diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-06 02:00:46 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-06 13:12:46 +1100 |
commit | c312ca077cd2a6c15545cd6b4d34ee2f69289174 (patch) | |
tree | b8dd974c55dd0de351dfcbfc4f33fddb935a1c12 /ssh-sk.h | |
parent | 2ab335712d084d9ccaf3f53afc3fa9535329da87 (diff) |
upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.
At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
Diffstat (limited to 'ssh-sk.h')
-rw-r--r-- | ssh-sk.h | 14 |
1 files changed, 8 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.h,v 1.8 2019/12/30 09:23:28 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.h,v 1.9 2020/01/06 02:00:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -20,9 +20,10 @@ | |||
20 | 20 | ||
21 | struct sshbuf; | 21 | struct sshbuf; |
22 | struct sshkey; | 22 | struct sshkey; |
23 | struct sk_option; | ||
23 | 24 | ||
24 | /* Version of protocol expected from ssh-sk-helper */ | 25 | /* Version of protocol expected from ssh-sk-helper */ |
25 | #define SSH_SK_HELPER_VERSION 3 | 26 | #define SSH_SK_HELPER_VERSION 4 |
26 | 27 | ||
27 | /* ssh-sk-helper messages */ | 28 | /* ssh-sk-helper messages */ |
28 | #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ | 29 | #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ |
@@ -40,8 +41,9 @@ struct sshkey; | |||
40 | * If successful and the attest_data buffer is not NULL then attestation | 41 | * If successful and the attest_data buffer is not NULL then attestation |
41 | * information is placed there. | 42 | * information is placed there. |
42 | */ | 43 | */ |
43 | int sshsk_enroll(int type, const char *provider_path, const char *application, | 44 | int sshsk_enroll(int type, const char *provider_path, const char *device, |
44 | uint8_t flags, const char *pin, struct sshbuf *challenge_buf, | 45 | const char *application, const char *userid, uint8_t flags, |
46 | const char *pin, struct sshbuf *challenge_buf, | ||
45 | struct sshkey **keyp, struct sshbuf *attest); | 47 | struct sshkey **keyp, struct sshbuf *attest); |
46 | 48 | ||
47 | /* | 49 | /* |
@@ -60,8 +62,8 @@ int sshsk_sign(const char *provider_path, struct sshkey *key, | |||
60 | * | 62 | * |
61 | * Returns 0 on success or a ssherr.h error code on failure. | 63 | * Returns 0 on success or a ssherr.h error code on failure. |
62 | */ | 64 | */ |
63 | int sshsk_load_resident(const char *provider_path, const char *pin, | 65 | int sshsk_load_resident(const char *provider_path, const char *device, |
64 | struct sshkey ***keysp, size_t *nkeysp); | 66 | const char *pin, struct sshkey ***keysp, size_t *nkeysp); |
65 | 67 | ||
66 | #endif /* _SSH_SK_H */ | 68 | #endif /* _SSH_SK_H */ |
67 | 69 | ||