diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-07-20 03:29:14 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-07-20 13:38:47 +1000 |
commit | 9ab929ca2d820520327b41929372bcb9e261534c (patch) | |
tree | 661452ed46950b15c149d4e76930d715d3cb09c5 /sk-api.h | |
parent | 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da (diff) | |
download | openssh-git-9ab929ca2d820520327b41929372bcb9e261534c.tar.gz |
upstream: when enrolling a resident key on a security token, check
if a credential with matching application and user ID strings already exists.
if so, prompt the user for confirmation before overwriting the credential.
patch from Pedro Martelletto via GHPR329
NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
implementations will need to adjust
OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
Diffstat (limited to 'sk-api.h')
-rw-r--r-- | sk-api.h | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sk-api.h,v 1.14 2021/11/02 22:56:40 djm Exp $ */ +/* $OpenBSD: sk-api.h,v 1.15 2022/07/20 03:29:14 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -26,6 +26,7 @@ /* Flags */ #define SSH_SK_USER_PRESENCE_REQD 0x01 #define SSH_SK_USER_VERIFICATION_REQD 0x04 +#define SSH_SK_FORCE_OPERATION 0x10 #define SSH_SK_RESIDENT_KEY 0x20 /* Algs */ @@ -37,6 +38,7 @@ #define SSH_SK_ERR_UNSUPPORTED -2 #define SSH_SK_ERR_PIN_REQUIRED -3 #define SSH_SK_ERR_DEVICE_NOT_FOUND -4 +#define SSH_SK_ERR_CREDENTIAL_EXISTS -5 struct sk_enroll_response { uint8_t flags; @@ -77,7 +79,7 @@ struct sk_option { uint8_t required; }; -#define SSH_SK_VERSION_MAJOR 0x00090000 /* current API version */ +#define SSH_SK_VERSION_MAJOR 0x000a0000 /* current API version */ #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 /* Return the version of the middleware API */ |