dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Update code style.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-04 14:05:30 +01:00
parent 483073ebb8
commit 8b2be54ede
24 changed files with 1611 additions and 773 deletions
Download Patch File Download Diff File Expand all files Collapse all files

287
src/fido/cbor_get_assertion.c
View File

@@ -34,7 +34,7 @@
int cbor_get_assertion(const uint8_t *data, size_t len, bool next);
bool residentx = false;
Credential credsx[MAX_CREDENTIAL_COUNT_IN_LIST] = {0};
Credential credsx[MAX_CREDENTIAL_COUNT_IN_LIST] = { 0 };
uint8_t credentialCounter = 1;
uint8_t numberOfCredentialsx = 0;
uint8_t flagsx = 0;
@@ -44,17 +44,20 @@ size_t lenx = 0;
int cbor_get_next_assertion(const uint8_t *data, size_t len) {
CborError error = CborNoError;
if (credentialCounter >= numberOfCredentialsx)
if (credentialCounter >= numberOfCredentialsx) {
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
if (timerx+30*1000 < board_millis())
}
if (timerx + 30 * 1000 < board_millis()) {
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
}
CBOR_CHECK(cbor_get_assertion(datax, lenx, true));
timerx = board_millis();
credentialCounter++;
err:
if (error != CborNoError || credentialCounter == numberOfCredentialsx) {
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++)
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
credential_free(&credsx[i]);
}
if (datax) {
free(datax);
datax = NULL;
@@ -65,8 +68,9 @@ err:
flagsx = 0;
credentialCounter = 0;
numberOfCredentialsx = 0;
if (error == CborErrorImproperValue)
if (error == CborErrorImproperValue) {
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
}
return error;
}
return 0;
@@ -75,32 +79,35 @@ err:
int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
size_t resp_size = 0;
uint64_t pinUvAuthProtocol = 0, hmacSecretPinUvAuthProtocol = 1;
CredOptions options = {0};
CredExtensions extensions = {0};
CredOptions options = { 0 };
CredExtensions extensions = { 0 };
CborParser parser;
CborEncoder encoder, mapEncoder, mapEncoder2;
CborValue map;
CborError error = CborNoError;
CborByteString pinUvAuthParam = {0}, clientDataHash = {0};
CborCharString rpId = {0};
PublicKeyCredentialDescriptor allowList[MAX_CREDENTIAL_COUNT_IN_LIST] = {0};
Credential creds[MAX_CREDENTIAL_COUNT_IN_LIST] = {0};
CborByteString pinUvAuthParam = { 0 }, clientDataHash = { 0 };
CborCharString rpId = { 0 };
PublicKeyCredentialDescriptor allowList[MAX_CREDENTIAL_COUNT_IN_LIST] = { 0 };
Credential creds[MAX_CREDENTIAL_COUNT_IN_LIST] = { 0 };
size_t allowList_len = 0, creds_len = 0;
uint8_t *aut_data = NULL;
bool asserted = false, up = true, uv = false;
int64_t kty = 2, alg = 0, crv = 0;
CborByteString kax = {0}, kay = {0}, salt_enc = {0}, salt_auth = {0};
CborByteString kax = { 0 }, kay = { 0 }, salt_enc = { 0 }, salt_auth = { 0 };
const bool *credBlob = NULL;
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
uint64_t val_c = 1;
CBOR_PARSE_MAP_START(map, 1) {
CBOR_PARSE_MAP_START(map, 1)
{
uint64_t val_u = 0;
CBOR_FIELD_GET_UINT(val_u, 1);
if (val_c <= 2 && val_c != val_u)
if (val_c <= 2 && val_c != val_u) {
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (val_u < val_c)
}
if (val_u < val_c) {
CBOR_ERROR(CTAP2_ERR_INVALID_CBOR);
}
val_c = val_u + 1;
if (val_u == 0x01) {
CBOR_FIELD_GET_TEXT(rpId, 1);
@@ -109,14 +116,17 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_FIELD_GET_BYTES(clientDataHash, 1);
}
else if (val_u == 0x03) { // excludeList
CBOR_PARSE_ARRAY_START(_f1, 2) {
PublicKeyCredentialDescriptor *pc = &allowList[allowList_len];
CBOR_PARSE_MAP_START(_f2, 3) {
CBOR_PARSE_ARRAY_START(_f1, 2)
{
PublicKeyCredentialDescriptor *pc = &allowList[allowList_len];
CBOR_PARSE_MAP_START(_f2, 3)
{
CBOR_FIELD_GET_KEY_TEXT(3);
CBOR_FIELD_KEY_TEXT_VAL_BYTES(3, "id", pc->id);
CBOR_FIELD_KEY_TEXT_VAL_TEXT(3, "type", pc->type);
if (strcmp(_fd3, "transports") == 0) {
CBOR_PARSE_ARRAY_START(_f3, 4) {
CBOR_PARSE_ARRAY_START(_f3, 4)
{
CBOR_FIELD_GET_TEXT(pc->transports[pc->transports_len], 4);
pc->transports_len++;
}
@@ -130,16 +140,19 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
}
else if (val_u == 0x04) { // extensions
extensions.present = true;
CBOR_PARSE_MAP_START(_f1, 2) {
CBOR_PARSE_MAP_START(_f1, 2)
{
CBOR_FIELD_GET_KEY_TEXT(2);
if (strcmp(_fd2, "hmac-secret") == 0) {
extensions.hmac_secret = ptrue;
uint64_t ukey = 0;
CBOR_PARSE_MAP_START(_f2, 3) {
CBOR_PARSE_MAP_START(_f2, 3)
{
CBOR_FIELD_GET_UINT(ukey, 3);
if (ukey == 0x01) {
int64_t kkey = 0;
CBOR_PARSE_MAP_START(_f3, 4) {
CBOR_PARSE_MAP_START(_f3, 4)
{
CBOR_FIELD_GET_INT(kkey, 4);
if (kkey == 1) {
CBOR_FIELD_GET_INT(kty, 4);
@@ -156,8 +169,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
else if (kkey == -3) {
CBOR_FIELD_GET_BYTES(kay, 4);
}
else
else {
CBOR_ADVANCE(4);
}
}
CBOR_PARSE_MAP_END(_f3, 4);
}
@@ -170,8 +184,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
else if (ukey == 0x04) {
CBOR_FIELD_GET_UINT(hmacSecretPinUvAuthProtocol, 3);
}
else
else {
CBOR_ADVANCE(3);
}
}
CBOR_PARSE_MAP_END(_f2, 3);
continue;
@@ -184,7 +199,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
}
else if (val_u == 0x05) { // options
options.present = true;
CBOR_PARSE_MAP_START(_f1, 2) {
CBOR_PARSE_MAP_START(_f1, 2)
{
CBOR_FIELD_GET_KEY_TEXT(2);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "rk", options.rk);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "up", options.up);
@@ -202,12 +218,13 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
}
CBOR_PARSE_MAP_END(map, 1);
if (rpId.present == false || clientDataHash.present == false)
if (rpId.present == false || clientDataHash.present == false) {
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
}
uint8_t flags = 0;
uint8_t rp_id_hash[32];
mbedtls_sha256((uint8_t *)rpId.data, rpId.len, rp_id_hash, 0);
mbedtls_sha256((uint8_t *) rpId.data, rpId.len, rp_id_hash, 0);
bool resident = false;
uint8_t numberOfCredentials = 0;
@@ -215,18 +232,23 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
if (next == false) {
if (pinUvAuthParam.present == true) {
if (pinUvAuthParam.len == 0 || pinUvAuthParam.data == NULL) {
if (check_user_presence() == false)
if (check_user_presence() == false) {
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
if (!file_has_data(ef_pin))
}
if (!file_has_data(ef_pin)) {
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
else
}
else {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
}
else {
if (pinUvAuthProtocol == 0)
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2)
if (pinUvAuthProtocol == 0) {
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
}
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
}
}
if (options.present) {
@@ -240,76 +262,109 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
}
//else if (options.up == NULL) //5.7
//rup = ptrue;
if (options.uv != NULL)
//rup = ptrue;
if (options.uv != NULL) {
uv = *options.uv;
if (options.up != NULL)
}
if (options.up != NULL) {
up = *options.up;
}
}
if (pinUvAuthParam.present == true) { //6.1
int ret = verify(pinUvAuthProtocol, paut.data, clientDataHash.data, clientDataHash.len, pinUvAuthParam.data);
if (ret != CborNoError)
int ret = verify(pinUvAuthProtocol,
paut.data,
clientDataHash.data,
clientDataHash.len,
pinUvAuthParam.data);
if (ret != CborNoError) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
if (getUserVerifiedFlagValue() == false)
}
if (getUserVerifiedFlagValue() == false) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
if (!(paut.permissions & CTAP_PERMISSION_GA))
}
if (!(paut.permissions & CTAP_PERMISSION_GA)) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
if (paut.has_rp_id == true && memcmp(paut.rp_id_hash, rp_id_hash, 32) != 0)
}
if (paut.has_rp_id == true && memcmp(paut.rp_id_hash, rp_id_hash, 32) != 0) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
flags |= FIDO2_AUT_FLAG_UV;
// Check pinUvAuthToken permissions. See 6.2.2.4
}
if (extensions.present == true && extensions.hmac_secret == ptrue) {
if (kax.present == false || kay.present == false || crv == 0 || alg == 0 || salt_enc.present == false || salt_auth.present == false)
if (kax.present == false || kay.present == false || crv == 0 || alg == 0 ||
salt_enc.present == false || salt_auth.present == false) {
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (salt_enc.len != 32+(hmacSecretPinUvAuthProtocol-1)*IV_SIZE && salt_enc.len != 64+(hmacSecretPinUvAuthProtocol-1)*IV_SIZE)
}
if (salt_enc.len != 32 + (hmacSecretPinUvAuthProtocol - 1) * IV_SIZE &&
salt_enc.len != 64 + (hmacSecretPinUvAuthProtocol - 1) * IV_SIZE) {
CBOR_ERROR(CTAP1_ERR_INVALID_LEN);
}
}
if (allowList_len > 0) {
for (int e = 0; e < allowList_len; e++) {
if (allowList[e].type.present == false || allowList[e].id.present == false)
if (allowList[e].type.present == false || allowList[e].id.present == false) {
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (strcmp(allowList[e].type.data, "public-key") != 0)
}
if (strcmp(allowList[e].type.data, "public-key") != 0) {
continue;
if (credential_load(allowList[e].id.data, allowList[e].id.len, rp_id_hash, &creds[creds_len]) != 0) {
}
if (credential_load(allowList[e].id.data, allowList[e].id.len, rp_id_hash,
&creds[creds_len]) != 0) {
CBOR_FREE_BYTE_STRING(allowList[e].id);
credential_free(&creds[creds_len]);
}
else
else {
creds_len++;
}
}
}
else {
for (int i = 0; i < MAX_RESIDENT_CREDENTIALS && creds_len < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
for (int i = 0;
i < MAX_RESIDENT_CREDENTIALS && creds_len < MAX_CREDENTIAL_COUNT_IN_LIST;
i++) {
file_t *ef = search_dynamic_file(EF_CRED + i);
if (!file_has_data(ef) || memcmp(file_get_data(ef), rp_id_hash, 32) != 0)
if (!file_has_data(ef) || memcmp(file_get_data(ef), rp_id_hash, 32) != 0) {
continue;
int ret = credential_load(file_get_data(ef) + 32, file_get_size(ef) - 32, rp_id_hash, &creds[creds_len]);
if (ret != 0)
}
int ret = credential_load(file_get_data(ef) + 32,
file_get_size(ef) - 32,
rp_id_hash,
&creds[creds_len]);
if (ret != 0) {
credential_free(&creds[creds_len]);
else
}
else {
creds_len++;
}
}
resident = true;
}
for (int i = 0; i < creds_len; i++) {
if (creds[i].present == true) {
if (creds[i].extensions.present == true) {
if (creds[i].extensions.credProtect == CRED_PROT_UV_REQUIRED && !(flags & FIDO2_AUT_FLAG_UV))
if (creds[i].extensions.credProtect == CRED_PROT_UV_REQUIRED &&
!(flags & FIDO2_AUT_FLAG_UV)) {
credential_free(&creds[i]);
else if (creds[i].extensions.credProtect == CRED_PROT_UV_OPTIONAL_WITH_LIST && resident == true && !(flags & FIDO2_AUT_FLAG_UV))
}
else if (creds[i].extensions.credProtect == CRED_PROT_UV_OPTIONAL_WITH_LIST &&
resident == true && !(flags & FIDO2_AUT_FLAG_UV)) {
credential_free(&creds[i]);
else
}
else {
creds[numberOfCredentials++] = creds[i];
}
}
else
else {
creds[numberOfCredentials++] = creds[i];
}
}
}
if (numberOfCredentials == 0)
if (numberOfCredentials == 0) {
CBOR_ERROR(CTAP2_ERR_NO_CREDENTIALS);
}
for (int i = 0; i < numberOfCredentials; i++) {
for (int j = i + 1; j < numberOfCredentials; j++) {
@@ -324,14 +379,16 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
if (options.up == ptrue || options.present == false || options.up == NULL) { //9.1
if (pinUvAuthParam.present == true) {
if (getUserPresentFlagValue() == false) {
if (check_user_presence() == false)
if (check_user_presence() == false) {
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
}
}
}
else {
if (!(flags & FIDO2_AUT_FLAG_UP)) {
if (check_user_presence() == false)
if (check_user_presence() == false) {
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
}
}
}
flags |= FIDO2_AUT_FLAG_UP;
@@ -352,10 +409,11 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
if (numberOfCredentials > 1) {
asserted = true;
residentx = resident;
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++)
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
credsx[i] = creds[i];
}
numberOfCredentialsx = numberOfCredentials;
datax = (uint8_t *)calloc(1, len);
datax = (uint8_t *) calloc(1, len);
memcpy(datax, data, len);
lenx = len;
flagsx = flags;
@@ -389,23 +447,29 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
}
size_t ext_len = 0;
uint8_t ext [512];
uint8_t ext[512];
if (extensions.present == true) {
cbor_encoder_init(&encoder, ext, sizeof(ext), 0);
int l = 0;
if (options.up == pfalse)
if (options.up == pfalse) {
extensions.hmac_secret = NULL;
if (extensions.hmac_secret != NULL)
}
if (extensions.hmac_secret != NULL) {
l++;
if (credBlob == ptrue)
}
if (credBlob == ptrue) {
l++;
}
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, l));
if (credBlob == ptrue) {
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credBlob"));
if (selcred->extensions.credBlob.present == true)
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, selcred->extensions.credBlob.data, selcred->extensions.credBlob.len));
else
if (selcred->extensions.credBlob.present == true) {
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, selcred->extensions.credBlob.data,
selcred->extensions.credBlob.len));
}
else {
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, NULL, 0));
}
}
if (extensions.hmac_secret != NULL) {
@@ -429,12 +493,17 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
if (verify(hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, salt_enc.len, salt_auth.data) != 0) {
if (verify(hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, salt_enc.len,
salt_auth.data) != 0) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP2_ERR_EXTENSION_FIRST);
}
uint8_t salt_dec[64], poff = (hmacSecretPinUvAuthProtocol-1)*IV_SIZE;
ret = decrypt(hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, salt_enc.len, salt_dec);
uint8_t salt_dec[64], poff = (hmacSecretPinUvAuthProtocol - 1) * IV_SIZE;
ret = decrypt(hmacSecretPinUvAuthProtocol,
sharedSecret,
salt_enc.data,
salt_enc.len,
salt_dec);
if (ret != 0) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
@@ -445,15 +514,28 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
if (flags & FIDO2_AUT_FLAG_UV)
if (flags & FIDO2_AUT_FLAG_UV) {
crd = cred_random + 32;
else
}
else {
crd = cred_random;
}
uint8_t out1[64], hmac_res[80];
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec, 32, out1);
if (salt_enc.len == 64+poff)
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec+32, 32, out1+32);
encrypt(hmacSecretPinUvAuthProtocol, sharedSecret, out1, salt_enc.len-poff, hmac_res);
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
crd,
32,
salt_dec,
32,
out1);
if (salt_enc.len == 64 + poff) {
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
crd,
32,
salt_dec + 32,
32,
out1 + 32);
}
encrypt(hmacSecretPinUvAuthProtocol, sharedSecret, out1, salt_enc.len - poff, hmac_res);
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, hmac_res, salt_enc.len));
}
@@ -465,7 +547,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
uint32_t ctr = get_sign_counter();
size_t aut_data_len = 32 + 1 + 4 + ext_len;
aut_data = (uint8_t *)calloc(1, aut_data_len + clientDataHash.len);
aut_data = (uint8_t *) calloc(1, aut_data_len + clientDataHash.len);
uint8_t *pa = aut_data;
memcpy(pa, rp_id_hash, 32); pa += 32;
*pa++ = flags;
@@ -474,23 +556,38 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
*pa++ = ctr >> 8;
*pa++ = ctr & 0xff;
memcpy(pa, ext, ext_len); pa += ext_len;
if (pa-aut_data != aut_data_len)
if (pa - aut_data != aut_data_len) {
CBOR_ERROR(CTAP1_ERR_OTHER);
}
memcpy(pa, clientDataHash.data, clientDataHash.len);
uint8_t hash[32], sig[MBEDTLS_ECDSA_MAX_LEN];
ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), aut_data, aut_data_len+clientDataHash.len, hash);
ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
aut_data,
aut_data_len + clientDataHash.len,
hash);
size_t olen = 0;
ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen, NULL);
ret = mbedtls_ecdsa_write_signature(&ekey,
MBEDTLS_MD_SHA256,
hash,
32,
sig,
sizeof(sig),
&olen,
random_gen,
NULL);
mbedtls_ecdsa_free(&ekey);
uint8_t lfields = 3;
if (selcred->opts.present == true && selcred->opts.rk == ptrue)
if (selcred->opts.present == true && selcred->opts.rk == ptrue) {
lfields++;
if (numberOfCredentials > 1 && next == false)
}
if (numberOfCredentials > 1 && next == false) {
lfields++;
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue)
}
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
lfields++;
}
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields));
@@ -511,14 +608,17 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x04));
uint8_t lu = 1;
if (numberOfCredentials > 1 && allowList_len == 0) {
if (selcred->userName.present == true)
if (selcred->userName.present == true) {
lu++;
if (selcred->userDisplayName.present == true)
}
if (selcred->userDisplayName.present == true) {
lu++;
}
}
CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, lu));
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id"));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, selcred->userId.data, selcred->userId.len));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, selcred->userId.data,
selcred->userId.len));
if (numberOfCredentials > 1 && allowList_len == 0) {
if (selcred->userName.present == true) {
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "name"));
@@ -543,15 +643,16 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *)&ctr, sizeof(ctr));
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
err:
err:
CBOR_FREE_BYTE_STRING(clientDataHash);
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
CBOR_FREE_BYTE_STRING(rpId);
if (asserted == false) {
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++)
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
credential_free(&creds[i]);
}
}
for (int m = 0; m < allowList_len; m++) {
@@ -561,11 +662,13 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_FREE_BYTE_STRING(allowList[m].transports[n]);
}
}
if (aut_data)
if (aut_data) {
free(aut_data);
}
if (error != CborNoError) {
if (error == CborErrorImproperValue)
if (error == CborErrorImproperValue) {
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
}
return error;
}
res_APDU_size = resp_size;