Index: sk-usbhid.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sk-usbhid.c,v
retrieving revision 1.45
diff -u -p -r1.45 sk-usbhid.c
--- sk-usbhid.c 14 Sep 2022 00:14:37 -0000 1.45
+++ sk-usbhid.c 3 Oct 2022 17:14:51 -0000
@@ -23,6 +23,7 @@
#include <stddef.h>
#include <stdarg.h>
#include <time.h>
+#include <sha2.h>
#ifdef WITH_OPENSSL
#include <openssl/opensslv.h>
@@ -271,6 +272,58 @@ sk_touch_poll(struct sk_usbhid **skv, si
}
*touch = 0;
return 0;
+}
+
+/* Calculate SHA256(m) */
+static int
+sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
+{
+ SHA2_CTX ctx;
+
+ if (dlen != 32)
+ return -1;
+ SHA256Init(&ctx);
+ SHA256Update(&ctx, (const uint8_t *)m, mlen);
+ SHA256Final(d, &ctx);
+ return 0;
+}
+
+static int
+fido_cred_set_clientdata(fido_cred_t *cred, const u_char *ptr, size_t len)
+{
+ uint8_t d[32];
+ int r;
+
+ if (sha256_mem(ptr, len, d, sizeof(d)) != 0) {
+ skdebug(__func__, "hash challenge failed");
+ return FIDO_ERR_INTERNAL;
+ }
+ r = fido_cred_set_clientdata_hash(cred, d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
+ if (r != FIDO_OK) {
+ skdebug(__func__, "fido_cred_set_clientdata_hash failed: %s",
+ fido_strerr(r));
+ }
+ return r;
+}
+
+static int
+fido_assert_set_clientdata(fido_assert_t *assert, const u_char *ptr, size_t len)
+{
+ uint8_t d[32];
+ int r;
+
+ if (sha256_mem(ptr, len, d, sizeof(d)) != 0) {
+ skdebug(__func__, "hash challenge failed");
+ return FIDO_ERR_INTERNAL;
+ }
+ r = fido_assert_set_clientdata_hash(assert, d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
+ if (r != FIDO_OK) {
+ skdebug(__func__, "fido_assert_set_clientdata_hash failed: %s",
+ fido_strerr(r));
+ }
+ return r;
}
/* Check if the specified key handle exists on a given sk. */