upstream: resident keys support in SK API

Adds a sk_load_resident_keys() function to the security key API that accepts a security key provider and a PIN and returns a list of keys. Implement support for this in the usbhid middleware. feedback and ok markus@ OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
author: djm@openbsd.org <djm@openbsd.org> 2019-12-30 09:21:16 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-30 20:58:19 +1100
commit: 14cea36df397677b8f8568204300ef654114fd76 (patch)
tree: 4c9b0bf5108df396f8d9eaff576537e7c9cc50e9 /sk-api.h
parent: 2fe05fcb4a2695f190b4fcf27770b655586ab349 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/sk-api.h b/sk-api.h
index 5947e0ed7..10f1fdb10 100644
--- a/sk-api.h
+++ b/sk-api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-api.h,v 1.3 2019/12/30 09:19:52 djm Exp $ */
+/* $OpenBSD: sk-api.h,v 1.4 2019/12/30 09:21:16 djm Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@@ -52,6 +52,13 @@ struct sk_sign_response {
        size_t sig_s_len;
 };
+struct sk_resident_key {
+        uint8_t alg;
+        size_t slot;
+        char *application;
+        struct sk_enroll_response key;
+};
 #define SSH_SK_VERSION_MAJOR            0x00020000 /* current API version */
 #define SSH_SK_VERSION_MAJOR_MASK       0xffff0000
@@ -68,4 +75,8 @@ int sk_sign(int alg, const uint8_t *message, size_t message_len,
    const char *application, const uint8_t *key_handle, size_t key_handle_len,
    uint8_t flags, struct sk_sign_response **sign_response);
+/* Enumerate all resident keys */
+int sk_load_resident_keys(const char *pin,
+    struct sk_resident_key ***rks, size_t *nrks);
 #endif /* _SK_API_H */
author	djm@openbsd.org <djm@openbsd.org>	2019-12-30 09:21:16 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-30 20:58:19 +1100
commit	14cea36df397677b8f8568204300ef654114fd76 (patch)
tree	4c9b0bf5108df396f8d9eaff576537e7c9cc50e9 /sk-api.h
parent	2fe05fcb4a2695f190b4fcf27770b655586ab349 (diff)