summaryrefslogtreecommitdiff
path: root/ssh-sk-helper.c
AgeCommit message (Collapse)Author
2020-01-26upstream: improve the error message for u2f enrollment errors bydjm@openbsd.org
making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@ OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
2020-01-21upstream: pass the log-on-stderr flag and log level through todjm@openbsd.org
ssh-sk-helper, making debugging a bit easier. ok markus@ OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
2020-01-06upstream: Extends the SK API to accept a set of key/value optionsdjm@openbsd.org
for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
2019-12-30upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
2019-12-30upstream: implement loading of resident keys in ssh-sk-helperdjm@openbsd.org
feedback and ok markus@ OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
2019-12-14fixupDamien Miller
2019-12-14upstream: perform security key enrollment via ssh-sk-helper too.djm@openbsd.org
This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access; feedback & ok markus@ OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
2019-11-13upstream: enable ed25519 support; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
2019-11-01autoconf pieces for U2F supportDamien Miller
Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
2019-11-01upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org
feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb