summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-04-28 04:59:29 +0000
committerDamien Miller <djm@mindrot.org>2020-05-01 13:13:36 +1000
commita01817a9f63dbcbbc6293aacc4019993a4cdc7e3 (patch)
treec98d6fe820a4aa0600b746eb1e99a11bca4c70a2
parent261571ddf02ea38fdb5e4a97c69ee53f847ca5b7 (diff)
upstream: adapt dummy FIDO middleware to API change; ok markus@
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
Diffstat
-rw-r--r--regress/misc/sk-dummy/sk-dummy.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
index dca158ded..f3acb2fb7 100644
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -47,7 +47,7 @@
47 } while (0) 47 } while (0)
48#endif 48#endif
49 49
50#if SSH_SK_VERSION_MAJOR != 0x00040000 50#if SSH_SK_VERSION_MAJOR != 0x00050000
51# error SK API has changed, sk-dummy.c needs an update 51# error SK API has changed, sk-dummy.c needs an update
52#endif 52#endif
53 53
@@ -468,13 +468,15 @@ sig_ed25519(const uint8_t *message, size_t message_len,
468} 468}
469 469
470int 470int
471sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, 471sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
472 const char *application, const uint8_t *key_handle, size_t key_handle_len, 472 const char *application, const uint8_t *key_handle, size_t key_handle_len,
473 uint8_t flags, const char *pin, struct sk_option **options, 473 uint8_t flags, const char *pin, struct sk_option **options,
474 struct sk_sign_response **sign_response) 474 struct sk_sign_response **sign_response)
475{ 475{
476 struct sk_sign_response *response = NULL; 476 struct sk_sign_response *response = NULL;
477 int ret = SSH_SK_ERR_GENERAL; 477 int ret = SSH_SK_ERR_GENERAL;
478 SHA256_CTX ctx;
479 uint8_t message[32];
478 480
479 if (sign_response == NULL) { 481 if (sign_response == NULL) {
480 skdebug(__func__, "sign_response == NULL"); 482 skdebug(__func__, "sign_response == NULL");
@@ -487,17 +489,20 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
487 skdebug(__func__, "calloc response failed"); 489 skdebug(__func__, "calloc response failed");
488 goto out; 490 goto out;
489 } 491 }
492 SHA256_Init(&ctx);
493 SHA256_Update(&ctx, data, datalen);
494 SHA256_Final(message, &ctx);
490 response->flags = flags; 495 response->flags = flags;
491 response->counter = 0x12345678; 496 response->counter = 0x12345678;
492 switch(alg) { 497 switch(alg) {
493 case SSH_SK_ECDSA: 498 case SSH_SK_ECDSA:
494 if (sig_ecdsa(message, message_len, application, 499 if (sig_ecdsa(message, sizeof(message), application,
495 response->counter, flags, key_handle, key_handle_len, 500 response->counter, flags, key_handle, key_handle_len,
496 response) != 0) 501 response) != 0)
497 goto out; 502 goto out;
498 break; 503 break;
499 case SSH_SK_ED25519: 504 case SSH_SK_ED25519:
500 if (sig_ed25519(message, message_len, application, 505 if (sig_ed25519(message, sizeof(message), application,
501 response->counter, flags, key_handle, key_handle_len, 506 response->counter, flags, key_handle, key_handle_len,
502 response) != 0) 507 response) != 0)
503 goto out; 508 goto out;
@@ -510,6 +515,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
510 response = NULL; 515 response = NULL;
511 ret = 0; 516 ret = 0;
512 out: 517 out:
518 explicit_bzero(message, sizeof(message));
513 if (response != NULL) { 519 if (response != NULL) {
514 free(response->sig_r); 520 free(response->sig_r);
515 free(response->sig_s); 521 free(response->sig_s);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 09:23:28 +0000