djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 1 | /* $OpenBSD: sk-api.h,v 1.7 2020/01/06 02:00:46 djm Exp $ */ |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC |
| 4 | * |
| 5 | * Permission to use, copy, modify, and distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above |
| 7 | * copyright notice and this permission notice appear in all copies. |
| 8 | * |
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | */ |
| 17 | |
| 18 | #ifndef _SK_API_H |
| 19 | #define _SK_API_H 1 |
| 20 | |
| 21 | #include <stddef.h> |
Darren Tucker | 03ffc09 | 2019-11-02 23:25:01 +1100 | [diff] [blame] | 22 | #ifdef HAVE_STDINT_H |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 23 | #include <stdint.h> |
Darren Tucker | 03ffc09 | 2019-11-02 23:25:01 +1100 | [diff] [blame] | 24 | #endif |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 25 | |
| 26 | /* Flags */ |
| 27 | #define SSH_SK_USER_PRESENCE_REQD 0x01 |
djm@openbsd.org | 4532bd0 | 2019-12-30 09:19:52 +0000 | [diff] [blame] | 28 | #define SSH_SK_USER_VERIFICATION_REQD 0x04 |
| 29 | #define SSH_SK_RESIDENT_KEY 0x20 |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 30 | |
markus@openbsd.org | fd1a3b5 | 2019-11-12 19:32:30 +0000 | [diff] [blame] | 31 | /* Algs */ |
| 32 | #define SSH_SK_ECDSA 0x00 |
| 33 | #define SSH_SK_ED25519 0x01 |
| 34 | |
djm@openbsd.org | 43ce964 | 2019-12-30 09:24:45 +0000 | [diff] [blame] | 35 | /* Error codes */ |
| 36 | #define SSH_SK_ERR_GENERAL -1 |
| 37 | #define SSH_SK_ERR_UNSUPPORTED -2 |
| 38 | #define SSH_SK_ERR_PIN_REQUIRED -3 |
| 39 | |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 40 | struct sk_enroll_response { |
| 41 | uint8_t *public_key; |
| 42 | size_t public_key_len; |
| 43 | uint8_t *key_handle; |
| 44 | size_t key_handle_len; |
| 45 | uint8_t *signature; |
| 46 | size_t signature_len; |
| 47 | uint8_t *attestation_cert; |
| 48 | size_t attestation_cert_len; |
| 49 | }; |
| 50 | |
| 51 | struct sk_sign_response { |
| 52 | uint8_t flags; |
| 53 | uint32_t counter; |
| 54 | uint8_t *sig_r; |
| 55 | size_t sig_r_len; |
| 56 | uint8_t *sig_s; |
| 57 | size_t sig_s_len; |
| 58 | }; |
| 59 | |
djm@openbsd.org | 14cea36 | 2019-12-30 09:21:16 +0000 | [diff] [blame] | 60 | struct sk_resident_key { |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 61 | uint32_t alg; |
djm@openbsd.org | 14cea36 | 2019-12-30 09:21:16 +0000 | [diff] [blame] | 62 | size_t slot; |
| 63 | char *application; |
| 64 | struct sk_enroll_response key; |
| 65 | }; |
| 66 | |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 67 | struct sk_option { |
| 68 | char *name; |
| 69 | char *value; |
| 70 | uint8_t required; |
| 71 | }; |
| 72 | |
| 73 | #define SSH_SK_VERSION_MAJOR 0x00040000 /* current API version */ |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 74 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 |
| 75 | |
| 76 | /* Return the version of the middleware API */ |
| 77 | uint32_t sk_api_version(void); |
| 78 | |
| 79 | /* Enroll a U2F key (private key generation) */ |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 80 | int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, |
djm@openbsd.org | c54cd18 | 2019-12-30 09:23:28 +0000 | [diff] [blame] | 81 | const char *application, uint8_t flags, const char *pin, |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 82 | struct sk_option **options, struct sk_enroll_response **enroll_response); |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 83 | |
| 84 | /* Sign a challenge */ |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 85 | int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 86 | const char *application, const uint8_t *key_handle, size_t key_handle_len, |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 87 | uint8_t flags, const char *pin, struct sk_option **options, |
| 88 | struct sk_sign_response **sign_response); |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 89 | |
djm@openbsd.org | 14cea36 | 2019-12-30 09:21:16 +0000 | [diff] [blame] | 90 | /* Enumerate all resident keys */ |
djm@openbsd.org | c312ca0 | 2020-01-06 02:00:46 +0000 | [diff] [blame] | 91 | int sk_load_resident_keys(const char *pin, struct sk_option **options, |
djm@openbsd.org | 14cea36 | 2019-12-30 09:21:16 +0000 | [diff] [blame] | 92 | struct sk_resident_key ***rks, size_t *nrks); |
| 93 | |
djm@openbsd.org | ed3467c | 2019-10-31 21:16:20 +0000 | [diff] [blame] | 94 | #endif /* _SK_API_H */ |