk residental key with fido2

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

            Bug ID: 3463
           Summary: cannot get ed25519-sk residental key with fido2
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sergey at markow.su

./ssh-keygen -t ed25519-sk -O resident
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
Key enrollment failed: invalid format

It looks like this feature was broker since 8.2.

Openssh 9.0 was build with:
../configure --with-security-key-builtin --with-md5-passwords
--with-selinux --with-privsep-path=$HOME/openssl-8/test-openssh
--sysconfdir=$HOME/openssl-8/test-openssh
--prefix=$HOME/openssl-8/test-openssh --enable-security-key
--enable-fido2

for instance expected result (it was taken from 8.2 version):
./ssh-keygen -t ed25519-sk -O resident
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (/home/galina/.ssh/id_ed25519_sk):
./id_ed25519_sk
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ./id_ed25519_sk
Your public key has been saved in ./id_ed25519_sk.pub
The key fingerprint is:
SHA256:+3o85xn1NtIUJGfQupvtCQpb2gQmSXviP3bbcuHZ+R0 galina at galina
The key's randomart image is:
+[ED25519-SK 256]-+
|             oo+ |
|              =. |
|       .      .. |
|      . o    .  .|
|       =S+    o. |
|      . =..  +o. |
|       ..o oooBE+|
|        .+ at o+Oo==|
|        o*+B*..o+|
+----[SHA256]-----+

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

sergey at markow.su changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|cannot get ed25519-sk       |cannot gen ed25519-sk
                   |residental key with fido2   |residental key with fido2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

pedro martelletto <pedro at ambientworks.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pedro at ambientworks.net

--- Comment #1 from pedro martelletto <pedro at ambientworks.net> ---
Works for me on a Yubico Security Key with firmware 5.2.4. Could you
please provide the output of fido2-token -L, fido2-token -I <dev>, and
FIDO_DEBUG=1 ssh-keygen -vvv -t ed25519-sk -O resident -f /tmp/foo?
Thanks.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #2 from sergey at markow.su ---
yes sure:
$ fido2-token -L
/dev/hidraw3: vendor=0x1050, product=0x0407 (Yubico YubiKey
OTP+FIDO+CCID)

$ fido2-token -I /dev/hidraw3
proto: 0x02
major: 0x05
minor: 0x04
build: 0x03
caps: 0x05 (wink, cbor, msg)
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
transport strings: usb
algorithms: es256 (public-key), eddsa (public-key)
aaguid: ee882879721c491397753dfcce97072a
options: rk, up, noplat, noclientPin, credentialMgmtPreview
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
maxlargeblob: 0
fwversion: 0x50403
pin protocols: 2, 1
pin retries: undefined
uv retries: undefined

$ FIDO_DEBUG=1 ssh-keygen -vvv -t ed25519-sk -O resident -f /tmp/foo
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
debug3: start_helper: started pid=14181
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/local/libexec/ssh-sk-helper 
debug1: sshsk_enroll: provider "", device "(null)",
application "ssh:",
userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
No FIDO SecurityKeyProvider specified
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=14181
Key enrollment failed: invalid format

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #3 from pedro martelletto <pedro at ambientworks.net>
---
> debug1: start_helper: starting /usr/local/libexec/ssh-sk-helper 
> debug1: sshsk_enroll: provider "", device "(null)",
application "ssh:", > userid "(null)", flags 0x21,
challenge len 0 with-pin
> debug1: sshsk_enroll: using random challenge
> No FIDO SecurityKeyProvider specified
This looks like the invocation of a ssh-keygen/ssh-sk-helper pair built
without --with-security-key-builtin. If this is indeed the ssh-keygen
you built, please double-check the value of _PATH_SSH_SK_HELPER in
Makefile to ensure the correct ssh-sk-helper is being picked up.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #4 from sergey at markow.su ---
Created attachment 3604
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3604&action=edit
config log

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #5 from sergey at markow.su ---
I've fully rebuilt openssh9:
../configure --with-security-key-builtin --with-md5-passwords
--with-selinux --with-privsep-path=$HOME/openssl-8/test-openssh
--sysconfdir=$HOME/openssl-9/test-openssh
--prefix=$HOME/openssl-9/test-openssh --enable-security-key
--enable-fido2

config log is attached

the output of the command is different:
bin $ FIDO_DEBUG=1 ./ssh-keygen -vvv -t ed25519-sk -O resident -f
/tmp/foo
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
debug3: start_helper: started pid=16068
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting
/home/galina/openssl-9/test-openssh/libexec/ssh-sk-helper 
debug1: sshsk_enroll: provider "internal", device "(null)",
application
"ssh:", userid "(null)", flags 0x21, challenge len 0
with-pin
debug1: sshsk_enroll: using random challenge
fido_hid_unix_open: open /dev/hidraw0: Permission denied
fido_hid_unix_open: open /dev/hidraw1: Permission denied
fido_hid_unix_open: open /dev/hidraw2: Permission denied
run_manifest: found 1 hid device
run_manifest: found 0 nfc devices
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
fido_tx: dev=0x563bc994a6b0, cmd=0x06
fido_tx: buf=0x563bc994a6b0, len=8
0000: ad 85 51 90 9c ad 17 93
fido_rx: dev=0x563bc994a6b0, cmd=0x06, ms=-1
rx_preamble: buf=0x7ffe22c2aa10, len=64
0000: ff ff ff ff 86 00 11 ad 85 51 90 9c ad 17 93 81
0016: 74 34 79 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x563bc994a6b8, len=17
0000: ad 85 51 90 9c ad 17 93 81 74 34 79 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x563bc994a6b0
fido_tx: dev=0x563bc994a6b0, cmd=0x10
fido_tx: buf=0x7ffe22c2aa77, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x563bc994a6b0, ci=0x563bc993a070, ms=-1
fido_rx: dev=0x563bc994a6b0, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffe22c2a1d0, len=64
0000: 81 74 34 79 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x7ffe22c2a1d0, len=64
0000: 81 74 34 79 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f4 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x7ffe22c2a1d0, len=64
0000: 81 74 34 79 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x7ffe22c2a1d0, len=64
0000: 81 74 34 79 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffe22c2a260, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f4 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
parse_reply_element: cbor type
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
debug1: ssh_sk_enroll: using device /dev/hidraw3
fido_dev_authkey_tx: dev=0x563bc994a6b0
fido_tx: dev=0x563bc994a6b0, cmd=0x10
fido_tx: buf=0x563bc993bd20, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x563bc994a6b0, authkey=0x563bc9939f20, ms=-1
fido_rx: dev=0x563bc994a6b0, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffe22c2a210, len=64
0000: 81 74 34 79 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 55 c5 cc 67 da df 27 ce 28 ff de
0032: ad 86 a0 63 55 45 02 b5 a2 77 86 81 66 5b 6f be
0048: 75 42 a5 cc 9e 22 58 20 d8 36 8e bb c2 9c 5c 37
rx: payload_len=81
rx: buf=0x7ffe22c2a210, len=64
0000: 81 74 34 79 00 44 18 a0 6b ff d0 8a 41 5d fc 20
0016: 4d 75 56 18 98 59 a4 ad 31 36 be b5 aa 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffe22c2a2a0, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 55 c5
0016: cc 67 da df 27 ce 28 ff de ad 86 a0 63 55 45 02
0032: b5 a2 77 86 81 66 5b 6f be 75 42 a5 cc 9e 22 58
0048: 20 d8 36 8e bb c2 9c 5c 37 44 18 a0 6b ff d0 8a
0064: 41 5d fc 20 4d 75 56 18 98 59 a4 ad 31 36 be b5
0080: aa
fido_tx: dev=0x563bc994a6b0, cmd=0x10
fido_tx: buf=0x563bc99389e0, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 1b d4 1b 61 76 47 01 bb 76 1f 3e 4f 90 91
0032: c3 2b 15 dd 28 13 dc 60 7b 22 87 91 06 f9 e9 76
0048: 83 9e 22 58 20 31 f2 cf b6 1d ea 12 e5 a2 ea 1c
0064: 3a 5a 19 f2 15 98 d6 5a da 04 b8 5f 89 24 35 26
0080: 73 b7 6a 6f a9 06 58 20 3a e3 67 0c ea 44 8e 0d
0096: 2a a3 d2 cc 4d db c9 6c eb 9c 77 ab ef cd 87 d3
0112: b2 75 37 3a 89 91 ea 36
fido_rx: dev=0x563bc994a6b0, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffe22c2a200, len=64
0000: 81 74 34 79 90 00 01 35 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x7ffe22c2a2a0, len=1
0000: 35
cbor_parse_reply: blob[0]=0x35
uv_token_rx: parse_uv_token
cbor_add_uv_params: fido_dev_get_uv_token
fido_dev_make_cred_tx: cbor_add_uv_params
debug1: ssh_sk_enroll: fido_dev_make_cred: FIDO_ERR_PIN_NOT_SET
fido_tx: dev=0x563bc994a6b0, cmd=0x11
fido_tx: buf=(nil), len=0
debug1: sshsk_enroll: provider "internal" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=16068
Key enrollment failed: invalid format

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #6 from sergey at markow.su ---
it shows that FIDO_ERR_PIN_NOT_SET but the PIN is set. Morevoer as you
can see the keys is generated I've done it by openssh8.2 but I cannot
do it via openssh9:

gpg/card> verify

Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: D2760001240103040006138359960000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 13835996
Name of cardholder: [?? ???????????]
Language prefs ...: [?? ???????????]
Salutation .......: 
URL of public key : [?? ???????????]
Login data .......: [?? ???????????]
Signature PIN ....: ?? ?????????
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4
KDF setting ......: off
Signature key ....: 1D53 6712 BE10 A563 D131  0372 E350 77E5 D106 CC6E
      created ....: 2022-07-13 13:49:14
Encryption key....: C01A 68D2 3252 27FB 6F0D  044E EEEC F1F6 88FC DB7C
      created ....: 2022-07-13 13:49:14
Authentication key: C5E6 51BC 4219 5AC4 0B3D  DF60 58D6 560B 7E39 B47A
      created ....: 2022-07-13 13:49:14
General key info..: 
pub  ed25519/E35077E5D106CC6E 2022-07-13 Sergey-V Markov (mars)
<sergey at markow.su>
sec>  ed25519/E35077E5D106CC6E       ??????: 2022-07-13     ????? ??:
???????   
                                ????? ?????: 0006 13835996
ssb>  ed25519/58D6560B7E39B47A       ??????: 2022-07-13     ????? ??:
???????   
                                ????? ?????: 0006 13835996
ssb>  cv25519/EEECF1F688FCDB7C       ??????: 2022-07-13     ????? ??:
???????   
                                ????? ?????: 0006 13835996

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #7 from pedro martelletto <pedro at ambientworks.net> ---
The FIDO and GPG subsystems of a Yubikey are independent and have
separate PINs. It looks like the GPG PIN is set, but the FIDO PIN
isn't. You can set the FIDO PIN using fido2-token -S <dev>. 

The existing code prompts for a PIN even if one isn't set. This is
addressed by https://github.com/openssh/openssh-portable/pull/329.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #8 from sergey at markow.su ---
hmm OK. It works for now! I was confused because openssh8.2 works just
fine with PIN which was set by gpg

Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED

--- Comment #9 from Damien Miller <djm at mindrot.org> ---
Thanks Pedro for digging into this!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3463

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #10 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.