mirror of
https://github.com/polhenarejos/pico-fido.git
synced 2024-09-20 11:20:10 +00:00
Credentials CANNOT be regenerated, as they depend on random IV.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
parent
a44227db52
commit
cf206bf158
@ -292,14 +292,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t cred_id[MAX_CRED_ID_LENGTH];
|
|
||||||
size_t cred_id_len = 0;
|
|
||||||
if (credential_create_cred(selcred, cred_id, &cred_id_len) != 0)
|
|
||||||
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
|
|
||||||
|
|
||||||
mbedtls_ecdsa_context ekey;
|
mbedtls_ecdsa_context ekey;
|
||||||
mbedtls_ecdsa_init(&ekey);
|
mbedtls_ecdsa_init(&ekey);
|
||||||
int ret = fido_load_key(selcred->curve, cred_id, &ekey);
|
int ret = fido_load_key(selcred->curve, selcred->id.data, &ekey);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_ecdsa_free(&ekey);
|
mbedtls_ecdsa_free(&ekey);
|
||||||
CBOR_ERROR(CTAP1_ERR_OTHER);
|
CBOR_ERROR(CTAP1_ERR_OTHER);
|
||||||
@ -414,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
|
|||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
||||||
CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2));
|
CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2));
|
||||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id"));
|
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id"));
|
||||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, cred_id, cred_id_len));
|
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, selcred->id.data, selcred->id.len));
|
||||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type"));
|
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type"));
|
||||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key"));
|
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key"));
|
||||||
CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
|
CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
|
||||||
|
@ -38,10 +38,6 @@ int credential_verify(uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id
|
|||||||
return mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher);
|
return mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher);
|
||||||
}
|
}
|
||||||
|
|
||||||
int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len) {
|
|
||||||
return credential_create(&cred->rpId, &cred->userId, &cred->userName, &cred->userDisplayName, &cred->extensions, cred->use_sign_count, cred->alg, cred->curve, cred_id, cred_id_len);
|
|
||||||
}
|
|
||||||
|
|
||||||
int credential_create(CborCharString *rpId, CborByteString *userId, CborCharString *userName, CborCharString *userDisplayName, CredExtensions *extensions, bool use_sign_count, int alg, int curve, uint8_t *cred_id, size_t *cred_id_len) {
|
int credential_create(CborCharString *rpId, CborByteString *userId, CborCharString *userName, CborCharString *userDisplayName, CredExtensions *extensions, bool use_sign_count, int alg, int curve, uint8_t *cred_id, size_t *cred_id_len) {
|
||||||
CborEncoder encoder, mapEncoder, mapEncoder2;
|
CborEncoder encoder, mapEncoder, mapEncoder2;
|
||||||
CborError error = CborNoError;
|
CborError error = CborNoError;
|
||||||
@ -92,6 +88,7 @@ int credential_create(CborCharString *rpId, CborByteString *userId, CborCharStri
|
|||||||
}
|
}
|
||||||
memcpy(cred_id, "\xf1\xd0\x02\x00", 4);
|
memcpy(cred_id, "\xf1\xd0\x02\x00", 4);
|
||||||
memcpy(cred_id + 4, iv, 12);
|
memcpy(cred_id + 4, iv, 12);
|
||||||
|
|
||||||
err:
|
err:
|
||||||
if (error != CborNoError) {
|
if (error != CborNoError) {
|
||||||
if (error == CborErrorImproperValue)
|
if (error == CborErrorImproperValue)
|
||||||
@ -151,7 +148,10 @@ int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *r
|
|||||||
CBOR_ADVANCE(1);
|
CBOR_ADVANCE(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
cred->id.present = true;
|
||||||
|
cred->id.data = (uint8_t *)calloc(1, cred_id_len);
|
||||||
|
memcpy(cred->id.data, cred_id, cred_id_len);
|
||||||
|
cred->id.len = cred_id_len;
|
||||||
cred->present = true;
|
cred->present = true;
|
||||||
err:
|
err:
|
||||||
free(copy_cred_id);
|
free(copy_cred_id);
|
||||||
@ -168,6 +168,7 @@ void credential_free(Credential *cred) {
|
|||||||
CBOR_FREE_BYTE_STRING(cred->userId);
|
CBOR_FREE_BYTE_STRING(cred->userId);
|
||||||
CBOR_FREE_BYTE_STRING(cred->userName);
|
CBOR_FREE_BYTE_STRING(cred->userName);
|
||||||
CBOR_FREE_BYTE_STRING(cred->userDisplayName);
|
CBOR_FREE_BYTE_STRING(cred->userDisplayName);
|
||||||
|
CBOR_FREE_BYTE_STRING(cred->id);
|
||||||
cred->present = false;
|
cred->present = false;
|
||||||
cred->extensions.present = false;
|
cred->extensions.present = false;
|
||||||
}
|
}
|
||||||
|
@ -44,6 +44,7 @@ typedef struct Credential
|
|||||||
const bool *use_sign_count;
|
const bool *use_sign_count;
|
||||||
int64_t alg;
|
int64_t alg;
|
||||||
int64_t curve;
|
int64_t curve;
|
||||||
|
CborByteString id;
|
||||||
bool present;
|
bool present;
|
||||||
} Credential;
|
} Credential;
|
||||||
|
|
||||||
@ -56,7 +57,6 @@ extern int credential_create(CborCharString *rpId, CborByteString *userId, CborC
|
|||||||
extern void credential_free(Credential *cred);
|
extern void credential_free(Credential *cred);
|
||||||
extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash);
|
extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash);
|
||||||
extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred);
|
extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred);
|
||||||
extern int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len);
|
|
||||||
extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
|
extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
|
||||||
|
|
||||||
#endif // _CREDENTIAL_H_
|
#endif // _CREDENTIAL_H_
|
||||||
|
Loading…
Reference in New Issue
Block a user