diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:23:28 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:59:33 +1100 |
commit | c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch) | |
tree | 71f801c4734b81311ec04f8bba13376c0d6591b0 /ssh-sk.h | |
parent | 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff) |
upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
Diffstat (limited to 'ssh-sk.h')
-rw-r--r-- | ssh-sk.h | 17 |
1 files changed, 13 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.h,v 1.7 2019/12/30 09:21:16 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.h,v 1.8 2019/12/30 09:23:28 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -21,6 +21,15 @@ | |||
21 | struct sshbuf; | 21 | struct sshbuf; |
22 | struct sshkey; | 22 | struct sshkey; |
23 | 23 | ||
24 | /* Version of protocol expected from ssh-sk-helper */ | ||
25 | #define SSH_SK_HELPER_VERSION 3 | ||
26 | |||
27 | /* ssh-sk-helper messages */ | ||
28 | #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ | ||
29 | #define SSH_SK_HELPER_SIGN 1 | ||
30 | #define SSH_SK_HELPER_ENROLL 2 | ||
31 | #define SSH_SK_HELPER_LOAD_RESIDENT 3 | ||
32 | |||
24 | /* | 33 | /* |
25 | * Enroll (generate) a new security-key hosted private key of given type | 34 | * Enroll (generate) a new security-key hosted private key of given type |
26 | * via the specified provider middleware. | 35 | * via the specified provider middleware. |
@@ -32,8 +41,8 @@ struct sshkey; | |||
32 | * information is placed there. | 41 | * information is placed there. |
33 | */ | 42 | */ |
34 | int sshsk_enroll(int type, const char *provider_path, const char *application, | 43 | int sshsk_enroll(int type, const char *provider_path, const char *application, |
35 | uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, | 44 | uint8_t flags, const char *pin, struct sshbuf *challenge_buf, |
36 | struct sshbuf *attest); | 45 | struct sshkey **keyp, struct sshbuf *attest); |
37 | 46 | ||
38 | /* | 47 | /* |
39 | * Calculate an ECDSA_SK or ED25519_SK signature using the specified key | 48 | * Calculate an ECDSA_SK or ED25519_SK signature using the specified key |
@@ -43,7 +52,7 @@ int sshsk_enroll(int type, const char *provider_path, const char *application, | |||
43 | */ | 52 | */ |
44 | int sshsk_sign(const char *provider_path, struct sshkey *key, | 53 | int sshsk_sign(const char *provider_path, struct sshkey *key, |
45 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | 54 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
46 | u_int compat); | 55 | u_int compat, const char *pin); |
47 | 56 | ||
48 | /* | 57 | /* |
49 | * Enumerates and loads all SSH-compatible resident keys from a security | 58 | * Enumerates and loads all SSH-compatible resident keys from a security |