upstream: U2F/FIDO middleware interface

Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:16:20 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:09 +1100
commit: ed3467c1e16b7396ff7fcf12d2769261512935ec (patch)
tree: b70d41447c71e9b9be17361a305298692f32c6d4 /sk-api.h
parent: 02bb0768a937e50bbb236efc2bbdddb1991b1c85 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/sk-api.h b/sk-api.h
new file mode 100644
index 000000000..1de733425
--- /dev/null
+++ b/sk-api.h
@@ -0,0 +1,63 @@
+/* $OpenBSD: sk-api.h,v 1.1 2019/10/31 21:16:20 djm Exp $ */
+/*
+ * Copyright (c) 2019 Google LLC
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _SK_API_H
+#define _SK_API_H 1
+#include <stddef.h>
+#include <stdint.h>
+/* Flags */
+#define SSH_SK_USER_PRESENCE_REQD       0x01
+struct sk_enroll_response {
+        uint8_t *public_key;
+        size_t public_key_len;
+        uint8_t *key_handle;
+        size_t key_handle_len;
+        uint8_t *signature;
+        size_t signature_len;
+        uint8_t *attestation_cert;
+        size_t attestation_cert_len;
+};
+struct sk_sign_response {
+        uint8_t flags;
+        uint32_t counter;
+        uint8_t *sig_r;
+        size_t sig_r_len;
+        uint8_t *sig_s;
+        size_t sig_s_len;
+};
+#define SSH_SK_VERSION_MAJOR            0x00010000 /* current API version */
+#define SSH_SK_VERSION_MAJOR_MASK       0xffff0000
+/* Return the version of the middleware API */
+uint32_t sk_api_version(void);
+/* Enroll a U2F key (private key generation) */
+int sk_enroll(const uint8_t *challenge, size_t challenge_len,
+    const char *application, uint8_t flags,
+    struct sk_enroll_response **enroll_response);
+/* Sign a challenge */
+int sk_sign(const uint8_t *message, size_t message_len,
+    const char *application, const uint8_t *key_handle, size_t key_handle_len,
+    uint8_t flags, struct sk_sign_response **sign_response);
+#endif /* _SK_API_H */
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:16:20 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:09 +1100
commit	ed3467c1e16b7396ff7fcf12d2769261512935ec (patch)
tree	b70d41447c71e9b9be17361a305298692f32c6d4 /sk-api.h
parent	02bb0768a937e50bbb236efc2bbdddb1991b1c85 (diff)

diff --git a/sk-api.h b/sk-api.h new file mode 100644 index 000000000..1de733425 --- /dev/null +++ b/sk-api.h
@@ -0,0 +1,63 @@
	1	/* $OpenBSD: sk-api.h,v 1.1 2019/10/31 21:16:20 djm Exp $ */
	2	/*
	3	* Copyright (c) 2019 Google LLC
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#ifndef _SK_API_H
	19	#define _SK_API_H 1
	20
	21	#include <stddef.h>
	22	#include <stdint.h>
	23
	24	/* Flags */
	25	#define SSH_SK_USER_PRESENCE_REQD 0x01
	26
	27	struct sk_enroll_response {
	28	uint8_t *public_key;
	29	size_t public_key_len;
	30	uint8_t *key_handle;
	31	size_t key_handle_len;
	32	uint8_t *signature;
	33	size_t signature_len;
	34	uint8_t *attestation_cert;
	35	size_t attestation_cert_len;
	36	};
	37
	38	struct sk_sign_response {
	39	uint8_t flags;
	40	uint32_t counter;
	41	uint8_t *sig_r;
	42	size_t sig_r_len;
	43	uint8_t *sig_s;
	44	size_t sig_s_len;
	45	};
	46
	47	#define SSH_SK_VERSION_MAJOR 0x00010000 /* current API version */
	48	#define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
	49
	50	/* Return the version of the middleware API */
	51	uint32_t sk_api_version(void);
	52
	53	/* Enroll a U2F key (private key generation) */
	54	int sk_enroll(const uint8_t *challenge, size_t challenge_len,
	55	const char *application, uint8_t flags,
	56	struct sk_enroll_response **enroll_response);
	57
	58	/* Sign a challenge */
	59	int sk_sign(const uint8_t *message, size_t message_len,
	60	const char application, const uint8_t key_handle, size_t key_handle_len,
	61	uint8_t flags, struct sk_sign_response **sign_response);
	62
	63	#endif /* _SK_API_H */