upstream: basic support for generating FIDO2 resident keys

"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a device-resident key. feedback and ok markus@ OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
author: djm@openbsd.org <djm@openbsd.org> 2019-12-30 10:19:52 +0100
committer: Damien Miller <djm@mindrot.org> 2019-12-30 10:57:58 +0100
commit: 4532bd01d57ee13c3ca881eceac1bf9da96a4d7e (patch)
tree: 8d28ff7b3344eb6db167c609372ad804c05a81fd /PROTOCOL.u2f
parent: upstream: remove single-letter flags for moduli options (diff)
download: openssh-4532bd01d57ee13c3ca881eceac1bf9da96a4d7e.tar.xz
openssh-4532bd01d57ee13c3ca881eceac1bf9da96a4d7e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 61b70d6ef..93601159c 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -235,6 +235,8 @@ The middleware library need only expose a handful of functions:
 
 	/* Flags */
 	#define SSH_SK_USER_PRESENCE_REQD	0x01
+	#define SSH_SK_USER_VERIFICATION_REQD	0x04
+	#define SSH_SK_RESIDENT_KEY		0x20
 
 	/* Algs */
 	#define SSH_SK_ECDSA                   0x00
author	djm@openbsd.org <djm@openbsd.org>	2019-12-30 10:19:52 +0100
committer	Damien Miller <djm@mindrot.org>	2019-12-30 10:57:58 +0100
commit	4532bd01d57ee13c3ca881eceac1bf9da96a4d7e (patch)
tree	8d28ff7b3344eb6db167c609372ad804c05a81fd /PROTOCOL.u2f
parent	upstream: remove single-letter flags for moduli options (diff)
download	openssh-4532bd01d57ee13c3ca881eceac1bf9da96a4d7e.tar.xz openssh-4532bd01d57ee13c3ca881eceac1bf9da96a4d7e.zip