diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2020-04-28 04:59:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2020-04-28 04:59:30 +0000 |
| commit | b4e37d1a887c9fc02ab80338d934083a4cbf53c1 (patch) | |
| tree | dde2c9102eacb56269c1f955bfd4835a03e9dbd2 | |
| parent | 8eb50e781096b72edb99391671d852c1f729931c (diff) | |
adapt dummy FIDO middleware to API change; ok markus@
| -rw-r--r-- | regress/usr.bin/ssh/misc/sk-dummy/sk-dummy.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/regress/usr.bin/ssh/misc/sk-dummy/sk-dummy.c b/regress/usr.bin/ssh/misc/sk-dummy/sk-dummy.c index dbddcf1c33c..918782633f9 100644 --- a/regress/usr.bin/ssh/misc/sk-dummy/sk-dummy.c +++ b/regress/usr.bin/ssh/misc/sk-dummy/sk-dummy.c @@ -43,7 +43,7 @@ } while (0) #endif -#if SSH_SK_VERSION_MAJOR != 0x00040000 +#if SSH_SK_VERSION_MAJOR != 0x00050000 # error SK API has changed, sk-dummy.c needs an update #endif @@ -456,13 +456,15 @@ sig_ed25519(const uint8_t *message, size_t message_len, } int -sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, +sk_sign(uint32_t alg, const uint8_t *data, size_t datalen, const char *application, const uint8_t *key_handle, size_t key_handle_len, uint8_t flags, const char *pin, struct sk_option **options, struct sk_sign_response **sign_response) { struct sk_sign_response *response = NULL; int ret = SSH_SK_ERR_GENERAL; + SHA256_CTX ctx; + uint8_t message[32]; if (sign_response == NULL) { skdebug(__func__, "sign_response == NULL"); @@ -475,17 +477,20 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, skdebug(__func__, "calloc response failed"); goto out; } + SHA256_Init(&ctx); + SHA256_Update(&ctx, data, datalen); + SHA256_Final(message, &ctx); response->flags = flags; response->counter = 0x12345678; switch(alg) { case SSH_SK_ECDSA: - if (sig_ecdsa(message, message_len, application, + if (sig_ecdsa(message, sizeof(message), application, response->counter, flags, key_handle, key_handle_len, response) != 0) goto out; break; case SSH_SK_ED25519: - if (sig_ed25519(message, message_len, application, + if (sig_ed25519(message, sizeof(message), application, response->counter, flags, key_handle, key_handle_len, response) != 0) goto out; @@ -498,6 +503,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, response = NULL; ret = 0; out: + explicit_bzero(message, sizeof(message)); if (response != NULL) { free(response->sig_r); free(response->sig_s); |