shimun/ctap
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

assert multiple [WIP]

Browse Source
This commit is contained in:
shimun 2020-03-01 21:03:09 +01:00
parent 3ca719e077
commit ec932913e1
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
1 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/lib.rs
View File

@ -332,6 +332,14 @@ impl FidoDevice {
&mut self, &mut self,
credential: &FidoCredential, credential: &FidoCredential,
client_data_hash: &[u8], client_data_hash: &[u8],
) -> FidoResult<bool> {
self.get_assertion_multiple(&[credential], client_data_hash)
}
pub fn get_assertion_multiple(
&mut self,
credentials: &[&FidoCredential],
client_data_hash: &[u8],
) -> FidoResult<bool> { ) -> FidoResult<bool> {
if self.needs_pin && self.pin_token.is_none() { if self.needs_pin && self.pin_token.is_none() {
Err(FidoErrorKind::PinRequired)? Err(FidoErrorKind::PinRequired)?
@ -343,12 +351,15 @@ impl FidoDevice {
.pin_token .pin_token
.as_ref() .as_ref()
.map(|token| token.auth(&client_data_hash)); .map(|token| token.auth(&client_data_hash));
let allow_list = [cbor::PublicKeyCredentialDescriptor { let allow_list = credentials
.iter()
.map(|cred| cbor::PublicKeyCredentialDescriptor {
cred_type: String::from("public-key"), cred_type: String::from("public-key"),
id: credential.id.clone(), id: cred.id.clone(),
}]; })
.collect::<Vec<_>>();
let request = cbor::GetAssertionRequest { let request = cbor::GetAssertionRequest {
rp_id: &credential.rp_id, rp_id: &credentials[0].rp_id,
client_data_hash: client_data_hash, client_data_hash: client_data_hash,
allow_list: &allow_list, allow_list: &allow_list,
extensions: Default::default(), extensions: Default::default(),
@ -363,12 +374,26 @@ impl FidoDevice {
cbor::Response::GetAssertion(resp) => resp, cbor::Response::GetAssertion(resp) => resp,
_ => Err(FidoErrorKind::CborDecode)?, _ => Err(FidoErrorKind::CborDecode)?,
}; };
Ok(crypto::verify_signature( Ok(credentials
&credential.public_key, .iter()
.filter(|cred| {
response
.credential
.as_ref()
.map(|cred2| cred2.id == cred.id)
.unwrap_or(true)
})
.map(|cred| {
crypto::verify_signature(
&cred.public_key,
&client_data_hash, &client_data_hash,
&response.auth_data_bytes, &response.auth_data_bytes,
&response.signature, &response.signature,
)) )
})
.filter(|pass| *pass)
.next()
.unwrap_or(false))
} }
fn cbor(&mut self, request: cbor::Request) -> FidoResult<cbor::Response> { fn cbor(&mut self, request: cbor::Request) -> FidoResult<cbor::Response> {