summaryrefslogtreecommitdiff
path: root/sk-usbhid.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-09-09 03:08:01 +0000
committerDamien Miller <djm@mindrot.org>2020-09-09 13:11:34 +1000
commitc76773524179cb654ff838dd43ba1ddb155bafaa (patch)
tree0e3079b760a58a670a5a5bbdca0e8eb184e34173 /sk-usbhid.c
parentc1c44eeecddf093a7983bd91e70b446de789b363 (diff)
upstream: when writing an attestation blob for a FIDO key, record all
the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@ OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
Diffstat (limited to 'sk-usbhid.c')
-rw-r--r--sk-usbhid.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c
index de85b2cb3..007c59644 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sk-usbhid.c,v 1.25 2020/08/31 00:17:41 djm Exp $ */ 1/* $OpenBSD: sk-usbhid.c,v 1.26 2020/09/09 03:08:01 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Markus Friedl 3 * Copyright (c) 2019 Markus Friedl
4 * Copyright (c) 2020 Pedro Martelletto 4 * Copyright (c) 2020 Pedro Martelletto
@@ -822,6 +822,16 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
822 memcpy(response->attestation_cert, ptr, len); 822 memcpy(response->attestation_cert, ptr, len);
823 response->attestation_cert_len = len; 823 response->attestation_cert_len = len;
824 } 824 }
825 if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) {
826 len = fido_cred_authdata_len(cred);
827 debug3("%s: authdata len=%zu", __func__, len);
828 if ((response->authdata = calloc(1, len)) == NULL) {
829 skdebug(__func__, "calloc authdata failed");
830 goto out;
831 }
832 memcpy(response->authdata, ptr, len);
833 response->authdata_len = len;
834 }
825 *enroll_response = response; 835 *enroll_response = response;
826 response = NULL; 836 response = NULL;
827 ret = 0; 837 ret = 0;
@@ -832,6 +842,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
832 free(response->key_handle); 842 free(response->key_handle);
833 free(response->signature); 843 free(response->signature);
834 free(response->attestation_cert); 844 free(response->attestation_cert);
845 free(response->authdata);
835 free(response); 846 free(response);
836 } 847 }
837 sk_close(sk); 848 sk_close(sk);