diff options
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | sk-usbhid.c | 26 |
2 files changed, 21 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index 756e26572..7386d742d 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -3183,6 +3183,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then | |||
3183 | saved_LIBS="$LIBS" | 3183 | saved_LIBS="$LIBS" |
3184 | LIBS="$LIBS $LIBFIDO2" | 3184 | LIBS="$LIBS $LIBFIDO2" |
3185 | AC_CHECK_FUNCS([ \ | 3185 | AC_CHECK_FUNCS([ \ |
3186 | fido_cred_prot \ | ||
3186 | fido_cred_set_prot \ | 3187 | fido_cred_set_prot \ |
3187 | fido_dev_get_touch_status \ | 3188 | fido_dev_get_touch_status \ |
3188 | fido_dev_supports_cred_prot \ | 3189 | fido_dev_supports_cred_prot \ |
diff --git a/sk-usbhid.c b/sk-usbhid.c index 98e8ccf10..9b1f4b707 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c | |||
@@ -42,6 +42,12 @@ | |||
42 | #include <fido/credman.h> | 42 | #include <fido/credman.h> |
43 | 43 | ||
44 | /* backwards compat for libfido2 */ | 44 | /* backwards compat for libfido2 */ |
45 | #ifndef HAVE_FIDO_CRED_PROD | ||
46 | #define fido_cred_prot(x) (0) | ||
47 | #endif | ||
48 | #ifndef HAVE_FIDO_CRED_SET_PROT | ||
49 | #define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION) | ||
50 | #endif | ||
45 | #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT | 51 | #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT |
46 | #define fido_dev_supports_cred_prot(x) (0) | 52 | #define fido_dev_supports_cred_prot(x) (0) |
47 | #endif | 53 | #endif |
@@ -51,6 +57,12 @@ | |||
51 | #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS | 57 | #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS |
52 | #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION) | 58 | #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION) |
53 | #endif | 59 | #endif |
60 | #ifndef FIDO_CRED_PROT_UV_REQUIRED | ||
61 | #define FIDO_CRED_PROT_UV_REQUIRED 0 | ||
62 | #endif | ||
63 | #ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID | ||
64 | #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0 | ||
65 | #endif | ||
54 | 66 | ||
55 | #ifndef SK_STANDALONE | 67 | #ifndef SK_STANDALONE |
56 | # include "log.h" | 68 | # include "log.h" |
@@ -395,11 +407,6 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs) | |||
395 | size_t skvcnt, idx; | 407 | size_t skvcnt, idx; |
396 | int touch, ms_remain; | 408 | int touch, ms_remain; |
397 | 409 | ||
398 | #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS | ||
399 | skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0"); | ||
400 | return NULL; | ||
401 | #endif | ||
402 | |||
403 | if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) { | 410 | if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) { |
404 | skdebug(__func__, "sk_openv failed"); | 411 | skdebug(__func__, "sk_openv failed"); |
405 | return NULL; | 412 | return NULL; |
@@ -413,6 +420,11 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs) | |||
413 | } | 420 | } |
414 | goto out; | 421 | goto out; |
415 | } | 422 | } |
423 | #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS | ||
424 | skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0"); | ||
425 | goto out; | ||
426 | #endif | ||
427 | |||
416 | if (sk_touch_begin(skv, skvcnt) == -1) { | 428 | if (sk_touch_begin(skv, skvcnt) == -1) { |
417 | skdebug(__func__, "sk_touch_begin failed"); | 429 | skdebug(__func__, "sk_touch_begin failed"); |
418 | goto out; | 430 | goto out; |
@@ -728,10 +740,12 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, | |||
728 | goto out; | 740 | goto out; |
729 | } | 741 | } |
730 | if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) { | 742 | if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) { |
731 | #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT | 743 | #if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \ |
744 | !defined(HAVE_FIDO_CRED_SET_PROT) | ||
732 | skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0"); | 745 | skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0"); |
733 | ret = SSH_SK_ERR_UNSUPPORTED; | 746 | ret = SSH_SK_ERR_UNSUPPORTED; |
734 | goto out; | 747 | goto out; |
748 | credprot = 0; (void)credprot; /* avoid warning */ | ||
735 | #endif | 749 | #endif |
736 | if (!fido_dev_supports_cred_prot(sk->dev)) { | 750 | if (!fido_dev_supports_cred_prot(sk->dev)) { |
737 | skdebug(__func__, "%s does not support credprot, " | 751 | skdebug(__func__, "%s does not support credprot, " |