| version 1.6, 2019/11/12 19:31:45 |
version 1.7, 2019/11/12 19:32:30 |
|
|
| uint32_t (*sk_api_version)(void); |
uint32_t (*sk_api_version)(void); |
| |
|
| /* Enroll a U2F key (private key generation) */ |
/* Enroll a U2F key (private key generation) */ |
| int (*sk_enroll)(const uint8_t *challenge, size_t challenge_len, |
int (*sk_enroll)(int alg, const uint8_t *challenge, |
| const char *application, uint8_t flags, |
size_t challenge_len, const char *application, uint8_t flags, |
| struct sk_enroll_response **enroll_response); |
struct sk_enroll_response **enroll_response); |
| |
|
| /* Sign a challenge */ |
/* Sign a challenge */ |
| int (*sk_sign)(const uint8_t *message, size_t message_len, |
int (*sk_sign)(int alg, const uint8_t *message, size_t message_len, |
| const char *application, |
const char *application, |
| const uint8_t *key_handle, size_t key_handle_len, |
const uint8_t *key_handle, size_t key_handle_len, |
| uint8_t flags, struct sk_sign_response **sign_response); |
uint8_t flags, struct sk_sign_response **sign_response); |
|
|
| size_t challenge_len; |
size_t challenge_len; |
| struct sk_enroll_response *resp = NULL; |
struct sk_enroll_response *resp = NULL; |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| |
int alg; |
| |
|
| *keyp = NULL; |
*keyp = NULL; |
| if (attest) |
if (attest) |
| sshbuf_reset(attest); |
sshbuf_reset(attest); |
| switch (type) { |
switch (type) { |
| case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
| |
alg = SSH_SK_ECDSA; |
| |
break; |
| case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
| |
alg = SSH_SK_ED25519; |
| break; |
break; |
| default: |
default: |
| error("%s: unsupported key type", __func__); |
error("%s: unsupported key type", __func__); |
|
|
| } |
} |
| /* XXX validate flags? */ |
/* XXX validate flags? */ |
| /* enroll key */ |
/* enroll key */ |
| if ((r = skp->sk_enroll(challenge, challenge_len, application, |
if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, |
| flags, &resp)) != 0) { |
flags, &resp)) != 0) { |
| error("Security key provider %s returned failure %d", |
error("Security key provider %s returned failure %d", |
| provider_path, r); |
provider_path, r); |
|
|
| { |
{ |
| struct sshsk_provider *skp = NULL; |
struct sshsk_provider *skp = NULL; |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| int type; |
int type, alg; |
| struct sk_sign_response *resp = NULL; |
struct sk_sign_response *resp = NULL; |
| struct sshbuf *inner_sig = NULL, *sig = NULL; |
struct sshbuf *inner_sig = NULL, *sig = NULL; |
| uint8_t message[32]; |
uint8_t message[32]; |
|
|
| type = sshkey_type_plain(key->type); |
type = sshkey_type_plain(key->type); |
| switch (type) { |
switch (type) { |
| case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
| |
alg = SSH_SK_ECDSA; |
| |
break; |
| case KEY_ED25519_SK: |
case KEY_ED25519_SK: |
| |
alg = SSH_SK_ED25519; |
| break; |
break; |
| default: |
default: |
| return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
|
|
| r = SSH_ERR_INTERNAL_ERROR; |
r = SSH_ERR_INTERNAL_ERROR; |
| goto out; |
goto out; |
| } |
} |
| if ((r = skp->sk_sign(message, sizeof(message), |
if ((r = skp->sk_sign(alg, message, sizeof(message), |
| key->sk_application, |
key->sk_application, |
| sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
| key->sk_flags, &resp)) != 0) { |
key->sk_flags, &resp)) != 0) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-sk.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh