version 1.1.1.1, 2020/02/27 00:21:36 |
version 1.1.1.2, 2020/05/28 17:03:00 |
|
|
#include <stdio.h> |
#include <stdio.h> |
#include <stddef.h> |
#include <stddef.h> |
#include <stdarg.h> |
#include <stdarg.h> |
|
#include <sha2.h> |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
#include <openssl/opensslv.h> |
#include <openssl/opensslv.h> |
|
|
#include <openssl/bn.h> |
#include <openssl/bn.h> |
#include <openssl/ec.h> |
#include <openssl/ec.h> |
#include <openssl/ecdsa.h> |
#include <openssl/ecdsa.h> |
|
#include <openssl/evp.h> |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
|
|
#include <fido.h> |
#include <fido.h> |
Line 706 check_sign_load_resident_options(struct |
|
Line 708 check_sign_load_resident_options(struct |
|
return 0; |
return 0; |
} |
} |
|
|
|
/* Calculate SHA256(m) */ |
|
static int |
|
sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen) |
|
{ |
|
#ifdef WITH_OPENSSL |
|
u_int mdlen; |
|
#endif |
|
|
|
if (dlen != 32) |
|
return -1; |
|
#ifdef WITH_OPENSSL |
|
mdlen = dlen; |
|
if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL)) |
|
return -1; |
|
#else |
|
SHA256Data(m, mlen, d); |
|
#endif |
|
return 0; |
|
} |
|
|
int |
int |
sk_sign(uint32_t alg, const uint8_t *message, size_t message_len, |
sk_sign(uint32_t alg, const uint8_t *data, size_t datalen, |
const char *application, |
const char *application, |
const uint8_t *key_handle, size_t key_handle_len, |
const uint8_t *key_handle, size_t key_handle_len, |
uint8_t flags, const char *pin, struct sk_option **options, |
uint8_t flags, const char *pin, struct sk_option **options, |
Line 717 sk_sign(uint32_t alg, const uint8_t *mes |
|
Line 739 sk_sign(uint32_t alg, const uint8_t *mes |
|
char *device = NULL; |
char *device = NULL; |
fido_dev_t *dev = NULL; |
fido_dev_t *dev = NULL; |
struct sk_sign_response *response = NULL; |
struct sk_sign_response *response = NULL; |
|
uint8_t message[32]; |
int ret = SSH_SK_ERR_GENERAL; |
int ret = SSH_SK_ERR_GENERAL; |
int r; |
int r; |
|
|
Line 731 sk_sign(uint32_t alg, const uint8_t *mes |
|
Line 754 sk_sign(uint32_t alg, const uint8_t *mes |
|
*sign_response = NULL; |
*sign_response = NULL; |
if (check_sign_load_resident_options(options, &device) != 0) |
if (check_sign_load_resident_options(options, &device) != 0) |
goto out; /* error already logged */ |
goto out; /* error already logged */ |
if ((dev = find_device(device, message, message_len, |
/* hash data to be signed before it goes to the security key */ |
|
if ((r = sha256_mem(data, datalen, message, sizeof(message))) != 0) { |
|
skdebug(__func__, "hash message failed"); |
|
goto out; |
|
} |
|
if ((dev = find_device(device, message, sizeof(message), |
application, key_handle, key_handle_len)) == NULL) { |
application, key_handle, key_handle_len)) == NULL) { |
skdebug(__func__, "couldn't find device for key handle"); |
skdebug(__func__, "couldn't find device for key handle"); |
goto out; |
goto out; |
Line 741 sk_sign(uint32_t alg, const uint8_t *mes |
|
Line 769 sk_sign(uint32_t alg, const uint8_t *mes |
|
goto out; |
goto out; |
} |
} |
if ((r = fido_assert_set_clientdata_hash(assert, message, |
if ((r = fido_assert_set_clientdata_hash(assert, message, |
message_len)) != FIDO_OK) { |
sizeof(message))) != FIDO_OK) { |
skdebug(__func__, "fido_assert_set_clientdata_hash: %s", |
skdebug(__func__, "fido_assert_set_clientdata_hash: %s", |
fido_strerr(r)); |
fido_strerr(r)); |
goto out; |
goto out; |
Line 779 sk_sign(uint32_t alg, const uint8_t *mes |
|
Line 807 sk_sign(uint32_t alg, const uint8_t *mes |
|
response = NULL; |
response = NULL; |
ret = 0; |
ret = 0; |
out: |
out: |
|
explicit_bzero(message, sizeof(message)); |
free(device); |
free(device); |
if (response != NULL) { |
if (response != NULL) { |
free(response->sig_r); |
free(response->sig_r); |