Remove duplicate includes. Patch from AtariDreams via github PR#364.

Don't leak SK device. Patch from Pedro Martelletto via github PR#316.
ok djm@

When downloading resident keys from a FIDO token, pass back the
user ID that was used when the key was created and append it to
the filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

fix memleak of signature; from Pedro Martelletto

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

Don't leak SK device. Patch from Pedro Martelletto via github PR#316.
ok djm@

When downloading resident keys from a FIDO token, pass back the
user ID that was used when the key was created and append it to
the filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

fix memleak of signature; from Pedro Martelletto

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

When downloading resident keys from a FIDO token, pass back the
user ID that was used when the key was created and append it to
the filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

fix memleak of signature; from Pedro Martelletto

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

fix memleak of signature; from Pedro Martelletto

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

fix memleak of signature; from Pedro Martelletto

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

pass the log-on-stderr flag and log level through to ssh-sk-helper,
making debugging a bit easier. ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

Extends the SK API to accept a set of key/value options for all
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

enable ed25519 support; ok djm

rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

ssh-agent support for U2F/FIDO keys

feedback & ok markus@

ssh-agent support for U2F/FIDO keys

feedback & ok markus@