117721Speter/* $OpenBSD: ssh-sk.h,v 1.11 2021/10/28 02:54:18 djm Exp $ */ 217721Speter/* 317721Speter * Copyright (c) 2019 Google LLC 417721Speter * 517721Speter * Permission to use, copy, modify, and distribute this software for any 632785Speter * purpose with or without fee is hereby granted, provided that the above 717721Speter * copyright notice and this permission notice appear in all copies. 817721Speter * 932785Speter * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 1017721Speter * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 1125839Speter * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 1217721Speter * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 1317721Speter * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 1417721Speter * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 1517721Speter * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 1617721Speter */ 1717721Speter 1817721Speter#ifndef _SSH_SK_H 1917721Speter#define _SSH_SK_H 1 2017721Speter 2117721Speterstruct sshbuf; 2217721Speterstruct sshkey; 2317721Speterstruct sk_option; 2417721Speter 2517721Speter/* Version of protocol expected from ssh-sk-helper */ 2617721Speter#define SSH_SK_HELPER_VERSION 5 2717721Speter 2825839Speter/* ssh-sk-helper messages */ 2925839Speter#define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */ 3025839Speter#define SSH_SK_HELPER_SIGN 1 3125839Speter#define SSH_SK_HELPER_ENROLL 2 3217721Speter#define SSH_SK_HELPER_LOAD_RESIDENT 3 3317721Speter 3417721Speterstruct sshsk_resident_key { 3517721Speter struct sshkey *key; 3617721Speter uint8_t *user_id; 3717721Speter size_t user_id_len; 3817721Speter}; 3917721Speter 4017721Speter/* 4125839Speter * Enroll (generate) a new security-key hosted private key of given type 4225839Speter * via the specified provider middleware. 4317721Speter * If challenge_buf is NULL then a random 256 bit challenge will be used. 4417721Speter * 4525839Speter * Returns 0 on success or a ssherr.h error code on failure. 4617721Speter * 4717721Speter * If successful and the attest_data buffer is not NULL then attestation 4817721Speter * information is placed there. 4917721Speter */ 5017721Speterint sshsk_enroll(int type, const char *provider_path, const char *device, 5125839Speter const char *application, const char *userid, uint8_t flags, 5217721Speter const char *pin, struct sshbuf *challenge_buf, 5325839Speter struct sshkey **keyp, struct sshbuf *attest); 5417721Speter 5525839Speter/* 5625839Speter * Calculate an ECDSA_SK or ED25519_SK signature using the specified key 5725839Speter * and provider middleware. 5825839Speter * 5925839Speter * Returns 0 on success or a ssherr.h error code on failure. 6025839Speter */ 6125839Speterint sshsk_sign(const char *provider_path, struct sshkey *key, 6225839Speter u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, 6325839Speter u_int compat, const char *pin); 6425839Speter 6525839Speter/* 6625839Speter * Enumerates and loads all SSH-compatible resident keys from a security 6725839Speter * key. 6825839Speter * 6925839Speter * Returns 0 on success or a ssherr.h error code on failure. 7025839Speter */ 7125839Speterint sshsk_load_resident(const char *provider_path, const char *device, 7225839Speter const char *pin, u_int flags, struct sshsk_resident_key ***srksp, 7325839Speter size_t *nsrksp); 7425839Speter 7525839Speter/* Free an array of sshsk_resident_key (as returned from sshsk_load_resident) */ 7625839Spetervoid sshsk_free_resident_keys(struct sshsk_resident_key **srks, size_t nsrks); 7725839Speter 7825839Speter#endif /* _SSH_SK_H */ 7925839Speter 8025839Speter