shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Merge pull request #232 from solokeys/windows_hello_error_codes

Browse Source 
Windows hello response codes
This commit is contained in:
Conor Patrick 2019-07-29 14:09:48 -04:00 committed by GitHub
commit d4e61421b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
fido2/ctap.c
View File

@ -432,6 +432,12 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
return sizeof(CredentialId); return sizeof(CredentialId);
} }
static int ctap2_user_presence_test()
{
device_set_status(CTAPHID_STATUS_UPNEEDED);
return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
}
static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo) static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
{ {
CborEncoder cose_key; CborEncoder cose_key;
@ -459,11 +465,9 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
count = auth_data_update_count(&authData->head); count = auth_data_update_count(&authData->head);
device_set_status(CTAPHID_STATUS_UPNEEDED);
int but; int but;
but = ctap_user_presence_test(CTAP2_UP_DELAY_MS); but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
if (!but) if (!but)
{ {
@ -473,6 +477,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
{ {
return CTAP2_ERR_KEEPALIVE_CANCEL; return CTAP2_ERR_KEEPALIVE_CANCEL;
} }
device_set_status(CTAPHID_STATUS_PROCESSING); device_set_status(CTAPHID_STATUS_PROCESSING);
authData->head.flags = (but << 0); authData->head.flags = (but << 0);
@ -700,11 +705,11 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
} }
if (MC.pinAuthEmpty) if (MC.pinAuthEmpty)
{ {
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS)) if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET; return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
} }
if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask) if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
{ {
@ -1136,11 +1141,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
if (GA.pinAuthEmpty) if (GA.pinAuthEmpty)
{ {
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS)) if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET; return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
} }
if (GA.pinAuthPresent) if (GA.pinAuthPresent)
{ {
@ -1603,7 +1608,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
switch(cmd) switch(cmd)
{ {
case CTAP_MAKE_CREDENTIAL: case CTAP_MAKE_CREDENTIAL:
device_set_status(CTAPHID_STATUS_PROCESSING);
printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n"); printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n");
timestamp(); timestamp();
status = ctap_make_credential(&encoder, pkt_raw, length); status = ctap_make_credential(&encoder, pkt_raw, length);
@ -1614,7 +1618,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break; break;
case CTAP_GET_ASSERTION: case CTAP_GET_ASSERTION:
device_set_status(CTAPHID_STATUS_PROCESSING);
printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n"); printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n");
timestamp(); timestamp();
status = ctap_get_assertion(&encoder, pkt_raw, length); status = ctap_get_assertion(&encoder, pkt_raw, length);
@ -1646,7 +1649,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break; break;
case CTAP_RESET: case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n"); printf1(TAG_CTAP,"CTAP_RESET\n");
if (ctap_user_presence_test(CTAP2_UP_DELAY_MS)) if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
ctap_reset(); ctap_reset();
} }

26
tools/testing/tests/fido2.py
View File

@ -1134,7 +1134,10 @@ class FIDO2Tests(Tester):
rp["id"], rp["id"],
cdh, cdh,
other={"pin_auth": b"", "pin_protocol": pin_protocol}, other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_NOT_SET, expectedError=[
CtapError.ERR.PIN_AUTH_INVALID,
CtapError.ERR.NO_CREDENTIALS,
],
) )
with Test("Setting pin code, expect SUCCESS"): with Test("Setting pin code, expect SUCCESS"):
@ -1148,14 +1151,17 @@ class FIDO2Tests(Tester):
user, user,
key_params, key_params,
other={"pin_auth": b"", "pin_protocol": pin_protocol}, other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_INVALID, expectedError=CtapError.ERR.PIN_AUTH_INVALID,
) )
self.testGA( self.testGA(
"Send MC request with new pin auth", "Send MC request with new pin auth",
rp["id"], rp["id"],
cdh, cdh,
other={"pin_auth": b"", "pin_protocol": pin_protocol}, other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_INVALID, expectedError=[
CtapError.ERR.PIN_AUTH_INVALID,
CtapError.ERR.NO_CREDENTIALS,
],
) )
self.testReset() self.testReset()
@ -1311,13 +1317,13 @@ class FIDO2Tests(Tester):
self.testReset() self.testReset()
self.test_get_info() # self.test_get_info()
#
self.test_get_assertion() # self.test_get_assertion()
#
self.test_make_credential() # self.test_make_credential()
#
self.test_rk(None) # self.test_rk(None)
self.test_client_pin() self.test_client_pin()