version 1.6, 2019/11/12 19:31:45 |
version 1.7, 2019/11/12 19:32:30 |
|
|
uint32_t (*sk_api_version)(void); |
uint32_t (*sk_api_version)(void); |
|
|
/* Enroll a U2F key (private key generation) */ |
/* Enroll a U2F key (private key generation) */ |
int (*sk_enroll)(const uint8_t *challenge, size_t challenge_len, |
int (*sk_enroll)(int alg, const uint8_t *challenge, |
const char *application, uint8_t flags, |
size_t challenge_len, const char *application, uint8_t flags, |
struct sk_enroll_response **enroll_response); |
struct sk_enroll_response **enroll_response); |
|
|
/* Sign a challenge */ |
/* Sign a challenge */ |
int (*sk_sign)(const uint8_t *message, size_t message_len, |
int (*sk_sign)(int alg, const uint8_t *message, size_t message_len, |
const char *application, |
const char *application, |
const uint8_t *key_handle, size_t key_handle_len, |
const uint8_t *key_handle, size_t key_handle_len, |
uint8_t flags, struct sk_sign_response **sign_response); |
uint8_t flags, struct sk_sign_response **sign_response); |
|
|
size_t challenge_len; |
size_t challenge_len; |
struct sk_enroll_response *resp = NULL; |
struct sk_enroll_response *resp = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
|
int alg; |
|
|
*keyp = NULL; |
*keyp = NULL; |
if (attest) |
if (attest) |
sshbuf_reset(attest); |
sshbuf_reset(attest); |
switch (type) { |
switch (type) { |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
|
alg = SSH_SK_ECDSA; |
|
break; |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
|
alg = SSH_SK_ED25519; |
break; |
break; |
default: |
default: |
error("%s: unsupported key type", __func__); |
error("%s: unsupported key type", __func__); |
|
|
} |
} |
/* XXX validate flags? */ |
/* XXX validate flags? */ |
/* enroll key */ |
/* enroll key */ |
if ((r = skp->sk_enroll(challenge, challenge_len, application, |
if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, |
flags, &resp)) != 0) { |
flags, &resp)) != 0) { |
error("Security key provider %s returned failure %d", |
error("Security key provider %s returned failure %d", |
provider_path, r); |
provider_path, r); |
|
|
{ |
{ |
struct sshsk_provider *skp = NULL; |
struct sshsk_provider *skp = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
int type; |
int type, alg; |
struct sk_sign_response *resp = NULL; |
struct sk_sign_response *resp = NULL; |
struct sshbuf *inner_sig = NULL, *sig = NULL; |
struct sshbuf *inner_sig = NULL, *sig = NULL; |
uint8_t message[32]; |
uint8_t message[32]; |
|
|
type = sshkey_type_plain(key->type); |
type = sshkey_type_plain(key->type); |
switch (type) { |
switch (type) { |
case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
|
alg = SSH_SK_ECDSA; |
|
break; |
case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
|
alg = SSH_SK_ED25519; |
break; |
break; |
default: |
default: |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
|
|
r = SSH_ERR_INTERNAL_ERROR; |
r = SSH_ERR_INTERNAL_ERROR; |
goto out; |
goto out; |
} |
} |
if ((r = skp->sk_sign(message, sizeof(message), |
if ((r = skp->sk_sign(alg, message, sizeof(message), |
key->sk_application, |
key->sk_application, |
sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
key->sk_flags, &resp)) != 0) { |
key->sk_flags, &resp)) != 0) { |