diff --git a/ctap.c b/ctap.c index 260be5f..4adef7f 100644 --- a/ctap.c +++ b/ctap.c @@ -23,6 +23,11 @@ static uint8_t PIN_CODE[NEW_PIN_ENC_MAX_SIZE]; static uint8_t PIN_CODE_HASH[32]; static uint8_t DEVICE_LOCKOUT = 0; +static struct { + CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE]; + uint8_t lastcmd; + uint32_t count; +} getAssertionState; uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) { @@ -46,7 +51,6 @@ uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) } - uint8_t ctap_get_info(CborEncoder * encoder) { int ret; @@ -591,6 +595,21 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0); + printf1(TAG_GA, "ALLOW_LIST has %d creds\n", GA.credLen); + for (int j = 0; j < GA.credLen; j++) + { + printf1(TAG_GA,"CRED ID (# %d): ", GA.creds[j].credential.fields.count); + dump_hex1(TAG_GA, GA.creds[j].credential.id, CREDENTIAL_ID_SIZE); + if (ctap_authenticate_credential(&GA.rp, &GA.creds[j])) // warning encryption will break this + { + printf1(TAG_GA," Authenticated.\n"); + } + else + { + printf1(TAG_GA," NOT authentic.\n"); + } + } + int pick = pick_first_authentic_credential(&GA); // TODO let this handle decryption? lazy? if (pick == -1) { @@ -862,6 +881,15 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length) return 0; } + +static void save_credential_list(CTAP_credentialDescriptor * creds, uint32_t count) +{ + memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * count); + getAssertionState.count = count; +} + + + uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) { uint8_t status = 0; @@ -952,6 +980,7 @@ uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) } done: + getAssertionState.lastcmd = cmd; if (status != CTAP1_ERR_SUCCESS) { diff --git a/ctap_parse.c b/ctap_parse.c index 47732e3..f54afc6 100644 --- a/ctap_parse.c +++ b/ctap_parse.c @@ -155,7 +155,7 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val) } -int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type) +uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type) { CborValue map; CborValue cred; @@ -290,7 +290,7 @@ uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len) } -int parse_rp_id(struct rpId * rp, CborValue * val) +uint8_t parse_rp_id(struct rpId * rp, CborValue * val) { size_t sz = DOMAIN_NAME_MAX_SIZE; int ret = cbor_value_copy_text_string(val, rp->id, &sz, NULL); @@ -604,7 +604,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod return 0; } -int parse_allow_list(CTAP_getAssertion * GA, CborValue * it) +uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it) { CborValue arr, val; size_t len,buflen; @@ -686,7 +686,7 @@ int parse_allow_list(CTAP_getAssertion * GA, CborValue * it) } -int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length) +uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length) { int ret; int i,j; @@ -753,19 +753,7 @@ int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int leng ret = parse_allow_list(GA, &map); if (ret == 0) { - /*for (j = 0; j < GA->credLen; j++)*/ - /*{*/ - /*printf1(TAG_GA,"CRED ID (# %d): ", GA->creds[j].credential.fields.count);*/ - /*dump_hex1(TAG_GA, GA->creds[j].credential.id, CREDENTIAL_ID_SIZE);*/ - /*if (ctap_authenticate_credential(&GA->rp, &GA->creds[j])) // warning encryption will break this*/ - /*{*/ - /*printf1(TAG_GA," Authenticated.\n");*/ - /*}*/ - /*else*/ - /*{*/ - /*printf1(TAG_GA," NOT authentic.\n");*/ - /*}*/ - /*}*/ + } break; case GA_extensions: @@ -911,7 +899,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int return 0; } -int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length) +uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length) { int ret; int i,j; diff --git a/ctap_parse.h b/ctap_parse.h index 07710cd..9e0d566 100644 --- a/ctap_parse.h +++ b/ctap_parse.h @@ -16,19 +16,20 @@ const char * cbor_value_get_type_string(const CborValue *value); uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val); -int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type); +uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type); uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val); uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len); -int parse_rp_id(struct rpId * rp, CborValue * val); +uint8_t parse_rp_id(struct rpId * rp, CborValue * val); uint8_t parse_rp(struct rpId * rp, CborValue * val); uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv); - -uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length); -int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length); -int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length); - -int parse_allow_list(CTAP_getAssertion * GA, CborValue * it); +uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it); uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv); + +uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length); +uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length); +uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length); + + #endif