/home/pedro/projects/libfido2/fuzz/uniform_random.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <stdint.h>
#include <stdlib.h>

uint32_t uniform_random(uint32_t);

/*
 * Calculate a uniformly distributed random number less than upper_bound
 * avoiding "modulo bias".
 *
 * Uniformity is achieved by generating new random numbers until the one
 * returned is outside the range [0, 2**32 % upper_bound).  This
 * guarantees the selected random number will be inside
 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
 * after reduction modulo upper_bound.
 */
uint32_t
uniform_random(uint32_t upper_bound)
{
        uint32_t r, min;

        if (upper_bound < 2)
                return 0;

        /* 2**32 % x == (2**32 - x) % x */
        min = -upper_bound % upper_bound;

        /*
         * This could theoretically loop forever but each retry has
         * p > 0.5 (worst case, usually far better) of selecting a
         * number inside the range we need, so it should rarely need
         * to re-roll.
         */
        for (;;) {
                r = (uint32_t)random();
                if (r >= min)
                        break;
        }

        return r % upper_bound;
}

/home/pedro/projects/libfido2/fuzz/wrap.c

Source
/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

#include <cbor.h>
#include <fido.h>

#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

#include "mutator_aux.h"

/*
 * Build wrappers around functions of interest, and have them fail
 * in a pseudo-random manner.
 */

#define WRAP(type, name, args, retval, param, prob)     \
extern type __wrap_##name args;                         \
extern type __real_##name args;                         \
type __wrap_##name args {                               \
        if (uniform_random(400) < (prob)) {               \
                return (retval);                        \
        }                                                \
                                                        \
        return (__real_##name param);                       \
}

WRAP(void *,
        malloc,
        (size_t size),
        NULL,
        (size),
        1
)

WRAP(void *,
        calloc,
        (size_t nmemb, size_t size),
        NULL,
        (nmemb, size),
        1
)

WRAP(char *,
        strdup,
        (const char *s),
        NULL,
        (s),
        1
)

WRAP(EVP_CIPHER_CTX *,
        EVP_CIPHER_CTX_new,
        (void),
        NULL,
        (),
        1
)

WRAP(int, EVP_EncryptInit_ex,
        (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl,
            const unsigned char *key, const unsigned char *iv),
        0,
        (ctx, type, impl, key, iv),
        1
)

WRAP(int,
        EVP_CIPHER_CTX_set_padding,
        (EVP_CIPHER_CTX *x, int padding),
        0,
        (x, padding),
        1
)

WRAP(int,
        EVP_EncryptUpdate,
        (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
            const unsigned char *in, int inl),
        0,
        (ctx, out, outl, in, inl),
        1
)

WRAP(int,
        EVP_DecryptInit_ex,
        (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl,
            const unsigned char *key, const unsigned char *iv),
        0,
        (ctx, type, impl, key, iv),
        1
)

WRAP(int,
        EVP_DecryptUpdate,
        (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
            const unsigned char *in, int inl),
        0,
        (ctx, out, outl, in, inl),
        1
)

WRAP(int,
        SHA256_Init,
        (SHA256_CTX *c),
        0,
        (c),
        1
)

WRAP(int,
        SHA256_Update,
        (SHA256_CTX *c, const void *data, size_t len),
        0,
        (c, data, len),
        1
)

WRAP(int,
        SHA256_Final,
        (unsigned char *md, SHA256_CTX *c),
        0,
        (md, c),
        1
)

WRAP(RSA *,
        EVP_PKEY_get0_RSA,
        (EVP_PKEY *pkey),
        NULL,
        (pkey),
        1
)

WRAP(EVP_MD_CTX *,
        EVP_MD_CTX_new,
        (void),
        NULL,
        (),
        1
)

WRAP(int,
        EVP_DigestVerifyInit,
        (EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e,
            EVP_PKEY *pkey),
        0,
        (ctx, pctx, type, e, pkey),
        1
)

WRAP(BIGNUM *,
        BN_bin2bn,
        (const unsigned char *s, int len, BIGNUM *ret),
        NULL,
        (s, len, ret),
        1
)

WRAP(BIGNUM *,
        BN_CTX_get,
        (BN_CTX *ctx),
        NULL,
        (ctx),
        1
)

WRAP(BN_CTX *,
        BN_CTX_new,
        (void),
        NULL,
        (),
        1
)

WRAP(BIGNUM *,
        BN_new,
        (void),
        NULL,
        (),
        1
)

WRAP(int,
        RSA_set0_key,
        (RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d),
        0,
        (r, n, e, d),
        1
)

WRAP(EC_KEY *,
        EC_KEY_new_by_curve_name,
        (int nid),
        NULL,
        (nid),
        1
)

WRAP(const EC_GROUP *,
        EC_KEY_get0_group,
        (const EC_KEY *key),
        NULL,
        (key),
        1
)

WRAP(EC_POINT *,
        EC_POINT_new,
        (const EC_GROUP *group),
        NULL,
        (group),
        1
)

WRAP(EVP_PKEY *,
        EVP_PKEY_new,
        (void),
        NULL,
        (),
        1
)

WRAP(int,
        EVP_PKEY_assign,
        (EVP_PKEY *pkey, int type, void *key),
        0,
        (pkey, type, key),
        1
)

WRAP(EVP_PKEY *,
        EVP_PKEY_new_raw_public_key,
        (int type, ENGINE *e, const unsigned char *key, size_t keylen),
        NULL,
        (type, e, key, keylen),
        1
)

WRAP(EVP_PKEY_CTX *,
        EVP_PKEY_CTX_new,
        (EVP_PKEY *pkey, ENGINE *e),
        NULL,
        (pkey, e),
        1
)

WRAP(int,
        EVP_PKEY_derive_init,
        (EVP_PKEY_CTX *ctx),
        0,
        (ctx),
        1
)

WRAP(int,
        EVP_PKEY_derive_set_peer,
        (EVP_PKEY_CTX *ctx, EVP_PKEY *peer),
        0,
        (ctx, peer),
        1
)

WRAP(const EVP_MD *,
        EVP_sha256,
        (void),
        NULL,
        (),
        1
)

WRAP(unsigned char *,
        HMAC,
        (const EVP_MD *evp_md, const void *key, int key_len,
            const unsigned char *d, int n, unsigned char *md,
            unsigned int *md_len),
        NULL,
        (evp_md, key, key_len, d, n, md, md_len),
        1
)

WRAP(HMAC_CTX *,
        HMAC_CTX_new,
        (void),
        NULL,
        (),
        1
)

WRAP(int,
        HMAC_Init_ex,
        (HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md,
            ENGINE *impl),
        0,
        (ctx, key, key_len, md, impl),
        1
)

WRAP(int,
        HMAC_Update,
        (HMAC_CTX *ctx, const unsigned char *data, int len),
        0,
        (ctx, data, len),
        1
)

WRAP(int,
        HMAC_Final,
        (HMAC_CTX *ctx, unsigned char *md, unsigned int *len),
        0,
        (ctx, md, len),
        1
)

WRAP(unsigned char *,
        SHA256,
        (const unsigned char *d, size_t n, unsigned char *md),
        NULL,
        (d, n, md),
        1
)

WRAP(cbor_item_t *,
        cbor_build_string,
        (const char *val),
        NULL,
        (val),
        1
)

WRAP(cbor_item_t *,
        cbor_build_bytestring,
        (cbor_data handle, size_t length),
        NULL,
        (handle, length),
        1
)

WRAP(cbor_item_t *,
        cbor_load,
        (cbor_data source, size_t source_size, struct cbor_load_result *result),
        NULL,
        (source, source_size, result),
        1
)

WRAP(cbor_item_t *,
        cbor_build_uint8,
        (uint8_t value),
        NULL,
        (value),
        1
)

WRAP(struct cbor_pair *,
        cbor_map_handle,
        (const cbor_item_t *item),
        NULL,
        (item),
        1
)

WRAP(cbor_item_t **,
        cbor_array_handle,
        (const cbor_item_t *item),
        NULL,
        (item),
        1
)

WRAP(bool,
        cbor_map_add,
        (cbor_item_t *item, struct cbor_pair pair),
        false,
        (item, pair),
        1
)

WRAP(cbor_item_t *,
        cbor_new_definite_map,
        (size_t size),
        NULL,
        (size),
        1
)

WRAP(size_t,
        cbor_serialize_alloc,
        (const cbor_item_t *item, cbor_mutable_data *buffer,
            size_t *buffer_size),
        0,
        (item, buffer, buffer_size),
        1
)

WRAP(int,
        fido_tx,
        (fido_dev_t *d, uint8_t cmd, const void *buf, size_t count),
        -1,
        (d, cmd, buf, count),
        1
)

WRAP(int,
        usleep,
        (unsigned int usec),
        -1,
        (usec),
        1
)

/home/pedro/projects/libfido2/openbsd-compat/explicit_bzero.c

Source
/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
/*      $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
/*
 * Public domain.
 * Written by Ted Unangst
 */

#include "openbsd-compat.h"

#if !defined(HAVE_EXPLICIT_BZERO) && !defined(_WIN32)

#include <string.h>

/*
 * explicit_bzero - don't let the compiler optimize away bzero
 */

#ifdef HAVE_MEMSET_S

void
explicit_bzero(void *p, size_t n)
{
        if (n == 0)
                return;
        (void)memset_s(p, n, 0, n);
}

#else /* HAVE_MEMSET_S */

/*
 * Indirect bzero through a volatile pointer to hopefully avoid
 * dead-store optimisation eliminating the call.
 */
static void (* volatile ssh_bzero)(void *, size_t) = bzero;

void
explicit_bzero(void *p, size_t n)
{
        if (n == 0)
                return;
        /*
         * clang -fsanitize=memory needs to intercept memset-like functions
         * to correctly detect memory initialisation. Make sure one is called
         * directly since our indirection trick above successfully confuses it.
         */
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
        memset(p, 0, n);
# endif
#endif

        ssh_bzero(p, n);
}

#endif /* HAVE_MEMSET_S */

#endif /* !defined(HAVE_EXPLICIT_BZERO) && !defined(_WIN32) */

/home/pedro/projects/libfido2/openbsd-compat/recallocarray.c

Source (jump to first uncovered line)
/*      $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $  */
/*
 * Copyright (c) 2008, 2017 Otto Moerbeek <otto@drijf.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */

#include "openbsd-compat.h"

#if !defined(HAVE_RECALLOCARRAY)

#include <errno.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

/*
 * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
 */
#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))

void *
recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
{
        size_t oldsize, newsize;
        void *newptr;

        if (ptr == NULL)
                return calloc(newnmemb, size);

        if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
            newnmemb > 0 && SIZE_MAX / newnmemb < size) {
                errno = ENOMEM;
                return NULL;
        }
        newsize = newnmemb * size;

        if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
            oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
                errno = EINVAL;
                return NULL;
        }
        oldsize = oldnmemb * size;
        
        /*
         * Don't bother too much if we're shrinking just a bit,
         * we do not shrink for series of small steps, oh well.
         */
        if (newsize <= oldsize) {
                size_t d = oldsize - newsize;

                if (d < oldsize / 2 && d < (size_t)getpagesize()) {
                        memset((char *)ptr + newsize, 0, d);
                        return ptr;
                }
        }

        newptr = malloc(newsize);
        if (newptr == NULL)
                return NULL;

        if (newsize > oldsize) {
                memcpy(newptr, ptr, oldsize);
                memset((char *)newptr + oldsize, 0, newsize - oldsize);
        } else
                memcpy(newptr, ptr, newsize);

        explicit_bzero(ptr, oldsize);
        free(ptr);

        return newptr;
}
/* DEF_WEAK(recallocarray); */

#endif /* !defined(HAVE_RECALLOCARRAY) */

/home/pedro/projects/libfido2/openbsd-compat/timingsafe_bcmp.c

Source
/*      $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $     */
/*
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */

#include "openbsd-compat.h"

#if !defined(HAVE_TIMINGSAFE_BCMP)

int
timingsafe_bcmp(const void *b1, const void *b2, size_t n)
{
        const unsigned char *p1 = b1, *p2 = b2;
        int ret = 0;

        for (; n > 0; n--)
                ret |= *p1++ ^ *p2++;
        return (ret != 0);
}

#endif /* !defined(HAVE_TIMINGSAFE_BCMP) */

/home/pedro/projects/libfido2/src/aes256.c

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/evp.h>
#include <string.h>

#include "fido.h"

int
aes256_cbc_enc(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out)
{
        EVP_CIPHER_CTX  *ctx = NULL;
        unsigned char    iv[32];
        int              len;
        int              ok = -1;

        memset(iv, 0, sizeof(iv));
        out->ptr = NULL;
        out->len = 0;

        /* sanity check */
        if (in->len > INT_MAX || (in->len % 16) != 0 ||
            (out->ptr = calloc(1, in->len)) == NULL) {
                fido_log_debug("%s: in->len=%zu", __func__, in->len);
                goto fail;
        }

        if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 ||
            !EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) ||
            !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
            !EVP_EncryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) ||
            len < 0 || (size_t)len != in->len) {
                fido_log_debug("%s: EVP_Encrypt", __func__);
                goto fail;
        }

        out->len = (size_t)len;

        ok = 0;
fail:
        if (ctx != NULL)
                EVP_CIPHER_CTX_free(ctx);

        if (ok < 0) {
                free(out->ptr);
                out->ptr = NULL;
                out->len = 0;
        }

        return (ok);
}

int
aes256_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out)
{
        EVP_CIPHER_CTX  *ctx = NULL;
        unsigned char    iv[32];
        int              len;
        int              ok = -1;

        memset(iv, 0, sizeof(iv));
        out->ptr = NULL;
        out->len = 0;

        /* sanity check */
        if (in->len > INT_MAX || (in->len % 16) != 0 ||
            (out->ptr = calloc(1, in->len)) == NULL) {
                fido_log_debug("%s: in->len=%zu", __func__, in->len);
                goto fail;
        }

        if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 ||
            !EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) ||
            !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
            !EVP_DecryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) ||
            len < 0 || (size_t)len > in->len + 32) {
                fido_log_debug("%s: EVP_Decrypt", __func__);
                goto fail;
        }

        out->len = (size_t)len;

        ok = 0;
fail:
        if (ctx != NULL)
                EVP_CIPHER_CTX_free(ctx);

        if (ok < 0) {
                free(out->ptr);
                out->ptr = NULL;
                out->len = 0;
        }

        return (ok);
}

/home/pedro/projects/libfido2/src/assert.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

#include <string.h>
#include "fido.h"
#include "fido/es256.h"
#include "fido/rs256.h"
#include "fido/eddsa.h"

static int
adjust_assert_count(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_assert_t   *assert = arg;
        uint64_t         n;

        /* numberOfCredentials; see section 6.2 */
        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 5) {
                fido_log_debug("%s: cbor_type", __func__);
                return (0); /* ignore */
        }

        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
                fido_log_debug("%s: cbor_decode_uint64", __func__);
                return (-1);
        }

        if (assert->stmt_len != 0 || assert->stmt_cnt != 1 ||
            (size_t)n < assert->stmt_cnt) {
                fido_log_debug("%s: stmt_len=%zu, stmt_cnt=%zu, n=%zu",
                    __func__, assert->stmt_len, assert->stmt_cnt, (size_t)n);
                return (-1);
        }

        if (fido_assert_set_count(assert, (size_t)n) != FIDO_OK) {
                fido_log_debug("%s: fido_assert_set_count", __func__);
                return (-1);
        }

        assert->stmt_len = 0; /* XXX */

        return (0);
}

static int
parse_assert_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_assert_stmt *stmt = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 1: /* credential id */
                return (cbor_decode_cred_id(val, &stmt->id));
        case 2: /* authdata */
                return (cbor_decode_assert_authdata(val, &stmt->authdata_cbor,
                    &stmt->authdata, &stmt->authdata_ext,
                    &stmt->hmac_secret_enc));
        case 3: /* signature */
                return (fido_blob_decode(val, &stmt->sig));
        case 4: /* user attributes */
                return (cbor_decode_user(val, &stmt->user));
        default: /* ignore */
                fido_log_debug("%s: cbor type", __func__);
                return (0);
        }
}

static int
fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert,
    const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin)
{
        fido_blob_t      f;
        cbor_item_t     *argv[7];
        int              r;

        memset(argv, 0, sizeof(argv));
        memset(&f, 0, sizeof(f));

        /* do we have everything we need? */
        if (assert->rp_id == NULL || assert->cdh.ptr == NULL) {
                fido_log_debug("%s: rp_id=%p, cdh.ptr=%p", __func__,
                    (void *)assert->rp_id, (void *)assert->cdh.ptr);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((argv[0] = cbor_build_string(assert->rp_id)) == NULL ||
            (argv[1] = fido_blob_encode(&assert->cdh)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        /* allowed credentials */
        if (assert->allow_list.len) {
                const fido_blob_array_t *cl = &assert->allow_list;
                if ((argv[2] = cbor_encode_pubkey_list(cl)) == NULL) {
                        fido_log_debug("%s: cbor_encode_pubkey_list", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }
        }

        /* hmac-secret extension */
        if (assert->ext & FIDO_EXT_HMAC_SECRET)
                if ((argv[3] = cbor_encode_hmac_secret_param(ecdh, pk,
                    &assert->hmac_salt)) == NULL) {
                        fido_log_debug("%s: cbor_encode_hmac_secret_param",
                            __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

        /* options */
        if (assert->up != FIDO_OPT_OMIT || assert->uv != FIDO_OPT_OMIT)
                if ((argv[4] = cbor_encode_assert_options(assert->up,
                    assert->uv)) == NULL) {
                        fido_log_debug("%s: cbor_encode_assert_options",
                            __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

        /* pin authentication */
        if (pin) {
                if (pk == NULL || ecdh == NULL) {
                        fido_log_debug("%s: pin=%p, pk=%p, ecdh=%p", __func__,
                            (const void *)pin, (const void *)pk,
                            (const void *)ecdh);
                        r = FIDO_ERR_INVALID_ARGUMENT;
                        goto fail;
                }
                if ((r = cbor_add_pin_params(dev, &assert->cdh, pk, ecdh, pin,
                    &argv[5], &argv[6])) != FIDO_OK) {
                        fido_log_debug("%s: cbor_add_pin_params", __func__);
                        goto fail;
                }
        }

        /* frame and transmit */
        if (cbor_build_frame(CTAP_CBOR_ASSERT, argv, 7, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        free(f.ptr);

        return (r);
}

static int
fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        fido_assert_reset_rx(assert);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* start with room for a single assertion */
        if ((assert->stmt = calloc(1, sizeof(fido_assert_stmt))) == NULL)
                return (FIDO_ERR_INTERNAL);

        assert->stmt_len = 0;
        assert->stmt_cnt = 1;

        /* adjust as needed */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, assert,
            adjust_assert_count)) != FIDO_OK) {
                fido_log_debug("%s: adjust_assert_count", __func__);
                return (r);
        }

        /* parse the first assertion */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len,
            &assert->stmt[assert->stmt_len], parse_assert_reply)) != FIDO_OK) {
                fido_log_debug("%s: parse_assert_reply", __func__);
                return (r);
        }

        assert->stmt_len++;

        return (FIDO_OK);
}

static int
fido_get_next_assert_tx(fido_dev_t *dev)
{
        const unsigned char     cbor[] = { CTAP_CBOR_NEXT_ASSERT };
        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;

        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                return (FIDO_ERR_TX);
        }

        return (FIDO_OK);
}

static int
fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* sanity check */
        if (assert->stmt_len >= assert->stmt_cnt) {
                fido_log_debug("%s: stmt_len=%zu, stmt_cnt=%zu", __func__,
                    assert->stmt_len, assert->stmt_cnt);
                return (FIDO_ERR_INTERNAL);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len,
            &assert->stmt[assert->stmt_len], parse_assert_reply)) != FIDO_OK) {
                fido_log_debug("%s: parse_assert_reply", __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
fido_dev_get_assert_wait(fido_dev_t *dev, fido_assert_t *assert,
    const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int ms)
{
        int r;

        if ((r = fido_dev_get_assert_tx(dev, assert, pk, ecdh, pin)) != FIDO_OK ||
            (r = fido_dev_get_assert_rx(dev, assert, ms)) != FIDO_OK)
                return (r);

        while (assert->stmt_len < assert->stmt_cnt) {
                if ((r = fido_get_next_assert_tx(dev)) != FIDO_OK ||
                    (r = fido_get_next_assert_rx(dev, assert, ms)) != FIDO_OK)
                        return (r);
                assert->stmt_len++;
        }

        return (FIDO_OK);
}

static int
decrypt_hmac_secrets(fido_assert_t *assert, const fido_blob_t *key)
{
        for (size_t i = 0; i < assert->stmt_cnt; i++) {
                fido_assert_stmt *stmt = &assert->stmt[i];
                if (stmt->hmac_secret_enc.ptr != NULL) {
                        if (aes256_cbc_dec(key, &stmt->hmac_secret_enc,
                            &stmt->hmac_secret) < 0) {
                                fido_log_debug("%s: aes256_cbc_dec %zu",
                                    __func__, i);
                                return (-1);
                        }
                }
        }

        return (0);
}

int
fido_dev_get_assert(fido_dev_t *dev, fido_assert_t *assert, const char *pin)
{
        fido_blob_t     *ecdh = NULL;
        es256_pk_t      *pk = NULL;
        int              r;

        if (assert->rp_id == NULL || assert->cdh.ptr == NULL) {
                fido_log_debug("%s: rp_id=%p, cdh.ptr=%p", __func__,
                    (void *)assert->rp_id, (void *)assert->cdh.ptr);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        if (fido_dev_is_fido2(dev) == false) {
                if (pin != NULL || assert->ext != 0)
                        return (FIDO_ERR_UNSUPPORTED_OPTION);
                return (u2f_authenticate(dev, assert, -1));
        }

        if (pin != NULL || assert->ext != 0) {
                if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                        fido_log_debug("%s: fido_do_ecdh", __func__);
                        goto fail;
                }
        }
 
        r = fido_dev_get_assert_wait(dev, assert, pk, ecdh, pin, -1);
        if (r == FIDO_OK && assert->ext & FIDO_EXT_HMAC_SECRET)
                if (decrypt_hmac_secrets(assert, ecdh) < 0) {
                        fido_log_debug("%s: decrypt_hmac_secrets", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

fail:
        es256_pk_free(&pk);
        fido_blob_free(&ecdh);

        return (r);
}

int
fido_check_flags(uint8_t flags, fido_opt_t up, fido_opt_t uv)
{
        fido_log_debug("%s: flags=%02x", __func__, flags);
        fido_log_debug("%s: up=%d, uv=%d", __func__, up, uv);

        if (up == FIDO_OPT_TRUE &&
            (flags & CTAP_AUTHDATA_USER_PRESENT) == 0) {
                fido_log_debug("%s: CTAP_AUTHDATA_USER_PRESENT", __func__);
                return (-1); /* user not present */
        }

        if (uv == FIDO_OPT_TRUE &&
            (flags & CTAP_AUTHDATA_USER_VERIFIED) == 0) {
                fido_log_debug("%s: CTAP_AUTHDATA_USER_VERIFIED", __func__);
                return (-1); /* user not verified */
        }

        return (0);
}

static int
check_extensions(int authdata_ext, int ext)
{
        if (authdata_ext != ext) {
                fido_log_debug("%s: authdata_ext=0x%x != ext=0x%x", __func__,
                    authdata_ext, ext);
                return (-1);
        }

        return (0);
}

static int
get_signed_hash(int cose_alg, fido_blob_t *dgst, const fido_blob_t *clientdata,
    const fido_blob_t *authdata_cbor)
{
        cbor_item_t             *item = NULL;
        unsigned char           *authdata_ptr = NULL;
        size_t                   authdata_len;
        struct cbor_load_result  cbor;
        SHA256_CTX               ctx;
        int                      ok = -1;

        if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len,
            &cbor)) == NULL || cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false) {
                fido_log_debug("%s: authdata", __func__);
                goto fail;
        }

        authdata_ptr = cbor_bytestring_handle(item);
        authdata_len = cbor_bytestring_length(item);

        if (cose_alg != COSE_EDDSA) {
                if (dgst->len < SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
                    SHA256_Update(&ctx, authdata_ptr, authdata_len) == 0 ||
                    SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 ||
                    SHA256_Final(dgst->ptr, &ctx) == 0) {
                        fido_log_debug("%s: sha256", __func__);
                        goto fail;
                }
                dgst->len = SHA256_DIGEST_LENGTH;
        } else {
                if (SIZE_MAX - authdata_len < clientdata->len ||
                    dgst->len < authdata_len + clientdata->len) {
                        fido_log_debug("%s: memcpy", __func__);
                        goto fail;
                }
                memcpy(dgst->ptr, authdata_ptr, authdata_len);
                memcpy(dgst->ptr + authdata_len, clientdata->ptr,
                    clientdata->len);
                dgst->len = authdata_len + clientdata->len;
        }

        ok = 0;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (ok);
}

int
fido_verify_sig_es256(const fido_blob_t *dgst, const es256_pk_t *pk,
    const fido_blob_t *sig)
{
        EVP_PKEY        *pkey = NULL;
        EC_KEY          *ec = NULL;
        int              ok = -1;

        /* ECDSA_verify needs ints */
        if (dgst->len > INT_MAX || sig->len > INT_MAX) {
                fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__,
                    dgst->len, sig->len);
                return (-1);
        }

        if ((pkey = es256_pk_to_EVP_PKEY(pk)) == NULL ||
            (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
                fido_log_debug("%s: pk -> ec", __func__);
                goto fail;
        }

        if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr,
            (int)sig->len, ec) != 1) {
                fido_log_debug("%s: ECDSA_verify", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pkey != NULL)
                EVP_PKEY_free(pkey);

        return (ok);
}

int
fido_verify_sig_rs256(const fido_blob_t *dgst, const rs256_pk_t *pk,
    const fido_blob_t *sig)
{
        EVP_PKEY        *pkey = NULL;
        RSA             *rsa = NULL;
        int              ok = -1;

        /* RSA_verify needs unsigned ints */
        if (dgst->len > UINT_MAX || sig->len > UINT_MAX) {
                fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__,
                    dgst->len, sig->len);
                return (-1);
        }

        if ((pkey = rs256_pk_to_EVP_PKEY(pk)) == NULL ||
            (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
                fido_log_debug("%s: pk -> ec", __func__);
                goto fail;
        }

        if (RSA_verify(NID_sha256, dgst->ptr, (unsigned int)dgst->len, sig->ptr,
            (unsigned int)sig->len, rsa) != 1) {
                fido_log_debug("%s: RSA_verify", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pkey != NULL)
                EVP_PKEY_free(pkey);

        return (ok);
}

int
fido_verify_sig_eddsa(const fido_blob_t *dgst, const eddsa_pk_t *pk,
    const fido_blob_t *sig)
{
        EVP_PKEY        *pkey = NULL;
        EVP_MD_CTX      *mdctx = NULL;
        int              ok = -1;

        /* EVP_DigestVerify needs ints */
        if (dgst->len > INT_MAX || sig->len > INT_MAX) {
                fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__,
                    dgst->len, sig->len);
                return (-1);
        }

        if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL) {
                fido_log_debug("%s: pk -> pkey", __func__);
                goto fail;
        }

        if ((mdctx = EVP_MD_CTX_new()) == NULL) {
                fido_log_debug("%s: EVP_MD_CTX_new", __func__);
                goto fail;
        }

        if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) {
                fido_log_debug("%s: EVP_DigestVerifyInit", __func__);
                goto fail;
        }

        if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr,
            dgst->len) != 1) {
                fido_log_debug("%s: EVP_DigestVerify", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (mdctx != NULL)
                EVP_MD_CTX_free(mdctx);

        if (pkey != NULL)
                EVP_PKEY_free(pkey);

        return (ok);
}

int
fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg,
    const void *pk)
{
        unsigned char            buf[1024];
        fido_blob_t              dgst;
        const fido_assert_stmt  *stmt = NULL;
        int                      ok = -1;
        int                      r;

        dgst.ptr = buf;
        dgst.len = sizeof(buf);

        if (idx >= assert->stmt_len || pk == NULL) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto out;
        }

        stmt = &assert->stmt[idx];

        /* do we have everything we need? */
        if (assert->cdh.ptr == NULL || assert->rp_id == NULL ||
            stmt->authdata_cbor.ptr == NULL || stmt->sig.ptr == NULL) {
                fido_log_debug("%s: cdh=%p, rp_id=%s, authdata=%p, sig=%p",
                    __func__, (void *)assert->cdh.ptr, assert->rp_id,
                    (void *)stmt->authdata_cbor.ptr, (void *)stmt->sig.ptr);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto out;
        }

        if (fido_check_flags(stmt->authdata.flags, assert->up,
            assert->uv) < 0) {
                fido_log_debug("%s: fido_check_flags", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (check_extensions(stmt->authdata_ext, assert->ext) < 0) {
                fido_log_debug("%s: check_extensions", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (fido_check_rp_id(assert->rp_id, stmt->authdata.rp_id_hash) != 0) {
                fido_log_debug("%s: fido_check_rp_id", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (get_signed_hash(cose_alg, &dgst, &assert->cdh,
            &stmt->authdata_cbor) < 0) {
                fido_log_debug("%s: get_signed_hash", __func__);
                r = FIDO_ERR_INTERNAL;
                goto out;
        }

        switch (cose_alg) {
        case COSE_ES256:
                ok = fido_verify_sig_es256(&dgst, pk, &stmt->sig);
                break;
        case COSE_RS256:
                ok = fido_verify_sig_rs256(&dgst, pk, &stmt->sig);
                break;
        case COSE_EDDSA:
                ok = fido_verify_sig_eddsa(&dgst, pk, &stmt->sig);
                break;
        default:
                fido_log_debug("%s: unsupported cose_alg %d", __func__,
                    cose_alg);
                r = FIDO_ERR_UNSUPPORTED_OPTION;
                goto out;
        }

        if (ok < 0)
                r = FIDO_ERR_INVALID_SIG;
        else
                r = FIDO_OK;
out:
        explicit_bzero(buf, sizeof(buf));

        return (r);
}

int
fido_assert_set_clientdata_hash(fido_assert_t *assert,
    const unsigned char *hash, size_t hash_len)
{
        if (fido_blob_set(&assert->cdh, hash, hash_len) < 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (FIDO_OK);
}

int
fido_assert_set_hmac_salt(fido_assert_t *assert, const unsigned char *salt,
    size_t salt_len)
{
        if ((salt_len != 32 && salt_len != 64) ||
            fido_blob_set(&assert->hmac_salt, salt, salt_len) < 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (FIDO_OK);
}

int
fido_assert_set_rp(fido_assert_t *assert, const char *id)
{
        if (assert->rp_id != NULL) {
                free(assert->rp_id);
                assert->rp_id = NULL;
        }

        if (id == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if ((assert->rp_id = strdup(id)) == NULL)
                return (FIDO_ERR_INTERNAL);

        return (FIDO_OK);
}

int
fido_assert_allow_cred(fido_assert_t *assert, const unsigned char *ptr,
    size_t len)
{
        fido_blob_t      id;
        fido_blob_t     *list_ptr;
        int              r;

        memset(&id, 0, sizeof(id));

        if (assert->allow_list.len == SIZE_MAX) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if (fido_blob_set(&id, ptr, len) < 0 || (list_ptr =
            recallocarray(assert->allow_list.ptr, assert->allow_list.len,
            assert->allow_list.len + 1, sizeof(fido_blob_t))) == NULL) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        list_ptr[assert->allow_list.len++] = id;
        assert->allow_list.ptr = list_ptr;

        return (FIDO_OK);
fail:
        free(id.ptr);

        return (r);

}

int
fido_assert_set_extensions(fido_assert_t *assert, int ext)
{
        if (ext != 0 && ext != FIDO_EXT_HMAC_SECRET)
                return (FIDO_ERR_INVALID_ARGUMENT);

        assert->ext = ext;

        return (FIDO_OK);
}

int
fido_assert_set_options(fido_assert_t *assert, bool up, bool uv)
{
        assert->up = up ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
        assert->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;

        return (FIDO_OK);
}

int
fido_assert_set_up(fido_assert_t *assert, fido_opt_t up)
{
        assert->up = up;

        return (FIDO_OK);
}

int
fido_assert_set_uv(fido_assert_t *assert, fido_opt_t uv)
{
        assert->uv = uv;

        return (FIDO_OK);
}

const unsigned char *
fido_assert_clientdata_hash_ptr(const fido_assert_t *assert)
{
        return (assert->cdh.ptr);
}

size_t
fido_assert_clientdata_hash_len(const fido_assert_t *assert)
{
        return (assert->cdh.len);
}

fido_assert_t *
fido_assert_new(void)
{
        return (calloc(1, sizeof(fido_assert_t)));
}

void
fido_assert_reset_tx(fido_assert_t *assert)
{
        free(assert->rp_id);
        free(assert->cdh.ptr);
        free(assert->hmac_salt.ptr);
        fido_free_blob_array(&assert->allow_list);

        memset(&assert->cdh, 0, sizeof(assert->cdh));
        memset(&assert->hmac_salt, 0, sizeof(assert->hmac_salt));
        memset(&assert->allow_list, 0, sizeof(assert->allow_list));

        assert->rp_id = NULL;
        assert->up = FIDO_OPT_OMIT;
        assert->uv = FIDO_OPT_OMIT;
        assert->ext = 0;
}

void
fido_assert_reset_rx(fido_assert_t *assert)
{
        for (size_t i = 0; i < assert->stmt_cnt; i++) {
                free(assert->stmt[i].user.id.ptr);
                free(assert->stmt[i].user.icon);
                free(assert->stmt[i].user.name);
                free(assert->stmt[i].user.display_name);
                free(assert->stmt[i].id.ptr);
                if (assert->stmt[i].hmac_secret.ptr != NULL) {
                        explicit_bzero(assert->stmt[i].hmac_secret.ptr,
                            assert->stmt[i].hmac_secret.len);
                }
                free(assert->stmt[i].hmac_secret.ptr);
                free(assert->stmt[i].hmac_secret_enc.ptr);
                free(assert->stmt[i].authdata_cbor.ptr);
                free(assert->stmt[i].sig.ptr);
                memset(&assert->stmt[i], 0, sizeof(assert->stmt[i]));
        }

        free(assert->stmt);

        assert->stmt = NULL;
        assert->stmt_len = 0;
        assert->stmt_cnt = 0;
}

void
fido_assert_free(fido_assert_t **assert_p)
{
        fido_assert_t *assert;

        if (assert_p == NULL || (assert = *assert_p) == NULL)
                return;

        fido_assert_reset_tx(assert);
        fido_assert_reset_rx(assert);

        free(assert);

        *assert_p = NULL;
}

size_t
fido_assert_count(const fido_assert_t *assert)
{
        return (assert->stmt_len);
}

const char *
fido_assert_rp_id(const fido_assert_t *assert)
{
        return (assert->rp_id);
}

uint8_t
fido_assert_flags(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].authdata.flags);
}

uint32_t
fido_assert_sigcount(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].authdata.sigcount);
}

const unsigned char *
fido_assert_authdata_ptr(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].authdata_cbor.ptr);
}

size_t
fido_assert_authdata_len(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].authdata_cbor.len);
}

const unsigned char *
fido_assert_sig_ptr(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].sig.ptr);
}

size_t
fido_assert_sig_len(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].sig.len);
}

const unsigned char *
fido_assert_id_ptr(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].id.ptr);
}

size_t
fido_assert_id_len(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].id.len);
}

const unsigned char *
fido_assert_user_id_ptr(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].user.id.ptr);
}

size_t
fido_assert_user_id_len(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].user.id.len);
}

const char *
fido_assert_user_icon(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].user.icon);
}

const char *
fido_assert_user_name(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].user.name);
}

const char *
fido_assert_user_display_name(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].user.display_name);
}

const unsigned char *
fido_assert_hmac_secret_ptr(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (NULL);

        return (assert->stmt[idx].hmac_secret.ptr);
}

size_t
fido_assert_hmac_secret_len(const fido_assert_t *assert, size_t idx)
{
        if (idx >= assert->stmt_len)
                return (0);

        return (assert->stmt[idx].hmac_secret.len);
}

static void
fido_assert_clean_authdata(fido_assert_stmt *as)
{
        free(as->authdata_cbor.ptr);
        free(as->hmac_secret_enc.ptr);

        memset(&as->authdata_ext, 0, sizeof(as->authdata_ext));
        memset(&as->authdata_cbor, 0, sizeof(as->authdata_cbor));
        memset(&as->authdata, 0, sizeof(as->authdata));
        memset(&as->hmac_secret_enc, 0, sizeof(as->hmac_secret_enc));
}

int
fido_assert_set_authdata(fido_assert_t *assert, size_t idx,
    const unsigned char *ptr, size_t len)
{
        cbor_item_t             *item = NULL;
        fido_assert_stmt        *stmt = NULL;
        struct cbor_load_result  cbor;
        int                      r;

        if (idx >= assert->stmt_len || ptr == NULL || len == 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        stmt = &assert->stmt[idx];
        fido_assert_clean_authdata(stmt);

        if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if (cbor_decode_assert_authdata(item, &stmt->authdata_cbor,
            &stmt->authdata, &stmt->authdata_ext, &stmt->hmac_secret_enc) < 0) {
                fido_log_debug("%s: cbor_decode_assert_authdata", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (item != NULL)
                cbor_decref(&item);

        if (r != FIDO_OK)
                fido_assert_clean_authdata(stmt);

        return (r);
}

int
fido_assert_set_authdata_raw(fido_assert_t *assert, size_t idx,
    const unsigned char *ptr, size_t len)
{
        cbor_item_t             *item = NULL;
        fido_assert_stmt        *stmt = NULL;
        int                      r;

        if (idx >= assert->stmt_len || ptr == NULL || len == 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        stmt = &assert->stmt[idx];
        fido_assert_clean_authdata(stmt);

        if ((item = cbor_build_bytestring(ptr, len)) == NULL) {
                fido_log_debug("%s: cbor_build_bytestring", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_decode_assert_authdata(item, &stmt->authdata_cbor,
            &stmt->authdata, &stmt->authdata_ext, &stmt->hmac_secret_enc) < 0) {
                fido_log_debug("%s: cbor_decode_assert_authdata", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (item != NULL)
                cbor_decref(&item);

        if (r != FIDO_OK)
                fido_assert_clean_authdata(stmt);

        return (r);
}

static void
fido_assert_clean_sig(fido_assert_stmt *as)
{
        free(as->sig.ptr);
        as->sig.ptr = NULL;
        as->sig.len = 0;
}

int
fido_assert_set_sig(fido_assert_t *a, size_t idx, const unsigned char *ptr,
    size_t len)
{
        unsigned char *sig;

        if (idx >= a->stmt_len || ptr == NULL || len == 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        fido_assert_clean_sig(&a->stmt[idx]);

        if ((sig = malloc(len)) == NULL)
                return (FIDO_ERR_INTERNAL);

        memcpy(sig, ptr, len);
        a->stmt[idx].sig.ptr = sig;
        a->stmt[idx].sig.len = len;

        return (FIDO_OK);
}

/* XXX shrinking leaks memory; fortunately that shouldn't happen */
int
fido_assert_set_count(fido_assert_t *assert, size_t n)
{
        void *new_stmt;

#ifdef FIDO_FUZZ
        if (n > UINT8_MAX) {
                fido_log_debug("%s: n > UINT8_MAX", __func__);
                return (FIDO_ERR_INTERNAL);
        }
#endif

        new_stmt = recallocarray(assert->stmt, assert->stmt_cnt, n,
            sizeof(fido_assert_stmt));
        if (new_stmt == NULL)
                return (FIDO_ERR_INTERNAL);

        assert->stmt = new_stmt;
        assert->stmt_cnt = n;
        assert->stmt_len = n;

        return (FIDO_OK);
}

/home/pedro/projects/libfido2/src/authkey.c

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

static int
parse_authkey(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        es256_pk_t *authkey = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 1) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        return (es256_pk_decode(val, authkey));
}

static int
fido_dev_authkey_tx(fido_dev_t *dev)
{
        fido_blob_t      f;
        cbor_item_t     *argv[2];
        int              r;

        fido_log_debug("%s: dev=%p", __func__, (void *)dev);

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        /* add command parameters */
        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(2)) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        /* frame and transmit */
        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 2, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        free(f.ptr);

        return (r);
}

static int
fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;

        fido_log_debug("%s: dev=%p, authkey=%p, ms=%d", __func__, (void *)dev,
            (void *)authkey, ms);

        memset(authkey, 0, sizeof(*authkey));

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        return (cbor_parse_reply(reply, (size_t)reply_len, authkey,
            parse_authkey));
}

static int
fido_dev_authkey_wait(fido_dev_t *dev, es256_pk_t *authkey, int ms)
{
        int r;

        if ((r = fido_dev_authkey_tx(dev)) != FIDO_OK ||
            (r = fido_dev_authkey_rx(dev, authkey, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_authkey(fido_dev_t *dev, es256_pk_t *authkey)
{
        return (fido_dev_authkey_wait(dev, authkey, -1));
}

/home/pedro/projects/libfido2/src/bio.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>

#include "fido.h"
#include "fido/bio.h"
#include "fido/es256.h"

#define CMD_ENROLL_BEGIN        0x01
#define CMD_ENROLL_NEXT         0x02
#define CMD_ENROLL_CANCEL       0x03
#define CMD_ENUM                0x04
#define CMD_SET_NAME            0x05
#define CMD_ENROLL_REMOVE       0x06
#define CMD_GET_INFO            0x07

static int
bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc,
    cbor_item_t **param, fido_blob_t *hmac_data)
{
        const uint8_t    prefix[2] = { 0x01 /* modality */, cmd };
        int              ok = -1;
        size_t           cbor_alloc_len;
        size_t           cbor_len;
        unsigned char   *cbor = NULL;

        if (argv == NULL || param == NULL)
                return (fido_blob_set(hmac_data, prefix, sizeof(prefix)));

        if ((*param = cbor_flatten_vector(argv, argc)) == NULL) {
                fido_log_debug("%s: cbor_flatten_vector", __func__);
                goto fail;
        }

        if ((cbor_len = cbor_serialize_alloc(*param, &cbor,
            &cbor_alloc_len)) == 0 || cbor_len > SIZE_MAX - sizeof(prefix)) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                goto fail;
        }

        if ((hmac_data->ptr = malloc(cbor_len + sizeof(prefix))) == NULL) {
                fido_log_debug("%s: malloc", __func__);
                goto fail;
        }

        memcpy(hmac_data->ptr, prefix, sizeof(prefix));
        memcpy(hmac_data->ptr + sizeof(prefix), cbor, cbor_len);
        hmac_data->len = cbor_len + sizeof(prefix);

        ok = 0;
fail:
        free(cbor);

        return (ok);
}

static int
bio_tx(fido_dev_t *dev, uint8_t cmd, cbor_item_t **sub_argv, size_t sub_argc,
    const char *pin, const fido_blob_t *token)
{
        cbor_item_t     *argv[5];
        es256_pk_t      *pk = NULL;
        fido_blob_t     *ecdh = NULL;
        fido_blob_t      f;
        fido_blob_t      hmac;
        int              r = FIDO_ERR_INTERNAL;

        memset(&f, 0, sizeof(f));
        memset(&hmac, 0, sizeof(hmac));
        memset(&argv, 0, sizeof(argv));

        /* modality, subCommand */
        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(cmd)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        /* subParams */
        if (pin || token) {
                if (bio_prepare_hmac(cmd, sub_argv, sub_argc, &argv[2],
                    &hmac) < 0) {
                        fido_log_debug("%s: bio_prepare_hmac", __func__);
                        goto fail;
                }
        }

        /* pinProtocol, pinAuth */
        if (pin) {
                if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                        fido_log_debug("%s: fido_do_ecdh", __func__);
                        goto fail;
                }
                if ((r = cbor_add_pin_params(dev, &hmac, pk, ecdh, pin,
                    &argv[4], &argv[3])) != FIDO_OK) {
                        fido_log_debug("%s: cbor_add_pin_params", __func__);
                        goto fail;
                }
        } else if (token) {
                if ((argv[3] = cbor_encode_pin_opt()) == NULL ||
                    (argv[4] = cbor_encode_pin_auth(token, &hmac)) == NULL) {
                        fido_log_debug("%s: encode pin", __func__);
                        goto fail;
                }
        }

        /* framing and transmission */
        if (cbor_build_frame(CTAP_CBOR_BIO_ENROLL_PRE, argv, 5, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        es256_pk_free(&pk);
        fido_blob_free(&ecdh);
        free(f.ptr);
        free(hmac.ptr);

        return (r);
}

static void
bio_reset_template(fido_bio_template_t *t)
{
        free(t->name);
        free(t->id.ptr);
        t->name = NULL;
        memset(&t->id, 0, sizeof(t->id));
}

static void
bio_reset_template_array(fido_bio_template_array_t *ta)
{
        for (size_t i = 0; i < ta->n_alloc; i++)
                bio_reset_template(&ta->ptr[i]);

        free(ta->ptr);
        ta->ptr = NULL;
        memset(ta, 0, sizeof(*ta));
}

static int
decode_template(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_bio_template_t *t = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 1: /* id */
                return (fido_blob_decode(val, &t->id));
        case 2: /* name */
                return (cbor_string_copy(val, &t->name));
        }

        return (0); /* ignore */
}

static int
decode_template_array(const cbor_item_t *item, void *arg)
{
        fido_bio_template_array_t *ta = arg;

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        if (ta->n_rx >= ta->n_alloc) {
                fido_log_debug("%s: n_rx >= n_alloc", __func__);
                return (-1);
        }

        if (cbor_map_iter(item, &ta->ptr[ta->n_rx], decode_template) < 0) {
                fido_log_debug("%s: decode_template", __func__);
                return (-1);
        }

        ta->n_rx++;

        return (0);
}

static int
bio_parse_template_array(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_bio_template_array_t *ta = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 7) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        if (cbor_isa_array(val) == false ||
            cbor_array_is_definite(val) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        if (ta->ptr != NULL || ta->n_alloc != 0 || ta->n_rx != 0) {
                fido_log_debug("%s: ptr != NULL || n_alloc != 0 || n_rx != 0",
                    __func__);
                return (-1);
        }

        if ((ta->ptr = calloc(cbor_array_size(val), sizeof(*ta->ptr))) == NULL)
                return (-1);

        ta->n_alloc = cbor_array_size(val);

        if (cbor_array_iter(val, ta, decode_template_array) < 0) {
                fido_log_debug("%s: decode_template_array", __func__);
                return (-1);
        }

        return (0);
}

static int
bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        bio_reset_template_array(ta);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, ta,
            bio_parse_template_array)) != FIDO_OK) {
                fido_log_debug("%s: bio_parse_template_array" , __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
bio_get_template_array_wait(fido_dev_t *dev, fido_bio_template_array_t *ta,
    const char *pin, int ms)
{
        int r;

        if ((r = bio_tx(dev, CMD_ENUM, NULL, 0, pin, NULL)) != FIDO_OK ||
            (r = bio_rx_template_array(dev, ta, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_bio_dev_get_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta,
    const char *pin)
{
        if (pin == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (bio_get_template_array_wait(dev, ta, pin, -1));
}

static int
bio_set_template_name_wait(fido_dev_t *dev, const fido_bio_template_t *t,
    const char *pin, int ms)
{
        cbor_item_t     *argv[2];
        int              r = FIDO_ERR_INTERNAL;

        memset(&argv, 0, sizeof(argv));

        if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
            (argv[1] = cbor_build_string(t->name)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        if ((r = bio_tx(dev, CMD_SET_NAME, argv, 2, pin, NULL)) != FIDO_OK ||
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));

        return (r);
}

int
fido_bio_dev_set_template_name(fido_dev_t *dev, const fido_bio_template_t *t,
    const char *pin)
{
        if (pin == NULL || t->name == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (bio_set_template_name_wait(dev, t, pin, -1));
}

static void
bio_reset_enroll(fido_bio_enroll_t *e)
{
        e->remaining_samples = 0;
        e->last_status = 0;

        if (e->token)
                fido_blob_free(&e->token);
}

static int
bio_parse_enroll_status(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_bio_enroll_t *e = arg;
        uint64_t x;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 5:
                if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
                        fido_log_debug("%s: cbor_decode_uint64", __func__);
                        return (-1);
                }
                e->last_status = (uint8_t)x;
                break;
        case 6:
                if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
                        fido_log_debug("%s: cbor_decode_uint64", __func__);
                        return (-1);
                }
                e->remaining_samples = (uint8_t)x;
                break;
        default:
                return (0); /* ignore */
        }

        return (0);
}

static int
bio_parse_template_id(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_blob_t *id = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 4) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        return (fido_blob_decode(val, id));
}

static int
bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
    fido_bio_enroll_t *e, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        bio_reset_template(t);

        e->remaining_samples = 0;
        e->last_status = 0;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
            bio_parse_enroll_status)) != FIDO_OK) {
                fido_log_debug("%s: bio_parse_enroll_status", __func__);
                return (r);
        }
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &t->id,
            bio_parse_template_id)) != FIDO_OK) {
                fido_log_debug("%s: bio_parse_template_id", __func__);
                return (r);
        }
    
        return (FIDO_OK);
}

static int
bio_enroll_begin_wait(fido_dev_t *dev, fido_bio_template_t *t,
    fido_bio_enroll_t *e, uint32_t timo_ms, int ms)
{
        cbor_item_t     *argv[3];
        const uint8_t    cmd = CMD_ENROLL_BEGIN;
        int              r = FIDO_ERR_INTERNAL;

        memset(&argv, 0, sizeof(argv));

        if ((argv[2] = cbor_build_uint32(timo_ms)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token)) != FIDO_OK ||
            (r = bio_rx_enroll_begin(dev, t, e, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));

        return (r);
}

int
fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
    fido_bio_enroll_t *e, uint32_t timo_ms, const char *pin)
{
        es256_pk_t      *pk = NULL;
        fido_blob_t     *ecdh = NULL;
        fido_blob_t     *token = NULL;
        int              r;

        if (pin == NULL || e->token != NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if ((token = fido_blob_new()) == NULL) {
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                fido_log_debug("%s: fido_do_ecdh", __func__);
                goto fail;
        }

        if ((r = fido_dev_get_pin_token(dev, pin, ecdh, pk, token)) != FIDO_OK) {
                fido_log_debug("%s: fido_dev_get_pin_token", __func__);
                goto fail;
        }

        e->token = token;
        token = NULL;
fail:
        es256_pk_free(&pk);
        fido_blob_free(&ecdh);
        fido_blob_free(&token);

        if (r != FIDO_OK)
                return (r);

        return (bio_enroll_begin_wait(dev, t, e, timo_ms, -1));
}

static int
bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        e->remaining_samples = 0;
        e->last_status = 0;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
            bio_parse_enroll_status)) != FIDO_OK) {
                fido_log_debug("%s: bio_parse_enroll_status", __func__);
                return (r);
        }
    
        return (FIDO_OK);
}

static int
bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t,
    fido_bio_enroll_t *e, uint32_t timo_ms, int ms)
{
        cbor_item_t     *argv[3];
        const uint8_t    cmd = CMD_ENROLL_NEXT;
        int              r = FIDO_ERR_INTERNAL;

        memset(&argv, 0, sizeof(argv));

        if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
            (argv[2] = cbor_build_uint32(timo_ms)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token)) != FIDO_OK ||
            (r = bio_rx_enroll_continue(dev, e, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));

        return (r);
}

int
fido_bio_dev_enroll_continue(fido_dev_t *dev, const fido_bio_template_t *t,
    fido_bio_enroll_t *e, uint32_t timo_ms)
{
        if (e->token == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (bio_enroll_continue_wait(dev, t, e, timo_ms, -1));
}

static int
bio_enroll_cancel_wait(fido_dev_t *dev, int ms)
{
        const uint8_t   cmd = CMD_ENROLL_CANCEL;
        int             r;

        if ((r = bio_tx(dev, cmd, NULL, 0, NULL, NULL)) != FIDO_OK ||
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                return (r);
        }

        return (FIDO_OK);
}

int
fido_bio_dev_enroll_cancel(fido_dev_t *dev)
{
        return (bio_enroll_cancel_wait(dev, -1));
}

static int
bio_enroll_remove_wait(fido_dev_t *dev, const fido_bio_template_t *t,
    const char *pin, int ms)
{
        cbor_item_t     *argv[1];
        const uint8_t    cmd = CMD_ENROLL_REMOVE;
        int              r = FIDO_ERR_INTERNAL;

        memset(&argv, 0, sizeof(argv));

        if ((argv[0] = fido_blob_encode(&t->id)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        if ((r = bio_tx(dev, cmd, argv, 1, pin, NULL)) != FIDO_OK ||
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));

        return (r);
}

int
fido_bio_dev_enroll_remove(fido_dev_t *dev, const fido_bio_template_t *t,
    const char *pin)
{
        return (bio_enroll_remove_wait(dev, t, pin, -1));
}

static void
bio_reset_info(fido_bio_info_t *i)
{
        i->type = 0;
        i->max_samples = 0;
}

static int
bio_parse_info(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_bio_info_t *i = arg;
        uint64_t         x;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 2:
                if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
                        fido_log_debug("%s: cbor_decode_uint64", __func__);
                        return (-1);
                }
                i->type = (uint8_t)x;
                break;
        case 3:
                if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
                        fido_log_debug("%s: cbor_decode_uint64", __func__);
                        return (-1);
                }
                i->max_samples = (uint8_t)x;
                break;
        default:
                return (0); /* ignore */
        }

        return (0);
}

static int
bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        bio_reset_info(i);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, i,
            bio_parse_info)) != FIDO_OK) {
                fido_log_debug("%s: bio_parse_info" , __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
bio_get_info_wait(fido_dev_t *dev, fido_bio_info_t *i, int ms)
{
        int r;

        if ((r = bio_tx(dev, CMD_GET_INFO, NULL, 0, NULL, NULL)) != FIDO_OK ||
            (r = bio_rx_info(dev, i, ms)) != FIDO_OK) {
                fido_log_debug("%s: tx/rx", __func__);
                return (r);
        }

        return (FIDO_OK);
}

int
fido_bio_dev_get_info(fido_dev_t *dev, fido_bio_info_t *i)
{
        return (bio_get_info_wait(dev, i, -1));
}

const char *
fido_bio_template_name(const fido_bio_template_t *t)
{
        return (t->name);
}

const unsigned char *
fido_bio_template_id_ptr(const fido_bio_template_t *t)
{
        return (t->id.ptr);
}

size_t
fido_bio_template_id_len(const fido_bio_template_t *t)
{
        return (t->id.len);
}

size_t
fido_bio_template_array_count(const fido_bio_template_array_t *ta)
{
        return (ta->n_rx);
}

fido_bio_template_array_t *
fido_bio_template_array_new(void)
{
        return (calloc(1, sizeof(fido_bio_template_array_t)));
}

fido_bio_template_t *
fido_bio_template_new(void)
{
        return (calloc(1, sizeof(fido_bio_template_t)));
}

void
fido_bio_template_array_free(fido_bio_template_array_t **tap)
{
        fido_bio_template_array_t *ta;

        if (tap == NULL || (ta = *tap) == NULL)
                return;

        bio_reset_template_array(ta);
        free(ta);
        *tap = NULL;
}

void
fido_bio_template_free(fido_bio_template_t **tp)
{
        fido_bio_template_t *t;

        if (tp == NULL || (t = *tp) == NULL)
                return;

        bio_reset_template(t);
        free(t);
        *tp = NULL;
}

int
fido_bio_template_set_name(fido_bio_template_t *t, const char *name)
{
        free(t->name);
        t->name = NULL;

        if (name && (t->name = strdup(name)) == NULL)
                return (FIDO_ERR_INTERNAL);

        return (FIDO_OK);
}

int
fido_bio_template_set_id(fido_bio_template_t *t, const unsigned char *ptr,
    size_t len)
{
        free(t->id.ptr);
        t->id.ptr = NULL;
        t->id.len = 0;

        if (ptr && fido_blob_set(&t->id, ptr, len) < 0)
                return (FIDO_ERR_INTERNAL);

        return (FIDO_OK);
}

const fido_bio_template_t *
fido_bio_template(const fido_bio_template_array_t *ta, size_t idx)
{
        if (idx >= ta->n_alloc)
                return (NULL);

        return (&ta->ptr[idx]);
}

fido_bio_enroll_t *
fido_bio_enroll_new(void)
{
        return (calloc(1, sizeof(fido_bio_enroll_t)));
}

fido_bio_info_t *
fido_bio_info_new(void)
{
        return (calloc(1, sizeof(fido_bio_info_t)));
}

uint8_t
fido_bio_info_type(const fido_bio_info_t *i)
{
        return (i->type);
}

uint8_t
fido_bio_info_max_samples(const fido_bio_info_t *i)
{
        return (i->max_samples);
}

void
fido_bio_enroll_free(fido_bio_enroll_t **ep)
{
        fido_bio_enroll_t *e;

        if (ep == NULL || (e = *ep) == NULL)
                return;

        bio_reset_enroll(e);

        free(e);
        *ep = NULL;
}

void
fido_bio_info_free(fido_bio_info_t **ip)
{
        fido_bio_info_t *i;

        if (ip == NULL || (i = *ip) == NULL)
                return;

        free(i);
        *ip = NULL;
}

uint8_t
fido_bio_enroll_remaining_samples(const fido_bio_enroll_t *e)
{
        return (e->remaining_samples);
}

uint8_t
fido_bio_enroll_last_status(const fido_bio_enroll_t *e)
{
        return (e->last_status);
}

/home/pedro/projects/libfido2/src/blob.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

fido_blob_t *
fido_blob_new(void)
{
        return (calloc(1, sizeof(fido_blob_t)));
}

int
fido_blob_set(fido_blob_t *b, const unsigned char *ptr, size_t len)
{
        if (b->ptr != NULL) {
                explicit_bzero(b->ptr, b->len);
                free(b->ptr);
                b->ptr = NULL;
        }

        b->len = 0;

        if (ptr == NULL || len == 0) {
                fido_log_debug("%s: ptr=%p, len=%zu", __func__,
                    (const void *)ptr, len);
                return (-1);
        }

        if ((b->ptr = malloc(len)) == NULL) {
                fido_log_debug("%s: malloc", __func__);
                return (-1);
        }

        memcpy(b->ptr, ptr, len);
        b->len = len;

        return (0);
}

void
fido_blob_free(fido_blob_t **bp)
{
        fido_blob_t *b;

        if (bp == NULL || (b = *bp) == NULL)
                return;

        if (b->ptr) {
                explicit_bzero(b->ptr, b->len);
                free(b->ptr);
        }

        explicit_bzero(b, sizeof(*b));
        free(b);

        *bp = NULL;
}

void
fido_free_blob_array(fido_blob_array_t *array)
{
        if (array->ptr == NULL)
                return;

        for (size_t i = 0; i < array->len; i++) {
                fido_blob_t *b = &array->ptr[i];
                if (b->ptr != NULL) {
                        explicit_bzero(b->ptr, b->len);
                        free(b->ptr);
                        b->ptr = NULL;
                }
        }

        free(array->ptr);
        array->ptr = NULL;
        array->len = 0;
}

cbor_item_t *
fido_blob_encode(const fido_blob_t *b)
{
        if (b == NULL || b->ptr == NULL)
                return (NULL);

        return (cbor_build_bytestring(b->ptr, b->len));
}

int
fido_blob_decode(const cbor_item_t *item, fido_blob_t *b)
{
        return (cbor_bytestring_copy(item, &b->ptr, &b->len));
}

int
fido_blob_is_empty(const fido_blob_t *b)
{
        return (b->ptr == NULL || b->len == 0);
}

/home/pedro/projects/libfido2/src/buf.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

int
fido_buf_read(const unsigned char **buf, size_t *len, void *dst, size_t count)
{
        if (count > *len)
                return (-1);

        memcpy(dst, *buf, count);
        *buf += count;
        *len -= count;

        return (0);
}

int
fido_buf_write(unsigned char **buf, size_t *len, const void *src, size_t count)
{
        if (count > *len)
                return (-1);

        memcpy(*buf, src, count);
        *buf += count;
        *len -= count;

        return (0);
}

/home/pedro/projects/libfido2/src/cbor.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/sha.h>

#include <string.h>
#include "fido.h"

static int
check_key_type(cbor_item_t *item)
{
        if (item->type == CBOR_TYPE_UINT || item->type == CBOR_TYPE_NEGINT ||
            item->type == CBOR_TYPE_STRING)
                return (0);

        fido_log_debug("%s: invalid type: %d", __func__, item->type);

        return (-1);
}

/*
 * Validate CTAP2 canonical CBOR encoding rules for maps.
 */
static int
ctap_check_cbor(cbor_item_t *prev, cbor_item_t *curr)
{
        size_t  curr_len;
        size_t  prev_len;

        if (check_key_type(prev) < 0 || check_key_type(curr) < 0)
                return (-1);

        if (prev->type != curr->type) {
                if (prev->type < curr->type)
                        return (0);
                fido_log_debug("%s: unsorted types", __func__);
                return (-1);
        }

        if (curr->type == CBOR_TYPE_UINT || curr->type == CBOR_TYPE_NEGINT) {
                if (cbor_int_get_width(curr) >= cbor_int_get_width(prev) &&
                    cbor_get_int(curr) > cbor_get_int(prev))
                        return (0);
        } else {
                curr_len = cbor_string_length(curr);
                prev_len = cbor_string_length(prev);

                if (curr_len > prev_len || (curr_len == prev_len &&
                    memcmp(cbor_string_handle(prev), cbor_string_handle(curr),
                    curr_len) < 0))
                        return (0);
        }

        fido_log_debug("%s: invalid cbor", __func__);

        return (-1);
}

int
cbor_map_iter(const cbor_item_t *item, void *arg, int(*f)(const cbor_item_t *,
    const cbor_item_t *, void *))
{
        struct cbor_pair        *v;
        size_t                   n;

        if ((v = cbor_map_handle(item)) == NULL) {
                fido_log_debug("%s: cbor_map_handle", __func__);
                return (-1);
        }

        n = cbor_map_size(item);

        for (size_t i = 0; i < n; i++) {
                if (v[i].key == NULL || v[i].value == NULL) {
                        fido_log_debug("%s: key=%p, value=%p for i=%zu",
                            __func__, (void *)v[i].key, (void *)v[i].value, i);
                        return (-1);
                }
                if (i && ctap_check_cbor(v[i - 1].key, v[i].key) < 0) {
                        fido_log_debug("%s: ctap_check_cbor", __func__);
                        return (-1);
                }
                if (f(v[i].key, v[i].value, arg) < 0) {
                        fido_log_debug("%s: iterator < 0 on i=%zu", __func__,
                            i);
                        return (-1);
                }
        }

        return (0);
}

int
cbor_array_iter(const cbor_item_t *item, void *arg, int(*f)(const cbor_item_t *,
    void *))
{
        cbor_item_t     **v;
        size_t            n;

        if ((v = cbor_array_handle(item)) == NULL) {
                fido_log_debug("%s: cbor_array_handle", __func__);
                return (-1);
        }

        n = cbor_array_size(item);

        for (size_t i = 0; i < n; i++)
                if (v[i] == NULL || f(v[i], arg) < 0) {
                        fido_log_debug("%s: iterator < 0 on i=%zu,%p",
                            __func__, i, (void *)v[i]);
                        return (-1);
                }

        return (0);
}

int
cbor_parse_reply(const unsigned char *blob, size_t blob_len, void *arg,
    int(*parser)(const cbor_item_t *, const cbor_item_t *, void *))
{
        cbor_item_t             *item = NULL;
        struct cbor_load_result  cbor;
        int                      r;

        if (blob_len < 1) {
                fido_log_debug("%s: blob_len=%zu", __func__, blob_len);
                r = FIDO_ERR_RX;
                goto fail;
        }

        if (blob[0] != FIDO_OK) {
                fido_log_debug("%s: blob[0]=0x%02x", __func__, blob[0]);
                r = blob[0];
                goto fail;
        }

        if ((item = cbor_load(blob + 1, blob_len - 1, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                r = FIDO_ERR_RX_NOT_CBOR;
                goto fail;
        }

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                r = FIDO_ERR_RX_INVALID_CBOR;
                goto fail;
        }

        if (cbor_map_iter(item, arg, parser) < 0) {
                fido_log_debug("%s: cbor_map_iter", __func__);
                r = FIDO_ERR_RX_INVALID_CBOR;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (r);
}

void
cbor_vector_free(cbor_item_t **item, size_t len)
{
        for (size_t i = 0; i < len; i++)
                if (item[i] != NULL)
                        cbor_decref(&item[i]);
}

int
cbor_bytestring_copy(const cbor_item_t *item, unsigned char **buf, size_t *len)
{
        if (*buf != NULL || *len != 0) {
                fido_log_debug("%s: dup", __func__);
                return (-1);
        }

        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        *len = cbor_bytestring_length(item);
        if ((*buf = malloc(*len)) == NULL) {
                *len = 0;
                return (-1);
        }

        memcpy(*buf, cbor_bytestring_handle(item), *len);

        return (0);
}

int
cbor_string_copy(const cbor_item_t *item, char **str)
{
        size_t len;

        if (*str != NULL) {
                fido_log_debug("%s: dup", __func__);
                return (-1);
        }

        if (cbor_isa_string(item) == false ||
            cbor_string_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        if ((len = cbor_string_length(item)) == SIZE_MAX ||
            (*str = malloc(len + 1)) == NULL)
                return (-1);

        memcpy(*str, cbor_string_handle(item), len);
        (*str)[len] = '\0';

        return (0);
}

int
cbor_add_bytestring(cbor_item_t *item, const char *key,
    const unsigned char *value, size_t value_len)
{
        struct cbor_pair pair;
        int ok = -1;

        memset(&pair, 0, sizeof(pair));

        if ((pair.key = cbor_build_string(key)) == NULL ||
            (pair.value = cbor_build_bytestring(value, value_len)) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        if (!cbor_map_add(item, pair)) {
                fido_log_debug("%s: cbor_map_add", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pair.key)
                cbor_decref(&pair.key);
        if (pair.value)
                cbor_decref(&pair.value);

        return (ok);
}

int
cbor_add_string(cbor_item_t *item, const char *key, const char *value)
{
        struct cbor_pair pair;
        int ok = -1;

        memset(&pair, 0, sizeof(pair));

        if ((pair.key = cbor_build_string(key)) == NULL ||
            (pair.value = cbor_build_string(value)) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        if (!cbor_map_add(item, pair)) {
                fido_log_debug("%s: cbor_map_add", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pair.key)
                cbor_decref(&pair.key);
        if (pair.value)
                cbor_decref(&pair.value);

        return (ok);
}

int
cbor_add_bool(cbor_item_t *item, const char *key, fido_opt_t value)
{
        struct cbor_pair pair;
        int ok = -1;

        memset(&pair, 0, sizeof(pair));

        if ((pair.key = cbor_build_string(key)) == NULL ||
            (pair.value = cbor_build_bool(value == FIDO_OPT_TRUE)) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        if (!cbor_map_add(item, pair)) {
                fido_log_debug("%s: cbor_map_add", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pair.key)
                cbor_decref(&pair.key);
        if (pair.value)
                cbor_decref(&pair.value);

        return (ok);
}

static int
cbor_add_arg(cbor_item_t *item, uint8_t n, cbor_item_t *arg)
{
        struct cbor_pair pair;
        int ok = -1;

        memset(&pair, 0, sizeof(pair));

        if (arg == NULL)
                return (0); /* empty argument */

        if ((pair.key = cbor_build_uint8(n)) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        pair.value = arg;

        if (!cbor_map_add(item, pair)) {
                fido_log_debug("%s: cbor_map_add", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pair.key)
                cbor_decref(&pair.key);

        return (ok);
}

cbor_item_t *
cbor_flatten_vector(cbor_item_t *argv[], size_t argc)
{
        cbor_item_t     *map;
        uint8_t          i;

        if (argc > UINT8_MAX - 1)
                return (NULL);

        if ((map = cbor_new_definite_map(argc)) == NULL)
                return (NULL);

        for (i = 0; i < argc; i++)
                if (cbor_add_arg(map, i + 1, argv[i]) < 0)
                        break;

        if (i != argc) {
                cbor_decref(&map);
                map = NULL;
        }

        return (map);
}

int
cbor_build_frame(uint8_t cmd, cbor_item_t *argv[], size_t argc, fido_blob_t *f)
{
        cbor_item_t     *flat = NULL;
        unsigned char   *cbor = NULL;
        size_t           cbor_len;
        size_t           cbor_alloc_len;
        int              ok = -1;

        if ((flat = cbor_flatten_vector(argv, argc)) == NULL)
                goto fail;

        cbor_len = cbor_serialize_alloc(flat, &cbor, &cbor_alloc_len);
        if (cbor_len == 0 || cbor_len == SIZE_MAX) {
                fido_log_debug("%s: cbor_len=%zu", __func__, cbor_len);
                goto fail;
        }

        if ((f->ptr = malloc(cbor_len + 1)) == NULL)
                goto fail;

        f->len = cbor_len + 1;
        f->ptr[0] = cmd;
        memcpy(f->ptr + 1, cbor, f->len - 1);

        ok = 0;
fail:
        if (flat != NULL)
                cbor_decref(&flat);

        free(cbor);

        return (ok);
}

cbor_item_t *
cbor_encode_rp_entity(const fido_rp_t *rp)
{
        cbor_item_t *item = NULL;

        if ((item = cbor_new_definite_map(2)) == NULL)
                return (NULL);

        if ((rp->id && cbor_add_string(item, "id", rp->id) < 0) ||
            (rp->name && cbor_add_string(item, "name", rp->name) < 0)) {
                cbor_decref(&item);
                return (NULL);
        }

        return (item);
}

cbor_item_t *
cbor_encode_user_entity(const fido_user_t *user)
{
        cbor_item_t             *item = NULL;
        const fido_blob_t       *id = &user->id;
        const char              *display = user->display_name;

        if ((item = cbor_new_definite_map(4)) == NULL)
                return (NULL);

        if ((id->ptr && cbor_add_bytestring(item, "id", id->ptr, id->len) < 0) ||
            (user->icon && cbor_add_string(item, "icon", user->icon) < 0) ||
            (user->name && cbor_add_string(item, "name", user->name) < 0) ||
            (display && cbor_add_string(item, "displayName", display) < 0)) {
                cbor_decref(&item);
                return (NULL);
        }

        return (item);
}

cbor_item_t *
cbor_encode_pubkey_param(int cose_alg)
{
        cbor_item_t             *item = NULL;
        cbor_item_t             *body = NULL;
        struct cbor_pair         alg;
        int                      ok = -1;

        memset(&alg, 0, sizeof(alg));

        if ((item = cbor_new_definite_array(1)) == NULL ||
            (body = cbor_new_definite_map(2)) == NULL ||
            cose_alg > -1 || cose_alg < INT16_MIN)
                goto fail;

        alg.key = cbor_build_string("alg");

        if (-cose_alg - 1 > UINT8_MAX)
                alg.value = cbor_build_negint16((uint16_t)(-cose_alg - 1));
        else
                alg.value = cbor_build_negint8((uint8_t)(-cose_alg - 1));

        if (alg.key == NULL || alg.value == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        if (cbor_map_add(body, alg) == false ||
            cbor_add_string(body, "type", "public-key") < 0 ||
            cbor_array_push(item, body) == false)
                goto fail;

        ok  = 0;
fail:
        if (ok < 0) {
                if (item != NULL) {
                        cbor_decref(&item);
                        item = NULL;
                }
        }

        if (body != NULL)
                cbor_decref(&body);
        if (alg.key != NULL)
                cbor_decref(&alg.key);
        if (alg.value != NULL)
                cbor_decref(&alg.value);

        return (item);
}

cbor_item_t *
cbor_encode_pubkey(const fido_blob_t *pubkey)
{
        cbor_item_t *cbor_key = NULL;

        if ((cbor_key = cbor_new_definite_map(2)) == NULL ||
            cbor_add_bytestring(cbor_key, "id", pubkey->ptr, pubkey->len) < 0 ||
            cbor_add_string(cbor_key, "type", "public-key") < 0) {
                if (cbor_key)
                        cbor_decref(&cbor_key);
                return (NULL);
        }

        return (cbor_key);
}

cbor_item_t *
cbor_encode_pubkey_list(const fido_blob_array_t *list)
{
        cbor_item_t     *array = NULL;
        cbor_item_t     *key = NULL;

        if ((array = cbor_new_definite_array(list->len)) == NULL)
                goto fail;

        for (size_t i = 0; i < list->len; i++) {
                if ((key = cbor_encode_pubkey(&list->ptr[i])) == NULL ||
                    cbor_array_push(array, key) == false)
                        goto fail;
                cbor_decref(&key);
        }

        return (array);
fail:
        if (key != NULL)
                cbor_decref(&key);
        if (array != NULL)
                cbor_decref(&array);

        return (NULL);
}

cbor_item_t *
cbor_encode_extensions(int ext)
{
        cbor_item_t *item = NULL;

        if (ext == 0 || ext != FIDO_EXT_HMAC_SECRET)
                return (NULL);

        if ((item = cbor_new_definite_map(1)) == NULL)
                return (NULL);

        if (cbor_add_bool(item, "hmac-secret", FIDO_OPT_TRUE) < 0) {
                cbor_decref(&item);
                return (NULL);
        }

        return (item);
}

cbor_item_t *
cbor_encode_options(fido_opt_t rk, fido_opt_t uv)
{
        cbor_item_t *item = NULL;

        if ((item = cbor_new_definite_map(2)) == NULL)
                return (NULL);

        if ((rk != FIDO_OPT_OMIT && cbor_add_bool(item, "rk", rk) < 0) ||
            (uv != FIDO_OPT_OMIT && cbor_add_bool(item, "uv", uv) < 0)) {
                cbor_decref(&item);
                return (NULL);
        }

        return (item);
}

cbor_item_t *
cbor_encode_assert_options(fido_opt_t up, fido_opt_t uv)
{
        cbor_item_t *item = NULL;

        if ((item = cbor_new_definite_map(2)) == NULL)
                return (NULL);

        if ((up != FIDO_OPT_OMIT && cbor_add_bool(item, "up", up) < 0) ||
            (uv != FIDO_OPT_OMIT && cbor_add_bool(item, "uv", uv) < 0)) {
                cbor_decref(&item);
                return (NULL);
        }

        return (item);
}

cbor_item_t *
cbor_encode_pin_auth(const fido_blob_t *hmac_key, const fido_blob_t *data)
{
        const EVP_MD    *md = NULL;
        unsigned char    dgst[SHA256_DIGEST_LENGTH];
        unsigned int     dgst_len;

        if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr,
            (int)hmac_key->len, data->ptr, (int)data->len, dgst,
            &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH)
                return (NULL);

        return (cbor_build_bytestring(dgst, 16));
}

cbor_item_t *
cbor_encode_pin_opt(void)
{
        return (cbor_build_uint8(1));
}

cbor_item_t *
cbor_encode_pin_enc(const fido_blob_t *key, const fido_blob_t *pin)
{
        fido_blob_t      pe;
        cbor_item_t     *item = NULL;

        if (aes256_cbc_enc(key, pin, &pe) < 0)
                return (NULL);

        item = cbor_build_bytestring(pe.ptr, pe.len);
        free(pe.ptr);

        return (item);
}

static int
sha256(const unsigned char *data, size_t data_len, fido_blob_t *digest)
{
        if ((digest->ptr = calloc(1, SHA256_DIGEST_LENGTH)) == NULL)
                return (-1);

        digest->len = SHA256_DIGEST_LENGTH;

        if (SHA256(data, data_len, digest->ptr) != digest->ptr) {
                free(digest->ptr);
                digest->ptr = NULL;
                digest->len = 0;
                return (-1);
        }

        return (0);
}

cbor_item_t *
cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin,
    const fido_blob_t *pin)
{
        unsigned char    dgst[SHA256_DIGEST_LENGTH];
        unsigned int     dgst_len;
        cbor_item_t     *item = NULL;
        const EVP_MD    *md = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
        HMAC_CTX         ctx;
#else
        HMAC_CTX        *ctx = NULL;
#endif
        fido_blob_t     *npe = NULL; /* new pin, encrypted */
        fido_blob_t     *ph = NULL;  /* pin hash */
        fido_blob_t     *phe = NULL; /* pin hash, encrypted */
        int              ok = -1;

        if ((npe = fido_blob_new()) == NULL ||
            (ph = fido_blob_new()) == NULL ||
            (phe = fido_blob_new()) == NULL)
                goto fail;

        if (aes256_cbc_enc(key, new_pin, npe) < 0) {
                fido_log_debug("%s: aes256_cbc_enc 1", __func__);
                goto fail;
        }

        if (sha256(pin->ptr, pin->len, ph) < 0 || ph->len < 16) {
                fido_log_debug("%s: sha256", __func__);
                goto fail;
        }

        ph->len = 16; /* first 16 bytes */

        if (aes256_cbc_enc(key, ph, phe) < 0) {
                fido_log_debug("%s: aes256_cbc_enc 2", __func__);
                goto fail;
        }

#if OPENSSL_VERSION_NUMBER < 0x10100000L
        HMAC_CTX_init(&ctx);

        if ((md = EVP_sha256()) == NULL ||
            HMAC_Init_ex(&ctx, key->ptr, (int)key->len, md, NULL) == 0 ||
            HMAC_Update(&ctx, npe->ptr, (int)npe->len) == 0 ||
            HMAC_Update(&ctx, phe->ptr, (int)phe->len) == 0 ||
            HMAC_Final(&ctx, dgst, &dgst_len) == 0 || dgst_len != 32) {
                fido_log_debug("%s: HMAC", __func__);
                goto fail;
        }
#else
        if ((ctx = HMAC_CTX_new()) == NULL ||
            (md = EVP_sha256())  == NULL ||
            HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 ||
            HMAC_Update(ctx, npe->ptr, (int)npe->len) == 0 ||
            HMAC_Update(ctx, phe->ptr, (int)phe->len) == 0 ||
            HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) {
                fido_log_debug("%s: HMAC", __func__);
                goto fail;
        }
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

        if ((item = cbor_build_bytestring(dgst, 16)) == NULL) {
                fido_log_debug("%s: cbor_build_bytestring", __func__);
                goto fail;
        }

        ok = 0;
fail:
        fido_blob_free(&npe);
        fido_blob_free(&ph);
        fido_blob_free(&phe);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
        if (ctx != NULL)
                HMAC_CTX_free(ctx);
#endif

        if (ok < 0) {
                if (item != NULL) {
                        cbor_decref(&item);
                        item = NULL;
                }
        }

        return (item);
}

cbor_item_t *
cbor_encode_set_pin_auth(const fido_blob_t *key, const fido_blob_t *pin)
{
        const EVP_MD    *md = NULL;
        unsigned char    dgst[SHA256_DIGEST_LENGTH];
        unsigned int     dgst_len;
        cbor_item_t     *item = NULL;
        fido_blob_t     *pe = NULL;

        if ((pe = fido_blob_new()) == NULL)
                goto fail;

        if (aes256_cbc_enc(key, pin, pe) < 0) {
                fido_log_debug("%s: aes256_cbc_enc", __func__);
                goto fail;
        }

        if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr,
            (int)key->len, pe->ptr, (int)pe->len, dgst, &dgst_len) == NULL ||
            dgst_len != SHA256_DIGEST_LENGTH) {
                fido_log_debug("%s: HMAC", __func__);
                goto fail;
        }

        item = cbor_build_bytestring(dgst, 16);
fail:
        fido_blob_free(&pe);

        return (item);
}

cbor_item_t *
cbor_encode_pin_hash_enc(const fido_blob_t *shared, const fido_blob_t *pin)
{
        cbor_item_t     *item = NULL;
        fido_blob_t     *ph = NULL;
        fido_blob_t     *phe = NULL;

        if ((ph = fido_blob_new()) == NULL || (phe = fido_blob_new()) == NULL)
                goto fail;

        if (sha256(pin->ptr, pin->len, ph) < 0 || ph->len < 16) {
                fido_log_debug("%s: SHA256", __func__);
                goto fail;
        }

        ph->len = 16; /* first 16 bytes */

        if (aes256_cbc_enc(shared, ph, phe) < 0) {
                fido_log_debug("%s: aes256_cbc_enc", __func__);
                goto fail;
        }

        item = cbor_build_bytestring(phe->ptr, phe->len);
fail:
        fido_blob_free(&ph);
        fido_blob_free(&phe);

        return (item);
}

cbor_item_t *
cbor_encode_hmac_secret_param(const fido_blob_t *ecdh, const es256_pk_t *pk,
    const fido_blob_t *hmac_salt)
{
        cbor_item_t             *item = NULL;
        cbor_item_t             *param = NULL;
        cbor_item_t             *argv[3];
        struct cbor_pair         pair;

        memset(argv, 0, sizeof(argv));
        memset(&pair, 0, sizeof(pair));

        if (ecdh == NULL || pk == NULL || hmac_salt->ptr == NULL) {
                fido_log_debug("%s: ecdh=%p, pk=%p, hmac_salt->ptr=%p",
                    __func__, (const void *)ecdh, (const void *)pk,
                    (const void *)hmac_salt->ptr);
                goto fail;
        }

        if (hmac_salt->len != 32 && hmac_salt->len != 64) {
                fido_log_debug("%s: hmac_salt->len=%zu", __func__,
                    hmac_salt->len);
                goto fail;
        }

        /* XXX not pin, but salt */
        if ((argv[0] = es256_pk_encode(pk, 1)) == NULL ||
            (argv[1] = cbor_encode_pin_enc(ecdh, hmac_salt)) == NULL ||
            (argv[2] = cbor_encode_set_pin_auth(ecdh, hmac_salt)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        if ((param = cbor_flatten_vector(argv, 3)) == NULL) {
                fido_log_debug("%s: cbor_flatten_vector", __func__);
                goto fail;
        }

        if ((item = cbor_new_definite_map(1)) == NULL) {
                fido_log_debug("%s: cbor_new_definite_map", __func__);
                goto fail;
        }

        if ((pair.key = cbor_build_string("hmac-secret")) == NULL) {
                fido_log_debug("%s: cbor_build", __func__);
                goto fail;
        }

        pair.value = param;

        if (!cbor_map_add(item, pair)) {
                fido_log_debug("%s: cbor_map_add", __func__);
                cbor_decref(&item);
                item = NULL;
                goto fail;
        }

fail:
        for (size_t i = 0; i < 3; i++)
                if (argv[i] != NULL)
                        cbor_decref(&argv[i]);

        if (param != NULL)
                cbor_decref(&param);
        if (pair.key != NULL)
                cbor_decref(&pair.key);

        return (item);
}

int
cbor_decode_fmt(const cbor_item_t *item, char **fmt)
{
        char    *type = NULL;

        if (cbor_string_copy(item, &type) < 0) {
                fido_log_debug("%s: cbor_string_copy", __func__);
                return (-1);
        }

        if (strcmp(type, "packed") && strcmp(type, "fido-u2f")) {
                fido_log_debug("%s: type=%s", __func__, type);
                free(type);
                return (-1);
        }

        *fmt = type;

        return (0);
}

struct cose_key {
        int kty;
        int alg;
        int crv;
};

static int
find_cose_alg(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        struct cose_key *cose_key = arg;

        if (cbor_isa_uint(key) == true &&
            cbor_int_get_width(key) == CBOR_INT_8) {
                switch (cbor_get_uint8(key)) {
                case 1:
                        if (cbor_isa_uint(val) == false ||
                            cbor_get_int(val) > INT_MAX || cose_key->kty != 0) {
                                fido_log_debug("%s: kty", __func__);
                                return (-1);
                        }

                        cose_key->kty = (int)cbor_get_int(val);

                        break;
                case 3:
                        if (cbor_isa_negint(val) == false ||
                            cbor_get_int(val) > INT_MAX || cose_key->alg != 0) {
                                fido_log_debug("%s: alg", __func__);
                                return (-1);
                        }

                        cose_key->alg = -(int)cbor_get_int(val) - 1;

                        break;
                }
        } else if (cbor_isa_negint(key) == true &&
            cbor_int_get_width(key) == CBOR_INT_8) {
                if (cbor_get_uint8(key) == 0) {
                        /* get crv if not rsa, otherwise ignore */
                        if (cbor_isa_uint(val) == true &&
                            cbor_get_int(val) <= INT_MAX &&
                            cose_key->crv == 0)
                                cose_key->crv = (int)cbor_get_int(val);
                }
        }

        return (0);
}

static int
get_cose_alg(const cbor_item_t *item, int *cose_alg)
{
        struct cose_key cose_key;

        memset(&cose_key, 0, sizeof(cose_key));

        *cose_alg = 0;

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, &cose_key, find_cose_alg) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        switch (cose_key.alg) {
        case COSE_ES256:
                if (cose_key.kty != COSE_KTY_EC2 ||
                    cose_key.crv != COSE_P256) {
                        fido_log_debug("%s: invalid kty/crv", __func__);
                        return (-1);
                }

                break;
        case COSE_EDDSA:
                if (cose_key.kty != COSE_KTY_OKP ||
                    cose_key.crv != COSE_ED25519) {
                        fido_log_debug("%s: invalid kty/crv", __func__);
                        return (-1);
                }

                break;
        case COSE_RS256:
                if (cose_key.kty != COSE_KTY_RSA) {
                        fido_log_debug("%s: invalid kty/crv", __func__);
                        return (-1);
                }

                break;
        default:
                fido_log_debug("%s: unknown alg %d", __func__, cose_key.alg);

                return (-1);
        }

        *cose_alg = cose_key.alg;

        return (0);
}

int
cbor_decode_pubkey(const cbor_item_t *item, int *type, void *key)
{
        if (get_cose_alg(item, type) < 0) {
                fido_log_debug("%s: get_cose_alg", __func__);
                return (-1);
        }

        switch (*type) {
        case COSE_ES256:
                if (es256_pk_decode(item, key) < 0) {
                        fido_log_debug("%s: es256_pk_decode", __func__);
                        return (-1);
                }
                break;
        case COSE_RS256:
                if (rs256_pk_decode(item, key) < 0) {
                        fido_log_debug("%s: rs256_pk_decode", __func__);
                        return (-1);
                }
                break;
        case COSE_EDDSA:
                if (eddsa_pk_decode(item, key) < 0) {
                        fido_log_debug("%s: eddsa_pk_decode", __func__);
                        return (-1);
                }
                break;
        default:
                fido_log_debug("%s: invalid cose_alg %d", __func__, *type);
                return (-1);
        }

        return (0);
}

static int
decode_attcred(const unsigned char **buf, size_t *len, int cose_alg,
    fido_attcred_t *attcred)
{
        cbor_item_t             *item = NULL;
        struct cbor_load_result  cbor;
        uint16_t                 id_len;
        int                      ok = -1;

        fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)*buf,
            *len);

        if (fido_buf_read(buf, len, &attcred->aaguid,
            sizeof(attcred->aaguid)) < 0) {
                fido_log_debug("%s: fido_buf_read aaguid", __func__);
                return (-1);
        }

        if (fido_buf_read(buf, len, &id_len, sizeof(id_len)) < 0) {
                fido_log_debug("%s: fido_buf_read id_len", __func__);
                return (-1);
        }

        attcred->id.len = (size_t)be16toh(id_len);
        if ((attcred->id.ptr = malloc(attcred->id.len)) == NULL)
                return (-1);

        fido_log_debug("%s: attcred->id.len=%zu", __func__, attcred->id.len);

        if (fido_buf_read(buf, len, attcred->id.ptr, attcred->id.len) < 0) {
                fido_log_debug("%s: fido_buf_read id", __func__);
                return (-1);
        }

        if ((item = cbor_load(*buf, *len, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                fido_log_xxd(*buf, *len);
                goto fail;
        }

        if (cbor_decode_pubkey(item, &attcred->type, &attcred->pubkey) < 0) {
                fido_log_debug("%s: cbor_decode_pubkey", __func__);
                goto fail;
        }

        if (attcred->type != cose_alg) {
                fido_log_debug("%s: cose_alg mismatch (%d != %d)", __func__,
                    attcred->type, cose_alg);
                goto fail;
        }

        *buf += cbor.read;
        *len -= cbor.read;

        ok = 0;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (ok);
}

static int
decode_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        int     *authdata_ext = arg;
        char    *type = NULL;
        int      ok = -1;

        if (cbor_string_copy(key, &type) < 0 || strcmp(type, "hmac-secret")) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        if (cbor_isa_float_ctrl(val) == false ||
            cbor_float_get_width(val) != CBOR_FLOAT_0 ||
            cbor_is_bool(val) == false || *authdata_ext != 0) {
                fido_log_debug("%s: cbor type", __func__);
                goto out;
        }

        if (cbor_ctrl_value(val) == CBOR_CTRL_TRUE)
                *authdata_ext |= FIDO_EXT_HMAC_SECRET;

        ok = 0;
out:
        free(type);

        return (ok);
}

static int
decode_extensions(const unsigned char **buf, size_t *len, int *authdata_ext)
{
        cbor_item_t             *item = NULL;
        struct cbor_load_result  cbor;
        int                      ok = -1;

        fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)*buf,
            *len);

        *authdata_ext = 0;

        if ((item = cbor_load(*buf, *len, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                fido_log_xxd(*buf, *len);
                goto fail;
        }

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_size(item) != 1 ||
            cbor_map_iter(item, authdata_ext, decode_extension) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                goto fail;
        }

        *buf += cbor.read;
        *len -= cbor.read;

        ok = 0;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (ok);
}

static int
decode_hmac_secret_aux(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_blob_t     *out = arg;
        char            *type = NULL;
        int              ok = -1;

        if (cbor_string_copy(key, &type) < 0 || strcmp(type, "hmac-secret")) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        ok = cbor_bytestring_copy(val, &out->ptr, &out->len);
out:
        free(type);

        return (ok);
}

static int
decode_hmac_secret(const unsigned char **buf, size_t *len, fido_blob_t *out)
{
        cbor_item_t             *item = NULL;
        struct cbor_load_result  cbor;
        int                      ok = -1;

        fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)*buf,
            *len);

        if ((item = cbor_load(*buf, *len, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                fido_log_xxd(*buf, *len);
                goto fail;
        }

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_size(item) != 1 ||
            cbor_map_iter(item, out, decode_hmac_secret_aux) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                goto fail;
        }

        *buf += cbor.read;
        *len -= cbor.read;

        ok = 0;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (ok);
}

int
cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg,
    fido_blob_t *authdata_cbor, fido_authdata_t *authdata,
    fido_attcred_t *attcred, int *authdata_ext)
{
        const unsigned char     *buf = NULL;
        size_t                   len;
        size_t                   alloc_len;

        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        if (authdata_cbor->ptr != NULL ||
            (authdata_cbor->len = cbor_serialize_alloc(item,
            &authdata_cbor->ptr, &alloc_len)) == 0) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                return (-1);
        }

        buf = cbor_bytestring_handle(item);
        len = cbor_bytestring_length(item);

        fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)buf, len);

        if (fido_buf_read(&buf, &len, authdata, sizeof(*authdata)) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                return (-1);
        }

        authdata->sigcount = be32toh(authdata->sigcount);

        if (attcred != NULL) {
                if ((authdata->flags & CTAP_AUTHDATA_ATT_CRED) == 0 ||
                    decode_attcred(&buf, &len, cose_alg, attcred) < 0)
                        return (-1);
        }

        if (authdata_ext != NULL) {
                if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0 && 
                    decode_extensions(&buf, &len, authdata_ext) < 0)
                        return (-1);
        }

        /* XXX we should probably ensure that len == 0 at this point */

        return (FIDO_OK);
}

int
cbor_decode_assert_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor,
    fido_authdata_t *authdata, int *authdata_ext, fido_blob_t *hmac_secret_enc)
{
        const unsigned char     *buf = NULL;
        size_t                   len;
        size_t                   alloc_len;

        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        if (authdata_cbor->ptr != NULL ||
            (authdata_cbor->len = cbor_serialize_alloc(item,
            &authdata_cbor->ptr, &alloc_len)) == 0) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                return (-1);
        }

        buf = cbor_bytestring_handle(item);
        len = cbor_bytestring_length(item);

        fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)buf, len);

        if (fido_buf_read(&buf, &len, authdata, sizeof(*authdata)) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                return (-1);
        }

        authdata->sigcount = be32toh(authdata->sigcount);

        *authdata_ext = 0;
        if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0) {
                /* XXX semantic leap: extensions -> hmac_secret */
                if (decode_hmac_secret(&buf, &len, hmac_secret_enc) < 0) {
                        fido_log_debug("%s: decode_hmac_secret", __func__);
                        return (-1);
                }
                *authdata_ext = FIDO_EXT_HMAC_SECRET;
        }

        /* XXX we should probably ensure that len == 0 at this point */

        return (FIDO_OK);
}

static int
decode_x5c(const cbor_item_t *item, void *arg)
{
        fido_blob_t *x5c = arg;

        if (x5c->len)
                return (0); /* ignore */

        return (cbor_bytestring_copy(item, &x5c->ptr, &x5c->len));
}

static int
decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_attstmt_t  *attstmt = arg;
        char            *name = NULL;
        int              ok = -1;

        if (cbor_string_copy(key, &name) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        if (!strcmp(name, "alg")) {
                if (cbor_isa_negint(val) == false ||
                    cbor_int_get_width(val) != CBOR_INT_8 ||
                    cbor_get_uint8(val) != -COSE_ES256 - 1) {
                        fido_log_debug("%s: alg", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "sig")) {
                if (cbor_bytestring_copy(val, &attstmt->sig.ptr,
                    &attstmt->sig.len) < 0) {
                        fido_log_debug("%s: sig", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "x5c")) {
                if (cbor_isa_array(val) == false ||
                    cbor_array_is_definite(val) == false ||
                    cbor_array_iter(val, &attstmt->x5c, decode_x5c) < 0) {
                        fido_log_debug("%s: x5c", __func__);
                        goto out;
                }
        }

        ok = 0;
out:
        free(name);

        return (ok);
}

int
cbor_decode_attstmt(const cbor_item_t *item, fido_attstmt_t *attstmt)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, attstmt, decode_attstmt_entry) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

int
cbor_decode_uint64(const cbor_item_t *item, uint64_t *n)
{
        if (cbor_isa_uint(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        *n = cbor_get_int(item);

        return (0);
}

static int
decode_cred_id_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_blob_t     *id = arg;
        char            *name = NULL;
        int              ok = -1;

        if (cbor_string_copy(key, &name) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        if (!strcmp(name, "id"))
                if (cbor_bytestring_copy(val, &id->ptr, &id->len) < 0) {
                        fido_log_debug("%s: cbor_bytestring_copy", __func__);
                        goto out;
                }

        ok = 0;
out:
        free(name);

        return (ok);
}

int
cbor_decode_cred_id(const cbor_item_t *item, fido_blob_t *id)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, id, decode_cred_id_entry) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

static int
decode_user_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_user_t     *user = arg;
        char            *name = NULL;
        int              ok = -1;

        if (cbor_string_copy(key, &name) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        if (!strcmp(name, "icon")) {
                if (cbor_string_copy(val, &user->icon) < 0) {
                        fido_log_debug("%s: icon", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "name")) {
                if (cbor_string_copy(val, &user->name) < 0) {
                        fido_log_debug("%s: name", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "displayName")) {
                if (cbor_string_copy(val, &user->display_name) < 0) {
                        fido_log_debug("%s: display_name", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "id")) {
                if (cbor_bytestring_copy(val, &user->id.ptr, &user->id.len) < 0) {
                        fido_log_debug("%s: id", __func__);
                        goto out;
                }
        }

        ok = 0;
out:
        free(name);

        return (ok);
}

int
cbor_decode_user(const cbor_item_t *item, fido_user_t *user)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, user, decode_user_entry) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

static int
decode_rp_entity_entry(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_rp_t       *rp = arg;
        char            *name = NULL;
        int              ok = -1;

        if (cbor_string_copy(key, &name) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                ok = 0; /* ignore */
                goto out;
        }

        if (!strcmp(name, "id")) {
                if (cbor_string_copy(val, &rp->id) < 0) {
                        fido_log_debug("%s: id", __func__);
                        goto out;
                }
        } else if (!strcmp(name, "name")) {
                if (cbor_string_copy(val, &rp->name) < 0) {
                        fido_log_debug("%s: name", __func__);
                        goto out;
                }
        }

        ok = 0;
out:
        free(name);

        return (ok);
}

int
cbor_decode_rp_entity(const cbor_item_t *item, fido_rp_t *rp)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, rp, decode_rp_entity_entry) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

/home/pedro/projects/libfido2/src/cred.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/x509.h>

#include <string.h>
#include "fido.h"
#include "fido/es256.h"

static int
parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_cred_t *cred = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 1: /* fmt */
                return (cbor_decode_fmt(val, &cred->fmt));
        case 2: /* authdata */
                return (cbor_decode_cred_authdata(val, cred->type,
                    &cred->authdata_cbor, &cred->authdata, &cred->attcred,
                    &cred->authdata_ext));
        case 3: /* attestation statement */
                return (cbor_decode_attstmt(val, &cred->attstmt));
        default: /* ignore */
                fido_log_debug("%s: cbor type", __func__);
                return (0);
        }
}

static int
fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
{
        fido_blob_t      f;
        fido_blob_t     *ecdh = NULL;
        es256_pk_t      *pk = NULL;
        cbor_item_t     *argv[9];
        int              r;

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        if (cred->cdh.ptr == NULL || cred->type == 0) {
                fido_log_debug("%s: cdh=%p, type=%d", __func__,
                    (void *)cred->cdh.ptr, cred->type);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((argv[0] = fido_blob_encode(&cred->cdh)) == NULL ||
            (argv[1] = cbor_encode_rp_entity(&cred->rp)) == NULL ||
            (argv[2] = cbor_encode_user_entity(&cred->user)) == NULL ||
            (argv[3] = cbor_encode_pubkey_param(cred->type)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        /* excluded credentials */
        if (cred->excl.len)
                if ((argv[4] = cbor_encode_pubkey_list(&cred->excl)) == NULL) {
                        fido_log_debug("%s: cbor_encode_pubkey_list", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

        /* extensions */
        if (cred->ext)
                if ((argv[5] = cbor_encode_extensions(cred->ext)) == NULL) {
                        fido_log_debug("%s: cbor_encode_extensions", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

        /* options */
        if (cred->rk != FIDO_OPT_OMIT || cred->uv != FIDO_OPT_OMIT)
                if ((argv[6] = cbor_encode_options(cred->rk,
                    cred->uv)) == NULL) {
                        fido_log_debug("%s: cbor_encode_options", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto fail;
                }

        /* pin authentication */
        if (pin) {
                if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                        fido_log_debug("%s: fido_do_ecdh", __func__);
                        goto fail;
                }
                if ((r = cbor_add_pin_params(dev, &cred->cdh, pk, ecdh, pin,
                    &argv[7], &argv[8])) != FIDO_OK) {
                        fido_log_debug("%s: cbor_add_pin_params", __func__);
                        goto fail;
                }
        }

        /* framing and transmission */
        if (cbor_build_frame(CTAP_CBOR_MAKECRED, argv, 9, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        es256_pk_free(&pk);
        fido_blob_free(&ecdh);
        cbor_vector_free(argv, nitems(argv));
        free(f.ptr);

        return (r);
}

static int
fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        fido_cred_reset_rx(cred);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, cred,
            parse_makecred_reply)) != FIDO_OK) {
                fido_log_debug("%s: parse_makecred_reply", __func__);
                return (r);
        }

        if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) ||
            fido_blob_is_empty(&cred->attcred.id) ||
            fido_blob_is_empty(&cred->attstmt.sig)) {
                fido_cred_reset_rx(cred);
                return (FIDO_ERR_INVALID_CBOR);
        }

        return (FIDO_OK);
}

static int
fido_dev_make_cred_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin, int ms)
{
        int  r;

        if ((r = fido_dev_make_cred_tx(dev, cred, pin)) != FIDO_OK ||
            (r = fido_dev_make_cred_rx(dev, cred, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
{
        if (fido_dev_is_fido2(dev) == false) {
                if (pin != NULL || cred->rk == FIDO_OPT_TRUE || cred->ext != 0)
                        return (FIDO_ERR_UNSUPPORTED_OPTION);
                return (u2f_register(dev, cred, -1));
        }

        return (fido_dev_make_cred_wait(dev, cred, pin, -1));
}

static int
check_extensions(int authdata_ext, int ext)
{
        if (authdata_ext != ext) {
                fido_log_debug("%s: authdata_ext=0x%x != ext=0x%x", __func__,
                    authdata_ext, ext);
                return (-1);
        }

        return (0);
}

int
fido_check_rp_id(const char *id, const unsigned char *obtained_hash)
{
        unsigned char expected_hash[SHA256_DIGEST_LENGTH];

        explicit_bzero(expected_hash, sizeof(expected_hash));

        if (SHA256((const unsigned char *)id, strlen(id),
            expected_hash) != expected_hash) {
                fido_log_debug("%s: sha256", __func__);
                return (-1);
        }

        return (timingsafe_bcmp(expected_hash, obtained_hash,
            SHA256_DIGEST_LENGTH));
}

static int
get_signed_hash_packed(fido_blob_t *dgst, const fido_blob_t *clientdata,
    const fido_blob_t *authdata_cbor)
{
        cbor_item_t             *item = NULL;
        unsigned char           *authdata_ptr = NULL;
        size_t                   authdata_len;
        struct cbor_load_result  cbor;
        SHA256_CTX               ctx;
        int                      ok = -1;

        if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len,
            &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                goto fail;
        }

        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                goto fail;
        }

        authdata_ptr = cbor_bytestring_handle(item);
        authdata_len = cbor_bytestring_length(item);

        if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
            SHA256_Update(&ctx, authdata_ptr, authdata_len) == 0 ||
            SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 ||
            SHA256_Final(dgst->ptr, &ctx) == 0) {
                fido_log_debug("%s: sha256", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (item != NULL)
                cbor_decref(&item);

        return (ok);
}

static int
get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id,
    size_t rp_id_len, const fido_blob_t *clientdata, const fido_blob_t *id,
    const es256_pk_t *pk)
{
        const uint8_t           zero = 0;
        const uint8_t           four = 4; /* uncompressed point */
        SHA256_CTX              ctx;

        if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
            SHA256_Update(&ctx, &zero, sizeof(zero)) == 0 ||
            SHA256_Update(&ctx, rp_id, rp_id_len) == 0 ||
            SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 ||
            SHA256_Update(&ctx, id->ptr, id->len) == 0 ||
            SHA256_Update(&ctx, &four, sizeof(four)) == 0 ||
            SHA256_Update(&ctx, pk->x, sizeof(pk->x)) == 0 ||
            SHA256_Update(&ctx, pk->y, sizeof(pk->y)) == 0 ||
            SHA256_Final(dgst->ptr, &ctx) == 0) {
                fido_log_debug("%s: sha256", __func__);
                return (-1);
        }

        return (0);
}

static int
verify_sig(const fido_blob_t *dgst, const fido_blob_t *x5c,
    const fido_blob_t *sig)
{
        BIO             *rawcert = NULL;
        X509            *cert = NULL;
        EVP_PKEY        *pkey = NULL;
        EC_KEY          *ec;
        int              ok = -1;

        /* openssl needs ints */
        if (dgst->len > INT_MAX || x5c->len > INT_MAX || sig->len > INT_MAX) {
                fido_log_debug("%s: dgst->len=%zu, x5c->len=%zu, sig->len=%zu",
                    __func__, dgst->len, x5c->len, sig->len);
                return (-1);
        }

        /* fetch key from x509 */
        if ((rawcert = BIO_new_mem_buf(x5c->ptr, (int)x5c->len)) == NULL ||
            (cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
            (pkey = X509_get_pubkey(cert)) == NULL ||
            (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
                fido_log_debug("%s: x509 key", __func__);
                goto fail;
        }

        if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr,
            (int)sig->len, ec) != 1) {
                fido_log_debug("%s: ECDSA_verify", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (rawcert != NULL)
                BIO_free(rawcert);
        if (cert != NULL)
                X509_free(cert);
        if (pkey != NULL)
                EVP_PKEY_free(pkey);

        return (ok);
}

int
fido_cred_verify(const fido_cred_t *cred)
{
        unsigned char   buf[SHA256_DIGEST_LENGTH];
        fido_blob_t     dgst;
        int             r;

        dgst.ptr = buf;
        dgst.len = sizeof(buf);

        /* do we have everything we need? */
        if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
            cred->attstmt.x5c.ptr == NULL || cred->attstmt.sig.ptr == NULL ||
            cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
            cred->rp.id == NULL) {
                fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
                    "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
                    (void *)cred->authdata_cbor.ptr,
                    (void *)cred->attstmt.x5c.ptr,
                    (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
                    (void *)cred->attcred.id.ptr, cred->rp.id);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto out;
        }

        if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
                fido_log_debug("%s: fido_check_rp_id", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
            cred->uv) < 0) {
                fido_log_debug("%s: fido_check_flags", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (check_extensions(cred->authdata_ext, cred->ext) < 0) {
                fido_log_debug("%s: check_extensions", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (!strcmp(cred->fmt, "packed")) {
                if (get_signed_hash_packed(&dgst, &cred->cdh,
                    &cred->authdata_cbor) < 0) {
                        fido_log_debug("%s: get_signed_hash_packed", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto out;
                }
        } else {
                if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
                    sizeof(cred->authdata.rp_id_hash), &cred->cdh,
                    &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
                        fido_log_debug("%s: get_signed_hash_u2f", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto out;
                }
        }

        if (verify_sig(&dgst, &cred->attstmt.x5c, &cred->attstmt.sig) < 0) {
                fido_log_debug("%s: verify_sig", __func__);
                r = FIDO_ERR_INVALID_SIG;
                goto out;
        }

        r = FIDO_OK;
out:
        explicit_bzero(buf, sizeof(buf));

        return (r);
}

int
fido_cred_verify_self(const fido_cred_t *cred)
{
        unsigned char   buf[SHA256_DIGEST_LENGTH];
        fido_blob_t     dgst;
        int             ok = -1;
        int             r;

        dgst.ptr = buf;
        dgst.len = sizeof(buf);

        /* do we have everything we need? */
        if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
            cred->attstmt.x5c.ptr != NULL || cred->attstmt.sig.ptr == NULL ||
            cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
            cred->rp.id == NULL) {
                fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
                    "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
                    (void *)cred->authdata_cbor.ptr,
                    (void *)cred->attstmt.x5c.ptr,
                    (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
                    (void *)cred->attcred.id.ptr, cred->rp.id);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto out;
        }

        if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
                fido_log_debug("%s: fido_check_rp_id", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
            cred->uv) < 0) {
                fido_log_debug("%s: fido_check_flags", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (check_extensions(cred->authdata_ext, cred->ext) < 0) {
                fido_log_debug("%s: check_extensions", __func__);
                r = FIDO_ERR_INVALID_PARAM;
                goto out;
        }

        if (!strcmp(cred->fmt, "packed")) {
                if (get_signed_hash_packed(&dgst, &cred->cdh,
                    &cred->authdata_cbor) < 0) {
                        fido_log_debug("%s: get_signed_hash_packed", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto out;
                }
        } else {
                if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
                    sizeof(cred->authdata.rp_id_hash), &cred->cdh,
                    &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
                        fido_log_debug("%s: get_signed_hash_u2f", __func__);
                        r = FIDO_ERR_INTERNAL;
                        goto out;
                }
        }

        switch (cred->attcred.type) {
        case COSE_ES256:
                ok = fido_verify_sig_es256(&dgst, &cred->attcred.pubkey.es256,
                    &cred->attstmt.sig);
                break;
        case COSE_RS256:
                ok = fido_verify_sig_rs256(&dgst, &cred->attcred.pubkey.rs256,
                    &cred->attstmt.sig);
                break;
        case COSE_EDDSA:
                ok = fido_verify_sig_eddsa(&dgst, &cred->attcred.pubkey.eddsa,
                    &cred->attstmt.sig);
                break;
        default:
                fido_log_debug("%s: unsupported cose_alg %d", __func__,
                    cred->attcred.type);
                r = FIDO_ERR_UNSUPPORTED_OPTION;
                goto out;
        }

        if (ok < 0)
                r = FIDO_ERR_INVALID_SIG;
        else
                r = FIDO_OK;

out:
        explicit_bzero(buf, sizeof(buf));

        return (r);
}

fido_cred_t *
fido_cred_new(void)
{
        return (calloc(1, sizeof(fido_cred_t)));
}

static void
fido_cred_clean_authdata(fido_cred_t *cred)
{
        free(cred->authdata_cbor.ptr);
        free(cred->attcred.id.ptr);

        memset(&cred->authdata_ext, 0, sizeof(cred->authdata_ext));
        memset(&cred->authdata_cbor, 0, sizeof(cred->authdata_cbor));
        memset(&cred->authdata, 0, sizeof(cred->authdata));
        memset(&cred->attcred, 0, sizeof(cred->attcred));
}

void
fido_cred_reset_tx(fido_cred_t *cred)
{
        free(cred->cdh.ptr);
        free(cred->rp.id);
        free(cred->rp.name);
        free(cred->user.id.ptr);
        free(cred->user.icon);
        free(cred->user.name);
        free(cred->user.display_name);
        fido_free_blob_array(&cred->excl);

        memset(&cred->cdh, 0, sizeof(cred->cdh));
        memset(&cred->rp, 0, sizeof(cred->rp));
        memset(&cred->user, 0, sizeof(cred->user));
        memset(&cred->excl, 0, sizeof(cred->excl));

        cred->type = 0;
        cred->ext = 0;
        cred->rk = FIDO_OPT_OMIT;
        cred->uv = FIDO_OPT_OMIT;
}

static void
fido_cred_clean_x509(fido_cred_t *cred)
{
        free(cred->attstmt.x5c.ptr);
        cred->attstmt.x5c.ptr = NULL;
        cred->attstmt.x5c.len = 0;
}

static void
fido_cred_clean_sig(fido_cred_t *cred)
{
        free(cred->attstmt.sig.ptr);
        cred->attstmt.sig.ptr = NULL;
        cred->attstmt.sig.len = 0;
}

void
fido_cred_reset_rx(fido_cred_t *cred)
{
        free(cred->fmt);
        cred->fmt = NULL;

        fido_cred_clean_authdata(cred);
        fido_cred_clean_x509(cred);
        fido_cred_clean_sig(cred);
}

void
fido_cred_free(fido_cred_t **cred_p)
{
        fido_cred_t *cred;

        if (cred_p == NULL || (cred = *cred_p) == NULL)
                return;

        fido_cred_reset_tx(cred);
        fido_cred_reset_rx(cred);

        free(cred);

        *cred_p = NULL;
}

int
fido_cred_set_authdata(fido_cred_t *cred, const unsigned char *ptr, size_t len)
{
        cbor_item_t             *item = NULL;
        struct cbor_load_result  cbor;
        int                      r;

        fido_cred_clean_authdata(cred);

        if (ptr == NULL || len == 0) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
                fido_log_debug("%s: cbor_load", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
            &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
                fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (item != NULL)
                cbor_decref(&item);

        if (r != FIDO_OK)
                fido_cred_clean_authdata(cred);

        return (r);

}

int
fido_cred_set_authdata_raw(fido_cred_t *cred, const unsigned char *ptr,
    size_t len)
{
        cbor_item_t             *item = NULL;
        int                      r;

        fido_cred_clean_authdata(cred);

        if (ptr == NULL || len == 0) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((item = cbor_build_bytestring(ptr, len)) == NULL) {
                fido_log_debug("%s: cbor_build_bytestring", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
            &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
                fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (item != NULL)
                cbor_decref(&item);

        if (r != FIDO_OK)
                fido_cred_clean_authdata(cred);

        return (r);

}

int
fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len)
{
        unsigned char *x509;

        fido_cred_clean_x509(cred);

        if (ptr == NULL || len == 0)
                return (FIDO_ERR_INVALID_ARGUMENT);
        if ((x509 = malloc(len)) == NULL)
                return (FIDO_ERR_INTERNAL);

        memcpy(x509, ptr, len);
        cred->attstmt.x5c.ptr = x509;
        cred->attstmt.x5c.len = len;

        return (FIDO_OK);
}

int
fido_cred_set_sig(fido_cred_t *cred, const unsigned char *ptr, size_t len)
{
        unsigned char *sig;

        fido_cred_clean_sig(cred);

        if (ptr == NULL || len == 0)
                return (FIDO_ERR_INVALID_ARGUMENT);
        if ((sig = malloc(len)) == NULL)
                return (FIDO_ERR_INTERNAL);

        memcpy(sig, ptr, len);
        cred->attstmt.sig.ptr = sig;
        cred->attstmt.sig.len = len;

        return (FIDO_OK);
}

int
fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
{
        fido_blob_t id_blob;
        fido_blob_t *list_ptr;

        memset(&id_blob, 0, sizeof(id_blob));

        if (fido_blob_set(&id_blob, id_ptr, id_len) < 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if (cred->excl.len == SIZE_MAX) {
                free(id_blob.ptr);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        if ((list_ptr = recallocarray(cred->excl.ptr, cred->excl.len,
            cred->excl.len + 1, sizeof(fido_blob_t))) == NULL) {
                free(id_blob.ptr);
                return (FIDO_ERR_INTERNAL);
        }

        list_ptr[cred->excl.len++] = id_blob;
        cred->excl.ptr = list_ptr;

        return (FIDO_OK);
}

int
fido_cred_set_clientdata_hash(fido_cred_t *cred, const unsigned char *hash,
    size_t hash_len)
{
        if (fido_blob_set(&cred->cdh, hash, hash_len) < 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (FIDO_OK);
}

int
fido_cred_set_rp(fido_cred_t *cred, const char *id, const char *name)
{
        fido_rp_t *rp = &cred->rp;

        if (rp->id != NULL) {
                free(rp->id);
                rp->id = NULL;
        }
        if (rp->name != NULL) {
                free(rp->name);
                rp->name = NULL;
        }

        if (id != NULL && (rp->id = strdup(id)) == NULL)
                goto fail;
        if (name != NULL && (rp->name = strdup(name)) == NULL)
                goto fail;

        return (FIDO_OK);
fail:
        free(rp->id);
        free(rp->name);
        rp->id = NULL;
        rp->name = NULL;

        return (FIDO_ERR_INTERNAL);
}

int
fido_cred_set_user(fido_cred_t *cred, const unsigned char *user_id,
    size_t user_id_len, const char *name, const char *display_name,
    const char *icon)
{
        fido_user_t *up = &cred->user;

        if (up->id.ptr != NULL) {
                free(up->id.ptr);
                up->id.ptr = NULL;
                up->id.len = 0;
        }
        if (up->name != NULL) {
                free(up->name);
                up->name = NULL;
        }
        if (up->display_name != NULL) {
                free(up->display_name);
                up->display_name = NULL;
        }
        if (up->icon != NULL) {
                free(up->icon);
                up->icon = NULL;
        }

        if (user_id != NULL) {
                if ((up->id.ptr = malloc(user_id_len)) == NULL)
                        goto fail;
                memcpy(up->id.ptr, user_id, user_id_len);
                up->id.len = user_id_len;
        }
        if (name != NULL && (up->name = strdup(name)) == NULL)
                goto fail;
        if (display_name != NULL &&
            (up->display_name = strdup(display_name)) == NULL)
                goto fail;
        if (icon != NULL && (up->icon = strdup(icon)) == NULL)
                goto fail;

        return (FIDO_OK);
fail:
        free(up->id.ptr);
        free(up->name);
        free(up->display_name);
        free(up->icon);

        up->id.ptr = NULL;
        up->id.len = 0;
        up->name = NULL;
        up->display_name = NULL;
        up->icon = NULL;

        return (FIDO_ERR_INTERNAL);
}

int
fido_cred_set_extensions(fido_cred_t *cred, int ext)
{
        if (ext != 0 && ext != FIDO_EXT_HMAC_SECRET)
                return (FIDO_ERR_INVALID_ARGUMENT);

        cred->ext = ext;

        return (FIDO_OK);
}

int
fido_cred_set_options(fido_cred_t *cred, bool rk, bool uv)
{
        cred->rk = rk ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
        cred->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;

        return (FIDO_OK);
}

int
fido_cred_set_rk(fido_cred_t *cred, fido_opt_t rk)
{
        cred->rk = rk;

        return (FIDO_OK);
}

int
fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv)
{
        cred->uv = uv;

        return (FIDO_OK);
}

int
fido_cred_set_fmt(fido_cred_t *cred, const char *fmt)
{
        free(cred->fmt);
        cred->fmt = NULL;

        if (fmt == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if (strcmp(fmt, "packed") && strcmp(fmt, "fido-u2f"))
                return (FIDO_ERR_INVALID_ARGUMENT);

        if ((cred->fmt = strdup(fmt)) == NULL)
                return (FIDO_ERR_INTERNAL);

        return (FIDO_OK);
}

int
fido_cred_set_type(fido_cred_t *cred, int cose_alg)
{
        if ((cose_alg != COSE_ES256 && cose_alg != COSE_RS256 &&
            cose_alg != COSE_EDDSA) || cred->type != 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        cred->type = cose_alg;

        return (FIDO_OK);
}

int
fido_cred_type(const fido_cred_t *cred)
{
        return (cred->type);
}

uint8_t
fido_cred_flags(const fido_cred_t *cred)
{
        return (cred->authdata.flags);
}

const unsigned char *
fido_cred_clientdata_hash_ptr(const fido_cred_t *cred)
{
        return (cred->cdh.ptr);
}

size_t
fido_cred_clientdata_hash_len(const fido_cred_t *cred)
{
        return (cred->cdh.len);
}

const unsigned char *
fido_cred_x5c_ptr(const fido_cred_t *cred)
{
        return (cred->attstmt.x5c.ptr);
}

size_t
fido_cred_x5c_len(const fido_cred_t *cred)
{
        return (cred->attstmt.x5c.len);
}

const unsigned char *
fido_cred_sig_ptr(const fido_cred_t *cred)
{
        return (cred->attstmt.sig.ptr);
}

size_t
fido_cred_sig_len(const fido_cred_t *cred)
{
        return (cred->attstmt.sig.len);
}

const unsigned char *
fido_cred_authdata_ptr(const fido_cred_t *cred)
{
        return (cred->authdata_cbor.ptr);
}

size_t
fido_cred_authdata_len(const fido_cred_t *cred)
{
        return (cred->authdata_cbor.len);
}

const unsigned char *
fido_cred_pubkey_ptr(const fido_cred_t *cred)
{
        const void *ptr;

        switch (cred->attcred.type) {
        case COSE_ES256:
                ptr = &cred->attcred.pubkey.es256;
                break;
        case COSE_RS256:
                ptr = &cred->attcred.pubkey.rs256;
                break;
        case COSE_EDDSA:
                ptr = &cred->attcred.pubkey.eddsa;
                break;
        default:
                ptr = NULL;
                break;
        }

        return (ptr);
}

size_t
fido_cred_pubkey_len(const fido_cred_t *cred)
{
        size_t len;

        switch (cred->attcred.type) {
        case COSE_ES256:
                len = sizeof(cred->attcred.pubkey.es256);
                break;
        case COSE_RS256:
                len = sizeof(cred->attcred.pubkey.rs256);
                break;
        case COSE_EDDSA:
                len = sizeof(cred->attcred.pubkey.eddsa);
                break;
        default:
                len = 0;
                break;
        }

        return (len);
}

const unsigned char *
fido_cred_id_ptr(const fido_cred_t *cred)
{
        return (cred->attcred.id.ptr);
}

size_t
fido_cred_id_len(const fido_cred_t *cred)
{
        return (cred->attcred.id.len);
}

const char *
fido_cred_fmt(const fido_cred_t *cred)
{
        return (cred->fmt);
}

const char *
fido_cred_rp_id(const fido_cred_t *cred)
{
        return (cred->rp.id);
}

const char *
fido_cred_rp_name(const fido_cred_t *cred)
{
        return (cred->rp.name);
}

const char *
fido_cred_user_name(const fido_cred_t *cred)
{
        return (cred->user.name);
}

const char *
fido_cred_display_name(const fido_cred_t *cred)
{
        return (cred->user.display_name);
}

const unsigned char *
fido_cred_user_id_ptr(const fido_cred_t *cred)
{
        return (cred->user.id.ptr);
}

size_t
fido_cred_user_id_len(const fido_cred_t *cred)
{
        return (cred->user.id.len);
}

/home/pedro/projects/libfido2/src/credman.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/sha.h>

#include <string.h>

#include "fido.h"
#include "fido/credman.h"
#include "fido/es256.h"

#define CMD_CRED_METADATA       0x01
#define CMD_RP_BEGIN            0x02
#define CMD_RP_NEXT             0x03
#define CMD_RK_BEGIN            0x04
#define CMD_RK_NEXT             0x05
#define CMD_DELETE_CRED         0x06

static int
credman_grow_array(void **ptr, size_t *n_alloc, size_t *n_rx, size_t n,
    size_t size)
{
        void *new_ptr;

#ifdef FIDO_FUZZ
        if (n > UINT8_MAX) {
                fido_log_debug("%s: n > UINT8_MAX", __func__);
                return (-1);
        }
#endif

        if (n < *n_alloc)
                return (0);

        /* sanity check */
        if (*n_rx > 0 || *n_rx > *n_alloc || n < *n_alloc) {
                fido_log_debug("%s: n=%zu, n_rx=%zu, n_alloc=%zu", __func__, n,
                    *n_rx, *n_alloc);
                return (-1);
        }

        if ((new_ptr = recallocarray(*ptr, *n_alloc, n, size)) == NULL)
                return (-1);

        *ptr = new_ptr;
        *n_alloc = n;

        return (0);
}

static int
credman_prepare_hmac(uint8_t cmd, const fido_blob_t *body, cbor_item_t **param,
    fido_blob_t *hmac_data)
{
        cbor_item_t *param_cbor[2];
        size_t n;
        int ok = -1;

        memset(&param_cbor, 0, sizeof(param_cbor));

        if (body == NULL)
                return (fido_blob_set(hmac_data, &cmd, sizeof(cmd)));

        switch (cmd) {
        case CMD_RK_BEGIN:
                n = 1;
                param_cbor[n - 1] = fido_blob_encode(body);
                break;
        case CMD_DELETE_CRED:
                n = 2;
                param_cbor[n - 1] = cbor_encode_pubkey(body);
                break;
        default:
                fido_log_debug("%s: unknown cmd=0x%02x", __func__, cmd);
                return (-1);
        }

        if (param_cbor[n - 1] == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                return (-1);
        }
        if ((*param = cbor_flatten_vector(param_cbor, n)) == NULL) {
                fido_log_debug("%s: cbor_flatten_vector", __func__);
                goto fail;
        }
        if (cbor_build_frame(cmd, param_cbor, n, hmac_data) < 0) {
                fido_log_debug("%s: cbor_build_frame", __func__);
                goto fail;
        }

        ok = 0;
fail:
        cbor_vector_free(param_cbor, nitems(param_cbor));

        return (ok);
}

static int
credman_tx(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *param,
    const char *pin)
{
        fido_blob_t      f;
        fido_blob_t     *ecdh = NULL;
        fido_blob_t      hmac;
        es256_pk_t      *pk = NULL;
        cbor_item_t     *argv[4];
        int              r = FIDO_ERR_INTERNAL;

        memset(&f, 0, sizeof(f));
        memset(&hmac, 0, sizeof(hmac));
        memset(&argv, 0, sizeof(argv));

        /* subCommand */
        if ((argv[0] = cbor_build_uint8(cmd)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                goto fail;
        }

        /* pinProtocol, pinAuth */
        if (pin != NULL) {
                if (credman_prepare_hmac(cmd, param, &argv[1], &hmac) < 0) {
                        fido_log_debug("%s: credman_prepare_hmac", __func__);
                        goto fail;
                }
                if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                        fido_log_debug("%s: fido_do_ecdh", __func__);
                        goto fail;
                }
                if ((r = cbor_add_pin_params(dev, &hmac, pk, ecdh, pin,
                    &argv[3], &argv[2])) != FIDO_OK) {
                        fido_log_debug("%s: cbor_add_pin_params", __func__);
                        goto fail;
                }
        }

        /* framing and transmission */
        if (cbor_build_frame(CTAP_CBOR_CRED_MGMT_PRE, argv, 4, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        es256_pk_free(&pk);
        fido_blob_free(&ecdh);
        cbor_vector_free(argv, nitems(argv));
        free(f.ptr);
        free(hmac.ptr);

        return (r);
}

static int
credman_parse_metadata(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_credman_metadata_t *metadata = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 1:
                return (cbor_decode_uint64(val, &metadata->rk_existing));
        case 2:
                return (cbor_decode_uint64(val, &metadata->rk_remaining));
        default:
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }
}

static int
credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[512];
        int             reply_len;
        int             r;

        memset(metadata, 0, sizeof(*metadata));

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, metadata,
            credman_parse_metadata)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_metadata", __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
credman_get_metadata_wait(fido_dev_t *dev, fido_credman_metadata_t *metadata,
    const char *pin, int ms)
{
        int r;

        if ((r = credman_tx(dev, CMD_CRED_METADATA, NULL, pin)) != FIDO_OK ||
            (r = credman_rx_metadata(dev, metadata, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata,
    const char *pin)
{
        if (fido_dev_is_fido2(dev) == false)
                return (FIDO_ERR_INVALID_COMMAND);
        if (pin == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (credman_get_metadata_wait(dev, metadata, pin, -1));
}

static int
credman_parse_rk(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_cred_t *cred = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 6: /* user entity */
                return (cbor_decode_user(val, &cred->user));
        case 7:
                return (cbor_decode_cred_id(val, &cred->attcred.id));
        case 8:
                if (cbor_decode_pubkey(val, &cred->attcred.type,
                    &cred->attcred.pubkey) < 0)
                        return (-1);
                cred->type = cred->attcred.type; /* XXX */
                return (0);
        default:
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }
}

static void
credman_reset_rk(fido_credman_rk_t *rk)
{
        for (size_t i = 0; i < rk->n_alloc; i++) {
                fido_cred_reset_tx(&rk->ptr[i]);
                fido_cred_reset_rx(&rk->ptr[i]);
        }

        free(rk->ptr);
        rk->ptr = NULL;
        memset(rk, 0, sizeof(*rk));
}

static int
credman_parse_rk_count(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_credman_rk_t *rk = arg;
        uint64_t n;

        /* totalCredentials */
        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 9) {
                fido_log_debug("%s: cbor_type", __func__);
                return (0); /* ignore */
        }

        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
                fido_log_debug("%s: cbor_decode_uint64", __func__);
                return (-1);
        }

        if (credman_grow_array((void **)&rk->ptr, &rk->n_alloc, &rk->n_rx,
            (size_t)n, sizeof(*rk->ptr)) < 0) {
                fido_log_debug("%s: credman_grow_array", __func__);
                return (-1);
        }

        return (0);
}

static int
credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        credman_reset_rk(rk);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* adjust as needed */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, rk,
            credman_parse_rk_count)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rk_count", __func__);
                return (r);
        }

        if (rk->n_alloc == 0) {
                fido_log_debug("%s: n_alloc=0", __func__);
                return (FIDO_OK);
        }

        /* parse the first rk */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rk->ptr[0],
            credman_parse_rk)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rk", __func__);
                return (r);
        }

        rk->n_rx++;

        return (FIDO_OK);
}

static int
credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* sanity check */
        if (rk->n_rx >= rk->n_alloc) {
                fido_log_debug("%s: n_rx=%zu, n_alloc=%zu", __func__, rk->n_rx,
                    rk->n_alloc);
                return (FIDO_ERR_INTERNAL);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rk->ptr[rk->n_rx],
            credman_parse_rk)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rk", __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
credman_get_rk_wait(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk,
    const char *pin, int ms)
{
        fido_blob_t     rp_dgst;
        uint8_t         dgst[SHA256_DIGEST_LENGTH];
        int             r;

        if (SHA256((const unsigned char *)rp_id, strlen(rp_id), dgst) != dgst) {
                fido_log_debug("%s: sha256", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        rp_dgst.ptr = dgst;
        rp_dgst.len = sizeof(dgst);

        if ((r = credman_tx(dev, CMD_RK_BEGIN, &rp_dgst, pin)) != FIDO_OK ||
            (r = credman_rx_rk(dev, rk, ms)) != FIDO_OK)
                return (r);

        while (rk->n_rx < rk->n_alloc) {
                if ((r = credman_tx(dev, CMD_RK_NEXT, NULL, NULL)) != FIDO_OK ||
                    (r = credman_rx_next_rk(dev, rk, ms)) != FIDO_OK)
                        return (r);
                rk->n_rx++;
        }

        return (FIDO_OK);
}

int
fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id,
    fido_credman_rk_t *rk, const char *pin)
{
        if (fido_dev_is_fido2(dev) == false)
                return (FIDO_ERR_INVALID_COMMAND);
        if (pin == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (credman_get_rk_wait(dev, rp_id, rk, pin, -1));
}

static int
credman_del_rk_wait(fido_dev_t *dev, const unsigned char *cred_id,
    size_t cred_id_len, const char *pin, int ms)
{
        fido_blob_t cred;
        int r;

        memset(&cred, 0, sizeof(cred));

        if (fido_blob_set(&cred, cred_id, cred_id_len) < 0)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if ((r = credman_tx(dev, CMD_DELETE_CRED, &cred, pin)) != FIDO_OK ||
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK)
                goto fail;

        r = FIDO_OK;
fail:
        free(cred.ptr);

        return (r);
}

int
fido_credman_del_dev_rk(fido_dev_t *dev, const unsigned char *cred_id,
    size_t cred_id_len, const char *pin)
{
        if (fido_dev_is_fido2(dev) == false)
                return (FIDO_ERR_INVALID_COMMAND);
        if (pin == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (credman_del_rk_wait(dev, cred_id, cred_id_len, pin, -1));
}

static int
credman_parse_rp(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        struct fido_credman_single_rp *rp = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 3:
                return (cbor_decode_rp_entity(val, &rp->rp_entity));
        case 4:
                return (fido_blob_decode(val, &rp->rp_id_hash));
        default:
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }
}

static void
credman_reset_rp(fido_credman_rp_t *rp)
{
        for (size_t i = 0; i < rp->n_alloc; i++) {
                free(rp->ptr[i].rp_entity.id);
                free(rp->ptr[i].rp_entity.name);
                rp->ptr[i].rp_entity.id = NULL;
                rp->ptr[i].rp_entity.name = NULL;
                free(rp->ptr[i].rp_id_hash.ptr);
                memset(&rp->ptr[i].rp_id_hash, 0,
                    sizeof(rp->ptr[i].rp_id_hash));
        }

        free(rp->ptr);
        rp->ptr = NULL;
        memset(rp, 0, sizeof(*rp));
}

static int
credman_parse_rp_count(const cbor_item_t *key, const cbor_item_t *val,
    void *arg)
{
        fido_credman_rp_t *rp = arg;
        uint64_t n;

        /* totalRPs */
        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 5) {
                fido_log_debug("%s: cbor_type", __func__);
                return (0); /* ignore */
        }

        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
                fido_log_debug("%s: cbor_decode_uint64", __func__);
                return (-1);
        }

        if (credman_grow_array((void **)&rp->ptr, &rp->n_alloc, &rp->n_rx,
            (size_t)n, sizeof(*rp->ptr)) < 0) {
                fido_log_debug("%s: credman_grow_array", __func__);
                return (-1);
        }

        return (0);
}

static int
credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        credman_reset_rp(rp);

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* adjust as needed */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, rp,
            credman_parse_rp_count)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rp_count", __func__);
                return (r);
        }

        if (rp->n_alloc == 0) {
                fido_log_debug("%s: n_alloc=0", __func__);
                return (FIDO_OK);
        }

        /* parse the first rp */
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rp->ptr[0],
            credman_parse_rp)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rp", __func__);
                return (r);
        }

        rp->n_rx++;

        return (FIDO_OK);
}

static int
credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;
        int             r;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        /* sanity check */
        if (rp->n_rx >= rp->n_alloc) {
                fido_log_debug("%s: n_rx=%zu, n_alloc=%zu", __func__, rp->n_rx,
                    rp->n_alloc);
                return (FIDO_ERR_INTERNAL);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rp->ptr[rp->n_rx],
            credman_parse_rp)) != FIDO_OK) {
                fido_log_debug("%s: credman_parse_rp", __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
credman_get_rp_wait(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin,
    int ms)
{
        int r;

        if ((r = credman_tx(dev, CMD_RP_BEGIN, NULL, pin)) != FIDO_OK ||
            (r = credman_rx_rp(dev, rp, ms)) != FIDO_OK)
                return (r);

        while (rp->n_rx < rp->n_alloc) {
                if ((r = credman_tx(dev, CMD_RP_NEXT, NULL, NULL)) != FIDO_OK ||
                    (r = credman_rx_next_rp(dev, rp, ms)) != FIDO_OK)
                        return (r);
                rp->n_rx++;
        }

        return (FIDO_OK);
}

int
fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin)
{
        if (fido_dev_is_fido2(dev) == false)
                return (FIDO_ERR_INVALID_COMMAND);
        if (pin == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        return (credman_get_rp_wait(dev, rp, pin, -1));
}

fido_credman_rk_t *
fido_credman_rk_new(void)
{
        return (calloc(1, sizeof(fido_credman_rk_t)));
}

void
fido_credman_rk_free(fido_credman_rk_t **rk_p)
{
        fido_credman_rk_t *rk;

        if (rk_p == NULL || (rk = *rk_p) == NULL)
                return;

        credman_reset_rk(rk);
        free(rk);
        *rk_p = NULL;
}

size_t
fido_credman_rk_count(const fido_credman_rk_t *rk)
{
        return (rk->n_rx);
}

const fido_cred_t *
fido_credman_rk(const fido_credman_rk_t *rk, size_t idx)
{
        if (idx >= rk->n_alloc)
                return (NULL);

        return (&rk->ptr[idx]);
}

fido_credman_metadata_t *
fido_credman_metadata_new(void)
{
        return (calloc(1, sizeof(fido_credman_metadata_t)));
}

void
fido_credman_metadata_free(fido_credman_metadata_t **metadata_p)
{
        fido_credman_metadata_t *metadata;

        if (metadata_p == NULL || (metadata = *metadata_p) == NULL)
                return;

        free(metadata);
        *metadata_p = NULL;
}

uint64_t
fido_credman_rk_existing(const fido_credman_metadata_t *metadata)
{
        return (metadata->rk_existing);
}

uint64_t
fido_credman_rk_remaining(const fido_credman_metadata_t *metadata)
{
        return (metadata->rk_remaining);
}

fido_credman_rp_t *
fido_credman_rp_new(void)
{
        return (calloc(1, sizeof(fido_credman_rp_t)));
}

void
fido_credman_rp_free(fido_credman_rp_t **rp_p)
{
        fido_credman_rp_t *rp;

        if (rp_p == NULL || (rp = *rp_p) == NULL)
                return;

        credman_reset_rp(rp);
        free(rp);
        *rp_p = NULL;
}

size_t
fido_credman_rp_count(const fido_credman_rp_t *rp)
{
        return (rp->n_rx);
}

const char *
fido_credman_rp_id(const fido_credman_rp_t *rp, size_t idx)
{
        if (idx >= rp->n_alloc)
                return (NULL);

        return (rp->ptr[idx].rp_entity.id);
}

const char *
fido_credman_rp_name(const fido_credman_rp_t *rp, size_t idx)
{
        if (idx >= rp->n_alloc)
                return (NULL);

        return (rp->ptr[idx].rp_entity.name);
}

size_t
fido_credman_rp_id_hash_len(const fido_credman_rp_t *rp, size_t idx)
{
        if (idx >= rp->n_alloc)
                return (0);

        return (rp->ptr[idx].rp_id_hash.len);
}

const unsigned char *
fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx)
{
        if (idx >= rp->n_alloc)
                return (NULL);

        return (rp->ptr[idx].rp_id_hash.ptr);
}

/home/pedro/projects/libfido2/src/dev.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <sys/types.h>
#include <sys/stat.h>

#include <fcntl.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

#include "fido.h"

#if defined(_WIN32)
#include <windows.h>

#include <winternl.h>
#include <winerror.h>
#include <stdio.h>
#include <bcrypt.h>
#include <sal.h>

static int
obtain_nonce(uint64_t *nonce)
{
        NTSTATUS status;

        status = BCryptGenRandom(NULL, (unsigned char *)nonce, sizeof(*nonce),
            BCRYPT_USE_SYSTEM_PREFERRED_RNG);

        if (!NT_SUCCESS(status))
                return (-1);

        return (0);
}
#elif defined(HAS_DEV_URANDOM)
static int
obtain_nonce(uint64_t *nonce)
{
        int     fd = -1;
        int     ok = -1;
        ssize_t r;

        if ((fd = open(FIDO_RANDOM_DEV, O_RDONLY)) < 0)
                goto fail;
        if ((r = read(fd, nonce, sizeof(*nonce))) < 0 ||
            (size_t)r != sizeof(*nonce))
                goto fail;

        ok = 0;
fail:
        if (fd != -1)
                close(fd);

        return (ok);
}
#else
#error "please provide an implementation of obtain_nonce() for your platform"
#endif /* _WIN32 */

static int
fido_dev_open_tx(fido_dev_t *dev, const char *path)
{
        const uint8_t cmd = CTAP_FRAME_INIT | CTAP_CMD_INIT;

        if (dev->io_handle != NULL) {
                fido_log_debug("%s: handle=%p", __func__, dev->io_handle);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        if (dev->io.open == NULL || dev->io.close == NULL) {
                fido_log_debug("%s: NULL open/close", __func__);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        if (obtain_nonce(&dev->nonce) < 0) {
                fido_log_debug("%s: obtain_nonce", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        if ((dev->io_handle = dev->io.open(path)) == NULL) {
                fido_log_debug("%s: dev->io.open", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        if (fido_tx(dev, cmd, &dev->nonce, sizeof(dev->nonce)) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                dev->io.close(dev->io_handle);
                dev->io_handle = NULL;
                return (FIDO_ERR_TX);
        }

        return (FIDO_OK);
}

static int
fido_dev_open_rx(fido_dev_t *dev, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_INIT;
        int             n;

        if ((n = fido_rx(dev, cmd, &dev->attr, sizeof(dev->attr), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                goto fail;
        }

#ifdef FIDO_FUZZ
        dev->attr.nonce = dev->nonce;
#endif

        if ((size_t)n != sizeof(dev->attr) || dev->attr.nonce != dev->nonce) {
                fido_log_debug("%s: invalid nonce", __func__);
                goto fail;
        }

        dev->cid = dev->attr.cid;

        return (FIDO_OK);
fail:
        dev->io.close(dev->io_handle);
        dev->io_handle = NULL;

        return (FIDO_ERR_RX);
}

static int
fido_dev_open_wait(fido_dev_t *dev, const char *path, int ms)
{
        int r;

        if ((r = fido_dev_open_tx(dev, path)) != FIDO_OK ||
            (r = fido_dev_open_rx(dev, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_open(fido_dev_t *dev, const char *path)
{
        return (fido_dev_open_wait(dev, path, -1));
}

int
fido_dev_close(fido_dev_t *dev)
{
        if (dev->io_handle == NULL || dev->io.close == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        dev->io.close(dev->io_handle);
        dev->io_handle = NULL;

        return (FIDO_OK);
}

int
fido_dev_cancel(fido_dev_t *dev)
{
        if (fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CANCEL, NULL, 0) < 0)
                return (FIDO_ERR_TX);

        return (FIDO_OK);
}

int
fido_dev_set_io_functions(fido_dev_t *dev, const fido_dev_io_t *io)
{
        if (dev->io_handle != NULL) {
                fido_log_debug("%s: NULL handle", __func__);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        if (io == NULL || io->open == NULL || io->close == NULL ||
            io->read == NULL || io->write == NULL) {
                fido_log_debug("%s: NULL function", __func__);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        dev->io.open = io->open;
        dev->io.close = io->close;
        dev->io.read = io->read;
        dev->io.write = io->write;

        return (FIDO_OK);
}

void
fido_init(int flags)
{
        if (flags & FIDO_DEBUG || getenv("FIDO_DEBUG") != NULL)
                fido_log_init();
}

fido_dev_t *
fido_dev_new(void)
{
        fido_dev_t      *dev;
        fido_dev_io_t    io;

        if ((dev = calloc(1, sizeof(*dev))) == NULL)
                return (NULL);

        dev->cid = CTAP_CID_BROADCAST;

        io.open = fido_hid_open;
        io.close = fido_hid_close;
        io.read = fido_hid_read;
        io.write = fido_hid_write;

        if (fido_dev_set_io_functions(dev, &io) != FIDO_OK) {
                fido_log_debug("%s: fido_dev_set_io_functions", __func__);
                fido_dev_free(&dev);
                return (NULL);
        }

        return (dev);
}

void
fido_dev_free(fido_dev_t **dev_p)
{
        fido_dev_t *dev;

        if (dev_p == NULL || (dev = *dev_p) == NULL)
                return;

        free(dev);

        *dev_p = NULL;
}

uint8_t
fido_dev_protocol(const fido_dev_t *dev)
{
        return (dev->attr.protocol);
}

uint8_t
fido_dev_major(const fido_dev_t *dev)
{
        return (dev->attr.major);
}

uint8_t
fido_dev_minor(const fido_dev_t *dev)
{
        return (dev->attr.minor);
}

uint8_t
fido_dev_build(const fido_dev_t *dev)
{
        return (dev->attr.build);
}

uint8_t
fido_dev_flags(const fido_dev_t *dev)
{
        return (dev->attr.flags);
}

bool
fido_dev_is_fido2(const fido_dev_t *dev)
{
        return (dev->attr.flags & FIDO_CAP_CBOR);
}

void
fido_dev_force_u2f(fido_dev_t *dev)
{
        dev->attr.flags &= ~FIDO_CAP_CBOR;
}

void
fido_dev_force_fido2(fido_dev_t *dev)
{
        dev->attr.flags |= FIDO_CAP_CBOR;
}

/home/pedro/projects/libfido2/src/ecdh.c

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/evp.h>
#include <openssl/sha.h>

#include "fido.h"
#include "fido/es256.h"

static int
do_ecdh(const es256_sk_t *sk, const es256_pk_t *pk, fido_blob_t **ecdh)
{
        EVP_PKEY        *pk_evp = NULL;
        EVP_PKEY        *sk_evp = NULL;
        EVP_PKEY_CTX    *ctx = NULL;
        fido_blob_t     *secret = NULL;
        int              ok = -1;

        *ecdh = NULL;

        /* allocate blobs for secret & ecdh */
        if ((secret = fido_blob_new()) == NULL ||
            (*ecdh = fido_blob_new()) == NULL)
                goto fail;

        /* wrap the keys as openssl objects */
        if ((pk_evp = es256_pk_to_EVP_PKEY(pk)) == NULL ||
            (sk_evp = es256_sk_to_EVP_PKEY(sk)) == NULL) {
                fido_log_debug("%s: es256_to_EVP_PKEY", __func__);
                goto fail;
        }

        /* set ecdh parameters */
        if ((ctx = EVP_PKEY_CTX_new(sk_evp, NULL)) == NULL ||
            EVP_PKEY_derive_init(ctx) <= 0 ||
            EVP_PKEY_derive_set_peer(ctx, pk_evp) <= 0) {
                fido_log_debug("%s: EVP_PKEY_derive_init", __func__);
                goto fail;
        }

        /* perform ecdh */
        if (EVP_PKEY_derive(ctx, NULL, &secret->len) <= 0 ||
            (secret->ptr = calloc(1, secret->len)) == NULL ||
            EVP_PKEY_derive(ctx, secret->ptr, &secret->len) <= 0) {
                fido_log_debug("%s: EVP_PKEY_derive", __func__);
                goto fail;
        }

        /* use sha256 as a kdf on the resulting secret */
        (*ecdh)->len = SHA256_DIGEST_LENGTH;
        if (((*ecdh)->ptr = calloc(1, (*ecdh)->len)) == NULL ||
            SHA256(secret->ptr, secret->len, (*ecdh)->ptr) != (*ecdh)->ptr) {
                fido_log_debug("%s: sha256", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (pk_evp != NULL)
                EVP_PKEY_free(pk_evp);
        if (sk_evp != NULL)
                EVP_PKEY_free(sk_evp);
        if (ctx != NULL)
                EVP_PKEY_CTX_free(ctx);
        if (ok < 0)
                fido_blob_free(ecdh);

        fido_blob_free(&secret);

        return (ok);
}

int
fido_do_ecdh(fido_dev_t *dev, es256_pk_t **pk, fido_blob_t **ecdh)
{
        es256_sk_t      *sk = NULL; /* our private key */
        es256_pk_t      *ak = NULL; /* authenticator's public key */
        int              r;

        *pk = NULL; /* our public key; returned */
        *ecdh = NULL; /* shared ecdh secret; returned */

        if ((sk = es256_sk_new()) == NULL || (*pk = es256_pk_new()) == NULL) {
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (es256_sk_create(sk) < 0 || es256_derive_pk(sk, *pk) < 0) {
                fido_log_debug("%s: es256_derive_pk", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if ((ak = es256_pk_new()) == NULL ||
            fido_dev_authkey(dev, ak) != FIDO_OK) {
                fido_log_debug("%s: fido_dev_authkey", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (do_ecdh(sk, ak, ecdh) < 0) {
                fido_log_debug("%s: do_ecdh", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        r = FIDO_OK;
fail:
        es256_sk_free(&sk);
        es256_pk_free(&ak);

        if (r != FIDO_OK) {
                es256_pk_free(pk);
                fido_blob_free(ecdh);
        }

        return (r);
}

/home/pedro/projects/libfido2/src/eddsa.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/obj_mac.h>

#include <string.h>
#include "fido.h"
#include "fido/eddsa.h"

#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
EVP_PKEY *
EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key,
    size_t keylen)
{
        (void)type;
        (void)e;
        (void)key;
        (void)keylen;

        return (NULL);
}

int
EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
    size_t *len)
{
        (void)pkey;
        (void)pub;
        (void)len;

        return (0);
}

int
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
    const unsigned char *tbs, size_t tbslen)
{
        (void)ctx;
        (void)sigret;
        (void)siglen;
        (void)tbs;
        (void)tbslen;

        return (0);
}
#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */

#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX *
EVP_MD_CTX_new(void)
{
        return (NULL);
}

void
EVP_MD_CTX_free(EVP_MD_CTX *ctx)
{
        (void)ctx;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

static int
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
{
        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false ||
            cbor_bytestring_length(item) != xy_len) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        memcpy(xy, cbor_bytestring_handle(item), xy_len);

        return (0);
}

static int
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        eddsa_pk_t *k = arg;

        if (cbor_isa_negint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8)
                return (0); /* ignore */

        switch (cbor_get_uint8(key)) {
        case 1: /* x coordinate */
                return (decode_coord(val, &k->x, sizeof(k->x)));
        }

        return (0); /* ignore */
}

int
eddsa_pk_decode(const cbor_item_t *item, eddsa_pk_t *k)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

eddsa_pk_t *
eddsa_pk_new(void)
{
        return (calloc(1, sizeof(eddsa_pk_t)));
}

void
eddsa_pk_free(eddsa_pk_t **pkp)
{
        eddsa_pk_t *pk;

        if (pkp == NULL || (pk = *pkp) == NULL)
                return;

        explicit_bzero(pk, sizeof(*pk));
        free(pk);

        *pkp = NULL;
}

int
eddsa_pk_from_ptr(eddsa_pk_t *pk, const void *ptr, size_t len)
{
        if (len < sizeof(*pk))
                return (FIDO_ERR_INVALID_ARGUMENT);

        memcpy(pk, ptr, sizeof(*pk));

        return (FIDO_OK);
}

EVP_PKEY *
eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k)
{
        EVP_PKEY *pkey = NULL;

        if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x,
            sizeof(k->x))) == NULL)
                fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__);

        return (pkey);
}

int
eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey)
{
        size_t len = 0;

        if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 ||
            len != sizeof(pk->x))
                return (FIDO_ERR_INTERNAL);
        if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 ||
            len != sizeof(pk->x))
                return (FIDO_ERR_INTERNAL);

        return (FIDO_OK);
}

/home/pedro/projects/libfido2/src/err.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include "fido/err.h"

const char *
fido_strerr(int n)
{
        switch (n) {
        case FIDO_ERR_SUCCESS:
                return "FIDO_ERR_SUCCESS";
        case FIDO_ERR_INVALID_COMMAND:
                return "FIDO_ERR_INVALID_COMMAND";
        case FIDO_ERR_INVALID_PARAMETER:
                return "FIDO_ERR_INVALID_PARAMETER";
        case FIDO_ERR_INVALID_LENGTH:
                return "FIDO_ERR_INVALID_LENGTH";
        case FIDO_ERR_INVALID_SEQ:
                return "FIDO_ERR_INVALID_SEQ";
        case FIDO_ERR_TIMEOUT:
                return "FIDO_ERR_TIMEOUT";
        case FIDO_ERR_CHANNEL_BUSY:
                return "FIDO_ERR_CHANNEL_BUSY";
        case FIDO_ERR_LOCK_REQUIRED:
                return "FIDO_ERR_LOCK_REQUIRED";
        case FIDO_ERR_INVALID_CHANNEL:
                return "FIDO_ERR_INVALID_CHANNEL";
        case FIDO_ERR_CBOR_UNEXPECTED_TYPE:
                return "FIDO_ERR_UNEXPECTED_TYPE";
        case FIDO_ERR_INVALID_CBOR:
                return "FIDO_ERR_INVALID_CBOR";
        case FIDO_ERR_MISSING_PARAMETER:
                return "FIDO_ERR_MISSING_PARAMETER";
        case FIDO_ERR_LIMIT_EXCEEDED:
                return "FIDO_ERR_LIMIT_EXCEEDED";
        case FIDO_ERR_UNSUPPORTED_EXTENSION:
                return "FIDO_ERR_UNSUPPORTED_EXTENSION";
        case FIDO_ERR_CREDENTIAL_EXCLUDED:
                return "FIDO_ERR_CREDENTIAL_EXCLUDED";
        case FIDO_ERR_PROCESSING:
                return "FIDO_ERR_PROCESSING";
        case FIDO_ERR_INVALID_CREDENTIAL:
                return "FIDO_ERR_INVALID_CREDENTIAL";
        case FIDO_ERR_USER_ACTION_PENDING:
                return "FIDO_ERR_ACTION_PENDING";
        case FIDO_ERR_OPERATION_PENDING:
                return "FIDO_ERR_OPERATION_PENDING";
        case FIDO_ERR_NO_OPERATIONS:
                return "FIDO_ERR_NO_OPERATIONS";
        case FIDO_ERR_UNSUPPORTED_ALGORITHM:
                return "FIDO_ERR_UNSUPPORTED_ALGORITHM";
        case FIDO_ERR_OPERATION_DENIED:
                return "FIDO_ERR_OPERATION_DENIED";
        case FIDO_ERR_KEY_STORE_FULL:
                return "FIDO_ERR_STORE_FULL";
        case FIDO_ERR_NOT_BUSY:
                return "FIDO_ERR_NOT_BUSY";
        case FIDO_ERR_NO_OPERATION_PENDING:
                return "FIDO_ERR_OPERATION_PENDING";
        case FIDO_ERR_UNSUPPORTED_OPTION:
                return "FIDO_ERR_UNSUPPORTED_OPTION";
        case FIDO_ERR_INVALID_OPTION:
                return "FIDO_ERR_INVALID_OPTION";
        case FIDO_ERR_KEEPALIVE_CANCEL:
                return "FIDO_ERR_KEEPALIVE_CANCEL";
        case FIDO_ERR_NO_CREDENTIALS:
                return "FIDO_ERR_NO_CREDENTIALS";
        case FIDO_ERR_USER_ACTION_TIMEOUT:
                return "FIDO_ERR_ACTION_TIMEOUT";
        case FIDO_ERR_NOT_ALLOWED:
                return "FIDO_ERR_NOT_ALLOWED";
        case FIDO_ERR_PIN_INVALID:
                return "FIDO_ERR_PIN_INVALID";
        case FIDO_ERR_PIN_BLOCKED:
                return "FIDO_ERR_PIN_BLOCKED";
        case FIDO_ERR_PIN_AUTH_INVALID:
                return "FIDO_ERR_AUTH_INVALID";
        case FIDO_ERR_PIN_AUTH_BLOCKED:
                return "FIDO_ERR_AUTH_BLOCKED";
        case FIDO_ERR_PIN_NOT_SET:
                return "FIDO_ERR_NOT_SET";
        case FIDO_ERR_PIN_REQUIRED:
                return "FIDO_ERR_PIN_REQUIRED";
        case FIDO_ERR_PIN_POLICY_VIOLATION:
                return "FIDO_ERR_POLICY_VIOLATION";
        case FIDO_ERR_PIN_TOKEN_EXPIRED:
                return "FIDO_ERR_TOKEN_EXPIRED";
        case FIDO_ERR_REQUEST_TOO_LARGE:
                return "FIDO_ERR_TOO_LARGE";
        case FIDO_ERR_ACTION_TIMEOUT:
                return "FIDO_ERR_ACTION_TIMEOUT";
        case FIDO_ERR_UP_REQUIRED:
                return "FIDO_ERR_UP_REQUIRED";
        case FIDO_ERR_ERR_OTHER:
                return "FIDO_ERR_OTHER";
        case FIDO_ERR_SPEC_LAST:
                return "FIDO_ERR_SPEC_LAST";
        case FIDO_ERR_TX:
                return "FIDO_ERR_TX";
        case FIDO_ERR_RX:
                return "FIDO_ERR_RX";
        case FIDO_ERR_RX_NOT_CBOR:
                return "FIDO_ERR_RX_NOT_CBOR";
        case FIDO_ERR_RX_INVALID_CBOR:
                return "FIDO_ERR_RX_INVALID_CBOR";
        case FIDO_ERR_INVALID_PARAM:
                return "FIDO_ERR_INVALID_PARAM";
        case FIDO_ERR_INVALID_SIG:
                return "FIDO_ERR_INVALID_SIG";
        case FIDO_ERR_INVALID_ARGUMENT:
                return "FIDO_ERR_INVALID_ARGUMENT";
        case FIDO_ERR_USER_PRESENCE_REQUIRED:
                return "FIDO_ERR_USER_PRESENCE_REQUIRED";
        case FIDO_ERR_INTERNAL:
                return "FIDO_ERR_INTERNAL";
        default:
                return "FIDO_ERR_UNKNOWN";
        }
}

/home/pedro/projects/libfido2/src/es256.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/obj_mac.h>

#include <string.h>
#include "fido.h"
#include "fido/es256.h"

static int
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
{
        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false ||
            cbor_bytestring_length(item) != xy_len) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        memcpy(xy, cbor_bytestring_handle(item), xy_len);

        return (0);
}

static int
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        es256_pk_t *k = arg;

        if (cbor_isa_negint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8)
                return (0); /* ignore */

        switch (cbor_get_uint8(key)) {
        case 1: /* x coordinate */
                return (decode_coord(val, &k->x, sizeof(k->x)));
        case 2: /* y coordinate */
                return (decode_coord(val, &k->y, sizeof(k->y)));
        }

        return (0); /* ignore */
}

int
es256_pk_decode(const cbor_item_t *item, es256_pk_t *k)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

cbor_item_t *
es256_pk_encode(const es256_pk_t *pk, int ecdh)
{
        cbor_item_t             *item = NULL;
        struct cbor_pair         argv[5];
        int                      alg;
        int                      ok = -1;

        memset(argv, 0, sizeof(argv));

        if ((item = cbor_new_definite_map(5)) == NULL)
                goto fail;

        /* kty */
        if ((argv[0].key = cbor_build_uint8(1)) == NULL ||
            (argv[0].value = cbor_build_uint8(2)) == NULL ||
            !cbor_map_add(item, argv[0]))
                goto fail;

        /*
         * "The COSEAlgorithmIdentifier used is -25 (ECDH-ES +
         * HKDF-256) although this is NOT the algorithm actually
         * used. Setting this to a different value may result in
         * compatibility issues."
         */
        if (ecdh)
                alg = COSE_ECDH_ES256;
        else
                alg = COSE_ES256;

        /* alg */
        if ((argv[1].key = cbor_build_uint8(3)) == NULL ||
            (argv[1].value = cbor_build_negint8(-alg - 1)) == NULL ||
            !cbor_map_add(item, argv[1]))
                goto fail;

        /* crv */
        if ((argv[2].key = cbor_build_negint8(0)) == NULL ||
            (argv[2].value = cbor_build_uint8(1)) == NULL ||
            !cbor_map_add(item, argv[2]))
                goto fail;

        /* x */
        if ((argv[3].key = cbor_build_negint8(1)) == NULL ||
            (argv[3].value = cbor_build_bytestring(pk->x,
            sizeof(pk->x))) == NULL || !cbor_map_add(item, argv[3]))
                goto fail;

        /* y */
        if ((argv[4].key = cbor_build_negint8(2)) == NULL ||
            (argv[4].value = cbor_build_bytestring(pk->y,
            sizeof(pk->y))) == NULL || !cbor_map_add(item, argv[4]))
                goto fail;

        ok = 0;
fail:
        if (ok < 0) {
                if (item != NULL) {
                        cbor_decref(&item);
                        item = NULL;
                }
        }

        for (size_t i = 0; i < 5; i++) {
                if (argv[i].key)
                        cbor_decref(&argv[i].key);
                if (argv[i].value)
                        cbor_decref(&argv[i].value);
        }

        return (item);
}

es256_sk_t *
es256_sk_new(void)
{
        return (calloc(1, sizeof(es256_sk_t)));
}

void
es256_sk_free(es256_sk_t **skp)
{
        es256_sk_t *sk;

        if (skp == NULL || (sk = *skp) == NULL)
                return;

        explicit_bzero(sk, sizeof(*sk));
        free(sk);

        *skp = NULL;
}

es256_pk_t *
es256_pk_new(void)
{
        return (calloc(1, sizeof(es256_pk_t)));
}

void
es256_pk_free(es256_pk_t **pkp)
{
        es256_pk_t *pk;

        if (pkp == NULL || (pk = *pkp) == NULL)
                return;

        explicit_bzero(pk, sizeof(*pk));
        free(pk);

        *pkp = NULL;
}

int
es256_pk_from_ptr(es256_pk_t *pk, const void *ptr, size_t len)
{
        if (len < sizeof(*pk))
                return (FIDO_ERR_INVALID_ARGUMENT);

        memcpy(pk, ptr, sizeof(*pk));

        return (FIDO_OK);
}

int
es256_pk_set_x(es256_pk_t *pk, const unsigned char *x)
{
        memcpy(pk->x, x, sizeof(pk->x));

        return (0);
}

int
es256_pk_set_y(es256_pk_t *pk, const unsigned char *y)
{
        memcpy(pk->y, y, sizeof(pk->y));

        return (0);
}

int
es256_sk_create(es256_sk_t *key)
{
        EVP_PKEY_CTX    *pctx = NULL;
        EVP_PKEY_CTX    *kctx = NULL;
        EVP_PKEY        *p = NULL;
        EVP_PKEY        *k = NULL;
        const EC_KEY    *ec;
        const BIGNUM    *d;
        const int        nid = NID_X9_62_prime256v1;
        int              n;
        int              ok = -1;

        if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL ||
            EVP_PKEY_paramgen_init(pctx) <= 0 ||
            EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0 ||
            EVP_PKEY_paramgen(pctx, &p) <= 0) {
                fido_log_debug("%s: EVP_PKEY_paramgen", __func__);
                goto fail;
        }

        if ((kctx = EVP_PKEY_CTX_new(p, NULL)) == NULL ||
            EVP_PKEY_keygen_init(kctx) <= 0 || EVP_PKEY_keygen(kctx, &k) <= 0) {
                fido_log_debug("%s: EVP_PKEY_keygen", __func__);
                goto fail;
        }

        if ((ec = EVP_PKEY_get0_EC_KEY(k)) == NULL ||
            (d = EC_KEY_get0_private_key(ec)) == NULL ||
            (n = BN_num_bytes(d)) < 0 || (size_t)n > sizeof(key->d) ||
            (n = BN_bn2bin(d, key->d)) < 0 || (size_t)n > sizeof(key->d)) {
                fido_log_debug("%s: EC_KEY_get0_private_key", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (p != NULL)
                EVP_PKEY_free(p);
        if (k != NULL)
                EVP_PKEY_free(k);
        if (pctx != NULL)
                EVP_PKEY_CTX_free(pctx);
        if (kctx != NULL)
                EVP_PKEY_CTX_free(kctx);

        return (ok);
}

EVP_PKEY *
es256_pk_to_EVP_PKEY(const es256_pk_t *k)
{
        BN_CTX          *bnctx = NULL;
        EC_KEY          *ec = NULL;
        EC_POINT        *q = NULL;
        EVP_PKEY        *pkey = NULL;
        BIGNUM          *x = NULL;
        BIGNUM          *y = NULL;
        const EC_GROUP  *g = NULL;
        const int        nid = NID_X9_62_prime256v1;
        int              ok = -1;

        if ((bnctx = BN_CTX_new()) == NULL ||
            (x = BN_CTX_get(bnctx)) == NULL ||
            (y = BN_CTX_get(bnctx)) == NULL)
                goto fail;

        if (BN_bin2bn(k->x, sizeof(k->x), x) == NULL ||
            BN_bin2bn(k->y, sizeof(k->y), y) == NULL) {
                fido_log_debug("%s: BN_bin2bn", __func__);
                goto fail;
        }

        if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL ||
            (g = EC_KEY_get0_group(ec)) == NULL) {
                fido_log_debug("%s: EC_KEY init", __func__);
                goto fail;
        }

        if ((q = EC_POINT_new(g)) == NULL ||
            EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
            EC_KEY_set_public_key(ec, q) == 0) {
                fido_log_debug("%s: EC_KEY_set_public_key", __func__);
                goto fail;
        }

        if ((pkey = EVP_PKEY_new()) == NULL ||
            EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) {
                fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__);
                goto fail;
        }

        ec = NULL; /* at this point, ec belongs to evp */

        ok = 0;
fail:
        if (bnctx != NULL)
                BN_CTX_free(bnctx);
        if (ec != NULL)
                EC_KEY_free(ec);
        if (q != NULL)
                EC_POINT_free(q);
        if (ok < 0 && pkey != NULL) {
                EVP_PKEY_free(pkey);
                pkey = NULL;
        }

        return (pkey);
}

int
es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
{
        BN_CTX          *ctx = NULL;
        BIGNUM          *x = NULL;
        BIGNUM          *y = NULL;
        const EC_POINT  *q = NULL;
        const EC_GROUP  *g = NULL;
        int              ok = FIDO_ERR_INTERNAL;
        int              n;

        if ((q = EC_KEY_get0_public_key(ec)) == NULL ||
            (g = EC_KEY_get0_group(ec)) == NULL)
                goto fail;

        if ((ctx = BN_CTX_new()) == NULL ||
            (x = BN_CTX_get(ctx)) == NULL ||
            (y = BN_CTX_get(ctx)) == NULL)
                goto fail;

        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, ctx) == 0 ||
            (n = BN_num_bytes(x)) < 0 || (size_t)n > sizeof(pk->x) ||
            (n = BN_num_bytes(y)) < 0 || (size_t)n > sizeof(pk->y)) {
                fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
                    __func__);
                goto fail;
        }

        if ((n = BN_bn2bin(x, pk->x)) < 0 || (size_t)n > sizeof(pk->x) ||
            (n = BN_bn2bin(y, pk->y)) < 0 || (size_t)n > sizeof(pk->y)) {
                fido_log_debug("%s: BN_bn2bin", __func__);
                goto fail;
        }

        ok = FIDO_OK;
fail:
        if (ctx != NULL)
                BN_CTX_free(ctx);

        return (ok);
}

EVP_PKEY *
es256_sk_to_EVP_PKEY(const es256_sk_t *k)
{
        BN_CTX          *bnctx = NULL;
        EC_KEY          *ec = NULL;
        EVP_PKEY        *pkey = NULL;
        BIGNUM          *d = NULL;
        const int        nid = NID_X9_62_prime256v1;
        int              ok = -1;

        if ((bnctx = BN_CTX_new()) == NULL || (d = BN_CTX_get(bnctx)) == NULL ||
            BN_bin2bn(k->d, sizeof(k->d), d) == NULL) {
                fido_log_debug("%s: BN_bin2bn", __func__);
                goto fail;
        }

        if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL ||
            EC_KEY_set_private_key(ec, d) == 0) {
                fido_log_debug("%s: EC_KEY_set_private_key", __func__);
                goto fail;
        }

        if ((pkey = EVP_PKEY_new()) == NULL ||
            EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) {
                fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__);
                goto fail;
        }

        ec = NULL; /* at this point, ec belongs to evp */

        ok = 0;
fail:
        if (bnctx != NULL)
                BN_CTX_free(bnctx);
        if (ec != NULL)
                EC_KEY_free(ec);
        if (ok < 0 && pkey != NULL) {
                EVP_PKEY_free(pkey);
                pkey = NULL;
        }

        return (pkey);
}

int
es256_derive_pk(const es256_sk_t *sk, es256_pk_t *pk)
{
        BIGNUM          *d = NULL;
        EC_KEY          *ec = NULL;
        EC_POINT        *q = NULL;
        const EC_GROUP  *g = NULL;
        const int        nid = NID_X9_62_prime256v1;
        int              ok = -1;

        if ((d = BN_bin2bn(sk->d, (int)sizeof(sk->d), NULL)) == NULL ||
            (ec = EC_KEY_new_by_curve_name(nid)) == NULL ||
            (g = EC_KEY_get0_group(ec)) == NULL ||
            (q = EC_POINT_new(g)) == NULL) {
                fido_log_debug("%s: get", __func__);
                goto fail;
        }

        if (EC_POINT_mul(g, q, d, NULL, NULL, NULL) == 0 ||
            EC_KEY_set_public_key(ec, q) == 0 ||
            es256_pk_from_EC_KEY(pk, ec) != FIDO_OK) {
                fido_log_debug("%s: set", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (d != NULL)
                BN_clear_free(d);
        if (q != NULL)
                EC_POINT_free(q);
        if (ec != NULL)
                EC_KEY_free(ec);

        return (ok);
}

/home/pedro/projects/libfido2/src/extern.h

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#ifndef _EXTERN_H
#define _EXTERN_H

/* aes256 */
int aes256_cbc_dec(const fido_blob_t *, const fido_blob_t *, fido_blob_t *);
int aes256_cbc_enc(const fido_blob_t *, const fido_blob_t *, fido_blob_t *);

/* cbor encoding functions */
cbor_item_t *cbor_flatten_vector(cbor_item_t **, size_t);
cbor_item_t *cbor_encode_assert_options(fido_opt_t, fido_opt_t);
cbor_item_t *cbor_encode_change_pin_auth(const fido_blob_t *,
    const fido_blob_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_extensions(int);
cbor_item_t *cbor_encode_hmac_secret_param(const fido_blob_t *,
    const es256_pk_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_options(fido_opt_t, fido_opt_t);
cbor_item_t *cbor_encode_pin_auth(const fido_blob_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_pin_enc(const fido_blob_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_pin_hash_enc(const fido_blob_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_pin_opt(void);
cbor_item_t *cbor_encode_pubkey(const fido_blob_t *);
cbor_item_t *cbor_encode_pubkey_list(const fido_blob_array_t *);
cbor_item_t *cbor_encode_pubkey_param(int);
cbor_item_t *cbor_encode_rp_entity(const fido_rp_t *);
cbor_item_t *cbor_encode_set_pin_auth(const fido_blob_t *, const fido_blob_t *);
cbor_item_t *cbor_encode_user_entity(const fido_user_t *);
cbor_item_t *es256_pk_encode(const es256_pk_t *, int);

/* cbor decoding functions */
int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *);
int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *,
    fido_authdata_t *, fido_attcred_t *, int *);
int cbor_decode_assert_authdata(const cbor_item_t *, fido_blob_t *,
    fido_authdata_t *, int *, fido_blob_t *);
int cbor_decode_cred_id(const cbor_item_t *, fido_blob_t *);
int cbor_decode_fmt(const cbor_item_t *, char **);
int cbor_decode_pubkey(const cbor_item_t *, int *, void *);
int cbor_decode_rp_entity(const cbor_item_t *, fido_rp_t *);
int cbor_decode_uint64(const cbor_item_t *, uint64_t *);
int cbor_decode_user(const cbor_item_t *, fido_user_t *);
int es256_pk_decode(const cbor_item_t *, es256_pk_t *);
int rs256_pk_decode(const cbor_item_t *, rs256_pk_t *);
int eddsa_pk_decode(const cbor_item_t *, eddsa_pk_t *);

/* auxiliary cbor routines */
int cbor_add_bool(cbor_item_t *, const char *, fido_opt_t);
int cbor_add_bytestring(cbor_item_t *, const char *, const unsigned char *,
    size_t);
int cbor_add_string(cbor_item_t *, const char *, const char *);
int cbor_array_iter(const cbor_item_t *, void *, int(*)(const cbor_item_t *,
    void *));
int cbor_build_frame(uint8_t, cbor_item_t *[], size_t, fido_blob_t *);
int cbor_bytestring_copy(const cbor_item_t *, unsigned char **, size_t *);
int cbor_map_iter(const cbor_item_t *, void *, int(*)(const cbor_item_t *,
    const cbor_item_t *, void *));
int cbor_string_copy(const cbor_item_t *, char **);
int cbor_parse_reply(const unsigned char *, size_t, void *,
    int(*)(const cbor_item_t *, const cbor_item_t *, void *));
int cbor_add_pin_params(fido_dev_t *, const fido_blob_t *, const es256_pk_t *,
    const fido_blob_t *,const char *, cbor_item_t **, cbor_item_t **);
void cbor_vector_free(cbor_item_t **, size_t);

#ifndef nitems
#define nitems(_a)      (sizeof((_a)) / sizeof((_a)[0]))
#endif

/* buf */
int fido_buf_read(const unsigned char **, size_t *, void *, size_t);
int fido_buf_write(unsigned char **, size_t *, const void *, size_t);

/* hid i/o */
void *fido_hid_open(const char *);
void  fido_hid_close(void *);
int   fido_hid_read(void *, unsigned char *, size_t, int);
int   fido_hid_write(void *, const unsigned char *, size_t);

/* generic i/o */
int fido_rx_cbor_status(fido_dev_t *, int);
int fido_rx(fido_dev_t *, uint8_t, void *, size_t, int);
int fido_tx(fido_dev_t *, uint8_t, const void *, size_t);

/* log */
#ifdef FIDO_NO_DIAGNOSTIC
#define fido_log_init(...)      do { /* nothing */ } while (0)
#define fido_log_debug(...)     do { /* nothing */ } while (0)
#define fido_log_xxd(...)       do { /* nothing */ } while (0)
#else
#ifdef __GNUC__
void fido_log_init(void);
void fido_log_debug(const char *, ...)
    __attribute__((__format__ (printf, 1, 2)));
void fido_log_xxd(const void *, size_t);
#else
void fido_log_init(void);
void fido_log_debug(const char *, ...);
void fido_log_xxd(const void *, size_t);
#endif /* __GNUC__ */
#endif /* FIDO_NO_DIAGNOSTIC */

/* u2f */
int u2f_register(fido_dev_t *, fido_cred_t *, int);
int u2f_authenticate(fido_dev_t *, fido_assert_t *, int);

/* unexposed fido ops */
int fido_dev_authkey(fido_dev_t *, es256_pk_t *);
int fido_dev_get_pin_token(fido_dev_t *, const char *, const fido_blob_t *,
    const es256_pk_t *, fido_blob_t *);
int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **);

/* misc */
void fido_assert_reset_rx(fido_assert_t *);
void fido_assert_reset_tx(fido_assert_t *);
void fido_cred_reset_rx(fido_cred_t *);
void fido_cred_reset_tx(fido_cred_t *);
int fido_check_rp_id(const char *, const unsigned char *);
int fido_check_flags(uint8_t, fido_opt_t, fido_opt_t);

/* crypto */
int fido_verify_sig_es256(const fido_blob_t *, const es256_pk_t *,
    const fido_blob_t *);
int fido_verify_sig_rs256(const fido_blob_t *, const rs256_pk_t *,
    const fido_blob_t *);
int fido_verify_sig_eddsa(const fido_blob_t *, const eddsa_pk_t *,
    const fido_blob_t *);

#endif /* !_EXTERN_H */

/home/pedro/projects/libfido2/src/fido.h

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#ifndef _FIDO_H
#define _FIDO_H

#include <openssl/ec.h>
#include <openssl/evp.h>

#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>

typedef void *fido_dev_io_open_t(const char *);
typedef void  fido_dev_io_close_t(void *);
typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);

typedef struct fido_dev_io {
        fido_dev_io_open_t  *open;
        fido_dev_io_close_t *close;
        fido_dev_io_read_t  *read;
        fido_dev_io_write_t *write;
} fido_dev_io_t;

typedef enum {
        FIDO_OPT_OMIT = 0, /* use authenticator's default */
        FIDO_OPT_FALSE,    /* explicitly set option to false */
        FIDO_OPT_TRUE,     /* explicitly set option to true */
} fido_opt_t;

#ifdef _FIDO_INTERNAL
#include <cbor.h>
#include <limits.h>

#include "blob.h"
#include "../openbsd-compat/openbsd-compat.h"
#include "iso7816.h"
#include "types.h"
#include "extern.h"
#endif

#include "fido/err.h"
#include "fido/param.h"

#ifndef _FIDO_INTERNAL
typedef struct fido_assert fido_assert_t;
typedef struct fido_cbor_info fido_cbor_info_t;
typedef struct fido_cred fido_cred_t;
typedef struct fido_dev fido_dev_t;
typedef struct fido_dev_info fido_dev_info_t;
typedef struct es256_pk es256_pk_t;
typedef struct es256_sk es256_sk_t;
typedef struct rs256_pk rs256_pk_t;
typedef struct eddsa_pk eddsa_pk_t;
#endif

fido_assert_t *fido_assert_new(void);
fido_cred_t *fido_cred_new(void);
fido_dev_t *fido_dev_new(void);
fido_dev_info_t *fido_dev_info_new(size_t);
fido_cbor_info_t *fido_cbor_info_new(void);

void fido_assert_free(fido_assert_t **);
void fido_cbor_info_free(fido_cbor_info_t **);
void fido_cred_free(fido_cred_t **);
void fido_dev_force_fido2(fido_dev_t *);
void fido_dev_force_u2f(fido_dev_t *);
void fido_dev_free(fido_dev_t **);
void fido_dev_info_free(fido_dev_info_t **, size_t);

/* fido_init() flags. */
#define FIDO_DEBUG      0x01

void fido_init(int);

const unsigned char *fido_assert_authdata_ptr(const fido_assert_t *, size_t);
const unsigned char *fido_assert_clientdata_hash_ptr(const fido_assert_t *);
const unsigned char *fido_assert_hmac_secret_ptr(const fido_assert_t *, size_t);
const unsigned char *fido_assert_id_ptr(const fido_assert_t *, size_t);
const unsigned char *fido_assert_sig_ptr(const fido_assert_t *, size_t);
const unsigned char *fido_assert_user_id_ptr(const fido_assert_t *, size_t);

char **fido_cbor_info_extensions_ptr(const fido_cbor_info_t *);
char **fido_cbor_info_options_name_ptr(const fido_cbor_info_t *);
char **fido_cbor_info_versions_ptr(const fido_cbor_info_t *);
const bool *fido_cbor_info_options_value_ptr(const fido_cbor_info_t *);
const char *fido_assert_rp_id(const fido_assert_t *);
const char *fido_assert_user_display_name(const fido_assert_t *, size_t);
const char *fido_assert_user_icon(const fido_assert_t *, size_t);
const char *fido_assert_user_name(const fido_assert_t *, size_t);
const char *fido_cred_display_name(const fido_cred_t *);
const char *fido_cred_fmt(const fido_cred_t *);
const char *fido_cred_rp_id(const fido_cred_t *);
const char *fido_cred_rp_name(const fido_cred_t *);
const char *fido_cred_user_name(const fido_cred_t *);
const char *fido_dev_info_manufacturer_string(const fido_dev_info_t *);
const char *fido_dev_info_path(const fido_dev_info_t *);
const char *fido_dev_info_product_string(const fido_dev_info_t *);
const fido_dev_info_t *fido_dev_info_ptr(const fido_dev_info_t *, size_t);
const uint8_t *fido_cbor_info_protocols_ptr(const fido_cbor_info_t *);
const unsigned char *fido_cbor_info_aaguid_ptr(const fido_cbor_info_t *);
const unsigned char *fido_cred_authdata_ptr(const fido_cred_t *);
const unsigned char *fido_cred_clientdata_hash_ptr(const fido_cred_t *);
const unsigned char *fido_cred_id_ptr(const fido_cred_t *);
const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *);
const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *);
const unsigned char *fido_cred_sig_ptr(const fido_cred_t *);
const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *);

int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t);
int fido_assert_set_authdata(fido_assert_t *, size_t, const unsigned char *,
    size_t);
int fido_assert_set_authdata_raw(fido_assert_t *, size_t, const unsigned char *,
    size_t);
int fido_assert_set_clientdata_hash(fido_assert_t *, const unsigned char *,
    size_t);
int fido_assert_set_count(fido_assert_t *, size_t);
int fido_assert_set_extensions(fido_assert_t *, int);
int fido_assert_set_hmac_salt(fido_assert_t *, const unsigned char *, size_t);
int fido_assert_set_options(fido_assert_t *, bool, bool) __attribute__((__deprecated__));
int fido_assert_set_rp(fido_assert_t *, const char *);
int fido_assert_set_up(fido_assert_t *, fido_opt_t);
int fido_assert_set_uv(fido_assert_t *, fido_opt_t);
int fido_assert_set_sig(fido_assert_t *, size_t, const unsigned char *, size_t);
int fido_assert_verify(const fido_assert_t *, size_t, int, const void *);
int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_extensions(fido_cred_t *, int);
int fido_cred_set_fmt(fido_cred_t *, const char *);
int fido_cred_set_options(fido_cred_t *, bool, bool) __attribute__((__deprecated__));
int fido_cred_set_rk(fido_cred_t *, fido_opt_t);
int fido_cred_set_rp(fido_cred_t *, const char *, const char *);
int fido_cred_set_sig(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_type(fido_cred_t *, int);
int fido_cred_set_uv(fido_cred_t *, fido_opt_t);
int fido_cred_type(const fido_cred_t *);
int fido_cred_set_user(fido_cred_t *, const unsigned char *, size_t,
    const char *, const char *, const char *);
int fido_cred_set_x509(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_verify(const fido_cred_t *);
int fido_cred_verify_self(const fido_cred_t *);
int fido_dev_cancel(fido_dev_t *);
int fido_dev_close(fido_dev_t *);
int fido_dev_get_assert(fido_dev_t *, fido_assert_t *, const char *);
int fido_dev_get_cbor_info(fido_dev_t *, fido_cbor_info_t *);
int fido_dev_get_retry_count(fido_dev_t *, int *);
int fido_dev_info_manifest(fido_dev_info_t *, size_t, size_t *);
int fido_dev_make_cred(fido_dev_t *, fido_cred_t *, const char *);
int fido_dev_open(fido_dev_t *, const char *);
int fido_dev_reset(fido_dev_t *);
int fido_dev_set_io_functions(fido_dev_t *, const fido_dev_io_t *);
int fido_dev_set_pin(fido_dev_t *, const char *, const char *);

size_t fido_assert_authdata_len(const fido_assert_t *, size_t);
size_t fido_assert_clientdata_hash_len(const fido_assert_t *);
size_t fido_assert_count(const fido_assert_t *);
size_t fido_assert_hmac_secret_len(const fido_assert_t *, size_t);
size_t fido_assert_id_len(const fido_assert_t *, size_t);
size_t fido_assert_sig_len(const fido_assert_t *, size_t);
size_t fido_assert_user_id_len(const fido_assert_t *, size_t);
size_t fido_cbor_info_aaguid_len(const fido_cbor_info_t *);
size_t fido_cbor_info_extensions_len(const fido_cbor_info_t *);
size_t fido_cbor_info_options_len(const fido_cbor_info_t *);
size_t fido_cbor_info_protocols_len(const fido_cbor_info_t *);
size_t fido_cbor_info_versions_len(const fido_cbor_info_t *);
size_t fido_cred_authdata_len(const fido_cred_t *);
size_t fido_cred_clientdata_hash_len(const fido_cred_t *);
size_t fido_cred_id_len(const fido_cred_t *);
size_t fido_cred_user_id_len(const fido_cred_t *);
size_t fido_cred_pubkey_len(const fido_cred_t *);
size_t fido_cred_sig_len(const fido_cred_t *);
size_t fido_cred_x5c_len(const fido_cred_t *);

uint8_t  fido_assert_flags(const fido_assert_t *, size_t);
uint32_t  fido_assert_sigcount(const fido_assert_t *, size_t);
uint8_t  fido_cred_flags(const fido_cred_t *);
uint8_t  fido_dev_protocol(const fido_dev_t *);
uint8_t  fido_dev_major(const fido_dev_t *);
uint8_t  fido_dev_minor(const fido_dev_t *);
uint8_t  fido_dev_build(const fido_dev_t *);
uint8_t  fido_dev_flags(const fido_dev_t *);
int16_t  fido_dev_info_vendor(const fido_dev_info_t *);
int16_t  fido_dev_info_product(const fido_dev_info_t *);
uint64_t fido_cbor_info_maxmsgsiz(const fido_cbor_info_t *);

bool fido_dev_is_fido2(const fido_dev_t *);

#endif /* !_FIDO_H */

/home/pedro/projects/libfido2/src/fido/err.h

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#ifndef _FIDO_ERR_H
#define _FIDO_ERR_H

#define FIDO_ERR_SUCCESS                0x00
#define FIDO_ERR_INVALID_COMMAND        0x01
#define FIDO_ERR_INVALID_PARAMETER      0x02
#define FIDO_ERR_INVALID_LENGTH         0x03
#define FIDO_ERR_INVALID_SEQ            0x04
#define FIDO_ERR_TIMEOUT                0x05
#define FIDO_ERR_CHANNEL_BUSY           0x06
#define FIDO_ERR_LOCK_REQUIRED          0x0a
#define FIDO_ERR_INVALID_CHANNEL        0x0b
#define FIDO_ERR_CBOR_UNEXPECTED_TYPE   0x11
#define FIDO_ERR_INVALID_CBOR           0x12
#define FIDO_ERR_MISSING_PARAMETER      0x14
#define FIDO_ERR_LIMIT_EXCEEDED         0x15
#define FIDO_ERR_UNSUPPORTED_EXTENSION  0x16
#define FIDO_ERR_CREDENTIAL_EXCLUDED    0x19
#define FIDO_ERR_PROCESSING             0x21
#define FIDO_ERR_INVALID_CREDENTIAL     0x22
#define FIDO_ERR_USER_ACTION_PENDING    0x23
#define FIDO_ERR_OPERATION_PENDING      0x24
#define FIDO_ERR_NO_OPERATIONS          0x25
#define FIDO_ERR_UNSUPPORTED_ALGORITHM  0x26
#define FIDO_ERR_OPERATION_DENIED       0x27
#define FIDO_ERR_KEY_STORE_FULL         0x28
#define FIDO_ERR_NOT_BUSY               0x29
#define FIDO_ERR_NO_OPERATION_PENDING   0x2a
#define FIDO_ERR_UNSUPPORTED_OPTION     0x2b
#define FIDO_ERR_INVALID_OPTION         0x2c
#define FIDO_ERR_KEEPALIVE_CANCEL       0x2d
#define FIDO_ERR_NO_CREDENTIALS         0x2e
#define FIDO_ERR_USER_ACTION_TIMEOUT    0x2f
#define FIDO_ERR_NOT_ALLOWED            0x30
#define FIDO_ERR_PIN_INVALID            0x31
#define FIDO_ERR_PIN_BLOCKED            0x32
#define FIDO_ERR_PIN_AUTH_INVALID       0x33
#define FIDO_ERR_PIN_AUTH_BLOCKED       0x34
#define FIDO_ERR_PIN_NOT_SET            0x35
#define FIDO_ERR_PIN_REQUIRED           0x36
#define FIDO_ERR_PIN_POLICY_VIOLATION   0x37
#define FIDO_ERR_PIN_TOKEN_EXPIRED      0x38
#define FIDO_ERR_REQUEST_TOO_LARGE      0x39
#define FIDO_ERR_ACTION_TIMEOUT         0x3a
#define FIDO_ERR_UP_REQUIRED            0x3b
#define FIDO_ERR_ERR_OTHER              0x7f
#define FIDO_ERR_SPEC_LAST              0xdf

/* defined internally */
#define FIDO_OK                         FIDO_ERR_SUCCESS
#define FIDO_ERR_TX                     -1
#define FIDO_ERR_RX                     -2
#define FIDO_ERR_RX_NOT_CBOR            -3
#define FIDO_ERR_RX_INVALID_CBOR        -4
#define FIDO_ERR_INVALID_PARAM          -5
#define FIDO_ERR_INVALID_SIG            -6
#define FIDO_ERR_INVALID_ARGUMENT       -7
#define FIDO_ERR_USER_PRESENCE_REQUIRED -8
#define FIDO_ERR_INTERNAL               -9

const char *fido_strerr(int);

#endif /* _FIDO_ERR_H */

/home/pedro/projects/libfido2/src/fido/param.h

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#ifndef _FIDO_PARAM_H
#define _FIDO_PARAM_H

/* Authentication data flags. */
#define CTAP_AUTHDATA_USER_PRESENT      0x01
#define CTAP_AUTHDATA_USER_VERIFIED     0x04
#define CTAP_AUTHDATA_ATT_CRED          0x40
#define CTAP_AUTHDATA_EXT_DATA          0x80

/* CTAPHID command opcodes. */
#define CTAP_CMD_PING                   0x01
#define CTAP_CMD_MSG                    0x03
#define CTAP_CMD_LOCK                   0x04
#define CTAP_CMD_INIT                   0x06
#define CTAP_CMD_WINK                   0x08
#define CTAP_CMD_CBOR                   0x10
#define CTAP_CMD_CANCEL                 0x11
#define CTAP_KEEPALIVE                  0x3b
#define CTAP_FRAME_INIT                 0x80

/* CTAPHID CBOR command opcodes. */
#define CTAP_CBOR_MAKECRED              0x01
#define CTAP_CBOR_ASSERT                0x02
#define CTAP_CBOR_GETINFO               0x04
#define CTAP_CBOR_CLIENT_PIN            0x06
#define CTAP_CBOR_RESET                 0x07
#define CTAP_CBOR_NEXT_ASSERT           0x08
#define CTAP_CBOR_BIO_ENROLL_PRE        0x40
#define CTAP_CBOR_CRED_MGMT_PRE         0x41

/* U2F command opcodes. */
#define U2F_CMD_REGISTER                0x01
#define U2F_CMD_AUTH                    0x02

/* U2F command flags. */
#define U2F_AUTH_SIGN                   0x03
#define U2F_AUTH_CHECK                  0x07

/* ISO7816-4 status words. */
#define SW_CONDITIONS_NOT_SATISFIED     0x6985
#define SW_WRONG_DATA                   0x6a80
#define SW_NO_ERROR                     0x9000

/* HID Broadcast channel ID. */
#define CTAP_CID_BROADCAST              0xffffffff

/* Expected size of a HID report in bytes. */
#define CTAP_RPT_SIZE                   64

/* Randomness device on UNIX-like platforms. */
#ifndef FIDO_RANDOM_DEV
#define FIDO_RANDOM_DEV                 "/dev/urandom"
#endif

/* CTAP capability bits. */
#define FIDO_CAP_WINK   0x01 /* if set, device supports CTAP_CMD_WINK */
#define FIDO_CAP_CBOR   0x04 /* if set, device supports CTAP_CMD_CBOR */
#define FIDO_CAP_NMSG   0x08 /* if set, device doesn't support CTAP_CMD_MSG */

/* Supported COSE algorithms. */
#define COSE_ES256      -7
#define COSE_EDDSA      -8
#define COSE_ECDH_ES256 -25
#define COSE_RS256      -257

/* Supported COSE types. */
#define COSE_KTY_OKP    1
#define COSE_KTY_EC2    2
#define COSE_KTY_RSA    3

/* Supported curves. */
#define COSE_P256       1
#define COSE_ED25519    6

/* Supported extensions. */
#define FIDO_EXT_HMAC_SECRET    0x01

#endif /* !_FIDO_PARAM_H */

/home/pedro/projects/libfido2/src/hid.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

fido_dev_info_t *
fido_dev_info_new(size_t n)
{
        return (calloc(n, sizeof(fido_dev_info_t)));
}

void
fido_dev_info_free(fido_dev_info_t **devlist_p, size_t n)
{
        fido_dev_info_t *devlist;

        if (devlist_p == NULL || (devlist = *devlist_p) == NULL)
                return;

        for (size_t i = 0; i < n; i++) {
                const fido_dev_info_t *di = &devlist[i];
                free(di->path);
                free(di->manufacturer);
                free(di->product);
        }

        free(devlist);

        *devlist_p = NULL;
}

const fido_dev_info_t *
fido_dev_info_ptr(const fido_dev_info_t *devlist, size_t i)
{
        return (&devlist[i]);
}

const char *
fido_dev_info_path(const fido_dev_info_t *di)
{
        return (di->path);
}

int16_t
fido_dev_info_vendor(const fido_dev_info_t *di)
{
        return (di->vendor_id);
}

int16_t
fido_dev_info_product(const fido_dev_info_t *di)
{
        return (di->product_id);
}

const char *
fido_dev_info_manufacturer_string(const fido_dev_info_t *di)
{
        return (di->manufacturer);
}

const char *
fido_dev_info_product_string(const fido_dev_info_t *di)
{
        return (di->product);
}

/home/pedro/projects/libfido2/src/hid_linux.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <sys/types.h>

#include <sys/ioctl.h>
#include <linux/hidraw.h>

#include <fcntl.h>
#include <libudev.h>
#include <string.h>
#include <unistd.h>

#include "fido.h"

#define REPORT_LEN      65

static int
get_key_len(uint8_t tag, uint8_t *key, size_t *key_len)
{
        *key = tag & 0xfc;
        if ((*key & 0xf0) == 0xf0) {
                fido_log_debug("%s: *key=0x%02x", __func__, *key);
                return (-1);
        }

        *key_len = tag & 0x3;
        if (*key_len == 3) {
                *key_len = 4;
        }

        return (0);
}

static int
get_key_val(const void *body, size_t key_len, uint32_t *val)
{
        const uint8_t *ptr = body;

        switch (key_len) {
        case 0:
                *val = 0;
                break;
        case 1:
                *val = ptr[0];
                break;
        case 2:
                *val = (uint32_t)((ptr[1] << 8) | ptr[0]);
                break;
        default:
                fido_log_debug("%s: key_len=%zu", __func__, key_len);
                return (-1);
        }

        return (0);
}

static int
get_usage_info(const struct hidraw_report_descriptor *hrd, uint32_t *usage_page,
    uint32_t *usage)
{
        const uint8_t   *ptr;
        size_t           len;

        ptr = hrd->value;
        len = hrd->size;

        while (len > 0) {
                const uint8_t tag = ptr[0];
                ptr++;
                len--;

                uint8_t  key;
                size_t   key_len;
                uint32_t key_val;

                if (get_key_len(tag, &key, &key_len) < 0 || key_len > len ||
                    get_key_val(ptr, key_len, &key_val) < 0) {
                        return (-1);
                }

                if (key == 0x4) {
                        *usage_page = key_val;
                } else if (key == 0x8) {
                        *usage = key_val;
                }

                ptr += key_len;
                len -= key_len;
        }

        return (0);
}

static int
get_report_descriptor(const char *path, struct hidraw_report_descriptor *hrd)
{
        int     r;
        int     s = -1;
        int     fd;
        int     ok = -1;

        if ((fd = open(path, O_RDONLY)) < 0) {
                fido_log_debug("%s: open", __func__);
                return (-1);
        }

        if ((r = ioctl(fd, HIDIOCGRDESCSIZE, &s)) < 0 || s < 0 ||
            (unsigned)s > HID_MAX_DESCRIPTOR_SIZE) {
                fido_log_debug("%s: ioctl HIDIOCGRDESCSIZE", __func__);
                goto fail;
        }

        hrd->size = s;

        if ((r = ioctl(fd, HIDIOCGRDESC, hrd)) < 0) {
                fido_log_debug("%s: ioctl HIDIOCGRDESC", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (fd != -1)
                close(fd);

        return (ok);
}

static bool
is_fido(const char *path)
{
        uint32_t                        usage = 0;
        uint32_t                        usage_page = 0;
        struct hidraw_report_descriptor hrd;

        memset(&hrd, 0, sizeof(hrd));

        if (get_report_descriptor(path, &hrd) < 0 ||
            get_usage_info(&hrd, &usage_page, &usage) < 0) {
                return (false);
        }

        return (usage_page == 0xf1d0);
}

static int
parse_uevent(struct udev_device *dev, int16_t *vendor_id, int16_t *product_id)
{
        const char              *uevent;
        char                    *cp;
        char                    *p;
        char                    *s;
        int                      ok = -1;
        short unsigned int       x;
        short unsigned int       y;

        if ((uevent = udev_device_get_sysattr_value(dev, "uevent")) == NULL)
                return (-1);

        if ((s = cp = strdup(uevent)) == NULL)
                return (-1);

        for ((p = strsep(&cp, "\n")); p && *p != '\0'; (p = strsep(&cp, "\n"))) {
                if (strncmp(p, "HID_ID=", 7) == 0) {
                        if (sscanf(p + 7, "%*x:%hx:%hx", &x, &y) == 2) {
                                *vendor_id = (int16_t)x;
                                *product_id = (int16_t)y;
                                ok = 0;
                        }
                        break;
                }
        }

        free(s);

        return (ok);
}

static int
copy_info(fido_dev_info_t *di, struct udev *udev,
    struct udev_list_entry *udev_entry)
{
        const char              *name;
        const char              *path;
        const char              *manufacturer;
        const char              *product;
        struct udev_device      *dev = NULL;
        struct udev_device      *hid_parent;
        struct udev_device      *usb_parent;
        int                      ok = -1;

        memset(di, 0, sizeof(*di));

        if ((name = udev_list_entry_get_name(udev_entry)) == NULL ||
            (dev = udev_device_new_from_syspath(udev, name)) == NULL ||
            (path = udev_device_get_devnode(dev)) == NULL ||
            is_fido(path) == 0)
                goto fail;

        if ((hid_parent = udev_device_get_parent_with_subsystem_devtype(dev,
            "hid", NULL)) == NULL)
                goto fail;

        if ((usb_parent = udev_device_get_parent_with_subsystem_devtype(dev,
            "usb", "usb_device")) == NULL)
                goto fail;

        if (parse_uevent(hid_parent, &di->vendor_id, &di->product_id) < 0 ||
            (manufacturer = udev_device_get_sysattr_value(usb_parent,
            "manufacturer")) == NULL ||
            (product = udev_device_get_sysattr_value(usb_parent,
            "product")) == NULL)
                goto fail;

        di->path = strdup(path);
        di->manufacturer = strdup(manufacturer);
        di->product = strdup(product);

        if (di->path == NULL ||
            di->manufacturer == NULL ||
            di->product == NULL)
                goto fail;

        ok = 0;
fail:
        if (dev != NULL)
                udev_device_unref(dev);

        if (ok < 0) {
                free(di->path);
                free(di->manufacturer);
                free(di->product);
                explicit_bzero(di, sizeof(*di));
        }

        return (ok);
}

int
fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
{
        struct udev             *udev = NULL;
        struct udev_enumerate   *udev_enum = NULL;
        struct udev_list_entry  *udev_list;
        struct udev_list_entry  *udev_entry;
        int                      r = FIDO_ERR_INTERNAL;

        *olen = 0;

        if (ilen == 0)
                return (FIDO_OK); /* nothing to do */

        if (devlist == NULL)
                return (FIDO_ERR_INVALID_ARGUMENT);

        if ((udev = udev_new()) == NULL ||
            (udev_enum = udev_enumerate_new(udev)) == NULL)
                goto fail;

        if (udev_enumerate_add_match_subsystem(udev_enum, "hidraw") < 0 ||
            udev_enumerate_scan_devices(udev_enum) < 0 ||
            (udev_list = udev_enumerate_get_list_entry(udev_enum)) == NULL)
                goto fail;

        udev_list_entry_foreach(udev_entry, udev_list) {
                if (copy_info(&devlist[*olen], udev, udev_entry) == 0) {
                        if (++(*olen) == ilen)
                                break;
                }
        }

        r = FIDO_OK;
fail:
        if (udev_enum != NULL)
                udev_enumerate_unref(udev_enum);
        if (udev != NULL)
                udev_unref(udev);

        return (r);
}

void *
fido_hid_open(const char *path)
{
        int *fd;

        if ((fd = malloc(sizeof(*fd))) == NULL ||
            (*fd = open(path, O_RDWR)) < 0) {
                free(fd);
                return (NULL);
        }

        return (fd);
}

void
fido_hid_close(void *handle)
{
        int *fd = handle;

        close(*fd);
        free(fd);
}

int
fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
{
        int     *fd = handle;
        ssize_t  r;

        (void)ms; /* XXX */

        if (len != REPORT_LEN - 1) {
                fido_log_debug("%s: invalid len", __func__);
                return (-1);
        }

        if ((r = read(*fd, buf, len)) < 0 || r != REPORT_LEN - 1)
                return (-1);

        return (REPORT_LEN - 1);
}

int
fido_hid_write(void *handle, const unsigned char *buf, size_t len)
{
        int     *fd = handle;
        ssize_t  r;

        if (len != REPORT_LEN) {
                fido_log_debug("%s: invalid len", __func__);
                return (-1);
        }

        if ((r = write(*fd, buf, len)) < 0 || r != REPORT_LEN) {
                fido_log_debug("%s: write", __func__);
                return (-1);
        }

        return (REPORT_LEN);
}

/home/pedro/projects/libfido2/src/info.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

static int
decode_version(const cbor_item_t *item, void *arg)
{
        fido_str_array_t        *v = arg;
        const size_t             i = v->len;

        /* keep ptr[x] and len consistent */
        if (cbor_string_copy(item, &v->ptr[i]) < 0) {
                fido_log_debug("%s: cbor_string_copy", __func__);
                return (-1);
        }

        v->len++;

        return (0);
}

static int
decode_versions(const cbor_item_t *item, fido_str_array_t *v)
{
        v->ptr = NULL;
        v->len = 0;

        if (cbor_isa_array(item) == false ||
            cbor_array_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        v->ptr = calloc(cbor_array_size(item), sizeof(char *));
        if (v->ptr == NULL)
                return (-1);

        if (cbor_array_iter(item, v, decode_version) < 0) {
                fido_log_debug("%s: decode_version", __func__);
                return (-1);
        }

        return (0);
}

static int
decode_extension(const cbor_item_t *item, void *arg)
{
        fido_str_array_t        *e = arg;
        const size_t             i = e->len;

        /* keep ptr[x] and len consistent */
        if (cbor_string_copy(item, &e->ptr[i]) < 0) {
                fido_log_debug("%s: cbor_string_copy", __func__);
                return (-1);
        }

        e->len++;

        return (0);
}

static int
decode_extensions(const cbor_item_t *item, fido_str_array_t *e)
{
        e->ptr = NULL;
        e->len = 0;

        if (cbor_isa_array(item) == false ||
            cbor_array_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        e->ptr = calloc(cbor_array_size(item), sizeof(char *));
        if (e->ptr == NULL)
                return (-1);

        if (cbor_array_iter(item, e, decode_extension) < 0) {
                fido_log_debug("%s: decode_extension", __func__);
                return (-1);
        }

        return (0);
}

static int
decode_aaguid(const cbor_item_t *item, unsigned char *aaguid, size_t aaguid_len)
{
        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false ||
            cbor_bytestring_length(item) != aaguid_len) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        memcpy(aaguid, cbor_bytestring_handle(item), aaguid_len);

        return (0);
}

static int
decode_option(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_opt_array_t        *o = arg;
        const size_t             i = o->len;

        if (cbor_isa_float_ctrl(val) == false ||
            cbor_float_get_width(val) != CBOR_FLOAT_0 ||
            cbor_is_bool(val) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        if (cbor_string_copy(key, &o->name[i]) < 0) {
                fido_log_debug("%s: cbor_string_copy", __func__);
                return (0); /* ignore */
        }

        /* keep name/value and len consistent */
        o->value[i] = cbor_ctrl_value(val) == CBOR_CTRL_TRUE;
        o->len++;

        return (0);
}

static int
decode_options(const cbor_item_t *item, fido_opt_array_t *o)
{
        o->name = NULL;
        o->value = NULL;
        o->len = 0;

        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        o->name = calloc(cbor_map_size(item), sizeof(char *));
        o->value = calloc(cbor_map_size(item), sizeof(bool));
        if (o->name == NULL || o->value == NULL)
                return (-1);

        return (cbor_map_iter(item, o, decode_option));
}

static int
decode_protocol(const cbor_item_t *item, void *arg)
{
        fido_byte_array_t       *p = arg;
        const size_t             i = p->len;

        if (cbor_isa_uint(item) == false ||
            cbor_int_get_width(item) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        /* keep ptr[x] and len consistent */
        p->ptr[i] = cbor_get_uint8(item);
        p->len++;

        return (0);
}

static int
decode_protocols(const cbor_item_t *item, fido_byte_array_t *p)
{
        p->ptr = NULL;
        p->len = 0;

        if (cbor_isa_array(item) == false ||
            cbor_array_is_definite(item) == false) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        p->ptr = calloc(cbor_array_size(item), sizeof(uint8_t));
        if (p->ptr == NULL)
                return (-1);

        if (cbor_array_iter(item, p, decode_protocol) < 0) {
                fido_log_debug("%s: decode_protocol", __func__);
                return (-1);
        }

        return (0);
}

static int
parse_reply_element(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_cbor_info_t *ci = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        switch (cbor_get_uint8(key)) {
        case 1: /* versions */
                return (decode_versions(val, &ci->versions));
        case 2: /* extensions */
                return (decode_extensions(val, &ci->extensions));
        case 3: /* aaguid */
                return (decode_aaguid(val, ci->aaguid, sizeof(ci->aaguid)));
        case 4: /* options */
                return (decode_options(val, &ci->options));
        case 5: /* maxMsgSize */
                return (cbor_decode_uint64(val, &ci->maxmsgsiz));
        case 6: /* pinProtocols */
                return (decode_protocols(val, &ci->protocols));
        default: /* ignore */
                fido_log_debug("%s: cbor type", __func__);
                return (0);
        }
}

static int
fido_dev_get_cbor_info_tx(fido_dev_t *dev)
{
        const unsigned char     cbor[] = { CTAP_CBOR_GETINFO };
        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;

        fido_log_debug("%s: dev=%p", __func__, (void *)dev);

        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                return (FIDO_ERR_TX);
        }

        return (FIDO_OK);
}

static int
fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[512];
        int             reply_len;

        fido_log_debug("%s: dev=%p, ci=%p, ms=%d", __func__, (void *)dev,
            (void *)ci, ms);

        memset(ci, 0, sizeof(*ci));

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        return (cbor_parse_reply(reply, (size_t)reply_len, ci,
            parse_reply_element));
}

static int
fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
{
        int r;

        if ((r = fido_dev_get_cbor_info_tx(dev)) != FIDO_OK ||
            (r = fido_dev_get_cbor_info_rx(dev, ci, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_get_cbor_info(fido_dev_t *dev, fido_cbor_info_t *ci)
{
        return (fido_dev_get_cbor_info_wait(dev, ci, -1));
}

/*
 * get/set functions for fido_cbor_info_t; always at the end of the file
 */

fido_cbor_info_t *
fido_cbor_info_new(void)
{
        return (calloc(1, sizeof(fido_cbor_info_t)));
}

static void
free_str_array(fido_str_array_t *sa)
{
        for (size_t i = 0; i < sa->len; i++)
                free(sa->ptr[i]);

        free(sa->ptr);
        sa->ptr = NULL;
        sa->len = 0;
}

static void
free_opt_array(fido_opt_array_t *oa)
{
        for (size_t i = 0; i < oa->len; i++)
                free(oa->name[i]);

        free(oa->name);
        free(oa->value);
        oa->name = NULL;
        oa->value = NULL;
}

static void
free_byte_array(fido_byte_array_t *ba)
{
        free(ba->ptr);

        ba->ptr = NULL;
        ba->len = 0;
}

void
fido_cbor_info_free(fido_cbor_info_t **ci_p)
{
        fido_cbor_info_t *ci;

        if (ci_p == NULL || (ci = *ci_p) ==  NULL)
                return;

        free_str_array(&ci->versions);
        free_str_array(&ci->extensions);
        free_opt_array(&ci->options);
        free_byte_array(&ci->protocols);
        free(ci);

        *ci_p = NULL;
}

char **
fido_cbor_info_versions_ptr(const fido_cbor_info_t *ci)
{
        return (ci->versions.ptr);
}

size_t
fido_cbor_info_versions_len(const fido_cbor_info_t *ci)
{
        return (ci->versions.len);
}

char **
fido_cbor_info_extensions_ptr(const fido_cbor_info_t *ci)
{
        return (ci->extensions.ptr);
}

size_t
fido_cbor_info_extensions_len(const fido_cbor_info_t *ci)
{
        return (ci->extensions.len);
}

const unsigned char *
fido_cbor_info_aaguid_ptr(const fido_cbor_info_t *ci)
{
        return (ci->aaguid);
}

size_t
fido_cbor_info_aaguid_len(const fido_cbor_info_t *ci)
{
        return (sizeof(ci->aaguid));
}

char **
fido_cbor_info_options_name_ptr(const fido_cbor_info_t *ci)
{
        return (ci->options.name);
}

const bool *
fido_cbor_info_options_value_ptr(const fido_cbor_info_t *ci)
{
        return (ci->options.value);
}

size_t
fido_cbor_info_options_len(const fido_cbor_info_t *ci)
{
        return (ci->options.len);
}

uint64_t
fido_cbor_info_maxmsgsiz(const fido_cbor_info_t *ci)
{
        return (ci->maxmsgsiz);
}

const uint8_t *
fido_cbor_info_protocols_ptr(const fido_cbor_info_t *ci)
{
        return (ci->protocols.ptr);
}

size_t
fido_cbor_info_protocols_len(const fido_cbor_info_t *ci)
{
        return (ci->protocols.len);
}

/home/pedro/projects/libfido2/src/io.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <stdint.h>
#include <stdio.h>
#include <string.h>

#include "fido.h"
#include "packed.h"

PACKED_TYPE(frame_t,
struct frame {
        uint32_t cid; /* channel id */
        union {
                uint8_t type;
                struct {
                        uint8_t cmd;
                        uint8_t bcnth;
                        uint8_t bcntl;
                        uint8_t data[CTAP_RPT_SIZE - 7];
                } init;
                struct {
                        uint8_t seq;
                        uint8_t data[CTAP_RPT_SIZE - 5];
                } cont;
        } body;
})

#ifndef MIN
#define MIN(x, y) ((x) > (y) ? (y) : (x))
#endif

static size_t
tx_preamble(fido_dev_t *d,  uint8_t cmd, const void *buf, size_t count)
{
        struct frame    *fp;
        unsigned char   pkt[sizeof(*fp) + 1];
        int             n;

        if (d->io.write == NULL || (cmd & 0x80) == 0)
                return (0);

        memset(&pkt, 0, sizeof(pkt));
        fp = (struct frame *)(pkt + 1);
        fp->cid = d->cid;
        fp->body.init.cmd = 0x80 | cmd;
        fp->body.init.bcnth = (count >> 8) & 0xff;
        fp->body.init.bcntl = count & 0xff;
        count = MIN(count, sizeof(fp->body.init.data));
        if (count)
                memcpy(&fp->body.init.data, buf, count);

        n = d->io.write(d->io_handle, pkt, sizeof(pkt));
        if (n < 0 || (size_t)n != sizeof(pkt))
                return (0);

        return (count);
}

static size_t
tx_frame(fido_dev_t *d, int seq, const void *buf, size_t count)
{
        struct frame    *fp;
        unsigned char    pkt[sizeof(*fp) + 1];
        int              n;

        if (d->io.write == NULL || seq < 0 || seq > UINT8_MAX)
                return (0);

        memset(&pkt, 0, sizeof(pkt));
        fp = (struct frame *)(pkt + 1);
        fp->cid = d->cid;
        fp->body.cont.seq = (uint8_t)seq;
        count = MIN(count, sizeof(fp->body.cont.data));
        memcpy(&fp->body.cont.data, buf, count);

        n = d->io.write(d->io_handle, pkt, sizeof(pkt));
        if (n < 0 || (size_t)n != sizeof(pkt))
                return (0);

        return (count);
}

int
fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count)
{
        int     seq = 0;
        size_t  sent;

        fido_log_debug("%s: d=%p, cmd=0x%02x, buf=%p, count=%zu", __func__,
            (void *)d, cmd, buf, count);
        fido_log_xxd(buf, count);

        if (d->io_handle == NULL || count > UINT16_MAX) {
                fido_log_debug("%s: invalid argument (%p, %zu)", __func__,
                    d->io_handle, count);
                return (-1);
        }

        if ((sent = tx_preamble(d, cmd, buf, count)) == 0) {
                fido_log_debug("%s: tx_preamble", __func__);
                return (-1);
        }

        while (sent < count) {
                if (seq & 0x80) {
                        fido_log_debug("%s: seq & 0x80", __func__);
                        return (-1);
                }
                const uint8_t *p = (const uint8_t *)buf + sent;
                size_t n = tx_frame(d, seq++, p, count - sent);
                if (n == 0) {
                        fido_log_debug("%s: tx_frame", __func__);
                        return (-1);
                }
                sent += n;
        }

        return (0);
}

static int
rx_frame(fido_dev_t *d, struct frame *fp, int ms)
{
        int n;

        if (d->io.read == NULL)
                return (-1);

        n = d->io.read(d->io_handle, (unsigned char *)fp, sizeof(*fp), ms);
        if (n < 0 || (size_t)n != sizeof(*fp))
                return (-1);

        return (0);
}

static int
rx_preamble(fido_dev_t *d, struct frame *fp, int ms)
{
        do {
                if (rx_frame(d, fp, ms) < 0)
                        return (-1);
#ifdef FIDO_FUZZ
                fp->cid = d->cid;
#endif
        } while (fp->cid == d->cid &&
            fp->body.init.cmd == (CTAP_FRAME_INIT | CTAP_KEEPALIVE));

        return (0);
}

int
fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms)
{
        struct frame    f;
        uint16_t        r;
        uint16_t        flen;
        int             seq;

        if (d->io_handle == NULL || (cmd & 0x80) == 0) {
                fido_log_debug("%s: invalid argument (%p, 0x%02x)", __func__,
                    d->io_handle, cmd);
                return (-1);
        }

        if (rx_preamble(d, &f, ms) < 0) {
                fido_log_debug("%s: rx_preamble", __func__);
                return (-1);
        }

        fido_log_debug("%s: initiation frame at %p, len %zu", __func__,
            (void *)&f, sizeof(f));
        fido_log_xxd(&f, sizeof(f));

#ifdef FIDO_FUZZ
        f.cid = d->cid;
        f.body.init.cmd = cmd;
#endif

        if (f.cid != d->cid || f.body.init.cmd != cmd) {
                fido_log_debug("%s: cid (0x%x, 0x%x), cmd (0x%02x, 0x%02x)",
                    __func__, f.cid, d->cid, f.body.init.cmd, cmd);
                return (-1);
        }

        flen = (f.body.init.bcnth << 8) | f.body.init.bcntl;
        if (count < (size_t)flen) {
                fido_log_debug("%s: count < flen (%zu, %zu)", __func__, count,
                    (size_t)flen);
                return (-1);
        }
        if (flen < sizeof(f.body.init.data)) {
                memcpy(buf, f.body.init.data, flen);
                return (flen);
        }

        memcpy(buf, f.body.init.data, sizeof(f.body.init.data));
        r = sizeof(f.body.init.data);
        seq = 0;

        while ((size_t)r < flen) {
                if (rx_frame(d, &f, ms) < 0) {
                        fido_log_debug("%s: rx_frame", __func__);
                        return (-1);
                }

                fido_log_debug("%s: continuation frame at %p, len %zu",
                    __func__, (void *)&f, sizeof(f));
                fido_log_xxd(&f, sizeof(f));

#ifdef FIDO_FUZZ
                f.cid = d->cid;
                f.body.cont.seq = seq;
#endif

                if (f.cid != d->cid || f.body.cont.seq != seq++) {
                        fido_log_debug("%s: cid (0x%x, 0x%x), seq (%d, %d)",
                            __func__, f.cid, d->cid, f.body.cont.seq, seq);
                        return (-1);
                }

                uint8_t *p = (uint8_t *)buf + r;

                if ((size_t)(flen - r) > sizeof(f.body.cont.data)) {
                        memcpy(p, f.body.cont.data, sizeof(f.body.cont.data));
                        r += sizeof(f.body.cont.data);
                } else {
                        memcpy(p, f.body.cont.data, flen - r);
                        r += (flen - r); /* break */
                }
        }

        fido_log_debug("%s: payload at %p, len %zu", __func__, buf, (size_t)r);
        fido_log_xxd(buf, r);

        return (r);
}

int
fido_rx_cbor_status(fido_dev_t *d, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[2048];
        int             reply_len;

        if ((reply_len = fido_rx(d, cmd, &reply, sizeof(reply), ms)) < 0 ||
            (size_t)reply_len < 1) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        return (reply[0]);
}

/home/pedro/projects/libfido2/src/iso7816.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"

iso7816_apdu_t *
iso7816_new(uint8_t ins, uint8_t p1, uint16_t payload_len)
{
        iso7816_apdu_t  *apdu;
        size_t           alloc_len;

        alloc_len = sizeof(iso7816_apdu_t) + payload_len;

        if ((apdu = calloc(1, alloc_len)) == NULL)
                return (NULL);

        apdu->alloc_len = alloc_len;
        apdu->payload_len = payload_len;
        apdu->payload_ptr = apdu->payload;
        apdu->header.ins = ins;
        apdu->header.p1 = p1;
        apdu->header.lc2 = (payload_len >> 8) & 0xff;
        apdu->header.lc3 = payload_len & 0xff;

        return (apdu);
}

void
iso7816_free(iso7816_apdu_t **apdu_p)
{
        iso7816_apdu_t *apdu;

        if (apdu_p == NULL || (apdu = *apdu_p) == NULL)
                return;

        explicit_bzero(apdu, apdu->alloc_len);
        free(apdu);

        *apdu_p = NULL;
}

int
iso7816_add(iso7816_apdu_t *apdu, const void *buf, size_t cnt)
{
        if (cnt > apdu->payload_len || cnt > UINT16_MAX)
                return (-1);

        memcpy(apdu->payload_ptr, buf, cnt);
        apdu->payload_ptr += cnt;
        apdu->payload_len -= (uint16_t)cnt;

        return (0);
}

const unsigned char *
iso7816_ptr(const iso7816_apdu_t *apdu)
{
        return ((const unsigned char *)&apdu->header);
}

size_t
iso7816_len(const iso7816_apdu_t *apdu)
{
        return (apdu->alloc_len - sizeof(apdu->alloc_len) -
            sizeof(apdu->payload_len) - sizeof(apdu->payload_ptr));
}

/home/pedro/projects/libfido2/src/log.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include "fido.h"

#ifndef FIDO_NO_DIAGNOSTIC

#ifndef TLS
#define TLS
#endif

static TLS int logging;

void
fido_log_init(void)
{
        logging = 1;
}

void
fido_log_xxd(const void *buf, size_t count)
{
        const uint8_t   *ptr = buf;
        size_t           i;

        if (!logging)
                return;

        fprintf(stderr, "  ");

        for (i = 0; i < count; i++) {
                fprintf(stderr, "%02x ", *ptr++);
                if ((i + 1) % 16 == 0 && i + 1 < count)
                        fprintf(stderr, "\n  ");
        }

        fprintf(stderr, "\n");
        fflush(stderr);
}

void
fido_log_debug(const char *fmt, ...)
{
        va_list  ap;

        if (!logging)
                return;

        va_start(ap, fmt);
        vfprintf(stderr, fmt, ap);
        va_end(ap);

        fprintf(stderr, "\n");
        fflush(stderr);
}

#endif /* !FIDO_NO_DIAGNOSTIC */

/home/pedro/projects/libfido2/src/pin.c

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <string.h>
#include "fido.h"
#include "fido/es256.h"

static int
parse_pintoken(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        fido_blob_t *token = arg;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 2) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        return (fido_blob_decode(val, token));
}

static int
fido_dev_get_pin_token_tx(fido_dev_t *dev, const char *pin,
    const fido_blob_t *ecdh, const es256_pk_t *pk)
{
        fido_blob_t      f;
        fido_blob_t     *p = NULL;
        cbor_item_t     *argv[6];
        int              r;

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        if ((p = fido_blob_new()) == NULL || fido_blob_set(p,
            (const unsigned char *)pin, strlen(pin)) < 0) {
                fido_log_debug("%s: fido_blob_set", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(5)) == NULL ||
            (argv[2] = es256_pk_encode(pk, 0)) == NULL ||
            (argv[5] = cbor_encode_pin_hash_enc(ecdh, p)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        fido_blob_free(&p);
        free(f.ptr);

        return (r);
}

static int
fido_dev_get_pin_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh,
    fido_blob_t *token, int ms)
{
        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        fido_blob_t     *aes_token = NULL;
        unsigned char    reply[2048];
        int              reply_len;
        int              r;

        if ((aes_token = fido_blob_new()) == NULL) {
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                r = FIDO_ERR_RX;
                goto fail;
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, aes_token,
            parse_pintoken)) != FIDO_OK) {
                fido_log_debug("%s: parse_pintoken", __func__);
                goto fail;
        }

        if  (aes256_cbc_dec(ecdh, aes_token, token) < 0) {
                fido_log_debug("%s: aes256_cbc_dec", __func__);
                r = FIDO_ERR_RX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        fido_blob_free(&aes_token);

        return (r);
}

static int
fido_dev_get_pin_token_wait(fido_dev_t *dev, const char *pin,
    const fido_blob_t *ecdh, const es256_pk_t *pk, fido_blob_t *token, int ms)
{
        int r;

        if ((r = fido_dev_get_pin_token_tx(dev, pin, ecdh, pk)) != FIDO_OK ||
            (r = fido_dev_get_pin_token_rx(dev, ecdh, token, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_get_pin_token(fido_dev_t *dev, const char *pin,
    const fido_blob_t *ecdh, const es256_pk_t *pk, fido_blob_t *token)
{
        return (fido_dev_get_pin_token_wait(dev, pin, ecdh, pk, token, -1));
}

static int
pad64(const char *pin, fido_blob_t **ppin)
{
        size_t  pin_len;
        size_t  ppin_len;

        pin_len = strlen(pin);
        if (pin_len < 4 || pin_len > 255) {
                fido_log_debug("%s: invalid pin length", __func__);
                return (FIDO_ERR_PIN_POLICY_VIOLATION);
        }

        if ((*ppin = fido_blob_new()) == NULL)
                return (FIDO_ERR_INTERNAL);

        ppin_len = (pin_len + 63) & ~63;
        if (ppin_len < pin_len || ((*ppin)->ptr = calloc(1, ppin_len)) == NULL) {
                fido_blob_free(ppin);
                return (FIDO_ERR_INTERNAL);
        }

        memcpy((*ppin)->ptr, pin, pin_len);
        (*ppin)->len = ppin_len;

        return (FIDO_OK);
}

static int
fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin)
{
        fido_blob_t      f;
        fido_blob_t     *ppin = NULL;
        fido_blob_t     *ecdh = NULL;
        fido_blob_t     *opin = NULL;
        cbor_item_t     *argv[6];
        es256_pk_t      *pk = NULL;
        int r;

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        if ((opin = fido_blob_new()) == NULL || fido_blob_set(opin,
            (const unsigned char *)oldpin, strlen(oldpin)) < 0) {
                fido_log_debug("%s: fido_blob_set", __func__);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        if ((r = pad64(pin, &ppin)) != FIDO_OK) {
                fido_log_debug("%s: pad64", __func__);
                goto fail;
        }

        if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                fido_log_debug("%s: fido_do_ecdh", __func__);
                goto fail;
        }

        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(4)) == NULL ||
            (argv[2] = es256_pk_encode(pk, 0)) == NULL ||
            (argv[3] = cbor_encode_change_pin_auth(ecdh, ppin, opin)) == NULL ||
            (argv[4] = cbor_encode_pin_enc(ecdh, ppin)) == NULL ||
            (argv[5] = cbor_encode_pin_hash_enc(ecdh, opin)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        es256_pk_free(&pk);
        fido_blob_free(&ppin);
        fido_blob_free(&ecdh);
        fido_blob_free(&opin);
        free(f.ptr);

        return (r);

}

static int
fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin)
{
        fido_blob_t      f;
        fido_blob_t     *ppin = NULL;
        fido_blob_t     *ecdh = NULL;
        cbor_item_t     *argv[5];
        es256_pk_t      *pk = NULL;
        int              r;

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        if ((r = pad64(pin, &ppin)) != FIDO_OK) {
                fido_log_debug("%s: pad64", __func__);
                goto fail;
        }

        if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
                fido_log_debug("%s: fido_do_ecdh", __func__);
                goto fail;
        }

        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(3)) == NULL ||
            (argv[2] = es256_pk_encode(pk, 0)) == NULL ||
            (argv[3] = cbor_encode_set_pin_auth(ecdh, ppin)) == NULL ||
            (argv[4] = cbor_encode_pin_enc(ecdh, ppin)) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 5, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        es256_pk_free(&pk);
        fido_blob_free(&ppin);
        fido_blob_free(&ecdh);
        free(f.ptr);

        return (r);
}

static int
fido_dev_set_pin_wait(fido_dev_t *dev, const char *pin, const char *oldpin,
    int ms)
{
        int r;

        if (oldpin != NULL) {
                if ((r = fido_dev_change_pin_tx(dev, pin, oldpin)) != FIDO_OK) {
                        fido_log_debug("%s: fido_dev_change_pin_tx", __func__);
                        return (r);
                }
        } else {
                if ((r = fido_dev_set_pin_tx(dev, pin)) != FIDO_OK) {
                        fido_log_debug("%s: fido_dev_set_pin_tx", __func__);
                        return (r);
                }
        }

        if ((r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
                fido_log_debug("%s: fido_rx_cbor_status", __func__);
                return (r);
        }

        return (FIDO_OK);
}

int
fido_dev_set_pin(fido_dev_t *dev, const char *pin, const char *oldpin)
{
        return (fido_dev_set_pin_wait(dev, pin, oldpin, -1));
}

static int
parse_retry_count(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        int             *retries = arg;
        uint64_t         n;

        if (cbor_isa_uint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8 ||
            cbor_get_uint8(key) != 3) {
                fido_log_debug("%s: cbor type", __func__);
                return (0); /* ignore */
        }

        if (cbor_decode_uint64(val, &n) < 0 || n > INT_MAX) {
                fido_log_debug("%s: cbor_decode_uint64", __func__);
                return (-1);
        }

        *retries = (int)n;

        return (0);
}

static int
fido_dev_get_retry_count_tx(fido_dev_t *dev)
{
        fido_blob_t      f;
        cbor_item_t     *argv[2];
        int              r;

        memset(&f, 0, sizeof(f));
        memset(argv, 0, sizeof(argv));

        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
            (argv[1] = cbor_build_uint8(1)) == NULL) {
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 2, &f) < 0 ||
            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }

        r = FIDO_OK;
fail:
        cbor_vector_free(argv, nitems(argv));
        free(f.ptr);

        return (r);
}

static int
fido_dev_get_retry_count_rx(fido_dev_t *dev, int *retries, int ms)
{
        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
        unsigned char   reply[512];
        int             reply_len;
        int             r;

        *retries = 0;

        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
                fido_log_debug("%s: fido_rx", __func__);
                return (FIDO_ERR_RX);
        }

        if ((r = cbor_parse_reply(reply, (size_t)reply_len, retries,
            parse_retry_count)) != FIDO_OK) {
                fido_log_debug("%s: parse_retry_count", __func__);
                return (r);
        }

        return (FIDO_OK);
}

static int
fido_dev_get_retry_count_wait(fido_dev_t *dev, int *retries, int ms)
{
        int r;

        if ((r = fido_dev_get_retry_count_tx(dev)) != FIDO_OK ||
            (r = fido_dev_get_retry_count_rx(dev, retries, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_get_retry_count(fido_dev_t *dev, int *retries)
{
        return (fido_dev_get_retry_count_wait(dev, retries, -1));
}

int
cbor_add_pin_params(fido_dev_t *dev, const fido_blob_t *hmac_data,
    const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin,
    cbor_item_t **auth, cbor_item_t **opt)
{
        fido_blob_t     *token = NULL;
        int              r;

        if ((token = fido_blob_new()) == NULL) {
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if ((r = fido_dev_get_pin_token(dev, pin, ecdh, pk, token)) != FIDO_OK) {
                fido_log_debug("%s: fido_dev_get_pin_token", __func__);
                goto fail;
        }

        if ((*auth = cbor_encode_pin_auth(token, hmac_data)) == NULL ||
            (*opt = cbor_encode_pin_opt()) == NULL) {
                fido_log_debug("%s: cbor encode", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        r = FIDO_OK;
fail:
        fido_blob_free(&token);

        return (r);
}

/home/pedro/projects/libfido2/src/reset.c

Source
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <stdlib.h>
#include "fido.h"

static int
fido_dev_reset_tx(fido_dev_t *dev)
{
        const unsigned char     cbor[] = { CTAP_CBOR_RESET };
        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;

        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                return (FIDO_ERR_TX);
        }

        return (FIDO_OK);
}

static int
fido_dev_reset_wait(fido_dev_t *dev, int ms)
{
        int r;

        if ((r = fido_dev_reset_tx(dev)) != FIDO_OK ||
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK)
                return (r);

        return (FIDO_OK);
}

int
fido_dev_reset(fido_dev_t *dev)
{
        return (fido_dev_reset_wait(dev, -1));
}

/home/pedro/projects/libfido2/src/rs256.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/obj_mac.h>

#include <string.h>
#include "fido.h"
#include "fido/rs256.h"

#if OPENSSL_VERSION_NUMBER < 0x10100000L
static int
RSA_bits(const RSA *r)
{
        return (BN_num_bits(r->n));
}

static int
RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
        r->n = n;
        r->e = e;
        r->d = d;

        return (1);
}

static void
RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
        *n = r->n;
        *e = r->e;
        *d = r->d;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

static int
decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
{
        if (cbor_isa_bytestring(item) == false ||
            cbor_bytestring_is_definite(item) == false ||
            cbor_bytestring_length(item) != len) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        memcpy(ptr, cbor_bytestring_handle(item), len);

        return (0);
}

static int
decode_rsa_pubkey(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
        rs256_pk_t *k = arg;

        if (cbor_isa_negint(key) == false ||
            cbor_int_get_width(key) != CBOR_INT_8)
                return (0); /* ignore */

        switch (cbor_get_uint8(key)) {
        case 0: /* modulus */
                return (decode_bignum(val, &k->n, sizeof(k->n)));
        case 1: /* public exponent */
                return (decode_bignum(val, &k->e, sizeof(k->e)));
        }

        return (0); /* ignore */
}

int
rs256_pk_decode(const cbor_item_t *item, rs256_pk_t *k)
{
        if (cbor_isa_map(item) == false ||
            cbor_map_is_definite(item) == false ||
            cbor_map_iter(item, k, decode_rsa_pubkey) < 0) {
                fido_log_debug("%s: cbor type", __func__);
                return (-1);
        }

        return (0);
}

rs256_pk_t *
rs256_pk_new(void)
{
        return (calloc(1, sizeof(rs256_pk_t)));
}

void
rs256_pk_free(rs256_pk_t **pkp)
{
        rs256_pk_t *pk;

        if (pkp == NULL || (pk = *pkp) == NULL)
                return;

        explicit_bzero(pk, sizeof(*pk));
        free(pk);

        *pkp = NULL;
}

int
rs256_pk_from_ptr(rs256_pk_t *pk, const void *ptr, size_t len)
{
        if (len < sizeof(*pk))
                return (FIDO_ERR_INVALID_ARGUMENT);

        memcpy(pk, ptr, sizeof(*pk));

        return (FIDO_OK);
}

EVP_PKEY *
rs256_pk_to_EVP_PKEY(const rs256_pk_t *k)
{
        RSA             *rsa = NULL;
        EVP_PKEY        *pkey = NULL;
        BIGNUM          *n = NULL;
        BIGNUM          *e = NULL;
        int              ok = -1;

        if ((n = BN_new()) == NULL || (e = BN_new()) == NULL)
                goto fail;

        if (BN_bin2bn(k->n, sizeof(k->n), n) == NULL ||
            BN_bin2bn(k->e, sizeof(k->e), e) == NULL) {
                fido_log_debug("%s: BN_bin2bn", __func__);
                goto fail;
        }

        if ((rsa = RSA_new()) == NULL || RSA_set0_key(rsa, n, e, NULL) == 0) {
                fido_log_debug("%s: RSA_set0_key", __func__);
                goto fail;
        }

        /* at this point, n and e belong to rsa */
        n = NULL;
        e = NULL;

        if ((pkey = EVP_PKEY_new()) == NULL ||
            EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
                fido_log_debug("%s: EVP_PKEY_assign_RSA", __func__);
                goto fail;
        }

        rsa = NULL; /* at this point, rsa belongs to evp */

        ok = 0;
fail:
        if (n != NULL)
                BN_free(n);
        if (e != NULL)
                BN_free(e);
        if (rsa != NULL)
                RSA_free(rsa);
        if (ok < 0 && pkey != NULL) {
                EVP_PKEY_free(pkey);
                pkey = NULL;
        }

        return (pkey);
}

int
rs256_pk_from_RSA(rs256_pk_t *pk, const RSA *rsa)
{
        const BIGNUM    *n = NULL;
        const BIGNUM    *e = NULL;
        const BIGNUM    *d = NULL;
        int              k;

        if (RSA_bits(rsa) != 2048) {
                fido_log_debug("%s: invalid key length", __func__);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        RSA_get0_key(rsa, &n, &e, &d);

        if (n == NULL || e == NULL) {
                fido_log_debug("%s: RSA_get0_key", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        if ((k = BN_num_bytes(n)) < 0 || (size_t)k > sizeof(pk->n) ||
            (k = BN_num_bytes(e)) < 0 || (size_t)k > sizeof(pk->e)) {
                fido_log_debug("%s: invalid key", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        if ((k = BN_bn2bin(n, pk->n)) < 0 || (size_t)k > sizeof(pk->n) ||
            (k = BN_bn2bin(e, pk->e)) < 0 || (size_t)k > sizeof(pk->e)) {
                fido_log_debug("%s: BN_bn2bin", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        return (FIDO_OK);
}

/home/pedro/projects/libfido2/src/u2f.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2018 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <openssl/sha.h>
#include <openssl/x509.h>

#include <string.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

#include "fido.h"
#include "fido/es256.h"

#if defined(_MSC_VER)
static int
usleep(unsigned int usec)
{
        Sleep(usec / 1000);

        return (0);
}
#endif

static int
sig_get(fido_blob_t *sig, const unsigned char **buf, size_t *len)
{
        sig->len = *len; /* consume the whole buffer */
        if ((sig->ptr = calloc(1, sig->len)) == NULL ||
            fido_buf_read(buf, len, sig->ptr, sig->len) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                if (sig->ptr != NULL) {
                        explicit_bzero(sig->ptr, sig->len);
                        free(sig->ptr);
                        sig->ptr = NULL;
                        sig->len = 0;
                        return (-1);
                }
        }

        return (0);
}

static int
x5c_get(fido_blob_t *x5c, const unsigned char **buf, size_t *len)
{
        X509    *cert = NULL;
        int      ok = -1;

        if (*len > LONG_MAX) {
                fido_log_debug("%s: invalid len %zu", __func__, *len);
                goto fail;
        }

        /* find out the certificate's length */
        const unsigned char *end = *buf;
        if ((cert = d2i_X509(NULL, &end, (long)*len)) == NULL || end <= *buf ||
            (x5c->len = (size_t)(end - *buf)) >= *len) {
                fido_log_debug("%s: d2i_X509", __func__);
                goto fail;
        }

        /* read accordingly */
        if ((x5c->ptr = calloc(1, x5c->len)) == NULL ||
            fido_buf_read(buf, len, x5c->ptr, x5c->len) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (cert != NULL)
                X509_free(cert);

        if (ok < 0) {
                free(x5c->ptr);
                x5c->ptr = NULL;
                x5c->len = 0;
        }

        return (ok);
}

static int
authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount,
    fido_blob_t *fake_cbor_ad)
{
        fido_authdata_t  ad;
        cbor_item_t     *item = NULL;
        size_t           alloc_len;

        memset(&ad, 0, sizeof(ad));

        if (SHA256((const void *)rp_id, strlen(rp_id),
            ad.rp_id_hash) != ad.rp_id_hash) {
                fido_log_debug("%s: sha256", __func__);
                return (-1);
        }

        ad.flags = flags; /* XXX translate? */
        ad.sigcount = sigcount;

        if ((item = cbor_build_bytestring((const unsigned char *)&ad,
            sizeof(ad))) == NULL) {
                fido_log_debug("%s: cbor_build_bytestring", __func__);
                return (-1);
        }

        if (fake_cbor_ad->ptr != NULL ||
            (fake_cbor_ad->len = cbor_serialize_alloc(item, &fake_cbor_ad->ptr,
            &alloc_len)) == 0) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                cbor_decref(&item);
                return (-1);
        }

        cbor_decref(&item);

        return (0);
}

static int
send_dummy_register(fido_dev_t *dev, int ms)
{
        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
        iso7816_apdu_t  *apdu = NULL;
        unsigned char    challenge[SHA256_DIGEST_LENGTH];
        unsigned char    application[SHA256_DIGEST_LENGTH];
        unsigned char    reply[2048];
        int              r;

#ifdef FIDO_FUZZ
        ms = 0; /* XXX */
#endif

        /* dummy challenge & application */
        memset(&challenge, 0xff, sizeof(challenge));
        memset(&application, 0xff, sizeof(application));

        if ((apdu = iso7816_new(U2F_CMD_REGISTER, 0, 2 *
            SHA256_DIGEST_LENGTH)) == NULL ||
            iso7816_add(apdu, &challenge, sizeof(challenge)) < 0 ||
            iso7816_add(apdu, &application, sizeof(application)) < 0) {
                fido_log_debug("%s: iso7816", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        do {
                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
                    iso7816_len(apdu)) < 0) {
                        fido_log_debug("%s: fido_tx", __func__);
                        r = FIDO_ERR_TX;
                        goto fail;
                }
                if (fido_rx(dev, cmd, &reply, sizeof(reply), ms) < 2) {
                        fido_log_debug("%s: fido_rx", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
                if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) {
                        fido_log_debug("%s: usleep", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
        } while (((reply[0] << 8) | reply[1]) == SW_CONDITIONS_NOT_SATISFIED);

        r = FIDO_OK;
fail:
        iso7816_free(&apdu);

        return (r);
}

static int
key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id,
    int *found, int ms)
{
        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
        iso7816_apdu_t  *apdu = NULL;
        unsigned char    challenge[SHA256_DIGEST_LENGTH];
        unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
        unsigned char    reply[8];
        uint8_t          key_id_len;
        int              r;

        if (key_id->len > UINT8_MAX || rp_id == NULL) {
                fido_log_debug("%s: key_id->len=%zu, rp_id=%p", __func__,
                    key_id->len, (const void *)rp_id);
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        memset(&challenge, 0xff, sizeof(challenge));
        memset(&rp_id_hash, 0, sizeof(rp_id_hash));

        if (SHA256((const void *)rp_id, strlen(rp_id),
            rp_id_hash) != rp_id_hash) {
                fido_log_debug("%s: sha256", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        key_id_len = (uint8_t)key_id->len;

        if ((apdu = iso7816_new(U2F_CMD_AUTH, U2F_AUTH_CHECK, 2 *
            SHA256_DIGEST_LENGTH + sizeof(key_id_len) + key_id_len)) == NULL ||
            iso7816_add(apdu, &challenge, sizeof(challenge)) < 0 ||
            iso7816_add(apdu, &rp_id_hash, sizeof(rp_id_hash)) < 0 ||
            iso7816_add(apdu, &key_id_len, sizeof(key_id_len)) < 0 ||
            iso7816_add(apdu, key_id->ptr, key_id_len) < 0) {
                fido_log_debug("%s: iso7816", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        if (fido_tx(dev, cmd, iso7816_ptr(apdu), iso7816_len(apdu)) < 0) {
                fido_log_debug("%s: fido_tx", __func__);
                r = FIDO_ERR_TX;
                goto fail;
        }
        if (fido_rx(dev, cmd, &reply, sizeof(reply), ms) != 2) {
                fido_log_debug("%s: fido_rx", __func__);
                r = FIDO_ERR_RX;
                goto fail;
        }

        switch ((reply[0] << 8) | reply[1]) {
        case SW_CONDITIONS_NOT_SATISFIED:
                *found = 1; /* key exists */
                break;
        case SW_WRONG_DATA:
                *found = 0; /* key does not exist */
                break;
        default:
                /* unexpected sw */
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        r = FIDO_OK;
fail:
        iso7816_free(&apdu);

        return (r);
}

static int
parse_auth_reply(fido_blob_t *sig, fido_blob_t *ad, const char *rp_id,
    const unsigned char *reply, size_t len)
{
        uint8_t         flags;
        uint32_t        sigcount;

        if (len < 2 || ((reply[len - 2] << 8) | reply[len - 1]) != SW_NO_ERROR) {
                fido_log_debug("%s: unexpected sw", __func__);
                return (FIDO_ERR_RX);
        }

        len -= 2;

        if (fido_buf_read(&reply, &len, &flags, sizeof(flags)) < 0 ||
            fido_buf_read(&reply, &len, &sigcount, sizeof(sigcount)) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                return (FIDO_ERR_RX);
        }

        if (sig_get(sig, &reply, &len) < 0) {
                fido_log_debug("%s: sig_get", __func__);
                return (FIDO_ERR_RX);
        }

        if (authdata_fake(rp_id, flags, sigcount, ad) < 0) {
                fido_log_debug("%s; authdata_fake", __func__);
                return (FIDO_ERR_RX);
        }

        return (FIDO_OK);
}

static int
do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id,
    const fido_blob_t *key_id, fido_blob_t *sig, fido_blob_t *ad, int ms)
{
        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
        iso7816_apdu_t  *apdu = NULL;
        unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
        unsigned char    reply[128];
        int              reply_len;
        uint8_t          key_id_len;
        int              r;

#ifdef FIDO_FUZZ
        ms = 0; /* XXX */
#endif

        if (cdh->len != SHA256_DIGEST_LENGTH || key_id->len > UINT8_MAX ||
            rp_id == NULL) {
                r = FIDO_ERR_INVALID_ARGUMENT;
                goto fail;
        }

        memset(&rp_id_hash, 0, sizeof(rp_id_hash));

        if (SHA256((const void *)rp_id, strlen(rp_id),
            rp_id_hash) != rp_id_hash) {
                fido_log_debug("%s: sha256", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        key_id_len = (uint8_t)key_id->len;

        if ((apdu = iso7816_new(U2F_CMD_AUTH, U2F_AUTH_SIGN, 2 *
            SHA256_DIGEST_LENGTH + sizeof(key_id_len) + key_id_len)) == NULL ||
            iso7816_add(apdu, cdh->ptr, cdh->len) < 0 ||
            iso7816_add(apdu, &rp_id_hash, sizeof(rp_id_hash)) < 0 ||
            iso7816_add(apdu, &key_id_len, sizeof(key_id_len)) < 0 ||
            iso7816_add(apdu, key_id->ptr, key_id_len) < 0) {
                fido_log_debug("%s: iso7816", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        do {
                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
                    iso7816_len(apdu)) < 0) {
                        fido_log_debug("%s: fido_tx", __func__);
                        r = FIDO_ERR_TX;
                        goto fail;
                }
                if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply),
                    ms)) < 2) {
                        fido_log_debug("%s: fido_rx", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
                if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) {
                        fido_log_debug("%s: usleep", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
        } while (((reply[0] << 8) | reply[1]) == SW_CONDITIONS_NOT_SATISFIED);

        if ((r = parse_auth_reply(sig, ad, rp_id, reply,
            (size_t)reply_len)) != FIDO_OK) {
                fido_log_debug("%s: parse_auth_reply", __func__);
                goto fail;
        }

fail:
        iso7816_free(&apdu);

        return (r);
}

static int
cbor_blob_from_ec_point(const uint8_t *ec_point, size_t ec_point_len,
    fido_blob_t *cbor_blob)
{
        es256_pk_t      *pk = NULL;
        cbor_item_t     *pk_cbor = NULL;
        size_t           alloc_len;
        int              ok = -1;

        /* only handle uncompressed points */
        if (ec_point_len != 65 || ec_point[0] != 0x04) {
                fido_log_debug("%s: unexpected format", __func__);
                goto fail;
        }

        if ((pk = es256_pk_new()) == NULL ||
            es256_pk_set_x(pk, &ec_point[1]) < 0 ||
            es256_pk_set_y(pk, &ec_point[33]) < 0) {
                fido_log_debug("%s: es256_pk_set", __func__);
                goto fail;
        }

        if ((pk_cbor = es256_pk_encode(pk, 0)) == NULL) {
                fido_log_debug("%s: es256_pk_encode", __func__);
                goto fail;
        }

        if ((cbor_blob->len = cbor_serialize_alloc(pk_cbor, &cbor_blob->ptr,
            &alloc_len)) != 77) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                goto fail;
        }

        ok = 0;
fail:
        es256_pk_free(&pk);

        if (pk_cbor)
                cbor_decref(&pk_cbor);

        return (ok);
}

static int
encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len,
    const uint8_t *pubkey, size_t pubkey_len, fido_blob_t *out)
{
        fido_authdata_t          authdata;
        fido_attcred_raw_t       attcred_raw;
        fido_blob_t              pk_blob;
        fido_blob_t              authdata_blob;
        cbor_item_t             *authdata_cbor = NULL;
        unsigned char           *ptr;
        size_t                   len;
        size_t                   alloc_len;
        int                      ok = -1;

        memset(&pk_blob, 0, sizeof(pk_blob));
        memset(&authdata, 0, sizeof(authdata));
        memset(&authdata_blob, 0, sizeof(authdata_blob));
        memset(out, 0, sizeof(*out));

        if (rp_id == NULL) {
                fido_log_debug("%s: NULL rp_id", __func__);
                goto fail;
        }

        if (cbor_blob_from_ec_point(pubkey, pubkey_len, &pk_blob) < 0) {
                fido_log_debug("%s: cbor_blob_from_ec_point", __func__);
                goto fail;
        }

        if (SHA256((const void *)rp_id, strlen(rp_id),
            authdata.rp_id_hash) != authdata.rp_id_hash) {
                fido_log_debug("%s: sha256", __func__);
                goto fail;
        }

        authdata.flags = (CTAP_AUTHDATA_ATT_CRED | CTAP_AUTHDATA_USER_PRESENT);
        authdata.sigcount = 0;

        memset(&attcred_raw.aaguid, 0, sizeof(attcred_raw.aaguid));
        attcred_raw.id_len = (uint16_t)(kh_len << 8); /* XXX */

        len = authdata_blob.len = sizeof(authdata) + sizeof(attcred_raw) +
            kh_len + pk_blob.len;
        ptr = authdata_blob.ptr = calloc(1, authdata_blob.len);

        fido_log_debug("%s: ptr=%p, len=%zu", __func__, (void *)ptr, len);

        if (authdata_blob.ptr == NULL)
                goto fail;

        if (fido_buf_write(&ptr, &len, &authdata, sizeof(authdata)) < 0 ||
            fido_buf_write(&ptr, &len, &attcred_raw, sizeof(attcred_raw)) < 0 ||
            fido_buf_write(&ptr, &len, kh, kh_len) < 0 ||
            fido_buf_write(&ptr, &len, pk_blob.ptr, pk_blob.len) < 0) {
                fido_log_debug("%s: fido_buf_write", __func__);
                goto fail;
        }

        if ((authdata_cbor = fido_blob_encode(&authdata_blob)) == NULL) {
                fido_log_debug("%s: fido_blob_encode", __func__);
                goto fail;
        }

        if ((out->len = cbor_serialize_alloc(authdata_cbor, &out->ptr,
            &alloc_len)) == 0) {
                fido_log_debug("%s: cbor_serialize_alloc", __func__);
                goto fail;
        }

        ok = 0;
fail:
        if (authdata_cbor)
                cbor_decref(&authdata_cbor);

        if (pk_blob.ptr) {
                explicit_bzero(pk_blob.ptr, pk_blob.len);
                free(pk_blob.ptr);
        }
        if (authdata_blob.ptr) {
                explicit_bzero(authdata_blob.ptr, authdata_blob.len);
                free(authdata_blob.ptr);
        }

        return (ok);
}

static int
parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len)
{
        fido_blob_t      x5c;
        fido_blob_t      sig;
        fido_blob_t      ad;
        uint8_t          dummy;
        uint8_t          pubkey[65];
        uint8_t          kh_len = 0;
        uint8_t         *kh = NULL;
        int              r;

        memset(&x5c, 0, sizeof(x5c));
        memset(&sig, 0, sizeof(sig));
        memset(&ad, 0, sizeof(ad));
        r = FIDO_ERR_RX;

        /* status word */
        if (len < 2 || ((reply[len - 2] << 8) | reply[len - 1]) != SW_NO_ERROR) {
                fido_log_debug("%s: unexpected sw", __func__);
                goto fail;
        }

        len -= 2;

        /* reserved byte */
        if (fido_buf_read(&reply, &len, &dummy, sizeof(dummy)) < 0 ||
            dummy != 0x05) {
                fido_log_debug("%s: reserved byte", __func__);
                goto fail;
        }

        /* pubkey + key handle */
        if (fido_buf_read(&reply, &len, &pubkey, sizeof(pubkey)) < 0 ||
            fido_buf_read(&reply, &len, &kh_len, sizeof(kh_len)) < 0 ||
            (kh = calloc(1, kh_len)) == NULL ||
            fido_buf_read(&reply, &len, kh, kh_len) < 0) {
                fido_log_debug("%s: fido_buf_read", __func__);
                goto fail;
        }

        /* x5c + sig */
        if (x5c_get(&x5c, &reply, &len) < 0 ||
            sig_get(&sig, &reply, &len) < 0) {
                fido_log_debug("%s: x5c || sig", __func__);
                goto fail;
        }

        /* authdata */
        if (encode_cred_authdata(cred->rp.id, kh, kh_len, pubkey,
            sizeof(pubkey), &ad) < 0) {
                fido_log_debug("%s: encode_cred_authdata", __func__);
                goto fail;
        }

        if (fido_cred_set_fmt(cred, "fido-u2f") != FIDO_OK ||
            fido_cred_set_authdata(cred, ad.ptr, ad.len) != FIDO_OK ||
            fido_cred_set_x509(cred, x5c.ptr, x5c.len) != FIDO_OK ||
            fido_cred_set_sig(cred, sig.ptr, sig.len) != FIDO_OK) {
                fido_log_debug("%s: fido_cred_set", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (kh) {
                explicit_bzero(kh, kh_len);
                free(kh);
        }
        if (x5c.ptr) {
                explicit_bzero(x5c.ptr, x5c.len);
                free(x5c.ptr);
        }
        if (sig.ptr) {
                explicit_bzero(sig.ptr, sig.len);
                free(sig.ptr);
        }
        if (ad.ptr) {
                explicit_bzero(ad.ptr, ad.len);
                free(ad.ptr);
        }

        return (r);
}

int
u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms)
{
        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
        iso7816_apdu_t  *apdu = NULL;
        unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
        unsigned char    reply[2048];
        int              reply_len;
        int              found;
        int              r;

#ifdef FIDO_FUZZ
        ms = 0; /* XXX */
#endif

        if (cred->rk == FIDO_OPT_TRUE || cred->uv == FIDO_OPT_TRUE) {
                fido_log_debug("%s: rk=%d, uv=%d", __func__, cred->rk,
                    cred->uv);
                return (FIDO_ERR_UNSUPPORTED_OPTION);
        }

        if (cred->type != COSE_ES256 || cred->cdh.ptr == NULL ||
            cred->rp.id == NULL || cred->cdh.len != SHA256_DIGEST_LENGTH) {
                fido_log_debug("%s: type=%d, cdh=(%p,%zu)" , __func__,
                    cred->type, (void *)cred->cdh.ptr, cred->cdh.len);
                return (FIDO_ERR_INVALID_ARGUMENT);
        }

        for (size_t i = 0; i < cred->excl.len; i++) {
                if ((r = key_lookup(dev, cred->rp.id, &cred->excl.ptr[i],
                    &found, ms)) != FIDO_OK) {
                        fido_log_debug("%s: key_lookup", __func__);
                        return (r);
                }
                if (found) {
                        if ((r = send_dummy_register(dev, ms)) != FIDO_OK) {
                                fido_log_debug("%s: send_dummy_register",
                                    __func__);
                                return (r);
                        }
                        return (FIDO_ERR_CREDENTIAL_EXCLUDED);
                }
        }

        memset(&rp_id_hash, 0, sizeof(rp_id_hash));

        if (SHA256((const void *)cred->rp.id, strlen(cred->rp.id),
            rp_id_hash) != rp_id_hash) {
                fido_log_debug("%s: sha256", __func__);
                return (FIDO_ERR_INTERNAL);
        }

        if ((apdu = iso7816_new(U2F_CMD_REGISTER, 0, 2 *
            SHA256_DIGEST_LENGTH)) == NULL ||
            iso7816_add(apdu, cred->cdh.ptr, cred->cdh.len) < 0 ||
            iso7816_add(apdu, rp_id_hash, sizeof(rp_id_hash)) < 0) {
                fido_log_debug("%s: iso7816", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        do {
                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
                    iso7816_len(apdu)) < 0) {
                        fido_log_debug("%s: fido_tx", __func__);
                        r = FIDO_ERR_TX;
                        goto fail;
                }
                if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply),
                    ms)) < 2) {
                        fido_log_debug("%s: fido_rx", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
                if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) {
                        fido_log_debug("%s: usleep", __func__);
                        r = FIDO_ERR_RX;
                        goto fail;
                }
        } while (((reply[0] << 8) | reply[1]) == SW_CONDITIONS_NOT_SATISFIED);

        if ((r = parse_register_reply(cred, reply,
            (size_t)reply_len)) != FIDO_OK) {
                fido_log_debug("%s: parse_register_reply", __func__);
                goto fail;
        }
fail:
        iso7816_free(&apdu);

        return (r);
}

static int
u2f_authenticate_single(fido_dev_t *dev, const fido_blob_t *key_id,
    fido_assert_t *fa, size_t idx, int ms)
{
        fido_blob_t     sig;
        fido_blob_t     ad;
        int             found;
        int             r;

        memset(&sig, 0, sizeof(sig));
        memset(&ad, 0, sizeof(ad));

        if ((r = key_lookup(dev, fa->rp_id, key_id, &found, ms)) != FIDO_OK) {
                fido_log_debug("%s: key_lookup", __func__);
                goto fail;
        }

        if (!found) {
                fido_log_debug("%s: not found", __func__);
                r = FIDO_ERR_CREDENTIAL_EXCLUDED;
                goto fail;
        }

        if (fa->up == FIDO_OPT_FALSE) {
                fido_log_debug("%s: checking for key existence only", __func__);
                r = FIDO_ERR_USER_PRESENCE_REQUIRED;
                goto fail;
        }

        if ((r = do_auth(dev, &fa->cdh, fa->rp_id, key_id, &sig, &ad,
            ms)) != FIDO_OK) {
                fido_log_debug("%s: do_auth", __func__);
                goto fail;
        }

        if (fido_blob_set(&fa->stmt[idx].id, key_id->ptr, key_id->len) < 0 ||
            fido_assert_set_authdata(fa, idx, ad.ptr, ad.len) != FIDO_OK ||
            fido_assert_set_sig(fa, idx, sig.ptr, sig.len) != FIDO_OK) {
                fido_log_debug("%s: fido_assert_set", __func__);
                r = FIDO_ERR_INTERNAL;
                goto fail;
        }

        r = FIDO_OK;
fail:
        if (sig.ptr) {
                explicit_bzero(sig.ptr, sig.len);
                free(sig.ptr);
        }
        if (ad.ptr) {
                explicit_bzero(ad.ptr, ad.len);
                free(ad.ptr);
        }

        return (r);
}

int
u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int ms)
{
        int     nauth_ok = 0;
        int     r;

        if (fa->uv == FIDO_OPT_TRUE || fa->allow_list.ptr == NULL) {
                fido_log_debug("%s: uv=%d, allow_list=%p", __func__, fa->uv,
                    (void *)fa->allow_list.ptr);
                return (FIDO_ERR_UNSUPPORTED_OPTION);
        }

        if ((r = fido_assert_set_count(fa, fa->allow_list.len)) != FIDO_OK) {
                fido_log_debug("%s: fido_assert_set_count", __func__);
                return (r);
        }

        for (size_t i = 0; i < fa->allow_list.len; i++) {
                if ((r = u2f_authenticate_single(dev, &fa->allow_list.ptr[i],
                    fa, nauth_ok, ms)) == FIDO_OK) {
                        nauth_ok++;
                } else if (r != FIDO_ERR_CREDENTIAL_EXCLUDED) {
                        fido_log_debug("%s: u2f_authenticate_single", __func__);
                        return (r);
                }
                /* ignore credentials that don't exist */
        }

        fa->stmt_len = nauth_ok;

        if (nauth_ok == 0)
                return (FIDO_ERR_NO_CREDENTIALS);

        return (FIDO_OK);
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2019 Yubico AB. All rights reserved.
3		* Use of this source code is governed by a BSD-style
4		* license that can be found in the LICENSE file.
5		*/
6
7		#include <openssl/bn.h>
8		#include <openssl/ec.h>
9		#include <openssl/evp.h>
10		#include <openssl/obj_mac.h>
11
12		#include <string.h>
13		#include "fido.h"
14		#include "fido/eddsa.h"
15
16		#if defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10101000L
17		EVP_PKEY *
18		EVP_PKEY_new_raw_public_key(int type, ENGINE e, const unsigned char key,
19		size_t keylen)
20		{
21		(void)type;
22		(void)e;
23		(void)key;
24		(void)keylen;
25
26		return (NULL);
27		}
28
29		int
30		EVP_PKEY_get_raw_public_key(const EVP_PKEY pkey, unsigned char pub,
31		size_t *len)
32		{
33		(void)pkey;
34		(void)pub;
35		(void)len;
36
37		return (0);
38		}
39
40		int
41		EVP_DigestVerify(EVP_MD_CTX ctx, const unsigned char sigret, size_t siglen,
42		const unsigned char *tbs, size_t tbslen)
43		{
44		(void)ctx;
45		(void)sigret;
46		(void)siglen;
47		(void)tbs;
48		(void)tbslen;
49
50		return (0);
51		}
52		#endif /* LIBRESSL_VERSION_NUMBER \|\| OPENSSL_VERSION_NUMBER < 0x10101000L */
53
54		#if OPENSSL_VERSION_NUMBER < 0x10100000L
55		EVP_MD_CTX *
56		EVP_MD_CTX_new(void)
57		{
58		return (NULL);
59		}
60
61		void
62		EVP_MD_CTX_free(EVP_MD_CTX *ctx)
63		{
64		(void)ctx;
65		}
66		#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
67
68		static int
69		decode_coord(const cbor_item_t item, void xy, size_t xy_len)
70	189	{
71	189	if (cbor_isa_bytestring(item) == false \|\|
72	189	cbor_bytestring_is_definite(item) == false \|\|
73	189	cbor_bytestring_length(item) != xy_len) {
74	7	fido_log_debug("%s: cbor type", __func__);
75	7	return (-1);
76	7	}
77	182
78	182	memcpy(xy, cbor_bytestring_handle(item), xy_len);
79	182
80	182	return (0);
81	182	}
82
83		static int
84		decode_pubkey_point(const cbor_item_t key, const cbor_item_t val, void *arg)
85	888	{
86	888	eddsa_pk_t *k = arg;
87	888
88	888	if (cbor_isa_negint(key) == false \|\|
89	888	cbor_int_get_width(key) != CBOR_INT_8)
90	468	return (0); /* ignore */
91	420
92	420	switch (cbor_get_uint8(key)) {
93	420	case 1: /* x coordinate */
94	189	return (decode_coord(val, &k->x, sizeof(k->x)));
95	231	}
96	231
97	231	return (0); /* ignore */
98	231	}
99
100		int
101		eddsa_pk_decode(const cbor_item_t item, eddsa_pk_t k)
102	221	{
103	221	if (cbor_isa_map(item) == false \|\|
104	221	cbor_map_is_definite(item) == false \|\|
105	221	cbor_map_iter(item, k, decode_pubkey_point) < 0) {
106	7	fido_log_debug("%s: cbor type", __func__);
107	7	return (-1);
108	7	}
109	214
110	214	return (0);
111	214	}
112
113		eddsa_pk_t *
114		eddsa_pk_new(void)
115	299	{
116	299	return (calloc(1, sizeof(eddsa_pk_t)));
117	299	}
118
119		void
120		eddsa_pk_free(eddsa_pk_t **pkp)
121	606	{
122	606	eddsa_pk_t *pk;
123	606
124	606	if (pkp == NULL \|\| (pk = *pkp) == NULL)
125	606	return;
126	297
127	297	explicit_bzero(pk, sizeof(*pk));
128	297	free(pk);
129	297
130	297	*pkp = NULL;
131	297	}
132
133		int
134		eddsa_pk_from_ptr(eddsa_pk_t pk, const void ptr, size_t len)
135	150	{
136	150	if (len < sizeof(*pk))
137	130	return (FIDO_ERR_INVALID_ARGUMENT);
138	20
139	20	memcpy(pk, ptr, sizeof(*pk));
140	20
141	20	return (FIDO_OK);
142	20	}
143
144		EVP_PKEY *
145		eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k)
146	166	{
147	166	EVP_PKEY *pkey = NULL;
148	166
149	166	if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x,
150	166	sizeof(k->x))) == NULL)
151	166	fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__);
152	166
153	166	return (pkey);
154	166	}
155
156		int
157		eddsa_pk_from_EVP_PKEY(eddsa_pk_t pk, const EVP_PKEY pkey)
158	147	{
159	147	size_t len = 0;
160	147
161	147	if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 \|\|
162	147	len != sizeof(pk->x))
163	0	return (FIDO_ERR_INTERNAL);
164	147	if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 \|\|
165	147	len != sizeof(pk->x))
166	0	return (FIDO_ERR_INTERNAL);
167	147
168	147	return (FIDO_OK);
169	147	}

Line	Count	Source
1		/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
2		/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
3		/*
4		* Public domain.
5		* Written by Ted Unangst
6		*/
7
8		#include "openbsd-compat.h"
9
10		#if !defined(HAVE_EXPLICIT_BZERO) && !defined(_WIN32)
11
12		#include <string.h>
13
14		/*
15		* explicit_bzero - don't let the compiler optimize away bzero
16		*/
17
18		#ifdef HAVE_MEMSET_S
19
20		void
21		explicit_bzero(void *p, size_t n)
22		{
23		if (n == 0)
24		return;
25		(void)memset_s(p, n, 0, n);
26		}
27
28		#else /* HAVE_MEMSET_S */
29
30		/*
31		* Indirect bzero through a volatile pointer to hopefully avoid
32		* dead-store optimisation eliminating the call.
33		*/
34		static void (* volatile ssh_bzero)(void *, size_t) = bzero;
35
36		void
37		explicit_bzero(void *p, size_t n)
38	141k	{
39	141k	if (n == 0)
40	249	return;
41	141k	/*
42	141k	* clang -fsanitize=memory needs to intercept memset-like functions
43	141k	* to correctly detect memory initialisation. Make sure one is called
44	141k	* directly since our indirection trick above successfully confuses it.
45	141k	*/
46	141k	#if defined(__has_feature)
47		# if __has_feature(memory_sanitizer)
48		memset(p, 0, n);
49		# endif
50		#endif
51	141k
52	141k	ssh_bzero(p, n);
53	141k	}
54
55		#endif /* HAVE_MEMSET_S */
56
57		#endif /* !defined(HAVE_EXPLICIT_BZERO) && !defined(_WIN32) */