upstream: SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
author: djm@openbsd.org <djm@openbsd.org> 2019-12-30 09:23:28 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-30 20:59:33 +1100
commit: c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch)
tree: 71f801c4734b81311ec04f8bba13376c0d6591b0 /sk-usbhid.c
parent: 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c
index fa4424483..54ce0bddf 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -54,7 +54,7 @@
        } while (0)
 #endif
-#define SK_VERSION_MAJOR        0x00020000 /* current API version */
+#define SK_VERSION_MAJOR        0x00030000 /* current API version */
 /* Flags */
 #define SK_USER_PRESENCE_REQD           0x01
@@ -105,13 +105,13 @@ uint32_t sk_api_version(void);
 /* Enroll a U2F key (private key generation) */
 int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
-    const char *application, uint8_t flags,
+    const char *application, uint8_t flags, const char *pin,
    struct sk_enroll_response **enroll_response);
 /* Sign a challenge */
 int sk_sign(int alg, const uint8_t *message, size_t message_len,
    const char *application, const uint8_t *key_handle, size_t key_handle_len,
-    uint8_t flags, struct sk_sign_response **sign_response);
+    uint8_t flags, const char *pin, struct sk_sign_response **sign_response);
 /* Load resident keys */
 int sk_load_resident_keys(const char *pin,
@@ -414,7 +414,7 @@ pack_public_key(int alg, const fido_cred_t *cred,
 int
 sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
-    const char *application, uint8_t flags,
+    const char *application, uint8_t flags, const char *pin,
    struct sk_enroll_response **enroll_response)
 {
        fido_cred_t *cred = NULL;
@@ -652,7 +652,7 @@ int
 sk_sign(int alg, const uint8_t *message, size_t message_len,
    const char *application,
    const uint8_t *key_handle, size_t key_handle_len,
-    uint8_t flags, struct sk_sign_response **sign_response)
+    uint8_t flags, const char *pin, struct sk_sign_response **sign_response)
 {
        fido_assert_t *assert = NULL;
        fido_dev_t *dev = NULL;
author	djm@openbsd.org <djm@openbsd.org>	2019-12-30 09:23:28 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-30 20:59:33 +1100
commit	c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch)
tree	71f801c4734b81311ec04f8bba13376c0d6591b0 /sk-usbhid.c
parent	79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff)

diff --git a/sk-usbhid.c b/sk-usbhid.c index fa4424483..54ce0bddf 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c
@@ -54,7 +54,7 @@
54	} while (0)	54	} while (0)
55	#endif	55	#endif
56		56
57	#define SK_VERSION_MAJOR 0x00020000 /* current API version */	57	#define SK_VERSION_MAJOR 0x00030000 /* current API version */
58		58
59	/* Flags */	59	/* Flags */
60	#define SK_USER_PRESENCE_REQD 0x01	60	#define SK_USER_PRESENCE_REQD 0x01
@@ -105,13 +105,13 @@ uint32_t sk_api_version(void);
105		105
106	/* Enroll a U2F key (private key generation) */	106	/* Enroll a U2F key (private key generation) */
107	int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,	107	int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
108	const char *application, uint8_t flags,	108	const char application, uint8_t flags, const char pin,
109	struct sk_enroll_response **enroll_response);	109	struct sk_enroll_response **enroll_response);
110		110
111	/* Sign a challenge */	111	/* Sign a challenge */
112	int sk_sign(int alg, const uint8_t *message, size_t message_len,	112	int sk_sign(int alg, const uint8_t *message, size_t message_len,
113	const char application, const uint8_t key_handle, size_t key_handle_len,	113	const char application, const uint8_t key_handle, size_t key_handle_len,
114	uint8_t flags, struct sk_sign_response **sign_response);	114	uint8_t flags, const char pin, struct sk_sign_response *sign_response);
115		115
116	/* Load resident keys */	116	/* Load resident keys */
117	int sk_load_resident_keys(const char *pin,	117	int sk_load_resident_keys(const char *pin,
@@ -414,7 +414,7 @@ pack_public_key(int alg, const fido_cred_t *cred,
414		414
415	int	415	int
416	sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,	416	sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
417	const char *application, uint8_t flags,	417	const char application, uint8_t flags, const char pin,
418	struct sk_enroll_response **enroll_response)	418	struct sk_enroll_response **enroll_response)
419	{	419	{
420	fido_cred_t *cred = NULL;	420	fido_cred_t *cred = NULL;
@@ -652,7 +652,7 @@ int
652	sk_sign(int alg, const uint8_t *message, size_t message_len,	652	sk_sign(int alg, const uint8_t *message, size_t message_len,
653	const char *application,	653	const char *application,
654	const uint8_t *key_handle, size_t key_handle_len,	654	const uint8_t *key_handle, size_t key_handle_len,
655	uint8_t flags, struct sk_sign_response **sign_response)	655	uint8_t flags, const char pin, struct sk_sign_response *sign_response)
656	{	656	{
657	fido_assert_t *assert = NULL;	657	fido_assert_t *assert = NULL;
658	fido_dev_t *dev = NULL;	658	fido_dev_t *dev = NULL;