shimun/ctap
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

warnings

Browse Source
This commit is contained in:
shimunn 2019-09-18 02:59:49 +02:00
parent bf1504cca6
commit 200c8ff71a
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/extensions/hmac.rs
View File

@ -60,7 +60,8 @@ pub trait HmacExtension {
let mut digest = Sha256::new(); let mut digest = Sha256::new();
digest.input(input); digest.input(input);
digest.result(&mut salt); digest.result(&mut salt);
self.get_hmac_assertion(credential, &salt, None).map(|secret| secret.0) self.get_hmac_assertion(credential, &salt, None)
.map(|secret| secret.0)
} }
} }
@ -85,16 +86,17 @@ impl HmacExtension for FidoDevice {
let key_agreement = || { let key_agreement = || {
let mut cur = Cursor::new(Vec::new()); let mut cur = Cursor::new(Vec::new());
let mut encoder = Encoder::new(&mut cur); let mut encoder = Encoder::new(&mut cur);
shared_secret shared_secret.public_key.encode(&mut encoder).unwrap();
.public_key
.encode(&mut encoder).unwrap();
cur.set_position(0); cur.set_position(0);
let mut dec = GenericDecoder::new(Config::default(), cur); let mut dec = GenericDecoder::new(Config::default(), cur);
dec.value() dec.value()
}; };
let mut map = BTreeMap::new(); let mut map = BTreeMap::new();
map.insert(Key::Int(Int::from_i64(0x01)), key_agreement().map_err(|_| FidoErrorKind::Io)?); map.insert(
Key::Int(Int::from_i64(0x01)),
key_agreement().map_err(|_| FidoErrorKind::Io)?,
);
map.insert( map.insert(
Key::Int(Int::from_i64(0x02)), Key::Int(Int::from_i64(0x02)),
Value::Bytes(Bytes::Bytes( Value::Bytes(Bytes::Bytes(
@ -166,7 +168,7 @@ impl HmacExtension for FidoDevice {
let shared_secret = self.shared_secret.as_ref().unwrap(); let shared_secret = self.shared_secret.as_ref().unwrap();
let mut decryptor = shared_secret.decryptor(); let mut decryptor = shared_secret.decryptor();
let mut hmac_secret_combined = [0u8; 64]; let mut hmac_secret_combined = [0u8; 64];
let mut output = RefWriteBuffer::new(&mut hmac_secret_combined); let _output = RefWriteBuffer::new(&mut hmac_secret_combined);
let hmac_secret_enc = match response let hmac_secret_enc = match response
.auth_data .auth_data
.extensions .extensions
@ -184,11 +186,15 @@ impl HmacExtension for FidoDevice {
_ => Err(FidoErrorKind::CborDecode), _ => Err(FidoErrorKind::CborDecode),
}?; }?;
let mut hmac_secret = ([0u8; 32], [0u8; 32]); let mut hmac_secret = ([0u8; 32], [0u8; 32]);
decryptor.decrypt( decryptor
&mut RefReadBuffer::new(&hmac_secret_enc), .decrypt(
&mut RefWriteBuffer::new(unsafe { std::mem::transmute::<_ ,&mut [u8; 64]>(&mut hmac_secret) }), &mut RefReadBuffer::new(&hmac_secret_enc),
true, &mut RefWriteBuffer::new(unsafe {
); std::mem::transmute::<_, &mut [u8; 64]>(&mut hmac_secret)
}),
true,
)
.expect("failed to decrypt secret");
Ok((hmac_secret.0, salt2.map(|_| hmac_secret.1))) Ok((hmac_secret.0, salt2.map(|_| hmac_secret.1)))
} }
} }