===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sk-usbhid.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- src/usr.bin/ssh/sk-usbhid.c	2019/11/18 16:08:57	1.7
+++ src/usr.bin/ssh/sk-usbhid.c	2019/12/30 09:19:52	1.8
@@ -52,7 +52,9 @@
 #define SK_VERSION_MAJOR	0x00020000 /* current API version */
 
 /* Flags */
-#define SK_USER_PRESENCE_REQD	0x01
+#define SK_USER_PRESENCE_REQD		0x01
+#define SK_USER_VERIFICATION_REQD	0x04
+#define SK_RESIDENT_KEY			0x20
 
 /* Algs */
 #define	SK_ECDSA		0x00
@@ -406,7 +408,6 @@
 	int r;
 	char *device = NULL;
 
-	(void)flags; /* XXX; unused */
 #ifdef SK_DEBUG
 	fido_init(FIDO_DEBUG);
 #endif
@@ -446,6 +447,11 @@
 	    challenge_len)) != FIDO_OK) {
 		skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
 		    fido_strerr(r));
+		goto out;
+	}
+	if ((r = fido_cred_set_rk(cred, (flags & SK_RESIDENT_KEY) != 0 ?
+	    FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
+		skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
 		goto out;
 	}
 	if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),