Reset internal state of GA to avoid phantom requests on GNA.

When a previous GA had more than 1 credential, it stored the full list in the internal state. Later, if a GA had only 1 credential, subsequent GNA returned older state of previous non-related GA. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-01-05 12:36:44 +01:00
parent ac7e34522a
commit 5fc84d7097
2 changed files with 21 additions and 13 deletions
--- a/src/fido/cbor.c
+++ b/src/fido/cbor.c
@@ -41,6 +41,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len);
 int cbor_config(const uint8_t *data, size_t len);
 int cbor_vendor(const uint8_t *data, size_t len);
 int cbor_large_blobs(const uint8_t *data, size_t len);
 extern void reset_gna_state();
 extern int cmd_read_config();
@@ -59,6 +60,9 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) {
    }
    if (cap_supported(CAP_FIDO2)) {
        if (cmd == CTAPHID_CBOR) {
            if (data[0] != CTAP_GET_NEXT_ASSERTION) {
                reset_gna_state();
            }
            if (data[0] == CTAP_MAKE_CREDENTIAL) {
                return cbor_make_credential(data + 1, len - 1);
            }
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -42,6 +42,22 @@ uint32_t timerx = 0;
 uint8_t *datax = NULL;
 size_t lenx = 0;
 void reset_gna_state() {
    for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
        credential_free(&credsx[i]);
    }
    if (datax) {
        free(datax);
        datax = NULL;
    }
    lenx = 0;
    residentx = false;
    timerx = 0;
    flagsx = 0;
    credentialCounter = 0;
    numberOfCredentialsx = 0;
 }
 int cbor_get_next_assertion(const uint8_t *data, size_t len) {
    (void) data;
    (void) len;
@@ -57,19 +73,7 @@ int cbor_get_next_assertion(const uint8_t *data, size_t len) {
    credentialCounter++;
 err:
    if (error != CborNoError || credentialCounter == numberOfCredentialsx) {
-        for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
+        reset_gna_state();
            credential_free(&credsx[i]);
        }
        if (datax) {
            free(datax);
            datax = NULL;
        }
        lenx = 0;
        residentx = false;
        timerx = 0;
        flagsx = 0;
        credentialCounter = 0;
        numberOfCredentialsx = 0;
        if (error == CborErrorImproperValue) {
            return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
        }