dont return index >= ctap_rk_size()

Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407
hmac-secret should be different when UV=1
2020-03-28 13:23:40 -04:00 · 2020-03-28 12:28:05 -04:00 · 2020-03-27 11:29:11 -04:00
2 changed files with 5 additions and 6 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-3.2.0
+4.0.0
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -461,6 +461,7 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
        // Generate credRandom
        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
        crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
+        crypto_sha256_update(&getAssertionState.user_verified, 1);
        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);

        // Decrypt saltEnc
@ -1586,18 +1587,15 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){

    if (initialRpIdHash != NULL) {
        memmove(lastRpIdHash, initialRpIdHash, 32);
-        index = 0;
+        index = -1;
    }
    else
    {
        ctap_load_rk(index, &rk);
        memmove(lastRpIdHash, rk.id.rpIdHash, 32);
-        index++;
    }

-    ctap_load_rk(index, &rk);
-
-    while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 )
+    do
    {
        index++;
        if ((unsigned int)index >= ctap_rk_size()) 
@ -1606,6 +1604,7 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
        }
        ctap_load_rk(index, &rk);
    }
+    while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 );

    return index;
 }
Author	SHA1	Message	Date
Conor Patrick	2aa02d44b2	dont return index >= ctap_rk_size() Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407	2020-03-28 13:23:40 -04:00
Conor Patrick	cbf40f4ec7	hmac-secret should be different when UV=1	2020-03-28 12:28:05 -04:00
Conor Patrick	8d93f88631	Update STABLE_VERSION	2020-03-27 11:29:11 -04:00
 @ -1 +1 @@
 .2.0
 .0.0