diff options
-rw-r--r-- | sk-api.h | 5 | ||||
-rw-r--r-- | sk-usbhid.c | 6 | ||||
-rw-r--r-- | ssh-sk.c | 5 |
3 files changed, 10 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sk-api.h,v 1.9 2020/04/28 04:02:29 djm Exp $ */ | 1 | /* $OpenBSD: sk-api.h,v 1.10 2020/08/27 01:08:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -63,6 +63,7 @@ struct sk_resident_key { | |||
63 | size_t slot; | 63 | size_t slot; |
64 | char *application; | 64 | char *application; |
65 | struct sk_enroll_response key; | 65 | struct sk_enroll_response key; |
66 | uint8_t flags; | ||
66 | }; | 67 | }; |
67 | 68 | ||
68 | struct sk_option { | 69 | struct sk_option { |
@@ -71,7 +72,7 @@ struct sk_option { | |||
71 | uint8_t required; | 72 | uint8_t required; |
72 | }; | 73 | }; |
73 | 74 | ||
74 | #define SSH_SK_VERSION_MAJOR 0x00050000 /* current API version */ | 75 | #define SSH_SK_VERSION_MAJOR 0x00060000 /* current API version */ |
75 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 | 76 | #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 |
76 | 77 | ||
77 | /* Return the version of the middleware API */ | 78 | /* Return the version of the middleware API */ |
diff --git a/sk-usbhid.c b/sk-usbhid.c index 2efb377c5..0305683fe 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c | |||
@@ -1104,8 +1104,7 @@ read_rks(struct sk_usbhid *sk, const char *pin, | |||
1104 | } | 1104 | } |
1105 | 1105 | ||
1106 | srk->key.key_handle_len = fido_cred_id_len(cred); | 1106 | srk->key.key_handle_len = fido_cred_id_len(cred); |
1107 | memcpy(srk->key.key_handle, | 1107 | memcpy(srk->key.key_handle, fido_cred_id_ptr(cred), |
1108 | fido_cred_id_ptr(cred), | ||
1109 | srk->key.key_handle_len); | 1108 | srk->key.key_handle_len); |
1110 | 1109 | ||
1111 | switch (fido_cred_type(cred)) { | 1110 | switch (fido_cred_type(cred)) { |
@@ -1121,6 +1120,9 @@ read_rks(struct sk_usbhid *sk, const char *pin, | |||
1121 | goto out; /* XXX free rk and continue */ | 1120 | goto out; /* XXX free rk and continue */ |
1122 | } | 1121 | } |
1123 | 1122 | ||
1123 | if (fido_cred_prot(cred) == FIDO_CRED_PROT_UV_REQUIRED) | ||
1124 | srk->flags |= SSH_SK_USER_VERIFICATION_REQD; | ||
1125 | |||
1124 | if ((r = pack_public_key(srk->alg, cred, | 1126 | if ((r = pack_public_key(srk->alg, cred, |
1125 | &srk->key)) != 0) { | 1127 | &srk->key)) != 0) { |
1126 | skdebug(__func__, "pack public key failed"); | 1128 | skdebug(__func__, "pack public key failed"); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.30 2020/04/28 04:02:29 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.31 2020/08/27 01:08:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -769,8 +769,9 @@ sshsk_load_resident(const char *provider_path, const char *device, | |||
769 | default: | 769 | default: |
770 | continue; | 770 | continue; |
771 | } | 771 | } |
772 | /* XXX where to get flags? */ | ||
773 | flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY; | 772 | flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY; |
773 | if ((rks[i]->flags & SSH_SK_USER_VERIFICATION_REQD)) | ||
774 | flags |= SSH_SK_USER_VERIFICATION_REQD; | ||
774 | if ((r = sshsk_key_from_response(rks[i]->alg, | 775 | if ((r = sshsk_key_from_response(rks[i]->alg, |
775 | rks[i]->application, flags, &rks[i]->key, &key)) != 0) | 776 | rks[i]->application, flags, &rks[i]->key, &key)) != 0) |
776 | goto out; | 777 | goto out; |