[BACK]Return to PROTOCOL.u2f CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/PROTOCOL.u2f between version 1.25 and 1.26

version 1.25, 2020/08/31 00:17:41 version 1.26, 2020/09/09 03:08:01
Line 154 
Line 154 
 case, OpenSSH optionally allows retaining the attestation information  case, OpenSSH optionally allows retaining the attestation information
 at the time of key generation. It will take the following format:  at the time of key generation. It will take the following format:
   
           string          "ssh-sk-attest-v01"
           string          attestation certificate
           string          enrollment signature
           string          authenticator data (CBOR encoded)
           uint32          reserved flags
           string          reserved string
   
   A previous version of this format, emitted prior to OpenSSH 8.4 omitted
   the authenticator data.
   
         string          "ssh-sk-attest-v00"          string          "ssh-sk-attest-v00"
         string          attestation certificate          string          attestation certificate
         string          enrollment signature          string          enrollment signature
Line 267 
Line 277 
 loaded middleware libraries to communicate with security keys, but offer  loaded middleware libraries to communicate with security keys, but offer
 support for the common case of USB HID security keys internally.  support for the common case of USB HID security keys internally.
   
 The middleware library need only expose a handful of functions:  The middleware library need only expose a handful of functions and
   numbers listed in sk-api.h. Included in the defined numbers is a
         #define SSH_SK_VERSION_MAJOR            0x00050000 /* API version */  SSH_SK_VERSION_MAJOR that should be incremented for each incompatible
         #define SSH_SK_VERSION_MAJOR_MASK       0xffff0000  
   
         /* Flags */  
         #define SSH_SK_USER_PRESENCE_REQD       0x01  
         #define SSH_SK_USER_VERIFICATION_REQD   0x04  
         #define SSH_SK_RESIDENT_KEY             0x20  
   
         /* Algs */  
         #define SSH_SK_ECDSA                   0x00  
         #define SSH_SK_ED25519                 0x01  
   
         /* Error codes */  
         #define SSH_SK_ERR_GENERAL              -1  
         #define SSH_SK_ERR_UNSUPPORTED          -2  
         #define SSH_SK_ERR_PIN_REQUIRED         -3  
         #define SSH_SK_ERR_DEVICE_NOT_FOUND     -4  
   
         struct sk_enroll_response {  
                 uint8_t *public_key;  
                 size_t public_key_len;  
                 uint8_t *key_handle;  
                 size_t key_handle_len;  
                 uint8_t *signature;  
                 size_t signature_len;  
                 uint8_t *attestation_cert;  
                 size_t attestation_cert_len;  
         };  
   
         struct sk_sign_response {  
                 uint8_t flags;  
                 uint32_t counter;  
                 uint8_t *sig_r;  
                 size_t sig_r_len;  
                 uint8_t *sig_s;  
                 size_t sig_s_len;  
         };  
   
         struct sk_resident_key {  
                 uint32_t alg;  
                 size_t slot;  
                 char *application;  
                 struct sk_enroll_response key;  
         };  
   
         struct sk_option {  
                 char *name;  
                 char *value;  
                 uint8_t important;  
         };  
   
         /* Return the version of the middleware API */  
         uint32_t sk_api_version(void);  
   
         /* Enroll a U2F key (private key generation) */  
         int sk_enroll(uint32_t alg,  
             const uint8_t *challenge, size_t challenge_len,  
             const char *application, uint8_t flags, const char *pin,  
             struct sk_option **options,  
             struct sk_enroll_response **enroll_response);  
   
         /* Sign a challenge */  
         int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,  
             const char *application,  
             const uint8_t *key_handle, size_t key_handle_len,  
             uint8_t flags, const char *pin, struct sk_option **options,  
             struct sk_sign_response **sign_response);  
   
         /* Enumerate all resident keys */  
         int sk_load_resident_keys(const char *pin, struct sk_option **options,  
             struct sk_resident_key ***rks, size_t *nrks);  
   
 The SSH_SK_VERSION_MAJOR should be incremented for each incompatible  
 API change.  API change.
   
 The options may be used to pass miscellaneous options to the middleware  miscellaneous options may be passed to the middleware as a NULL-
 as a NULL-terminated array of pointers to struct sk_option. The middleware  terminated array of pointers to struct sk_option. The middleware may
 may ignore unsupported or unknown options unless the "important" flag is  ignore unsupported or unknown options unless the "required" flag is set,
 set, in which case it should return failure if an unsupported option is  in which case it should return failure if an unsupported option is
 requested.  requested.
   
 At present the following options names are supported:  At present the following options names are supported:
Legend:
Removed from v.1.25  
changed lines
  Added in v.1.26