[openssh-commits] [openssh] branch master updated (3e60d18f -> c4b2664b)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Dec 30 21:17:33 AEDT 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 3e60d18f upstream: remove single-letter flags for moduli options
new 4532bd01 upstream: basic support for generating FIDO2 resident keys
new 2fe05fcb upstream: Factor out parsing of struct sk_enroll_response
new 14cea36d upstream: resident keys support in SK API
new 27753a8e upstream: implement loading of resident keys in ssh-sk-helper
new 79fe22d9 upstream: implement loading resident keys in ssh-add
new c54cd189 upstream: SK API and sk-helper error/PIN passing
new d4335967 upstream: improve some error messages; ok markus@
new 43ce9642 upstream: translate and return error codes; retry on bad PIN
new ef65e7db upstream: document SK API changes in PROTOCOL.u2f
new 3093d12f upstream: Remove the -x option currently used for
new c4b2664b refresh depend
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit c4b2664be7ba25e4c233315b25212dec29b727ab
Author: Damien Miller <djm at mindrot.org>
Date: Mon Dec 30 21:04:09 2019 +1100
refresh depend
commit 3093d12ff80927cf45da08d9f262a26680fb14ee
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:49:52 2019 +0000
upstream: Remove the -x option currently used for
FIDO/U2F-specific key flags. Instead these flags may be specified via -O.
ok markus@
OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1
commit ef65e7dbaa8fac3245aa2bfc9f7e09be7cba0d9d
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:25:29 2019 +0000
upstream: document SK API changes in PROTOCOL.u2f
ok markus@
OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186
commit 43ce96427b76c4918e39af654e2fc9ee18d5d478
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:24:45 2019 +0000
upstream: translate and return error codes; retry on bad PIN
Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.
Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.
feedback and ok markus@
OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
commit d433596736a2cd4818f538be11fc94783f5c5236
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:24:03 2019 +0000
upstream: improve some error messages; ok markus@
OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81
commit c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:23:28 2019 +0000
upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
commit 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:22:49 2019 +0000
upstream: implement loading resident keys in ssh-add
"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.
feedback and ok markus@
OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
commit 27753a8e21887d47fe6b5c78a4aed0efe558a850
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:21:59 2019 +0000
upstream: implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
commit 14cea36df397677b8f8568204300ef654114fd76
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:21:16 2019 +0000
upstream: resident keys support in SK API
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.
Implement support for this in the usbhid middleware.
feedback and ok markus@
OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
commit 2fe05fcb4a2695f190b4fcf27770b655586ab349
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:20:36 2019 +0000
upstream: Factor out parsing of struct sk_enroll_response
We'll reuse this for extracting resident keys from a device.
feedback and ok markus@
OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273
commit 4532bd01d57ee13c3ca881eceac1bf9da96a4d7e
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Dec 30 09:19:52 2019 +0000
upstream: basic support for generating FIDO2 resident keys
"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
device-resident key.
feedback and ok markus@
OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
Summary of changes:
.depend | 8 +-
PROTOCOL.u2f | 24 ++++-
sk-api.h | 26 +++++-
sk-usbhid.c | 279 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
ssh-add.c | 68 +++++++++++++-
ssh-keygen.1 | 39 +++++---
ssh-keygen.c | 65 +++++++------
ssh-sk-client.c | 115 +++++++++++++++++++++--
ssh-sk-helper.c | 141 ++++++++++++++++++++++++----
ssh-sk.c | 269 ++++++++++++++++++++++++++++++++++++++++++------------
ssh-sk.h | 26 +++++-
ssherr.c | 4 +-
ssherr.h | 3 +-
sshkey.c | 4 +-
sshkey.h | 9 +-
15 files changed, 908 insertions(+), 172 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list