hidgd: add certificate to registration message

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 22 insertions, 4 deletions

diff --git a/hidgd.1.in b/hidgd.1.in
index 13a451a..1299cee 100644
--- a/hidgd.1.in
+++ b/hidgd.1.in
@@ -3,4 +3,6 @@ hidgd - hid gadget daemon
 
 [description]
 
-Handles the hidg end of a FIDO2 device
+Handles the hidg end of a FIDO2 device.  Note that the certificate
+file is simply placed straight into the register reply and therefore
+must be correctly DER encoded.
diff --git a/hidgd.c b/hidgd.c
index 5d4c185..44b5b52 100644
--- a/hidgd.c
+++ b/hidgd.c
@@ -21,8 +21,7 @@
 #include "u2f_hid.h"
 
 static int dev;
-
-static const char *cert = NULL;
+static int certd;
 
 static struct option long_options[] = {
 	{"help", 0, 0, 'h'},
@@ -201,6 +200,16 @@ static void process_register(uint32_t cid, uint8_t ctap[HID_MAX_PAYLOAD])
 	resp->registerId = U2F_REGISTER_ID;
 	resp->keyHandleLen = sizeof(keystr); /* include trailing 0 */
 	strcpy((char *)resp->keyHandleCertSig, keystr);
+	ptr = &resp->keyHandleCertSig[resp->keyHandleLen];
+	/* place the DER encoded cert into the buffer */
+	lseek(certd, 0, SEEK_SET);
+	len = read(certd, ptr, sizeof(buf) - (ptr - buf));
+	if (len < 0) {
+		perror("Failed to load cert into reply");
+		process_error(cid, ERR_INVALID_CMD);
+		return;
+	}
+
 	send_payload(buf, sizeof(U2F_REGISTER_RESP), cid, U2F_SW_NO_ERROR);
 }
 
@@ -336,7 +345,7 @@ static void command_loop(void)
 
 int main(int argc, char *argv[])
 {
-	const char *file;
+	const char *file, *cert;
 
 	for (;;) {
 		int c, option_index;
@@ -384,6 +393,13 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	certd = open(cert, O_RDWR);
+	if (certd < 0) {
+		fprintf(stderr, "Failed to open %s: ", cert);
+		perror("");
+		exit(1);
+	}
+
 	for (;;) {
 		command_loop();
 	}