mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

move credProtect checking to credential filtering step

pull/404/head
Conor Patrick 2020-03-23 17:15:28 -04:00
rodzic 748c552eea
commit 3cbf7ec451
1 zmienionych plików z 68 dodań i 49 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

117
fido2/ctap.c
Wyświetl plik

@ -38,6 +38,50 @@ static void ctap_reset_key_agreement();
struct _getAssertionState getAssertionState;
// Generate a mask to keep the confidentiality of the "metadata" field in the credential ID.
// Mask = hmac(device-secret, 14-random-bytes-in-credential-id)
// Masked_output = Mask ^ metadata
static void add_masked_metadata_for_credential(CredentialId * credential, uint32_t cred_protect){
uint8_t mask[32];
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, mask);
crypto_sha256_update(credential->entropy.nonce, CREDENTIAL_NONCE_SIZE - 4);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0, mask);
credential->entropy.metadata.value = *((uint32_t*)mask) ^ cred_protect;
}
static uint32_t read_metadata_from_masked_credential(CredentialId * credential){
uint8_t mask[32];
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, mask);
crypto_sha256_update(credential->entropy.nonce, CREDENTIAL_NONCE_SIZE - 4);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0, mask);
return credential->entropy.metadata.value ^ *((uint32_t*)mask);
}
uint8_t check_credential_metadata(CredentialId * credential, uint8_t is_verified, uint8_t is_from_credid_list)
{
uint32_t cred_protect = read_metadata_from_masked_credential(credential);
switch (cred_protect){
case EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID:
if (!is_from_credid_list) {
if (!is_verified)
{
return CTAP2_ERR_NOT_ALLOWED;
}
}
break;
case EXT_CRED_PROTECT_REQUIRED:
if (!is_verified)
{
return CTAP2_ERR_NOT_ALLOWED;
}
break;
}
return 0;
}
static uint8_t verify_pin_auth_ex(uint8_t * pinAuth, uint8_t *buf, size_t len)
{
@ -513,27 +557,6 @@ static int ctap2_user_presence_test()
}
}
// Generate a mask to keep the confidentiality of the "metadata" field in the credential ID.
// Mask = hmac(device-secret, 14-random-bytes-in-credential-id)
// Masked_output = Mask ^ metadata
static void add_masked_metadata_for_credential(CredentialId * credential, uint32_t cred_protect){
uint8_t mask[32];
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, mask);
crypto_sha256_update(credential->entropy.nonce, CREDENTIAL_NONCE_SIZE - 4);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0, mask);
credential->entropy.metadata.value = *((uint32_t*)mask) ^ cred_protect;
}
static uint32_t read_metadata_from_masked_credential(CredentialId * credential){
uint8_t mask[32];
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, mask);
crypto_sha256_update(credential->entropy.nonce, CREDENTIAL_NONCE_SIZE - 4);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0, mask);
return credential->entropy.metadata.value ^ *((uint32_t*)mask);
}
static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo, CTAP_extensions * extensions)
{
CborEncoder cose_key;
@ -1070,9 +1093,21 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
}
else
{
// add user info if it exists
add_existing_user_info(&GA->creds[i]);
count++;
int protection_status =
check_credential_metadata(&GA->creds[i].credential.id, getAssertionState.user_verified, 1);
if (protection_status != 0) {
printf1(TAG_GREEN,"skipping protected wrapped credential.\r\n");
GA->creds[i].credential.id.count = 0; // invalidate
}
else
{
// add user info if it exists
add_existing_user_info(&GA->creds[i]);
count++;
}
}
}
@ -1088,6 +1123,15 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
{
ctap_load_rk(i, &rk);
printf1(TAG_GREEN, "rpIdHash%d: ", i); dump_hex1(TAG_GREEN, rk.id.rpIdHash, 32);
int protection_status =
check_credential_metadata(&rk.id, getAssertionState.user_verified, 0);
if (protection_status != 0) {
printf1(TAG_GREEN,"skipping protected rk credential.\r\n");
continue;
}
if (memcmp(rk.id.rpIdHash, rpIdHash, 32) == 0)
{
printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
@ -1541,28 +1585,6 @@ uint8_t ctap_cred_mgmt(CborEncoder * encoder, uint8_t * request, int length)
return 0;
}
uint8_t check_credential_metadata(CredentialId * credential, uint8_t auth_data_flags, uint8_t is_from_credid_list)
{
uint32_t cred_protect = read_metadata_from_masked_credential(credential);
switch (cred_protect){
case EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID:
if (!is_from_credid_list) {
if ((auth_data_flags & (1<<2)) == 0)
{
return CTAP2_ERR_NOT_ALLOWED;
}
}
break;
case EXT_CRED_PROTECT_REQUIRED:
if ((auth_data_flags & (1<<2)) == 0)
{
return CTAP2_ERR_NOT_ALLOWED;
}
break;
}
return 0;
}
uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
{
CTAP_getAssertion GA;
@ -1671,9 +1693,6 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
((CTAP_authDataHeader *)auth_data_buf)->flags &= ~(1 << 2);
((CTAP_authDataHeader *)auth_data_buf)->flags |= (getAssertionState.user_verified << 2);
ret = check_credential_metadata(&cred->credential.id, ((CTAP_authDataHeader *)auth_data_buf)->flags, uses_allow_list);
check_retr(ret);
{
unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - auth_data_buf_sz;
uint8_t * ext_encoder_buf = auth_data_buf + auth_data_buf_sz;