kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Always return credProtect in credential management (#666)

Browse Source 
Fixes P-1 in this test:
https://github.com/fido-alliance/ctap2.1-conformance-module/blob/main/tests/CTAP2/Protocol/CredentialManagement/21/CredentialManagement-21-EnumerateCredentials.js
This commit is contained in:
kaczmarczyck
2023-11-24 16:00:06 +01:00
committed by GitHub
parent eaeb927d92
commit af763450a9
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libraries/opensk/src/ctap/credential_management.rs
View File

@@ -23,6 +23,8 @@ use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
use super::status_code::Ctap2StatusCode; use super::status_code::Ctap2StatusCode;
use super::{Channel, StatefulCommand, StatefulPermission}; use super::{Channel, StatefulCommand, StatefulPermission};
use crate::api::crypto::sha256::Sha256; use crate::api::crypto::sha256::Sha256;
use crate::api::customization::Customization;
use crate::ctap::data_formats::CredentialProtectionPolicy;
use crate::ctap::storage; use crate::ctap::storage;
use crate::env::{Env, Sha}; use crate::env::{Env, Sha};
use alloc::collections::BTreeSet; use alloc::collections::BTreeSet;
@@ -62,6 +64,7 @@ fn enumerate_rps_response<E: Env>(
/// Generates the response for subcommands enumerating credentials. /// Generates the response for subcommands enumerating credentials.
fn enumerate_credentials_response<E: Env>( fn enumerate_credentials_response<E: Env>(
env: &mut E,
credential: PublicKeyCredentialSource, credential: PublicKeyCredentialSource,
total_credentials: Option<u64>, total_credentials: Option<u64>,
) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> { ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
@@ -91,12 +94,15 @@ fn enumerate_credentials_response<E: Env>(
transports: None, // You can set USB as a hint here. transports: None, // You can set USB as a hint here.
}; };
let public_key = private_key.get_pub_key::<E>()?; let public_key = private_key.get_pub_key::<E>()?;
let cred_protect = cred_protect_policy
.or(env.customization().default_cred_protect())
.or(Some(CredentialProtectionPolicy::UserVerificationOptional));
Ok(AuthenticatorCredentialManagementResponse { Ok(AuthenticatorCredentialManagementResponse {
user: Some(user), user: Some(user),
credential_id: Some(credential_id), credential_id: Some(credential_id),
public_key: Some(public_key), public_key: Some(public_key),
total_credentials, total_credentials,
cred_protect: cred_protect_policy, cred_protect,
large_blob_key, large_blob_key,
..Default::default() ..Default::default()
}) })
@@ -201,7 +207,7 @@ fn process_enumerate_credentials_begin<E: Env>(
channel, channel,
); );
} }
enumerate_credentials_response::<E>(credential, Some(total_credentials as u64)) enumerate_credentials_response(env, credential, Some(total_credentials as u64))
} }
/// Processes the subcommand enumerateCredentialsGetNextCredential for CredentialManagement. /// Processes the subcommand enumerateCredentialsGetNextCredential for CredentialManagement.
@@ -211,7 +217,7 @@ fn process_enumerate_credentials_get_next_credential<E: Env>(
) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> { ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
let credential_key = stateful_command_permission.next_enumerate_credential(env)?; let credential_key = stateful_command_permission.next_enumerate_credential(env)?;
let credential = storage::get_credential(env, credential_key)?; let credential = storage::get_credential(env, credential_key)?;
enumerate_credentials_response::<E>(credential, None) enumerate_credentials_response(env, credential, None)
} }
/// Processes the subcommand deleteCredential for CredentialManagement. /// Processes the subcommand deleteCredential for CredentialManagement.