diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:23:28 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:59:33 +1100 |
commit | c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch) | |
tree | 71f801c4734b81311ec04f8bba13376c0d6591b0 /sk-api.h | |
parent | 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff) |
upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
Diffstat (limited to 'sk-api.h')
-rw-r--r-- | sk-api.h | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sk-api.h,v 1.4 2019/12/30 09:21:16 djm Exp $ */ | 1 | /* $OpenBSD: sk-api.h,v 1.5 2019/12/30 09:23:28 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -59,7 +59,7 @@ struct sk_resident_key { | |||
59 | struct sk_enroll_response key; | 59 | struct sk_enroll_response key; |
60 | }; | 60 | }; |
61 | 61 | ||
62 | #define SSH_SK_VERSION_MAJOR 0x00020000 /* current API version */ | 62 | #define SSH_SK_VERSION_MAJOR 0x00030000 /* current API version */ |
63 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 | 63 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 |
64 | 64 | ||
65 | /* Return the version of the middleware API */ | 65 | /* Return the version of the middleware API */ |
@@ -67,13 +67,13 @@ uint32_t sk_api_version(void); | |||
67 | 67 | ||
68 | /* Enroll a U2F key (private key generation) */ | 68 | /* Enroll a U2F key (private key generation) */ |
69 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 69 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
70 | const char *application, uint8_t flags, | 70 | const char *application, uint8_t flags, const char *pin, |
71 | struct sk_enroll_response **enroll_response); | 71 | struct sk_enroll_response **enroll_response); |
72 | 72 | ||
73 | /* Sign a challenge */ | 73 | /* Sign a challenge */ |
74 | int sk_sign(int alg, const uint8_t *message, size_t message_len, | 74 | int sk_sign(int alg, const uint8_t *message, size_t message_len, |
75 | const char *application, const uint8_t *key_handle, size_t key_handle_len, | 75 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
76 | uint8_t flags, struct sk_sign_response **sign_response); | 76 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response); |
77 | 77 | ||
78 | /* Enumerate all resident keys */ | 78 | /* Enumerate all resident keys */ |
79 | int sk_load_resident_keys(const char *pin, | 79 | int sk_load_resident_keys(const char *pin, |