shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Add support for the security manager in Google Chrome

Browse Source 
This patch fixes the following issues to make Google Chrome happy:
1. Adds CTAP_CBOR_CRED_MGMT(0x0A) which is an alias to CTAP_CBOR_CRED_MGMT_PRE(0x41)
2. Returns success instead of NO_CREDENTIALS when there are no RKs
3. Skip the "icon" property if it's empty

Tested with Google Chrome Version 80.0.3987.149
This commit is contained in:
Radoslav Gerganov 2020-03-26 18:07:06 +02:00
parent 08cd76d50c
commit 5043c6877c
2 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fido2/ctap.c
View File

@ -1034,29 +1034,30 @@ uint8_t ctap_add_user_entity(CborEncoder * map, CTAP_userEntity * user, int is_v
CborEncoder entity; CborEncoder entity;
int dispname = (user->name[0] != 0) && is_verified; int dispname = (user->name[0] != 0) && is_verified;
int ret; int ret;
int map_size = 1;
if (dispname) if (dispname)
ret = cbor_encoder_create_map(map, &entity, 4); {
else map_size = strlen(user->icon) > 0 ? 4 : 3;
ret = cbor_encoder_create_map(map, &entity, 1); }
ret = cbor_encoder_create_map(map, &entity, map_size);
check_ret(ret); check_ret(ret);
{
ret = cbor_encode_text_string(&entity, "id", 2); ret = cbor_encode_text_string(&entity, "id", 2);
check_ret(ret); check_ret(ret);
ret = cbor_encode_byte_string(&entity, user->id, user->id_size); ret = cbor_encode_byte_string(&entity, user->id, user->id_size);
check_ret(ret); check_ret(ret);
}
if (dispname) if (dispname)
{ {
if (strlen(user->icon) > 0)
{
ret = cbor_encode_text_string(&entity, "icon", 4); ret = cbor_encode_text_string(&entity, "icon", 4);
check_ret(ret); check_ret(ret);
ret = cbor_encode_text_stringz(&entity, (const char *)user->icon); ret = cbor_encode_text_stringz(&entity, (const char *)user->icon);
check_ret(ret); check_ret(ret);
}
ret = cbor_encode_text_string(&entity, "name", 4); ret = cbor_encode_text_string(&entity, "name", 4);
check_ret(ret); check_ret(ret);
@ -1592,7 +1593,7 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
if (STATE.rk_stored == 0 && CM.cmd != CM_cmdMetadata) if (STATE.rk_stored == 0 && CM.cmd != CM_cmdMetadata)
{ {
printf2(TAG_ERR,"No resident keys\n"); printf2(TAG_ERR,"No resident keys\n");
return CTAP2_ERR_NO_CREDENTIALS; return 0;
} }
if (CM.cmd == CM_cmdRPBegin) if (CM.cmd == CM_cmdRPBegin)
{ {
@ -2192,6 +2193,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
{ {
case CTAP_MAKE_CREDENTIAL: case CTAP_MAKE_CREDENTIAL:
case CTAP_GET_ASSERTION: case CTAP_GET_ASSERTION:
case CTAP_CBOR_CRED_MGMT:
case CTAP_CBOR_CRED_MGMT_PRE: case CTAP_CBOR_CRED_MGMT_PRE:
if (ctap_device_locked()) if (ctap_device_locked())
{ {
@ -2274,6 +2276,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
status = CTAP2_ERR_NOT_ALLOWED; status = CTAP2_ERR_NOT_ALLOWED;
} }
break; break;
case CTAP_CBOR_CRED_MGMT:
case CTAP_CBOR_CRED_MGMT_PRE: case CTAP_CBOR_CRED_MGMT_PRE:
printf1(TAG_CTAP,"CTAP_CBOR_CRED_MGMT_PRE\n"); printf1(TAG_CTAP,"CTAP_CBOR_CRED_MGMT_PRE\n");
status = ctap_cred_mgmt(&encoder, pkt_raw, length); status = ctap_cred_mgmt(&encoder, pkt_raw, length);

1
fido2/ctap.h
View File

@ -16,6 +16,7 @@
#define CTAP_CLIENT_PIN 0x06 #define CTAP_CLIENT_PIN 0x06
#define CTAP_RESET 0x07 #define CTAP_RESET 0x07
#define GET_NEXT_ASSERTION 0x08 #define GET_NEXT_ASSERTION 0x08
#define CTAP_CBOR_CRED_MGMT 0x0A
#define CTAP_VENDOR_FIRST 0x40 #define CTAP_VENDOR_FIRST 0x40
#define CTAP_CBOR_CRED_MGMT_PRE 0x41 #define CTAP_CBOR_CRED_MGMT_PRE 0x41
#define CTAP_VENDOR_LAST 0xBF #define CTAP_VENDOR_LAST 0xBF