kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wrapping_add in storage and more moving

Browse Source
This commit is contained in:
Fabian Kaczmarczyck
2020-11-26 19:21:41 +01:00
parent 1d7365c4cb
commit 1571f58cd3
2 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/ctap/mod.rs
View File

@@ -614,7 +614,7 @@ where
// and returns the correct Get(Next)Assertion response. // and returns the correct Get(Next)Assertion response.
fn assertion_response( fn assertion_response(
&self, &self,
credential: &PublicKeyCredentialSource, credential: PublicKeyCredentialSource,
assertion_input: AssertionInput, assertion_input: AssertionInput,
number_of_credentials: Option<usize>, number_of_credentials: Option<usize>,
) -> Result<ResponseData, Ctap2StatusCode> { ) -> Result<ResponseData, Ctap2StatusCode> {
@@ -645,14 +645,14 @@ where
let cred_desc = PublicKeyCredentialDescriptor { let cred_desc = PublicKeyCredentialDescriptor {
key_type: PublicKeyCredentialType::PublicKey, key_type: PublicKeyCredentialType::PublicKey,
key_id: credential.credential_id.clone(), key_id: credential.credential_id,
transports: None, // You can set USB as a hint here. transports: None, // You can set USB as a hint here.
}; };
let user = if !credential.user_handle.is_empty() { let user = if !credential.user_handle.is_empty() {
Some(PublicKeyCredentialUserEntity { Some(PublicKeyCredentialUserEntity {
user_id: credential.user_handle.clone(), user_id: credential.user_handle,
user_name: None, user_name: None,
user_display_name: credential.other_ui.clone(), user_display_name: credential.other_ui,
user_icon: None, user_icon: None,
}) })
} else { } else {
@@ -758,7 +758,7 @@ where
} }
let rp_id_hash = Sha256::hash(rp_id.as_bytes()); let rp_id_hash = Sha256::hash(rp_id.as_bytes());
let mut credentials = if let Some(allow_list) = allow_list { let mut applicable_credentials = if let Some(allow_list) = allow_list {
if let Some(credential) = if let Some(credential) =
self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)? self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)?
{ {
@@ -771,11 +771,11 @@ where
}; };
// Remove user identifiable information without uv. // Remove user identifiable information without uv.
if !has_uv { if !has_uv {
for credential in &mut credentials { for credential in &mut applicable_credentials {
credential.other_ui = None; credential.other_ui = None;
} }
} }
credentials.sort_unstable_by_key(|c| c.creation_order); applicable_credentials.sort_unstable_by_key(|c| c.creation_order);
// This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0. // This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0.
// For CTAP 2.1, it was moved to a later protocol step. // For CTAP 2.1, it was moved to a later protocol step.
@@ -783,8 +783,8 @@ where
(self.check_user_presence)(cid)?; (self.check_user_presence)(cid)?;
} }
let (credential, remaining_credentials) = credentials let credential = applicable_credentials
.split_last() .pop()
.ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?; .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
self.increment_global_signature_counter()?; self.increment_global_signature_counter()?;
@@ -794,16 +794,17 @@ where
auth_data: self.generate_auth_data(&rp_id_hash, flags)?, auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
hmac_secret_input, hmac_secret_input,
}; };
let number_of_credentials = if remaining_credentials.is_empty() { let number_of_credentials = if applicable_credentials.is_empty() {
None None
} else { } else {
let number_of_credentials = Some(applicable_credentials.len() + 1);
self.stateful_command_permission = self.stateful_command_permission =
TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION); TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState { self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState {
assertion_input: assertion_input.clone(), assertion_input: assertion_input.clone(),
next_credentials: remaining_credentials.to_vec(), next_credentials: applicable_credentials,
})); }));
Some(remaining_credentials.len() + 1) number_of_credentials
}; };
self.assertion_response(credential, assertion_input, number_of_credentials) self.assertion_response(credential, assertion_input, number_of_credentials)
} }
@@ -825,7 +826,7 @@ where
} else { } else {
return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED); return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
}; };
self.assertion_response(&credential, assertion_input, None) self.assertion_response(credential, assertion_input, None)
} }
fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> { fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {

2
src/ctap/storage.rs
View File

@@ -359,7 +359,7 @@ impl PersistentStore {
.map(|c| c.creation_order) .map(|c| c.creation_order)
.max() .max()
.unwrap_or(0) .unwrap_or(0)
+ 1) .wrapping_add(1))
} }
pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> { pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> {