From 5e70647b0fdc333f9b7550f84d8c6e82d16512c1 Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 31 May 2021 06:48:42 +0000 Subject: [PATCH] Hash challenge supplied by client during FIDO key enrollment prior to passing it to libfido2, which does expect a hash. There is no effect for users who are simply generating FIDO keys using ssh-keygen - by default we generate a random 256 bit challenge, but people building attestation workflows around our tools should now have a more consistent experience (esp. fewer failures when they fail to guess the magic 32-byte challenge length requirement). ok markus@ --- usr.bin/ssh/sk-usbhid.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c index da1706e662c..3e6ab45148e 100644 --- a/usr.bin/ssh/sk-usbhid.c +++ b/usr.bin/ssh/sk-usbhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-usbhid.c,v 1.29 2021/02/18 02:15:07 djm Exp $ */ +/* $OpenBSD: sk-usbhid.c,v 1.30 2021/05/31 06:48:42 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl * Copyright (c) 2020 Pedro Martelletto @@ -635,7 +635,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, { fido_cred_t *cred = NULL; const uint8_t *ptr; - uint8_t user_id[32]; + uint8_t user_id[32], chall_hash[32]; struct sk_usbhid *sk = NULL; struct sk_enroll_response *response = NULL; size_t len; @@ -687,8 +687,13 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r)); goto out; } - if ((r = fido_cred_set_clientdata_hash(cred, challenge, - challenge_len)) != FIDO_OK) { + if (sha256_mem(challenge, challenge_len, + chall_hash, sizeof(chall_hash)) != 0) { + skdebug(__func__, "hash challenge failed"); + goto out; + } + if ((r = fido_cred_set_clientdata_hash(cred, chall_hash, + sizeof(chall_hash))) != FIDO_OK) { skdebug(__func__, "fido_cred_set_clientdata_hash: %s", fido_strerr(r)); goto out; -- 2.20.1