kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds the PIN protocol trait (#292)

Browse Source 
* adds the PIN protocol trait

* improved documentation

* SharedSecret not mutable
This commit is contained in:
kaczmarczyck
2021-03-10 13:20:29 +01:00
committed by GitHub
parent 351e6c12c6
commit eb0a0770dd
7 changed files with 660 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/ctap/mod.rs
View File

@@ -24,6 +24,7 @@ pub mod data_formats;
pub mod hid;
mod key_material;
mod large_blobs;
mod pin_protocol;
pub mod response;
pub mod status_code;
mod storage;
@@ -648,12 +649,8 @@ where
// Specification is unclear, could be CTAP2_ERR_INVALID_OPTION.
return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
}
if !self
.client_pin
.verify_pin_auth_token(&client_data_hash, &pin_auth)
{
return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
}
self.client_pin
.verify_pin_auth_token(&client_data_hash, &pin_auth)?;
self.client_pin
.has_permission(PinPermission::MakeCredential)?;
self.client_pin.ensure_rp_id_permission(&rp_id)?;
@@ -816,10 +813,11 @@ where
if extensions.hmac_secret.is_some() || extensions.cred_blob {
let encrypted_output = if let Some(hmac_secret_input) = extensions.hmac_secret {
let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
Some(
self.client_pin
.process_hmac_secret(hmac_secret_input, &cred_random)?,
)
Some(self.client_pin.process_hmac_secret(
self.rng,
hmac_secret_input,
&cred_random,
)?)
} else {
None
};
@@ -939,12 +937,8 @@ where
// Specification is unclear, could be CTAP2_ERR_UNSUPPORTED_OPTION.
return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
}
if !self
.client_pin
.verify_pin_auth_token(&client_data_hash, &pin_auth)
{
return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
}
self.client_pin
.verify_pin_auth_token(&client_data_hash, &pin_auth)?;
self.client_pin
.has_permission(PinPermission::GetAssertion)?;
self.client_pin.ensure_rp_id_permission(&rp_id)?;