1libssh2_sign_sk(3) libssh2 libssh2_sign_sk(3)
2
3
4
6 libssh2_sign_sk - Create a signature from a FIDO2 authenticator.
7
9 #include <libssh2.h>
10
11 int
12 libssh2_sign_sk(LIBSSH2_SESSION *session,
13 unsigned char **sig,
14 size_t *sig_len,
15 const unsigned char *data,
16 size_t data_len,
17 void **abstract);
18
19 typedef struct _LIBSSH2_PRIVKEY_SK {
20 int algorithm;
21 uint8_t flags;
22 const char *application;
23 const unsigned char *key_handle;
24 size_t handle_len;
25 LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback));
26 void **orig_abstract;
27 } LIBSSH2_PRIVKEY_SK;
28
30 session - Session instance as returned by libssh2_session_init_ex(3)
31
32 sig - A pointer to a buffer in which to place the signature. The caller
33 is responsible for freeing the signature with LIBSSH2_FREE.
34
35 sig_len - A pointer to the length of the sig parameter.
36
37 data - The data to sign.
38
39 data_len - The length of the data parameter.
40
41 abstract - A pointer to a pointer to a LIBSSH2_PRIVKEY_SK. See descrip‐
42 tion below.
43
44 Create a signature from a FIDO2 authenticator, using either the sk-ssh-
45 ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com key exchange
46 algorithms.
47
48 The abstract parameter is a pointer to a pointer due to the internal
49 workings of libssh2. The LIBSSH2_PRIVKEY_SK must be completely filled
50 out, and the caller is responsible for all memory management of its
51 fields.
52
53 algorithm - The signing algorithm to use. Possible values are LIB‐
54 SSH2_HOSTKEY_TYPE_ED25519 and LIBSSH2_HOSTKEY_TYPE_ECDSA_256.
55
56 flags - A bitmask specifying options for the authenticator. When LIB‐
57 SSH2_SK_PRESENCE_REQUIRED is set, the authenticator requires a touch.
58 When LIBSSH2_SK_VERIFICATION_REQUIRED is set, the authenticator re‐
59 quires a PIN. Many servers and authenticators do not work properly
60 when LIBSSH2_SK_PRESENCE_REQUIRED is not set.
61
62 application - A user-defined string to use as the RP name for the au‐
63 thenticator. Usually "ssh:".
64
65 key_handle - The key handle to use for the authenticator's allow list.
66
67 handle_len - The length of the key_handle parameter.
68
69 abstract - User-defined data. When a PIN is required, use this to pass
70 in the PIN, or a function pointer to retrieve the PIN.
71
72 key_handle The decoded key handle from the private key file.
73
74 handle_len The length of the key_handle parameter.
75
76 sign_callback - Responsible for communicating with the hardware authen‐
77 ticator to generate a signature. On success, the signature information
78 must be placed in the `sig_info sig_info parameter and the callback
79 must return 0. On failure, it should return a negative number. See lib‐
80 ssh2_userauth_publickey_sk(3)
81 for more information.
82
83 orig_abstract - User-defined data. When a PIN is required, use this to
84 pass in the PIN, or a function pointer to retrieve the PIN.
85
87 Return 0 on success or negative on failure.
88
90 libssh2_userauth_publickey_sk(3)
91
92
93
94libssh2 1.10.0 1 Jun 2022 libssh2_sign_sk(3)