fido2 works

2019-02-06 19:06:49 +02:00 · 2019-02-06 19:06:49 +02:00 · 375db69e3a
commit 375db69e3a
parent 771fffe329
3 changed files with 18 additions and 13 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -324,7 +324,7 @@ static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
 }


-static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store)
+static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store, bool fromNFC)
 {
    CborEncoder cose_key;
    int auth_data_sz, ret;
@ -350,7 +350,12 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
    count = auth_data_update_count(&authData->head);

    device_set_status(CTAPHID_STATUS_UPNEEDED);
-    int but = ctap_user_presence_test();
+	// if NFC - not need to click a button
+    int but = 1; 
+	if(!fromNFC)
+	{
+		but = ctap_user_presence_test();
+	} 
 	
    if (!but)
    {
@ -551,7 +556,7 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d



-uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length)
+uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC)
 {
    CTAP_makeCredential MC;
    int ret, i;
@ -621,7 +626,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
    int32_t auth_data_sz;

    ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, sizeof(auth_data_buf),
-            &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk);
+            &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk, fromNFC);

    check_retr(ret);

@ -940,7 +945,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
    return 0;
 }

-uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
+uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC)
 {
    CTAP_getAssertion GA;
    uint8_t auth_data_buf[sizeof(CTAP_authDataHeader)];
@ -992,7 +997,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
    ret = cbor_encoder_create_map(encoder, &map, map_size);
    check_ret(ret);

-    ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0);
+    ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0, fromNFC);
    check_retr(ret);

    /*for (int j = 0; j < GA.credLen; j++)*/
@ -1358,7 +1363,7 @@ void ctap_response_init(CTAP_RESPONSE * resp)
 }


-uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
+uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC)
 {
    CborEncoder encoder;
    uint8_t status = 0;
@ -1398,7 +1403,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n");
            t1 = millis();
-            status = ctap_make_credential(&encoder, pkt_raw, length);
+            status = ctap_make_credential(&encoder, pkt_raw, length, fromNFC);
            t2 = millis();
            printf1(TAG_TIME,"make_credential time: %d ms\n", t2-t1);

@ -1410,7 +1415,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n");
            t1 = millis();
-            status = ctap_get_assertion(&encoder, pkt_raw, length);
+            status = ctap_get_assertion(&encoder, pkt_raw, length, fromNFC);
            t2 = millis();
            printf1(TAG_TIME,"get_assertion time: %d ms\n", t2-t1);

--- a/fido2/ctap.h
+++ b/fido2/ctap.h
@ -275,7 +275,7 @@ typedef struct

 void ctap_response_init(CTAP_RESPONSE * resp);

-uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp);
+uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC);

 // Encodes R,S signature to 2 der sequence of two integers.  Sigder must be at least 72 bytes.
 // @return length of der signature
--- a/targets/stm32l432/src/nfc.c
+++ b/targets/stm32l432/src/nfc.c
@ -513,12 +513,12 @@ printf1(TAG_NFC, "WRX-off err\n");

 			WTX_on(WTX_TIME_DEFAULT);
            ctap_response_init(&ctap_resp);
-            status = ctap_request(payload, plen, &ctap_resp);
+            status = ctap_request(payload, plen, &ctap_resp, true);
 			if (!WTX_off()){
 printf1(TAG_NFC, "WTX-off err\n");
 				return;
 	}
-			printf1(TAG_NFC, "CTAP resp: %d  len: %d\r\n", status, ctap_resp.length);
+			printf1(TAG_NFC, "CTAP resp: 0x%02õ  len: %d\r\n", status, ctap_resp.length);

 			if (status == CTAP1_ERR_SUCCESS)
 			{