compat code for fido_assert_set_clientdata()

diff --git a/configure.ac b/configure.ac
index f2a4aa12bc042e86773822a7b2247023922604e3..c10ac8a180a23e3823ff7818f8e959833597a67e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3230,6 +3230,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
        saved_LIBS="$LIBS"
        LIBS="$LIBS $LIBFIDO2"
        AC_CHECK_FUNCS([ \
+               fido_assert_set_clientdata \
                fido_cred_prot \
                fido_cred_set_prot \
                fido_cred_set_clientdata \

diff --git a/sk-usbhid.c b/sk-usbhid.c
index d01dd29241eb9ad8fdbc2907ba0882b61eb4cbea..77afe802f8d31a99de2f1da1d4dca8fd16b5e12f 100644 (file)
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -312,7 +312,8 @@ sk_touch_poll(struct sk_usbhid **skv, size_t nsk, int *touch, size_t *idx)
        return 0;
 }
 
-#ifndef HAVE_FIDO_CRED_SET_CLIENTDATA
+#if !defined(FIDO_ASSERT_SET_CLIENTDATA) || \
+    !defined(HAVE_FIDO_CRED_SET_CLIENTDATA)
 /* Calculate SHA256(m) */
 static int
 sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
@@ -336,8 +337,10 @@ sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
 #endif
        return 0;
 }
+#endif /* !FIDO_ASSERT_SET_CLIENTDATA || !HAVE_FIDO_CRED_SET_CLIENTDATA */
 
-int
+#ifndef HAVE_FIDO_CRED_SET_CLIENTDATA
+static int
 fido_cred_set_clientdata(fido_cred_t *cred, const u_char *ptr, size_t len)
 {
        uint8_t d[32];
@@ -357,6 +360,27 @@ fido_cred_set_clientdata(fido_cred_t *cred, const u_char *ptr, size_t len)
 }
 #endif /* HAVE_FIDO_CRED_SET_CLIENTDATA */
 
+#ifndef HAVE_ASSERT_CRED_SET_CLIENTDATA
+static int
+fido_assert_set_clientdata(fido_assert_t *assert, const u_char *ptr, size_t len)
+{
+       uint8_t d[32];
+       int r;
+
+       if (sha256_mem(ptr, len, d, sizeof(d)) != 0) {
+               skdebug(__func__, "hash challenge failed");
+               return FIDO_ERR_INTERNAL;
+       }
+       r = fido_assert_set_clientdata_hash(assert, d, sizeof(d));
+       explicit_bzero(d, sizeof(d));
+       if (r != FIDO_OK) {
+               skdebug(__func__, "fido_assert_set_clientdata_hash failed: %s",
+                   fido_strerr(r));
+       }
+       return r;
+}
+#endif /* HAVE_FIDO_ASSERT_SET_CLIENTDATA */
+
 /* Check if the specified key handle exists on a given sk. */
 static int
 sk_try(const struct sk_usbhid *sk, const char *application,