diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 8f88910..5762b63 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -160,7 +160,7 @@ int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_l } else if (protocol == 2) { memcpy(out, in, in_len); - return aes_encrypt(key+32, out, 32*8, HSM_AES_MODE_CBC, out+IV_SIZE, in_len-IV_SIZE); + return aes_decrypt(key+32, out, 32*8, HSM_AES_MODE_CBC, out+IV_SIZE, in_len-IV_SIZE); } return -1; @@ -341,7 +341,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); if (file_has_data(ef_pin)) CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); - if (newPinEnc.len != 64) + if ((pinUvAuthProtocol == 1 && newPinEnc.len != 64) || (pinUvAuthProtocol == 2 && newPinEnc.len != 64+IV_SIZE)) CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -359,21 +359,21 @@ int cbor_client_pin(const uint8_t *data, size_t len) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } - uint8_t paddedNewPin[64]; + uint8_t paddedNewPin[80], poff = (pinUvAuthProtocol-1)*IV_SIZE; ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); if (ret != 0) CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); - if (paddedNewPin[63] != 0) + if (paddedNewPin[poff+63] != 0) CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION); uint8_t pin_len = 0; - while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) + while (paddedNewPin[poff+pin_len] != 0 && pin_len < sizeof(paddedNewPin)-poff) pin_len++; if (pin_len < 4) CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION); uint8_t hsh[33]; hsh[0] = MAX_PIN_RETRIES; - mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 1); + mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin+poff, pin_len, hsh + 1); flash_write_data_to_file(ef_pin, hsh, 1+16); low_flash_available(); goto err; //No return @@ -387,7 +387,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET); if (*file_get_data(ef_pin) == 0) CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED); - if (newPinEnc.len != 64 || pinHashEnc.len != 16) + if ((pinUvAuthProtocol == 1 && (newPinEnc.len != 64 || pinHashEnc.len != 16)) || (pinUvAuthProtocol == 2 && (newPinEnc.len != 64+IV_SIZE || pinHashEnc.len != 16+IV_SIZE))) CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -410,14 +410,14 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } uint8_t retries = *file_get_data(ef_pin) - 1; flash_write_data_to_file(ef_pin, &retries, 1); - uint8_t paddedNewPin[64]; + uint8_t paddedNewPin[80], poff =(pinUvAuthProtocol-1)*IV_SIZE; ret = decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } low_flash_available(); - if (memcmp(paddedNewPin, file_get_data(ef_pin)+1, 16) != 0) { + if (memcmp(paddedNewPin+poff, file_get_data(ef_pin)+1, 16) != 0) { regenerate(); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); if (retries == 0) { @@ -438,16 +438,16 @@ int cbor_client_pin(const uint8_t *data, size_t len) { if (ret != 0) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } - if (paddedNewPin[63] != 0) + if (paddedNewPin[poff+63] != 0) CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); uint8_t pin_len = 0; - while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) + while (paddedNewPin[poff+pin_len] != 0 && pin_len < sizeof(paddedNewPin)-poff) pin_len++; if (pin_len < 4) CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION); uint8_t hsh[33]; hsh[0] = MAX_PIN_RETRIES; - mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 1); + mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin+poff, pin_len, hsh + 1); flash_write_data_to_file(ef_pin, hsh, 1+16); low_flash_available(); resetPinUvAuthToken(); @@ -476,14 +476,14 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } uint8_t retries = *file_get_data(ef_pin) - 1; flash_write_data_to_file(ef_pin, &retries, 1); - uint8_t paddedNewPin[64]; + uint8_t paddedNewPin[64+IV_SIZE], poff = (pinUvAuthProtocol-1)*IV_SIZE; ret = decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } low_flash_available(); - if (memcmp(paddedNewPin, file_get_data(ef_pin)+1, 16) != 0) { + if (memcmp(paddedNewPin+poff, file_get_data(ef_pin)+1, 16) != 0) { regenerate(); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); if (retries == 0) { @@ -506,11 +506,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) { memcpy(paut.rp_id_hash, rpId.data, 32); else memset(paut.rp_id_hash, 0, sizeof(paut.rp_id_hash)); - uint8_t pinUvAuthToken_enc[32]; + uint8_t pinUvAuthToken_enc[32+IV_SIZE]; encrypt(pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32)); + CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32+poff)); } else CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);