markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 1 | /* $OpenBSD: sk-api.h,v 1.2 2019/11/12 19:32:30 markus Exp $ */ |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC |
| 4 | * |
| 5 | * Permission to use, copy, modify, and distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above |
| 7 | * copyright notice and this permission notice appear in all copies. |
| 8 | * |
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | */ |
| 17 | |
| 18 | #ifndef _SK_API_H |
| 19 | #define _SK_API_H 1 |
| 20 | |
| 21 | #include <stddef.h> |
Darren Tucker | 03ffc09 | 2019-11-02 23:25:01 +1100 | [diff] [blame] | 22 | #ifdef HAVE_STDINT_H |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 23 | #include <stdint.h> |
Darren Tucker | 03ffc09 | 2019-11-02 23:25:01 +1100 | [diff] [blame] | 24 | #endif |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 25 | |
| 26 | /* Flags */ |
| 27 | #define SSH_SK_USER_PRESENCE_REQD 0x01 |
| 28 | |
markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 29 | /* Algs */ |
| 30 | #define SSH_SK_ECDSA 0x00 |
| 31 | #define SSH_SK_ED25519 0x01 |
| 32 | |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 33 | struct sk_enroll_response { |
| 34 | uint8_t *public_key; |
| 35 | size_t public_key_len; |
| 36 | uint8_t *key_handle; |
| 37 | size_t key_handle_len; |
| 38 | uint8_t *signature; |
| 39 | size_t signature_len; |
| 40 | uint8_t *attestation_cert; |
| 41 | size_t attestation_cert_len; |
| 42 | }; |
| 43 | |
| 44 | struct sk_sign_response { |
| 45 | uint8_t flags; |
| 46 | uint32_t counter; |
| 47 | uint8_t *sig_r; |
| 48 | size_t sig_r_len; |
| 49 | uint8_t *sig_s; |
| 50 | size_t sig_s_len; |
| 51 | }; |
| 52 | |
markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 53 | #define SSH_SK_VERSION_MAJOR 0x00020000 /* current API version */ |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 54 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 |
| 55 | |
| 56 | /* Return the version of the middleware API */ |
| 57 | uint32_t sk_api_version(void); |
| 58 | |
| 59 | /* Enroll a U2F key (private key generation) */ |
markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 60 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 61 | const char *application, uint8_t flags, |
| 62 | struct sk_enroll_response **enroll_response); |
| 63 | |
| 64 | /* Sign a challenge */ |
markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 65 | int sk_sign(int alg, const uint8_t *message, size_t message_len, |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 66 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
| 67 | uint8_t flags, struct sk_sign_response **sign_response); |
| 68 | |
| 69 | #endif /* _SK_API_H */ |