dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Return largeBlobKey on getAssertion if credential has largeKeyBlob and if requested.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-12-07 21:03:30 +01:00
parent 1707430593
commit 5c7be811e8
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/fido/cbor_get_assertion.c
View File

@@ -175,6 +175,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
continue; continue;
} }
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "credBlob", credBlob); CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "credBlob", credBlob);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", extensions.largeBlobKey);
CBOR_ADVANCE(2); CBOR_ADVANCE(2);
} }
CBOR_PARSE_MAP_END(_f1, 2); CBOR_PARSE_MAP_END(_f1, 2);
@@ -333,6 +334,10 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
clearPinUvAuthTokenPermissionsExceptLbw(); clearPinUvAuthTokenPermissionsExceptLbw();
} }
if (extensions.largeBlobKey == pfalse) {
CBOR_ERROR(CTAP2_ERR_INVALID_OPTION);
}
if (!(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) { if (!(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) {
selcred = &creds[0]; selcred = &creds[0];
} }
@@ -369,6 +374,14 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
} }
} }
uint8_t largeBlobKey[32];
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey);
if (ret != 0) {
CBOR_ERROR(CTAP2_ERR_PROCESSING);
}
}
size_t ext_len = 0; size_t ext_len = 0;
uint8_t ext [512]; uint8_t ext [512];
if (extensions.present == true) { if (extensions.present == true) {
@@ -470,6 +483,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
lfields++; lfields++;
if (numberOfCredentials > 1 && next == false && !(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) if (numberOfCredentials > 1 && next == false && !(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV))
lfields++; lfields++;
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue)
lfields++;
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields)); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields));
@@ -514,6 +529,11 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05));
CBOR_CHECK(cbor_encode_uint(&mapEncoder, numberOfCredentials)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, numberOfCredentials));
} }
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x07));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey)));
}
mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey));
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
ctr++; ctr++;