[openssh-commits] [openssh] 02/02: upstream: implement recent SK API change to support resident keys
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Jan 3 13:47:44 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 680eb7749a39d0e4d046e66cac4e51e8e3640b75
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Jan 3 02:46:19 2020 +0000
upstream: implement recent SK API change to support resident keys
and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@
OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
---
regress/misc/sk-dummy/sk-dummy.c | 33 ++++++++++++++++++++++++++++-----
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
index 40a4ed2c..e8052410 100644
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -44,7 +44,7 @@
} while (0)
#endif
-#define SK_VERSION_MAJOR 0x00020000 /* current API version */
+#define SK_VERSION_MAJOR 0x00030000 /* current API version */
/* Flags */
#define SK_USER_PRESENCE_REQD 0x01
@@ -53,6 +53,11 @@
#define SK_ECDSA 0x00
#define SK_ED25519 0x01
+/* Error codes */
+#define SSH_SK_ERR_GENERAL -1
+#define SSH_SK_ERR_UNSUPPORTED -2
+#define SSH_SK_ERR_PIN_REQUIRED -3
+
struct sk_enroll_response {
uint8_t *public_key;
size_t public_key_len;
@@ -73,18 +78,29 @@ struct sk_sign_response {
size_t sig_s_len;
};
+struct sk_resident_key {
+ uint8_t alg;
+ size_t slot;
+ char *application;
+ struct sk_enroll_response key;
+};
+
/* Return the version of the middleware API */
uint32_t sk_api_version(void);
/* Enroll a U2F key (private key generation) */
int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
- const char *application, uint8_t flags,
+ const char *application, uint8_t flags, const char *pin,
struct sk_enroll_response **enroll_response);
/* Sign a challenge */
int sk_sign(int alg, const uint8_t *message, size_t message_len,
const char *application, const uint8_t *key_handle, size_t key_handle_len,
- uint8_t flags, struct sk_sign_response **sign_response);
+ uint8_t flags, const char *pin, struct sk_sign_response **sign_response);
+
+/* Enumerate all resident keys */
+int sk_load_resident_keys(const char *pin,
+ struct sk_resident_key ***rks, size_t *nrks);
static void skdebug(const char *func, const char *fmt, ...)
__attribute__((__format__ (printf, 2, 3)));
@@ -239,7 +255,7 @@ pack_key_ed25519(struct sk_enroll_response *response)
int
sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
- const char *application, uint8_t flags,
+ const char *application, uint8_t flags, const char *pin,
struct sk_enroll_response **enroll_response)
{
struct sk_enroll_response *response = NULL;
@@ -486,7 +502,7 @@ int
sk_sign(int alg, const uint8_t *message, size_t message_len,
const char *application,
const uint8_t *key_handle, size_t key_handle_len,
- uint8_t flags, struct sk_sign_response **sign_response)
+ uint8_t flags, const char *pin, struct sk_sign_response **sign_response)
{
struct sk_sign_response *response = NULL;
int ret = -1;
@@ -530,3 +546,10 @@ sk_sign(int alg, const uint8_t *message, size_t message_len,
}
return ret;
}
+
+int
+sk_load_resident_keys(const char *pin,
+ struct sk_resident_key ***rks, size_t *nrks)
+{
+ return SSH_SK_ERR_UNSUPPORTED;
+}
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list