sk_api.h

/*
 * Copyright (c) 2019 Google LLC
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 
/*
 * This file is a copy of the OpenSSH project's sk-api.h file pulled from
 * https://github.com/openssh/openssh-portable/commit/a9cbe10da2be5be76755af0cea029db0f9c1f263
 * with only the flags, algorithms, error codes, and struct definitions. The
 * function declarations and other OpenSSH-specific code have been removed.
 */
 
#ifndef SK_API_H
#define SK_API_H 1
 
#include <stddef.h>
#include <stdint.h>
 
/* FIDO2/U2F Operation Flags */

#ifndef SSH_SK_USER_PRESENCE_REQD
#define SSH_SK_USER_PRESENCE_REQD 0x01
#endif

#ifndef SSH_SK_USER_VERIFICATION_REQD
#define SSH_SK_USER_VERIFICATION_REQD 0x04
#endif

#ifndef SSH_SK_FORCE_OPERATION
#define SSH_SK_FORCE_OPERATION 0x10
#endif

#ifndef SSH_SK_RESIDENT_KEY
#define SSH_SK_RESIDENT_KEY 0x20
#endif
 
/* Algorithms */

#define SSH_SK_ECDSA 0x00

#define SSH_SK_ED25519 0x01
 
/* Error codes */

#define SSH_SK_ERR_GENERAL -1

#define SSH_SK_ERR_UNSUPPORTED -2

#define SSH_SK_ERR_PIN_REQUIRED -3

#define SSH_SK_ERR_DEVICE_NOT_FOUND -4

#define SSH_SK_ERR_CREDENTIAL_EXISTS -5

struct sk_enroll_response {
    uint8_t flags;

    uint8_t *public_key;

    size_t public_key_len;

    uint8_t *key_handle;

    size_t key_handle_len;

    uint8_t *signature;

    size_t signature_len;

    uint8_t *attestation_cert;

    size_t attestation_cert_len;

    uint8_t *authdata;

    size_t authdata_len;
};

struct sk_sign_response {
    uint8_t flags;

    uint32_t counter;

    uint8_t *sig_r;

    size_t sig_r_len;

    uint8_t *sig_s;

    size_t sig_s_len;
};

struct sk_resident_key {
    uint32_t alg;

    size_t slot;

    char *application;

    struct sk_enroll_response key;

    uint8_t flags;

    uint8_t *user_id;

    size_t user_id_len;
};

struct sk_option {
    char *name;

    char *value;

    uint8_t required;
};

#define SSH_SK_VERSION_MAJOR      0x000a0000
#define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
 
#endif /* SK_API_H */