mirror of
https://github.com/polhenarejos/pico-fido.git
synced 2024-09-20 03:10:10 +00:00
Add initial large blob command.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
parent
24b66dcffc
commit
4a3f957fdf
150
src/fido/cbor_large_blobs.c
Normal file
150
src/fido/cbor_large_blobs.c
Normal file
@ -0,0 +1,150 @@
|
||||
/*
|
||||
* This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
|
||||
* Copyright (c) 2022 Pol Henarejos.
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, version 3.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "ctap2_cbor.h"
|
||||
#include "fido.h"
|
||||
#include "ctap.h"
|
||||
#include "files.h"
|
||||
#include "apdu.h"
|
||||
#include "version.h"
|
||||
#include "hsm.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
|
||||
static uint64_t expectedLength = 0, expectedNextOffset = 0;
|
||||
uint8_t temp_lba[MAX_LARGE_BLOB_SIZE];
|
||||
|
||||
int cbor_large_blobs(const uint8_t *data, size_t len) {
|
||||
CborParser parser;
|
||||
CborValue map;
|
||||
CborEncoder encoder, mapEncoder;
|
||||
CborError error = CborNoError;
|
||||
uint64_t get = 0, offset = UINT64_MAX, length = 0, pinUvAuthProtocol = 0;
|
||||
CborByteString set = {0}, pinUvAuthParam = {0};
|
||||
|
||||
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
|
||||
uint64_t val_c = 1;
|
||||
CBOR_PARSE_MAP_START(map, 1) {
|
||||
uint64_t val_u = 0;
|
||||
CBOR_FIELD_GET_UINT(val_u, 1);
|
||||
if (val_c <= 1 && val_c != val_u)
|
||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||
if (val_u < val_c)
|
||||
CBOR_ERROR(CTAP2_ERR_INVALID_CBOR);
|
||||
val_c = val_u + 1;
|
||||
if (val_u == 0x01) {
|
||||
CBOR_FIELD_GET_UINT(get, 1);
|
||||
}
|
||||
else if (val_u == 0x02) {
|
||||
CBOR_FIELD_GET_BYTES(set, 1);
|
||||
}
|
||||
else if (val_u == 0x03) {
|
||||
CBOR_FIELD_GET_UINT(offset, 1);
|
||||
}
|
||||
else if (val_u == 0x04) {
|
||||
CBOR_FIELD_GET_UINT(length, 1);
|
||||
}
|
||||
else if (val_u == 0x05) {
|
||||
CBOR_FIELD_GET_BYTES(pinUvAuthParam, 1);
|
||||
}
|
||||
else if (val_u == 0x06) {
|
||||
CBOR_FIELD_GET_UINT(pinUvAuthProtocol, 1);
|
||||
}
|
||||
}
|
||||
CBOR_PARSE_MAP_END(map, 1);
|
||||
|
||||
if (offset == 0)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
if (get == 0 && set.present == false)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
if (get != 0 && set.present == true)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
|
||||
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
|
||||
if (get > 0) {
|
||||
if (length != 0)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
if (length > MAX_FRAGMENT_LENGTH)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_LEN);
|
||||
if (offset > file_get_size(ef_largeblob))
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, file_get_data(ef_largeblob)+offset, MIN(get, file_get_size(ef_largeblob)-offset)));
|
||||
}
|
||||
else {
|
||||
if (set.len > MAX_FRAGMENT_LENGTH)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_LEN);
|
||||
if (offset == 0) {
|
||||
if (length == 0)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
if (length > MAX_LARGE_BLOB_SIZE) {
|
||||
CBOR_ERROR(CTAP2_ERR_LARGE_BLOB_STORAGE_FULL);
|
||||
}
|
||||
if (length < 17) {
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
}
|
||||
expectedLength = length;
|
||||
expectedNextOffset = 0;
|
||||
}
|
||||
else {
|
||||
if (length != 0)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
}
|
||||
if (offset != expectedNextOffset)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_SEQ);
|
||||
if (pinUvAuthParam.present == false)
|
||||
CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED);
|
||||
if (pinUvAuthProtocol == 0)
|
||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||
uint8_t verify_data[70] = {0};
|
||||
memset(verify_data, 0xff, 32);
|
||||
verify_data[32] = 0x0C;
|
||||
verify_data[34] = offset & 0xff;
|
||||
verify_data[35] = offset >> 8;
|
||||
verify_data[36] = offset >> 16;
|
||||
verify_data[37] = offset >> 24;
|
||||
mbedtls_sha256(set.data, set.len, verify_data+38, 0);
|
||||
if (verify(pinUvAuthProtocol, paut.data, verify_data, sizeof(verify_data), pinUvAuthParam.data) != 0)
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||
if (!(paut.permissions & CTAP_PERMISSION_LBW))
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||
if (offset+set.len > expectedLength)
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
if (offset == 0)
|
||||
memset(temp_lba, 0, sizeof(temp_lba));
|
||||
memcpy(temp_lba+expectedNextOffset, set.data, set.len);
|
||||
expectedNextOffset += set.len;
|
||||
if (expectedNextOffset == expectedLength) {
|
||||
uint8_t sha[32];
|
||||
mbedtls_sha256(temp_lba, expectedLength, sha, 0);
|
||||
if (expectedLength > 17 && memcmp(sha, temp_lba+expectedLength-16, 16) != 0)
|
||||
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
|
||||
flash_write_data_to_file(ef_largeblob, temp_lba, expectedLength);
|
||||
low_flash_available();
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
||||
|
||||
err:
|
||||
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
|
||||
CBOR_FREE_BYTE_STRING(set);
|
||||
if (error != CborNoError)
|
||||
return -CTAP2_ERR_INVALID_CBOR;
|
||||
res_APDU_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1);
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user