From c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 30 Dec 2019 09:23:28 +0000 Subject: upstream: SK API and sk-helper error/PIN passing Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71 --- ssh-sk.h | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'ssh-sk.h') diff --git a/ssh-sk.h b/ssh-sk.h index 1afe839db..348759a98 100644 --- a/ssh-sk.h +++ b/ssh-sk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.7 2019/12/30 09:21:16 djm Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.8 2019/12/30 09:23:28 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -21,6 +21,15 @@ struct sshbuf; struct sshkey; +/* Version of protocol expected from ssh-sk-helper */ +#define SSH_SK_HELPER_VERSION 3 + +/* ssh-sk-helper messages */ +#define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ +#define SSH_SK_HELPER_SIGN 1 +#define SSH_SK_HELPER_ENROLL 2 +#define SSH_SK_HELPER_LOAD_RESIDENT 3 + /* * Enroll (generate) a new security-key hosted private key of given type * via the specified provider middleware. @@ -32,8 +41,8 @@ struct sshkey; * information is placed there. */ int sshsk_enroll(int type, const char *provider_path, const char *application, - uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, - struct sshbuf *attest); + uint8_t flags, const char *pin, struct sshbuf *challenge_buf, + struct sshkey **keyp, struct sshbuf *attest); /* * Calculate an ECDSA_SK or ED25519_SK signature using the specified key @@ -43,7 +52,7 @@ int sshsk_enroll(int type, const char *provider_path, const char *application, */ int sshsk_sign(const char *provider_path, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - u_int compat); + u_int compat, const char *pin); /* * Enumerates and loads all SSH-compatible resident keys from a security -- cgit v1.2.3