shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Merge pull request #155 from solokeys/pin_lockout_ga

Browse Source 
Pin lockout ga
This commit is contained in:
Conor Patrick 2019-03-29 17:11:48 -04:00 committed by GitHub
commit 3b3f47bfcf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
fido2/ctap.c
View File

@ -1105,19 +1105,15 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
return ret; return ret;
} }
if (ctap_is_pin_set() && GA.pinAuthPresent == 0) if (GA.pinAuthPresent)
{ {
printf2(TAG_ERR,"pinAuth is required\n"); ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
return CTAP2_ERR_PIN_REQUIRED; check_retr(ret);
getAssertionState.user_verified = 1;
} }
else else
{ {
if (ctap_is_pin_set() || (GA.pinAuthPresent)) getAssertionState.user_verified = 0;
{
ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
check_retr(ret);
getAssertionState.user_verified = 1;
}
} }
if (!GA.rp.size || !GA.clientDataHashPresent) if (!GA.rp.size || !GA.clientDataHashPresent)
@ -1198,6 +1194,9 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL); ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL);
check_retr(ret); check_retr(ret);
((CTAP_authData *)auth_data_buf)->head.flags &= ~(1 << 2);
((CTAP_authData *)auth_data_buf)->head.flags |= (getAssertionState.user_verified << 2);
{ {
unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - len; unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - len;
uint8_t * ext_encoder_buf = auth_data_buf + len; uint8_t * ext_encoder_buf = auth_data_buf + len;

41
tools/testing/tests/fido2.py
View File

@ -905,22 +905,25 @@ class FIDO2Tests(Tester):
expectedError=CtapError.ERR.SUCCESS, expectedError=CtapError.ERR.SUCCESS,
) )
# self.testGA(
# "Send GA request with no pinAuth, expect SUCCESS",
# rp["id"],
# cdh,
# [
# {
# "type": "public-key",
# "id": res_mc.auth_data.credential_data.credential_id,
# }
# ],
# expectedError=CtapError.ERR.SUCCESS,
# )
with Test("Check UV flag is set"): with Test("Check UV flag is set"):
assert res_ga.auth_data.flags & (1 << 2) assert res_ga.auth_data.flags & (1 << 2)
res_ga = self.testGA(
"Send GA request with no pinAuth, expect SUCCESS",
rp["id"],
cdh,
[
{
"type": "public-key",
"id": res_mc.auth_data.credential_data.credential_id,
}
],
expectedError=CtapError.ERR.SUCCESS,
)
with Test("Check UV flag is NOT set"):
assert not (res_ga.auth_data.flags & (1 << 2))
self.testReset() self.testReset()
with Test("Setting pin code, expect SUCCESS"): with Test("Setting pin code, expect SUCCESS"):
@ -973,12 +976,12 @@ class FIDO2Tests(Tester):
expectedError=CtapError.ERR.PIN_REQUIRED, expectedError=CtapError.ERR.PIN_REQUIRED,
) )
# res_mc = self.testGA( res_mc = self.testGA(
# "Send GA request with no pin_auth, expect NO_CREDENTIALS", "Send GA request with no pin_auth, expect NO_CREDENTIALS",
# rp["id"], rp["id"],
# cdh, cdh,
# expectedError=CtapError.ERR.NO_CREDENTIALS, expectedError=CtapError.ERR.NO_CREDENTIALS,
# ) )
res = self.testCP( res = self.testCP(
"Test getRetries, expect SUCCESS", "Test getRetries, expect SUCCESS",