mirror of
https://github.com/polhenarejos/pico-fido.git
synced 2025-12-18 09:30:04 +08:00
More fixes.
This commit is contained in:
Pol Henarejos
@@ -34,7 +34,7 @@ size_t cbor_len = 0;
|
||||
|
||||
int cbor_parse(const uint8_t *data, size_t len) {
|
||||
if (len == 0)
|
||||
return -CTAP1_ERR_INVALID_LEN;
|
||||
return CTAP1_ERR_INVALID_LEN;
|
||||
driver_prepare_response();
|
||||
if (data[0] == CTAP_MAKE_CREDENTIAL)
|
||||
return cbor_make_credential(data + 1, len - 1);
|
||||
@@ -44,7 +44,7 @@ int cbor_parse(const uint8_t *data, size_t len) {
|
||||
return cbor_reset();
|
||||
else if (data[0] == CTAP_CLIENT_PIN)
|
||||
return cbor_client_pin(data + 1, len - 1);
|
||||
return -CTAP2_ERR_INVALID_CBOR;
|
||||
return CTAP2_ERR_INVALID_CBOR;
|
||||
}
|
||||
|
||||
void cbor_thread() {
|
||||
|
||||
@@ -472,6 +472,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||
}
|
||||
uint8_t retries = *file_get_data(ef_pin) - 1;
|
||||
flash_write_data_to_file(ef_pin, &retries, 1);
|
||||
uint8_t paddedNewPin[64];
|
||||
ret = decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin);
|
||||
if (ret != 0) {
|
||||
@@ -485,7 +486,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
||||
if (retries == 0) {
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
|
||||
}
|
||||
if (++new_pin_mismatches == 3) {
|
||||
if (++new_pin_mismatches >= 3) {
|
||||
needs_power_cycle = true;
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_BLOCKED);
|
||||
}
|
||||
|
||||
@@ -161,7 +161,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
|
||||
uint8_t rp_id_hash[32];
|
||||
mbedtls_sha256((uint8_t *)rp.id.data, rp.id.len, rp_id_hash, 0);
|
||||
printf("IEEEEEE 1\n");
|
||||
|
||||
int curve = -1, alg = 0;
|
||||
if (pubKeyCredParams_len == 0)
|
||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||
@@ -196,7 +196,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
if (!file_has_data(ef_pin))
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
||||
else
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||
}
|
||||
else {
|
||||
if (pinUvAuthProtocol == 0)
|
||||
@@ -230,7 +230,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||
//Check pinUvAuthToken permissions. See 6.1.2.11
|
||||
}
|
||||
printf("IEEEEEE 2\n");
|
||||
|
||||
for (int e = 0; e < excludeList_len; e++) { //12.1
|
||||
if (excludeList[e].type.present == false || excludeList[e].id.present == false)
|
||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||
@@ -298,7 +298,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
mbedtls_curve = MBEDTLS_ECP_DP_CURVE448;
|
||||
else
|
||||
CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_ALGORITHM);
|
||||
printf("IEEEEEE 3\n");
|
||||
|
||||
mbedtls_ecdsa_context ekey;
|
||||
mbedtls_ecdsa_init(&ekey);
|
||||
uint8_t key_path[KEY_PATH_LEN];
|
||||
@@ -362,7 +362,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
|
||||
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
||||
rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf);
|
||||
printf("IEEEEEE 4\n");
|
||||
|
||||
size_t aut_data_len = 32 + 1 + 4 + (16 + 2 + cred_id_len + rs) + ext_len;
|
||||
aut_data = (uint8_t *)calloc(1, aut_data_len + clientDataHash.len);
|
||||
uint8_t *pa = aut_data;
|
||||
@@ -395,7 +395,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
}
|
||||
ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen, NULL);
|
||||
mbedtls_ecdsa_free(&ekey);
|
||||
printf("IEEEEEE 5\n");
|
||||
|
||||
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
|
||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 3));
|
||||
|
||||
@@ -421,7 +421,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
||||
|
||||
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
||||
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
|
||||
printf("IEEEEEE 6\n");
|
||||
|
||||
err:
|
||||
CBOR_FREE_BYTE_STRING(clientDataHash);
|
||||
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
|
||||
|
||||
@@ -63,7 +63,7 @@ extern void init_fido();
|
||||
#define FIDO2_PERMISSION_LBW 0x10
|
||||
#define FIDO2_PERMISSION_ACFG 0x20
|
||||
|
||||
#define MAX_PIN_RETRIES 3
|
||||
#define MAX_PIN_RETRIES 8
|
||||
extern bool getUserVerifiedFlagValue();
|
||||
|
||||
typedef struct known_app {
|
||||
|
||||
Reference in New Issue
Block a user