diff --git a/fido2/ctap.c b/fido2/ctap.c index 7b506ed..024d883 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -416,20 +416,16 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf } -static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo, CTAP_extensions * ext) +static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo) { CborEncoder cose_key; unsigned int auth_data_sz = sizeof(CTAP_authDataHeader); - unsigned int ext_encoder_buf_size; - - int ret; uint32_t count; CTAP_residentKey rk, rk2; CTAP_authData * authData = (CTAP_authData *)auth_data_buf; uint8_t * cose_key_buf = auth_data_buf + sizeof(CTAP_authData); - uint8_t * ext_encoder_buf = NULL; if((sizeof(CTAP_authDataHeader)) > *len) { @@ -526,27 +522,9 @@ done_rk: } - if (ext != NULL) - { - ext_encoder_buf_size = *len - auth_data_sz; - ext_encoder_buf = auth_data_buf + auth_data_sz; - ret = ctap_make_extensions(ext, ext_encoder_buf, &ext_encoder_buf_size); - check_retr(ret); - if (ext_encoder_buf_size) - { - authData->head.flags |= (1 << 7); - auth_data_sz += ext_encoder_buf_size; - } - } - { - ret = cbor_encode_int(map,RESP_authData); - check_ret(ret); - ret = cbor_encode_byte_string(map, auth_data_buf, auth_data_sz); - check_ret(ret); - } *len = auth_data_sz; return 0; @@ -743,10 +721,16 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt uint32_t auth_data_sz = sizeof(auth_data_buf); ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, &auth_data_sz, - &MC.credInfo,NULL); - + &MC.credInfo); check_retr(ret); + { + ret = cbor_encode_int(&map,RESP_authData); + check_ret(ret); + ret = cbor_encode_byte_string(&map, auth_data_buf, auth_data_sz); + check_ret(ret); + } + crypto_ecc256_load_attestation_key(); int sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_sz, MC.clientDataHash, auth_data_buf, sigbuf, sigder); printf1(TAG_MC,"der sig [%d]: ", sigder_sz); dump_hex1(TAG_MC, sigder, sigder_sz); @@ -1186,8 +1170,28 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) #endif { uint32_t len = sizeof(auth_data_buf); - ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL, &GA.extensions); + ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &len, NULL); check_retr(ret); + + { + unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - len; + uint8_t * ext_encoder_buf = auth_data_buf + len; + + ret = ctap_make_extensions(&GA.extensions, ext_encoder_buf, &ext_encoder_buf_size); + check_retr(ret); + if (ext_encoder_buf_size) + { + ((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 7); + len += ext_encoder_buf_size; + } + } + + { + ret = cbor_encode_int(&map,RESP_authData); + check_ret(ret); + ret = cbor_encode_byte_string(&map, auth_data_buf, len); + check_ret(ret); + } } save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1); // skip last one diff --git a/targets/stm32l432/build/application.mk b/targets/stm32l432/build/application.mk index 1dfa8b8..c64e9cf 100644 --- a/targets/stm32l432/build/application.mk +++ b/targets/stm32l432/build/application.mk @@ -46,7 +46,7 @@ DEFINES = -DDEBUG_LEVEL=$(DEBUG) -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAP CFLAGS=$(INC) -c $(DEFINES) -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -fdata-sections -ffunction-sections \ -fomit-frame-pointer $(HW) -g $(VERSION_FLAGS) -LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -u _printf_float -lnosys +LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -lnosys LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -Wl,-Bstatic -ltinycbor ECC_CFLAGS = $(CFLAGS) -DuECC_PLATFORM=5 -DuECC_OPTIMIZATION_LEVEL=4 -DuECC_SQUARE_FUNC=1 -DuECC_SUPPORT_COMPRESSED_POINT=0