kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

introduce max credential size for readability

Browse Source
This commit is contained in:
Fabian Kaczmarczyck
2020-11-23 14:34:38 +01:00
parent 14f59e3619
commit a099ddbabd
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/ctap/mod.rs
View File

@@ -86,6 +86,7 @@ const USE_SIGNATURE_COUNTER: bool = true;
// - (optional) 32 byte for HMAC-secret, // - (optional) 32 byte for HMAC-secret,
// - 32 byte HMAC-SHA256 over everything else. // - 32 byte HMAC-SHA256 over everything else.
pub const CREDENTIAL_ID_BASE_SIZE: usize = 112; pub const CREDENTIAL_ID_BASE_SIZE: usize = 112;
pub const CREDENTIAL_ID_MAX_SIZE: usize = CREDENTIAL_ID_BASE_SIZE + 32;
// Set this bit when checking user presence. // Set this bit when checking user presence.
const UP_FLAG: u8 = 0x01; const UP_FLAG: u8 = 0x01;
// Set this bit when checking user verification. // Set this bit when checking user verification.
@@ -235,12 +236,10 @@ where
credential_id: Vec<u8>, credential_id: Vec<u8>,
rp_id_hash: &[u8], rp_id_hash: &[u8],
) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> { ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
let has_cred_random = if credential_id.len() == CREDENTIAL_ID_BASE_SIZE { let has_cred_random = match credential_id.len() {
false CREDENTIAL_ID_BASE_SIZE => false,
} else if credential_id.len() == CREDENTIAL_ID_BASE_SIZE + 32 { CREDENTIAL_ID_MAX_SIZE => true,
true _ => return Ok(None),
} else {
return Ok(None);
}; };
let master_keys = self.persistent_store.master_keys()?; let master_keys = self.persistent_store.master_keys()?;
let payload_size = credential_id.len() - 32; let payload_size = credential_id.len() - 32;
@@ -1154,8 +1153,7 @@ mod test {
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00, 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00,
]; ];
expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap()); expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
let credential_size = CREDENTIAL_ID_BASE_SIZE + 32; expected_auth_data.extend(&[0x00, CREDENTIAL_ID_MAX_SIZE as u8]);
expected_auth_data.extend(&[0x00, credential_size as u8]);
assert_eq!( assert_eq!(
auth_data[0..expected_auth_data.len()], auth_data[0..expected_auth_data.len()],
expected_auth_data[..] expected_auth_data[..]
@@ -1307,10 +1305,9 @@ mod test {
ResponseData::AuthenticatorMakeCredential(make_credential_response) => { ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
let auth_data = make_credential_response.auth_data; let auth_data = make_credential_response.auth_data;
let offset = 37 + ctap_state.persistent_store.aaguid().unwrap().len(); let offset = 37 + ctap_state.persistent_store.aaguid().unwrap().len();
let credential_size = CREDENTIAL_ID_BASE_SIZE + 32;
assert_eq!(auth_data[offset], 0x00); assert_eq!(auth_data[offset], 0x00);
assert_eq!(auth_data[offset + 1] as usize, credential_size); assert_eq!(auth_data[offset + 1] as usize, CREDENTIAL_ID_MAX_SIZE);
auth_data[offset + 2..offset + 2 + credential_size].to_vec() auth_data[offset + 2..offset + 2 + CREDENTIAL_ID_MAX_SIZE].to_vec()
} }
_ => panic!("Invalid response type"), _ => panic!("Invalid response type"),
}; };