GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
libssh2_userauth_publickey_sk(3) libssh2 libssh2_userauth_publickey_sk(3)

libssh2_userauth_publickey_sk - authenticate a session with a FIDO2 authenticator

#include <libssh2.h>
int
libssh2_userauth_publickey_sk(LIBSSH2_SESSION *session,


                              const char *username,


                              size_t username_len,


                              const unsigned char *publickeydata,


                              size_t publickeydata_len,


                              const char *privatekeydata,


                              size_t privatekeydata_len,


                              const char *passphrase,


                              LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback)),


                              void **abstract);

#define LIBSSH2_SK_PRESENCE_REQUIRED     0x01
#define LIBSSH2_SK_VERIFICATION_REQUIRED 0x04
typedef struct _LIBSSH2_SK_SIG_INFO {


    uint8_t flags;


    uint32_t counter;


    unsigned char *sig_r;


    size_t sig_r_len;


    unsigned char *sig_s;


    size_t sig_s_len;
} LIBSSH2_SK_SIG_INFO;
int name(LIBSSH2_SESSION *session, LIBSSH2_SK_SIG_INFO *sig_info,


         const unsigned char *data, size_t data_len, int algorithm,


         uint8_t flags, const char *application,


         const unsigned char *key_handle, size_t handle_len,


         void **abstract);

session - Session instance as returned by libssh2_session_init_ex(3)

username - Name of user to attempt authentication for.

username_len - Length of username parameter.

publickeydata - Buffer containing the contents of a public key file. If NULL, the public key will be extracted from the privatekeydata. When using certificate authentication, this buffer should contain the public certificate data.

publickeydata_len - Length of public key data.

privatekeydata - Buffer containing the contents of a private key file.

privatekeydata_len - Length of private key data.

passphrase - Passphrase to use when decoding private key file.

sign_callback - Callback to communicate with FIDO2 authenticator.

abstract - User-provided data to pass to callback.

Attempt FIDO2 authentication. using either the sk-ssh-ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com key exchange algorithms.

This function is only supported when libssh2 is backed by OpenSSL.

session - Session instance as returned by libssh2_session_init_ex(3)

sig_info - Filled in by the callback with the signature and accompanying information from the authenticator.

data - The data to sign.

data_len - The length of the data parameter.

algorithm - The signing algorithm to use. Possible values are LIBSSH2_HOSTKEY_TYPE_ED25519 and LIBSSH2_HOSTKEY_TYPE_ECDSA_256.

flags - A bitmask specifying options for the authenticator. When LIBSSH2_SK_PRESENCE_REQUIRED is set, the authenticator requires a touch. When LIBSSH2_SK_VERIFICATION_REQUIRED is set, the authenticator requires a PIN. Many servers and authenticators do not work properly when LIBSSH2_SK_PRESENCE_REQUIRED is not set.

application - A user-defined string to use as the RP name for the authenticator. Usually "ssh:".

key_handle - The key handle to use for the authenticator's allow list.

handle_len - The length of the key_handle parameter.

abstract - User-defined data. When a PIN is required, use this to pass in the PIN, or a function pointer to retrieve the PIN.

The sign_callback is responsible for communicating with the hardware authenticator to generate a signature. On success, the signature information must be placed in the `sig_info sig_info parameter and the callback must return 0. On failure, it should return a negative number.

The fields of the LIBSSH2_SK_SIG_INFO are as follows.

flags - A bitmask specifying options for the authenticator. This should be read from the authenticator and not merely copied from the flags parameter to the callback.

counter - A value returned from the authenticator.

sig_r - For Ed25519 signatures, this contains the entire signature, as returned directly from the authenticator. For ECDSA signatures, this contains the r component of the signature in a big-endian binary representation. For both algorithms, use LIBSSH2_ALLOC to allocate memory. It will be freed by the caller.

sig_r_len - The length of the sig_r parameter.

sig_s - For ECDSA signatures, this contains the s component of the signature in a big-endian binary representation. Use LIBSSH2_ALLOC to allocate memory. It will be freed by the caller. For Ed25519 signatures, set this to NULL.

sig_s_len - The length of the sig_s parameter.

Return 0 on success or negative on failure. It returns LIBSSH2_ERROR_EAGAIN when it would otherwise block. While LIBSSH2_ERROR_EAGAIN is a negative number, it is not really a failure per se.

Some of the errors this function may return include:

LIBSSH2_ERROR_ALLOC - An internal memory allocation call failed.

LIBSSH2_ERROR_SOCKET_SEND - Unable to send data on socket.

LIBSSH2_ERROR_AUTHENTICATION_FAILED - failed, invalid username/key.

Added in libssh2 1.10.0

libssh2_session_init_ex(3)

1 Jun 2022 libssh2
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.