/libfido2/src/largeblob.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2020-2022 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | * SPDX-License-Identifier: BSD-2-Clause |
6 | | */ |
7 | | |
8 | | #include <openssl/sha.h> |
9 | | |
10 | | #include "fido.h" |
11 | | #include "fido/es256.h" |
12 | | |
13 | 2.04k | #define LARGEBLOB_DIGEST_LENGTH 16 |
14 | 819 | #define LARGEBLOB_NONCE_LENGTH 12 |
15 | 827 | #define LARGEBLOB_TAG_LENGTH 16 |
16 | | |
17 | | typedef struct largeblob { |
18 | | size_t origsiz; |
19 | | fido_blob_t ciphertext; |
20 | | fido_blob_t nonce; |
21 | | } largeblob_t; |
22 | | |
23 | | static largeblob_t * |
24 | | largeblob_new(void) |
25 | 1.63k | { |
26 | 1.63k | return calloc(1, sizeof(largeblob_t)); |
27 | 1.63k | } |
28 | | |
29 | | static void |
30 | | largeblob_reset(largeblob_t *blob) |
31 | 2.46k | { |
32 | 2.46k | fido_blob_reset(&blob->ciphertext); |
33 | 2.46k | fido_blob_reset(&blob->nonce); |
34 | 2.46k | blob->origsiz = 0; |
35 | 2.46k | } |
36 | | |
37 | | static void |
38 | | largeblob_free(largeblob_t **blob_ptr) |
39 | 1.63k | { |
40 | 1.63k | largeblob_t *blob; |
41 | | |
42 | 1.63k | if (blob_ptr == NULL || (blob = *blob_ptr) == NULL) |
43 | 6 | return; |
44 | 1.62k | largeblob_reset(blob); |
45 | 1.62k | free(blob); |
46 | 1.62k | *blob_ptr = NULL; |
47 | 1.62k | } |
48 | | |
49 | | static int |
50 | | largeblob_aad(fido_blob_t *aad, uint64_t size) |
51 | 2.42k | { |
52 | 2.42k | uint8_t buf[4 + sizeof(uint64_t)]; |
53 | | |
54 | 2.42k | buf[0] = 0x62; /* b */ |
55 | 2.42k | buf[1] = 0x6c; /* l */ |
56 | 2.42k | buf[2] = 0x6f; /* o */ |
57 | 2.42k | buf[3] = 0x62; /* b */ |
58 | 2.42k | size = htole64(size); |
59 | 2.42k | memcpy(&buf[4], &size, sizeof(uint64_t)); |
60 | | |
61 | 2.42k | return fido_blob_set(aad, buf, sizeof(buf)); |
62 | 2.42k | } |
63 | | |
64 | | static fido_blob_t * |
65 | | largeblob_decrypt(const largeblob_t *blob, const fido_blob_t *key) |
66 | 819 | { |
67 | 819 | fido_blob_t *plaintext = NULL, *aad = NULL; |
68 | 819 | int ok = -1; |
69 | | |
70 | 819 | if ((plaintext = fido_blob_new()) == NULL || |
71 | 819 | (aad = fido_blob_new()) == NULL) { |
72 | 16 | fido_log_debug("%s: fido_blob_new", __func__); |
73 | 16 | goto fail; |
74 | 16 | } |
75 | 803 | if (largeblob_aad(aad, blob->origsiz) < 0) { |
76 | 11 | fido_log_debug("%s: largeblob_aad", __func__); |
77 | 11 | goto fail; |
78 | 11 | } |
79 | 792 | if (aes256_gcm_dec(key, &blob->nonce, aad, &blob->ciphertext, |
80 | 792 | plaintext) < 0) { |
81 | 344 | fido_log_debug("%s: aes256_gcm_dec", __func__); |
82 | 344 | goto fail; |
83 | 344 | } |
84 | | |
85 | 448 | ok = 0; |
86 | 819 | fail: |
87 | 819 | fido_blob_free(&aad); |
88 | | |
89 | 819 | if (ok < 0) |
90 | 371 | fido_blob_free(&plaintext); |
91 | | |
92 | 819 | return plaintext; |
93 | 448 | } |
94 | | |
95 | | static int |
96 | | largeblob_get_nonce(largeblob_t *blob) |
97 | 1.61k | { |
98 | 1.61k | uint8_t buf[LARGEBLOB_NONCE_LENGTH]; |
99 | 1.61k | int ok = -1; |
100 | | |
101 | 1.61k | if (fido_get_random(buf, sizeof(buf)) < 0) { |
102 | 7 | fido_log_debug("%s: fido_get_random", __func__); |
103 | 7 | goto fail; |
104 | 7 | } |
105 | 1.61k | if (fido_blob_set(&blob->nonce, buf, sizeof(buf)) < 0) { |
106 | 3 | fido_log_debug("%s: fido_blob_set", __func__); |
107 | 3 | goto fail; |
108 | 3 | } |
109 | | |
110 | 1.60k | ok = 0; |
111 | 1.61k | fail: |
112 | 1.61k | explicit_bzero(buf, sizeof(buf)); |
113 | | |
114 | 1.61k | return ok; |
115 | 1.60k | } |
116 | | |
117 | | static int |
118 | | largeblob_seal(largeblob_t *blob, const fido_blob_t *body, |
119 | | const fido_blob_t *key) |
120 | 1.62k | { |
121 | 1.62k | fido_blob_t *plaintext = NULL, *aad = NULL; |
122 | 1.62k | int ok = -1; |
123 | | |
124 | 1.62k | if ((plaintext = fido_blob_new()) == NULL || |
125 | 1.62k | (aad = fido_blob_new()) == NULL) { |
126 | 3 | fido_log_debug("%s: fido_blob_new", __func__); |
127 | 3 | goto fail; |
128 | 3 | } |
129 | 1.62k | if (fido_compress(plaintext, body) != FIDO_OK) { |
130 | 5 | fido_log_debug("%s: fido_compress", __func__); |
131 | 5 | goto fail; |
132 | 5 | } |
133 | 1.62k | if (largeblob_aad(aad, body->len) < 0) { |
134 | 2 | fido_log_debug("%s: largeblob_aad", __func__); |
135 | 2 | goto fail; |
136 | 2 | } |
137 | 1.61k | if (largeblob_get_nonce(blob) < 0) { |
138 | 10 | fido_log_debug("%s: largeblob_get_nonce", __func__); |
139 | 10 | goto fail; |
140 | 10 | } |
141 | 1.60k | if (aes256_gcm_enc(key, &blob->nonce, aad, plaintext, |
142 | 1.60k | &blob->ciphertext) < 0) { |
143 | 363 | fido_log_debug("%s: aes256_gcm_enc", __func__); |
144 | 363 | goto fail; |
145 | 363 | } |
146 | 1.24k | blob->origsiz = body->len; |
147 | | |
148 | 1.24k | ok = 0; |
149 | 1.62k | fail: |
150 | 1.62k | fido_blob_free(&plaintext); |
151 | 1.62k | fido_blob_free(&aad); |
152 | | |
153 | 1.62k | return ok; |
154 | 1.24k | } |
155 | | |
156 | | static int |
157 | | largeblob_get_tx(fido_dev_t *dev, size_t offset, size_t count, int *ms) |
158 | 1.25k | { |
159 | 1.25k | fido_blob_t f; |
160 | 1.25k | cbor_item_t *argv[3]; |
161 | 1.25k | int r; |
162 | | |
163 | 1.25k | memset(argv, 0, sizeof(argv)); |
164 | 1.25k | memset(&f, 0, sizeof(f)); |
165 | | |
166 | 1.25k | if ((argv[0] = cbor_build_uint(count)) == NULL || |
167 | 1.25k | (argv[2] = cbor_build_uint(offset)) == NULL) { |
168 | 10 | fido_log_debug("%s: cbor encode", __func__); |
169 | 10 | r = FIDO_ERR_INTERNAL; |
170 | 10 | goto fail; |
171 | 10 | } |
172 | 1.24k | if (cbor_build_frame(CTAP_CBOR_LARGEBLOB, argv, nitems(argv), &f) < 0 || |
173 | 1.24k | fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { |
174 | 27 | fido_log_debug("%s: fido_tx", __func__); |
175 | 27 | r = FIDO_ERR_TX; |
176 | 27 | goto fail; |
177 | 27 | } |
178 | | |
179 | 1.22k | r = FIDO_OK; |
180 | 1.25k | fail: |
181 | 1.25k | cbor_vector_free(argv, nitems(argv)); |
182 | 1.25k | free(f.ptr); |
183 | | |
184 | 1.25k | return r; |
185 | 1.22k | } |
186 | | |
187 | | static int |
188 | | parse_largeblob_reply(const cbor_item_t *key, const cbor_item_t *val, |
189 | | void *arg) |
190 | 1.18k | { |
191 | 1.18k | if (cbor_isa_uint(key) == false || |
192 | 1.18k | cbor_int_get_width(key) != CBOR_INT_8 || |
193 | 1.18k | cbor_get_uint8(key) != 1) { |
194 | 203 | fido_log_debug("%s: cbor type", __func__); |
195 | 203 | return 0; /* ignore */ |
196 | 203 | } |
197 | | |
198 | 977 | return fido_blob_decode(val, arg); |
199 | 1.18k | } |
200 | | |
201 | | static int |
202 | | largeblob_get_rx(fido_dev_t *dev, fido_blob_t **chunk, int *ms) |
203 | 1.22k | { |
204 | 1.22k | unsigned char *msg; |
205 | 1.22k | int msglen, r; |
206 | | |
207 | 1.22k | *chunk = NULL; |
208 | 1.22k | if ((msg = malloc(FIDO_MAXMSG)) == NULL) { |
209 | 4 | r = FIDO_ERR_INTERNAL; |
210 | 4 | goto out; |
211 | 4 | } |
212 | 1.21k | if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) { |
213 | 159 | fido_log_debug("%s: fido_rx", __func__); |
214 | 159 | r = FIDO_ERR_RX; |
215 | 159 | goto out; |
216 | 159 | } |
217 | 1.05k | if ((*chunk = fido_blob_new()) == NULL) { |
218 | 3 | fido_log_debug("%s: fido_blob_new", __func__); |
219 | 3 | r = FIDO_ERR_INTERNAL; |
220 | 3 | goto out; |
221 | 3 | } |
222 | 1.05k | if ((r = cbor_parse_reply(msg, (size_t)msglen, *chunk, |
223 | 1.05k | parse_largeblob_reply)) != FIDO_OK) { |
224 | 69 | fido_log_debug("%s: parse_largeblob_reply", __func__); |
225 | 69 | goto out; |
226 | 69 | } |
227 | | |
228 | 987 | r = FIDO_OK; |
229 | 1.22k | out: |
230 | 1.22k | if (r != FIDO_OK) |
231 | 235 | fido_blob_free(chunk); |
232 | | |
233 | 1.22k | freezero(msg, FIDO_MAXMSG); |
234 | | |
235 | 1.22k | return r; |
236 | 987 | } |
237 | | |
238 | | static cbor_item_t * |
239 | | largeblob_array_load(const uint8_t *ptr, size_t len) |
240 | 565 | { |
241 | 565 | struct cbor_load_result cbor; |
242 | 565 | cbor_item_t *item; |
243 | | |
244 | 565 | if (len < LARGEBLOB_DIGEST_LENGTH) { |
245 | 0 | fido_log_debug("%s: len", __func__); |
246 | 0 | return NULL; |
247 | 0 | } |
248 | 565 | len -= LARGEBLOB_DIGEST_LENGTH; |
249 | 565 | if ((item = cbor_load(ptr, len, &cbor)) == NULL) { |
250 | 3 | fido_log_debug("%s: cbor_load", __func__); |
251 | 3 | return NULL; |
252 | 3 | } |
253 | 562 | if (!cbor_isa_array(item) || !cbor_array_is_definite(item)) { |
254 | 0 | fido_log_debug("%s: cbor type", __func__); |
255 | 0 | cbor_decref(&item); |
256 | 0 | return NULL; |
257 | 0 | } |
258 | | |
259 | 562 | return item; |
260 | 562 | } |
261 | | |
262 | | static size_t |
263 | | get_chunklen(fido_dev_t *dev) |
264 | 5.44k | { |
265 | 5.44k | uint64_t maxchunklen; |
266 | | |
267 | 5.44k | if ((maxchunklen = fido_dev_maxmsgsize(dev)) > SIZE_MAX) |
268 | 0 | maxchunklen = SIZE_MAX; |
269 | 5.44k | if (maxchunklen > FIDO_MAXMSG) |
270 | 1.00k | maxchunklen = FIDO_MAXMSG; |
271 | 5.44k | maxchunklen = maxchunklen > 64 ? maxchunklen - 64 : 0; |
272 | | |
273 | 5.44k | return (size_t)maxchunklen; |
274 | 5.44k | } |
275 | | |
276 | | static int |
277 | | largeblob_do_decode(const cbor_item_t *key, const cbor_item_t *val, void *arg) |
278 | 2.48k | { |
279 | 2.48k | largeblob_t *blob = arg; |
280 | 2.48k | uint64_t origsiz; |
281 | | |
282 | 2.48k | if (cbor_isa_uint(key) == false || |
283 | 2.48k | cbor_int_get_width(key) != CBOR_INT_8) { |
284 | 0 | fido_log_debug("%s: cbor type", __func__); |
285 | 0 | return 0; /* ignore */ |
286 | 0 | } |
287 | | |
288 | 2.48k | switch (cbor_get_uint8(key)) { |
289 | 836 | case 1: /* ciphertext */ |
290 | 836 | if (fido_blob_decode(val, &blob->ciphertext) < 0 || |
291 | 836 | blob->ciphertext.len < LARGEBLOB_TAG_LENGTH) |
292 | 9 | return -1; |
293 | 827 | return 0; |
294 | 827 | case 2: /* nonce */ |
295 | 827 | if (fido_blob_decode(val, &blob->nonce) < 0 || |
296 | 827 | blob->nonce.len != LARGEBLOB_NONCE_LENGTH) |
297 | 8 | return -1; |
298 | 819 | return 0; |
299 | 819 | case 3: /* origSize */ |
300 | 819 | if (!cbor_isa_uint(val) || |
301 | 819 | (origsiz = cbor_get_int(val)) > SIZE_MAX) |
302 | 0 | return -1; |
303 | 819 | blob->origsiz = (size_t)origsiz; |
304 | 819 | return 0; |
305 | 0 | default: /* ignore */ |
306 | 0 | fido_log_debug("%s: cbor type", __func__); |
307 | 0 | return 0; |
308 | 2.48k | } |
309 | 2.48k | } |
310 | | |
311 | | static int |
312 | | largeblob_decode(largeblob_t *blob, const cbor_item_t *item) |
313 | 839 | { |
314 | 839 | if (!cbor_isa_map(item) || !cbor_map_is_definite(item)) { |
315 | 0 | fido_log_debug("%s: cbor type", __func__); |
316 | 0 | return -1; |
317 | 0 | } |
318 | 839 | if (cbor_map_iter(item, blob, largeblob_do_decode) < 0) { |
319 | 20 | fido_log_debug("%s: cbor_map_iter", __func__); |
320 | 20 | return -1; |
321 | 20 | } |
322 | 819 | if (fido_blob_is_empty(&blob->ciphertext) || |
323 | 819 | fido_blob_is_empty(&blob->nonce) || blob->origsiz == 0) { |
324 | 0 | fido_log_debug("%s: incomplete blob", __func__); |
325 | 0 | return -1; |
326 | 0 | } |
327 | | |
328 | 819 | return 0; |
329 | 819 | } |
330 | | |
331 | | static cbor_item_t * |
332 | | largeblob_encode(const fido_blob_t *body, const fido_blob_t *key) |
333 | 1.63k | { |
334 | 1.63k | largeblob_t *blob; |
335 | 1.63k | cbor_item_t *argv[3], *item = NULL; |
336 | | |
337 | 1.63k | memset(argv, 0, sizeof(argv)); |
338 | 1.63k | if ((blob = largeblob_new()) == NULL || |
339 | 1.63k | largeblob_seal(blob, body, key) < 0) { |
340 | 389 | fido_log_debug("%s: largeblob_seal", __func__); |
341 | 389 | goto fail; |
342 | 389 | } |
343 | 1.24k | if ((argv[0] = fido_blob_encode(&blob->ciphertext)) == NULL || |
344 | 1.24k | (argv[1] = fido_blob_encode(&blob->nonce)) == NULL || |
345 | 1.24k | (argv[2] = cbor_build_uint(blob->origsiz)) == NULL) { |
346 | 6 | fido_log_debug("%s: cbor encode", __func__); |
347 | 6 | goto fail; |
348 | 6 | } |
349 | 1.23k | item = cbor_flatten_vector(argv, nitems(argv)); |
350 | 1.63k | fail: |
351 | 1.63k | cbor_vector_free(argv, nitems(argv)); |
352 | 1.63k | largeblob_free(&blob); |
353 | | |
354 | 1.63k | return item; |
355 | 1.23k | } |
356 | | |
357 | | static int |
358 | | largeblob_array_lookup(fido_blob_t *out, size_t *idx, const cbor_item_t *item, |
359 | | const fido_blob_t *key) |
360 | 910 | { |
361 | 910 | cbor_item_t **v; |
362 | 910 | fido_blob_t *plaintext = NULL; |
363 | 910 | largeblob_t blob; |
364 | 910 | int r; |
365 | | |
366 | 910 | memset(&blob, 0, sizeof(blob)); |
367 | 910 | if (idx != NULL) |
368 | 883 | *idx = 0; |
369 | 910 | if ((v = cbor_array_handle(item)) == NULL) |
370 | 4 | return FIDO_ERR_INVALID_ARGUMENT; |
371 | 1.29k | for (size_t i = 0; i < cbor_array_size(item); i++) { |
372 | 839 | if (largeblob_decode(&blob, v[i]) < 0 || |
373 | 839 | (plaintext = largeblob_decrypt(&blob, key)) == NULL) { |
374 | 391 | fido_log_debug("%s: largeblob_decode", __func__); |
375 | 391 | largeblob_reset(&blob); |
376 | 391 | continue; |
377 | 391 | } |
378 | 448 | if (idx != NULL) |
379 | 438 | *idx = i; |
380 | 448 | break; |
381 | 839 | } |
382 | 906 | if (plaintext == NULL) { |
383 | 458 | fido_log_debug("%s: not found", __func__); |
384 | 458 | return FIDO_ERR_NOTFOUND; |
385 | 458 | } |
386 | 448 | if (out != NULL) |
387 | 10 | r = fido_uncompress(out, plaintext, blob.origsiz); |
388 | 438 | else |
389 | 438 | r = FIDO_OK; |
390 | | |
391 | 448 | fido_blob_free(&plaintext); |
392 | 448 | largeblob_reset(&blob); |
393 | | |
394 | 448 | return r; |
395 | 906 | } |
396 | | |
397 | | static int |
398 | | largeblob_array_digest(u_char out[LARGEBLOB_DIGEST_LENGTH], const u_char *data, |
399 | | size_t len) |
400 | 923 | { |
401 | 923 | u_char dgst[SHA256_DIGEST_LENGTH]; |
402 | | |
403 | 923 | if (data == NULL || len == 0) |
404 | 3 | return -1; |
405 | 920 | if (SHA256(data, len, dgst) != dgst) |
406 | 5 | return -1; |
407 | 915 | memcpy(out, dgst, LARGEBLOB_DIGEST_LENGTH); |
408 | | |
409 | 915 | return 0; |
410 | 920 | } |
411 | | |
412 | | static int |
413 | | largeblob_array_check(const fido_blob_t *array) |
414 | 931 | { |
415 | 931 | u_char expected_hash[LARGEBLOB_DIGEST_LENGTH]; |
416 | 931 | size_t body_len; |
417 | | |
418 | 931 | fido_log_xxd(array->ptr, array->len, __func__); |
419 | 931 | if (array->len < sizeof(expected_hash)) { |
420 | 8 | fido_log_debug("%s: len %zu", __func__, array->len); |
421 | 8 | return -1; |
422 | 8 | } |
423 | 923 | body_len = array->len - sizeof(expected_hash); |
424 | 923 | if (largeblob_array_digest(expected_hash, array->ptr, body_len) < 0) { |
425 | 8 | fido_log_debug("%s: largeblob_array_digest", __func__); |
426 | 8 | return -1; |
427 | 8 | } |
428 | | |
429 | 915 | return timingsafe_bcmp(expected_hash, array->ptr + body_len, |
430 | 915 | sizeof(expected_hash)); |
431 | 923 | } |
432 | | |
433 | | static int |
434 | | largeblob_get_array(fido_dev_t *dev, cbor_item_t **item, int *ms) |
435 | 3.01k | { |
436 | 3.01k | fido_blob_t *array, *chunk = NULL; |
437 | 3.01k | size_t n; |
438 | 3.01k | int r; |
439 | | |
440 | 3.01k | *item = NULL; |
441 | 3.01k | if ((n = get_chunklen(dev)) == 0) |
442 | 1.78k | return FIDO_ERR_INVALID_ARGUMENT; |
443 | 1.22k | if ((array = fido_blob_new()) == NULL) |
444 | 3 | return FIDO_ERR_INTERNAL; |
445 | 1.25k | do { |
446 | 1.25k | fido_blob_free(&chunk); |
447 | 1.25k | if ((r = largeblob_get_tx(dev, array->len, n, ms)) != FIDO_OK || |
448 | 1.25k | (r = largeblob_get_rx(dev, &chunk, ms)) != FIDO_OK) { |
449 | 272 | fido_log_debug("%s: largeblob_get_wait %zu/%zu", |
450 | 272 | __func__, array->len, n); |
451 | 272 | goto fail; |
452 | 272 | } |
453 | 987 | if (fido_blob_append(array, chunk->ptr, chunk->len) < 0) { |
454 | 23 | fido_log_debug("%s: fido_blob_append", __func__); |
455 | 23 | r = FIDO_ERR_INTERNAL; |
456 | 23 | goto fail; |
457 | 23 | } |
458 | 987 | } while (chunk->len == n); |
459 | | |
460 | 931 | if (largeblob_array_check(array) != 0) |
461 | 366 | *item = cbor_new_definite_array(0); /* per spec */ |
462 | 565 | else |
463 | 565 | *item = largeblob_array_load(array->ptr, array->len); |
464 | 931 | if (*item == NULL) |
465 | 6 | r = FIDO_ERR_INTERNAL; |
466 | 925 | else |
467 | 925 | r = FIDO_OK; |
468 | 1.22k | fail: |
469 | 1.22k | fido_blob_free(&array); |
470 | 1.22k | fido_blob_free(&chunk); |
471 | | |
472 | 1.22k | return r; |
473 | 931 | } |
474 | | |
475 | | static int |
476 | | prepare_hmac(size_t offset, const u_char *data, size_t len, fido_blob_t *hmac) |
477 | 82 | { |
478 | 82 | uint8_t buf[32 + 2 + sizeof(uint32_t) + SHA256_DIGEST_LENGTH]; |
479 | 82 | uint32_t u32_offset; |
480 | | |
481 | 82 | if (data == NULL || len == 0) { |
482 | 0 | fido_log_debug("%s: invalid data=%p, len=%zu", __func__, |
483 | 0 | (const void *)data, len); |
484 | 0 | return -1; |
485 | 0 | } |
486 | 82 | if (offset > UINT32_MAX) { |
487 | 0 | fido_log_debug("%s: invalid offset=%zu", __func__, offset); |
488 | 0 | return -1; |
489 | 0 | } |
490 | | |
491 | 82 | memset(buf, 0xff, 32); |
492 | 82 | buf[32] = CTAP_CBOR_LARGEBLOB; |
493 | 82 | buf[33] = 0x00; |
494 | 82 | u32_offset = htole32((uint32_t)offset); |
495 | 82 | memcpy(&buf[34], &u32_offset, sizeof(uint32_t)); |
496 | 82 | if (SHA256(data, len, &buf[38]) != &buf[38]) { |
497 | 2 | fido_log_debug("%s: SHA256", __func__); |
498 | 2 | return -1; |
499 | 2 | } |
500 | | |
501 | 80 | return fido_blob_set(hmac, buf, sizeof(buf)); |
502 | 82 | } |
503 | | |
504 | | static int |
505 | | largeblob_set_tx(fido_dev_t *dev, const fido_blob_t *token, const u_char *chunk, |
506 | | size_t chunk_len, size_t offset, size_t totalsiz, int *ms) |
507 | 827 | { |
508 | 827 | fido_blob_t *hmac = NULL, f; |
509 | 827 | cbor_item_t *argv[6]; |
510 | 827 | int r; |
511 | | |
512 | 827 | memset(argv, 0, sizeof(argv)); |
513 | 827 | memset(&f, 0, sizeof(f)); |
514 | | |
515 | 827 | if ((argv[1] = cbor_build_bytestring(chunk, chunk_len)) == NULL || |
516 | 827 | (argv[2] = cbor_build_uint(offset)) == NULL || |
517 | 827 | (offset == 0 && (argv[3] = cbor_build_uint(totalsiz)) == NULL)) { |
518 | 14 | fido_log_debug("%s: cbor encode", __func__); |
519 | 14 | r = FIDO_ERR_INTERNAL; |
520 | 14 | goto fail; |
521 | 14 | } |
522 | 813 | if (token != NULL) { |
523 | 84 | if ((hmac = fido_blob_new()) == NULL || |
524 | 84 | prepare_hmac(offset, chunk, chunk_len, hmac) < 0 || |
525 | 84 | (argv[4] = cbor_encode_pin_auth(dev, token, hmac)) == NULL || |
526 | 84 | (argv[5] = cbor_encode_pin_opt(dev)) == NULL) { |
527 | 10 | fido_log_debug("%s: cbor_encode_pin_auth", __func__); |
528 | 10 | r = FIDO_ERR_INTERNAL; |
529 | 10 | goto fail; |
530 | 10 | } |
531 | 84 | } |
532 | 803 | if (cbor_build_frame(CTAP_CBOR_LARGEBLOB, argv, nitems(argv), &f) < 0 || |
533 | 803 | fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { |
534 | 66 | fido_log_debug("%s: fido_tx", __func__); |
535 | 66 | r = FIDO_ERR_TX; |
536 | 66 | goto fail; |
537 | 66 | } |
538 | | |
539 | 737 | r = FIDO_OK; |
540 | 827 | fail: |
541 | 827 | cbor_vector_free(argv, nitems(argv)); |
542 | 827 | fido_blob_free(&hmac); |
543 | 827 | free(f.ptr); |
544 | | |
545 | 827 | return r; |
546 | 737 | } |
547 | | |
548 | | static int |
549 | | largeblob_get_uv_token(fido_dev_t *dev, const char *pin, fido_blob_t **token, |
550 | | int *ms) |
551 | 1.08k | { |
552 | 1.08k | es256_pk_t *pk = NULL; |
553 | 1.08k | fido_blob_t *ecdh = NULL; |
554 | 1.08k | int r; |
555 | | |
556 | 1.08k | if ((*token = fido_blob_new()) == NULL) |
557 | 5 | return FIDO_ERR_INTERNAL; |
558 | 1.07k | if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { |
559 | 815 | fido_log_debug("%s: fido_do_ecdh", __func__); |
560 | 815 | goto fail; |
561 | 815 | } |
562 | 263 | if ((r = fido_dev_get_uv_token(dev, CTAP_CBOR_LARGEBLOB, pin, ecdh, pk, |
563 | 263 | NULL, *token, ms)) != FIDO_OK) { |
564 | 205 | fido_log_debug("%s: fido_dev_get_uv_token", __func__); |
565 | 205 | goto fail; |
566 | 205 | } |
567 | | |
568 | 58 | r = FIDO_OK; |
569 | 1.07k | fail: |
570 | 1.07k | if (r != FIDO_OK) |
571 | 1.02k | fido_blob_free(token); |
572 | | |
573 | 1.07k | fido_blob_free(&ecdh); |
574 | 1.07k | es256_pk_free(&pk); |
575 | | |
576 | 1.07k | return r; |
577 | 58 | } |
578 | | |
579 | | static int |
580 | | largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin, |
581 | | int *ms) |
582 | 2.42k | { |
583 | 2.42k | unsigned char dgst[SHA256_DIGEST_LENGTH]; |
584 | 2.42k | fido_blob_t cbor, *token = NULL; |
585 | 2.42k | size_t chunklen, maxchunklen, totalsize; |
586 | 2.42k | int r; |
587 | | |
588 | 2.42k | memset(&cbor, 0, sizeof(cbor)); |
589 | | |
590 | 2.42k | if ((maxchunklen = get_chunklen(dev)) == 0) { |
591 | 714 | fido_log_debug("%s: maxchunklen=%zu", __func__, maxchunklen); |
592 | 714 | r = FIDO_ERR_INVALID_ARGUMENT; |
593 | 714 | goto fail; |
594 | 714 | } |
595 | 1.71k | if (!cbor_isa_array(item) || !cbor_array_is_definite(item)) { |
596 | 102 | fido_log_debug("%s: cbor type", __func__); |
597 | 102 | r = FIDO_ERR_INVALID_ARGUMENT; |
598 | 102 | goto fail; |
599 | 102 | } |
600 | 1.61k | if ((fido_blob_serialise(&cbor, item)) < 0) { |
601 | 6 | fido_log_debug("%s: fido_blob_serialise", __func__); |
602 | 6 | r = FIDO_ERR_INTERNAL; |
603 | 6 | goto fail; |
604 | 6 | } |
605 | 1.60k | if (cbor.len > SIZE_MAX - sizeof(dgst)) { |
606 | 0 | fido_log_debug("%s: cbor.len=%zu", __func__, cbor.len); |
607 | 0 | r = FIDO_ERR_INVALID_ARGUMENT; |
608 | 0 | goto fail; |
609 | 0 | } |
610 | 1.60k | if (SHA256(cbor.ptr, cbor.len, dgst) != dgst) { |
611 | 5 | fido_log_debug("%s: SHA256", __func__); |
612 | 5 | r = FIDO_ERR_INTERNAL; |
613 | 5 | goto fail; |
614 | 5 | } |
615 | 1.60k | totalsize = cbor.len + sizeof(dgst) - 16; /* the first 16 bytes only */ |
616 | 1.60k | if (pin != NULL || fido_dev_supports_permissions(dev)) { |
617 | 1.08k | if ((r = largeblob_get_uv_token(dev, pin, &token, |
618 | 1.08k | ms)) != FIDO_OK) { |
619 | 1.02k | fido_log_debug("%s: largeblob_get_uv_token", __func__); |
620 | 1.02k | goto fail; |
621 | 1.02k | } |
622 | 1.08k | } |
623 | 827 | for (size_t offset = 0; offset < cbor.len; offset += chunklen) { |
624 | 752 | if ((chunklen = cbor.len - offset) > maxchunklen) |
625 | 210 | chunklen = maxchunklen; |
626 | 752 | if ((r = largeblob_set_tx(dev, token, cbor.ptr + offset, |
627 | 752 | chunklen, offset, totalsize, ms)) != FIDO_OK || |
628 | 752 | (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { |
629 | 500 | fido_log_debug("%s: body", __func__); |
630 | 500 | goto fail; |
631 | 500 | } |
632 | 752 | } |
633 | 75 | if ((r = largeblob_set_tx(dev, token, dgst, sizeof(dgst) - 16, cbor.len, |
634 | 75 | totalsize, ms)) != FIDO_OK || |
635 | 75 | (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { |
636 | 66 | fido_log_debug("%s: dgst", __func__); |
637 | 66 | goto fail; |
638 | 66 | } |
639 | | |
640 | 9 | r = FIDO_OK; |
641 | 2.42k | fail: |
642 | 2.42k | fido_blob_free(&token); |
643 | 2.42k | fido_blob_reset(&cbor); |
644 | | |
645 | 2.42k | return r; |
646 | 9 | } |
647 | | |
648 | | static int |
649 | | largeblob_add(fido_dev_t *dev, const fido_blob_t *key, cbor_item_t *item, |
650 | | const char *pin, int *ms) |
651 | 1.21k | { |
652 | 1.21k | cbor_item_t *array = NULL; |
653 | 1.21k | size_t idx; |
654 | 1.21k | int r; |
655 | | |
656 | 1.21k | if ((r = largeblob_get_array(dev, &array, ms)) != FIDO_OK) { |
657 | 651 | fido_log_debug("%s: largeblob_get_array", __func__); |
658 | 651 | goto fail; |
659 | 651 | } |
660 | | |
661 | 566 | switch (r = largeblob_array_lookup(NULL, &idx, array, key)) { |
662 | 180 | case FIDO_OK: |
663 | 180 | if (!cbor_array_replace(array, idx, item)) { |
664 | 0 | r = FIDO_ERR_INTERNAL; |
665 | 0 | goto fail; |
666 | 0 | } |
667 | 180 | break; |
668 | 385 | case FIDO_ERR_NOTFOUND: |
669 | 385 | if (cbor_array_append(&array, item) < 0) { |
670 | 8 | r = FIDO_ERR_INTERNAL; |
671 | 8 | goto fail; |
672 | 8 | } |
673 | 377 | break; |
674 | 377 | default: |
675 | 1 | fido_log_debug("%s: largeblob_array_lookup", __func__); |
676 | 1 | goto fail; |
677 | 566 | } |
678 | | |
679 | 557 | if ((r = largeblob_set_array(dev, array, pin, ms)) != FIDO_OK) { |
680 | 554 | fido_log_debug("%s: largeblob_set_array", __func__); |
681 | 554 | goto fail; |
682 | 554 | } |
683 | | |
684 | 3 | r = FIDO_OK; |
685 | 1.21k | fail: |
686 | 1.21k | if (array != NULL) |
687 | 566 | cbor_decref(&array); |
688 | | |
689 | 1.21k | return r; |
690 | 3 | } |
691 | | |
692 | | static int |
693 | | largeblob_drop(fido_dev_t *dev, const fido_blob_t *key, const char *pin, |
694 | | int *ms) |
695 | 817 | { |
696 | 817 | cbor_item_t *array = NULL; |
697 | 817 | size_t idx; |
698 | 817 | int r; |
699 | | |
700 | 817 | if ((r = largeblob_get_array(dev, &array, ms)) != FIDO_OK) { |
701 | 500 | fido_log_debug("%s: largeblob_get_array", __func__); |
702 | 500 | goto fail; |
703 | 500 | } |
704 | 317 | if ((r = largeblob_array_lookup(NULL, &idx, array, key)) != FIDO_OK) { |
705 | 59 | fido_log_debug("%s: largeblob_array_lookup", __func__); |
706 | 59 | goto fail; |
707 | 59 | } |
708 | 258 | if (cbor_array_drop(&array, idx) < 0) { |
709 | 7 | fido_log_debug("%s: cbor_array_drop", __func__); |
710 | 7 | r = FIDO_ERR_INTERNAL; |
711 | 7 | goto fail; |
712 | 7 | } |
713 | 251 | if ((r = largeblob_set_array(dev, array, pin, ms)) != FIDO_OK) { |
714 | 248 | fido_log_debug("%s: largeblob_set_array", __func__); |
715 | 248 | goto fail; |
716 | 248 | } |
717 | | |
718 | 3 | r = FIDO_OK; |
719 | 817 | fail: |
720 | 817 | if (array != NULL) |
721 | 317 | cbor_decref(&array); |
722 | | |
723 | 817 | return r; |
724 | 3 | } |
725 | | |
726 | | int |
727 | | fido_dev_largeblob_get(fido_dev_t *dev, const unsigned char *key_ptr, |
728 | | size_t key_len, unsigned char **blob_ptr, size_t *blob_len) |
729 | 620 | { |
730 | 620 | cbor_item_t *item = NULL; |
731 | 620 | fido_blob_t key, body; |
732 | 620 | int ms = dev->timeout_ms; |
733 | 620 | int r; |
734 | | |
735 | 620 | memset(&key, 0, sizeof(key)); |
736 | 620 | memset(&body, 0, sizeof(body)); |
737 | | |
738 | 620 | if (key_len != 32) { |
739 | 273 | fido_log_debug("%s: invalid key len %zu", __func__, key_len); |
740 | 273 | return FIDO_ERR_INVALID_ARGUMENT; |
741 | 273 | } |
742 | 347 | if (blob_ptr == NULL || blob_len == NULL) { |
743 | 0 | fido_log_debug("%s: invalid blob_ptr=%p, blob_len=%p", __func__, |
744 | 0 | (const void *)blob_ptr, (const void *)blob_len); |
745 | 0 | return FIDO_ERR_INVALID_ARGUMENT; |
746 | 0 | } |
747 | 347 | *blob_ptr = NULL; |
748 | 347 | *blob_len = 0; |
749 | 347 | if (fido_blob_set(&key, key_ptr, key_len) < 0) { |
750 | 2 | fido_log_debug("%s: fido_blob_set", __func__); |
751 | 2 | return FIDO_ERR_INTERNAL; |
752 | 2 | } |
753 | 345 | if ((r = largeblob_get_array(dev, &item, &ms)) != FIDO_OK) { |
754 | 318 | fido_log_debug("%s: largeblob_get_array", __func__); |
755 | 318 | goto fail; |
756 | 318 | } |
757 | 27 | if ((r = largeblob_array_lookup(&body, NULL, item, &key)) != FIDO_OK) |
758 | 19 | fido_log_debug("%s: largeblob_array_lookup", __func__); |
759 | 8 | else { |
760 | 8 | *blob_ptr = body.ptr; |
761 | 8 | *blob_len = body.len; |
762 | 8 | } |
763 | 345 | fail: |
764 | 345 | if (item != NULL) |
765 | 27 | cbor_decref(&item); |
766 | | |
767 | 345 | fido_blob_reset(&key); |
768 | | |
769 | 345 | return r; |
770 | 27 | } |
771 | | |
772 | | int |
773 | | fido_dev_largeblob_set(fido_dev_t *dev, const unsigned char *key_ptr, |
774 | | size_t key_len, const unsigned char *blob_ptr, size_t blob_len, |
775 | | const char *pin) |
776 | 3.83k | { |
777 | 3.83k | cbor_item_t *item = NULL; |
778 | 3.83k | fido_blob_t key, body; |
779 | 3.83k | int ms = dev->timeout_ms; |
780 | 3.83k | int r; |
781 | | |
782 | 3.83k | memset(&key, 0, sizeof(key)); |
783 | 3.83k | memset(&body, 0, sizeof(body)); |
784 | | |
785 | 3.83k | if (key_len != 32) { |
786 | 2.19k | fido_log_debug("%s: invalid key len %zu", __func__, key_len); |
787 | 2.19k | return FIDO_ERR_INVALID_ARGUMENT; |
788 | 2.19k | } |
789 | 1.63k | if (blob_ptr == NULL || blob_len == 0) { |
790 | 2 | fido_log_debug("%s: invalid blob_ptr=%p, blob_len=%zu", __func__, |
791 | 2 | (const void *)blob_ptr, blob_len); |
792 | 2 | return FIDO_ERR_INVALID_ARGUMENT; |
793 | 2 | } |
794 | 1.63k | if (fido_blob_set(&key, key_ptr, key_len) < 0 || |
795 | 1.63k | fido_blob_set(&body, blob_ptr, blob_len) < 0) { |
796 | 3 | fido_log_debug("%s: fido_blob_set", __func__); |
797 | 3 | r = FIDO_ERR_INTERNAL; |
798 | 3 | goto fail; |
799 | 3 | } |
800 | 1.63k | if ((item = largeblob_encode(&body, &key)) == NULL) { |
801 | 417 | fido_log_debug("%s: largeblob_encode", __func__); |
802 | 417 | r = FIDO_ERR_INTERNAL; |
803 | 417 | goto fail; |
804 | 417 | } |
805 | 1.21k | if ((r = largeblob_add(dev, &key, item, pin, &ms)) != FIDO_OK) |
806 | 1.21k | fido_log_debug("%s: largeblob_add", __func__); |
807 | 1.63k | fail: |
808 | 1.63k | if (item != NULL) |
809 | 1.21k | cbor_decref(&item); |
810 | | |
811 | 1.63k | fido_blob_reset(&key); |
812 | 1.63k | fido_blob_reset(&body); |
813 | | |
814 | 1.63k | return r; |
815 | 1.21k | } |
816 | | |
817 | | int |
818 | | fido_dev_largeblob_remove(fido_dev_t *dev, const unsigned char *key_ptr, |
819 | | size_t key_len, const char *pin) |
820 | 3.01k | { |
821 | 3.01k | fido_blob_t key; |
822 | 3.01k | int ms = dev->timeout_ms; |
823 | 3.01k | int r; |
824 | | |
825 | 3.01k | memset(&key, 0, sizeof(key)); |
826 | | |
827 | 3.01k | if (key_len != 32) { |
828 | 2.19k | fido_log_debug("%s: invalid key len %zu", __func__, key_len); |
829 | 2.19k | return FIDO_ERR_INVALID_ARGUMENT; |
830 | 2.19k | } |
831 | 821 | if (fido_blob_set(&key, key_ptr, key_len) < 0) { |
832 | 4 | fido_log_debug("%s: fido_blob_set", __func__); |
833 | 4 | return FIDO_ERR_INTERNAL; |
834 | 4 | } |
835 | 817 | if ((r = largeblob_drop(dev, &key, pin, &ms)) != FIDO_OK) |
836 | 814 | fido_log_debug("%s: largeblob_drop", __func__); |
837 | | |
838 | 817 | fido_blob_reset(&key); |
839 | | |
840 | 817 | return r; |
841 | 821 | } |
842 | | |
843 | | int |
844 | | fido_dev_largeblob_get_array(fido_dev_t *dev, unsigned char **cbor_ptr, |
845 | | size_t *cbor_len) |
846 | 639 | { |
847 | 639 | cbor_item_t *item = NULL; |
848 | 639 | fido_blob_t cbor; |
849 | 639 | int ms = dev->timeout_ms; |
850 | 639 | int r; |
851 | | |
852 | 639 | memset(&cbor, 0, sizeof(cbor)); |
853 | | |
854 | 639 | if (cbor_ptr == NULL || cbor_len == NULL) { |
855 | 0 | fido_log_debug("%s: invalid cbor_ptr=%p, cbor_len=%p", __func__, |
856 | 0 | (const void *)cbor_ptr, (const void *)cbor_len); |
857 | 0 | return FIDO_ERR_INVALID_ARGUMENT; |
858 | 0 | } |
859 | 639 | *cbor_ptr = NULL; |
860 | 639 | *cbor_len = 0; |
861 | 639 | if ((r = largeblob_get_array(dev, &item, &ms)) != FIDO_OK) { |
862 | 624 | fido_log_debug("%s: largeblob_get_array", __func__); |
863 | 624 | return r; |
864 | 624 | } |
865 | 15 | if (fido_blob_serialise(&cbor, item) < 0) { |
866 | 1 | fido_log_debug("%s: fido_blob_serialise", __func__); |
867 | 1 | r = FIDO_ERR_INTERNAL; |
868 | 14 | } else { |
869 | 14 | *cbor_ptr = cbor.ptr; |
870 | 14 | *cbor_len = cbor.len; |
871 | 14 | } |
872 | | |
873 | 15 | cbor_decref(&item); |
874 | | |
875 | 15 | return r; |
876 | 639 | } |
877 | | |
878 | | int |
879 | | fido_dev_largeblob_set_array(fido_dev_t *dev, const unsigned char *cbor_ptr, |
880 | | size_t cbor_len, const char *pin) |
881 | 3.26k | { |
882 | 3.26k | cbor_item_t *item = NULL; |
883 | 3.26k | struct cbor_load_result cbor_result; |
884 | 3.26k | int ms = dev->timeout_ms; |
885 | 3.26k | int r; |
886 | | |
887 | 3.26k | if (cbor_ptr == NULL || cbor_len == 0) { |
888 | 3 | fido_log_debug("%s: invalid cbor_ptr=%p, cbor_len=%zu", __func__, |
889 | 3 | (const void *)cbor_ptr, cbor_len); |
890 | 3 | return FIDO_ERR_INVALID_ARGUMENT; |
891 | 3 | } |
892 | 3.26k | if ((item = cbor_load(cbor_ptr, cbor_len, &cbor_result)) == NULL) { |
893 | 1.64k | fido_log_debug("%s: cbor_load", __func__); |
894 | 1.64k | return FIDO_ERR_INVALID_ARGUMENT; |
895 | 1.64k | } |
896 | 1.61k | if ((r = largeblob_set_array(dev, item, pin, &ms)) != FIDO_OK) |
897 | 1.61k | fido_log_debug("%s: largeblob_set_array", __func__); |
898 | | |
899 | 1.61k | cbor_decref(&item); |
900 | | |
901 | 1.61k | return r; |
902 | 3.26k | } |