shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

move custom credid to different location

Browse Source
This commit is contained in:
Conor Patrick 2019-04-24 00:15:32 -04:00
parent 1fab0b8f1f
commit b0baace2e7
5 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
fido2/ctap.c
View File

@ -36,16 +36,7 @@ AuthenticatorState STATE;
static void ctap_reset_key_agreement(); static void ctap_reset_key_agreement();
static struct { struct _getAssertionState getAssertionState;
CTAP_authDataHeader authData;
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE-1];
uint8_t lastcmd;
uint32_t count;
uint32_t index;
uint32_t time;
uint8_t user_verified;
} getAssertionState;
uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash) uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
{ {
@ -436,6 +427,8 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
{ {
if (cred->type == PUB_KEY_CRED_CTAP1) if (cred->type == PUB_KEY_CRED_CTAP1)
return U2F_KEY_HANDLE_SIZE; return U2F_KEY_HANDLE_SIZE;
if (cred->type == PUB_KEY_CRED_CUSTOM)
return getAssertionState.customCredIdSize;
return sizeof(CredentialId); return sizeof(CredentialId);
} }
@ -469,7 +462,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
int but; int but;
but = ctap_user_presence_test(); but = 1;
if (!but) if (!but)
@ -677,6 +670,9 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d
crypto_sha256_final(rpIdHash); crypto_sha256_final(rpIdHash);
return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash); return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash);
break; break;
case PUB_KEY_CRED_CUSTOM:
return is_extension_request(getAssertionState.customCredId, getAssertionState.customCredIdSize);
break;
} }
return 0; return 0;
@ -1219,12 +1215,13 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
{ {
memset(auth_data_buf,0,sizeof(CTAP_authDataHeader)); memset(auth_data_buf,0,sizeof(CTAP_authDataHeader));
auth_data_buf_sz = sizeof(CTAP_authDataHeader); auth_data_buf_sz = sizeof(CTAP_authDataHeader);
crypto_sha256_init();
crypto_sha256_update(GA.rp.id, GA.rp.size); ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL);
crypto_sha256_final(((CTAP_authData *)auth_data_buf)->head.rpIdHash); check_retr(ret);
((CTAP_authData *)auth_data_buf)->head.flags = (1 << 0); ((CTAP_authData *)auth_data_buf)->head.flags = (1 << 0);
((CTAP_authData *)auth_data_buf)->head.flags |= (ctap_is_pin_set() << 2); ((CTAP_authData *)auth_data_buf)->head.flags &= ~(1 << 2);
((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 2);
} }
else else
#endif #endif

14
fido2/ctap.h
View File

@ -113,6 +113,7 @@
#define PUB_KEY_CRED_PUB_KEY 0x01 #define PUB_KEY_CRED_PUB_KEY 0x01
#define PUB_KEY_CRED_CTAP1 0x41 #define PUB_KEY_CRED_CTAP1 0x41
#define PUB_KEY_CRED_CUSTOM 0x42
#define PUB_KEY_CRED_UNKNOWN 0x3F #define PUB_KEY_CRED_UNKNOWN 0x3F
#define CREDENTIAL_IS_SUPPORTED 1 #define CREDENTIAL_IS_SUPPORTED 1
@ -302,6 +303,19 @@ typedef struct
} CTAP_clientPin; } CTAP_clientPin;
struct _getAssertionState {
CTAP_authDataHeader authData;
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE-1];
uint8_t lastcmd;
uint32_t count;
uint32_t index;
uint32_t time;
uint8_t user_verified;
uint8_t customCredId[256];
uint8_t customCredIdSize;
};
void ctap_response_init(CTAP_RESPONSE * resp); void ctap_response_init(CTAP_RESPONSE * resp);
uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp); uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp);

19
fido2/ctap_parse.c
View File

@ -16,6 +16,7 @@
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
extern struct _getAssertionState getAssertionState;
void _check_ret(CborError ret, int line, const char * filename) void _check_ret(CborError ret, int line, const char * filename)
{ {
@ -883,6 +884,8 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
size_t buflen; size_t buflen;
char type[12]; char type[12];
CborValue val; CborValue val;
cred->type = 0;
if (cbor_value_get_type(arr) != CborMapType) if (cbor_value_get_type(arr) != CborMapType)
{ {
printf2(TAG_ERR,"Error, CborMapType expected in credential\n"); printf2(TAG_ERR,"Error, CborMapType expected in credential\n");
@ -899,8 +902,11 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
} }
buflen = sizeof(CredentialId); buflen = sizeof(CredentialId);
cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL); ret = cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL);
printf1(TAG_GREEN,"KEYL is %d\r\n", buflen);
printf1(TAG_GREEN,"MAX is %d\r\n", sizeof(CredentialId));
if (buflen == U2F_KEY_HANDLE_SIZE) if (buflen == U2F_KEY_HANDLE_SIZE)
{ {
printf2(TAG_PARSE,"CTAP1 credential\n"); printf2(TAG_PARSE,"CTAP1 credential\n");
@ -908,8 +914,13 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
} }
else if (buflen != sizeof(CredentialId)) else if (buflen != sizeof(CredentialId))
{ {
printf2(TAG_ERR,"Ignoring credential is incorrect length\n"); printf2(TAG_ERR,"Ignoring credential is incorrect length, treating as custom\n");
cred->type = PUB_KEY_CRED_CUSTOM;
buflen = 256;
ret = cbor_value_copy_byte_string(&val, getAssertionState.customCredId, &buflen, NULL);
getAssertionState.customCredIdSize = buflen;
} }
check_ret(ret);
ret = cbor_value_map_find_value(arr, "type", &val); ret = cbor_value_map_find_value(arr, "type", &val);
check_ret(ret); check_ret(ret);
@ -926,7 +937,7 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
if (strncmp(type, "public-key",11) == 0) if (strncmp(type, "public-key",11) == 0)
{ {
if (PUB_KEY_CRED_CTAP1 != cred->type) if (0 == cred->type)
{ {
cred->type = PUB_KEY_CRED_PUB_KEY; cred->type = PUB_KEY_CRED_PUB_KEY;
} }

1
fido2/extensions/solo.c
View File

@ -40,6 +40,7 @@ int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
wallet_request * req = (wallet_request *) keyh; wallet_request * req = (wallet_request *) keyh;
extension_writeback_init(output, 71); extension_writeback_init(output, 71);
delay(500);
printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen); printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen);

2
fido2/main.c
View File

@ -37,7 +37,7 @@ int main(int argc, char *argv[])
//TAG_NFC_APDU | //TAG_NFC_APDU |
TAG_NFC | TAG_NFC |
//TAG_CP | //TAG_CP |
//TAG_CTAP| TAG_CTAP|
//TAG_HID| //TAG_HID|
TAG_U2F| TAG_U2F|
//TAG_PARSE | //TAG_PARSE |