From 2d233f164e64899a2eb8b36897832668072165ca Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Wed, 20 Mar 2019 21:03:03 -0400
Subject: [PATCH] small bug fixes

---
 fido2/ctap.c       | 23 +++++++----------------
 tools/ctap_test.py |  3 ++-
 2 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/fido2/ctap.c b/fido2/ctap.c
index 7174635..9ef99ad 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -33,7 +33,6 @@ static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
 
 AuthenticatorState STATE;
 
-
 static void ctap_reset_key_agreement();
 
 static struct {
@@ -470,7 +469,6 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
     authData->head.flags |= (ctap_is_pin_set() << 2);
 
 
-
     if (credInfo != NULL)
     {
         // add attestedCredentialData
@@ -521,9 +519,6 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
         }
 done_rk:
 
-        // DELETE
-        //crypto_aes256_init(CRYPTO_TRANSPORT_KEY, NULL);
-        //crypto_aes256_encrypt((uint8_t*)&authData->attest.credential.user, CREDENTIAL_ENC_SIZE);
         printf1(TAG_GREEN, "MADE credId: "); dump_hex1(TAG_GREEN, (uint8_t*) &authData->attest.id, sizeof(CredentialId));
 
         ctap_generate_cose_key(&cose_key, (uint8_t*)&authData->attest.id, sizeof(CredentialId), credInfo->publicKeyCredentialType, credInfo->COSEAlgorithmIdentifier);
@@ -532,8 +527,6 @@ done_rk:
 
     }
 
-
-
     if (ext != NULL)
     {
         ext_encoder_buf_size = *len - auth_data_sz;
@@ -976,6 +969,7 @@ static void save_credential_list(CTAP_authDataHeader * head, uint8_t * clientDat
         memmove(getAssertionState.clientDataHash, clientDataHash, CLIENT_DATA_HASH_SIZE);
         memmove(&getAssertionState.authData, head, sizeof(CTAP_authDataHeader));
         memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * (count));
+
     }
     getAssertionState.count = count;
     printf1(TAG_GA,"saved %d credentials\n",count);
@@ -1040,7 +1034,6 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
     CborEncoder map;
     CTAP_authDataHeader authData;
     memmove(&authData, &getAssertionState.authData, sizeof(CTAP_authDataHeader));
-    // CTAP_authDataHeader * authData = &getAssertionState.authData;
 
     CTAP_credentialDescriptor * cred = pop_credential();
 
@@ -1063,6 +1056,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
         ret = cbor_encoder_create_map(encoder, &map, 3);
     }
 
+
     check_ret(ret);
     printf1(TAG_RED, "RPID hash: "); dump_hex1(TAG_RED, authData.rpIdHash, 32);
 
@@ -1073,6 +1067,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
         check_ret(ret);
     }
 
+
     // if only one account for this RP, null out the user details
     if (!getAssertionState.user_verified)
     {
@@ -1147,11 +1142,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
     ret = cbor_encoder_create_map(encoder, &map, map_size);
     check_ret(ret);
 
-    if (validCredCount > 0)
-    {
-        save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1);   // skip last one
-    }
-    else
+    if (validCredCount == 0)
     {
         printf2(TAG_ERR,"Error, no authentic credential\n");
         return CTAP2_ERR_NO_CREDENTIALS;
@@ -1188,8 +1179,8 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
     {
         ret = cbor_encode_int(&map,RESP_authData);
         check_ret(ret);
-        memset(auth_data_buf,0,sizeof(auth_data_buf));
-        ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(auth_data_buf));
+        memset(auth_data_buf,0,sizeof(CTAP_authDataHeader));
+        ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(CTAP_authDataHeader));
         check_ret(ret);
     }
     else
@@ -1200,6 +1191,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
         check_retr(ret);
     }
 
+    save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1);   // skip last one
 
     ret = ctap_end_get_assertion(&map, cred, auth_data_buf, GA.clientDataHash, add_user_info);
     check_retr(ret);
@@ -1522,7 +1514,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
     pkt_raw++;
     length--;
 
-
     uint8_t * buf = resp->data;
 
     cbor_encoder_init(&encoder, buf, resp->data_size, 0);
diff --git a/tools/ctap_test.py b/tools/ctap_test.py
index 133dfdf..126e51a 100755
--- a/tools/ctap_test.py
+++ b/tools/ctap_test.py
@@ -1786,7 +1786,8 @@ class Tester:
                 entropy += sc.get_rng()
 
         with Test("Test entropy is close to perfect"):
-            assert shannon_entropy(entropy) > 7.98
+            sum = shannon_entropy(entropy)
+            assert sum > 7.98
         print("Entropy is %.5f bits per byte." % sum)
 
         with Test("Test Solo version command"):