shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

UNDO: hmac-secret should be different when UV=1

Browse Source
This commit is contained in:
shimun
2020-10-30 16:45:53 +01:00
parent c9894ab68a
commit 393051f407
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
fido2/ctap.c
View File

@@ -461,7 +461,6 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
// Generate credRandom // Generate credRandom
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom); crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId)); crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
crypto_sha256_update(&getAssertionState.user_verified, 1);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom); crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
// Decrypt saltEnc // Decrypt saltEnc
@@ -1750,7 +1749,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
return ret; return ret;
} }
if (GA.pinAuthEmpty) if (GA.pinAuthEmpty && GA.up)
{ {
ret = ctap2_user_presence_test(); ret = ctap2_user_presence_test();
check_retr(ret); check_retr(ret);