diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-09-09 03:08:01 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-09-09 13:11:34 +1000 |
| commit | c76773524179cb654ff838dd43ba1ddb155bafaa (patch) | |
| tree | 0e3079b760a58a670a5a5bbdca0e8eb184e34173 /sk-api.h | |
| parent | c1c44eeecddf093a7983bd91e70b446de789b363 (diff) | |
upstream: when writing an attestation blob for a FIDO key, record all
the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.
spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@
OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
Diffstat (limited to 'sk-api.h')
| -rw-r--r-- | sk-api.h | 6 |
1 files changed, 4 insertions, 2 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sk-api.h,v 1.10 2020/08/27 01:08:19 djm Exp $ */ | 1 | /* $OpenBSD: sk-api.h,v 1.11 2020/09/09 03:08:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
| 4 | * | 4 | * |
| @@ -47,6 +47,8 @@ struct sk_enroll_response { | |||
| 47 | size_t signature_len; | 47 | size_t signature_len; |
| 48 | uint8_t *attestation_cert; | 48 | uint8_t *attestation_cert; |
| 49 | size_t attestation_cert_len; | 49 | size_t attestation_cert_len; |
| 50 | uint8_t *authdata; | ||
| 51 | size_t authdata_len; | ||
| 50 | }; | 52 | }; |
| 51 | 53 | ||
| 52 | struct sk_sign_response { | 54 | struct sk_sign_response { |
| @@ -72,7 +74,7 @@ struct sk_option { | |||
| 72 | uint8_t required; | 74 | uint8_t required; |
| 73 | }; | 75 | }; |
| 74 | 76 | ||
| 75 | #define SSH_SK_VERSION_MAJOR 0x00060000 /* current API version */ | 77 | #define SSH_SK_VERSION_MAJOR 0x00070000 /* current API version */ |
| 76 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 | 78 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 |
| 77 | 79 | ||
| 78 | /* Return the version of the middleware API */ | 80 | /* Return the version of the middleware API */ |