From a01817a9f63dbcbbc6293aacc4019993a4cdc7e3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 28 Apr 2020 04:59:29 +0000 Subject: upstream: adapt dummy FIDO middleware to API change; ok markus@ OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f --- regress/misc/sk-dummy/sk-dummy.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c index dca158ded..f3acb2fb7 100644 --- a/regress/misc/sk-dummy/sk-dummy.c +++ b/regress/misc/sk-dummy/sk-dummy.c @@ -47,7 +47,7 @@ } while (0) #endif -#if SSH_SK_VERSION_MAJOR != 0x00040000 +#if SSH_SK_VERSION_MAJOR != 0x00050000 # error SK API has changed, sk-dummy.c needs an update #endif @@ -468,13 +468,15 @@ sig_ed25519(const uint8_t *message, size_t message_len, } int -sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, +sk_sign(uint32_t alg, const uint8_t *data, size_t datalen, const char *application, const uint8_t *key_handle, size_t key_handle_len, uint8_t flags, const char *pin, struct sk_option **options, struct sk_sign_response **sign_response) { struct sk_sign_response *response = NULL; int ret = SSH_SK_ERR_GENERAL; + SHA256_CTX ctx; + uint8_t message[32]; if (sign_response == NULL) { skdebug(__func__, "sign_response == NULL"); @@ -487,17 +489,20 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, skdebug(__func__, "calloc response failed"); goto out; } + SHA256_Init(&ctx); + SHA256_Update(&ctx, data, datalen); + SHA256_Final(message, &ctx); response->flags = flags; response->counter = 0x12345678; switch(alg) { case SSH_SK_ECDSA: - if (sig_ecdsa(message, message_len, application, + if (sig_ecdsa(message, sizeof(message), application, response->counter, flags, key_handle, key_handle_len, response) != 0) goto out; break; case SSH_SK_ED25519: - if (sig_ed25519(message, message_len, application, + if (sig_ed25519(message, sizeof(message), application, response->counter, flags, key_handle, key_handle_len, response) != 0) goto out; @@ -510,6 +515,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, response = NULL; ret = 0; out: + explicit_bzero(message, sizeof(message)); if (response != NULL) { free(response->sig_r); free(response->sig_s); -- cgit v1.2.3