summaryrefslogtreecommitdiff
path: root/ssh-sk.h
Commit message (Collapse)AuthorAgeFilesLines
* upstream: When downloading resident keys from a FIDO token, passdjm@openbsd.org2021-10-281-2/+12
| | | | | | | | | | | | | | | back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. feedback Pedro Martelletto; ok markus NB. increments SSH_SK_VERSION_MAJOR OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3
* upstream: pass the log-on-stderr flag and log level through todjm@openbsd.org2020-01-211-2/+2
| | | | | | ssh-sk-helper, making debugging a bit easier. ok markus@ OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
* upstream: Extends the SK API to accept a set of key/value optionsdjm@openbsd.org2020-01-061-6/+8
| | | | | | | | | | | | | | | | | | | | for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
* upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org2019-12-301-4/+13
| | | | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
* upstream: resident keys support in SK APIdjm@openbsd.org2019-12-301-1/+10
| | | | | | | | | | | | Adds a sk_load_resident_keys() function to the security key API that accepts a security key provider and a PIN and returns a list of keys. Implement support for this in the usbhid middleware. feedback and ok markus@ OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
* upstream: use ssh-sk-helper for all security key signing operationsdjm@openbsd.org2019-12-141-5/+2
| | | | | | | | | | | This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
* upstream: implement sshsk_ed25519_assemble(); ok djmmarkus@openbsd.org2019-11-131-4/+4
| | | | OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
* upstream: implement sshsk_ed25519_inner_sig(); ok djmmarkus@openbsd.org2019-11-131-2/+2
| | | | OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
* upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djmmarkus@openbsd.org2019-11-131-4/+4
| | | | OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
* upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org2019-11-011-1/+4
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
* upstream: U2F/FIDO middleware interfacedjm@openbsd.org2019-11-011-0/+49
Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
View Lorry Controller Status