bugfix/skip-auth for fido2 extension

2019-02-14 15:53:02 -05:00
parent 0651316da5
commit 6745c9a0cb
4 changed files with 54 additions and 6 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -777,7 +777,18 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
        if (! ctap_authenticate_credential(&GA->rp, &GA->creds[i]))
        {
            printf1(TAG_GA, "CRED #%d is invalid\n", GA->creds[i].credential.id.count);
-            GA->creds[i].credential.id.count = 0;      // invalidate
+#ifdef ENABLE_U2F_EXTENSIONS
+            if (is_extension_request((uint8_t*)&GA->creds[i].credential.id, sizeof(CredentialId)))
+            {
+                printf1(TAG_EXT, "CRED #%d is extension\n", GA->creds[i].credential.id.count);
+                count++;
+            }
+            else
+#endif
+            {
+                GA->creds[i].credential.id.count = 0;      // invalidate
+            }
+
        }
        else
        {
@@ -999,8 +1010,20 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
    ret = cbor_encoder_create_map(encoder, &map, map_size);
    check_ret(ret);

-    ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0);
-    check_retr(ret);
+#ifdef ENABLE_U2F_EXTENSIONS
+    if ( is_extension_request((uint8_t*)&GA.creds[validCredCount - 1].credential.id, sizeof(CredentialId)) )
+    {
+        ret = cbor_encode_int(&map,RESP_authData);
+        check_ret(ret);
+        ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(CTAP_authDataHeader));
+        check_ret(ret);
+    }
+    else
+#endif
+    {
+        ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0);
+        check_retr(ret);
+    }

    /*for (int j = 0; j < GA.credLen; j++)*/
    /*{*/
--- a/fido2/extensions/extensions.c
+++ b/fido2/extensions/extensions.c
@@ -82,7 +82,7 @@ int16_t extend_fido2(CredentialId * credid, uint8_t * output)
 {
    if (is_extension_request((uint8_t*)credid, sizeof(CredentialId)))
    {
-        bridge_u2f_to_solo(output, (uint8_t*)credid, sizeof(CredentialId));
+        output[0] = bridge_u2f_to_solo(output+1, (uint8_t*)credid, sizeof(CredentialId));
        return 1;
    }
    else
--- a/fido2/extensions/solo.c
+++ b/fido2/extensions/solo.c
@@ -31,7 +31,7 @@
 #include "log.h"
 #include APP_CONFIG

-// output must be at least 72 bytes
+// output must be at least 71 bytes
 int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
 {
    int8_t ret = 0;