summaryrefslogtreecommitdiff
path: root/PROTOCOL.u2f
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-12-30 09:25:29 +0000
committerDamien Miller <djm@mindrot.org>2019-12-30 21:01:52 +1100
commitef65e7dbaa8fac3245aa2bfc9f7e09be7cba0d9d (patch)
tree58ea05cd4cc84af5dc36654eb371eefb4bd95999 /PROTOCOL.u2f
parent43ce96427b76c4918e39af654e2fc9ee18d5d478 (diff)
upstream: document SK API changes in PROTOCOL.u2f
ok markus@ OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r--PROTOCOL.u2f22
1 files changed, 20 insertions, 2 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 93601159c..5f44c3acc 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -233,6 +233,9 @@ support for the common case of USB HID security keys internally.
233 233
234The middleware library need only expose a handful of functions: 234The middleware library need only expose a handful of functions:
235 235
236 #define SSH_SK_VERSION_MAJOR 0x00030000 /* API version */
237 #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
238
236 /* Flags */ 239 /* Flags */
237 #define SSH_SK_USER_PRESENCE_REQD 0x01 240 #define SSH_SK_USER_PRESENCE_REQD 0x01
238 #define SSH_SK_USER_VERIFICATION_REQD 0x04 241 #define SSH_SK_USER_VERIFICATION_REQD 0x04
@@ -262,19 +265,34 @@ The middleware library need only expose a handful of functions:
262 size_t sig_s_len; 265 size_t sig_s_len;
263 }; 266 };
264 267
268 struct sk_resident_key {
269 uint8_t alg;
270 size_t slot;
271 char *application;
272 struct sk_enroll_response key;
273 };
274
265 /* Return the version of the middleware API */ 275 /* Return the version of the middleware API */
266 uint32_t sk_api_version(void); 276 uint32_t sk_api_version(void);
267 277
268 /* Enroll a U2F key (private key generation) */ 278 /* Enroll a U2F key (private key generation) */
269 int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, 279 int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
270 const char *application, uint8_t flags, 280 const char *application, uint8_t flags, const char *pin,
271 struct sk_enroll_response **enroll_response); 281 struct sk_enroll_response **enroll_response);
272 282
273 /* Sign a challenge */ 283 /* Sign a challenge */
274 int sk_sign(int alg, const uint8_t *message, size_t message_len, 284 int sk_sign(int alg, const uint8_t *message, size_t message_len,
275 const char *application, 285 const char *application,
276 const uint8_t *key_handle, size_t key_handle_len, 286 const uint8_t *key_handle, size_t key_handle_len,
277 uint8_t flags, struct sk_sign_response **sign_response); 287 uint8_t flags, const char *pin,
288 struct sk_sign_response **sign_response);
289
290 /* Enumerate all resident keys */
291 int sk_load_resident_keys(const char *pin,
292 struct sk_resident_key ***rks, size_t *nrks);
293
294The SSH_SK_VERSION_MAJOR should be incremented for each incompatible
295API change.
278 296
279In OpenSSH, these will be invoked by using a similar mechanism to 297In OpenSSH, these will be invoked by using a similar mechanism to
280ssh-pkcs11-helper to provide address-space containment of the 298ssh-pkcs11-helper to provide address-space containment of the
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 11:17:33 +0000