coelner/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido.git synced 2024-09-20 11:20:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Credentials CANNOT be regenerated, as they depend on random IV.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-09-21 19:53:36 +02:00
parent a44227db52
commit cf206bf158
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
3 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/fido/cbor_get_assertion.c
View File

@ -292,14 +292,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
} }
} }
uint8_t cred_id[MAX_CRED_ID_LENGTH];
size_t cred_id_len = 0;
if (credential_create_cred(selcred, cred_id, &cred_id_len) != 0)
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
mbedtls_ecdsa_context ekey; mbedtls_ecdsa_context ekey;
mbedtls_ecdsa_init(&ekey); mbedtls_ecdsa_init(&ekey);
int ret = fido_load_key(selcred->curve, cred_id, &ekey); int ret = fido_load_key(selcred->curve, selcred->id.data, &ekey);
if (ret != 0) { if (ret != 0) {
mbedtls_ecdsa_free(&ekey); mbedtls_ecdsa_free(&ekey);
CBOR_ERROR(CTAP1_ERR_OTHER); CBOR_ERROR(CTAP1_ERR_OTHER);
@ -414,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2)); CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2));
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id")); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id"));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, cred_id, cred_id_len)); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, selcred->id.data, selcred->id.len));
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type"));
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key"));
CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));

11
src/fido/credential.c
View File

@ -38,10 +38,6 @@ int credential_verify(uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id
return mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher); return mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher);
} }
int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len) {
return credential_create(&cred->rpId, &cred->userId, &cred->userName, &cred->userDisplayName, &cred->extensions, cred->use_sign_count, cred->alg, cred->curve, cred_id, cred_id_len);
}
int credential_create(CborCharString *rpId, CborByteString *userId, CborCharString *userName, CborCharString *userDisplayName, CredExtensions *extensions, bool use_sign_count, int alg, int curve, uint8_t *cred_id, size_t *cred_id_len) { int credential_create(CborCharString *rpId, CborByteString *userId, CborCharString *userName, CborCharString *userDisplayName, CredExtensions *extensions, bool use_sign_count, int alg, int curve, uint8_t *cred_id, size_t *cred_id_len) {
CborEncoder encoder, mapEncoder, mapEncoder2; CborEncoder encoder, mapEncoder, mapEncoder2;
CborError error = CborNoError; CborError error = CborNoError;
@ -92,6 +88,7 @@ int credential_create(CborCharString *rpId, CborByteString *userId, CborCharStri
} }
memcpy(cred_id, "\xf1\xd0\x02\x00", 4); memcpy(cred_id, "\xf1\xd0\x02\x00", 4);
memcpy(cred_id + 4, iv, 12); memcpy(cred_id + 4, iv, 12);
err: err:
if (error != CborNoError) { if (error != CborNoError) {
if (error == CborErrorImproperValue) if (error == CborErrorImproperValue)
@ -151,7 +148,10 @@ int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *r
CBOR_ADVANCE(1); CBOR_ADVANCE(1);
} }
} }
cred->id.present = true;
cred->id.data = (uint8_t *)calloc(1, cred_id_len);
memcpy(cred->id.data, cred_id, cred_id_len);
cred->id.len = cred_id_len;
cred->present = true; cred->present = true;
err: err:
free(copy_cred_id); free(copy_cred_id);
@ -168,6 +168,7 @@ void credential_free(Credential *cred) {
CBOR_FREE_BYTE_STRING(cred->userId); CBOR_FREE_BYTE_STRING(cred->userId);
CBOR_FREE_BYTE_STRING(cred->userName); CBOR_FREE_BYTE_STRING(cred->userName);
CBOR_FREE_BYTE_STRING(cred->userDisplayName); CBOR_FREE_BYTE_STRING(cred->userDisplayName);
CBOR_FREE_BYTE_STRING(cred->id);
cred->present = false; cred->present = false;
cred->extensions.present = false; cred->extensions.present = false;
} }

2
src/fido/credential.h
View File

@ -44,6 +44,7 @@ typedef struct Credential
const bool *use_sign_count; const bool *use_sign_count;
int64_t alg; int64_t alg;
int64_t curve; int64_t curve;
CborByteString id;
bool present; bool present;
} Credential; } Credential;
@ -56,7 +57,6 @@ extern int credential_create(CborCharString *rpId, CborByteString *userId, CborC
extern void credential_free(Credential *cred); extern void credential_free(Credential *cred);
extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash); extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash);
extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred); extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred);
extern int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len);
extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk); extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
#endif // _CREDENTIAL_H_ #endif // _CREDENTIAL_H_