diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:23:28 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:59:33 +1100 |
commit | c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch) | |
tree | 71f801c4734b81311ec04f8bba13376c0d6591b0 /sk-usbhid.c | |
parent | 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff) |
upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
Diffstat (limited to 'sk-usbhid.c')
-rw-r--r-- | sk-usbhid.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c index fa4424483..54ce0bddf 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c | |||
@@ -54,7 +54,7 @@ | |||
54 | } while (0) | 54 | } while (0) |
55 | #endif | 55 | #endif |
56 | 56 | ||
57 | #define SK_VERSION_MAJOR 0x00020000 /* current API version */ | 57 | #define SK_VERSION_MAJOR 0x00030000 /* current API version */ |
58 | 58 | ||
59 | /* Flags */ | 59 | /* Flags */ |
60 | #define SK_USER_PRESENCE_REQD 0x01 | 60 | #define SK_USER_PRESENCE_REQD 0x01 |
@@ -105,13 +105,13 @@ uint32_t sk_api_version(void); | |||
105 | 105 | ||
106 | /* Enroll a U2F key (private key generation) */ | 106 | /* Enroll a U2F key (private key generation) */ |
107 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 107 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
108 | const char *application, uint8_t flags, | 108 | const char *application, uint8_t flags, const char *pin, |
109 | struct sk_enroll_response **enroll_response); | 109 | struct sk_enroll_response **enroll_response); |
110 | 110 | ||
111 | /* Sign a challenge */ | 111 | /* Sign a challenge */ |
112 | int sk_sign(int alg, const uint8_t *message, size_t message_len, | 112 | int sk_sign(int alg, const uint8_t *message, size_t message_len, |
113 | const char *application, const uint8_t *key_handle, size_t key_handle_len, | 113 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
114 | uint8_t flags, struct sk_sign_response **sign_response); | 114 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response); |
115 | 115 | ||
116 | /* Load resident keys */ | 116 | /* Load resident keys */ |
117 | int sk_load_resident_keys(const char *pin, | 117 | int sk_load_resident_keys(const char *pin, |
@@ -414,7 +414,7 @@ pack_public_key(int alg, const fido_cred_t *cred, | |||
414 | 414 | ||
415 | int | 415 | int |
416 | sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | 416 | sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
417 | const char *application, uint8_t flags, | 417 | const char *application, uint8_t flags, const char *pin, |
418 | struct sk_enroll_response **enroll_response) | 418 | struct sk_enroll_response **enroll_response) |
419 | { | 419 | { |
420 | fido_cred_t *cred = NULL; | 420 | fido_cred_t *cred = NULL; |
@@ -652,7 +652,7 @@ int | |||
652 | sk_sign(int alg, const uint8_t *message, size_t message_len, | 652 | sk_sign(int alg, const uint8_t *message, size_t message_len, |
653 | const char *application, | 653 | const char *application, |
654 | const uint8_t *key_handle, size_t key_handle_len, | 654 | const uint8_t *key_handle, size_t key_handle_len, |
655 | uint8_t flags, struct sk_sign_response **sign_response) | 655 | uint8_t flags, const char *pin, struct sk_sign_response **sign_response) |
656 | { | 656 | { |
657 | fido_assert_t *assert = NULL; | 657 | fido_assert_t *assert = NULL; |
658 | fido_dev_t *dev = NULL; | 658 | fido_dev_t *dev = NULL; |