| version 1.20, 2019/12/30 09:21:16 |
version 1.21, 2019/12/30 09:23:28 |
|
|
| /* Enroll a U2F key (private key generation) */ |
/* Enroll a U2F key (private key generation) */ |
| int (*sk_enroll)(int alg, const uint8_t *challenge, |
int (*sk_enroll)(int alg, const uint8_t *challenge, |
| size_t challenge_len, const char *application, uint8_t flags, |
size_t challenge_len, const char *application, uint8_t flags, |
| struct sk_enroll_response **enroll_response); |
const char *pin, struct sk_enroll_response **enroll_response); |
| |
|
| /* Sign a challenge */ |
/* Sign a challenge */ |
| int (*sk_sign)(int alg, const uint8_t *message, size_t message_len, |
int (*sk_sign)(int alg, const uint8_t *message, size_t message_len, |
| const char *application, |
const char *application, |
| const uint8_t *key_handle, size_t key_handle_len, |
const uint8_t *key_handle, size_t key_handle_len, |
| uint8_t flags, struct sk_sign_response **sign_response); |
uint8_t flags, const char *pin, |
| |
struct sk_sign_response **sign_response); |
| |
|
| /* Enumerate resident keys */ |
/* Enumerate resident keys */ |
| int (*sk_load_resident_keys)(const char *pin, |
int (*sk_load_resident_keys)(const char *pin, |
|
|
| /* Built-in version */ |
/* Built-in version */ |
| int ssh_sk_enroll(int alg, const uint8_t *challenge, |
int ssh_sk_enroll(int alg, const uint8_t *challenge, |
| size_t challenge_len, const char *application, uint8_t flags, |
size_t challenge_len, const char *application, uint8_t flags, |
| struct sk_enroll_response **enroll_response); |
const char *pin, struct sk_enroll_response **enroll_response); |
| int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len, |
int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len, |
| const char *application, |
const char *application, |
| const uint8_t *key_handle, size_t key_handle_len, |
const uint8_t *key_handle, size_t key_handle_len, |
| uint8_t flags, struct sk_sign_response **sign_response); |
uint8_t flags, const char *pin, struct sk_sign_response **sign_response); |
| int ssh_sk_load_resident_keys(const char *pin, |
int ssh_sk_load_resident_keys(const char *pin, |
| struct sk_resident_key ***rks, size_t *nrks); |
struct sk_resident_key ***rks, size_t *nrks); |
| |
|
|
|
| |
|
| int |
int |
| sshsk_enroll(int type, const char *provider_path, const char *application, |
sshsk_enroll(int type, const char *provider_path, const char *application, |
| uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, |
uint8_t flags, const char *pin, struct sshbuf *challenge_buf, |
| struct sshbuf *attest) |
struct sshkey **keyp, struct sshbuf *attest) |
| { |
{ |
| struct sshsk_provider *skp = NULL; |
struct sshsk_provider *skp = NULL; |
| struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
|
|
| int alg; |
int alg; |
| |
|
| debug("%s: provider \"%s\", application \"%s\", flags 0x%02x, " |
debug("%s: provider \"%s\", application \"%s\", flags 0x%02x, " |
| "challenge len %zu", __func__, provider_path, application, |
"challenge len %zu%s", __func__, provider_path, application, |
| flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf)); |
flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf), |
| |
(pin != NULL && *pin != '\0') ? " with-pin" : ""); |
| |
|
| *keyp = NULL; |
*keyp = NULL; |
| if (attest) |
if (attest) |
|
|
| /* XXX validate flags? */ |
/* XXX validate flags? */ |
| /* enroll key */ |
/* enroll key */ |
| if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, |
if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, |
| flags, &resp)) != 0) { |
flags, pin, &resp)) != 0) { |
| error("Security key provider %s returned failure %d", |
error("Security key provider %s returned failure %d", |
| provider_path, r); |
provider_path, r); |
| r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */ |
r = SSH_ERR_INVALID_FORMAT; /* XXX error codes in API? */ |
|
|
| int |
int |
| sshsk_sign(const char *provider_path, struct sshkey *key, |
sshsk_sign(const char *provider_path, struct sshkey *key, |
| u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
| u_int compat) |
u_int compat, const char *pin) |
| { |
{ |
| struct sshsk_provider *skp = NULL; |
struct sshsk_provider *skp = NULL; |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
|
|
| struct sshbuf *inner_sig = NULL, *sig = NULL; |
struct sshbuf *inner_sig = NULL, *sig = NULL; |
| uint8_t message[32]; |
uint8_t message[32]; |
| |
|
| debug("%s: provider \"%s\", key %s, flags 0x%02x", __func__, |
debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, |
| provider_path, sshkey_type(key), key->sk_flags); |
provider_path, sshkey_type(key), key->sk_flags, |
| |
(pin != NULL && *pin != '\0') ? " with-pin" : ""); |
| |
|
| if (sigp != NULL) |
if (sigp != NULL) |
| *sigp = NULL; |
*sigp = NULL; |
|
|
| if ((r = skp->sk_sign(alg, message, sizeof(message), |
if ((r = skp->sk_sign(alg, message, sizeof(message), |
| key->sk_application, |
key->sk_application, |
| sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
| key->sk_flags, &resp)) != 0) { |
key->sk_flags, pin, &resp)) != 0) { |
| debug("%s: sk_sign failed with code %d", __func__, r); |
debug("%s: sk_sign failed with code %d", __func__, r); |
| goto out; |
goto out; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-sk.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh