mirror of
https://github.com/polhenarejos/pico-fido.git
synced 2024-09-20 11:20:10 +00:00
Credentials CANNOT be regenerated, as they depend on random IV.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
parent
a44227db52
commit
cf206bf158
@ -292,14 +292,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
|
||||
}
|
||||
}
|
||||
|
||||
uint8_t cred_id[MAX_CRED_ID_LENGTH];
|
||||
size_t cred_id_len = 0;
|
||||
if (credential_create_cred(selcred, cred_id, &cred_id_len) != 0)
|
||||
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
|
||||
|
||||
mbedtls_ecdsa_context ekey;
|
||||
mbedtls_ecdsa_init(&ekey);
|
||||
int ret = fido_load_key(selcred->curve, cred_id, &ekey);
|
||||
int ret = fido_load_key(selcred->curve, selcred->id.data, &ekey);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ekey);
|
||||
CBOR_ERROR(CTAP1_ERR_OTHER);
|
||||
@ -414,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len) {
|
||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
||||
CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2));
|
||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "id"));
|
||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, cred_id, cred_id_len));
|
||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, selcred->id.data, selcred->id.len));
|
||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type"));
|
||||
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key"));
|
||||
CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
|
||||
|
@ -38,10 +38,6 @@ int credential_verify(uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id
|
||||
return mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher);
|
||||
}
|
||||
|
||||
int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len) {
|
||||
return credential_create(&cred->rpId, &cred->userId, &cred->userName, &cred->userDisplayName, &cred->extensions, cred->use_sign_count, cred->alg, cred->curve, cred_id, cred_id_len);
|
||||
}
|
||||
|
||||
int credential_create(CborCharString *rpId, CborByteString *userId, CborCharString *userName, CborCharString *userDisplayName, CredExtensions *extensions, bool use_sign_count, int alg, int curve, uint8_t *cred_id, size_t *cred_id_len) {
|
||||
CborEncoder encoder, mapEncoder, mapEncoder2;
|
||||
CborError error = CborNoError;
|
||||
@ -92,6 +88,7 @@ int credential_create(CborCharString *rpId, CborByteString *userId, CborCharStri
|
||||
}
|
||||
memcpy(cred_id, "\xf1\xd0\x02\x00", 4);
|
||||
memcpy(cred_id + 4, iv, 12);
|
||||
|
||||
err:
|
||||
if (error != CborNoError) {
|
||||
if (error == CborErrorImproperValue)
|
||||
@ -151,7 +148,10 @@ int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *r
|
||||
CBOR_ADVANCE(1);
|
||||
}
|
||||
}
|
||||
|
||||
cred->id.present = true;
|
||||
cred->id.data = (uint8_t *)calloc(1, cred_id_len);
|
||||
memcpy(cred->id.data, cred_id, cred_id_len);
|
||||
cred->id.len = cred_id_len;
|
||||
cred->present = true;
|
||||
err:
|
||||
free(copy_cred_id);
|
||||
@ -168,6 +168,7 @@ void credential_free(Credential *cred) {
|
||||
CBOR_FREE_BYTE_STRING(cred->userId);
|
||||
CBOR_FREE_BYTE_STRING(cred->userName);
|
||||
CBOR_FREE_BYTE_STRING(cred->userDisplayName);
|
||||
CBOR_FREE_BYTE_STRING(cred->id);
|
||||
cred->present = false;
|
||||
cred->extensions.present = false;
|
||||
}
|
||||
|
@ -44,6 +44,7 @@ typedef struct Credential
|
||||
const bool *use_sign_count;
|
||||
int64_t alg;
|
||||
int64_t curve;
|
||||
CborByteString id;
|
||||
bool present;
|
||||
} Credential;
|
||||
|
||||
@ -56,7 +57,6 @@ extern int credential_create(CborCharString *rpId, CborByteString *userId, CborC
|
||||
extern void credential_free(Credential *cred);
|
||||
extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash);
|
||||
extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred);
|
||||
extern int credential_create_cred(Credential *cred, uint8_t *cred_id, size_t *cred_id_len);
|
||||
extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
|
||||
|
||||
#endif // _CREDENTIAL_H_
|
||||
|
Loading…
Reference in New Issue
Block a user