diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-19 09:01:51 -0700 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-19 09:01:51 -0700 |
commit | 6964deda1643da8d8fd73068baf1eb177e03fc54 (patch) | |
tree | cd8573522f12196dae906708f037ed3fc1a7cafe | |
parent | 34033b09a85ed4a8c695ccfd8bf10d719f2bc9a0 (diff) | |
download | fido2-ctap-gadget-6964deda1643da8d8fd73068baf1eb177e03fc54.tar.gz |
hidgd: add certificate to registration message
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | hidgd.1.in | 4 | ||||
-rw-r--r-- | hidgd.c | 22 |
2 files changed, 22 insertions, 4 deletions
@@ -3,4 +3,6 @@ hidgd - hid gadget daemon [description] -Handles the hidg end of a FIDO2 device +Handles the hidg end of a FIDO2 device. Note that the certificate +file is simply placed straight into the register reply and therefore +must be correctly DER encoded. @@ -21,8 +21,7 @@ #include "u2f_hid.h" static int dev; - -static const char *cert = NULL; +static int certd; static struct option long_options[] = { {"help", 0, 0, 'h'}, @@ -201,6 +200,16 @@ static void process_register(uint32_t cid, uint8_t ctap[HID_MAX_PAYLOAD]) resp->registerId = U2F_REGISTER_ID; resp->keyHandleLen = sizeof(keystr); /* include trailing 0 */ strcpy((char *)resp->keyHandleCertSig, keystr); + ptr = &resp->keyHandleCertSig[resp->keyHandleLen]; + /* place the DER encoded cert into the buffer */ + lseek(certd, 0, SEEK_SET); + len = read(certd, ptr, sizeof(buf) - (ptr - buf)); + if (len < 0) { + perror("Failed to load cert into reply"); + process_error(cid, ERR_INVALID_CMD); + return; + } + send_payload(buf, sizeof(U2F_REGISTER_RESP), cid, U2F_SW_NO_ERROR); } @@ -336,7 +345,7 @@ static void command_loop(void) int main(int argc, char *argv[]) { - const char *file; + const char *file, *cert; for (;;) { int c, option_index; @@ -384,6 +393,13 @@ int main(int argc, char *argv[]) exit(1); } + certd = open(cert, O_RDWR); + if (certd < 0) { + fprintf(stderr, "Failed to open %s: ", cert); + perror(""); + exit(1); + } + for (;;) { command_loop(); } |