Address comments

2022-07-07 17:23:24 +02:00
parent 80a6b82ed7
commit 25c884c070
8 changed files with 73 additions and 33 deletions
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -16,6 +16,8 @@ use alloc::vec::Vec;
 use byteorder::{BigEndian, ByteOrder};
 use core::convert::TryFrom;

+use crate::api::attestation_store;
+
 const APDU_HEADER_LEN: usize = 4;

 #[derive(Clone, Debug, PartialEq, Eq)]
@@ -44,6 +46,17 @@ impl From<ApduStatusCode> for u16 {
    }
 }

+impl From<attestation_store::Error> for ApduStatusCode {
+    fn from(error: attestation_store::Error) -> Self {
+        use attestation_store::Error;
+        match error {
+            Error::Storage => ApduStatusCode::SW_MEMERR,
+            Error::Internal => ApduStatusCode::SW_INTERNAL_EXCEPTION,
+            Error::NoSupport => ApduStatusCode::SW_INTERNAL_EXCEPTION,
+        }
+    }
+}
+
 #[allow(dead_code)]
 pub enum ApduInstructions {
    Select = 0xA4,
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -262,8 +262,7 @@ impl Ctap1Command {
            certificate,
        } = env
            .attestation_store()
-            .get(&attestation_store::Id::Batch)
-            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
+            .get(&attestation_store::Id::Batch)?
            .ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;

        let mut response = Vec::with_capacity(105 + key_handle.len() + certificate.len());
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -861,7 +861,7 @@ impl CtapState {
                key_type: PublicKeyCredentialType::PublicKey,
                credential_id: random_id.clone(),
                private_key: private_key.clone(),
-                rp_id: rp_id.clone(),
+                rp_id,
                user_handle: user.user_id,
                // This input is user provided, so we crop it to 64 byte for storage.
                // The UTF8 encoding is always preserved, so the string might end up shorter.
@@ -922,7 +922,7 @@ impl CtapState {
        let attestation_id = if env.customization().use_batch_attestation() {
            Some(attestation_store::Id::Batch)
        } else if ep_att {
-            Some(attestation_store::Id::Enterprise { rp_id })
+            Some(attestation_store::Id::Enterprise)
        } else {
            None
        };
@@ -2123,6 +2123,7 @@ mod test {
    #[test]
    fn test_process_make_credential_with_enterprise_attestation_vendor_facilitated() {
        let mut env = TestEnv::new();
+        env.set_attestation_id(attestation_store::Id::Enterprise);
        env.customization_mut().setup_enterprise_attestation(
            Some(EnterpriseAttestationMode::VendorFacilitated),
            Some(vec!["example.com".to_string()]),
@@ -2169,6 +2170,7 @@ mod test {
    #[test]
    fn test_process_make_credential_with_enterprise_attestation_platform_managed() {
        let mut env = TestEnv::new();
+        env.set_attestation_id(attestation_store::Id::Enterprise);
        env.customization_mut().setup_enterprise_attestation(
            Some(EnterpriseAttestationMode::PlatformManaged),
            Some(vec!["example.com".to_string()]),
@@ -2205,6 +2207,7 @@ mod test {
    #[test]
    fn test_process_make_credential_with_enterprise_attestation_invalid() {
        let mut env = TestEnv::new();
+        env.set_attestation_id(attestation_store::Id::Enterprise);
        env.customization_mut()
            .setup_enterprise_attestation(Some(EnterpriseAttestationMode::PlatformManaged), None);

--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -14,6 +14,7 @@

 mod key;

+use crate::api::attestation_store::{self, AttestationStore};
 use crate::api::customization::Customization;
 use crate::api::key_store::KeyStore;
 use crate::ctap::client_pin::PIN_AUTH_LENGTH;
@@ -493,9 +494,14 @@ pub fn enterprise_attestation(env: &mut impl Env) -> Result<bool, Ctap2StatusCod
 }

 /// Marks enterprise attestation as enabled.
-///
-/// Doesn't check whether an attestation is setup because it depends on the RP id.
 pub fn enable_enterprise_attestation(env: &mut impl Env) -> Result<(), Ctap2StatusCode> {
+    if env
+        .attestation_store()
+        .get(&attestation_store::Id::Enterprise)?
+        .is_none()
+    {
+        return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+    }
    if !enterprise_attestation(env)? {
        env.store().insert(key::ENTERPRISE_ATTESTATION, &[])?;
    }
@@ -1135,13 +1141,14 @@ mod test {
    #[test]
    fn test_enterprise_attestation() {
        let mut env = TestEnv::new();
+        env.set_attestation_id(attestation_store::Id::Enterprise);

        let dummy_attestation = Attestation {
            private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
            certificate: vec![0xdd; 20],
        };
        env.attestation_store()
-            .set(&attestation_store::Id::Batch, Some(&dummy_attestation))
+            .set(&attestation_store::Id::Enterprise, Some(&dummy_attestation))
            .unwrap();

        assert!(!enterprise_attestation(&mut env).unwrap());