fix pc build

small errors
add u2f length arg
2019-10-08 16:02:25 -04:00 · 2019-10-08 16:02:14 -04:00 · 2019-10-08 15:38:00 -04:00 · 2019-10-08 15:32:20 -04:00
4 changed files with 42 additions and 19 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -698,7 +698,7 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d
            crypto_sha256_init();
            crypto_sha256_update(rp->id, rp->size);
            crypto_sha256_final(rpIdHash);
-            return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash);
+            return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, U2F_KEY_HANDLE_SIZE,rpIdHash);
        break;
        case PUB_KEY_CRED_CUSTOM:
            return is_extension_request(getAssertionState.customCredId, getAssertionState.customCredIdSize);
--- a/fido2/u2f.c
+++ b/fido2/u2f.c
@ -26,6 +26,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
 int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
 void u2f_reset_response();
 void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t * tag);
 static CTAP_RESPONSE * _u2f_resp = NULL;
@ -160,9 +161,9 @@ static void dump_signature_der(uint8_t * sig)
    len = ctap_encode_der_sig(sig, sigder);
    u2f_response_writeback(sigder, len);
 }
-static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)
+static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t khl, uint8_t * appid)
 {
-    crypto_ecc256_load_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, NULL, 0);
+    crypto_ecc256_load_key((uint8_t*)kh, khl, NULL, 0);
    return 0;
 }
@ -187,21 +188,41 @@ int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pu
 // Return 1 if authenticate, 0 if not.
-int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
+int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid)
 {
    printf1(TAG_U2F, "checked CRED SIZE %d. (FIDO2: %d)\n", key_handle_len, sizeof(CredentialId));
    uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
    if (key_handle_len == sizeof(CredentialId))
    {
        printf1(TAG_U2F, "FIDO2 key handle detected.\n");
        CredentialId * cred = (CredentialId *) kh;
        // FIDO2 credential.
        if (memcmp(cred->rpIdHash, appid, 32) != 0)
        {
            printf1(TAG_U2F, "APPID does not match rpIdHash.\n");
            return 0;
        }
        make_auth_tag(appid, cred->nonce, cred->count, tag);
        if (memcmp(cred->tag, tag, CREDENTIAL_TAG_SIZE) == 0){
            return 1;
        }
    }else if (key_handle_len == U2F_KEY_HANDLE_SIZE)
    {
        u2f_make_auth_tag(kh, appid, tag);
        if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
        {
            return 1;
        }
-    else
+    }
-    {
+
    printf1(TAG_U2F, "key handle + appid not authentic\n");
    printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
    printf1(TAG_U2F, "inp  tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
    return 0;
    }
 }
@ -216,7 +237,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
    if (control == U2F_AUTHENTICATE_CHECK)
    {
        printf1(TAG_U2F, "CHECK-ONLY\r\n");
-        if (u2f_authenticate_credential(&req->kh, req->app))
+        if (u2f_authenticate_credential(&req->kh, req->khl, req->app))
        {
            return U2F_SW_CONDITIONS_NOT_SATISFIED;
        }
@ -227,9 +248,8 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
    }
    if (
            (control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
-            req->khl != U2F_KEY_HANDLE_SIZE ||
+            (!u2f_authenticate_credential(&req->kh, req->khl, req->app)) ||     // Order of checks is important
-            (!u2f_authenticate_credential(&req->kh, req->app)) ||     // Order of checks is important
+            u2f_load_key(&req->kh, req->khl, req->app) != 0
            u2f_load_key(&req->kh, req->app) != 0
        )
    {
--- a/fido2/u2f.h
+++ b/fido2/u2f.h
@ -103,7 +103,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
 // @len data length
 void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONSE * resp);
-int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid);
+int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid);
 int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
 void u2f_reset_response();
--- a/pc/device.c
+++ b/pc/device.c
@ -108,6 +108,7 @@ int udp_recv(int fd, uint8_t * buf, int size)
        perror( "recvfrom failed" );
        exit(1);
    }
    printf1(TAG_DUMP, ">>"); dump_hex1(TAG_DUMP, buf, length);
    return length;
 }
@ -124,6 +125,8 @@ void udp_send(int fd, uint8_t * buf, int size)
        perror( "sendto failed" );
        exit(1);
    }
    printf1(TAG_DUMP, "<<"); dump_hex1(TAG_DUMP, buf, size);
 }
@ -316,7 +319,7 @@ int ctap_user_verification(uint8_t arg)
 uint32_t ctap_atomic_count(uint32_t amount)
 {
    static uint32_t counter1 = 25;
-    counter1 += amount;
+    counter1 += (amount + 1);
    return counter1;
 }
Author	SHA1	Message	Date
Conor Patrick	9dfc3d49e8	fix pc build	2019-10-08 16:02:25 -04:00
Conor Patrick	3487895e2d	small errors	2019-10-08 16:02:14 -04:00
Conor Patrick	6335f16874	add u2f length arg	2019-10-08 15:38:00 -04:00
Conor Patrick	82551c0b1c	check FIDO2 credential IDs in U2F	2019-10-08 15:32:20 -04:00