From 9b8ad93824c682ce841f53f3b5762cef4e7cc4dc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 27 Aug 2020 01:06:18 +0000 Subject: upstream: support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15 --- monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 0107a7eba..7c3e6aafe 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.212 2020/07/07 02:47:21 deraadt Exp $ */ +/* $OpenBSD: monitor.c,v 1.213 2020/08/27 01:06:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -679,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, - options.sk_provider, compat)) != 0) + options.sk_provider, NULL, compat)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && -- cgit v1.2.3