Add checks to use U2F key if necessary

fido2/u2f.c

@@ -183,21 +183,21 @@ int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pu
 }
 
 
-
-static int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid)
+// Return 1 if authenticate, 0 if not.
+int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
 {
     uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
     u2f_make_auth_tag(kh, appid, tag);
     if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
     {
-        return 0;
+        return 1;
     }
     else
     {
         printf1(TAG_U2F, "key handle + appid not authentic\n");
         printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
         printf1(TAG_U2F, "inp  tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
-        return -1;
+        return 0;
     }
 }
 
@@ -214,7 +214,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
     if (control == U2F_AUTHENTICATE_CHECK)
     {
         printf1(TAG_U2F, "CHECK-ONLY\r\n");
-        if (u2f_appid_eq(&req->kh, req->app) == 0)
+        if (u2f_authenticate_credential(&req->kh, req->app))
         {
             return U2F_SW_CONDITIONS_NOT_SATISFIED;
         }
@@ -226,7 +226,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
     if (
             (control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
             req->khl != U2F_KEY_HANDLE_SIZE ||
-            u2f_appid_eq(&req->kh, req->app) != 0 ||     // Order of checks is important
+            (!u2f_authenticate_credential(&req->kh, req->app)) ||     // Order of checks is important
             u2f_load_key(&req->kh, req->app) != 0
 
         )