kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CTAP2 batch attestation

Browse Source
This commit is contained in:
Jean-Michel Picod
2020-11-25 17:26:08 +01:00
parent 3dbfae972f
commit 026b4a66ac
1 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/ctap/mod.rs
View File

@@ -522,25 +522,27 @@ where
let mut signature_data = auth_data.clone(); let mut signature_data = auth_data.clone();
signature_data.extend(client_data_hash); signature_data.extend(client_data_hash);
// We currently use the presence of the attestation private key in the persistent storage to
// decide whether batch attestation is needed. let (signature, x5c) = if USE_BATCH_ATTESTATION {
let (signature, x5c) = match self.persistent_store.attestation_private_key()? { let attestation_private_key = self
Some(attestation_private_key) => { .persistent_store
let attestation_key = .attestation_private_key()?
crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap(); .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
let attestation_certificate = self let attestation_key =
.persistent_store crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap();
.attestation_certificate()? let attestation_certificate = self
.ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; .persistent_store
( .attestation_certificate()?
attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data), .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
Some(vec![attestation_certificate]), (
) attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
} Some(vec![attestation_certificate]),
None => ( )
} else {
(
sk.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data), sk.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
None, None,
), )
}; };
let attestation_statement = PackedAttestationStatement { let attestation_statement = PackedAttestationStatement {
alg: SignatureAlgorithm::ES256 as i64, alg: SignatureAlgorithm::ES256 as i64,