Arduino/pico-fido
1
0
Fork 1
mirror of https://github.com/polhenarejos/pico-fido.git synced 2025-12-19 02:48:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

More fixes.

Browse Source
This commit is contained in:
Pol Henarejos
2022-09-20 15:07:48 +02:00
parent a3c60f762d
commit 3dc7af05c1
4 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/fido/cbor.c
View File

@@ -34,7 +34,7 @@ size_t cbor_len = 0;
int cbor_parse(const uint8_t *data, size_t len) {
if (len == 0)
return -CTAP1_ERR_INVALID_LEN;
return CTAP1_ERR_INVALID_LEN;
driver_prepare_response();
if (data[0] == CTAP_MAKE_CREDENTIAL)
return cbor_make_credential(data + 1, len - 1);
@@ -44,7 +44,7 @@ int cbor_parse(const uint8_t *data, size_t len) {
return cbor_reset();
else if (data[0] == CTAP_CLIENT_PIN)
return cbor_client_pin(data + 1, len - 1);
return -CTAP2_ERR_INVALID_CBOR;
return CTAP2_ERR_INVALID_CBOR;
}
void cbor_thread() {

3
src/fido/cbor_client_pin.c
View File

@@ -472,6 +472,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
uint8_t retries = *file_get_data(ef_pin) - 1;
flash_write_data_to_file(ef_pin, &retries, 1);
uint8_t paddedNewPin[64];
ret = decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin);
if (ret != 0) {
@@ -485,7 +486,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if (retries == 0) {
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
}
if (++new_pin_mismatches == 3) {
if (++new_pin_mismatches >= 3) {
needs_power_cycle = true;
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_BLOCKED);
}

14
src/fido/cbor_make_credential.c
View File

@@ -161,7 +161,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
uint8_t rp_id_hash[32];
mbedtls_sha256((uint8_t *)rp.id.data, rp.id.len, rp_id_hash, 0);
printf("IEEEEEE 1\n");
int curve = -1, alg = 0;
if (pubKeyCredParams_len == 0)
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
@@ -196,7 +196,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
if (!file_has_data(ef_pin))
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
else
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
else {
if (pinUvAuthProtocol == 0)
@@ -230,7 +230,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
//Check pinUvAuthToken permissions. See 6.1.2.11
}
printf("IEEEEEE 2\n");
for (int e = 0; e < excludeList_len; e++) { //12.1
if (excludeList[e].type.present == false || excludeList[e].id.present == false)
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
@@ -298,7 +298,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
mbedtls_curve = MBEDTLS_ECP_DP_CURVE448;
else
CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_ALGORITHM);
printf("IEEEEEE 3\n");
mbedtls_ecdsa_context ekey;
mbedtls_ecdsa_init(&ekey);
uint8_t key_path[KEY_PATH_LEN];
@@ -362,7 +362,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf);
printf("IEEEEEE 4\n");
size_t aut_data_len = 32 + 1 + 4 + (16 + 2 + cred_id_len + rs) + ext_len;
aut_data = (uint8_t *)calloc(1, aut_data_len + clientDataHash.len);
uint8_t *pa = aut_data;
@@ -395,7 +395,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
}
ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen, NULL);
mbedtls_ecdsa_free(&ekey);
printf("IEEEEEE 5\n");
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 3));
@@ -421,7 +421,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
printf("IEEEEEE 6\n");
err:
CBOR_FREE_BYTE_STRING(clientDataHash);
CBOR_FREE_BYTE_STRING(pinUvAuthParam);

2
src/fido/fido.h
View File

@@ -63,7 +63,7 @@ extern void init_fido();
#define FIDO2_PERMISSION_LBW 0x10
#define FIDO2_PERMISSION_ACFG 0x20
#define MAX_PIN_RETRIES 3
#define MAX_PIN_RETRIES 8
extern bool getUserVerifiedFlagValue();
typedef struct known_app {