libssh2_sign_sk.3 (3069B)
1.TH libssh2_sign_sk 3 "1 Jun 2022" "libssh2 1.10.0" "libssh2" 2.SH NAME 3libssh2_sign_sk - Create a signature from a FIDO2 authenticator. 4.SH SYNOPSIS 5.nf 6#include <libssh2.h> 7 8int 9libssh2_sign_sk(LIBSSH2_SESSION *session, 10 unsigned char **sig, 11 size_t *sig_len, 12 const unsigned char *data, 13 size_t data_len, 14 void **abstract); 15 16typedef struct _LIBSSH2_PRIVKEY_SK { 17 int algorithm; 18 uint8_t flags; 19 const char *application; 20 const unsigned char *key_handle; 21 size_t handle_len; 22 LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback)); 23 void **orig_abstract; 24} LIBSSH2_PRIVKEY_SK; 25.fi 26.SH DESCRIPTION 27\fIsession\fP - Session instance as returned by 28.BR libssh2_session_init_ex(3) 29 30\fIsig\fP - A pointer to a buffer in which to place the signature. The caller 31is responsible for freeing the signature with LIBSSH2_FREE. 32 33\fIsig_len\fP - A pointer to the length of the sig parameter. 34 35\fIdata\fP - The data to sign. 36 37\fIdata_len\fP - The length of the data parameter. 38 39\fIabstract\fP - A pointer to a pointer to a LIBSSH2_PRIVKEY_SK. See 40description below. 41 42Create a signature from a FIDO2 authenticator, using either the 43sk-ssh-ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com key 44exchange algorithms. 45 46The abstract parameter is a pointer to a pointer due to the internal workings 47of libssh2. The LIBSSH2_PRIVKEY_SK must be completely filled out, and the 48caller is responsible for all memory management of its fields. 49 50\fIalgorithm\fP - The signing algorithm to use. Possible values are 51LIBSSH2_HOSTKEY_TYPE_ED25519 and LIBSSH2_HOSTKEY_TYPE_ECDSA_256. 52 53\fIflags\fP - A bitmask specifying options for the authenticator. When 54LIBSSH2_SK_PRESENCE_REQUIRED is set, the authenticator requires a touch. When 55LIBSSH2_SK_VERIFICATION_REQUIRED is set, the authenticator requires a PIN. 56Many servers and authenticators do not work properly when 57LIBSSH2_SK_PRESENCE_REQUIRED is not set. 58 59\fIapplication\fP - A user-defined string to use as the RP name for the 60authenticator. Usually "ssh:". 61 62\fIkey_handle\fP - The key handle to use for the authenticator's allow list. 63 64\fIhandle_len\fP - The length of the key_handle parameter. 65 66\fIabstract\fP - User-defined data. When a PIN is required, use this to pass in 67the PIN, or a function pointer to retrieve the PIN. 68 69\fIkey_handle\fP The decoded key handle from the private key file. 70 71\fIhandle_len\fP The length of the key_handle parameter. 72 73\fIsign_callback\fP - Responsible for communicating with the hardware 74authenticator to generate a signature. On success, the signature information 75must be placed in the `\fIsig_info\fP sig_info parameter and the callback must 76return 0. On failure, it should return a negative number. See 77.BR libssh2_userauth_publickey_sk(3) 78 for more information. 79 80\fIorig_abstract\fP - User-defined data. When a PIN is required, use this to 81pass in the PIN, or a function pointer to retrieve the PIN. 82.SH RETURN VALUE 83Return 0 on success or negative on failure. 84.SH SEE ALSO 85.BR libssh2_userauth_publickey_sk(3)