allow get_assertion with disabled UP

2019-09-16 16:25:58 +08:00
parent 2051ddb180
commit bc73ce8d21
6 changed files with 40 additions and 17 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -438,7 +438,11 @@ static int ctap2_user_presence_test()
 {
    device_set_status(CTAPHID_STATUS_UPNEEDED);
    int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
-    if ( ret > 0 )
+    if ( ret > 1 )
+    {
+        return CTAP2_ERR_PROCESSING;
+    }
+    else if ( ret > 0 )
    {
        return CTAP1_ERR_SUCCESS;
    }
@@ -482,11 +486,19 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
    int but;

    but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
-    check_retr(but);
+    if (CTAP2_ERR_PROCESSING == but)
+    {
+        authData->head.flags = (0 << 0);        // User presence disabled
+    }
+    else
+    {
+        check_retr(but);
+        authData->head.flags = (1 << 0);        // User presence
+    }
+    
    
    device_set_status(CTAPHID_STATUS_PROCESSING);

-    authData->head.flags = (1 << 0);        // User presence
    authData->head.flags |= (ctap_is_pin_set() << 2);


@@ -1236,8 +1248,9 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
    else
 #endif
    {
-
+        device_disable_up(!GA.up);
        ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL);
+        device_disable_up(false);
        check_retr(ret);

        ((CTAP_authDataHeader *)auth_data_buf)->flags &= ~(1 << 2);
--- a/fido2/device.h
+++ b/fido2/device.h
@@ -53,7 +53,7 @@ void device_set_status(uint32_t status);
 int device_is_button_pressed();

 // Test for user presence
-// Return 1 for user is present, 0 user not present, -1 if cancel is requested.
+// Return 2 for disabled, 1 for user is present, 0 user not present, -1 if cancel is requested.
 int ctap_user_presence_test(uint32_t delay);

 // Generate @num bytes of random numbers to @dest
@@ -106,7 +106,7 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param);
 #define NFC_IS_AVAILABLE 2
 int device_is_nfc();

-void request_from_nfc(bool request_active);
+void device_disable_up(bool request_active);

 void device_init_button();

--- a/fido2/u2f.c
+++ b/fido2/u2f.c
@@ -118,9 +118,9 @@ void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONS
 	if (!header)
 		return;

-    request_from_nfc(true);  // disable presence test
+    device_disable_up(true);  // disable presence test
 	u2f_request_ex((APDU_HEADER *)header, data, datalen, resp);
-    request_from_nfc(false); // enable presence test
+    device_disable_up(false); // enable presence test
 }

 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)