aboutsummaryrefslogtreecommitdiff
path: root/include/libssh
diff options
context:
space:
mode:
authorSebastian Kinne <skinne@google.com>2019-12-16 17:57:18 -0800
committerJakub Jelen <jjelen@redhat.com>2020-02-11 10:08:26 +0100
commit17b518a677c92d943cf016b81272ec10ee1ca368 (patch)
treeb8c739887e0afbc635d9f5916e74aa147ea3c678 /include/libssh
parent3664ba2800eaa1b54008b232d7f0404871d2f8d9 (diff)
downloadlibssh-17b518a677c92d943cf016b81272ec10ee1ca368.tar.gz
libssh-17b518a677c92d943cf016b81272ec10ee1ca368.tar.xz
libssh-17b518a677c92d943cf016b81272ec10ee1ca368.zip
pki: add support for sk-ecdsa and sk-ed25519
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'include/libssh')
-rw-r--r--include/libssh/libssh.h4
-rw-r--r--include/libssh/pki.h6
2 files changed, 10 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index a0c9600c..d1ddffdc 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -304,6 +304,10 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_ECDSA_P384_CERT01,
SSH_KEYTYPE_ECDSA_P521_CERT01,
SSH_KEYTYPE_ED25519_CERT01,
+ SSH_KEYTYPE_SK_ECDSA,
+ SSH_KEYTYPE_SK_ECDSA_CERT01,
+ SSH_KEYTYPE_SK_ED25519,
+ SSH_KEYTYPE_SK_ED25519_CERT01,
};
enum ssh_keycmp_e {
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index ec0ce9af..0f8cae47 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -21,6 +21,7 @@
#ifndef PKI_H_
#define PKI_H_
+#include <stdint.h>
#include "libssh/priv.h"
#ifdef HAVE_OPENSSL_EC_H
#include <openssl/ec.h>
@@ -80,6 +81,7 @@ struct ssh_key_struct {
ed25519_pubkey *ed25519_pubkey;
ed25519_privkey *ed25519_privkey;
#endif
+ ssh_string sk_application;
void *cert;
enum ssh_keytypes_e cert_type;
};
@@ -100,6 +102,10 @@ struct ssh_signature_struct {
ed25519_signature *ed25519_sig;
#endif
ssh_string raw_sig;
+
+ /* Security Key specific additions */
+ uint8_t sk_flags;
+ uint32_t sk_counter;
};
typedef struct ssh_signature_struct *ssh_signature;