kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into v2_lib

Browse Source
This commit is contained in:
Julien Cretin
2020-12-10 09:38:26 +01:00
parent 776093a68b 829fcb1238
commit f5ef235c69
7 changed files with 124 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/ctap/ctap1.rs
View File

@@ -291,7 +291,7 @@ impl Ctap1Command {
let sk = crypto::ecdsa::SecKey::gensk(ctap_state.rng);
let pk = sk.genpk();
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.encrypt_key_handle(sk, &application)
.map_err(|_| Ctap1StatusCode::SW_COMMAND_ABORTED)?;
if key_handle.len() > 0xFF {
// This is just being defensive with unreachable code.
@@ -386,7 +386,7 @@ impl Ctap1Command {
#[cfg(test)]
mod test {
use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
use super::super::{key_material, CREDENTIAL_ID_SIZE, USE_SIGNATURE_COUNTER};
use super::*;
use crypto::rng256::ThreadRng256;
use crypto::Hash256;
@@ -426,12 +426,12 @@ mod test {
0x00,
0x00,
0x00,
65 + CREDENTIAL_ID_BASE_SIZE as u8,
65 + CREDENTIAL_ID_SIZE as u8,
];
let challenge = [0x0C; 32];
message.extend(&challenge);
message.extend(application);
message.push(CREDENTIAL_ID_BASE_SIZE as u8);
message.push(CREDENTIAL_ID_SIZE as u8);
message.extend(key_handle);
message
}
@@ -471,15 +471,12 @@ mod test {
let response =
Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
assert_eq!(response[0], Ctap1Command::LEGACY_BYTE);
assert_eq!(response[66], CREDENTIAL_ID_BASE_SIZE as u8);
assert_eq!(response[66], CREDENTIAL_ID_SIZE as u8);
assert!(ctap_state
.decrypt_credential_source(
response[67..67 + CREDENTIAL_ID_BASE_SIZE].to_vec(),
&application
)
.decrypt_credential_source(response[67..67 + CREDENTIAL_ID_SIZE].to_vec(), &application)
.unwrap()
.is_some());
const CERT_START: usize = 67 + CREDENTIAL_ID_BASE_SIZE;
const CERT_START: usize = 67 + CREDENTIAL_ID_SIZE;
assert_eq!(
&response[CERT_START..CERT_START + fake_cert.len()],
&fake_cert[..]
@@ -528,9 +525,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
@@ -546,9 +541,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let application = [0x55; 32];
let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
@@ -565,9 +558,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let mut message =
create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
@@ -591,9 +582,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let mut message =
create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
message[0] = 0xEE;
@@ -611,9 +600,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let mut message =
create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
message[1] = 0xEE;
@@ -631,9 +618,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let mut message =
create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
message[2] = 0xEE;
@@ -659,9 +644,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let message =
create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
@@ -688,9 +671,7 @@ mod test {
let rp_id = "example.com";
let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
let key_handle = ctap_state
.encrypt_key_handle(sk, &application, None)
.unwrap();
let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
let message = create_authenticate_message(
&application,
Ctap1Flags::DontEnforceUpAndSign,
@@ -712,7 +693,7 @@ mod test {
#[test]
fn test_process_authenticate_bad_key_handle() {
let application = [0x0A; 32];
let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
let message =
create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
@@ -729,7 +710,7 @@ mod test {
#[test]
fn test_process_authenticate_without_up() {
let application = [0x0A; 32];
let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
let message =
create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);