From 821880a8d6d999afc16161e83fd0b51fda0687ab Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Wed, 20 Mar 2019 15:45:10 -0400 Subject: [PATCH] parse extension info in MC --- fido2/ctap.c | 21 +++++++++++++--- fido2/ctap.h | 6 +++++ fido2/ctap_parse.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 4 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index f110ef3..ea14e62 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -69,6 +69,8 @@ uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) } + + uint8_t ctap_get_info(CborEncoder * encoder) { int ret; @@ -77,16 +79,14 @@ uint8_t ctap_get_info(CborEncoder * encoder) CborEncoder options; CborEncoder pins; - const int number_of_versions = 2; - - ret = cbor_encoder_create_map(encoder, &map, 5); + ret = cbor_encoder_create_map(encoder, &map, 6); check_ret(ret); { ret = cbor_encode_uint(&map, RESP_versions); // versions key check_ret(ret); { - ret = cbor_encoder_create_array(&map, &array, number_of_versions); + ret = cbor_encoder_create_array(&map, &array, 2); check_ret(ret); { ret = cbor_encode_text_stringz(&array, "U2F_V2"); @@ -98,6 +98,19 @@ uint8_t ctap_get_info(CborEncoder * encoder) check_ret(ret); } + ret = cbor_encode_uint(&map, RESP_extensions); + check_ret(ret); + { + ret = cbor_encoder_create_array(&map, &array, 1); + check_ret(ret); + { + ret = cbor_encode_text_stringz(&array, "hmac-secret"); + check_ret(ret); + } + ret = cbor_encoder_close_container(&map, &array); + check_ret(ret); + } + ret = cbor_encode_uint(&map, RESP_aaguid); check_ret(ret); { diff --git a/fido2/ctap.h b/fido2/ctap.h index a3a8783..797df60 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -181,6 +181,11 @@ struct rpId uint8_t name[RP_NAME_LIMIT]; }; +typedef struct +{ + uint8_t hmac_secret; +} CTAP_extensions; + typedef struct { uint32_t paramsParsed; @@ -201,6 +206,7 @@ typedef struct uint8_t pinAuth[16]; uint8_t pinAuthPresent; int pinProtocol; + CTAP_extensions extensions; } CTAP_makeCredential; diff --git a/fido2/ctap_parse.c b/fido2/ctap_parse.c index c432e70..43287e1 100644 --- a/fido2/ctap_parse.c +++ b/fido2/ctap_parse.c @@ -556,6 +556,67 @@ uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv, uint8_t * up) return 0; } +uint8_t ctap_parse_extensions(CTAP_extensions * ext, CborValue * val) +{ + CborValue map; + size_t sz, map_length; + uint8_t key[16]; + uint8_t ret; + int i; + bool b; + + if (cbor_value_get_type(val) != CborMapType) + { + printf2(TAG_ERR,"error, wrong type\n"); + return CTAP2_ERR_INVALID_CBOR_TYPE; + } + + ret = cbor_value_enter_container(val, &map); + check_ret(ret); + + ret = cbor_value_get_map_length(val, &map_length); + check_ret(ret); + + for (i = 0; i < map_length; i++) + { + if (cbor_value_get_type(&map) != CborTextStringType) + { + printf2(TAG_ERR,"Error, expecting text string type for options map key, got %s\n", cbor_value_get_type_string(&map)); + return CTAP2_ERR_INVALID_CBOR_TYPE; + } + sz = sizeof(key); + ret = cbor_value_copy_text_string(&map, key, &sz, NULL); + + if (ret == CborErrorOutOfMemory) + { + printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n"); + cbor_value_advance(&map); + cbor_value_advance(&map); + continue; + } + check_ret(ret); + key[sizeof(key) - 1] = 0; + + ret = cbor_value_advance(&map); + check_ret(ret); + + if (cbor_value_get_type(&map) == CborBooleanType) + { + if (strncmp(key, "hmac-secret",11) == 0) + { + ret = cbor_value_get_boolean(&map, &b); + check_ret(ret); + ext->hmac_secret = b; + printf1(TAG_CTAP, "set hmac-secret to %d\r\n", b); + } + } + + ret = cbor_value_advance(&map); + check_ret(ret); + } + return 0; +} + uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length) { int ret; @@ -665,6 +726,8 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod { return CTAP2_ERR_INVALID_CBOR_TYPE; } + ret = ctap_parse_extensions(&MC->extensions, &map); + check_retr(ret); break; case MC_options: