diff options
Diffstat (limited to 'ssh-sk.h')
-rw-r--r-- | ssh-sk.h | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/ssh-sk.h b/ssh-sk.h new file mode 100644 index 000000000..0f566bbc3 --- /dev/null +++ b/ssh-sk.h | |||
@@ -0,0 +1,69 @@ | |||
1 | /* $OpenBSD: ssh-sk.h,v 1.10 2020/01/10 23:43:26 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2019 Google LLC | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #ifndef _SSH_SK_H | ||
19 | #define _SSH_SK_H 1 | ||
20 | |||
21 | struct sshbuf; | ||
22 | struct sshkey; | ||
23 | struct sk_option; | ||
24 | |||
25 | /* Version of protocol expected from ssh-sk-helper */ | ||
26 | #define SSH_SK_HELPER_VERSION 5 | ||
27 | |||
28 | /* ssh-sk-helper messages */ | ||
29 | #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ | ||
30 | #define SSH_SK_HELPER_SIGN 1 | ||
31 | #define SSH_SK_HELPER_ENROLL 2 | ||
32 | #define SSH_SK_HELPER_LOAD_RESIDENT 3 | ||
33 | |||
34 | /* | ||
35 | * Enroll (generate) a new security-key hosted private key of given type | ||
36 | * via the specified provider middleware. | ||
37 | * If challenge_buf is NULL then a random 256 bit challenge will be used. | ||
38 | * | ||
39 | * Returns 0 on success or a ssherr.h error code on failure. | ||
40 | * | ||
41 | * If successful and the attest_data buffer is not NULL then attestation | ||
42 | * information is placed there. | ||
43 | */ | ||
44 | int sshsk_enroll(int type, const char *provider_path, const char *device, | ||
45 | const char *application, const char *userid, uint8_t flags, | ||
46 | const char *pin, struct sshbuf *challenge_buf, | ||
47 | struct sshkey **keyp, struct sshbuf *attest); | ||
48 | |||
49 | /* | ||
50 | * Calculate an ECDSA_SK or ED25519_SK signature using the specified key | ||
51 | * and provider middleware. | ||
52 | * | ||
53 | * Returns 0 on success or a ssherr.h error code on failure. | ||
54 | */ | ||
55 | int sshsk_sign(const char *provider_path, struct sshkey *key, | ||
56 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | ||
57 | u_int compat, const char *pin); | ||
58 | |||
59 | /* | ||
60 | * Enumerates and loads all SSH-compatible resident keys from a security | ||
61 | * key. | ||
62 | * | ||
63 | * Returns 0 on success or a ssherr.h error code on failure. | ||
64 | */ | ||
65 | int sshsk_load_resident(const char *provider_path, const char *device, | ||
66 | const char *pin, struct sshkey ***keysp, size_t *nkeysp); | ||
67 | |||
68 | #endif /* _SSH_SK_H */ | ||
69 | |||