fido2: implement the default sk_callbacks for FIDO2/U2F keys using the usb-hid protocol

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
2026-02-04 12:20:42 +09:00 · 2025-08-17 01:56:25 +05:30
parent c1dd30b47b
commit 50ee6411f2
4 changed files with 2297 additions and 0 deletions
--- a/include/libssh/sk_usbhid.h
+++ b/include/libssh/sk_usbhid.h
@@ -0,0 +1,37 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2025 Praneeth Sarode <praneethsarode@gmail.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, version 2.1 of the License.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#ifndef SK_USBHID_H
+#define SK_USBHID_H
+
+/**
+ * @brief Get the USB-HID security key callbacks.
+ *
+ * This function returns a pointer to the implementation of
+ * security key callbacks for FIDO2/U2F devices using the USB-HID
+ * protocol.
+ *
+ * @return Pointer to the ssh_sk_callbacks_struct
+ *
+ * @see ssh_sk_callbacks_struct
+ */
+const struct ssh_sk_callbacks_struct *ssh_sk_get_usbhid_callbacks(void);
+
+#endif /* SK_USBHID_H */
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -310,6 +310,13 @@ if (WITH_FIDO2)
        ${libssh_SRCS}
        sk_common.c
    )
+
+    if (HAVE_LIBFIDO2)
+        set(libssh_SRCS
+            ${libssh_SRCS}
+            sk_usbhid.c
+        )
+    endif (HAVE_LIBFIDO2)
 endif (WITH_FIDO2)

 # Set the path to the default map file
--- a/src/sk_common.c
+++ b/src/sk_common.c
@@ -23,9 +23,14 @@
 #include <stdlib.h>
 #include <string.h>

+#include "libssh/callbacks.h"
 #include "libssh/priv.h"
 #include "libssh/sk_common.h"

+#ifdef HAVE_LIBFIDO2
+#include "libssh/sk_usbhid.h"
+#endif
+
 const char *ssh_sk_err_to_string(int sk_err)
 {
    switch (sk_err) {
@@ -274,3 +279,12 @@ bool sk_callbacks_check_compatibility(

    return true;
 }
+
+const struct ssh_sk_callbacks_struct *ssh_sk_get_default_callbacks(void)
+{
+#ifdef HAVE_LIBFIDO2
+    return ssh_sk_get_usbhid_callbacks();
+#else
+    return NULL;
+#endif /* HAVE_LIBFIDO2 */
+}
--- a/src/sk_usbhid.c
+++ b/src/sk_usbhid.c