Commit Graph

10 Commits

Author SHA1 Message Date
djm@openbsd.org 57b181eaf2 upstream: pass the log-on-stderr flag and log level through to
ssh-sk-helper, making debugging a bit easier. ok markus@

OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
2020-01-21 18:09:09 +11:00
djm@openbsd.org c312ca077c upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
2020-01-06 13:12:46 +11:00
djm@openbsd.org c54cd1892c upstream: SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
2019-12-30 20:59:33 +11:00
djm@openbsd.org 14cea36df3 upstream: resident keys support in SK API
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.

Implement support for this in the usbhid middleware.

feedback and ok markus@

OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
2019-12-30 20:58:19 +11:00
djm@openbsd.org b52ec0ba39 upstream: use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
2019-12-14 07:17:44 +11:00
markus@openbsd.org 7c32b51edb upstream: implement sshsk_ed25519_assemble(); ok djm
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
2019-11-13 08:49:52 +11:00
markus@openbsd.org fe05a36dc0 upstream: implement sshsk_ed25519_inner_sig(); ok djm
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
2019-11-13 08:49:52 +11:00
markus@openbsd.org e03a29e655 upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
2019-11-13 08:49:52 +11:00
djm@openbsd.org 07da39f71d upstream: ssh-agent support for U2F/FIDO keys
feedback & ok markus@

OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01 09:46:09 +11:00
djm@openbsd.org ed3467c1e1 upstream: U2F/FIDO middleware interface
Supports enrolling (generating) keys and signatures.

feedback & ok markus@

OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01 09:46:09 +11:00