#
1.14 |
|
04-Dec-2022 |
dtucker |
Remove duplicate includes. Patch from AtariDreams via github PR#364.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.13 |
|
29-Apr-2022 |
dtucker |
Don't leak SK device. Patch from Pedro Martelletto via github PR#316. ok djm@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.12 |
|
28-Oct-2021 |
djm |
When downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs.
feedback Pedro Martelletto; ok markus
NB. increments SSH_SK_VERSION_MAJOR
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.11 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.10 |
|
26-May-2020 |
djm |
fix memleak of signature; from Pedro Martelletto
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.13 |
|
29-Apr-2022 |
dtucker |
Don't leak SK device. Patch from Pedro Martelletto via github PR#316. ok djm@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.12 |
|
28-Oct-2021 |
djm |
When downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs.
feedback Pedro Martelletto; ok markus
NB. increments SSH_SK_VERSION_MAJOR
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.11 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.10 |
|
26-May-2020 |
djm |
fix memleak of signature; from Pedro Martelletto
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.12 |
|
28-Oct-2021 |
djm |
When downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs.
feedback Pedro Martelletto; ok markus
NB. increments SSH_SK_VERSION_MAJOR
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.11 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.10 |
|
26-May-2020 |
djm |
fix memleak of signature; from Pedro Martelletto
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.11 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.10 |
|
26-May-2020 |
djm |
fix memleak of signature; from Pedro Martelletto
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.10 |
|
26-May-2020 |
djm |
fix memleak of signature; from Pedro Martelletto
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.9 |
|
25-Jan-2020 |
djm |
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it.
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.8 |
|
10-Jan-2020 |
djm |
pass the log-on-stderr flag and log level through to ssh-sk-helper, making debugging a bit easier. ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.7 |
|
06-Jan-2020 |
djm |
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each.
At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.6 |
|
30-Dec-2019 |
djm |
SK API and sk-helper error/PIN passing
Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc.
feedback and ok markus@
|
#
1.5 |
|
30-Dec-2019 |
djm |
implement loading of resident keys in ssh-sk-helper
feedback and ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.4 |
|
13-Dec-2019 |
djm |
perform security key enrollment via ssh-sk-helper too. This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.3 |
|
12-Nov-2019 |
markus |
enable ed25519 support; ok djm
|
#
1.2 |
|
12-Nov-2019 |
markus |
rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
#
1.1 |
|
31-Oct-2019 |
djm |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|