hidgd: add certificate to registration message
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
diff --git a/hidgd.1.in b/hidgd.1.in
index 13a451a..1299cee 100644
--- a/hidgd.1.in
+++ b/hidgd.1.in
@@ -3,4 +3,6 @@
[description]
-Handles the hidg end of a FIDO2 device
+Handles the hidg end of a FIDO2 device. Note that the certificate
+file is simply placed straight into the register reply and therefore
+must be correctly DER encoded.
diff --git a/hidgd.c b/hidgd.c
index 5d4c185..44b5b52 100644
--- a/hidgd.c
+++ b/hidgd.c
@@ -21,8 +21,7 @@
#include "u2f_hid.h"
static int dev;
-
-static const char *cert = NULL;
+static int certd;
static struct option long_options[] = {
{"help", 0, 0, 'h'},
@@ -201,6 +200,16 @@
resp->registerId = U2F_REGISTER_ID;
resp->keyHandleLen = sizeof(keystr); /* include trailing 0 */
strcpy((char *)resp->keyHandleCertSig, keystr);
+ ptr = &resp->keyHandleCertSig[resp->keyHandleLen];
+ /* place the DER encoded cert into the buffer */
+ lseek(certd, 0, SEEK_SET);
+ len = read(certd, ptr, sizeof(buf) - (ptr - buf));
+ if (len < 0) {
+ perror("Failed to load cert into reply");
+ process_error(cid, ERR_INVALID_CMD);
+ return;
+ }
+
send_payload(buf, sizeof(U2F_REGISTER_RESP), cid, U2F_SW_NO_ERROR);
}
@@ -336,7 +345,7 @@
int main(int argc, char *argv[])
{
- const char *file;
+ const char *file, *cert;
for (;;) {
int c, option_index;
@@ -384,6 +393,13 @@
exit(1);
}
+ certd = open(cert, O_RDWR);
+ if (certd < 0) {
+ fprintf(stderr, "Failed to open %s: ", cert);
+ perror("");
+ exit(1);
+ }
+
for (;;) {
command_loop();
}