d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
822d379b1f
freebsd-dev/crypto/openssh/ssh-sk.h
Ed Maste 19261079b7 openssh: update to OpenSSH v8.7p1 
Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
  fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
  key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
  (RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
  support to provide address-space isolation for token middleware
  libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
  conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
  (e.g. "scp host-a:/path host-b:") to transfer through the local host
  by default.
- scp(1): experimental support for transfers using the SFTP protocol as
  a replacement for the venerable SCP/RCP protocol that it has
  traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by:	imp
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29985
2021-09-07 21:05:51 -04:00

70 lines
2.4 KiB
C
Raw Blame History

/* $OpenBSD: ssh-sk.h,v 1.10 2020/01/10 23:43:26 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _SSH_SK_H
#define _SSH_SK_H 1
struct sshbuf;
struct sshkey;
struct sk_option;
/* Version of protocol expected from ssh-sk-helper */
#define SSH_SK_HELPER_VERSION 5
/* ssh-sk-helper messages */
#define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */
#define SSH_SK_HELPER_SIGN 1
#define SSH_SK_HELPER_ENROLL 2
#define SSH_SK_HELPER_LOAD_RESIDENT 3
/*
* Enroll (generate) a new security-key hosted private key of given type
* via the specified provider middleware.
* If challenge_buf is NULL then a random 256 bit challenge will be used.
*
* Returns 0 on success or a ssherr.h error code on failure.
*
* If successful and the attest_data buffer is not NULL then attestation
* information is placed there.
*/
int sshsk_enroll(int type, const char *provider_path, const char *device,
const char *application, const char *userid, uint8_t flags,
const char *pin, struct sshbuf *challenge_buf,
struct sshkey **keyp, struct sshbuf *attest);
/*
* Calculate an ECDSA_SK or ED25519_SK signature using the specified key
* and provider middleware.
*
* Returns 0 on success or a ssherr.h error code on failure.
*/
int sshsk_sign(const char *provider_path, struct sshkey *key,
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
u_int compat, const char *pin);
/*
* Enumerates and loads all SSH-compatible resident keys from a security
* key.
*
* Returns 0 on success or a ssherr.h error code on failure.
*/
int sshsk_load_resident(const char *provider_path, const char *device,
const char *pin, struct sshkey ***keysp, size_t *nkeysp);
#endif /* _SSH_SK_H */
Reference in New Issue View Git Blame Copy Permalink