shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

small bug fixes

Browse Source
This commit is contained in:
Conor Patrick 2019-03-20 21:03:03 -04:00
parent b62e9906c7
commit 2d233f164e
2 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
fido2/ctap.c
View File

@ -33,7 +33,6 @@ static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
AuthenticatorState STATE; AuthenticatorState STATE;
static void ctap_reset_key_agreement(); static void ctap_reset_key_agreement();
static struct { static struct {
@ -470,7 +469,6 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
authData->head.flags |= (ctap_is_pin_set() << 2); authData->head.flags |= (ctap_is_pin_set() << 2);
if (credInfo != NULL) if (credInfo != NULL)
{ {
// add attestedCredentialData // add attestedCredentialData
@ -521,9 +519,6 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
} }
done_rk: done_rk:
// DELETE
//crypto_aes256_init(CRYPTO_TRANSPORT_KEY, NULL);
//crypto_aes256_encrypt((uint8_t*)&authData->attest.credential.user, CREDENTIAL_ENC_SIZE);
printf1(TAG_GREEN, "MADE credId: "); dump_hex1(TAG_GREEN, (uint8_t*) &authData->attest.id, sizeof(CredentialId)); printf1(TAG_GREEN, "MADE credId: "); dump_hex1(TAG_GREEN, (uint8_t*) &authData->attest.id, sizeof(CredentialId));
ctap_generate_cose_key(&cose_key, (uint8_t*)&authData->attest.id, sizeof(CredentialId), credInfo->publicKeyCredentialType, credInfo->COSEAlgorithmIdentifier); ctap_generate_cose_key(&cose_key, (uint8_t*)&authData->attest.id, sizeof(CredentialId), credInfo->publicKeyCredentialType, credInfo->COSEAlgorithmIdentifier);
@ -532,8 +527,6 @@ done_rk:
} }
if (ext != NULL) if (ext != NULL)
{ {
ext_encoder_buf_size = *len - auth_data_sz; ext_encoder_buf_size = *len - auth_data_sz;
@ -976,6 +969,7 @@ static void save_credential_list(CTAP_authDataHeader * head, uint8_t * clientDat
memmove(getAssertionState.clientDataHash, clientDataHash, CLIENT_DATA_HASH_SIZE); memmove(getAssertionState.clientDataHash, clientDataHash, CLIENT_DATA_HASH_SIZE);
memmove(&getAssertionState.authData, head, sizeof(CTAP_authDataHeader)); memmove(&getAssertionState.authData, head, sizeof(CTAP_authDataHeader));
memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * (count)); memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * (count));
} }
getAssertionState.count = count; getAssertionState.count = count;
printf1(TAG_GA,"saved %d credentials\n",count); printf1(TAG_GA,"saved %d credentials\n",count);
@ -1040,7 +1034,6 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
CborEncoder map; CborEncoder map;
CTAP_authDataHeader authData; CTAP_authDataHeader authData;
memmove(&authData, &getAssertionState.authData, sizeof(CTAP_authDataHeader)); memmove(&authData, &getAssertionState.authData, sizeof(CTAP_authDataHeader));
// CTAP_authDataHeader * authData = &getAssertionState.authData;
CTAP_credentialDescriptor * cred = pop_credential(); CTAP_credentialDescriptor * cred = pop_credential();
@ -1063,6 +1056,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
ret = cbor_encoder_create_map(encoder, &map, 3); ret = cbor_encoder_create_map(encoder, &map, 3);
} }
check_ret(ret); check_ret(ret);
printf1(TAG_RED, "RPID hash: "); dump_hex1(TAG_RED, authData.rpIdHash, 32); printf1(TAG_RED, "RPID hash: "); dump_hex1(TAG_RED, authData.rpIdHash, 32);
@ -1073,6 +1067,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
check_ret(ret); check_ret(ret);
} }
// if only one account for this RP, null out the user details // if only one account for this RP, null out the user details
if (!getAssertionState.user_verified) if (!getAssertionState.user_verified)
{ {
@ -1147,11 +1142,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ret = cbor_encoder_create_map(encoder, &map, map_size); ret = cbor_encoder_create_map(encoder, &map, map_size);
check_ret(ret); check_ret(ret);
if (validCredCount > 0) if (validCredCount == 0)
{
save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1); // skip last one
}
else
{ {
printf2(TAG_ERR,"Error, no authentic credential\n"); printf2(TAG_ERR,"Error, no authentic credential\n");
return CTAP2_ERR_NO_CREDENTIALS; return CTAP2_ERR_NO_CREDENTIALS;
@ -1188,8 +1179,8 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
{ {
ret = cbor_encode_int(&map,RESP_authData); ret = cbor_encode_int(&map,RESP_authData);
check_ret(ret); check_ret(ret);
memset(auth_data_buf,0,sizeof(auth_data_buf)); memset(auth_data_buf,0,sizeof(CTAP_authDataHeader));
ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(auth_data_buf)); ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(CTAP_authDataHeader));
check_ret(ret); check_ret(ret);
} }
else else
@ -1200,6 +1191,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
check_retr(ret); check_retr(ret);
} }
save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1); // skip last one
ret = ctap_end_get_assertion(&map, cred, auth_data_buf, GA.clientDataHash, add_user_info); ret = ctap_end_get_assertion(&map, cred, auth_data_buf, GA.clientDataHash, add_user_info);
check_retr(ret); check_retr(ret);
@ -1522,7 +1514,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
pkt_raw++; pkt_raw++;
length--; length--;
uint8_t * buf = resp->data; uint8_t * buf = resp->data;
cbor_encoder_init(&encoder, buf, resp->data_size, 0); cbor_encoder_init(&encoder, buf, resp->data_size, 0);

3
tools/ctap_test.py
View File

@ -1786,7 +1786,8 @@ class Tester:
entropy += sc.get_rng() entropy += sc.get_rng()
with Test("Test entropy is close to perfect"): with Test("Test entropy is close to perfect"):
assert shannon_entropy(entropy) > 7.98 sum = shannon_entropy(entropy)
assert sum > 7.98
print("Entropy is %.5f bits per byte." % sum) print("Entropy is %.5f bits per byte." % sum)
with Test("Test Solo version command"): with Test("Test Solo version command"):