wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add RCS IDs to the few files that are missing them;	djm	2020-08-31	1	-0/+1
\| \| \| \|	from Pedro Martelletto
*	support for user-verified FIDO keys	djm	2020-08-27	1	-3/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
*	ssh-keygen -Y find-principals fixes based on feedback from Markus:	djm	2020-01-23	1	-3/+2
\| \| \| \| \| \| \| \| \| \| \| \|	use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@
*	missing header change from previous; spotted by dtucker@	djm	2020-01-23	1	-0/+10
\|
*	Add new structure for signature options	djm	2019-11-25	1	-2/+4
\| \| \| \| \| \| \| \| \|	This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
*	Refactor signing - use sshkey_sign for everything, including the new	djm	2019-10-31	1	-5/+6
\| \| \| \| \| \| \| \| \| \| \|	U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
*	expose allowed_signers options parsing code in header for fuzzing	djm	2019-09-05	1	-0/+8
\| \| \| \| \|	rename to make more consistent with philosophically-similar auth options parsing API.
*	sshsig tweaks and improvements from and suggested by Markus	djm	2019-09-03	1	-11/+17
\| \| \| \|	ok markus/me
*	sshsig: lightweight signature and verification ability for OpenSSH	djm	2019-09-03	1	-0/+78
	This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign\|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@