Skip to content

Commit

Permalink
Merge pull request #59 from canokeys/feature/fido2.1
Browse files Browse the repository at this point in the history
Feature/fido2.1
  • Loading branch information
z4yx authored Oct 16, 2023
2 parents e29c9ab + e4297fe commit c2ff833
Show file tree
Hide file tree
Showing 5 changed files with 211 additions and 82 deletions.
88 changes: 88 additions & 0 deletions FIDO2 Conformance Testing.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"description": "CanoKey Authenticator",
"aaguid": "244eb29e-e090-4e49-81fe-1f20f8d3b8f4",
"authenticatorVersion": 201,
"protocolFamily": "fido2",
"schema": 3,
"upv": [
{
"major": 1,
"minor": 1
},
{
"major": 1,
"minor": 0
}
],
"authenticationAlgorithms": ["secp256r1_ecdsa_sha256_raw", "ed25519_eddsa_sha512_raw"],
"publicKeyAlgAndEncodings": ["cose"],
"attestationTypes": ["basic_full"],
"userVerificationDetails": [
[
{ "userVerificationMethod": "none" }
],
[
{ "userVerificationMethod": "presence_internal" }
],
[
{ "userVerificationMethod": "passcode_external" }
],
[
{ "userVerificationMethod": "passcode_external" },
{ "userVerificationMethod": "presence_internal" }
]
],
"keyProtection": ["hardware", "secure_element"],
"matcherProtection": ["on_chip"],
"tcDisplay": [],
"attestationRootCertificates": [
"MIIDMjCCAhqgAwIBAgIUAvaAGy8lEWimeNJniABYTEpv1GowDQYJKoZIhvcNAQELBQAwMTEvMC0GA1UEAwwmQ2Fub0tleXMgRklETyBBdHRlc3RhdGlvbiBSb290IENBIE5vLjEwHhcNMjAwNzA4MTEzNzMzWhcNNDAwMTA1MTEzNzMzWjAxMS8wLQYDVQQDDCZDYW5vS2V5cyBGSURPIEF0dGVzdGF0aW9uIFJvb3QgQ0EgTm8uMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7eBQHp4sJBXOEM9JivpoQvS/neBPCdp2h36PGDzx6wZ5AP8UZOw5a+VFeresLm00qo5qWOJ2ajFlupjmXVpfsYnao1DDbI3ZDZkbIePj0NmnTProHr4N73gBGGaErKW+IURVGsvXAZcPz/qeGclo4ZFH4th6RZT4nJzOUd5rwB5ZNnqgxmhAziyz8MUb3dmYJpB/PC+5SRaCcW7hzKoxy9Wv4SJkCrf3V7YOix9VKqut4hIHDObHgzeoUDpw1makeRDD+I0ImKCxErVydSNXhcKF+8TDAM6S+ucD2Nj/xmrSB3P59ZIBYlGlrEZG5tbXs+KWXP5GH28jDlCzqzrMMCAwEAAaNCMEAwHQYDVR0OBBYEFLH58IKZ6u2YsgCKQdfbKILv3W1AMA8GA1UdEwQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBoIU1j9srZqey3e1i3Ntu0Sa/co4ltDhHrl2FqZNAsVSjqD6sbDFjOO2gPWh/RhkbV0KYlFPqA7MC4KwIwBekWwZ0W5ZH+a4uEGjZqGAxym4Bae+qyHrsnBmKnwhKmQTbGmCrHWxObi8dq+cImBN/LmzWk7ImriNbTf/g/DwYLA/9FxD7O90KCW7yghXOsZhka8Z6o/5dqnIagMXeSimkPzwIdB53v4AObsguiD9aV5b1P62wymEFp1wImJoJsXQxls1AhTdAG2Yez0PjeN4l5im+px6owhDA3bcGbccdwLGj+5FClWa+Bi3Ekt5Sx9DQ8V7AnzQzpizcHkDr4tpmB"
],
"icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAACXBIWXMAAC4jAAAuIwF4pT92AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAthJREFUeNrslt9Lk1EYx7/vNte0vXOk7yS7qyWBYvnjIktGU0vDCwktV4KXpv3wB/4BBiIa/QC1wjkVUxNsUuuuzd1k6iBLCxIFzcDXOTZwY8r2sr1rp4uXZuoggryJfS8eeL6c53w45+E5HIoQgoOUCAesGCAGiAEAyX6LZdn19XWGYdRq9T8gkN1qa20VDlVZcZUQYpuZKS0tHTca9ywz6Hurq6s/zs6SP2kXwGI2AzjKqHQ63ft3k4SQpoYGAMWFRXvKLmoLAAwODPwdoLdHD2BkaOh3843J5HK59pTV1dwE8Gp8fP+OS4tL5rfmH6GQkO70oLuzc2jwuSop2dBrOCynk5KO9PX3Z2ZkMCkpqyvfGIYBcL+9w2qdKCoqCgQCAHieF2ofP3xkMr1W0IraulptQYHP7wNF7e2BNl8DIO34CQANd+u7u7oASEABqKupJYRU6a4DoGXxqaoUpZwWA9aJCUJI4QUtgFPqkwnSQwD69ProVxQMBtvb2iiKetDRwfN8KBTiOO7Zk6cA+noNLMsCyMo8zfn9HMflnMkCsLS4OD01DUB39RohxOl0yhMS4iiR3W6PbLszB3FxcbRCQQhRJCZKJBKxWCyTyeRyGoBUKv0y/xmATlcpi4+XyWQajQaAz+ebmpwEUF5RDkClUhVqC3gSnp+biz4HnN8PwO/3R5xAgMvNzk5mkkWUCMDq6nfBdzg2BDCtUABwOl2/fIdAig4IBoORKIjneQVNb3m3ii+XiEHp+wzpGelut/ul0QggEAiUXSm7def2vZaWtLS0hYWvH+Y+5Z/Ny8nNjf5USCSSSIw44XDY4dhQKpXDw8NiiqpvbBwdeVF1owoAu7aWmnrM0KPf3t6+VFLc1Nx8Pu/c6NiYSCSKPsket2d5ednj8UQcr9drX7e73ZtCyrJrVqs1HA4TQpZXVrxer+C7N90Wi8Vms+0fCyr2q4gBYoD/APBzAI6VNqGQPUqnAAAAAElFTkSuQmCC",
"authenticatorGetInfo": {
"versions": [
"U2F_V2",
"FIDO_2_0",
"FIDO_2_1"
],
"extensions": [
"credBlob",
"credProtect",
"hmac-secret",
"largeBlobKey"
],
"aaguid": "244eb29ee0904e4981fe1f20f8d3b8f4",
"options": {
"rk": true,
"credMgmt": true,
"clientPin": false,
"largeBlobs": true,
"pinUvAuthToken": true,
"makeCredUvNotRqd": true
},
"maxMsgSize": 1300,
"pinUvAuthProtocols": [
1,
2
],
"maxCredentialCountInList": 8,
"maxCredentialIdLength": 70,
"transports": [
"nfc",
"usb"
],
"algorithms": [
{
"alg": -7,
"type": "public-key"
},
{
"alg": -8,
"type": "public-key"
}
],
"maxSerializedLargeBlobArray": 4096,
"firmwareVersion": 201,
"maxCredBlobLength": 32
}
}
78 changes: 42 additions & 36 deletions applets/ctap/ctap-internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
#define CTAP_LARGE_BLOBS 0x0C
#define CTAP_CONFIG 0x0D
#define CTAP_CRED_MANAGE_LEGACY 0x41
#define CTAP_INVALID_CMD 0xFF

// Parsed params
#define PARAM_CLIENT_DATA_HASH (1 << 0)
Expand Down Expand Up @@ -189,39 +190,43 @@
#define LB_RESP_CONFIG 0x01

// Size limits
#define KH_KEY_SIZE 32
#define HE_KEY_SIZE 32
#define PRI_KEY_SIZE 32
#define PUB_KEY_SIZE 64
#define SHARED_SECRET_SIZE 32
#define MAX_COSE_KEY_SIZE 78
#define PIN_ENC_SIZE_P1 64
#define PIN_ENC_SIZE_P2 80
#define PIN_HASH_SIZE_P1 16
#define PIN_HASH_SIZE_P2 32
#define MAX_CERT_SIZE 1152
#define AAGUID_SIZE 16
#define PIN_AUTH_SIZE_P1 16
#define PIN_TOKEN_SIZE 32
#define HMAC_SECRET_SALT_SIZE 64
#define HMAC_SECRET_SALT_AUTH_SIZE 16
#define CREDENTIAL_TAG_SIZE 16
#define CLIENT_DATA_HASH_SIZE 32
#define CREDENTIAL_NONCE_SIZE 16
#define CREDENTIAL_NONCE_DC_POS 16
#define CREDENTIAL_NONCE_CP_POS 17
#define DOMAIN_NAME_MAX_SIZE 254
#define USER_ID_MAX_SIZE 64
#define DISPLAY_NAME_LIMIT 65
#define USER_NAME_LIMIT 65
#define MAX_DC_NUM 64
#define MAX_STORED_RPID_LENGTH 32
#define MAX_EXTENSION_SIZE_IN_AUTH 51
#define MAX_CREDENTIAL_COUNT_IN_LIST 8
#define MAX_CRED_BLOB_LENGTH 32
#define LARGE_BLOB_KEY_SIZE 32
#define LARGE_BLOB_SIZE_LIMIT 4096
#define MAX_FRAGMENT_LENGTH (MAX_CTAP_BUFSIZE - 64)
#define KH_KEY_SIZE 32
#define HE_KEY_SIZE 32
#define PRI_KEY_SIZE 32
#define PUB_KEY_SIZE 64
#define SHARED_SECRET_SIZE_P1 32
#define SHARED_SECRET_SIZE_P2 64
#define SHARED_SECRET_SIZE_HMAC 32
#define MAX_COSE_KEY_SIZE 78
#define PIN_ENC_SIZE_P1 64
#define PIN_ENC_SIZE_P2 80
#define PIN_HASH_SIZE_P1 16
#define PIN_HASH_SIZE_P2 32
#define MAX_CERT_SIZE 1152
#define AAGUID_SIZE 16
#define PIN_AUTH_SIZE_P1 16
#define PIN_TOKEN_SIZE 32
#define HMAC_SECRET_SALT_SIZE 64
#define HMAC_SECRET_SALT_IV_SIZE 16
#define HMAC_SECRET_SALT_AUTH_SIZE_P1 16
#define HMAC_SECRET_SALT_AUTH_SIZE_P2 32
#define CREDENTIAL_TAG_SIZE 16
#define CLIENT_DATA_HASH_SIZE 32
#define CREDENTIAL_NONCE_SIZE 16
#define CREDENTIAL_NONCE_DC_POS 16
#define CREDENTIAL_NONCE_CP_POS 17
#define DOMAIN_NAME_MAX_SIZE 254
#define USER_ID_MAX_SIZE 64
#define DISPLAY_NAME_LIMIT 65
#define USER_NAME_LIMIT 65
#define MAX_DC_NUM 64
#define MAX_STORED_RPID_LENGTH 32
#define MAX_EXTENSION_SIZE_IN_AUTH 51
#define MAX_CREDENTIAL_COUNT_IN_LIST 8
#define MAX_CRED_BLOB_LENGTH 32
#define LARGE_BLOB_KEY_SIZE 32
#define LARGE_BLOB_SIZE_LIMIT 4096
#define MAX_FRAGMENT_LENGTH (MAX_CTAP_BUFSIZE - 64)

typedef struct {
uint8_t id[USER_ID_MAX_SIZE];
Expand Down Expand Up @@ -316,9 +321,10 @@ typedef struct {
size_t pin_uv_auth_param_len;
uint8_t pin_uv_auth_protocol;
uint8_t ext_hmac_secret_key_agreement[PUB_KEY_SIZE];
uint8_t ext_hmac_secret_salt_enc[HMAC_SECRET_SALT_SIZE];
uint8_t ext_hmac_secret_salt_auth[HMAC_SECRET_SALT_AUTH_SIZE];
uint8_t ext_hmac_secret_salt_len;
uint8_t ext_hmac_secret_salt_enc[HMAC_SECRET_SALT_IV_SIZE + HMAC_SECRET_SALT_SIZE];
uint8_t ext_hmac_secret_salt_enc_len;
uint8_t ext_hmac_secret_salt_auth[HMAC_SECRET_SALT_AUTH_SIZE_P2];
uint8_t ext_hmac_secret_salt_auth_len;
uint8_t ext_hmac_secret_pin_protocol;
bool ext_large_blob_key;
bool ext_cred_blob;
Expand Down
28 changes: 22 additions & 6 deletions applets/ctap/ctap-parser.c
Original file line number Diff line number Diff line change
Expand Up @@ -488,23 +488,25 @@ uint8_t parse_ga_extensions(CTAP_get_assertion *ga, CborValue *val) {
if (cbor_value_get_type(&hmac_map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
len = sizeof(ga->ext_hmac_secret_salt_enc);
ret = cbor_value_copy_byte_string(&hmac_map, ga->ext_hmac_secret_salt_enc, &len, NULL);
if (ret == CborErrorOutOfMemory) return CTAP1_ERR_INVALID_LENGTH;
if (ret == CborErrorOutOfMemory) {
ERR_MSG("ext_hmac_secret_salt_enc is too long\n");
return CTAP1_ERR_INVALID_LENGTH;
}
CHECK_CBOR_RET(ret);
if (len != HMAC_SECRET_SALT_SIZE && len != HMAC_SECRET_SALT_SIZE / 2) return CTAP1_ERR_INVALID_LENGTH;
ga->ext_hmac_secret_salt_len = len;
ga->ext_hmac_secret_salt_enc_len = len;
map_has_entry |= GA_HS_MAP_ENTRY_SALT_ENC;
DBG_MSG("salt_enc: ");
PRINT_HEX(ga->ext_hmac_secret_salt_enc, ga->ext_hmac_secret_salt_len);
PRINT_HEX(ga->ext_hmac_secret_salt_enc, ga->ext_hmac_secret_salt_enc_len);
break;
case GA_REQ_HMAC_SECRET_SALT_AUTH:
if (cbor_value_get_type(&hmac_map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
len = sizeof(ga->ext_hmac_secret_salt_auth);
ret = cbor_value_copy_byte_string(&hmac_map, ga->ext_hmac_secret_salt_auth, &len, NULL);
CHECK_CBOR_RET(ret);
if (len != HMAC_SECRET_SALT_AUTH_SIZE) return CTAP1_ERR_INVALID_LENGTH;
ga->ext_hmac_secret_salt_auth_len = len;
map_has_entry |= GA_HS_MAP_ENTRY_SALT_AUTH;
DBG_MSG("salt_auth: ");
PRINT_HEX(ga->ext_hmac_secret_salt_auth, 16);
PRINT_HEX(ga->ext_hmac_secret_salt_auth, ga->ext_hmac_secret_salt_auth_len);
break;
case GA_REQ_HMAC_SECRET_PIN_PROTOCOL:
if (cbor_value_get_type(&hmac_map) != CborIntegerType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
Expand All @@ -522,6 +524,18 @@ uint8_t parse_ga_extensions(CTAP_get_assertion *ga, CborValue *val) {
}
if ((map_has_entry & GA_HS_MAP_ENTRY_ALL_REQUIRED) != GA_HS_MAP_ENTRY_ALL_REQUIRED)
return CTAP2_ERR_MISSING_PARAMETER;
if ((ga->ext_hmac_secret_pin_protocol == 1 && ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE &&
ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE / 2) ||
(ga->ext_hmac_secret_pin_protocol == 2 && ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE + HMAC_SECRET_SALT_IV_SIZE &&
ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE / 2 + HMAC_SECRET_SALT_IV_SIZE)) {
ERR_MSG("Invalid hmac_secret_salt_enc_len %hhu\n", ga->ext_hmac_secret_salt_enc_len);
return CTAP1_ERR_INVALID_LENGTH;
}
if ((ga->ext_hmac_secret_pin_protocol == 1 && ga->ext_hmac_secret_salt_auth_len != HMAC_SECRET_SALT_AUTH_SIZE_P1) ||
(ga->ext_hmac_secret_pin_protocol == 2 && ga->ext_hmac_secret_salt_auth_len != HMAC_SECRET_SALT_AUTH_SIZE_P2)) {
ERR_MSG("Invalid hmac_secret_salt_auth_len %hhu\n", ga->ext_hmac_secret_salt_auth_len);
return CTAP1_ERR_INVALID_LENGTH;
}
ga->parsed_params |= PARAM_HMAC_SECRET;
} else if (strcmp(key, "credBlob") == 0) {
if (cbor_value_get_type(&map) != CborBooleanType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
Expand Down Expand Up @@ -928,6 +942,8 @@ uint8_t parse_client_pin(CborParser *parser, CTAP_client_pin *cp, const uint8_t
if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
ret = cbor_value_copy_byte_string(&map, cp->pin_uv_auth_param, &len, NULL);
CHECK_CBOR_RET(ret);
DBG_MSG("pin_uv_auth_param: ");
PRINT_HEX(cp->pin_uv_auth_param, len);
cp->parsed_params |= PARAM_PIN_UV_AUTH_PARAM;
break;

Expand Down
Loading

0 comments on commit c2ff833

Please sign in to comment.