From 8020e868f92153a49c1f9b4fbead13b89ee64267 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 18 May 2018 12:20:22 -0400 Subject: [PATCH] verify the pinAuth parameter with hmac --- crypto.c | 38 ++++++++++++++++++++++++++++++++++++++ crypto.h | 1 + ctap.c | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/crypto.c b/crypto.c index 1e7bddb..cb2614a 100644 --- a/crypto.c +++ b/crypto.c @@ -54,6 +54,44 @@ void crypto_sha256_final(uint8_t * hash) sha256_final(&sha256_ctx, hash); } +void crypto_sha256_hmac(uint8_t * key, uint32_t klen, uint8_t * data, uint32_t datalen, uint8_t * hmac) +{ + uint8_t buf[64]; + int i; + memset(buf, 0, sizeof(buf)); + + if(klen > 64) + { + printf("Error, key size must be <= 64\n"); + exit(1); + } + + memmove(buf, key, klen); + + for (i = 0; i < sizeof(buf); i++) + { + buf[i] = buf[i] ^ 0x36; + } + + crypto_sha256_init(); + crypto_sha256_update(buf, 64); + crypto_sha256_update(data, datalen); + crypto_sha256_final(hmac); + + memset(buf, 0, sizeof(buf)); + memmove(buf, key, klen); + + for (i = 0; i < sizeof(buf); i++) + { + buf[i] = buf[i] ^ 0x5c; + } + + crypto_sha256_init(); + crypto_sha256_update(buf, 64); + crypto_sha256_update(hmac, 32); + crypto_sha256_final(hmac); +} + void crypto_ecc256_init() { diff --git a/crypto.h b/crypto.h index 2742f8f..af64dcb 100644 --- a/crypto.h +++ b/crypto.h @@ -9,6 +9,7 @@ void crypto_sha256_update(uint8_t * data, size_t len); void crypto_sha256_update_secret(); void crypto_sha256_final(uint8_t * hash); +void crypto_sha256_hmac(uint8_t * key, uint32_t klen, uint8_t * data, uint32_t datalen, uint8_t * hmac); void crypto_ecc256_init(); void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y); diff --git a/ctap.c b/ctap.c index 9f8c17a..f1758f3 100644 --- a/ctap.c +++ b/ctap.c @@ -117,6 +117,26 @@ static const char * cbor_value_get_type_string(const CborValue *value) /*return CborNoError;*/ /*}*/ +uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) +{ + uint8_t hmac[32]; + crypto_sha256_hmac(PIN_TOKEN, PIN_TOKEN_SIZE, clientDataHash, CLIENT_DATA_HASH_SIZE, hmac); + + if (memcmp(pinAuth, hmac, 16) == 0) + { + return 0; + } + else + { + printf2(TAG_ERR,"Pin auth failed\n"); + dump_hex1(TAG_ERR,pinAuth,16); + dump_hex1(TAG_ERR,hmac,16); + return CTAP2_ERR_PIN_AUTH_INVALID; + } + +} + + uint8_t ctap_get_info(CborEncoder * encoder) { int ret; @@ -1036,6 +1056,12 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt printf2(TAG_ERR,"pinAuth is required\n"); return CTAP2_ERR_PIN_REQUIRED; } + else + { + ret = verify_pin_auth(MC.pinAuth, MC.clientDataHash); + check_retr(ret); + } + CborEncoder map; @@ -1393,6 +1419,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) printf2(TAG_ERR,"pinAuth is required\n"); return CTAP2_ERR_PIN_REQUIRED; } + else + { + ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash); + check_retr(ret); + } CborEncoder map; @@ -1700,6 +1731,7 @@ uint8_t ctap_add_pin_if_verified(CborEncoder * map, uint8_t * platform_pubkey, u printf2(TAG_ERR,"Pin does not match!\n"); printf2(TAG_ERR,"platform-pin-hash: "); dump_hex1(TAG_ERR, pinHashEnc, 16); printf2(TAG_ERR,"authentic-pin-hash: "); dump_hex1(TAG_ERR, PIN_CODE_HASH, 16); + // Generate new keyAgreement pair crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV); return CTAP2_ERR_PIN_INVALID; } @@ -1882,7 +1914,7 @@ void ctap_init() crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV); - // TODO this should be stored in flash memory + // TODO this doesn't have to happen at every boot up memset(PIN_CODE,0,sizeof(PIN_CODE)); memmove(PIN_CODE, "1234", 4); PIN_CODE_SET = 1;