From da7b918dc4299446bf5e9150bf4badda91040229 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 01:34:34 +0200 Subject: [PATCH 1/6] Added RS algorithms though are not supported. Signed-off-by: Pol Henarejos --- src/fido/fido.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/fido/fido.h b/src/fido/fido.h index c22ed37..f12dc5d 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -66,6 +66,9 @@ extern int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSec #define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 P521 #define FIDO2_ALG_ECDH_ES_HKDF_256 -25 //ECDH-ES + HKDF-256 #define FIDO2_ALG_ES256K -47 +#define FIDO2_ALG_RS256 -257 +#define FIDO2_ALG_RS384 -258 +#define FIDO2_ALG_RS512 -259 #define FIDO2_CURVE_P256 1 #define FIDO2_CURVE_P384 2 From 5e0c42a9f99949e167ebf181ebd4e7ce02b0a088 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 01:34:47 +0200 Subject: [PATCH 2/6] Use hexa representation for error displaying Signed-off-by: Pol Henarejos --- src/fido/ctap2_cbor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h index f7ee2d2..9a8c8d1 100644 --- a/src/fido/ctap2_cbor.h +++ b/src/fido/ctap2_cbor.h @@ -57,7 +57,7 @@ extern const bool _btrue, _bfalse; do \ { \ error = e; \ - printf("Cbor ERROR [%s:%d]: %d\n", __FILE__, __LINE__, e); \ + printf("Cbor ERROR [%s:%d]: %x\n", __FILE__, __LINE__, e); \ goto err; \ } while (0) From 7c5f2cee4bceb02a3bd3a159b4b9101bda0a64d7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 01:35:13 +0200 Subject: [PATCH 3/6] Do not throw error if not supported but valid algorithm is provided. Just ignore it. Signed-off-by: Pol Henarejos --- src/fido/cbor_make_credential.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index cf836d7..832ee35 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -222,6 +222,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { curve = FIDO2_CURVE_P256K1; } } + else if (pubKeyCredParams[i].alg <= FIDO2_ALG_RS256 && pubKeyCredParams[i].alg >= FIDO2_ALG_RS512) { + // pass + } else { CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE); } From 9c90095e96d56f07016dfeb8ee893d61a9b190f8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 01:35:57 +0200 Subject: [PATCH 4/6] CBOR errors are not sent through CTAPHID_ERROR command, but in CBOR response instead. Fixes #16 Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index e80f513..f9e9269 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -111,6 +111,10 @@ void cbor_thread() { if (apdu.sw == 0) { DEBUG_DATA(res_APDU + 1, res_APDU_size); } + else { + res_APDU[0] = apdu.sw; + apdu.sw = 0; + } finished_data_size = res_APDU_size + 1; From aec488f070c306e05d85d6ca813fc4ae49bc7da8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 08:56:43 +0200 Subject: [PATCH 5/6] Revert "Upgrade to version 5.6" This reverts commit 45c2cf65feb28020b13aee32b82ebad7ed3cdea8. --- src/fido/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/version.h b/src/fido/version.h index 721a0bf..4708ced 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x0506 +#define PICO_FIDO_VERSION 0x0504 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) From a9697ba4e05f413e897a0339b276b1cf2bc6e44b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 08:57:31 +0200 Subject: [PATCH 6/6] Upgrade to version 5.6 Signed-off-by: Pol Henarejos --- src/fido/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/version.h b/src/fido/version.h index 4708ced..721a0bf 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x0504 +#define PICO_FIDO_VERSION 0x0506 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff)