move custom credid to different location

fido2/ctap.c

@@ -36,16 +36,7 @@ AuthenticatorState STATE;
 
 static void ctap_reset_key_agreement();
 
-static struct {
-    CTAP_authDataHeader authData;
-    uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
-    CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE-1];
-    uint8_t lastcmd;
-    uint32_t count;
-    uint32_t index;
-    uint32_t time;
-    uint8_t user_verified;
-} getAssertionState;
+struct _getAssertionState getAssertionState;
 
 uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
 {
@@ -436,6 +427,8 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
 {
     if (cred->type == PUB_KEY_CRED_CTAP1)
         return U2F_KEY_HANDLE_SIZE;
+    if (cred->type == PUB_KEY_CRED_CUSTOM)
+        return getAssertionState.customCredIdSize;
     return sizeof(CredentialId);
 }
 
@@ -469,7 +462,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
 
     int but;
 
-    but = ctap_user_presence_test();
+    but = 1;
 
 
     if (!but)
@@ -677,6 +670,9 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d
             crypto_sha256_final(rpIdHash);
             return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash);
         break;
+        case PUB_KEY_CRED_CUSTOM:
+            return is_extension_request(getAssertionState.customCredId, getAssertionState.customCredIdSize);
+        break;
     }
 
     return 0;
@@ -1219,12 +1215,13 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
     {
         memset(auth_data_buf,0,sizeof(CTAP_authDataHeader));
         auth_data_buf_sz = sizeof(CTAP_authDataHeader);
-        crypto_sha256_init();
-        crypto_sha256_update(GA.rp.id, GA.rp.size);
-        crypto_sha256_final(((CTAP_authData *)auth_data_buf)->head.rpIdHash);
+
+        ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL);
+        check_retr(ret);
 
         ((CTAP_authData *)auth_data_buf)->head.flags = (1 << 0);
-        ((CTAP_authData *)auth_data_buf)->head.flags |= (ctap_is_pin_set() << 2);
+        ((CTAP_authData *)auth_data_buf)->head.flags &= ~(1 << 2);
+        ((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 2);
     }
     else
 #endif

fido2/ctap.h

@@ -113,6 +113,7 @@
 
 #define PUB_KEY_CRED_PUB_KEY        0x01
 #define PUB_KEY_CRED_CTAP1          0x41
+#define PUB_KEY_CRED_CUSTOM         0x42
 #define PUB_KEY_CRED_UNKNOWN        0x3F
 
 #define CREDENTIAL_IS_SUPPORTED     1
@@ -302,6 +303,19 @@ typedef struct
 } CTAP_clientPin;
 
 
+struct _getAssertionState {
+    CTAP_authDataHeader authData;
+    uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
+    CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE-1];
+    uint8_t lastcmd;
+    uint32_t count;
+    uint32_t index;
+    uint32_t time;
+    uint8_t user_verified;
+    uint8_t customCredId[256];
+    uint8_t customCredIdSize;
+};
+
 void ctap_response_init(CTAP_RESPONSE * resp);
 
 uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp);

fido2/ctap_parse.c

@@ -16,6 +16,7 @@
 #include "util.h"
 #include "log.h"
 
+extern struct _getAssertionState getAssertionState;
 
 void _check_ret(CborError ret, int line, const char * filename)
 {
@@ -883,6 +884,8 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     size_t buflen;
     char type[12];
     CborValue val;
+    cred->type = 0;
+
     if (cbor_value_get_type(arr) != CborMapType)
     {
         printf2(TAG_ERR,"Error, CborMapType expected in credential\n");
@@ -899,8 +902,11 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     }
 
     buflen = sizeof(CredentialId);
-    cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL);
-    
+    ret = cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL);
+
+    printf1(TAG_GREEN,"KEYL is %d\r\n", buflen);
+    printf1(TAG_GREEN,"MAX is %d\r\n",  sizeof(CredentialId));
+
     if (buflen == U2F_KEY_HANDLE_SIZE)
     {
         printf2(TAG_PARSE,"CTAP1 credential\n");
@@ -908,8 +914,13 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     }
     else if (buflen != sizeof(CredentialId))
     {
-        printf2(TAG_ERR,"Ignoring credential is incorrect length\n");
+        printf2(TAG_ERR,"Ignoring credential is incorrect length, treating as custom\n");
+        cred->type = PUB_KEY_CRED_CUSTOM;
+        buflen = 256;
+        ret = cbor_value_copy_byte_string(&val, getAssertionState.customCredId, &buflen, NULL);
+        getAssertionState.customCredIdSize = buflen;
     }
+    check_ret(ret);
 
     ret = cbor_value_map_find_value(arr, "type", &val);
     check_ret(ret);
@@ -926,7 +937,7 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
 
     if (strncmp(type, "public-key",11) == 0)
     {
-        if (PUB_KEY_CRED_CTAP1 != cred->type)
+        if (0 == cred->type)
         {
             cred->type = PUB_KEY_CRED_PUB_KEY;
         }

fido2/extensions/solo.c

@@ -40,6 +40,7 @@ int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
 
     wallet_request * req = (wallet_request *) keyh;
     extension_writeback_init(output, 71);
+    delay(500);
 
     printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen);
 

fido2/main.c

@@ -37,7 +37,7 @@ int main(int argc, char *argv[])
 		//TAG_NFC_APDU |
 		TAG_NFC |
 		//TAG_CP |
-		//TAG_CTAP|
+		TAG_CTAP|
 		//TAG_HID|
 		TAG_U2F|
 		//TAG_PARSE |