upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
author: djm@openbsd.org <djm@openbsd.org> 2020-01-06 02:00:46 +0000
committer: Damien Miller <djm@mindrot.org> 2020-01-06 13:12:46 +1100
commit: c312ca077cd2a6c15545cd6b4d34ee2f69289174 (patch)
tree: b8dd974c55dd0de351dfcbfc4f33fddb935a1c12 /sk-api.h
parent: 2ab335712d084d9ccaf3f53afc3fa9535329da87 (diff)
1 files changed, 15 insertions, 8 deletions
diff --git a/sk-api.h b/sk-api.h
index dc786d556..93d6a1229 100644
--- a/sk-api.h
+++ b/sk-api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-api.h,v 1.6 2019/12/30 09:24:45 djm Exp $ */
+/* $OpenBSD: sk-api.h,v 1.7 2020/01/06 02:00:46 djm Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@@ -58,30 +58,37 @@ struct sk_sign_response {
 };
 struct sk_resident_key {
-        uint8_t alg;
+        uint32_t alg;
        size_t slot;
        char *application;
        struct sk_enroll_response key;
 };
-#define SSH_SK_VERSION_MAJOR            0x00030000 /* current API version */
+struct sk_option {
+        char *name;
+        char *value;
+        uint8_t required;
+};
+#define SSH_SK_VERSION_MAJOR            0x00040000 /* current API version */
 #define SSH_SK_VERSION_MAJOR_MASK       0xffff0000
 /* Return the version of the middleware API */
 uint32_t sk_api_version(void);
 /* Enroll a U2F key (private key generation) */
-int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
+int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
    const char *application, uint8_t flags, const char *pin,
-    struct sk_enroll_response **enroll_response);
+    struct sk_option **options, struct sk_enroll_response **enroll_response);
 /* Sign a challenge */
-int sk_sign(int alg, const uint8_t *message, size_t message_len,
+int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
    const char *application, const uint8_t *key_handle, size_t key_handle_len,
-    uint8_t flags, const char *pin, struct sk_sign_response **sign_response);
+    uint8_t flags, const char *pin, struct sk_option **options,
+    struct sk_sign_response **sign_response);
 /* Enumerate all resident keys */
-int sk_load_resident_keys(const char *pin,
+int sk_load_resident_keys(const char *pin, struct sk_option **options,
    struct sk_resident_key ***rks, size_t *nrks);
 #endif /* _SK_API_H */
author	djm@openbsd.org <djm@openbsd.org>	2020-01-06 02:00:46 +0000
committer	Damien Miller <djm@mindrot.org>	2020-01-06 13:12:46 +1100
commit	c312ca077cd2a6c15545cd6b4d34ee2f69289174 (patch)
tree	b8dd974c55dd0de351dfcbfc4f33fddb935a1c12 /sk-api.h
parent	2ab335712d084d9ccaf3f53afc3fa9535329da87 (diff)