From 75073d0a8478441cc97a6efa10b566c5fb1dac81 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 17 Apr 2020 20:57:17 +0100 Subject: New upstream version 1.4.0 --- src/pin.c | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 112 insertions(+), 14 deletions(-) (limited to 'src/pin.c') diff --git a/src/pin.c b/src/pin.c index 1ed555c..36acbe4 100644 --- a/src/pin.c +++ b/src/pin.c @@ -5,6 +5,7 @@ */ #include + #include "fido.h" #include "fido/es256.h" @@ -23,6 +24,14 @@ parse_pintoken(const cbor_item_t *key, const cbor_item_t *val, void *arg) return (fido_blob_decode(val, token)); } +#ifdef FIDO_UVTOKEN +static int +parse_uvtoken(const cbor_item_t *key, const cbor_item_t *val, void *arg) +{ + return (parse_pintoken(key, val, arg)); +} +#endif /* FIDO_UVTOKEN */ + static int fido_dev_get_pin_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, const es256_pk_t *pk) @@ -51,8 +60,8 @@ fido_dev_get_pin_token_tx(fido_dev_t *dev, const char *pin, goto fail; } - if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 || - fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -67,13 +76,47 @@ fail: return (r); } +#ifdef FIDO_UVTOKEN +static int +fido_dev_get_uv_token_tx(fido_dev_t *dev, const es256_pk_t *pk) +{ + fido_blob_t f; + cbor_item_t *argv[3]; + int r; + + memset(&f, 0, sizeof(f)); + memset(argv, 0, sizeof(argv)); + + if ((argv[0] = cbor_build_uint8(1)) == NULL || + (argv[1] = cbor_build_uint8(6)) == NULL || + (argv[2] = es256_pk_encode(pk, 0)) == NULL) { + fido_log_debug("%s: cbor encode", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + + if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_log_debug("%s: fido_tx", __func__); + r = FIDO_ERR_TX; + goto fail; + } + + r = FIDO_OK; +fail: + cbor_vector_free(argv, nitems(argv)); + free(f.ptr); + + return (r); +} +#endif /* FIDO_UVTOKEN */ + static int fido_dev_get_pin_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh, fido_blob_t *token, int ms) { - const uint8_t cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR; fido_blob_t *aes_token = NULL; - unsigned char reply[2048]; + unsigned char reply[FIDO_MAXMSG]; int reply_len; int r; @@ -82,7 +125,8 @@ fido_dev_get_pin_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh, goto fail; } - if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) { + if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply), + ms)) < 0) { fido_log_debug("%s: fido_rx", __func__); r = FIDO_ERR_RX; goto fail; @@ -107,15 +151,69 @@ fail: return (r); } +#ifdef FIDO_UVTOKEN +static int +fido_dev_get_uv_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh, + fido_blob_t *token, int ms) +{ + fido_blob_t *aes_token = NULL; + unsigned char reply[FIDO_MAXMSG]; + int reply_len; + int r; + + if ((aes_token = fido_blob_new()) == NULL) { + r = FIDO_ERR_INTERNAL; + goto fail; + } + + if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply), + ms)) < 0) { + fido_log_debug("%s: fido_rx", __func__); + r = FIDO_ERR_RX; + goto fail; + } + + if ((r = cbor_parse_reply(reply, (size_t)reply_len, aes_token, + parse_uvtoken)) != FIDO_OK) { + fido_log_debug("%s: parse_uvtoken", __func__); + goto fail; + } + + if (aes256_cbc_dec(ecdh, aes_token, token) < 0) { + fido_log_debug("%s: aes256_cbc_dec", __func__); + r = FIDO_ERR_RX; + goto fail; + } + + r = FIDO_OK; +fail: + fido_blob_free(&aes_token); + + return (r); +} +#endif /* FIDO_UVTOKEN */ + static int fido_dev_get_pin_token_wait(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, const es256_pk_t *pk, fido_blob_t *token, int ms) { int r; +#ifdef FIDO_UVTOKEN + if (getenv("FIDO_UVTOKEN") != NULL) { + if ((r = fido_dev_get_uv_token_tx(dev, pk)) != FIDO_OK || + (r = fido_dev_get_uv_token_rx(dev, ecdh, token, ms)) != FIDO_OK) + return (r); + } else { + if ((r = fido_dev_get_pin_token_tx(dev, pin, ecdh, pk)) != FIDO_OK || + (r = fido_dev_get_pin_token_rx(dev, ecdh, token, ms)) != FIDO_OK) + return (r); + } +#else if ((r = fido_dev_get_pin_token_tx(dev, pin, ecdh, pk)) != FIDO_OK || (r = fido_dev_get_pin_token_rx(dev, ecdh, token, ms)) != FIDO_OK) return (r); +#endif return (FIDO_OK); } @@ -196,8 +294,8 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin) goto fail; } - if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 || - fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -249,8 +347,8 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin) goto fail; } - if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 5, &f) < 0 || - fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -338,8 +436,8 @@ fido_dev_get_retry_count_tx(fido_dev_t *dev) goto fail; } - if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 2, &f) < 0 || - fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -356,14 +454,14 @@ fail: static int fido_dev_get_retry_count_rx(fido_dev_t *dev, int *retries, int ms) { - const uint8_t cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR; - unsigned char reply[512]; + unsigned char reply[FIDO_MAXMSG]; int reply_len; int r; *retries = 0; - if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) { + if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply), + ms)) < 0) { fido_log_debug("%s: fido_rx", __func__); return (FIDO_ERR_RX); } -- cgit v1.2.3