pki: add support for sk-ecdsa and sk-ed25519

This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-09-10 02:09:25 +03:00 · 2019-12-16 17:57:18 -08:00
parent 3664ba2800
commit 17b518a677
7 changed files with 245 additions and 13 deletions
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -304,6 +304,10 @@ enum ssh_keytypes_e{
  SSH_KEYTYPE_ECDSA_P384_CERT01,
  SSH_KEYTYPE_ECDSA_P521_CERT01,
  SSH_KEYTYPE_ED25519_CERT01,
+  SSH_KEYTYPE_SK_ECDSA,
+  SSH_KEYTYPE_SK_ECDSA_CERT01,
+  SSH_KEYTYPE_SK_ED25519,
+  SSH_KEYTYPE_SK_ED25519_CERT01,
 };

 enum ssh_keycmp_e {