dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Fixes in enumerations.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-10-04 16:57:34 +02:00
parent 3f80acc81b
commit cf4778b9ad
1 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/fido/cbor_cred_mgmt.c
View File

@@ -30,6 +30,7 @@ uint8_t rp_counter = 1;
uint8_t rp_total = 0; uint8_t rp_total = 0;
uint8_t cred_counter = 1; uint8_t cred_counter = 1;
uint8_t cred_total = 0; uint8_t cred_total = 0;
CborByteString rpIdHashx = {0};
int cbor_cred_mgmt(const uint8_t *data, size_t len) { int cbor_cred_mgmt(const uint8_t *data, size_t len) {
CborParser parser; CborParser parser;
@@ -43,13 +44,14 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
CborEncoder encoder, mapEncoder, mapEncoder2; CborEncoder encoder, mapEncoder, mapEncoder2;
uint8_t *raw_subpara = NULL; uint8_t *raw_subpara = NULL;
size_t raw_subpara_len = 0; size_t raw_subpara_len = 0;
bool asserted = false;
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map)); CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
uint64_t val_c = 1; uint64_t val_c = 1;
CBOR_PARSE_MAP_START(map, 1) { CBOR_PARSE_MAP_START(map, 1) {
uint64_t val_u = 0; uint64_t val_u = 0;
CBOR_FIELD_GET_UINT(val_u, 1); CBOR_FIELD_GET_UINT(val_u, 1);
if (val_c <= 4 && val_c != val_u) if (val_c <= 1 && val_c != val_u)
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (val_u < val_c) if (val_u < val_c)
CBOR_ERROR(CTAP2_ERR_INVALID_CBOR); CBOR_ERROR(CTAP2_ERR_INVALID_CBOR);
@@ -103,7 +105,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
} }
CBOR_PARSE_MAP_END(map, 1); CBOR_PARSE_MAP_END(map, 1);
if (subcommand != 0x03) { if (subcommand != 0x03 && subcommand != 0x05) {
if (pinUvAuthParam.present == false) if (pinUvAuthParam.present == false)
CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED);
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2) if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2)
@@ -130,9 +132,11 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
if (subcommand == 0x02) { if (subcommand == 0x02) {
if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *)"\x02", 1, pinUvAuthParam.data) != CborNoError) if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *)"\x02", 1, pinUvAuthParam.data) != CborNoError)
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
rp_counter = 1;
rp_total = 0;
} }
else { else {
if (rp_counter >= rp_total) if (rp_counter > rp_total)
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
} }
uint8_t skip = 0; uint8_t skip = 0;
@@ -145,7 +149,8 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
if (subcommand == 0x03) if (subcommand == 0x03)
break; break;
} }
rp_total++; if (subcommand == 0x02)
rp_total++;
} }
} }
if (rp_ef == NULL) // should not happen if (rp_ef == NULL) // should not happen
@@ -165,16 +170,20 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
} }
} }
else if (subcommand == 0x04 || subcommand == 0x05) { else if (subcommand == 0x04 || subcommand == 0x05) {
if (rpIdHash.present == false) if (subcommand == 0x04 && rpIdHash.present == false)
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
if (subcommand == 0x04) { if (subcommand == 0x04) {
*(raw_subpara-1) = 0x04; *(raw_subpara-1) = 0x04;
if (verify(pinUvAuthProtocol, paut.data, raw_subpara-1, raw_subpara_len+1, pinUvAuthParam.data) != CborNoError) if (verify(pinUvAuthProtocol, paut.data, raw_subpara-1, raw_subpara_len+1, pinUvAuthParam.data) != CborNoError)
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
cred_counter = 1;
cred_total = 0;
} }
else { else {
if (cred_counter >= cred_total) if (cred_counter > cred_total) {
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
}
rpIdHash = rpIdHashx;
} }
file_t *cred_ef = NULL; file_t *cred_ef = NULL;
uint8_t skip = 0; uint8_t skip = 0;
@@ -187,7 +196,8 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
if (subcommand == 0x05) if (subcommand == 0x05)
break; break;
} }
cred_total++; if (subcommand == 0x04)
cred_total++;
} }
} }
if (!file_has_data(cred_ef)) if (!file_has_data(cred_ef))
@@ -260,6 +270,10 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x09)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x09));
CBOR_CHECK(cbor_encode_uint(&mapEncoder, cred_total)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, cred_total));
} }
if (cred_counter <= cred_total) {
asserted = true;
rpIdHashx = rpIdHash;
}
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A));
CBOR_CHECK(cbor_encode_uint(&mapEncoder, cred.extensions.credProtect)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, cred.extensions.credProtect));
credential_free(&cred); credential_free(&cred);
@@ -335,7 +349,9 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
err: err:
CBOR_FREE_BYTE_STRING(pinUvAuthParam); CBOR_FREE_BYTE_STRING(pinUvAuthParam);
CBOR_FREE_BYTE_STRING(rpIdHash); if (asserted == false) {
CBOR_FREE_BYTE_STRING(rpIdHash);
}
CBOR_FREE_BYTE_STRING(user.id); CBOR_FREE_BYTE_STRING(user.id);
CBOR_FREE_BYTE_STRING(user.displayName); CBOR_FREE_BYTE_STRING(user.displayName);
CBOR_FREE_BYTE_STRING(user.parent.name); CBOR_FREE_BYTE_STRING(user.parent.name);