refactor credmgmt

change parsing TAG_CM to TAG_PARSE
allow depth-first-search and account for interleaved RK's
2020-03-27 10:43:26 -04:00 · 2020-03-27 00:28:41 -04:00 · 2020-03-27 00:28:23 -04:00
2 changed files with 9 additions and 17 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-4.0.0
+3.2.0
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -31,7 +31,6 @@ uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
 uint8_t KEY_AGREEMENT_PUB[64];
 static uint8_t KEY_AGREEMENT_PRIV[32];
 static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
 static uint32_t BOOT_TIME = 0;
 AuthenticatorState STATE;
@ -462,7 +461,6 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
        // Generate credRandom
        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
        crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
        crypto_sha256_update(&getAssertionState.user_verified, 1);
        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
        // Decrypt saltEnc
@ -1588,15 +1586,18 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
    if (initialRpIdHash != NULL) {
        memmove(lastRpIdHash, initialRpIdHash, 32);
-        index = -1;
+        index = 0;
    }
    else
    {
        ctap_load_rk(index, &rk);
        memmove(lastRpIdHash, rk.id.rpIdHash, 32);
        index++;
    }
-    do
+    ctap_load_rk(index, &rk);
    while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 )
    {
        index++;
        if ((unsigned int)index >= ctap_rk_size()) 
@ -1605,7 +1606,6 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
        }
        ctap_load_rk(index, &rk);
    }
    while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 );
    return index;
 }
@ -2286,17 +2286,10 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        case CTAP_RESET:
            printf1(TAG_CTAP,"CTAP_RESET\n");
-            if ((millis() - BOOT_TIME) > 10 * 1000)
+            status = ctap2_user_presence_test();
            if (status == CTAP1_ERR_SUCCESS)
            {
-                status = CTAP2_ERR_NOT_ALLOWED;
+                ctap_reset();
            }
            else
            {
                status = ctap2_user_presence_test();
                if (status == CTAP1_ERR_SUCCESS)
                {
                    ctap_reset();
                }
            }
            break;
        case GET_NEXT_ASSERTION:
@ -2390,7 +2383,6 @@ void ctap_init()
            firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved,
            firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved
            );
    BOOT_TIME = millis();
    crypto_ecc256_init();
    int is_init = authenticator_read_state(&STATE);
Author	SHA1	Message	Date
Conor Patrick	ec52ca2605	refactor credmgmt	2020-03-27 10:43:26 -04:00
Conor Patrick	5d2acf19f1	change parsing TAG_CM to TAG_PARSE	2020-03-27 00:28:41 -04:00
Conor Patrick	6196481b7f	allow depth-first-search and account for interleaved RK's	2020-03-27 00:28:23 -04:00