Merge remote-tracking branch 'upstream/master' into ctap1-new-apdu-parser

2020-12-10 21:18:53 -08:00
parent 29dbff7a40 c34d5c7d8a
commit 9c9f9efcce
28 changed files with 902 additions and 3413 deletions
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -254,7 +254,7 @@ impl Ctap1Command {
        let sk = crypto::ecdsa::SecKey::gensk(ctap_state.rng);
        let pk = sk.genpk();
        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
+            .encrypt_key_handle(sk, &application)
            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
        if key_handle.len() > 0xFF {
            // This is just being defensive with unreachable code.
@@ -288,7 +288,7 @@ impl Ctap1Command {
        signature_data.extend(key_handle);
        signature_data.extend_from_slice(&user_pk);

-        let attestation_key = crypto::ecdsa::SecKey::from_bytes(private_key).unwrap();
+        let attestation_key = crypto::ecdsa::SecKey::from_bytes(&private_key).unwrap();
        let signature = attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);

        response.extend(signature.to_asn1_der());
@@ -349,7 +349,7 @@ impl Ctap1Command {

 #[cfg(test)]
 mod test {
-    use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
+    use super::super::{key_material, CREDENTIAL_ID_SIZE, USE_SIGNATURE_COUNTER};
    use super::*;
    use crypto::rng256::ThreadRng256;
    use crypto::Hash256;
@@ -389,12 +389,12 @@ mod test {
            0x00,
            0x00,
            0x00,
-            65 + CREDENTIAL_ID_BASE_SIZE as u8,
+            65 + CREDENTIAL_ID_SIZE as u8,
        ];
        let challenge = [0x0C; 32];
        message.extend(&challenge);
        message.extend(application);
-        message.push(CREDENTIAL_ID_BASE_SIZE as u8);
+        message.push(CREDENTIAL_ID_SIZE as u8);
        message.extend(key_handle);
        message
    }
@@ -434,15 +434,12 @@ mod test {
        let response =
            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
        assert_eq!(response[0], Ctap1Command::LEGACY_BYTE);
-        assert_eq!(response[66], CREDENTIAL_ID_BASE_SIZE as u8);
+        assert_eq!(response[66], CREDENTIAL_ID_SIZE as u8);
        assert!(ctap_state
-            .decrypt_credential_source(
-                response[67..67 + CREDENTIAL_ID_BASE_SIZE].to_vec(),
-                &application
-            )
+            .decrypt_credential_source(response[67..67 + CREDENTIAL_ID_SIZE].to_vec(), &application)
            .unwrap()
            .is_some());
-        const CERT_START: usize = 67 + CREDENTIAL_ID_BASE_SIZE;
+        const CERT_START: usize = 67 + CREDENTIAL_ID_SIZE;
        assert_eq!(
            &response[CERT_START..CERT_START + fake_cert.len()],
            &fake_cert[..]
@@ -491,9 +488,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);

        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
@@ -509,9 +504,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let application = [0x55; 32];
        let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);

@@ -528,9 +521,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let mut message = create_authenticate_message(
            &application,
            Ctap1Flags::DontEnforceUpAndSign,
@@ -563,9 +554,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let mut message =
            create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
        message[0] = 0xEE;
@@ -583,9 +572,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let mut message =
            create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
        message[1] = 0xEE;
@@ -603,9 +590,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let mut message =
            create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
        message[2] = 0xEE;
@@ -631,9 +616,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let message =
            create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);

@@ -660,9 +643,7 @@ mod test {

        let rp_id = "example.com";
        let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
        let message = create_authenticate_message(
            &application,
            Ctap1Flags::DontEnforceUpAndSign,
@@ -684,7 +665,7 @@ mod test {
    #[test]
    fn test_process_authenticate_bad_key_handle() {
        let application = [0x0A; 32];
-        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
        let message =
            create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);

@@ -701,7 +682,7 @@ mod test {
    #[test]
    fn test_process_authenticate_without_up() {
        let application = [0x0A; 32];
-        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
        let message =
            create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);