diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index d61133e..7ecbcbd 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -374,21 +374,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 5)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ECDH_ES_HKDF_256)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2)); - uint8_t pkey[32]; - mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.X, pkey, 32); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 3)); - mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.Y, pkey, 32); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32)); - CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_key_shared(&hkey, &mapEncoder, &mapEncoder2)); } else if (pinUvAuthProtocol == 0) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index d9705fa..13ee3f6 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -309,21 +309,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x08)); - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 5)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -cred.alg)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, cred.curve)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2)); - uint8_t pkey[66]; - mbedtls_mpi_write_binary(&key.Q.X, pkey, mbedtls_mpi_size(&key.Q.X)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, mbedtls_mpi_size(&key.Q.X))); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 3)); - mbedtls_mpi_write_binary(&key.Q.Y, pkey, mbedtls_mpi_size(&key.Q.Y)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, mbedtls_mpi_size(&key.Q.Y))); - CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_key(&key, &mapEncoder, &mapEncoder2)); if (subcommand == 0x04) { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x09)); diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 8812376..0864725 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -91,30 +91,10 @@ int cbor_get_info() { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A)); CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 4)); - CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); - CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); - CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES384)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); - CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); - CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES512)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); - CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); - CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256K)); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); - CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256, &arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES384, &arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES512, &arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256K, &arrayEncoder, &mapEncoder2)); CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0B)); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index c176408..d709d5c 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -369,7 +369,6 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ext_len = cbor_encoder_get_buffer_size(&encoder, ext); flags |= FIDO2_AUT_FLAG_ED; } - uint8_t pkey[66]; mbedtls_ecdsa_context ekey; mbedtls_ecdsa_init(&ekey); int ret = fido_load_key(curve, cred_id, &ekey); @@ -386,21 +385,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { uint32_t ctr = get_sign_counter(); uint8_t cbor_buf[1024]; cbor_encoder_init(&encoder, cbor_buf, sizeof(cbor_buf), 0); - CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 5)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder, 2)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder, 3)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder, -alg)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder, curve)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder, 2)); - mbedtls_mpi_write_binary(&ekey.Q.X, pkey, mbedtls_mpi_size(&ekey.Q.X)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pkey, mbedtls_mpi_size(&ekey.Q.X))); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder, 3)); - mbedtls_mpi_write_binary(&ekey.Q.Y, pkey, mbedtls_mpi_size(&ekey.Q.Y)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pkey, mbedtls_mpi_size(&ekey.Q.Y))); - - CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); + CBOR_CHECK(COSE_key(&ekey, &encoder, &mapEncoder)); size_t rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf); size_t aut_data_len = 32 + 1 + 4 + (16 + 2 + cred_id_len + rs) + ext_len; diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index 5ec5b28..466bc67 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -223,22 +223,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); - - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 5)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ECDH_ES_HKDF_256)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1)); - CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2)); - uint8_t pkey[32]; - mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.X, pkey, 32); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32)); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 3)); - mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.Y, pkey, 32); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32)); - CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_key_shared(&hkey, &mapEncoder, &mapEncoder2)); mbedtls_ecdh_free(&hkey); } }