Merge 69e250921f into 02556fcde1

Fix buffer initialization.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-09-20 03:10:10 +00:00 · 2024-08-26 16:30:14 +02:00 · 2024-08-25 20:21:43 +02:00 · 2024-08-25 01:31:19 +02:00 · 2024-08-25 01:30:54 +02:00 · 2024-08-25 00:10:23 +02:00
13 changed files with 47 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+release
+build_release
--- a/.gitmodules
+++ b/.gitmodules
@ -1,3 +1,6 @@
 [submodule "pico-keys-sdk"]
 	path = pico-keys-sdk
 	url = https://github.com/polhenarejos/pico-keys-sdk
+[submodule "pico-sdk"]
+	path = pico-sdk
+	url = https://github.com/raspberrypi/pico-sdk.git
--- a/build_pico_fido.sh
+++ b/build_pico_fido.sh
@ -50,7 +50,9 @@ for board in adafruit_feather_rp2040 \
    wiznet_w5100s_evb_pico
 do
    rm -rf *
-    PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
+    # PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
+    PICO_SDK_PATH=../pico-sdk cmake .. -DPICO_BOARD=$board
+
    make -kj20
    mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2

--- a/build_release/.gitkeep
+++ b/build_release/.gitkeep
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 7a88a2b8e74780e3d5f5a48fb5d5705fbff2d940
+Subproject commit 956f476872e25603ee063b776e3da280670cb15e
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit 6a7db34ff63345a7badec79ebea3aaef1712f374
--- a/release/.gitkeep
+++ b/release/.gitkeep
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@ -203,7 +203,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    }

    uint8_t flags = 0;
-    uint8_t rp_id_hash[32];
+    uint8_t rp_id_hash[32] = {0};
    mbedtls_sha256((uint8_t *) rpId.data, rpId.len, rp_id_hash, 0);

    bool resident = false;
@ -323,11 +323,21 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
                        credential_free(&creds[i]);
                    }
                    else {
-                        creds[numberOfCredentials++] = creds[i];
+                        if (numberOfCredentials != i) {
+                            creds[numberOfCredentials++] = creds[i];
+                        }
+                        else {
+                            numberOfCredentials++;
+                        }
                    }
                }
                else {
-                    creds[numberOfCredentials++] = creds[i];
+                    if (numberOfCredentials != i) {
+                        creds[numberOfCredentials++] = creds[i];
+                    }
+                    else {
+                        numberOfCredentials++;
+                    }
                }
            }
        }
@ -399,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    }

    int ret = 0;
-    uint8_t largeBlobKey[32];
+    uint8_t largeBlobKey[32] = {0};
    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
        ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey);
        if (ret != 0) {
@ -408,7 +418,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    }

    size_t ext_len = 0;
-    uint8_t ext[512];
+    uint8_t ext[512] = {0};
    if (extensions.present == true) {
        cbor_encoder_init(&encoder, ext, sizeof(ext), 0);
        int l = 0;
@ -439,7 +449,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {

            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "hmac-secret"));

-            uint8_t sharedSecret[64];
+            uint8_t sharedSecret[64] = {0};
            mbedtls_ecp_point Qp;
            mbedtls_ecp_point_init(&Qp);
            mbedtls_mpi_lset(&Qp.Z, 1);
@ -461,13 +471,13 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
                mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
                CBOR_ERROR(CTAP2_ERR_EXTENSION_FIRST);
            }
-            uint8_t salt_dec[64], poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE;
+            uint8_t salt_dec[64] = {0}, poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE;
            ret = decrypt((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, (uint16_t)salt_enc.len, salt_dec);
            if (ret != 0) {
                mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
            }
-            uint8_t cred_random[64], *crd = NULL;
+            uint8_t cred_random[64] = {0}, *crd = NULL;
            ret = credential_derive_hmac_key(selcred->id.data, selcred->id.len, cred_random);
            if (ret != 0) {
                mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
@ -479,7 +489,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
            else {
                crd = cred_random;
            }
-            uint8_t out1[64], hmac_res[80];
+            uint8_t out1[64] = {0}, hmac_res[80] = {0};
            mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec, 32, out1);
            if ((uint8_t)salt_enc.len == 64 + poff) {
                mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec + 32, 32, out1 + 32);
@ -519,7 +529,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    }

    memcpy(pa, clientDataHash.data, clientDataHash.len);
-    uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
+    uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0};
    const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    mbedtls_ecdsa_context ekey;
    mbedtls_ecdsa_init(&ekey);
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@ -162,7 +162,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    CBOR_PARSE_MAP_END(map, 1);

    uint8_t flags = FIDO2_AUT_FLAG_AT;
-    uint8_t rp_id_hash[32];
+    uint8_t rp_id_hash[32] = {0};
    mbedtls_sha256((uint8_t *) rp.id.data, rp.id.len, rp_id_hash, 0);

    if (pinUvAuthParam.present == true) {
@ -320,7 +320,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {

    const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash);

-    uint8_t cred_id[MAX_CRED_ID_LENGTH];
+    uint8_t cred_id[MAX_CRED_ID_LENGTH] = {0};
    size_t cred_id_len = 0;

    CBOR_CHECK(credential_create(&rp.id, &user.id, &user.parent.name, &user.displayName, &options,
@ -331,7 +331,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
        flags |= FIDO2_AUT_FLAG_UV;
    }
    size_t ext_len = 0;
-    uint8_t ext[512];
+    uint8_t ext[512] = {0};
    CborEncoder encoder, mapEncoder, mapEncoder2;
    if (extensions.present == true) {
        cbor_encoder_init(&encoder, ext, sizeof(ext), 0);
@ -400,7 +400,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    }
    size_t olen = 0;
    uint32_t ctr = get_sign_counter();
-    uint8_t cbor_buf[1024];
+    uint8_t cbor_buf[1024] = {0};
    cbor_encoder_init(&encoder, cbor_buf, sizeof(cbor_buf), 0);
    CBOR_CHECK(COSE_key(&ekey, &encoder, &mapEncoder));
    size_t rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf);
@ -426,7 +426,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    }

    memcpy(pa, clientDataHash.data, clientDataHash.len);
-    uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
+    uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0};
    const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
@ -447,7 +447,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL);
    mbedtls_ecdsa_free(&ekey);

-    uint8_t largeBlobKey[32];
+    uint8_t largeBlobKey[32] = {0};
    if (extensions.largeBlobKey == ptrue && options.rk == ptrue) {
        ret = credential_derive_large_blob_key(cred_id, cred_id_len, largeBlobKey);
        if (ret != 0) {
--- a/src/fido/ctap2_cbor.h
+++ b/src/fido/ctap2_cbor.h
@ -159,7 +159,7 @@ typedef struct CborCharString {

 #define CBOR_FIELD_GET_KEY_TEXT(_n) \
    CBOR_ASSERT(cbor_value_is_text_string(&(_f##_n)) == true); \
-    char _fd##_n[64]; \
+    char _fd##_n[64] = {0}; \
    size_t _fdl##_n = sizeof(_fd##_n); \
    CBOR_CHECK(cbor_value_copy_text_string(&(_f##_n), _fd##_n, &_fdl##_n, &(_f##_n)))

--- a/tests/pico-fido/test_020_register.py
+++ b/tests/pico-fido/test_020_register.py
@ -20,6 +20,8 @@

 from fido2.client import CtapError
 from fido2.cose import ES256, ES384, ES512
+import fido2.features
+fido2.features.webauthn_json_mapping.enabled = False
 from utils import ES256K
 import pytest

--- a/tests/pico-fido/test_035_hmac_secret.py
+++ b/tests/pico-fido/test_035_hmac_secret.py
@ -69,12 +69,12 @@ def test_hmac_secret_entropy(device, MCHmacSecret, hmac, salts

    #print(shannon_entropy(auth.authenticator_data.extensions['hmac-secret']))
    if len(salts) == 1:
-        assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 4.6
-        assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.6
+        assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 4.5
+        assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.5
    if len(salts) == 2:
        assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 5.4
-        assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.6
-        assert shannon_entropy(ext["hmacGetSecret"]['output2']) > 4.6
+        assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.5
+        assert shannon_entropy(ext["hmacGetSecret"]['output2']) > 4.5

 def get_output(device, MCHmacSecret, hmac, salts):
    hout = {'salt1':salts[0]}
--- a/tests/pico-fido/test_055_hid.py
+++ b/tests/pico-fido/test_055_hid.py
@ -196,16 +196,13 @@ class TestHID(object):

        device.set_cid(cid2)  # send ping on 2nd channel
        device.send_raw("\x81\x00\x39")
-        time.sleep(0.1)
-        device.send_raw("\x00")
-
        cmd, r = device.recv_raw()  # busy response
+        time.sleep(0.1)
+

        device.set_cid(cid1)  # finish 1st channel ping
        device.send_raw("\x00")

-        device.set_cid(cid2)
-
        assert cmd == 0xBF
        assert r[0] == CtapError.ERR.CHANNEL_BUSY

@ -213,9 +210,11 @@ class TestHID(object):
        cmd, r = device.recv_raw()  # ping response
        assert cmd == 0x81
        assert len(r) == 0x39
+        cmd, r = device.recv_raw()  # ping response

    def test_cid_0(self, device):
        device.reset()
+        time.sleep(0.1)
        device.set_cid(b"\x00\x00\x00\x00")
        device.send_raw(
            "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00"
Author	SHA1	Message	Date
zxkmm	a60a7f10c5	Merge `69e250921f` into `02556fcde1`	2024-08-26 16:30:14 +02:00
Pol Henarejos	02556fcde1	Fix buffer initialization. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-08-25 20:21:43 +02:00
Pol Henarejos	f234b0dc26	Fix emulation run Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-08-25 01:31:19 +02:00
Pol Henarejos	8ba9116454	Fix test Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-08-25 01:30:54 +02:00
Pol Henarejos	5a31405244	Improving tests Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-08-25 00:10:23 +02:00
zxkmm	69e250921f	gitignore	2024-03-27 11:16:56 +08:00
zxkmm	037dee3891	build script	2024-03-27 11:16:02 +08:00
zxkmm	0701c0841e	gitkeep	2024-03-27 11:13:15 +08:00
zxkmm	c6c4b24910	submodule	2024-03-27 11:12:02 +08:00
				`@ -0,0 +1 @@`
				`Subproject commit 6a7db34ff63345a7badec79ebea3aaef1712f374`