shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

add hmac-secret to reg response

Browse Source
This commit is contained in:
Conor Patrick 2019-03-20 23:58:42 -04:00
parent 3a48756f96
commit 02e83073e0
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
fido2/ctap.c
View File

@ -401,6 +401,25 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
} }
*ext_encoder_buf_size = cbor_encoder_get_buffer_size(&extensions, ext_encoder_buf); *ext_encoder_buf_size = cbor_encoder_get_buffer_size(&extensions, ext_encoder_buf);
} }
else if (ext->hmac_secret_present == EXT_HMAC_SECRET_REQUESTED)
{
cbor_encoder_init(&extensions, ext_encoder_buf, *ext_encoder_buf_size, 0);
{
CborEncoder hmac_secret_map;
ret = cbor_encoder_create_map(&extensions, &hmac_secret_map, 1);
check_ret(ret);
{
ret = cbor_encode_text_stringz(&hmac_secret_map, "hmac-secret");
check_ret(ret);
ret = cbor_encode_boolean(&hmac_secret_map, 1);
check_ret(ret);
}
ret = cbor_encoder_close_container(&extensions, &hmac_secret_map);
check_ret(ret);
}
*ext_encoder_buf_size = cbor_encoder_get_buffer_size(&extensions, ext_encoder_buf);
}
else else
{ {
*ext_encoder_buf_size = 0; *ext_encoder_buf_size = 0;
@ -646,7 +665,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
CTAP_makeCredential MC; CTAP_makeCredential MC;
int ret; int ret;
unsigned int i; unsigned int i;
uint8_t auth_data_buf[300]; uint8_t auth_data_buf[310];
CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf; CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf;
uint8_t * sigbuf = auth_data_buf + 32; uint8_t * sigbuf = auth_data_buf + 32;
uint8_t * sigder = auth_data_buf + 32 + 64; uint8_t * sigder = auth_data_buf + 32 + 64;
@ -717,6 +736,19 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
&MC.credInfo); &MC.credInfo);
check_retr(ret); check_retr(ret);
{
unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - auth_data_sz;
uint8_t * ext_encoder_buf = auth_data_buf + auth_data_sz;
ret = ctap_make_extensions(&MC.extensions, ext_encoder_buf, &ext_encoder_buf_size);
check_retr(ret);
if (ext_encoder_buf_size)
{
((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 7);
auth_data_sz += ext_encoder_buf_size;
}
}
{ {
ret = cbor_encode_int(&map,RESP_authData); ret = cbor_encode_int(&map,RESP_authData);
check_ret(ret); check_ret(ret);

5
tools/ctap_test.py
View File

@ -803,6 +803,11 @@ class Tester:
other={"extensions": {"hmac-secret": True}, "options": {"rk": True}}, other={"extensions": {"hmac-secret": True}, "options": {"rk": True}},
) )
with Test("Check 'hmac-secret' is set to true in auth_data extensions"):
assert reg.auth_data.extensions
assert "hmac-secret" in reg.auth_data.extensions
assert reg.auth_data.extensions["hmac-secret"] == True
with Test("Get shared secret"): with Test("Get shared secret"):
key_agreement, shared_secret = ( key_agreement, shared_secret = (
self.client.pin_protocol._init_shared_secret() self.client.pin_protocol._init_shared_secret()