diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-03 02:46:19 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-03 13:47:32 +1100 |
| commit | 680eb7749a39d0e4d046e66cac4e51e8e3640b75 (patch) | |
| tree | b17136abf066eb162138d62dd649bdc44df40094 /regress | |
| parent | 86834fe6b54ac57b8528c30cf0b27e5cac5b7af7 (diff) | |
upstream: implement recent SK API change to support resident keys
and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@
OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/misc/sk-dummy/sk-dummy.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c index 40a4ed2cc..e8052410d 100644 --- a/regress/misc/sk-dummy/sk-dummy.c +++ b/regress/misc/sk-dummy/sk-dummy.c | |||
| @@ -44,7 +44,7 @@ | |||
| 44 | } while (0) | 44 | } while (0) |
| 45 | #endif | 45 | #endif |
| 46 | 46 | ||
| 47 | #define SK_VERSION_MAJOR 0x00020000 /* current API version */ | 47 | #define SK_VERSION_MAJOR 0x00030000 /* current API version */ |
| 48 | 48 | ||
| 49 | /* Flags */ | 49 | /* Flags */ |
| 50 | #define SK_USER_PRESENCE_REQD 0x01 | 50 | #define SK_USER_PRESENCE_REQD 0x01 |
| @@ -53,6 +53,11 @@ | |||
| 53 | #define SK_ECDSA 0x00 | 53 | #define SK_ECDSA 0x00 |
| 54 | #define SK_ED25519 0x01 | 54 | #define SK_ED25519 0x01 |
| 55 | 55 | ||
| 56 | /* Error codes */ | ||
| 57 | #define SSH_SK_ERR_GENERAL -1 | ||
| 58 | #define SSH_SK_ERR_UNSUPPORTED -2 | ||
| 59 | #define SSH_SK_ERR_PIN_REQUIRED -3 | ||
| 60 | |||
| 56 | struct sk_enroll_response { | 61 | struct sk_enroll_response { |
| 57 | uint8_t *public_key; | 62 | uint8_t *public_key; |
| 58 | size_t public_key_len; | 63 | size_t public_key_len; |
| @@ -73,18 +78,29 @@ struct sk_sign_response { | |||
| 73 | size_t sig_s_len; | 78 | size_t sig_s_len; |
| 74 | }; | 79 | }; |
| 75 | 80 | ||
| 81 | struct sk_resident_key { | ||
| 82 | uint8_t alg; | ||
| 83 | size_t slot; | ||
| 84 | char *application; | ||
| 85 | struct sk_enroll_response key; | ||
| 86 | }; | ||
| 87 | |||
| 76 | /* Return the version of the middleware API */ | 88 | /* Return the version of the middleware API */ |
| 77 | uint32_t sk_api_version(void); | 89 | uint32_t sk_api_version(void); |
| 78 | 90 | ||
| 79 | /* Enroll a U2F key (private key generation) */ | 91 | /* Enroll a U2F key (private key generation) */ |
| 80 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 92 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
| 81 | const char *application, uint8_t flags, | 93 | const char *application, uint8_t flags, const char *pin, |
| 82 | struct sk_enroll_response **enroll_response); | 94 | struct sk_enroll_response **enroll_response); |
| 83 | 95 | ||
| 84 | /* Sign a challenge */ | 96 | /* Sign a challenge */ |
| 85 | int sk_sign(int alg, const uint8_t *message, size_t message_len, | 97 | int sk_sign(int alg, const uint8_t *message, size_t message_len, |
| 86 | const char *application, const uint8_t *key_handle, size_t key_handle_len, | 98 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
| 87 | uint8_t flags, struct sk_sign_response **sign_response); | 99 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response); |
| 100 | |||
| 101 | /* Enumerate all resident keys */ | ||
| 102 | int sk_load_resident_keys(const char *pin, | ||
| 103 | struct sk_resident_key ***rks, size_t *nrks); | ||
| 88 | 104 | ||
| 89 | static void skdebug(const char *func, const char *fmt, ...) | 105 | static void skdebug(const char *func, const char *fmt, ...) |
| 90 | __attribute__((__format__ (printf, 2, 3))); | 106 | __attribute__((__format__ (printf, 2, 3))); |
| @@ -239,7 +255,7 @@ pack_key_ed25519(struct sk_enroll_response *response) | |||
| 239 | 255 | ||
| 240 | int | 256 | int |
| 241 | sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 257 | sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
| 242 | const char *application, uint8_t flags, | 258 | const char *application, uint8_t flags, const char *pin, |
| 243 | struct sk_enroll_response **enroll_response) | 259 | struct sk_enroll_response **enroll_response) |
| 244 | { | 260 | { |
| 245 | struct sk_enroll_response *response = NULL; | 261 | struct sk_enroll_response *response = NULL; |
| @@ -486,7 +502,7 @@ int | |||
| 486 | sk_sign(int alg, const uint8_t *message, size_t message_len, | 502 | sk_sign(int alg, const uint8_t *message, size_t message_len, |
| 487 | const char *application, | 503 | const char *application, |
| 488 | const uint8_t *key_handle, size_t key_handle_len, | 504 | const uint8_t *key_handle, size_t key_handle_len, |
| 489 | uint8_t flags, struct sk_sign_response **sign_response) | 505 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response) |
| 490 | { | 506 | { |
| 491 | struct sk_sign_response *response = NULL; | 507 | struct sk_sign_response *response = NULL; |
| 492 | int ret = -1; | 508 | int ret = -1; |
| @@ -530,3 +546,10 @@ sk_sign(int alg, const uint8_t *message, size_t message_len, | |||
| 530 | } | 546 | } |
| 531 | return ret; | 547 | return ret; |
| 532 | } | 548 | } |
| 549 | |||
| 550 | int | ||
| 551 | sk_load_resident_keys(const char *pin, | ||
| 552 | struct sk_resident_key ***rks, size_t *nrks) | ||
| 553 | { | ||
| 554 | return SSH_SK_ERR_UNSUPPORTED; | ||
| 555 | } | ||