diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-10-31 22:15:14 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-10-31 23:46:08 +0100 |
commit | 02bb0768a937e50bbb236efc2bbdddb1991b1c85 (patch) | |
tree | d0a182540b8034345b20a49a09cbf90b234cad1c /sshkey.h | |
parent | upstream: Protocol documentation for U2F/FIDO keys in OpenSSH (diff) | |
download | openssh-02bb0768a937e50bbb236efc2bbdddb1991b1c85.tar.xz openssh-02bb0768a937e50bbb236efc2bbdddb1991b1c85.zip |
upstream: Initial infrastructure for U2F/FIDO support
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
Diffstat (limited to 'sshkey.h')
-rw-r--r-- | sshkey.h | 19 |
1 files changed, 18 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.35 2019/10/31 21:15:14 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -65,6 +65,8 @@ enum sshkey_types { KEY_ED25519_CERT, KEY_XMSS, KEY_XMSS_CERT, + KEY_ECDSA_SK, + KEY_ECDSA_SK_CERT, KEY_UNSPEC }; @@ -118,18 +120,30 @@ struct sshkey_cert { struct sshkey { int type; int flags; + /* KEY_RSA */ RSA *rsa; + /* KEY_DSA */ DSA *dsa; + /* KEY_ECDSA and KEY_ECDSA_SK */ int ecdsa_nid; /* NID of curve */ EC_KEY *ecdsa; + /* KEY_ED25519 */ u_char *ed25519_sk; u_char *ed25519_pk; + /* KEY_XMSS */ char *xmss_name; char *xmss_filename; /* for state file updates */ void *xmss_state; /* depends on xmss_name, opaque */ u_char *xmss_sk; u_char *xmss_pk; + /* KEY_ECDSA_SK */ + char *sk_application; + uint8_t sk_flags; + struct sshbuf *sk_key_handle; + struct sshbuf *sk_reserved; + /* Certificates */ struct sshkey_cert *cert; + /* Private key shielding */ u_char *shielded_private; size_t shielded_len; u_char *shield_prekey; @@ -268,6 +282,9 @@ int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, int ssh_ecdsa_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); +int ssh_ecdsa_sk_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_ed25519_verify(const struct sshkey *key, |