Coverage Report

Created: 2020-09-01 07:05

/libfido2/src/credman.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2019 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/sha.h>
8
9
#include <string.h>
10
11
#include "fido.h"
12
#include "fido/credman.h"
13
#include "fido/es256.h"
14
15
109
#define CMD_CRED_METADATA       0x01
16
326
#define CMD_RP_BEGIN            0x02
17
212
#define CMD_RP_NEXT             0x03
18
1.71k
#define CMD_RK_BEGIN            0x04
19
604
#define CMD_RK_NEXT             0x05
20
457
#define CMD_DELETE_CRED         0x06
21
22
static int
23
credman_grow_array(void **ptr, size_t *n_alloc, size_t *n_rx, size_t n,
24
    size_t size)
25
829
{
26
829
        void *new_ptr;
27
829
28
829
#ifdef FIDO_FUZZ
29
829
        if (n > UINT8_MAX) {
30
184
                fido_log_debug("%s: n > UINT8_MAX", __func__);
31
184
                return (-1);
32
184
        }
33
645
#endif
34
645
35
645
        if (n < *n_alloc)
36
0
                return (0);
37
645
38
645
        /* sanity check */
39
645
        if (*n_rx > 0 || *n_rx > *n_alloc || n < *n_alloc) {
40
0
                fido_log_debug("%s: n=%zu, n_rx=%zu, n_alloc=%zu", __func__, n,
41
0
                    *n_rx, *n_alloc);
42
0
                return (-1);
43
0
        }
44
645
45
645
        if ((new_ptr = recallocarray(*ptr, *n_alloc, n, size)) == NULL)
46
645
                return (-1);
47
644
48
644
        *ptr = new_ptr;
49
644
        *n_alloc = n;
50
644
51
644
        return (0);
52
644
}
53
54
static int
55
credman_prepare_hmac(uint8_t cmd, const fido_blob_t *body, cbor_item_t **param,
56
    fido_blob_t *hmac_data)
57
1.51k
{
58
1.51k
        cbor_item_t *param_cbor[2];
59
1.51k
        size_t n;
60
1.51k
        int ok = -1;
61
1.51k
62
1.51k
        memset(&param_cbor, 0, sizeof(param_cbor));
63
1.51k
64
1.51k
        if (body == NULL)
65
1.51k
                return (fido_blob_set(hmac_data, &cmd, sizeof(cmd)));
66
1.08k
67
1.08k
        switch (cmd) {
68
855
        case CMD_RK_BEGIN:
69
855
                n = 1;
70
855
                param_cbor[n - 1] = fido_blob_encode(body);
71
855
                break;
72
228
        case CMD_DELETE_CRED:
73
228
                n = 2;
74
228
                param_cbor[n - 1] = cbor_encode_pubkey(body);
75
228
                break;
76
0
        default:
77
0
                fido_log_debug("%s: unknown cmd=0x%02x", __func__, cmd);
78
0
                return (-1);
79
1.08k
        }
80
1.08k
81
1.08k
        if (param_cbor[n - 1] == NULL) {
82
9
                fido_log_debug("%s: cbor encode", __func__);
83
9
                return (-1);
84
9
        }
85
1.07k
        if ((*param = cbor_flatten_vector(param_cbor, n)) == NULL) {
86
5
                fido_log_debug("%s: cbor_flatten_vector", __func__);
87
5
                goto fail;
88
5
        }
89
1.06k
        if (cbor_build_frame(cmd, param_cbor, n, hmac_data) < 0) {
90
8
                fido_log_debug("%s: cbor_build_frame", __func__);
91
8
                goto fail;
92
8
        }
93
1.06k
94
1.06k
        ok = 0;
95
1.07k
fail:
96
1.07k
        cbor_vector_free(param_cbor, nitems(param_cbor));
97
1.07k
98
1.07k
        return (ok);
99
1.06k
}
100
101
static int
102
credman_tx(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *param,
103
    const char *pin)
104
2.33k
{
105
2.33k
        fido_blob_t      f;
106
2.33k
        fido_blob_t     *ecdh = NULL;
107
2.33k
        fido_blob_t      hmac;
108
2.33k
        es256_pk_t      *pk = NULL;
109
2.33k
        cbor_item_t     *argv[4];
110
2.33k
        int              r = FIDO_ERR_INTERNAL;
111
2.33k
112
2.33k
        memset(&f, 0, sizeof(f));
113
2.33k
        memset(&hmac, 0, sizeof(hmac));
114
2.33k
        memset(&argv, 0, sizeof(argv));
115
2.33k
116
2.33k
        /* subCommand */
117
2.33k
        if ((argv[0] = cbor_build_uint8(cmd)) == NULL) {
118
5
                fido_log_debug("%s: cbor encode", __func__);
119
5
                goto fail;
120
5
        }
121
2.33k
122
2.33k
        /* pinProtocol, pinAuth */
123
2.33k
        if (pin != NULL) {
124
1.51k
                if (credman_prepare_hmac(cmd, param, &argv[1], &hmac) < 0) {
125
23
                        fido_log_debug("%s: credman_prepare_hmac", __func__);
126
23
                        goto fail;
127
23
                }
128
1.49k
                if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
129
332
                        fido_log_debug("%s: fido_do_ecdh", __func__);
130
332
                        goto fail;
131
332
                }
132
1.16k
                if ((r = cbor_add_pin_params(dev, &hmac, pk, ecdh, pin,
133
1.16k
                    &argv[3], &argv[2])) != FIDO_OK) {
134
168
                        fido_log_debug("%s: cbor_add_pin_params", __func__);
135
168
                        goto fail;
136
168
                }
137
1.80k
        }
138
1.80k
139
1.80k
        /* framing and transmission */
140
1.80k
        if (cbor_build_frame(CTAP_CBOR_CRED_MGMT_PRE, argv, nitems(argv),
141
1.80k
            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
142
20
                fido_log_debug("%s: fido_tx", __func__);
143
20
                r = FIDO_ERR_TX;
144
20
                goto fail;
145
20
        }
146
1.78k
147
1.78k
        r = FIDO_OK;
148
2.33k
fail:
149
2.33k
        es256_pk_free(&pk);
150
2.33k
        fido_blob_free(&ecdh);
151
2.33k
        cbor_vector_free(argv, nitems(argv));
152
2.33k
        free(f.ptr);
153
2.33k
        free(hmac.ptr);
154
2.33k
155
2.33k
        return (r);
156
1.78k
}
157
158
static int
159
credman_parse_metadata(const cbor_item_t *key, const cbor_item_t *val,
160
    void *arg)
161
52
{
162
52
        fido_credman_metadata_t *metadata = arg;
163
52
164
52
        if (cbor_isa_uint(key) == false ||
165
52
            cbor_int_get_width(key) != CBOR_INT_8) {
166
20
                fido_log_debug("%s: cbor type", __func__);
167
20
                return (0); /* ignore */
168
20
        }
169
32
170
32
        switch (cbor_get_uint8(key)) {
171
7
        case 1:
172
7
                return (cbor_decode_uint64(val, &metadata->rk_existing));
173
7
        case 2:
174
7
                return (cbor_decode_uint64(val, &metadata->rk_remaining));
175
18
        default:
176
18
                fido_log_debug("%s: cbor type", __func__);
177
18
                return (0); /* ignore */
178
32
        }
179
32
}
180
181
static int
182
credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int ms)
183
37
{
184
37
        unsigned char   reply[FIDO_MAXMSG];
185
37
        int             reply_len;
186
37
        int             r;
187
37
188
37
        memset(metadata, 0, sizeof(*metadata));
189
37
190
37
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
191
37
            ms)) < 0) {
192
7
                fido_log_debug("%s: fido_rx", __func__);
193
7
                return (FIDO_ERR_RX);
194
7
        }
195
30
196
30
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, metadata,
197
30
            credman_parse_metadata)) != FIDO_OK) {
198
19
                fido_log_debug("%s: credman_parse_metadata", __func__);
199
19
                return (r);
200
19
        }
201
11
202
11
        return (FIDO_OK);
203
11
}
204
205
static int
206
credman_get_metadata_wait(fido_dev_t *dev, fido_credman_metadata_t *metadata,
207
    const char *pin, int ms)
208
109
{
209
109
        int r;
210
109
211
109
        if ((r = credman_tx(dev, CMD_CRED_METADATA, NULL, pin)) != FIDO_OK ||
212
109
            (r = credman_rx_metadata(dev, metadata, ms)) != FIDO_OK)
213
109
                return (r);
214
11
215
11
        return (FIDO_OK);
216
11
}
217
218
int
219
fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata,
220
    const char *pin)
221
203
{
222
203
        if (fido_dev_is_fido2(dev) == false)
223
203
                return (FIDO_ERR_INVALID_COMMAND);
224
109
        if (pin == NULL)
225
109
                return (FIDO_ERR_INVALID_ARGUMENT);
226
109
227
109
        return (credman_get_metadata_wait(dev, metadata, pin, -1));
228
109
}
229
230
static int
231
credman_parse_rk(const cbor_item_t *key, const cbor_item_t *val, void *arg)
232
4.15k
{
233
4.15k
        fido_cred_t     *cred = arg;
234
4.15k
        uint64_t         prot;
235
4.15k
236
4.15k
        if (cbor_isa_uint(key) == false ||
237
4.15k
            cbor_int_get_width(key) != CBOR_INT_8) {
238
163
                fido_log_debug("%s: cbor type", __func__);
239
163
                return (0); /* ignore */
240
163
        }
241
3.99k
242
3.99k
        switch (cbor_get_uint8(key)) {
243
935
        case 6: /* user entity */
244
935
                return (cbor_decode_user(val, &cred->user));
245
911
        case 7:
246
911
                return (cbor_decode_cred_id(val, &cred->attcred.id));
247
902
        case 8:
248
902
                if (cbor_decode_pubkey(val, &cred->attcred.type,
249
902
                    &cred->attcred.pubkey) < 0)
250
312
                        return (-1);
251
590
                cred->type = cred->attcred.type; /* XXX */
252
590
                return (0);
253
590
        case 10:
254
564
                if (cbor_decode_uint64(val, &prot) < 0 || prot > INT_MAX ||
255
564
                    fido_cred_set_prot(cred, (int)prot) != FIDO_OK)
256
564
                        return (-1);
257
455
                return (0);
258
681
        default:
259
681
                fido_log_debug("%s: cbor type", __func__);
260
681
                return (0); /* ignore */
261
3.99k
        }
262
3.99k
}
263
264
static void
265
credman_reset_rk(fido_credman_rk_t *rk)
266
1.65k
{
267
7.63k
        for (size_t i = 0; i < rk->n_alloc; i++) {
268
5.98k
                fido_cred_reset_tx(&rk->ptr[i]);
269
5.98k
                fido_cred_reset_rx(&rk->ptr[i]);
270
5.98k
        }
271
1.65k
272
1.65k
        free(rk->ptr);
273
1.65k
        rk->ptr = NULL;
274
1.65k
        memset(rk, 0, sizeof(*rk));
275
1.65k
}
276
277
static int
278
credman_parse_rk_count(const cbor_item_t *key, const cbor_item_t *val,
279
    void *arg)
280
3.14k
{
281
3.14k
        fido_credman_rk_t *rk = arg;
282
3.14k
        uint64_t n;
283
3.14k
284
3.14k
        /* totalCredentials */
285
3.14k
        if (cbor_isa_uint(key) == false ||
286
3.14k
            cbor_int_get_width(key) != CBOR_INT_8 ||
287
3.14k
            cbor_get_uint8(key) != 9) {
288
2.51k
                fido_log_debug("%s: cbor_type", __func__);
289
2.51k
                return (0); /* ignore */
290
2.51k
        }
291
628
292
628
        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
293
1
                fido_log_debug("%s: cbor_decode_uint64", __func__);
294
1
                return (-1);
295
1
        }
296
627
297
627
        if (credman_grow_array((void **)&rk->ptr, &rk->n_alloc, &rk->n_rx,
298
627
            (size_t)n, sizeof(*rk->ptr)) < 0) {
299
87
                fido_log_debug("%s: credman_grow_array", __func__);
300
87
                return (-1);
301
87
        }
302
540
303
540
        return (0);
304
540
}
305
306
static int
307
credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
308
667
{
309
667
        unsigned char   reply[FIDO_MAXMSG];
310
667
        int             reply_len;
311
667
        int             r;
312
667
313
667
        credman_reset_rk(rk);
314
667
315
667
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
316
667
            ms)) < 0) {
317
8
                fido_log_debug("%s: fido_rx", __func__);
318
8
                return (FIDO_ERR_RX);
319
8
        }
320
659
321
659
        /* adjust as needed */
322
659
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, rk,
323
659
            credman_parse_rk_count)) != FIDO_OK) {
324
113
                fido_log_debug("%s: credman_parse_rk_count", __func__);
325
113
                return (r);
326
113
        }
327
546
328
546
        if (rk->n_alloc == 0) {
329
7
                fido_log_debug("%s: n_alloc=0", __func__);
330
7
                return (FIDO_OK);
331
7
        }
332
539
333
539
        /* parse the first rk */
334
539
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rk->ptr[0],
335
539
            credman_parse_rk)) != FIDO_OK) {
336
138
                fido_log_debug("%s: credman_parse_rk", __func__);
337
138
                return (r);
338
138
        }
339
401
340
401
        rk->n_rx++;
341
401
342
401
        return (FIDO_OK);
343
401
}
344
345
static int
346
credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
347
602
{
348
602
        unsigned char   reply[FIDO_MAXMSG];
349
602
        int             reply_len;
350
602
        int             r;
351
602
352
602
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
353
602
            ms)) < 0) {
354
51
                fido_log_debug("%s: fido_rx", __func__);
355
51
                return (FIDO_ERR_RX);
356
51
        }
357
551
358
551
        /* sanity check */
359
551
        if (rk->n_rx >= rk->n_alloc) {
360
0
                fido_log_debug("%s: n_rx=%zu, n_alloc=%zu", __func__, rk->n_rx,
361
0
                    rk->n_alloc);
362
0
                return (FIDO_ERR_INTERNAL);
363
0
        }
364
551
365
551
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rk->ptr[rk->n_rx],
366
551
            credman_parse_rk)) != FIDO_OK) {
367
341
                fido_log_debug("%s: credman_parse_rk", __func__);
368
341
                return (r);
369
341
        }
370
210
371
210
        return (FIDO_OK);
372
210
}
373
374
static int
375
credman_get_rk_wait(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk,
376
    const char *pin, int ms)
377
857
{
378
857
        fido_blob_t     rp_dgst;
379
857
        uint8_t         dgst[SHA256_DIGEST_LENGTH];
380
857
        int             r;
381
857
382
857
        if (SHA256((const unsigned char *)rp_id, strlen(rp_id), dgst) != dgst) {
383
2
                fido_log_debug("%s: sha256", __func__);
384
2
                return (FIDO_ERR_INTERNAL);
385
2
        }
386
855
387
855
        rp_dgst.ptr = dgst;
388
855
        rp_dgst.len = sizeof(dgst);
389
855
390
855
        if ((r = credman_tx(dev, CMD_RK_BEGIN, &rp_dgst, pin)) != FIDO_OK ||
391
855
            (r = credman_rx_rk(dev, rk, ms)) != FIDO_OK)
392
855
                return (r);
393
408
394
618
        while (rk->n_rx < rk->n_alloc) {
395
604
                if ((r = credman_tx(dev, CMD_RK_NEXT, NULL, NULL)) != FIDO_OK ||
396
604
                    (r = credman_rx_next_rk(dev, rk, ms)) != FIDO_OK)
397
604
                        return (r);
398
210
                rk->n_rx++;
399
210
        }
400
408
401
408
        return (FIDO_OK);
402
408
}
403
404
int
405
fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id,
406
    fido_credman_rk_t *rk, const char *pin)
407
985
{
408
985
        if (fido_dev_is_fido2(dev) == false)
409
985
                return (FIDO_ERR_INVALID_COMMAND);
410
857
        if (pin == NULL)
411
857
                return (FIDO_ERR_INVALID_ARGUMENT);
412
857
413
857
        return (credman_get_rk_wait(dev, rp_id, rk, pin, -1));
414
857
}
415
416
static int
417
credman_del_rk_wait(fido_dev_t *dev, const unsigned char *cred_id,
418
    size_t cred_id_len, const char *pin, int ms)
419
230
{
420
230
        fido_blob_t cred;
421
230
        int r;
422
230
423
230
        memset(&cred, 0, sizeof(cred));
424
230
425
230
        if (fido_blob_set(&cred, cred_id, cred_id_len) < 0)
426
1
                return (FIDO_ERR_INVALID_ARGUMENT);
427
229
428
229
        if ((r = credman_tx(dev, CMD_DELETE_CRED, &cred, pin)) != FIDO_OK ||
429
229
            (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK)
430
229
                goto fail;
431
2
432
2
        r = FIDO_OK;
433
229
fail:
434
229
        free(cred.ptr);
435
229
436
229
        return (r);
437
2
}
438
439
int
440
fido_credman_del_dev_rk(fido_dev_t *dev, const unsigned char *cred_id,
441
    size_t cred_id_len, const char *pin)
442
411
{
443
411
        if (fido_dev_is_fido2(dev) == false)
444
411
                return (FIDO_ERR_INVALID_COMMAND);
445
230
        if (pin == NULL)
446
230
                return (FIDO_ERR_INVALID_ARGUMENT);
447
230
448
230
        return (credman_del_rk_wait(dev, cred_id, cred_id_len, pin, -1));
449
230
}
450
451
static int
452
credman_parse_rp(const cbor_item_t *key, const cbor_item_t *val, void *arg)
453
530
{
454
530
        struct fido_credman_single_rp *rp = arg;
455
530
456
530
        if (cbor_isa_uint(key) == false ||
457
530
            cbor_int_get_width(key) != CBOR_INT_8) {
458
24
                fido_log_debug("%s: cbor type", __func__);
459
24
                return (0); /* ignore */
460
24
        }
461
506
462
506
        switch (cbor_get_uint8(key)) {
463
221
        case 3:
464
221
                return (cbor_decode_rp_entity(val, &rp->rp_entity));
465
159
        case 4:
466
159
                return (fido_blob_decode(val, &rp->rp_id_hash));
467
126
        default:
468
126
                fido_log_debug("%s: cbor type", __func__);
469
126
                return (0); /* ignore */
470
506
        }
471
506
}
472
473
static void
474
credman_reset_rp(fido_credman_rp_t *rp)
475
658
{
476
4.24k
        for (size_t i = 0; i < rp->n_alloc; i++) {
477
3.58k
                free(rp->ptr[i].rp_entity.id);
478
3.58k
                free(rp->ptr[i].rp_entity.name);
479
3.58k
                rp->ptr[i].rp_entity.id = NULL;
480
3.58k
                rp->ptr[i].rp_entity.name = NULL;
481
3.58k
                free(rp->ptr[i].rp_id_hash.ptr);
482
3.58k
                memset(&rp->ptr[i].rp_id_hash, 0,
483
3.58k
                    sizeof(rp->ptr[i].rp_id_hash));
484
3.58k
        }
485
658
486
658
        free(rp->ptr);
487
658
        rp->ptr = NULL;
488
658
        memset(rp, 0, sizeof(*rp));
489
658
}
490
491
static int
492
credman_parse_rp_count(const cbor_item_t *key, const cbor_item_t *val,
493
    void *arg)
494
558
{
495
558
        fido_credman_rp_t *rp = arg;
496
558
        uint64_t n;
497
558
498
558
        /* totalRPs */
499
558
        if (cbor_isa_uint(key) == false ||
500
558
            cbor_int_get_width(key) != CBOR_INT_8 ||
501
558
            cbor_get_uint8(key) != 5) {
502
355
                fido_log_debug("%s: cbor_type", __func__);
503
355
                return (0); /* ignore */
504
355
        }
505
203
506
203
        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
507
1
                fido_log_debug("%s: cbor_decode_uint64", __func__);
508
1
                return (-1);
509
1
        }
510
202
511
202
        if (credman_grow_array((void **)&rp->ptr, &rp->n_alloc, &rp->n_rx,
512
202
            (size_t)n, sizeof(*rp->ptr)) < 0) {
513
98
                fido_log_debug("%s: credman_grow_array", __func__);
514
98
                return (-1);
515
98
        }
516
104
517
104
        return (0);
518
104
}
519
520
static int
521
credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
522
236
{
523
236
        unsigned char   reply[FIDO_MAXMSG];
524
236
        int             reply_len;
525
236
        int             r;
526
236
527
236
        credman_reset_rp(rp);
528
236
529
236
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
530
236
            ms)) < 0) {
531
6
                fido_log_debug("%s: fido_rx", __func__);
532
6
                return (FIDO_ERR_RX);
533
6
        }
534
230
535
230
        /* adjust as needed */
536
230
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, rp,
537
230
            credman_parse_rp_count)) != FIDO_OK) {
538
120
                fido_log_debug("%s: credman_parse_rp_count", __func__);
539
120
                return (r);
540
120
        }
541
110
542
110
        if (rp->n_alloc == 0) {
543
9
                fido_log_debug("%s: n_alloc=0", __func__);
544
9
                return (FIDO_OK);
545
9
        }
546
101
547
101
        /* parse the first rp */
548
101
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rp->ptr[0],
549
101
            credman_parse_rp)) != FIDO_OK) {
550
5
                fido_log_debug("%s: credman_parse_rp", __func__);
551
5
                return (r);
552
5
        }
553
96
554
96
        rp->n_rx++;
555
96
556
96
        return (FIDO_OK);
557
96
}
558
559
static int
560
credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
561
208
{
562
208
        unsigned char   reply[FIDO_MAXMSG];
563
208
        int             reply_len;
564
208
        int             r;
565
208
566
208
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
567
208
            ms)) < 0) {
568
51
                fido_log_debug("%s: fido_rx", __func__);
569
51
                return (FIDO_ERR_RX);
570
51
        }
571
157
572
157
        /* sanity check */
573
157
        if (rp->n_rx >= rp->n_alloc) {
574
0
                fido_log_debug("%s: n_rx=%zu, n_alloc=%zu", __func__, rp->n_rx,
575
0
                    rp->n_alloc);
576
0
                return (FIDO_ERR_INTERNAL);
577
0
        }
578
157
579
157
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, &rp->ptr[rp->n_rx],
580
157
            credman_parse_rp)) != FIDO_OK) {
581
33
                fido_log_debug("%s: credman_parse_rp", __func__);
582
33
                return (r);
583
33
        }
584
124
585
124
        return (FIDO_OK);
586
124
}
587
588
static int
589
credman_get_rp_wait(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin,
590
    int ms)
591
326
{
592
326
        int r;
593
326
594
326
        if ((r = credman_tx(dev, CMD_RP_BEGIN, NULL, pin)) != FIDO_OK ||
595
326
            (r = credman_rx_rp(dev, rp, ms)) != FIDO_OK)
596
326
                return (r);
597
105
598
229
        while (rp->n_rx < rp->n_alloc) {
599
212
                if ((r = credman_tx(dev, CMD_RP_NEXT, NULL, NULL)) != FIDO_OK ||
600
212
                    (r = credman_rx_next_rp(dev, rp, ms)) != FIDO_OK)
601
212
                        return (r);
602
124
                rp->n_rx++;
603
124
        }
604
105
605
105
        return (FIDO_OK);
606
105
}
607
608
int
609
fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin)
610
422
{
611
422
        if (fido_dev_is_fido2(dev) == false)
612
422
                return (FIDO_ERR_INVALID_COMMAND);
613
326
        if (pin == NULL)
614
326
                return (FIDO_ERR_INVALID_ARGUMENT);
615
326
616
326
        return (credman_get_rp_wait(dev, rp, pin, -1));
617
326
}
618
619
fido_credman_rk_t *
620
fido_credman_rk_new(void)
621
986
{
622
986
        return (calloc(1, sizeof(fido_credman_rk_t)));
623
986
}
624
625
void
626
fido_credman_rk_free(fido_credman_rk_t **rk_p)
627
985
{
628
985
        fido_credman_rk_t *rk;
629
985
630
985
        if (rk_p == NULL || (rk = *rk_p) == NULL)
631
985
                return;
632
985
633
985
        credman_reset_rk(rk);
634
985
        free(rk);
635
985
        *rk_p = NULL;
636
985
}
637
638
size_t
639
fido_credman_rk_count(const fido_credman_rk_t *rk)
640
3.03k
{
641
3.03k
        return (rk->n_rx);
642
3.03k
}
643
644
const fido_cred_t *
645
fido_credman_rk(const fido_credman_rk_t *rk, size_t idx)
646
1.59k
{
647
1.59k
        if (idx >= rk->n_alloc)
648
452
                return (NULL);
649
1.14k
650
1.14k
        return (&rk->ptr[idx]);
651
1.14k
}
652
653
fido_credman_metadata_t *
654
fido_credman_metadata_new(void)
655
205
{
656
205
        return (calloc(1, sizeof(fido_credman_metadata_t)));
657
205
}
658
659
void
660
fido_credman_metadata_free(fido_credman_metadata_t **metadata_p)
661
203
{
662
203
        fido_credman_metadata_t *metadata;
663
203
664
203
        if (metadata_p == NULL || (metadata = *metadata_p) == NULL)
665
203
                return;
666
203
667
203
        free(metadata);
668
203
        *metadata_p = NULL;
669
203
}
670
671
uint64_t
672
fido_credman_rk_existing(const fido_credman_metadata_t *metadata)
673
203
{
674
203
        return (metadata->rk_existing);
675
203
}
676
677
uint64_t
678
fido_credman_rk_remaining(const fido_credman_metadata_t *metadata)
679
203
{
680
203
        return (metadata->rk_remaining);
681
203
}
682
683
fido_credman_rp_t *
684
fido_credman_rp_new(void)
685
425
{
686
425
        return (calloc(1, sizeof(fido_credman_rp_t)));
687
425
}
688
689
void
690
fido_credman_rp_free(fido_credman_rp_t **rp_p)
691
422
{
692
422
        fido_credman_rp_t *rp;
693
422
694
422
        if (rp_p == NULL || (rp = *rp_p) == NULL)
695
422
                return;
696
422
697
422
        credman_reset_rp(rp);
698
422
        free(rp);
699
422
        *rp_p = NULL;
700
422
}
701
702
size_t
703
fido_credman_rp_count(const fido_credman_rp_t *rp)
704
1.06k
{
705
1.06k
        return (rp->n_rx);
706
1.06k
}
707
708
const char *
709
fido_credman_rp_id(const fido_credman_rp_t *rp, size_t idx)
710
1.28k
{
711
1.28k
        if (idx >= rp->n_alloc)
712
654
                return (NULL);
713
630
714
630
        return (rp->ptr[idx].rp_entity.id);
715
630
}
716
717
const char *
718
fido_credman_rp_name(const fido_credman_rp_t *rp, size_t idx)
719
1.28k
{
720
1.28k
        if (idx >= rp->n_alloc)
721
654
                return (NULL);
722
630
723
630
        return (rp->ptr[idx].rp_entity.name);
724
630
}
725
726
size_t
727
fido_credman_rp_id_hash_len(const fido_credman_rp_t *rp, size_t idx)
728
642
{
729
642
        if (idx >= rp->n_alloc)
730
327
                return (0);
731
315
732
315
        return (rp->ptr[idx].rp_id_hash.len);
733
315
}
734
735
const unsigned char *
736
fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx)
737
642
{
738
642
        if (idx >= rp->n_alloc)
739
327
                return (NULL);
740
315
741
315
        return (rp->ptr[idx].rp_id_hash.ptr);
742
315
}