shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

prep for next credential

Browse Source
This commit is contained in:
Conor Patrick 2018-05-22 23:27:19 -04:00
parent e04aa8ffd6
commit a21c8058e1
3 changed files with 45 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ctap.c
View File

@ -23,6 +23,11 @@ static uint8_t PIN_CODE[NEW_PIN_ENC_MAX_SIZE];
static uint8_t PIN_CODE_HASH[32]; static uint8_t PIN_CODE_HASH[32];
static uint8_t DEVICE_LOCKOUT = 0; static uint8_t DEVICE_LOCKOUT = 0;
static struct {
CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
uint8_t lastcmd;
uint32_t count;
} getAssertionState;
uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
{ {
@ -46,7 +51,6 @@ uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
} }
uint8_t ctap_get_info(CborEncoder * encoder) uint8_t ctap_get_info(CborEncoder * encoder)
{ {
int ret; int ret;
@ -591,6 +595,21 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0); ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0);
printf1(TAG_GA, "ALLOW_LIST has %d creds\n", GA.credLen);
for (int j = 0; j < GA.credLen; j++)
{
printf1(TAG_GA,"CRED ID (# %d): ", GA.creds[j].credential.fields.count);
dump_hex1(TAG_GA, GA.creds[j].credential.id, CREDENTIAL_ID_SIZE);
if (ctap_authenticate_credential(&GA.rp, &GA.creds[j])) // warning encryption will break this
{
printf1(TAG_GA," Authenticated.\n");
}
else
{
printf1(TAG_GA," NOT authentic.\n");
}
}
int pick = pick_first_authentic_credential(&GA); // TODO let this handle decryption? lazy? int pick = pick_first_authentic_credential(&GA); // TODO let this handle decryption? lazy?
if (pick == -1) if (pick == -1)
{ {
@ -862,6 +881,15 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
return 0; return 0;
} }
static void save_credential_list(CTAP_credentialDescriptor * creds, uint32_t count)
{
memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * count);
getAssertionState.count = count;
}
uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
{ {
uint8_t status = 0; uint8_t status = 0;
@ -952,6 +980,7 @@ uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
} }
done: done:
getAssertionState.lastcmd = cmd;
if (status != CTAP1_ERR_SUCCESS) if (status != CTAP1_ERR_SUCCESS)
{ {

24
ctap_parse.c
View File

@ -155,7 +155,7 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
} }
int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type) uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type)
{ {
CborValue map; CborValue map;
CborValue cred; CborValue cred;
@ -290,7 +290,7 @@ uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len)
} }
int parse_rp_id(struct rpId * rp, CborValue * val) uint8_t parse_rp_id(struct rpId * rp, CborValue * val)
{ {
size_t sz = DOMAIN_NAME_MAX_SIZE; size_t sz = DOMAIN_NAME_MAX_SIZE;
int ret = cbor_value_copy_text_string(val, rp->id, &sz, NULL); int ret = cbor_value_copy_text_string(val, rp->id, &sz, NULL);
@ -604,7 +604,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
return 0; return 0;
} }
int parse_allow_list(CTAP_getAssertion * GA, CborValue * it) uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
{ {
CborValue arr, val; CborValue arr, val;
size_t len,buflen; size_t len,buflen;
@ -686,7 +686,7 @@ int parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
} }
int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length) uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length)
{ {
int ret; int ret;
int i,j; int i,j;
@ -753,19 +753,7 @@ int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int leng
ret = parse_allow_list(GA, &map); ret = parse_allow_list(GA, &map);
if (ret == 0) if (ret == 0)
{ {
/*for (j = 0; j < GA->credLen; j++)*/
/*{*/
/*printf1(TAG_GA,"CRED ID (# %d): ", GA->creds[j].credential.fields.count);*/
/*dump_hex1(TAG_GA, GA->creds[j].credential.id, CREDENTIAL_ID_SIZE);*/
/*if (ctap_authenticate_credential(&GA->rp, &GA->creds[j])) // warning encryption will break this*/
/*{*/
/*printf1(TAG_GA," Authenticated.\n");*/
/*}*/
/*else*/
/*{*/
/*printf1(TAG_GA," NOT authentic.\n");*/
/*}*/
/*}*/
} }
break; break;
case GA_extensions: case GA_extensions:
@ -911,7 +899,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
return 0; return 0;
} }
int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length) uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length)
{ {
int ret; int ret;
int i,j; int i,j;

17
ctap_parse.h
View File

@ -16,19 +16,20 @@ const char * cbor_value_get_type_string(const CborValue *value);
uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val); uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val);
int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type); uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type);
uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val); uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val);
uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len); uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len);
int parse_rp_id(struct rpId * rp, CborValue * val); uint8_t parse_rp_id(struct rpId * rp, CborValue * val);
uint8_t parse_rp(struct rpId * rp, CborValue * val); uint8_t parse_rp(struct rpId * rp, CborValue * val);
uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv); uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv);
uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it);
uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
int parse_allow_list(CTAP_getAssertion * GA, CborValue * it);
uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv); uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv);
uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
#endif #endif