diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-06 03:00:46 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-06 03:12:46 +0100 |
| commit | c312ca077cd2a6c15545cd6b4d34ee2f69289174 (patch) | |
| tree | b8dd974c55dd0de351dfcbfc4f33fddb935a1c12 /ssh-sk.h | |
| parent | upstream: fix CanonicalizeHostname, broken by rev 1.507 (diff) | |
| download | openssh-c312ca077cd2a6c15545cd6b4d34ee2f69289174.tar.xz openssh-c312ca077cd2a6c15545cd6b4d34ee2f69289174.zip | |
upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.
At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
Diffstat (limited to 'ssh-sk.h')
| -rw-r--r-- | ssh-sk.h | 14 |
1 files changed, 8 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.h,v 1.8 2019/12/30 09:23:28 djm Exp $ */ +/* $OpenBSD: ssh-sk.h,v 1.9 2020/01/06 02:00:47 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -20,9 +20,10 @@ struct sshbuf; struct sshkey; +struct sk_option; /* Version of protocol expected from ssh-sk-helper */ -#define SSH_SK_HELPER_VERSION 3 +#define SSH_SK_HELPER_VERSION 4 /* ssh-sk-helper messages */ #define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ @@ -40,8 +41,9 @@ struct sshkey; * If successful and the attest_data buffer is not NULL then attestation * information is placed there. */ -int sshsk_enroll(int type, const char *provider_path, const char *application, - uint8_t flags, const char *pin, struct sshbuf *challenge_buf, +int sshsk_enroll(int type, const char *provider_path, const char *device, + const char *application, const char *userid, uint8_t flags, + const char *pin, struct sshbuf *challenge_buf, struct sshkey **keyp, struct sshbuf *attest); /* @@ -60,8 +62,8 @@ int sshsk_sign(const char *provider_path, struct sshkey *key, * * Returns 0 on success or a ssherr.h error code on failure. */ -int sshsk_load_resident(const char *provider_path, const char *pin, - struct sshkey ***keysp, size_t *nkeysp); +int sshsk_load_resident(const char *provider_path, const char *device, + const char *pin, struct sshkey ***keysp, size_t *nkeysp); #endif /* _SSH_SK_H */ |