diff options
author | Sebastian Kinne <skinne@google.com> | 2019-12-16 17:57:18 -0800 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2020-02-11 10:08:26 +0100 |
commit | 17b518a677c92d943cf016b81272ec10ee1ca368 (patch) | |
tree | b8c739887e0afbc635d9f5916e74aa147ea3c678 /include | |
parent | 3664ba2800eaa1b54008b232d7f0404871d2f8d9 (diff) | |
download | libssh-17b518a677c92d943cf016b81272ec10ee1ca368.tar.gz libssh-17b518a677c92d943cf016b81272ec10ee1ca368.tar.xz libssh-17b518a677c92d943cf016b81272ec10ee1ca368.zip |
pki: add support for sk-ecdsa and sk-ed25519
This adds server-side support for the newly introduced OpenSSH
keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com
(including their corresponding certificates), which are backed
by U2F/FIDO2 tokens.
Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc
Signed-off-by: Sebastian Kinne <skinne@google.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/libssh/libssh.h | 4 | ||||
-rw-r--r-- | include/libssh/pki.h | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index a0c9600c..d1ddffdc 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -304,6 +304,10 @@ enum ssh_keytypes_e{ SSH_KEYTYPE_ECDSA_P384_CERT01, SSH_KEYTYPE_ECDSA_P521_CERT01, SSH_KEYTYPE_ED25519_CERT01, + SSH_KEYTYPE_SK_ECDSA, + SSH_KEYTYPE_SK_ECDSA_CERT01, + SSH_KEYTYPE_SK_ED25519, + SSH_KEYTYPE_SK_ED25519_CERT01, }; enum ssh_keycmp_e { diff --git a/include/libssh/pki.h b/include/libssh/pki.h index ec0ce9af..0f8cae47 100644 --- a/include/libssh/pki.h +++ b/include/libssh/pki.h @@ -21,6 +21,7 @@ #ifndef PKI_H_ #define PKI_H_ +#include <stdint.h> #include "libssh/priv.h" #ifdef HAVE_OPENSSL_EC_H #include <openssl/ec.h> @@ -80,6 +81,7 @@ struct ssh_key_struct { ed25519_pubkey *ed25519_pubkey; ed25519_privkey *ed25519_privkey; #endif + ssh_string sk_application; void *cert; enum ssh_keytypes_e cert_type; }; @@ -100,6 +102,10 @@ struct ssh_signature_struct { ed25519_signature *ed25519_sig; #endif ssh_string raw_sig; + + /* Security Key specific additions */ + uint8_t sk_flags; + uint32_t sk_counter; }; typedef struct ssh_signature_struct *ssh_signature; |