init shared_secret on demand

deprecate HmacExtension
revamp extensions
2020-04-13 20:01:09 +02:00 · 2020-04-13 16:50:54 +02:00 · 2020-04-13 16:42:45 +02:00 · 2020-04-10 20:55:53 +02:00
9 changed files with 322 additions and 55 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,7 +1,7 @@
 [package]
 name = "ctap_hmac"
 description = "A Rust implementation of the FIDO2 CTAP protocol, including the HMAC extension"
-version = "0.4.0"
+version = "0.4.2"
 license = "Apache-2.0/MIT"
 homepage = "https://github.com/shimunn/ctap"
 repository = "https://github.com/shimunn/ctap"
--- a/examples/hmac.rs
+++ b/examples/hmac.rs
@ -2,7 +2,7 @@ extern crate ctap_hmac as ctap;
 use crypto::digest::Digest;
 use crypto::sha2::Sha256;
-use ctap::extensions::hmac::HmacExtension;
+use ctap::extensions::{self, FidoExtensionResponseParserExt};
 use ctap::{FidoAssertionRequestBuilder, FidoCredential, FidoCredentialRequestBuilder};
 use hex;
 use std::env::args;
@ -16,14 +16,13 @@ fn main() -> ctap::FidoResult<()> {
    let mut devices = ctap::get_devices()?;
    let device_info = &mut devices.next().expect("No authenticator found");
    let mut device = ctap::FidoDevice::new(device_info)?;
-
+    let credential = match args().nth(1).map(|h| FidoCredential {
    let credential = match args().skip(1).next().map(|h| FidoCredential {
        id: hex::decode(&h).expect("Invalid credential"),
        public_key: None,
    }) {
        Some(cred) => cred,
        _ => {
-            let req = FidoCredentialRequestBuilder::default()
+            let mut req = FidoCredentialRequestBuilder::default()
                .rp_id(RP_ID)
                .rp_name("ctap_hmac crate")
                .user_name("example")
@ -31,9 +30,16 @@ fn main() -> ctap::FidoResult<()> {
                .build()
                .unwrap();
            assert!(
                &device.supports_extension::<extensions::HmacSecret>(),
                "Your device does not support the hmac extension"
            );
            let hmac = extensions::HmacSecret::new();
            req.with_extension(&hmac)?;
            dbg!(&req);
            println!("Authorize using your device");
-            let cred = device
+            let cred = req
-                .make_hmac_credential(&req)
+                .make_credential(&mut device)
                .expect("Failed to request credential");
            println!("Credential: {}\nNote: You can pass this credential as first argument in order to reproduce results", hex::encode(&cred.id));
            cred
@ -52,12 +58,15 @@ fn main() -> ctap::FidoResult<()> {
    digest.input(&message.as_bytes());
    digest.result(&mut salt);
    let credential = &&credential;
-    let request = FidoAssertionRequestBuilder::default()
+    let hmac = extensions::HmacSecret::new().for_device(&mut device, &salt, None)?;
    let mut request = FidoAssertionRequestBuilder::default()
        .rp_id(RP_ID)
        .credential(credential)
        .build()
        .unwrap();
-    let (_cred, (hash1, _hash2)) = device.get_hmac_assertion(&request, &salt, None)?;
+    request.with_extension(&hmac)?;
    let (_cred, auth_data) = device.get_assertion(&request)?;
    let (hash1, _hash2) = auth_data.parse_extension_data(&hmac)?;
    println!("Hash: {}", hex::encode(&hash1));
    Ok(())
 }
--- a/src/cbor.rs
+++ b/src/cbor.rs
@ -274,6 +274,12 @@ pub struct GetInfoResponse {
    pub options: OptionsInfo,
    pub max_msg_size: u16,
    pub pin_protocols: Vec<u8>,
    pub max_credential_count_in_list: Option<u32>,
    pub max_credential_id_len: Option<u32>,
    pub transports: Vec<String>,
    pub algorithms: Vec<CoseKey>,
    pub max_authenticator_config_len: Option<u32>,
    pub default_cred_protect: Option<u8>,
 }
 impl GetInfoResponse {
@ -282,28 +288,49 @@ impl GetInfoResponse {
        if status != 0 {
            Err(FidoErrorKind::CborError(CborErrorCode::from(status)))?
        }
-        let mut decoder = Decoder::new(Config::default(), reader);
+        let mut generic = GenericDecoder::new(Config::default(), reader);
        let mut response = GetInfoResponse::default();
-        for _ in 0..decoder.object()? {
+        for _ in 0..generic.borrow_mut().object()? {
-            match decoder.u8()? {
+            match generic.borrow_mut().u8()? {
                0x01 => {
                    let decoder = generic.borrow_mut();
                    for _ in 0..decoder.array()? {
                        response.versions.push(decoder.text()?);
                    }
                }
                0x02 => {
                    let decoder = generic.borrow_mut();
                    for _ in 0..decoder.array()? {
                        response.extensions.push(decoder.text()?);
                    }
                }
-                0x03 => response.aaguid.copy_from_slice(&decoder.bytes()?[..]),
+                0x03 => response
-                0x04 => response.options = OptionsInfo::decode(&mut decoder)?,
+                    .aaguid
-                0x05 => response.max_msg_size = decoder.u16()?,
+                    .copy_from_slice(&generic.borrow_mut().bytes()?[..]),
                0x04 => response.options = OptionsInfo::decode(&mut generic.borrow_mut())?,
                0x05 => response.max_msg_size = generic.borrow_mut().u16()?,
                0x06 => {
                    let decoder = generic.borrow_mut();
                    for _ in 0..decoder.array()? {
                        response.pin_protocols.push(decoder.u8()?);
                    }
                }
                0x07 => response.max_credential_count_in_list = Some(generic.borrow_mut().u32()?),
                0x08 => response.max_credential_id_len = Some(generic.borrow_mut().u32()?),
                0x09 => {
                    let decoder = generic.borrow_mut();
                    for _ in 0..decoder.array()? {
                        response.transports.push(decoder.text()?);
                    }
                }
                0x0A => {
                    for _ in 0..generic.borrow_mut().array()? {
                        response.algorithms.push(CoseKey::decode(&mut generic)?);
                    }
                }
                0x0B => response.max_authenticator_config_len = Some(generic.borrow_mut().u32()?),
                0x0C => response.default_cred_protect = Some(generic.borrow_mut().u8()?),
                _ => continue,
            }
        }
@ -565,7 +592,7 @@ impl P256Key {
    }
 }
-#[derive(Debug, Default)]
+#[derive(Debug, Default, Clone)]
 pub struct CoseKey {
    key_type: u16,
    algorithm: i32,
--- a/src/crypto.rs
+++ b/src/crypto.rs
@ -15,7 +15,7 @@ use rust_crypto::buffer::{RefReadBuffer, RefWriteBuffer};
 use rust_crypto::symmetriccipher::{Decryptor, Encryptor};
 use untrusted::Input;
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct SharedSecret {
    pub public_key: CoseKey,
    pub shared_secret: [u8; 32],
--- a/src/extensions/cred_protect.rs
+++ b/src/extensions/cred_protect.rs
@ -0,0 +1,57 @@
 use crate::extensions::FidoExtension;
 use crate::FidoResult;
 use crate::{FidoAssertionRequest, FidoCredentialRequest};
 use cbor_codec::value::Value;
 use num_traits::ToPrimitive;
 #[derive(Copy, Clone, Debug, FromPrimitive, ToPrimitive, PartialEq)]
 pub enum CredProtectLevel {
    UvOptional = 0x01,
    UvOptionalWithCredentialIDList = 0x02,
    UvRequired = 0x03,
 }
 impl CredProtectLevel {
    fn extension_input(self) -> Value {
        Value::U8(self.to_u8().unwrap())
    }
 }
 pub struct CredProtect(Value);
 impl CredProtect {
    pub fn level(level: CredProtectLevel) -> Self {
        Self(level.extension_input())
    }
    fn extension_name() -> &'static str {
        "credProtect"
    }
    fn extension_input(&self) -> &Value {
        &self.0
    }
 }
 impl FidoExtension for CredProtect {
    fn extension_name() -> &'static str {
        CredProtect::extension_name()
    }
    fn patch_assertion_request<'a, 'b>(
        &'b self,
        _request: &mut FidoAssertionRequest<'a, 'b>,
    ) -> FidoResult<()> {
        Ok(())
    }
    fn patch_credential_request<'a>(
        &'a self,
        request: &mut FidoCredentialRequest<'a>,
    ) -> FidoResult<()> {
        request
            .extension_data
            .insert(CredProtect::extension_name(), self.extension_input());
        Ok(())
    }
 }
--- a/src/extensions/hmac.rs
+++ b/src/extensions/hmac.rs
@ -1,8 +1,14 @@
 use crate::cbor::AuthenticatorData;
 use crate::crypto::SharedSecret;
 use crate::extensions::{
    FidoExtension, FidoExtensionResponseParser, FidoExtensionResponseParserExt,
 };
 use crate::{FidoAssertionRequest, FidoAssertionRequestBuilder, FidoCredentialRequest};
 use crate::{FidoCredential, FidoDevice, FidoErrorKind, FidoResult};
 use cbor_codec::value::{Bytes, Int, Key, Text, Value};
 use cbor_codec::Encoder;
 use cbor_codec::{Config, GenericDecoder};
 use failure::ResultExt;
 use rust_crypto::buffer::{RefReadBuffer, RefWriteBuffer};
 use rust_crypto::digest::Digest;
 use rust_crypto::hmac::Hmac;
@ -11,6 +17,10 @@ use rust_crypto::sha2::Sha256;
 use std::collections::BTreeMap;
 use std::io::Cursor;
 #[deprecated(
    since = "0.4.2",
    note = "Please use FidoAssertionRequest::with_extension(HmacSecret) instead"
 )]
 pub trait HmacExtension {
    fn extension_name() -> &'static str {
        "hmac-secret"
@ -83,9 +93,75 @@ pub trait HmacExtension {
    }
 }
 #[allow(deprecated)]
 impl HmacExtension for FidoDevice {
    fn get_data(&mut self, salt: &[u8; 32], salt2: Option<&[u8; 32]>) -> FidoResult<Value> {
-        let shared_secret = self.shared_secret.as_ref().unwrap();
+        Ok(HmacSecret::extension_input(self, salt, salt2)?)
    }
    fn make_hmac_credential(
        &mut self,
        request: &FidoCredentialRequest,
    ) -> FidoResult<FidoCredential> {
        let mut request = request.clone();
        request.rk = true;
        request.extension_data.insert(
            <Self as HmacExtension>::extension_name(),
            <Self as HmacExtension>::extension_input(),
        );
        self.make_credential(&request)
    }
    fn get_hmac_assertion<'a: 'b, 'b>(
        &mut self,
        request: &FidoAssertionRequest<'a, 'b>,
        salt: &[u8; 32],
        salt2: Option<&[u8; 32]>,
    ) -> FidoResult<(&'a FidoCredential, ([u8; 32], Option<[u8; 32]>))> {
        while self.shared_secret.is_none() {
            self.init_shared_secret()?;
        }
        let mut request = request.clone();
        let ext = HmacSecret::new().for_device(self, salt, salt2)?;
        request.with_extension(&ext)?;
        let (cred, auth_data) = self.get_assertion(&request)?;
        let cred = request
            .credentials
            .iter()
            .find(|c| c.id == cred.id)
            .unwrap();
        Ok((cred, auth_data.parse_extension_data(&ext)?))
    }
 }
 #[derive(Debug, Clone)]
 pub enum HmacSecret {
    Assertion {
        extension_data: Value,
        shared_secret: SharedSecret,
        salt2: bool,
    },
    Credential,
 }
 impl HmacSecret {
    pub fn new() -> Self {
        Self::Credential
    }
    fn extension_input(
        device: &mut FidoDevice,
        salt: &[u8; 32],
        salt2: Option<&[u8; 32]>,
    ) -> FidoResult<Value> {
        let shared_secret = loop {
            if let Some(ref secret) = device.shared_secret {
                break secret;
            }
            device.init_shared_secret()?;
        };
        let mut encryptor = shared_secret.encryptor();
        let mut salt_enc = [0u8; 64];
        let mut output = RefWriteBuffer::new(&mut salt_enc);
@ -113,7 +189,7 @@ impl HmacExtension for FidoDevice {
        let mut map = BTreeMap::new();
        map.insert(
            Key::Int(Int::from_i64(0x01)),
-            key_agreement().map_err(|_| FidoErrorKind::Io)?,
+            key_agreement().context(FidoErrorKind::Io)?,
        );
        map.insert(
            Key::Int(Int::from_i64(0x02)),
@ -136,42 +212,67 @@ impl HmacExtension for FidoDevice {
        Ok(Value::Map(map))
    }
-    fn make_hmac_credential(
+    pub fn for_device(
        &mut self,
-        request: &FidoCredentialRequest,
+        device: &mut FidoDevice,
    ) -> FidoResult<FidoCredential> {
        let mut request = request.clone();
        request.rk = true;
        request.extension_data.insert(
            <Self as HmacExtension>::extension_name(),
            <Self as HmacExtension>::extension_input(),
        );
        self.make_credential(&request)
    }
    fn get_hmac_assertion<'a: 'b, 'b>(
        &mut self,
        request: &FidoAssertionRequest<'a, 'b>,
        salt: &[u8; 32],
        salt2: Option<&[u8; 32]>,
-    ) -> FidoResult<(&'a FidoCredential, ([u8; 32], Option<[u8; 32]>))> {
+    ) -> FidoResult<Self> {
-        while self.shared_secret.is_none() {
+        Ok(Self::Assertion {
-            self.init_shared_secret()?;
+            extension_data: Self::extension_input(device, salt, salt2)?,
-        }
+            shared_secret: device.shared_secret.as_ref().unwrap().clone(),
-        let ext_data: Value = self.get_data(salt, salt2)?;
+            salt2: salt2.is_some(),
-        let mut request = request.clone();
+        })
    }
 }
 impl FidoExtension for HmacSecret {
    fn extension_name() -> &'static str {
        "hmac-secret"
    }
    fn patch_assertion_request<'a, 'b>(
        &'b self,
        request: &mut FidoAssertionRequest<'a, 'b>,
    ) -> FidoResult<()> {
        match self {
            Self::Assertion { extension_data, .. } => request
                .extension_data
                .insert(Self::extension_name(), extension_data),
            _ => return Err(FidoErrorKind::DeviceUnsupported.into()),
        };
        Ok(())
    }
    fn patch_credential_request<'a>(
        &'a self,
        request: &mut FidoCredentialRequest<'a>,
    ) -> FidoResult<()> {
        request
            .extension_data
-            .insert(<Self as HmacExtension>::extension_name(), &ext_data);
+            .insert(Self::extension_name(), &Value::Bool(true));
        Ok(())
    }
 }
-        let (cred, auth_data) = self.get_assertion(&request)?;
+impl FidoExtensionResponseParser for HmacSecret {
-        let shared_secret = self.shared_secret.as_ref().unwrap();
+    type Output = ([u8; 32], Option<[u8; 32]>);
    fn parse_response(&self, response: &AuthenticatorData) -> FidoResult<Self::Output> {
        let (shared_secret, salt2) = match self {
            Self::Assertion {
                shared_secret,
                salt2,
                ..
            } => (shared_secret, salt2),
            _ => return Err(FidoErrorKind::DeviceUnsupported.into()),
        };
        let mut decryptor = shared_secret.decryptor();
        let mut hmac_secret_combined = [0u8; 64];
        let _output = RefWriteBuffer::new(&mut hmac_secret_combined);
-        let hmac_secret_enc = match auth_data
+        let hmac_secret_enc = match response
            .extensions
-            .get(<Self as HmacExtension>::extension_name())
+            .get(Self::extension_name())
            .ok_or(FidoErrorKind::CborDecode)?
        {
            Value::Bytes(hmac_ciphered) => Ok(match hmac_ciphered {
@ -196,11 +297,6 @@ impl HmacExtension for FidoDevice {
        let mut hmac_secret_1 = [0u8; 32];
        hmac_secret_0.copy_from_slice(&hmac_secret[0..32]);
        hmac_secret_1.copy_from_slice(&hmac_secret[32..]);
-        let cred = request
+        Ok((hmac_secret_0, Some(hmac_secret_1).filter(|_| *salt2)))
            .credentials
            .into_iter()
            .find(|c| c.id == cred.id)
            .unwrap();
        Ok((cred, (hmac_secret_0, salt2.and(Some(hmac_secret_1)))))
    }
 }
--- a/src/extensions/mod.rs
+++ b/src/extensions/mod.rs
@ -1,2 +1,36 @@
 pub mod hmac;
 pub use hmac::*;
 mod cred_protect;
 use crate::cbor::AuthenticatorData;
 use crate::{FidoAssertionRequest, FidoCredentialRequest, FidoResult};
 pub use cred_protect::*;
 pub trait FidoExtension {
    fn extension_name() -> &'static str;
    fn patch_assertion_request<'a, 'b>(
        &'b self,
        request: &mut FidoAssertionRequest<'a, 'b>,
    ) -> FidoResult<()>;
    fn patch_credential_request<'a>(
        &'a self,
        request: &mut FidoCredentialRequest<'a>,
    ) -> FidoResult<()>;
 }
 pub trait FidoExtensionResponseParser {
    type Output;
    fn parse_response(&self, response: &AuthenticatorData) -> FidoResult<Self::Output>;
 }
 pub trait FidoExtensionResponseParserExt<Ext: FidoExtensionResponseParser> {
    fn parse_extension_data(&self, extension: &Ext) -> FidoResult<Ext::Output>;
 }
 impl<Ext: FidoExtensionResponseParser> FidoExtensionResponseParserExt<Ext> for AuthenticatorData {
    fn parse_extension_data(
        &self,
        extension: &Ext,
    ) -> FidoResult<<Ext as FidoExtensionResponseParser>::Output> {
        extension.parse_response(self)
    }
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@ -74,7 +74,9 @@ pub use self::error::*;
 use self::hid_linux as hid;
 use self::packet::CtapCommand;
 pub use self::util::*;
-use crate::cbor::{AuthenticatorData, GetAssertionRequest};
+use crate::cbor::{AuthenticatorData, GetAssertionRequest, GetInfoResponse};
 use crate::packet::CtapStatus;
 use crate::extensions::FidoExtension;
 use failure::{Fail, ResultExt};
 use num_traits::FromPrimitive;
 use rand::prelude::*;
@ -107,6 +109,7 @@ pub struct FidoDevice {
    shared_secret: Option<crypto::SharedSecret>,
    pin_token: Option<crypto::PinToken>,
    aaguid: [u8; 16],
    info: GetInfoResponse,
 }
 pub struct FidoCancelHandle {
@ -117,7 +120,7 @@ pub struct FidoCancelHandle {
 impl FidoCancelHandle {
    pub fn cancel(&mut self) -> FidoResult<()> {
-        let payload = &[1u8];
+        let payload = &[];
        let to_send = payload.len() as u16;
        let max_payload = (self.packet_size - 7) as usize;
        let (frame, payload) = payload.split_at(cmp::min(payload.len(), max_payload));
@ -204,6 +207,10 @@ impl<'a> FidoCredentialRequest<'a> {
    pub fn make_credential(&self, device: &mut FidoDevice) -> FidoResult<FidoCredential> {
        device.make_credential(&self)
    }
    pub fn with_extension<Ext: FidoExtension>(&mut self, extension: &'a Ext) -> FidoResult<()> {
        extension.patch_credential_request(self)
    }
 }
 /// Request an assertion from the authenticator for a given credential.
@ -239,6 +246,10 @@ impl<'a, 'b> FidoAssertionRequest<'a, 'b> {
    pub fn get_assertion(&self, device: &mut FidoDevice) -> FidoResult<&'a FidoCredential> {
        device.get_assertion(self).map(|res| res.0)
    }
    pub fn with_extension<Ext: FidoExtension>(&mut self, extension: &'b Ext) -> FidoResult<()> {
        extension.patch_assertion_request(self)
    }
 }
 impl<'a, 'b> FidoAssertionRequestBuilder<'a, 'b> {
@ -266,6 +277,7 @@ impl FidoDevice {
            shared_secret: None,
            pin_token: None,
            aaguid: [0; 16],
            info: GetInfoResponse::default(),
        };
        dev.init()?;
        Ok(dev)
@ -300,6 +312,7 @@ impl FidoDevice {
        }
        self.needs_pin = response.options.client_pin == Some(true);
        self.aaguid = response.aaguid;
        self.info = response;
        Ok(())
    }
@ -369,6 +382,10 @@ impl FidoDevice {
            .context(FidoErrorKind::Io)?)
    }
    pub fn supports_extension<Ext: FidoExtension>(&self) -> bool {
        self.info.extensions.iter().any(|ext| ext == Ext::extension_name())
    }
    pub fn make_credential(
        &mut self,
        request: &FidoCredentialRequest<'_>,
@ -538,6 +555,26 @@ impl FidoDevice {
            .map(|cred| (cred, response.auth_data))
    }
    pub fn ping(&mut self, data: &[u8]) -> FidoResult<Vec<u8>> {
        self.exchange(CtapCommand::Ping, data)
    }
    pub fn wink(&mut self) -> FidoResult<()> {
        self.send(&CtapCommand::Wink, &[]).map(|_| ())
    }
    fn lock(&mut self, time_sec: u8) -> FidoResult<()> {
        self.exchange(CtapCommand::Lock, &[time_sec]).map(|_| ())
    }
    fn keepalive(&mut self) -> FidoResult<CtapStatus> {
        self.exchange(CtapCommand::Keepalive, &[])?
            .first()
            .cloned()
            .and_then(CtapStatus::from_u8)
            .ok_or(FidoError::from(FidoErrorKind::CborDecode))
    }
    fn cbor(&mut self, request: cbor::Request) -> FidoResult<cbor::Response> {
        let mut buf = Cursor::new(Vec::new());
        request
@ -556,7 +593,7 @@ impl FidoDevice {
    }
    fn send(&mut self, cmd: &CtapCommand, payload: &[u8]) -> FidoResult<()> {
-        if payload.is_empty() || payload.len() > u16::MAX as usize {
+        if payload.len() > u16::MAX as usize {
            Err(FidoErrorKind::WritePacket)?
        }
        let to_send = payload.len() as u16;
--- a/src/packet.rs
+++ b/src/packet.rs
@ -13,7 +13,7 @@ use std::io::{Read, Write};
 static FRAME_INIT: u8 = 0x80;
 #[repr(u8)]
-#[derive(FromPrimitive, ToPrimitive, PartialEq)]
+#[derive(Debug, FromPrimitive, ToPrimitive, PartialEq)]
 pub enum CtapCommand {
    Invalid = 0x00,
    Ping = 0x01,
@ -36,6 +36,13 @@ impl CtapCommand {
    }
 }
 #[repr(u8)]
 #[derive(Debug, FromPrimitive, ToPrimitive, PartialEq)]
 pub enum CtapStatus {
    Processing = 0x01,
    AwaitingUserPresence = 0x02,
 }
 #[repr(u8)]
 #[derive(FromPrimitive, Fail, Debug)]
 pub enum CtapError {
Author	SHA1	Message	Date
shimun	03d55f3ebd	init shared_secret on demand	2020-04-13 20:01:09 +02:00
shimun	e86953077b	deprecate HmacExtension	2020-04-13 16:50:54 +02:00
shimun	5da5ac54f0	revamp extensions	2020-04-13 16:42:45 +02:00
shimun	bb202c8a54	implement fido 2.1	2020-04-10 20:55:53 +02:00