shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

change how pin is enforced for GA

Browse Source
This commit is contained in:
Conor Patrick 2019-03-26 19:00:12 -04:00
parent 4e21c0bd8f
commit 893d4131b2
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
fido2/ctap.c
View File

@ -1105,19 +1105,15 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
return ret; return ret;
} }
if (ctap_is_pin_set() && GA.pinAuthPresent == 0) if (GA.pinAuthPresent)
{ {
printf2(TAG_ERR,"pinAuth is required\n"); ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
return CTAP2_ERR_PIN_REQUIRED; check_retr(ret);
getAssertionState.user_verified = 1;
} }
else else
{ {
if (ctap_is_pin_set() || (GA.pinAuthPresent)) getAssertionState.user_verified = 0;
{
ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
check_retr(ret);
getAssertionState.user_verified = 1;
}
} }
if (!GA.rp.size || !GA.clientDataHashPresent) if (!GA.rp.size || !GA.clientDataHashPresent)
@ -1198,6 +1194,9 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL); ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL);
check_retr(ret); check_retr(ret);
((CTAP_authData *)auth_data_buf)->head.flags &= ~(1 << 2);
((CTAP_authData *)auth_data_buf)->head.flags |= (getAssertionState.user_verified << 2);
{ {
unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - len; unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - len;
uint8_t * ext_encoder_buf = auth_data_buf + len; uint8_t * ext_encoder_buf = auth_data_buf + len;