change parsing TAG_CM to TAG_PARSE

This patch fixes the following issues to make Google Chrome happy:
1. Adds CTAP_CBOR_CRED_MGMT(0x0A) which is an alias to CTAP_CBOR_CRED_MGMT_PRE(0x41)
2. Returns success instead of NO_CREDENTIALS when there are no RKs
3. Skip the "icon" property if it's empty

Tested with Google Chrome Version 80.0.3987.149

STABLE_VERSION

@@ -1 +1 @@
-4.0.0
+3.2.0

fido2/ctap.c

@@ -461,7 +461,6 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
         // Generate credRandom
         crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
         crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
-        crypto_sha256_update(&getAssertionState.user_verified, 1);
         crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
 
         // Decrypt saltEnc
@@ -1525,6 +1524,46 @@ static int credentialId_to_rk_index(CredentialId * credId){
     return -1;
 }
 
+// Return 1 if Left(rpIdHash, 16) has been counted in rpHashes.
+static int8_t _rk_counted(uint8_t rpHashes [50][16], uint8_t * hash, int unique_count)
+{
+    int i = 0;
+    for (; i < unique_count; i++)
+    {
+        if (memcmp(rpHashes[i], hash, 16) == 0) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+static uint8_t count_unique_rks()
+{
+    CTAP_residentKey rk;
+    unsigned int unique_count = 0;
+    unsigned int i;
+    uint8_t rpHashes [50][16];
+    memset(rpHashes, 0, sizeof(rpHashes));
+
+    for(i = 0; i < ctap_rk_size(); i++)
+    {
+        ctap_load_rk(i, &rk);
+        if ( ctap_rk_is_valid(&rk) )
+        {
+            if (! _rk_counted(rpHashes, rk.id.rpIdHash, unique_count)) 
+            {
+                memmove(rpHashes[unique_count], rk.id.rpIdHash, 16);
+                unique_count += 1;
+                if (unique_count >= ctap_rk_size())
+                {
+                    return unique_count;
+                }
+            }
+        }
+    }
+    return unique_count;
+}
+
 // Load the next valid resident key of a different rpIdHash
 static int scan_for_next_rp(int index){
     CTAP_residentKey rk;
@@ -1622,11 +1661,13 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
     static int curr_rp_ind = 0;
     static int curr_rk_ind = 0;
 
-    // flags that authenticate whether *Begin was before *Next
+    // flag that authenticated RPBegin was received
     static bool rp_auth = false;
+    // flag that authenticated RKBegin was received
     static bool rk_auth = false;
-
+    // number of stored RPs
     int rp_count = 0;
+    // number of RKs with the specified rpIdHash
     int rk_count = 0;
 
     int ret = ctap_parse_cred_mgmt(&CM, request, length);
@@ -1645,20 +1686,10 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
     if (CM.cmd == CM_cmdRPBegin)
     {
         curr_rk_ind = -1;
+        curr_rp_ind = scan_for_next_rp(-1);
+        rp_count = count_unique_rks();
         rp_auth = true;
         rk_auth = false;
-        curr_rp_ind = scan_for_next_rp(-1);
-
-        // Count total unique RP's
-        while (curr_rp_ind >= 0)
-        {
-            curr_rp_ind = scan_for_next_rp(curr_rp_ind);
-            rp_count++;
-        }
-
-        // Reset scan
-        curr_rp_ind = scan_for_next_rp(-1);
-
         printf1(TAG_MC, "RP Begin @%d.  %d total.\n", curr_rp_ind, rp_count);
     }
     else if (CM.cmd == CM_cmdRKBegin)
@@ -1685,6 +1716,17 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
         curr_rp_ind = -1;
     }
 
+    if (CM.cmd == CM_cmdRPNext && !rp_auth)
+    {
+        printf2(TAG_ERR, "RPNext without RPBegin\n");
+        return CTAP2_ERR_NO_CREDENTIALS;
+    }
+    if (CM.cmd == CM_cmdRKNext && !rk_auth)
+    {
+        printf2(TAG_ERR, "RKNext without RKBegin\n");
+        return CTAP2_ERR_NO_CREDENTIALS;
+    }
+
     switch (CM.cmd)
     {
         case CM_cmdMetadata:
@@ -1695,7 +1737,7 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
         case CM_cmdRPBegin:
         case CM_cmdRPNext:
             printf1(TAG_CM, "Get RP %d\n", curr_rp_ind);
-            if (curr_rp_ind < 0 || !rp_auth) {
+            if (curr_rp_ind < 0) {
                 rp_auth = false;
                 rk_auth = false;
                 return CTAP2_ERR_NO_CREDENTIALS;
@@ -1709,7 +1751,7 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
         case CM_cmdRKBegin:
         case CM_cmdRKNext:
             printf1(TAG_CM, "Get Cred %d\n", curr_rk_ind);
-            if (curr_rk_ind < 0 || !rk_auth) {
+            if (curr_rk_ind < 0) {
                 rp_auth = false;
                 rk_auth = false;
                 return CTAP2_ERR_NO_CREDENTIALS;
@@ -1722,6 +1764,9 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
 
             break;
         case CM_cmdRKDelete:
+            rp_auth = false;
+            rk_auth = false;
+
             printf1(TAG_CM, "CM_cmdRKDelete\n");
             i = credentialId_to_rk_index(&CM.subCommandParams.credentialDescriptor.credential.id);
             if (i >= 0) {