Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
libssh2_sign_sk(3)		    libssh2		    libssh2_sign_sk(3)

NAME
       libssh2_sign_sk - Create	a signature from a FIDO2 authenticator.

SYNOPSIS
       #include	<libssh2.h>

       int
       libssh2_sign_sk(LIBSSH2_SESSION *session,
		       unsigned	char **sig,
		       size_t *sig_len,
		       const unsigned char *data,
		       size_t data_len,
		       void **abstract);

       typedef struct _LIBSSH2_PRIVKEY_SK {
	   int algorithm;
	   uint8_t flags;
	   const char *application;
	   const unsigned char *key_handle;
	   size_t handle_len;
	   LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback));
	   void	**orig_abstract;
       } LIBSSH2_PRIVKEY_SK;

DESCRIPTION
       session - Session instance as returned by libssh2_session_init_ex(3)

       sig - A pointer to a buffer in which to place the signature. The	caller
       is responsible for freeing the signature	with LIBSSH2_FREE.

       sig_len - A pointer to the length of the	sig parameter.

       data - The data to sign.

       data_len	- The length of	the data parameter.

       abstract	- A pointer to a pointer to a LIBSSH2_PRIVKEY_SK. See descrip-
       tion below.

       Create a	signature from a FIDO2 authenticator, using either the sk-ssh-
       ed25519@openssh.com  or sk-ecdsa-sha2-nistp256@openssh.com key exchange
       algorithms.

       The abstract parameter is a pointer to a	pointer	due  to	 the  internal
       workings	 of  libssh2. The LIBSSH2_PRIVKEY_SK must be completely	filled
       out, and	the caller is responsible for all  memory  management  of  its
       fields.

       algorithm  -  The  signing  algorithm  to use. Possible values are LIB-
       SSH2_HOSTKEY_TYPE_ED25519 and LIBSSH2_HOSTKEY_TYPE_ECDSA_256.

       flags - A bitmask specifying options for	the authenticator.  When  LIB-
       SSH2_SK_PRESENCE_REQUIRED  is  set, the authenticator requires a	touch.
       When LIBSSH2_SK_VERIFICATION_REQUIRED is	 set,  the  authenticator  re-
       quires  a  PIN.	 Many  servers and authenticators do not work properly
       when LIBSSH2_SK_PRESENCE_REQUIRED is not	set.

       application - A user-defined string to use as the RP name for  the  au-
       thenticator. Usually "ssh:".

       key_handle - The	key handle to use for the authenticator's allow	list.

       handle_len - The	length of the key_handle parameter.

       abstract	 - User-defined	data. When a PIN is required, use this to pass
       in the PIN, or a	function pointer to retrieve the PIN.

       key_handle The decoded key handle from the private key file.

       handle_len The length of	the key_handle parameter.

       sign_callback - Responsible for communicating with the hardware authen-
       ticator to generate a signature.	On success, the	signature  information
       must  be	 placed	 in  the `sig_info sig_info parameter and the callback
       must return 0. On failure, it should return a negative number. See lib-
       ssh2_userauth_publickey_sk(3)
	for more information.

       orig_abstract - User-defined data. When a PIN is	required, use this  to
       pass in the PIN,	or a function pointer to retrieve the PIN.

RETURN VALUE
       Return 0	on success or negative on failure.

SEE ALSO
       libssh2_userauth_publickey_sk(3)

libssh2	1.10.0			  1 Jun	2022		    libssh2_sign_sk(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=libssh2_sign_sk&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help