Return largeBlobKey on getAssertion if credential has largeKeyBlob and if requested.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-12-07 21:03:30 +01:00
parent 1707430593
commit 5c7be811e8
1 changed files with 20 additions and 0 deletions
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -175,6 +175,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
                    continue;
                }
                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "credBlob", credBlob);
+                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", extensions.largeBlobKey);
                CBOR_ADVANCE(2);
            }
            CBOR_PARSE_MAP_END(_f1, 2);
@@ -333,6 +334,10 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
            clearPinUvAuthTokenPermissionsExceptLbw();
        }

+        if (extensions.largeBlobKey == pfalse) {
+            CBOR_ERROR(CTAP2_ERR_INVALID_OPTION);
+        }
+
        if (!(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) {
            selcred = &creds[0];
        }
@@ -369,6 +374,14 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        }
    }

+    uint8_t largeBlobKey[32];
+    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
+        ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey);
+        if (ret != 0) {
+            CBOR_ERROR(CTAP2_ERR_PROCESSING);
+        }
+    }
+
    size_t ext_len = 0;
    uint8_t ext [512];
    if (extensions.present == true) {
@@ -470,6 +483,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        lfields++;
    if (numberOfCredentials > 1 && next == false && !(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV))
        lfields++;
+    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue)
+        lfields++;
    cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields));

@@ -514,6 +529,11 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05));
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, numberOfCredentials));
    }
+    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
+        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x07));
+        CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey)));
+    }
+    mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey));
    CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
    resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
    ctr++;