diff options
author | Damien Miller <djm@mindrot.org> | 2022-02-07 12:53:47 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-02-07 12:53:47 +1100 |
commit | 56192518e329b39f063487bc2dc4d796f791eca0 (patch) | |
tree | 69ebf76e7aafcae214db5d2a4d701d2e29b29df7 | |
parent | d6b5aa08fdcf9b527f8b8f932432941d5b76b7ab (diff) |
compat code for fido_assert_set_clientdata()
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | sk-usbhid.c | 28 |
2 files changed, 27 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index f2a4aa12..c10ac8a1 100644 --- a/configure.ac +++ b/configure.ac @@ -3230,6 +3230,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then saved_LIBS="$LIBS" LIBS="$LIBS $LIBFIDO2" AC_CHECK_FUNCS([ \ + fido_assert_set_clientdata \ fido_cred_prot \ fido_cred_set_prot \ fido_cred_set_clientdata \ diff --git a/sk-usbhid.c b/sk-usbhid.c index d01dd292..77afe802 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -312,7 +312,8 @@ sk_touch_poll(struct sk_usbhid **skv, size_t nsk, int *touch, size_t *idx) return 0; } -#ifndef HAVE_FIDO_CRED_SET_CLIENTDATA +#if !defined(FIDO_ASSERT_SET_CLIENTDATA) || \ + !defined(HAVE_FIDO_CRED_SET_CLIENTDATA) /* Calculate SHA256(m) */ static int sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen) @@ -336,8 +337,10 @@ sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen) #endif return 0; } +#endif /* !FIDO_ASSERT_SET_CLIENTDATA || !HAVE_FIDO_CRED_SET_CLIENTDATA */ -int +#ifndef HAVE_FIDO_CRED_SET_CLIENTDATA +static int fido_cred_set_clientdata(fido_cred_t *cred, const u_char *ptr, size_t len) { uint8_t d[32]; @@ -357,6 +360,27 @@ fido_cred_set_clientdata(fido_cred_t *cred, const u_char *ptr, size_t len) } #endif /* HAVE_FIDO_CRED_SET_CLIENTDATA */ +#ifndef HAVE_ASSERT_CRED_SET_CLIENTDATA +static int +fido_assert_set_clientdata(fido_assert_t *assert, const u_char *ptr, size_t len) +{ + uint8_t d[32]; + int r; + + if (sha256_mem(ptr, len, d, sizeof(d)) != 0) { + skdebug(__func__, "hash challenge failed"); + return FIDO_ERR_INTERNAL; + } + r = fido_assert_set_clientdata_hash(assert, d, sizeof(d)); + explicit_bzero(d, sizeof(d)); + if (r != FIDO_OK) { + skdebug(__func__, "fido_assert_set_clientdata_hash failed: %s", + fido_strerr(r)); + } + return r; +} +#endif /* HAVE_FIDO_ASSERT_SET_CLIENTDATA */ + /* Check if the specified key handle exists on a given sk. */ static int sk_try(const struct sk_usbhid *sk, const char *application, |