Merge pull request #232 from solokeys/windows_hello_error_codes

Windows hello response codes
2019-07-29 14:09:48 -04:00 · 2019-07-29 14:09:48 -04:00 · d4e61421b6
commit d4e61421b6
parent 2af747ddaa 690d7c716a
2 changed files with 29 additions and 20 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -432,6 +432,12 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
    return sizeof(CredentialId);
 }

+static int ctap2_user_presence_test()
+{
+    device_set_status(CTAPHID_STATUS_UPNEEDED);
+    return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+}
+
 static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
 {
    CborEncoder cose_key;
@ -459,11 +465,9 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au

    count = auth_data_update_count(&authData->head);

-    device_set_status(CTAPHID_STATUS_UPNEEDED);
-
    int but;

-    but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+    but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);

    if (!but)
    {
@ -473,6 +477,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
    {
        return CTAP2_ERR_KEEPALIVE_CANCEL;
    }
+    
    device_set_status(CTAPHID_STATUS_PROCESSING);

    authData->head.flags = (but << 0);
@ -700,11 +705,11 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
    }
    if (MC.pinAuthEmpty)
    {
-        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
        {
                return CTAP2_ERR_OPERATION_DENIED;
        }
-        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
    {
@ -1136,11 +1141,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

    if (GA.pinAuthEmpty)
    {
-        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
        {
                return CTAP2_ERR_OPERATION_DENIED;
        }
-        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if (GA.pinAuthPresent)
    {
@ -1603,7 +1608,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
    switch(cmd)
    {
        case CTAP_MAKE_CREDENTIAL:
-            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n");
            timestamp();
            status = ctap_make_credential(&encoder, pkt_raw, length);
@ -1614,7 +1618,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)

            break;
        case CTAP_GET_ASSERTION:
-            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n");
            timestamp();
            status = ctap_get_assertion(&encoder, pkt_raw, length);
@ -1646,7 +1649,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        case CTAP_RESET:
            printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+            if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
            {
                ctap_reset();
            }
--- a/tools/testing/tests/fido2.py
+++ b/tools/testing/tests/fido2.py
@ -1134,7 +1134,10 @@ class FIDO2Tests(Tester):
                rp["id"],
                cdh,
                other={"pin_auth": b"", "pin_protocol": pin_protocol},
-                expectedError=CtapError.ERR.PIN_NOT_SET,
+                expectedError=[
+                    CtapError.ERR.PIN_AUTH_INVALID,
+                    CtapError.ERR.NO_CREDENTIALS,
+                ],
            )

        with Test("Setting pin code, expect SUCCESS"):
@ -1148,14 +1151,17 @@ class FIDO2Tests(Tester):
                user,
                key_params,
                other={"pin_auth": b"", "pin_protocol": pin_protocol},
-                expectedError=CtapError.ERR.PIN_INVALID,
+                expectedError=CtapError.ERR.PIN_AUTH_INVALID,
            )
            self.testGA(
                "Send MC request with new pin auth",
                rp["id"],
                cdh,
                other={"pin_auth": b"", "pin_protocol": pin_protocol},
-                expectedError=CtapError.ERR.PIN_INVALID,
+                expectedError=[
+                    CtapError.ERR.PIN_AUTH_INVALID,
+                    CtapError.ERR.NO_CREDENTIALS,
+                ],
            )

        self.testReset()
@ -1311,13 +1317,13 @@ class FIDO2Tests(Tester):

        self.testReset()

-        self.test_get_info()
-
-        self.test_get_assertion()
-
-        self.test_make_credential()
-
-        self.test_rk(None)
+        # self.test_get_info()
+        #
+        # self.test_get_assertion()
+        #
+        # self.test_make_credential()
+        #
+        # self.test_rk(None)

        self.test_client_pin()