diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-30 09:23:28 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-30 20:59:33 +1100 |
commit | c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 (patch) | |
tree | 71f801c4734b81311ec04f8bba13376c0d6591b0 /sk-usbhid.c | |
parent | 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef (diff) | |
download | openssh-git-c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0.tar.gz |
upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
Diffstat (limited to 'sk-usbhid.c')
-rw-r--r-- | sk-usbhid.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c index fa442448..54ce0bdd 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -54,7 +54,7 @@ } while (0) #endif -#define SK_VERSION_MAJOR 0x00020000 /* current API version */ +#define SK_VERSION_MAJOR 0x00030000 /* current API version */ /* Flags */ #define SK_USER_PRESENCE_REQD 0x01 @@ -105,13 +105,13 @@ uint32_t sk_api_version(void); /* Enroll a U2F key (private key generation) */ int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, - const char *application, uint8_t flags, + const char *application, uint8_t flags, const char *pin, struct sk_enroll_response **enroll_response); /* Sign a challenge */ int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response); + uint8_t flags, const char *pin, struct sk_sign_response **sign_response); /* Load resident keys */ int sk_load_resident_keys(const char *pin, @@ -414,7 +414,7 @@ pack_public_key(int alg, const fido_cred_t *cred, int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, - const char *application, uint8_t flags, + const char *application, uint8_t flags, const char *pin, struct sk_enroll_response **enroll_response) { fido_cred_t *cred = NULL; @@ -652,7 +652,7 @@ int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, - uint8_t flags, struct sk_sign_response **sign_response) + uint8_t flags, const char *pin, struct sk_sign_response **sign_response) { fido_assert_t *assert = NULL; fido_dev_t *dev = NULL; |