upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc

1 files changed, 3 insertions, 2 deletions

diff --git a/ssh-add.c b/ssh-add.c
index c25b57cc1..fbb2578dd 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.148 2019/12/30 09:22:49 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -549,7 +549,8 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
         char *fp;
 
         pass = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN);
-        if ((r = sshsk_load_resident(skprovider, pass, &keys, &nkeys)) != 0) {
+        if ((r = sshsk_load_resident(skprovider, NULL, pass,
+            &keys, &nkeys)) != 0) {
                 error("Unable to load resident keys: %s", ssh_err(r));
                 return r;
         }