diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-06 03:00:46 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-06 03:12:46 +0100 |
| commit | c312ca077cd2a6c15545cd6b4d34ee2f69289174 (patch) | |
| tree | b8dd974c55dd0de351dfcbfc4f33fddb935a1c12 /sk-api.h | |
| parent | upstream: fix CanonicalizeHostname, broken by rev 1.507 (diff) | |
| download | openssh-c312ca077cd2a6c15545cd6b4d34ee2f69289174.tar.xz openssh-c312ca077cd2a6c15545cd6b4d34ee2f69289174.zip | |
upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.
At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
Diffstat (limited to 'sk-api.h')
| -rw-r--r-- | sk-api.h | 23 |
1 files changed, 15 insertions, 8 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sk-api.h,v 1.6 2019/12/30 09:24:45 djm Exp $ */ +/* $OpenBSD: sk-api.h,v 1.7 2020/01/06 02:00:46 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -58,30 +58,37 @@ struct sk_sign_response { }; struct sk_resident_key { - uint8_t alg; + uint32_t alg; size_t slot; char *application; struct sk_enroll_response key; }; -#define SSH_SK_VERSION_MAJOR 0x00030000 /* current API version */ +struct sk_option { + char *name; + char *value; + uint8_t required; +}; + +#define SSH_SK_VERSION_MAJOR 0x00040000 /* current API version */ #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 /* Return the version of the middleware API */ uint32_t sk_api_version(void); /* Enroll a U2F key (private key generation) */ -int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, +int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, const char *application, uint8_t flags, const char *pin, - struct sk_enroll_response **enroll_response); + struct sk_option **options, struct sk_enroll_response **enroll_response); /* Sign a challenge */ -int sk_sign(int alg, const uint8_t *message, size_t message_len, +int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, const char *pin, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, struct sk_option **options, + struct sk_sign_response **sign_response); /* Enumerate all resident keys */ -int sk_load_resident_keys(const char *pin, +int sk_load_resident_keys(const char *pin, struct sk_option **options, struct sk_resident_key ***rks, size_t *nrks); #endif /* _SK_API_H */ |