Arduino/pico-fido
1
0
Fork 1
mirror of https://github.com/polhenarejos/pico-fido.git synced 2025-12-19 10:54:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix signature computation for algorithms ES384 and ES512.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-08-16 12:39:53 +02:00
parent 8ffd1bfe38
commit ce040a79f5
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/fido/cbor_get_assertion.c
View File

@@ -574,16 +574,23 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
} }
memcpy(pa, clientDataHash.data, clientDataHash.len); memcpy(pa, clientDataHash.data, clientDataHash.len);
uint8_t hash[32], sig[MBEDTLS_ECDSA_MAX_LEN]; uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
}
else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) {
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
}
ret = mbedtls_md(md,
aut_data, aut_data,
aut_data_len + clientDataHash.len, aut_data_len + clientDataHash.len,
hash); hash);
size_t olen = 0; size_t olen = 0;
ret = mbedtls_ecdsa_write_signature(&ekey, ret = mbedtls_ecdsa_write_signature(&ekey,
MBEDTLS_MD_SHA256, mbedtls_md_get_type(md),
hash, hash,
32, mbedtls_md_get_size(md),
sig, sig,
sizeof(sig), sizeof(sig),
&olen, &olen,

16
src/fido/cbor_make_credential.c
View File

@@ -424,8 +424,15 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
} }
memcpy(pa, clientDataHash.data, clientDataHash.len); memcpy(pa, clientDataHash.data, clientDataHash.len);
uint8_t hash[32], sig[MBEDTLS_ECDSA_MAX_LEN]; uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
}
else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) {
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
}
ret = mbedtls_md(md,
aut_data, aut_data,
aut_data_len + clientDataHash.len, aut_data_len + clientDataHash.len,
hash); hash);
@@ -435,12 +442,13 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
mbedtls_ecdsa_free(&ekey); mbedtls_ecdsa_free(&ekey);
mbedtls_ecdsa_init(&ekey); mbedtls_ecdsa_init(&ekey);
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32); ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32);
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
self_attestation = false; self_attestation = false;
} }
ret = mbedtls_ecdsa_write_signature(&ekey, ret = mbedtls_ecdsa_write_signature(&ekey,
MBEDTLS_MD_SHA256, mbedtls_md_get_type(md),
hash, hash,
32, mbedtls_md_get_size(md),
sig, sig,
sizeof(sig), sizeof(sig),
&olen, &olen,