kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cbor: allow user to control nesting (#329)

Browse Source 
* cbor: allow user to control nesting

 - Make the default read/write entrypoints allow infinite nesting.
 - Add {read,write}_nested() entrypoints that allow the crate user to
   control the depth of nesting that's allowed.
 - Along the way, convert the write[_nested] variants to return a
   `Result<(), EncoderError>` rather than a bool.  This exposes
   more failure information (and forces the caller to take notice
   of those tailures), and allows use of the ? operator.

* fixup: transmute error

Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
This commit is contained in:
David Drysdale
2021-06-18 17:39:54 +00:00
committed by GitHub
parent dbce426e9f
commit 0287a09573
10 changed files with 111 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/ctap/command.rs
View File

@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use super::cbor_read;
use super::customization::{MAX_CREDENTIAL_COUNT_IN_LIST, MAX_LARGE_BLOB_ARRAY_SIZE};
use super::data_formats::{
extract_array, extract_bool, extract_byte_string, extract_map, extract_text_string,
@@ -50,12 +51,6 @@ pub enum Command {
AuthenticatorVendorConfigure(AuthenticatorVendorConfigureParameters),
}
impl From<cbor::reader::DecoderError> for Ctap2StatusCode {
fn from(_: cbor::reader::DecoderError) -> Self {
Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR
}
}
impl Command {
const AUTHENTICATOR_MAKE_CREDENTIAL: u8 = 0x01;
const AUTHENTICATOR_GET_ASSERTION: u8 = 0x02;
@@ -82,13 +77,13 @@ impl Command {
let command_value = bytes[0];
match command_value {
Command::AUTHENTICATOR_MAKE_CREDENTIAL => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorMakeCredential(
AuthenticatorMakeCredentialParameters::try_from(decoded_cbor)?,
))
}
Command::AUTHENTICATOR_GET_ASSERTION => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorGetAssertion(
AuthenticatorGetAssertionParameters::try_from(decoded_cbor)?,
))
@@ -98,7 +93,7 @@ impl Command {
Ok(Command::AuthenticatorGetInfo)
}
Command::AUTHENTICATOR_CLIENT_PIN => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorClientPin(
AuthenticatorClientPinParameters::try_from(decoded_cbor)?,
))
@@ -112,7 +107,7 @@ impl Command {
Ok(Command::AuthenticatorGetNextAssertion)
}
Command::AUTHENTICATOR_CREDENTIAL_MANAGEMENT => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorCredentialManagement(
AuthenticatorCredentialManagementParameters::try_from(decoded_cbor)?,
))
@@ -122,19 +117,19 @@ impl Command {
Ok(Command::AuthenticatorSelection)
}
Command::AUTHENTICATOR_LARGE_BLOBS => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorLargeBlobs(
AuthenticatorLargeBlobsParameters::try_from(decoded_cbor)?,
))
}
Command::AUTHENTICATOR_CONFIG => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorConfig(
AuthenticatorConfigParameters::try_from(decoded_cbor)?,
))
}
Command::AUTHENTICATOR_VENDOR_CONFIGURE => {
let decoded_cbor = cbor::read(&bytes[1..])?;
let decoded_cbor = cbor_read(&bytes[1..])?;
Ok(Command::AuthenticatorVendorConfigure(
AuthenticatorVendorConfigureParameters::try_from(decoded_cbor)?,
))

5
src/ctap/config_command.rs
View File

@@ -20,7 +20,6 @@ use super::response::ResponseData;
use super::status_code::Ctap2StatusCode;
use super::storage::PersistentStore;
use alloc::vec;
use sk_cbor as cbor;
/// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
fn process_enable_enterprise_attestation(
@@ -100,9 +99,7 @@ pub fn process_config(
let mut config_data = vec![0xFF; 32];
config_data.extend(&[0x0D, sub_command as u8]);
if let Some(sub_command_params) = sub_command_params.clone() {
if !cbor::write(sub_command_params.into(), &mut config_data) {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
super::cbor_write(sub_command_params.into(), &mut config_data)?;
}
client_pin.verify_pin_uv_auth_token(
&config_data,

5
src/ctap/credential_management.rs
View File

@@ -30,7 +30,6 @@ use alloc::vec::Vec;
use crypto::sha256::Sha256;
use crypto::Hash256;
use libtock_drivers::timer::ClockValue;
use sk_cbor as cbor;
/// Generates a set with all existing RP IDs.
fn get_stored_rp_ids(
@@ -289,9 +288,7 @@ pub fn process_credential_management(
pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
let mut management_data = vec![sub_command as u8];
if let Some(sub_command_params) = sub_command_params.clone() {
if !cbor::write(sub_command_params.into(), &mut management_data) {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
super::cbor_write(sub_command_params.into(), &mut management_data)?;
}
client_pin.verify_pin_uv_auth_token(
&management_data,

32
src/ctap/mod.rs
View File

@@ -98,6 +98,9 @@ const AT_FLAG: u8 = 0x40;
// Set this bit when an extension is used.
const ED_FLAG: u8 = 0x80;
// CTAP2 specification section 6 requires that the depth of nested CBOR structures be limited to at most four levels.
const MAX_CBOR_NESTING_DEPTH: i8 = 4;
pub const TOUCH_TIMEOUT_MS: isize = 30000;
#[cfg(feature = "with_ctap1")]
const U2F_UP_PROMPT_TIMEOUT: Duration<isize> = Duration::from_ms(10000);
@@ -118,6 +121,17 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
alg: SignatureAlgorithm::ES256,
};
// Helpers to perform CBOR read/write while respecting CTAP2 nesting limits.
fn cbor_read(encoded_cbor: &[u8]) -> Result<cbor::Value, Ctap2StatusCode> {
cbor::reader::read_nested(encoded_cbor, Some(MAX_CBOR_NESTING_DEPTH))
.map_err(|_e| Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR)
}
fn cbor_write(value: cbor::Value, mut encoded_cbor: &mut Vec<u8>) -> Result<(), Ctap2StatusCode> {
cbor::writer::write_nested(value, &mut encoded_cbor, Some(MAX_CBOR_NESTING_DEPTH))
.map_err(|_e| Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
}
// This function is adapted from https://doc.rust-lang.org/nightly/src/core/str/mod.rs.html#2110
// (as of 2020-01-20) and truncates to "max" bytes, not breaking the encoding.
// We change the return value, since we don't need the bool.
@@ -474,7 +488,7 @@ where
Ok(response_data) => {
let mut response_vec = vec![0x00];
if let Some(value) = response_data.into() {
if !cbor::write(value, &mut response_vec) {
if cbor_write(value, &mut response_vec).is_err() {
response_vec =
vec![Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR as u8];
}
@@ -690,9 +704,7 @@ where
}
auth_data.extend(vec![0x00, credential_id.len() as u8]);
auth_data.extend(&credential_id);
if !cbor::write(cbor::Value::from(CoseKey::from(pk)), &mut auth_data) {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
cbor_write(cbor::Value::from(CoseKey::from(pk)), &mut auth_data)?;
if has_extension_output {
let hmac_secret_output = if extensions.hmac_secret {
Some(true)
@@ -711,9 +723,7 @@ where
"hmac-secret" => hmac_secret_output,
"minPinLength" => min_pin_length_output,
};
if !cbor::write(extensions_output, &mut auth_data) {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
cbor_write(extensions_output, &mut auth_data)?;
}
let mut signature_data = auth_data.clone();
@@ -808,9 +818,7 @@ where
"credBlob" => cred_blob,
"hmac-secret" => encrypted_output,
};
if !cbor::write(extensions_output, &mut auth_data) {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
cbor_write(extensions_output, &mut auth_data)?;
}
let large_blob_key = match extensions.large_blob_key {
Some(true) => credential.large_blob_key,
@@ -1324,7 +1332,7 @@ mod test {
};
let mut response_cbor = vec![0x00];
assert!(cbor::write(expected_cbor, &mut response_cbor));
assert!(cbor_write(expected_cbor, &mut response_cbor).is_ok());
assert_eq!(info_reponse, response_cbor);
}
@@ -2646,7 +2654,7 @@ mod test {
},
4 => cbor_array![ES256_CRED_PARAM],
};
assert!(cbor::write(cbor_value, &mut command_cbor));
assert!(cbor_write(cbor_value, &mut command_cbor).is_ok());
ctap_state.process_command(&command_cbor, DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);

19
src/ctap/storage.rs
View File

@@ -36,7 +36,6 @@ use core::cmp;
use core::convert::TryInto;
use crypto::rng256::Rng256;
use persistent_store::{fragment, StoreUpdate};
use sk_cbor as cbor;
use sk_cbor::cbor_array_vec;
/// Wrapper for master keys.
@@ -721,23 +720,20 @@ impl<'a> Iterator for IterCredentials<'a> {
/// Deserializes a credential from storage representation.
fn deserialize_credential(data: &[u8]) -> Option<PublicKeyCredentialSource> {
let cbor = cbor::read(data).ok()?;
let cbor = super::cbor_read(data).ok()?;
cbor.try_into().ok()
}
/// Serializes a credential to storage representation.
fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>, Ctap2StatusCode> {
let mut data = Vec::new();
if cbor::write(credential.into(), &mut data) {
Ok(data)
} else {
Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
}
super::cbor_write(credential.into(), &mut data)?;
Ok(data)
}
/// Deserializes a list of RP IDs from storage representation.
fn deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
let cbor = cbor::read(data).ok()?;
let cbor = super::cbor_read(data).ok()?;
extract_array(cbor)
.ok()?
.into_iter()
@@ -749,11 +745,8 @@ fn deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
/// Serializes a list of RP IDs to storage representation.
fn serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
let mut data = Vec::new();
if cbor::write(cbor_array_vec!(rp_ids), &mut data) {
Ok(data)
} else {
Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
}
super::cbor_write(cbor_array_vec!(rp_ids), &mut data)?;
Ok(data)
}
#[cfg(test)]