shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

prep for next credential

Browse Source
This commit is contained in:
Conor Patrick 2018-05-22 23:27:19 -04:00
parent e04aa8ffd6
commit a21c8058e1
3 changed files with 45 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ctap.c
View File

@ -23,6 +23,11 @@ static uint8_t PIN_CODE[NEW_PIN_ENC_MAX_SIZE];
static uint8_t PIN_CODE_HASH[32];
static uint8_t DEVICE_LOCKOUT = 0;
static struct {
CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
uint8_t lastcmd;
uint32_t count;
} getAssertionState;
uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
{
@ -46,7 +51,6 @@ uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
}
uint8_t ctap_get_info(CborEncoder * encoder)
{
int ret;
@ -591,6 +595,21 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0);
printf1(TAG_GA, "ALLOW_LIST has %d creds\n", GA.credLen);
for (int j = 0; j < GA.credLen; j++)
{
printf1(TAG_GA,"CRED ID (# %d): ", GA.creds[j].credential.fields.count);
dump_hex1(TAG_GA, GA.creds[j].credential.id, CREDENTIAL_ID_SIZE);
if (ctap_authenticate_credential(&GA.rp, &GA.creds[j])) // warning encryption will break this
{
printf1(TAG_GA," Authenticated.\n");
}
else
{
printf1(TAG_GA," NOT authentic.\n");
}
}
int pick = pick_first_authentic_credential(&GA); // TODO let this handle decryption? lazy?
if (pick == -1)
{
@ -862,6 +881,15 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
return 0;
}
static void save_credential_list(CTAP_credentialDescriptor * creds, uint32_t count)
{
memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * count);
getAssertionState.count = count;
}
uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
{
uint8_t status = 0;
@ -952,6 +980,7 @@ uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
}
done:
getAssertionState.lastcmd = cmd;
if (status != CTAP1_ERR_SUCCESS)
{

24
ctap_parse.c
View File

@ -155,7 +155,7 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
}
int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type)
uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type)
{
CborValue map;
CborValue cred;
@ -290,7 +290,7 @@ uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len)
}
int parse_rp_id(struct rpId * rp, CborValue * val)
uint8_t parse_rp_id(struct rpId * rp, CborValue * val)
{
size_t sz = DOMAIN_NAME_MAX_SIZE;
int ret = cbor_value_copy_text_string(val, rp->id, &sz, NULL);
@ -604,7 +604,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
return 0;
}
int parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
{
CborValue arr, val;
size_t len,buflen;
@ -686,7 +686,7 @@ int parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
}
int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length)
uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length)
{
int ret;
int i,j;
@ -753,19 +753,7 @@ int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int leng
ret = parse_allow_list(GA, &map);
if (ret == 0)
{
/*for (j = 0; j < GA->credLen; j++)*/
/*{*/
/*printf1(TAG_GA,"CRED ID (# %d): ", GA->creds[j].credential.fields.count);*/
/*dump_hex1(TAG_GA, GA->creds[j].credential.id, CREDENTIAL_ID_SIZE);*/
/*if (ctap_authenticate_credential(&GA->rp, &GA->creds[j])) // warning encryption will break this*/
/*{*/
/*printf1(TAG_GA," Authenticated.\n");*/
/*}*/
/*else*/
/*{*/
/*printf1(TAG_GA," NOT authentic.\n");*/
/*}*/
/*}*/
}
break;
case GA_extensions:
@ -911,7 +899,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
return 0;
}
int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length)
uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length)
{
int ret;
int i,j;

17
ctap_parse.h
View File

@ -16,19 +16,20 @@ const char * cbor_value_get_type_string(const CborValue *value);
uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val);
int parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type);
uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type);
uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val);
uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len);
int parse_rp_id(struct rpId * rp, CborValue * val);
uint8_t parse_rp_id(struct rpId * rp, CborValue * val);
uint8_t parse_rp(struct rpId * rp, CborValue * val);
uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv);
uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
int ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
int ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
int parse_allow_list(CTAP_getAssertion * GA, CborValue * it);
uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it);
uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv);
uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
#endif