diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-06 02:07:50 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-06 13:12:46 +1100 |
| commit | dd2acc8b862c09751621995fba2d5fa6f4e24cc9 (patch) | |
| tree | 7f4a5d42fd45aa50d3b8032edf235ca63315b9a8 /regress | |
| parent | c312ca077cd2a6c15545cd6b4d34ee2f69289174 (diff) | |
upstream: adapt sk-dummy to SK API changes
also, make it pull prototypes directly from sk-api.c and #error
if the expected version changes. This will make any future regress
test breakage because of SK API changes much more apparent
OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/misc/sk-dummy/sk-dummy.c | 111 |
1 files changed, 40 insertions, 71 deletions
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c index e8052410d..a7e93982c 100644 --- a/regress/misc/sk-dummy/sk-dummy.c +++ b/regress/misc/sk-dummy/sk-dummy.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <stdarg.h> | 24 | #include <stdarg.h> |
| 25 | 25 | ||
| 26 | #include "crypto_api.h" | 26 | #include "crypto_api.h" |
| 27 | #include "sk-api.h" | ||
| 27 | 28 | ||
| 28 | #include <openssl/opensslv.h> | 29 | #include <openssl/opensslv.h> |
| 29 | #include <openssl/crypto.h> | 30 | #include <openssl/crypto.h> |
| @@ -44,63 +45,9 @@ | |||
| 44 | } while (0) | 45 | } while (0) |
| 45 | #endif | 46 | #endif |
| 46 | 47 | ||
| 47 | #define SK_VERSION_MAJOR 0x00030000 /* current API version */ | 48 | #if SSH_SK_VERSION_MAJOR != 0x00040000 |
| 48 | 49 | # error SK API has changed, sk-dummy.c needs an update | |
| 49 | /* Flags */ | 50 | #endif |
| 50 | #define SK_USER_PRESENCE_REQD 0x01 | ||
| 51 | |||
| 52 | /* Algs */ | ||
| 53 | #define SK_ECDSA 0x00 | ||
| 54 | #define SK_ED25519 0x01 | ||
| 55 | |||
| 56 | /* Error codes */ | ||
| 57 | #define SSH_SK_ERR_GENERAL -1 | ||
| 58 | #define SSH_SK_ERR_UNSUPPORTED -2 | ||
| 59 | #define SSH_SK_ERR_PIN_REQUIRED -3 | ||
| 60 | |||
| 61 | struct sk_enroll_response { | ||
| 62 | uint8_t *public_key; | ||
| 63 | size_t public_key_len; | ||
| 64 | uint8_t *key_handle; | ||
| 65 | size_t key_handle_len; | ||
| 66 | uint8_t *signature; | ||
| 67 | size_t signature_len; | ||
| 68 | uint8_t *attestation_cert; | ||
| 69 | size_t attestation_cert_len; | ||
| 70 | }; | ||
| 71 | |||
| 72 | struct sk_sign_response { | ||
| 73 | uint8_t flags; | ||
| 74 | uint32_t counter; | ||
| 75 | uint8_t *sig_r; | ||
| 76 | size_t sig_r_len; | ||
| 77 | uint8_t *sig_s; | ||
| 78 | size_t sig_s_len; | ||
| 79 | }; | ||
| 80 | |||
| 81 | struct sk_resident_key { | ||
| 82 | uint8_t alg; | ||
| 83 | size_t slot; | ||
| 84 | char *application; | ||
| 85 | struct sk_enroll_response key; | ||
| 86 | }; | ||
| 87 | |||
| 88 | /* Return the version of the middleware API */ | ||
| 89 | uint32_t sk_api_version(void); | ||
| 90 | |||
| 91 | /* Enroll a U2F key (private key generation) */ | ||
| 92 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | ||
| 93 | const char *application, uint8_t flags, const char *pin, | ||
| 94 | struct sk_enroll_response **enroll_response); | ||
| 95 | |||
| 96 | /* Sign a challenge */ | ||
| 97 | int sk_sign(int alg, const uint8_t *message, size_t message_len, | ||
| 98 | const char *application, const uint8_t *key_handle, size_t key_handle_len, | ||
| 99 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response); | ||
| 100 | |||
| 101 | /* Enumerate all resident keys */ | ||
| 102 | int sk_load_resident_keys(const char *pin, | ||
| 103 | struct sk_resident_key ***rks, size_t *nrks); | ||
| 104 | 51 | ||
| 105 | static void skdebug(const char *func, const char *fmt, ...) | 52 | static void skdebug(const char *func, const char *fmt, ...) |
| 106 | __attribute__((__format__ (printf, 2, 3))); | 53 | __attribute__((__format__ (printf, 2, 3))); |
| @@ -125,7 +72,7 @@ skdebug(const char *func, const char *fmt, ...) | |||
| 125 | uint32_t | 72 | uint32_t |
| 126 | sk_api_version(void) | 73 | sk_api_version(void) |
| 127 | { | 74 | { |
| 128 | return SK_VERSION_MAJOR; | 75 | return SSH_SK_VERSION_MAJOR; |
| 129 | } | 76 | } |
| 130 | 77 | ||
| 131 | static int | 78 | static int |
| @@ -253,13 +200,31 @@ pack_key_ed25519(struct sk_enroll_response *response) | |||
| 253 | return ret; | 200 | return ret; |
| 254 | } | 201 | } |
| 255 | 202 | ||
| 203 | static int | ||
| 204 | check_options(struct sk_option **options) | ||
| 205 | { | ||
| 206 | size_t i; | ||
| 207 | |||
| 208 | if (options == NULL) | ||
| 209 | return 0; | ||
| 210 | for (i = 0; options[i] != NULL; i++) { | ||
| 211 | skdebug(__func__, "requested unsupported option %s", | ||
| 212 | options[i]->name); | ||
| 213 | if (options[i]->required) { | ||
| 214 | skdebug(__func__, "unknown required option"); | ||
| 215 | return -1; | ||
| 216 | } | ||
| 217 | } | ||
| 218 | return 0; | ||
| 219 | } | ||
| 220 | |||
| 256 | int | 221 | int |
| 257 | sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 222 | sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, |
| 258 | const char *application, uint8_t flags, const char *pin, | 223 | const char *application, uint8_t flags, const char *pin, |
| 259 | struct sk_enroll_response **enroll_response) | 224 | struct sk_option **options, struct sk_enroll_response **enroll_response) |
| 260 | { | 225 | { |
| 261 | struct sk_enroll_response *response = NULL; | 226 | struct sk_enroll_response *response = NULL; |
| 262 | int ret = -1; | 227 | int ret = SSH_SK_ERR_GENERAL; |
| 263 | 228 | ||
| 264 | (void)flags; /* XXX; unused */ | 229 | (void)flags; /* XXX; unused */ |
| 265 | 230 | ||
| @@ -268,16 +233,18 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | |||
| 268 | goto out; | 233 | goto out; |
| 269 | } | 234 | } |
| 270 | *enroll_response = NULL; | 235 | *enroll_response = NULL; |
| 236 | if (check_options(options) != 0) | ||
| 237 | goto out; /* error already logged */ | ||
| 271 | if ((response = calloc(1, sizeof(*response))) == NULL) { | 238 | if ((response = calloc(1, sizeof(*response))) == NULL) { |
| 272 | skdebug(__func__, "calloc response failed"); | 239 | skdebug(__func__, "calloc response failed"); |
| 273 | goto out; | 240 | goto out; |
| 274 | } | 241 | } |
| 275 | switch(alg) { | 242 | switch(alg) { |
| 276 | case SK_ECDSA: | 243 | case SSH_SK_ECDSA: |
| 277 | if (pack_key_ecdsa(response) != 0) | 244 | if (pack_key_ecdsa(response) != 0) |
| 278 | goto out; | 245 | goto out; |
| 279 | break; | 246 | break; |
| 280 | case SK_ED25519: | 247 | case SSH_SK_ED25519: |
| 281 | if (pack_key_ed25519(response) != 0) | 248 | if (pack_key_ed25519(response) != 0) |
| 282 | goto out; | 249 | goto out; |
| 283 | break; | 250 | break; |
| @@ -499,19 +466,21 @@ sig_ed25519(const uint8_t *message, size_t message_len, | |||
| 499 | } | 466 | } |
| 500 | 467 | ||
| 501 | int | 468 | int |
| 502 | sk_sign(int alg, const uint8_t *message, size_t message_len, | 469 | sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, |
| 503 | const char *application, | 470 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
| 504 | const uint8_t *key_handle, size_t key_handle_len, | 471 | uint8_t flags, const char *pin, struct sk_option **options, |
| 505 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response) | 472 | struct sk_sign_response **sign_response) |
| 506 | { | 473 | { |
| 507 | struct sk_sign_response *response = NULL; | 474 | struct sk_sign_response *response = NULL; |
| 508 | int ret = -1; | 475 | int ret = SSH_SK_ERR_GENERAL; |
| 509 | 476 | ||
| 510 | if (sign_response == NULL) { | 477 | if (sign_response == NULL) { |
| 511 | skdebug(__func__, "sign_response == NULL"); | 478 | skdebug(__func__, "sign_response == NULL"); |
| 512 | goto out; | 479 | goto out; |
| 513 | } | 480 | } |
| 514 | *sign_response = NULL; | 481 | *sign_response = NULL; |
| 482 | if (check_options(options) != 0) | ||
| 483 | goto out; /* error already logged */ | ||
| 515 | if ((response = calloc(1, sizeof(*response))) == NULL) { | 484 | if ((response = calloc(1, sizeof(*response))) == NULL) { |
| 516 | skdebug(__func__, "calloc response failed"); | 485 | skdebug(__func__, "calloc response failed"); |
| 517 | goto out; | 486 | goto out; |
| @@ -519,13 +488,13 @@ sk_sign(int alg, const uint8_t *message, size_t message_len, | |||
| 519 | response->flags = flags; | 488 | response->flags = flags; |
| 520 | response->counter = 0x12345678; | 489 | response->counter = 0x12345678; |
| 521 | switch(alg) { | 490 | switch(alg) { |
| 522 | case SK_ECDSA: | 491 | case SSH_SK_ECDSA: |
| 523 | if (sig_ecdsa(message, message_len, application, | 492 | if (sig_ecdsa(message, message_len, application, |
| 524 | response->counter, flags, key_handle, key_handle_len, | 493 | response->counter, flags, key_handle, key_handle_len, |
| 525 | response) != 0) | 494 | response) != 0) |
| 526 | goto out; | 495 | goto out; |
| 527 | break; | 496 | break; |
| 528 | case SK_ED25519: | 497 | case SSH_SK_ED25519: |
| 529 | if (sig_ed25519(message, message_len, application, | 498 | if (sig_ed25519(message, message_len, application, |
| 530 | response->counter, flags, key_handle, key_handle_len, | 499 | response->counter, flags, key_handle, key_handle_len, |
| 531 | response) != 0) | 500 | response) != 0) |
| @@ -548,7 +517,7 @@ sk_sign(int alg, const uint8_t *message, size_t message_len, | |||
| 548 | } | 517 | } |
| 549 | 518 | ||
| 550 | int | 519 | int |
| 551 | sk_load_resident_keys(const char *pin, | 520 | sk_load_resident_keys(const char *pin, struct sk_option **options, |
| 552 | struct sk_resident_key ***rks, size_t *nrks) | 521 | struct sk_resident_key ***rks, size_t *nrks) |
| 553 | { | 522 | { |
| 554 | return SSH_SK_ERR_UNSUPPORTED; | 523 | return SSH_SK_ERR_UNSUPPORTED; |