shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

fix u2f user presence check, added dont-enforce-user-presence-and-sign, fix counter

Browse Source
This commit is contained in:
merlokk 2019-02-01 20:00:13 +02:00
parent e996d470f9
commit 5c8acdd666
2 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fido2/u2f.c
View File

@ -233,8 +233,8 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
} }
} }
if ( if (
control != U2F_AUTHENTICATE_SIGN || (control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
req->khl != U2F_KEY_HANDLE_SIZE || req->khl != U2F_KEY_HANDLE_SIZE ||
u2f_appid_eq(&req->kh, req->app) != 0 || // Order of checks is important u2f_appid_eq(&req->kh, req->app) != 0 || // Order of checks is important
u2f_load_key(&req->kh, req->app) != 0 u2f_load_key(&req->kh, req->app) != 0
@ -243,9 +243,11 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
return U2F_SW_WRONG_PAYLOAD; return U2F_SW_WRONG_PAYLOAD;
} }
// dont-enforce-user-presence-and-sign
if (control == U2F_AUTHENTICATE_SIGN_NO_USER)
up = 0;
if(!fromNFC && up)
if(!fromNFC)
{ {
if (ctap_user_presence_test() == 0) if (ctap_user_presence_test() == 0)
{ {
@ -254,21 +256,26 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
} }
count = ctap_atomic_count(0); count = ctap_atomic_count(0);
uint8_t vcount[4];
vcount[3] = (count) & 0xff;
vcount[2] = (count >> 8) & 0xff;
vcount[1] = (count >> 16) & 0xff;
vcount[0] = (count >> 24) & 0xff;
crypto_sha256_init(); crypto_sha256_init();
crypto_sha256_update(req->app,32); crypto_sha256_update(req->app, 32);
crypto_sha256_update(&up,1); crypto_sha256_update(&up, 1);
crypto_sha256_update((uint8_t *)&count,4); crypto_sha256_update(vcount, 4);
crypto_sha256_update(req->chal,32); crypto_sha256_update(req->chal, 32);
crypto_sha256_final(hash); crypto_sha256_final(hash);
printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32); printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F, hash, 32);
crypto_ecc256_sign(hash, 32, sig); crypto_ecc256_sign(hash, 32, sig);
u2f_response_writeback(&up,1); u2f_response_writeback(&up, 1);
u2f_response_writeback((uint8_t *)&count,4); u2f_response_writeback(vcount, 4);
dump_signature_der(sig); dump_signature_der(sig);
return U2F_SW_NO_ERROR; return U2F_SW_NO_ERROR;

1
fido2/u2f.h
View File

@ -53,6 +53,7 @@
// U2F Authenticate // U2F Authenticate
#define U2F_AUTHENTICATE_CHECK 0x7 #define U2F_AUTHENTICATE_CHECK 0x7
#define U2F_AUTHENTICATE_SIGN 0x3 #define U2F_AUTHENTICATE_SIGN 0x3
#define U2F_AUTHENTICATE_SIGN_NO_USER 0x8
// Command status responses // Command status responses