Coverage Report

Created: 2024-06-03 09:43

/libfido2/src/assert.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2018-2023 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 * SPDX-License-Identifier: BSD-2-Clause
6
 */
7
8
#include <openssl/sha.h>
9
10
#include "fido.h"
11
#include "fido/es256.h"
12
#include "fido/rs256.h"
13
#include "fido/eddsa.h"
14
15
static int
16
adjust_assert_count(const cbor_item_t *key, const cbor_item_t *val, void *arg)
17
1.54k
{
18
1.54k
        fido_assert_t   *assert = arg;
19
1.54k
        uint64_t         n;
20
21
        /* numberOfCredentials; see section 6.2 */
22
1.54k
        if (cbor_isa_uint(key) == false ||
23
1.54k
            cbor_int_get_width(key) != CBOR_INT_8 ||
24
1.54k
            cbor_get_uint8(key) != 5) {
25
1.41k
                fido_log_debug("%s: cbor_type", __func__);
26
1.41k
                return (0); /* ignore */
27
1.41k
        }
28
29
138
        if (cbor_decode_uint64(val, &n) < 0 || n > SIZE_MAX) {
30
1
                fido_log_debug("%s: cbor_decode_uint64", __func__);
31
1
                return (-1);
32
1
        }
33
34
137
        if (assert->stmt_len != 0 || assert->stmt_cnt != 1 ||
35
137
            (size_t)n < assert->stmt_cnt) {
36
1
                fido_log_debug("%s: stmt_len=%zu, stmt_cnt=%zu, n=%zu",
37
1
                    __func__, assert->stmt_len, assert->stmt_cnt, (size_t)n);
38
1
                return (-1);
39
1
        }
40
41
136
        if (fido_assert_set_count(assert, (size_t)n) != FIDO_OK) {
42
31
                fido_log_debug("%s: fido_assert_set_count", __func__);
43
31
                return (-1);
44
31
        }
45
46
105
        assert->stmt_len = 0; /* XXX */
47
48
105
        return (0);
49
136
}
50
51
static int
52
parse_assert_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg)
53
2.46k
{
54
2.46k
        fido_assert_stmt *stmt = arg;
55
56
2.46k
        if (cbor_isa_uint(key) == false ||
57
2.46k
            cbor_int_get_width(key) != CBOR_INT_8) {
58
73
                fido_log_debug("%s: cbor type", __func__);
59
73
                return (0); /* ignore */
60
73
        }
61
62
2.38k
        switch (cbor_get_uint8(key)) {
63
645
        case 1: /* credential id */
64
645
                return (cbor_decode_cred_id(val, &stmt->id));
65
590
        case 2: /* authdata */
66
590
                if (fido_blob_decode(val, &stmt->authdata_raw) < 0) {
67
4
                        fido_log_debug("%s: fido_blob_decode", __func__);
68
4
                        return (-1);
69
4
                }
70
586
                return (cbor_decode_assert_authdata(val, &stmt->authdata_cbor,
71
586
                    &stmt->authdata, &stmt->authdata_ext));
72
560
        case 3: /* signature */
73
560
                return (fido_blob_decode(val, &stmt->sig));
74
455
        case 4: /* user attributes */
75
455
                return (cbor_decode_user(val, &stmt->user));
76
1
        case 7: /* large blob key */
77
1
                return (fido_blob_decode(val, &stmt->largeblob_key));
78
138
        default: /* ignore */
79
138
                fido_log_debug("%s: cbor type", __func__);
80
138
                return (0);
81
2.38k
        }
82
2.38k
}
83
84
static int
85
fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert,
86
    const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int *ms)
87
893
{
88
893
        fido_blob_t      f;
89
893
        fido_opt_t       uv = assert->uv;
90
893
        cbor_item_t     *argv[7];
91
893
        const uint8_t    cmd = CTAP_CBOR_ASSERT;
92
893
        int              r;
93
94
893
        memset(argv, 0, sizeof(argv));
95
893
        memset(&f, 0, sizeof(f));
96
97
        /* do we have everything we need? */
98
893
        if (assert->rp_id == NULL || assert->cdh.ptr == NULL) {
99
0
                fido_log_debug("%s: rp_id=%p, cdh.ptr=%p", __func__,
100
0
                    (void *)assert->rp_id, (void *)assert->cdh.ptr);
101
0
                r = FIDO_ERR_INVALID_ARGUMENT;
102
0
                goto fail;
103
0
        }
104
105
893
        if ((argv[0] = cbor_build_string(assert->rp_id)) == NULL ||
106
893
            (argv[1] = fido_blob_encode(&assert->cdh)) == NULL) {
107
5
                fido_log_debug("%s: cbor encode", __func__);
108
5
                r = FIDO_ERR_INTERNAL;
109
5
                goto fail;
110
5
        }
111
112
        /* allowed credentials */
113
888
        if (assert->allow_list.len) {
114
489
                const fido_blob_array_t *cl = &assert->allow_list;
115
489
                if ((argv[2] = cbor_encode_pubkey_list(cl)) == NULL) {
116
65
                        fido_log_debug("%s: cbor_encode_pubkey_list", __func__);
117
65
                        r = FIDO_ERR_INTERNAL;
118
65
                        goto fail;
119
65
                }
120
489
        }
121
122
823
        if (assert->ext.mask)
123
424
                if ((argv[3] = cbor_encode_assert_ext(dev, &assert->ext, ecdh,
124
424
                    pk)) == NULL) {
125
38
                        fido_log_debug("%s: cbor_encode_assert_ext", __func__);
126
38
                        r = FIDO_ERR_INTERNAL;
127
38
                        goto fail;
128
38
                }
129
130
        /* user verification */
131
785
        if (pin != NULL || (uv == FIDO_OPT_TRUE &&
132
494
            fido_dev_supports_permissions(dev))) {
133
302
                if ((r = cbor_add_uv_params(dev, cmd, &assert->cdh, pk, ecdh,
134
302
                    pin, assert->rp_id, &argv[5], &argv[6], ms)) != FIDO_OK) {
135
96
                        fido_log_debug("%s: cbor_add_uv_params", __func__);
136
96
                        goto fail;
137
96
                }
138
206
                uv = FIDO_OPT_OMIT;
139
206
        }
140
141
        /* options */
142
689
        if (assert->up != FIDO_OPT_OMIT || uv != FIDO_OPT_OMIT)
143
277
                if ((argv[4] = cbor_encode_assert_opt(assert->up, uv)) == NULL) {
144
5
                        fido_log_debug("%s: cbor_encode_assert_opt", __func__);
145
5
                        r = FIDO_ERR_INTERNAL;
146
5
                        goto fail;
147
5
                }
148
149
        /* frame and transmit */
150
684
        if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 ||
151
684
            fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) {
152
137
                fido_log_debug("%s: fido_tx", __func__);
153
137
                r = FIDO_ERR_TX;
154
137
                goto fail;
155
137
        }
156
157
547
        r = FIDO_OK;
158
893
fail:
159
893
        cbor_vector_free(argv, nitems(argv));
160
893
        free(f.ptr);
161
162
893
        return (r);
163
547
}
164
165
static int
166
fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms)
167
547
{
168
547
        unsigned char   *msg;
169
547
        int              msglen;
170
547
        int              r;
171
172
547
        fido_assert_reset_rx(assert);
173
174
547
        if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
175
2
                r = FIDO_ERR_INTERNAL;
176
2
                goto out;
177
2
        }
178
179
545
        if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
180
49
                fido_log_debug("%s: fido_rx", __func__);
181
49
                r = FIDO_ERR_RX;
182
49
                goto out;
183
49
        }
184
185
        /* start with room for a single assertion */
186
496
        if ((assert->stmt = calloc(1, sizeof(fido_assert_stmt))) == NULL) {
187
1
                r = FIDO_ERR_INTERNAL;
188
1
                goto out;
189
1
        }
190
495
        assert->stmt_len = 0;
191
495
        assert->stmt_cnt = 1;
192
193
        /* adjust as needed */
194
495
        if ((r = cbor_parse_reply(msg, (size_t)msglen, assert,
195
495
            adjust_assert_count)) != FIDO_OK) {
196
82
                fido_log_debug("%s: adjust_assert_count", __func__);
197
82
                goto out;
198
82
        }
199
200
        /* parse the first assertion */
201
413
        if ((r = cbor_parse_reply(msg, (size_t)msglen, &assert->stmt[0],
202
413
            parse_assert_reply)) != FIDO_OK) {
203
32
                fido_log_debug("%s: parse_assert_reply", __func__);
204
32
                goto out;
205
32
        }
206
381
        assert->stmt_len = 1;
207
208
381
        r = FIDO_OK;
209
547
out:
210
547
        freezero(msg, FIDO_MAXMSG);
211
212
547
        return (r);
213
381
}
214
215
static int
216
fido_get_next_assert_tx(fido_dev_t *dev, int *ms)
217
308
{
218
308
        const unsigned char cbor[] = { CTAP_CBOR_NEXT_ASSERT };
219
220
308
        if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor), ms) < 0) {
221
4
                fido_log_debug("%s: fido_tx", __func__);
222
4
                return (FIDO_ERR_TX);
223
4
        }
224
225
304
        return (FIDO_OK);
226
308
}
227
228
static int
229
fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms)
230
304
{
231
304
        unsigned char   *msg;
232
304
        int              msglen;
233
304
        int              r;
234
235
304
        if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
236
1
                r = FIDO_ERR_INTERNAL;
237
1
                goto out;
238
1
        }
239
240
303
        if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
241
16
                fido_log_debug("%s: fido_rx", __func__);
242
16
                r = FIDO_ERR_RX;
243
16
                goto out;
244
16
        }
245
246
        /* sanity check */
247
287
        if (assert->stmt_len >= assert->stmt_cnt) {
248
0
                fido_log_debug("%s: stmt_len=%zu, stmt_cnt=%zu", __func__,
249
0
                    assert->stmt_len, assert->stmt_cnt);
250
0
                r = FIDO_ERR_INTERNAL;
251
0
                goto out;
252
0
        }
253
254
287
        if ((r = cbor_parse_reply(msg, (size_t)msglen,
255
287
            &assert->stmt[assert->stmt_len], parse_assert_reply)) != FIDO_OK) {
256
32
                fido_log_debug("%s: parse_assert_reply", __func__);
257
32
                goto out;
258
32
        }
259
260
255
        r = FIDO_OK;
261
304
out:
262
304
        freezero(msg, FIDO_MAXMSG);
263
264
304
        return (r);
265
255
}
266
267
static int
268
fido_dev_get_assert_wait(fido_dev_t *dev, fido_assert_t *assert,
269
    const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int *ms)
270
893
{
271
893
        int r;
272
273
893
        if ((r = fido_dev_get_assert_tx(dev, assert, pk, ecdh, pin,
274
893
            ms)) != FIDO_OK ||
275
893
            (r = fido_dev_get_assert_rx(dev, assert, ms)) != FIDO_OK)
276
512
                return (r);
277
278
636
        while (assert->stmt_len < assert->stmt_cnt) {
279
308
                if ((r = fido_get_next_assert_tx(dev, ms)) != FIDO_OK ||
280
308
                    (r = fido_get_next_assert_rx(dev, assert, ms)) != FIDO_OK)
281
53
                        return (r);
282
255
                assert->stmt_len++;
283
255
        }
284
285
328
        return (FIDO_OK);
286
381
}
287
288
static int
289
decrypt_hmac_secrets(const fido_dev_t *dev, fido_assert_t *assert,
290
    const fido_blob_t *key)
291
40
{
292
122
        for (size_t i = 0; i < assert->stmt_cnt; i++) {
293
93
                fido_assert_stmt *stmt = &assert->stmt[i];
294
93
                if (stmt->authdata_ext.hmac_secret_enc.ptr != NULL) {
295
48
                        if (aes256_cbc_dec(dev, key,
296
48
                            &stmt->authdata_ext.hmac_secret_enc,
297
48
                            &stmt->hmac_secret) < 0) {
298
11
                                fido_log_debug("%s: aes256_cbc_dec %zu",
299
11
                                    __func__, i);
300
11
                                return (-1);
301
11
                        }
302
48
                }
303
93
        }
304
305
29
        return (0);
306
40
}
307
308
int
309
fido_dev_get_assert(fido_dev_t *dev, fido_assert_t *assert, const char *pin)
310
2.48k
{
311
2.48k
        fido_blob_t     *ecdh = NULL;
312
2.48k
        es256_pk_t      *pk = NULL;
313
2.48k
        int              ms = dev->timeout_ms;
314
2.48k
        int              r;
315
316
#ifdef USE_WINHELLO
317
        if (dev->flags & FIDO_DEV_WINHELLO)
318
                return (fido_winhello_get_assert(dev, assert, pin, ms));
319
#endif
320
321
2.48k
        if (assert->rp_id == NULL || assert->cdh.ptr == NULL) {
322
11
                fido_log_debug("%s: rp_id=%p, cdh.ptr=%p", __func__,
323
11
                    (void *)assert->rp_id, (void *)assert->cdh.ptr);
324
11
                return (FIDO_ERR_INVALID_ARGUMENT);
325
11
        }
326
327
2.47k
        if (fido_dev_is_fido2(dev) == false) {
328
1.31k
                if (pin != NULL || assert->ext.mask != 0)
329
392
                        return (FIDO_ERR_UNSUPPORTED_OPTION);
330
918
                return (u2f_authenticate(dev, assert, &ms));
331
1.31k
        }
332
333
1.16k
        if (pin != NULL || (assert->uv == FIDO_OPT_TRUE &&
334
638
            fido_dev_supports_permissions(dev)) ||
335
1.16k
            (assert->ext.mask & FIDO_EXT_HMAC_SECRET)) {
336
695
                if ((r = fido_do_ecdh(dev, &pk, &ecdh, &ms)) != FIDO_OK) {
337
269
                        fido_log_debug("%s: fido_do_ecdh", __func__);
338
269
                        goto fail;
339
269
                }
340
695
        }
341
342
893
        r = fido_dev_get_assert_wait(dev, assert, pk, ecdh, pin, &ms);
343
893
        if (r == FIDO_OK && (assert->ext.mask & FIDO_EXT_HMAC_SECRET))
344
40
                if (decrypt_hmac_secrets(dev, assert, ecdh) < 0) {
345
11
                        fido_log_debug("%s: decrypt_hmac_secrets", __func__);
346
11
                        r = FIDO_ERR_INTERNAL;
347
11
                        goto fail;
348
11
                }
349
350
1.16k
fail:
351
1.16k
        es256_pk_free(&pk);
352
1.16k
        fido_blob_free(&ecdh);
353
354
1.16k
        return (r);
355
893
}
356
357
int
358
fido_check_flags(uint8_t flags, fido_opt_t up, fido_opt_t uv)
359
2.92k
{
360
2.92k
        fido_log_debug("%s: flags=%02x", __func__, flags);
361
2.92k
        fido_log_debug("%s: up=%d, uv=%d", __func__, up, uv);
362
363
2.92k
        if (up == FIDO_OPT_TRUE &&
364
2.92k
            (flags & CTAP_AUTHDATA_USER_PRESENT) == 0) {
365
22
                fido_log_debug("%s: CTAP_AUTHDATA_USER_PRESENT", __func__);
366
22
                return (-1); /* user not present */
367
22
        }
368
369
2.90k
        if (uv == FIDO_OPT_TRUE &&
370
2.90k
            (flags & CTAP_AUTHDATA_USER_VERIFIED) == 0) {
371
23
                fido_log_debug("%s: CTAP_AUTHDATA_USER_VERIFIED", __func__);
372
23
                return (-1); /* user not verified */
373
23
        }
374
375
2.87k
        return (0);
376
2.90k
}
377
378
static int
379
check_extensions(int authdata_ext, int ext)
380
986
{
381
        /* XXX: largeBlobKey is not part of extensions map */
382
986
        ext &= ~FIDO_EXT_LARGEBLOB_KEY;
383
986
        if (authdata_ext != ext) {
384
59
                fido_log_debug("%s: authdata_ext=0x%x != ext=0x%x", __func__,
385
59
                    authdata_ext, ext);
386
59
                return (-1);
387
59
        }
388
389
927
        return (0);
390
986
}
391
392
static int
393
get_es256_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
394
    const fido_blob_t *authdata)
395
1.52k
{
396
1.52k
        const EVP_MD    *md;
397
1.52k
        EVP_MD_CTX      *ctx = NULL;
398
399
1.52k
        if (dgst->len < SHA256_DIGEST_LENGTH ||
400
1.52k
            (md = EVP_sha256()) == NULL ||
401
1.52k
            (ctx = EVP_MD_CTX_new()) == NULL ||
402
1.52k
            EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
403
1.52k
            EVP_DigestUpdate(ctx, authdata->ptr, authdata->len) != 1 ||
404
1.52k
            EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
405
1.52k
            EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
406
33
                EVP_MD_CTX_free(ctx);
407
33
                return (-1);
408
33
        }
409
1.49k
        dgst->len = SHA256_DIGEST_LENGTH;
410
411
1.49k
        EVP_MD_CTX_free(ctx);
412
413
1.49k
        return (0);
414
1.52k
}
415
416
static int
417
get_es384_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
418
    const fido_blob_t *authdata)
419
575
{
420
575
        const EVP_MD    *md;
421
575
        EVP_MD_CTX      *ctx = NULL;
422
423
575
        if (dgst->len < SHA384_DIGEST_LENGTH ||
424
575
            (md = EVP_sha384()) == NULL ||
425
575
            (ctx = EVP_MD_CTX_new()) == NULL ||
426
575
            EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
427
575
            EVP_DigestUpdate(ctx, authdata->ptr, authdata->len) != 1 ||
428
575
            EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
429
575
            EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
430
23
                EVP_MD_CTX_free(ctx);
431
23
                return (-1);
432
23
        }
433
552
        dgst->len = SHA384_DIGEST_LENGTH;
434
435
552
        EVP_MD_CTX_free(ctx);
436
437
552
        return (0);
438
575
}
439
440
static int
441
get_eddsa_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
442
    const fido_blob_t *authdata)
443
206
{
444
206
        if (SIZE_MAX - authdata->len < clientdata->len ||
445
206
            dgst->len < authdata->len + clientdata->len)
446
12
                return (-1);
447
448
194
        memcpy(dgst->ptr, authdata->ptr, authdata->len);
449
194
        memcpy(dgst->ptr + authdata->len, clientdata->ptr, clientdata->len);
450
194
        dgst->len = authdata->len + clientdata->len;
451
452
194
        return (0);
453
206
}
454
455
int
456
fido_get_signed_hash(int cose_alg, fido_blob_t *dgst,
457
    const fido_blob_t *clientdata, const fido_blob_t *authdata_cbor)
458
2.31k
{
459
2.31k
        cbor_item_t             *item = NULL;
460
2.31k
        fido_blob_t              authdata;
461
2.31k
        struct cbor_load_result  cbor;
462
2.31k
        int                      ok = -1;
463
464
2.31k
        fido_log_debug("%s: cose_alg=%d", __func__, cose_alg);
465
466
2.31k
        if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len,
467
2.31k
            &cbor)) == NULL || cbor_isa_bytestring(item) == false ||
468
2.31k
            cbor_bytestring_is_definite(item) == false) {
469
8
                fido_log_debug("%s: authdata", __func__);
470
8
                goto fail;
471
8
        }
472
2.30k
        authdata.ptr = cbor_bytestring_handle(item);
473
2.30k
        authdata.len = cbor_bytestring_length(item);
474
475
2.30k
        switch (cose_alg) {
476
1.38k
        case COSE_ES256:
477
1.52k
        case COSE_RS256:
478
1.52k
                ok = get_es256_hash(dgst, clientdata, &authdata);
479
1.52k
                break;
480
575
        case COSE_ES384:
481
575
                ok = get_es384_hash(dgst, clientdata, &authdata);
482
575
                break;
483
206
        case COSE_EDDSA:
484
206
                ok = get_eddsa_hash(dgst, clientdata, &authdata);
485
206
                break;
486
0
        default:
487
0
                fido_log_debug("%s: unknown cose_alg", __func__);
488
0
                break;
489
2.30k
        }
490
2.31k
fail:
491
2.31k
        if (item != NULL)
492
2.30k
                cbor_decref(&item);
493
494
2.31k
        return (ok);
495
2.30k
}
496
497
int
498
fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg,
499
    const void *pk)
500
57.8k
{
501
57.8k
        unsigned char            buf[1024]; /* XXX */
502
57.8k
        fido_blob_t              dgst;
503
57.8k
        const fido_assert_stmt  *stmt = NULL;
504
57.8k
        int                      ok = -1;
505
57.8k
        int                      r;
506
507
57.8k
        dgst.ptr = buf;
508
57.8k
        dgst.len = sizeof(buf);
509
510
57.8k
        if (idx >= assert->stmt_len || pk == NULL) {
511
158
                r = FIDO_ERR_INVALID_ARGUMENT;
512
158
                goto out;
513
158
        }
514
515
57.6k
        stmt = &assert->stmt[idx];
516
517
        /* do we have everything we need? */
518
57.6k
        if (assert->cdh.ptr == NULL || assert->rp_id == NULL ||
519
57.6k
            stmt->authdata_cbor.ptr == NULL || stmt->sig.ptr == NULL) {
520
56.6k
                fido_log_debug("%s: cdh=%p, rp_id=%s, authdata=%p, sig=%p",
521
56.6k
                    __func__, (void *)assert->cdh.ptr, assert->rp_id,
522
56.6k
                    (void *)stmt->authdata_cbor.ptr, (void *)stmt->sig.ptr);
523
56.6k
                r = FIDO_ERR_INVALID_ARGUMENT;
524
56.6k
                goto out;
525
56.6k
        }
526
527
1.02k
        if (fido_check_flags(stmt->authdata.flags, assert->up,
528
1.02k
            assert->uv) < 0) {
529
41
                fido_log_debug("%s: fido_check_flags", __func__);
530
41
                r = FIDO_ERR_INVALID_PARAM;
531
41
                goto out;
532
41
        }
533
534
986
        if (check_extensions(stmt->authdata_ext.mask, assert->ext.mask) < 0) {
535
59
                fido_log_debug("%s: check_extensions", __func__);
536
59
                r = FIDO_ERR_INVALID_PARAM;
537
59
                goto out;
538
59
        }
539
540
927
        if (fido_check_rp_id(assert->rp_id, stmt->authdata.rp_id_hash) != 0) {
541
84
                fido_log_debug("%s: fido_check_rp_id", __func__);
542
84
                r = FIDO_ERR_INVALID_PARAM;
543
84
                goto out;
544
84
        }
545
546
843
        if (fido_get_signed_hash(cose_alg, &dgst, &assert->cdh,
547
843
            &stmt->authdata_cbor) < 0) {
548
51
                fido_log_debug("%s: fido_get_signed_hash", __func__);
549
51
                r = FIDO_ERR_INTERNAL;
550
51
                goto out;
551
51
        }
552
553
792
        switch (cose_alg) {
554
96
        case COSE_ES256:
555
96
                ok = es256_pk_verify_sig(&dgst, pk, &stmt->sig);
556
96
                break;
557
487
        case COSE_ES384:
558
487
                ok = es384_pk_verify_sig(&dgst, pk, &stmt->sig);
559
487
                break;
560
94
        case COSE_RS256:
561
94
                ok = rs256_pk_verify_sig(&dgst, pk, &stmt->sig);
562
94
                break;
563
115
        case COSE_EDDSA:
564
115
                ok = eddsa_pk_verify_sig(&dgst, pk, &stmt->sig);
565
115
                break;
566
0
        default:
567
0
                fido_log_debug("%s: unsupported cose_alg %d", __func__,
568
0
                    cose_alg);
569
0
                r = FIDO_ERR_UNSUPPORTED_OPTION;
570
0
                goto out;
571
792
        }
572
573
792
        if (ok < 0)
574
792
                r = FIDO_ERR_INVALID_SIG;
575
0
        else
576
0
                r = FIDO_OK;
577
57.8k
out:
578
57.8k
        explicit_bzero(buf, sizeof(buf));
579
580
57.8k
        return (r);
581
792
}
582
583
int
584
fido_assert_set_clientdata(fido_assert_t *assert, const unsigned char *data,
585
    size_t data_len)
586
0
{
587
0
        if (!fido_blob_is_empty(&assert->cdh) ||
588
0
            fido_blob_set(&assert->cd, data, data_len) < 0) {
589
0
                return (FIDO_ERR_INVALID_ARGUMENT);
590
0
        }
591
0
        if (fido_sha256(&assert->cdh, data, data_len) < 0) {
592
0
                fido_blob_reset(&assert->cd);
593
0
                return (FIDO_ERR_INTERNAL);
594
0
        }
595
596
0
        return (FIDO_OK);
597
0
}
598
599
int
600
fido_assert_set_clientdata_hash(fido_assert_t *assert,
601
    const unsigned char *hash, size_t hash_len)
602
62.7k
{
603
62.7k
        if (!fido_blob_is_empty(&assert->cd) ||
604
62.7k
            fido_blob_set(&assert->cdh, hash, hash_len) < 0)
605
1.00k
                return (FIDO_ERR_INVALID_ARGUMENT);
606
607
61.7k
        return (FIDO_OK);
608
62.7k
}
609
610
int
611
fido_assert_set_hmac_salt(fido_assert_t *assert, const unsigned char *salt,
612
    size_t salt_len)
613
4.96k
{
614
4.96k
        if ((salt_len != 32 && salt_len != 64) ||
615
4.96k
            fido_blob_set(&assert->ext.hmac_salt, salt, salt_len) < 0)
616
4.70k
                return (FIDO_ERR_INVALID_ARGUMENT);
617
618
265
        return (FIDO_OK);
619
4.96k
}
620
621
int
622
fido_assert_set_hmac_secret(fido_assert_t *assert, size_t idx,
623
    const unsigned char *secret, size_t secret_len)
624
0
{
625
0
        if (idx >= assert->stmt_len || (secret_len != 32 && secret_len != 64) ||
626
0
            fido_blob_set(&assert->stmt[idx].hmac_secret, secret,
627
0
            secret_len) < 0)
628
0
                return (FIDO_ERR_INVALID_ARGUMENT);
629
630
0
        return (FIDO_OK);
631
0
}
632
633
int
634
fido_assert_set_rp(fido_assert_t *assert, const char *id)
635
62.7k
{
636
62.7k
        if (assert->rp_id != NULL) {
637
2.47k
                free(assert->rp_id);
638
2.47k
                assert->rp_id = NULL;
639
2.47k
        }
640
641
62.7k
        if (id == NULL)
642
839
                return (FIDO_ERR_INVALID_ARGUMENT);
643
644
61.9k
        if ((assert->rp_id = strdup(id)) == NULL)
645
156
                return (FIDO_ERR_INTERNAL);
646
647
61.8k
        return (FIDO_OK);
648
61.9k
}
649
650
#ifdef USE_WINHELLO
651
int
652
fido_assert_set_winhello_appid(fido_assert_t *assert, const char *id)
653
{
654
        if (assert->appid != NULL) {
655
                free(assert->appid);
656
                assert->appid = NULL;
657
        }
658
659
        if (id == NULL)
660
                return (FIDO_ERR_INVALID_ARGUMENT);
661
662
        if ((assert->appid = strdup(id)) == NULL)
663
                return (FIDO_ERR_INTERNAL);
664
665
        return (FIDO_OK);
666
}
667
#else
668
int
669
fido_assert_set_winhello_appid(fido_assert_t *assert, const char *id)
670
0
{
671
0
        (void)assert;
672
0
        (void)id;
673
674
0
        return (FIDO_ERR_UNSUPPORTED_EXTENSION);
675
0
}
676
#endif /* USE_WINHELLO */
677
678
int
679
fido_assert_allow_cred(fido_assert_t *assert, const unsigned char *ptr,
680
    size_t len)
681
116k
{
682
116k
        fido_blob_t      id;
683
116k
        fido_blob_t     *list_ptr;
684
116k
        int              r;
685
686
116k
        memset(&id, 0, sizeof(id));
687
688
116k
        if (assert->allow_list.len == SIZE_MAX) {
689
0
                r = FIDO_ERR_INVALID_ARGUMENT;
690
0
                goto fail;
691
0
        }
692
693
116k
        if (fido_blob_set(&id, ptr, len) < 0 || (list_ptr =
694
115k
            recallocarray(assert->allow_list.ptr, assert->allow_list.len,
695
115k
            assert->allow_list.len + 1, sizeof(fido_blob_t))) == NULL) {
696
902
                r = FIDO_ERR_INVALID_ARGUMENT;
697
902
                goto fail;
698
902
        }
699
700
115k
        list_ptr[assert->allow_list.len++] = id;
701
115k
        assert->allow_list.ptr = list_ptr;
702
703
115k
        return (FIDO_OK);
704
902
fail:
705
902
        free(id.ptr);
706
707
902
        return (r);
708
116k
}
709
710
int
711
fido_assert_empty_allow_list(fido_assert_t *assert)
712
61.1k
{
713
61.1k
        fido_free_blob_array(&assert->allow_list);
714
61.1k
        memset(&assert->allow_list, 0, sizeof(assert->allow_list));
715
716
61.1k
        return (FIDO_OK);
717
61.1k
}
718
719
int
720
fido_assert_set_extensions(fido_assert_t *assert, int ext)
721
59.4k
{
722
59.4k
        if (ext == 0)
723
2.49k
                assert->ext.mask = 0;
724
56.9k
        else {
725
56.9k
                if ((ext & FIDO_EXT_ASSERT_MASK) != ext)
726
55.1k
                        return (FIDO_ERR_INVALID_ARGUMENT);
727
1.75k
                assert->ext.mask |= ext;
728
1.75k
        }
729
730
4.25k
        return (FIDO_OK);
731
59.4k
}
732
733
int
734
fido_assert_set_options(fido_assert_t *assert, bool up, bool uv)
735
0
{
736
0
        assert->up = up ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
737
0
        assert->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
738
739
0
        return (FIDO_OK);
740
0
}
741
742
int
743
fido_assert_set_up(fido_assert_t *assert, fido_opt_t up)
744
35.7k
{
745
35.7k
        assert->up = up;
746
747
35.7k
        return (FIDO_OK);
748
35.7k
}
749
750
int
751
fido_assert_set_uv(fido_assert_t *assert, fido_opt_t uv)
752
1.93k
{
753
1.93k
        assert->uv = uv;
754
755
1.93k
        return (FIDO_OK);
756
1.93k
}
757
758
const unsigned char *
759
fido_assert_clientdata_hash_ptr(const fido_assert_t *assert)
760
58.0k
{
761
58.0k
        return (assert->cdh.ptr);
762
58.0k
}
763
764
size_t
765
fido_assert_clientdata_hash_len(const fido_assert_t *assert)
766
58.0k
{
767
58.0k
        return (assert->cdh.len);
768
58.0k
}
769
770
fido_assert_t *
771
fido_assert_new(void)
772
61.3k
{
773
61.3k
        return (calloc(1, sizeof(fido_assert_t)));
774
61.3k
}
775
776
void
777
fido_assert_reset_tx(fido_assert_t *assert)
778
61.1k
{
779
61.1k
        free(assert->rp_id);
780
61.1k
        free(assert->appid);
781
61.1k
        fido_blob_reset(&assert->cd);
782
61.1k
        fido_blob_reset(&assert->cdh);
783
61.1k
        fido_blob_reset(&assert->ext.hmac_salt);
784
61.1k
        fido_assert_empty_allow_list(assert);
785
61.1k
        memset(&assert->ext, 0, sizeof(assert->ext));
786
61.1k
        assert->rp_id = NULL;
787
61.1k
        assert->appid = NULL;
788
61.1k
        assert->up = FIDO_OPT_OMIT;
789
61.1k
        assert->uv = FIDO_OPT_OMIT;
790
61.1k
}
791
792
static void
793
fido_assert_reset_extattr(fido_assert_extattr_t *ext)
794
116k
{
795
116k
        fido_blob_reset(&ext->hmac_secret_enc);
796
116k
        fido_blob_reset(&ext->blob);
797
116k
        memset(ext, 0, sizeof(*ext));
798
116k
}
799
800
void
801
fido_assert_reset_rx(fido_assert_t *assert)
802
61.7k
{
803
174k
        for (size_t i = 0; i < assert->stmt_cnt; i++) {
804
112k
                free(assert->stmt[i].user.icon);
805
112k
                free(assert->stmt[i].user.name);
806
112k
                free(assert->stmt[i].user.display_name);
807
112k
                fido_blob_reset(&assert->stmt[i].user.id);
808
112k
                fido_blob_reset(&assert->stmt[i].id);
809
112k
                fido_blob_reset(&assert->stmt[i].hmac_secret);
810
112k
                fido_blob_reset(&assert->stmt[i].authdata_cbor);
811
112k
                fido_blob_reset(&assert->stmt[i].authdata_raw);
812
112k
                fido_blob_reset(&assert->stmt[i].largeblob_key);
813
112k
                fido_blob_reset(&assert->stmt[i].sig);
814
112k
                fido_assert_reset_extattr(&assert->stmt[i].authdata_ext);
815
112k
                memset(&assert->stmt[i], 0, sizeof(assert->stmt[i]));
816
112k
        }
817
61.7k
        free(assert->stmt);
818
61.7k
        assert->stmt = NULL;
819
61.7k
        assert->stmt_len = 0;
820
61.7k
        assert->stmt_cnt = 0;
821
61.7k
}
822
823
void
824
fido_assert_free(fido_assert_t **assert_p)
825
61.1k
{
826
61.1k
        fido_assert_t *assert;
827
828
61.1k
        if (assert_p == NULL || (assert = *assert_p) == NULL)
829
14
                return;
830
61.1k
        fido_assert_reset_tx(assert);
831
61.1k
        fido_assert_reset_rx(assert);
832
61.1k
        free(assert);
833
61.1k
        *assert_p = NULL;
834
61.1k
}
835
836
size_t
837
fido_assert_count(const fido_assert_t *assert)
838
61.3k
{
839
61.3k
        return (assert->stmt_len);
840
61.3k
}
841
842
const char *
843
fido_assert_rp_id(const fido_assert_t *assert)
844
58.0k
{
845
58.0k
        return (assert->rp_id);
846
58.0k
}
847
848
uint8_t
849
fido_assert_flags(const fido_assert_t *assert, size_t idx)
850
58.0k
{
851
58.0k
        if (idx >= assert->stmt_len)
852
3.32k
                return (0);
853
854
54.6k
        return (assert->stmt[idx].authdata.flags);
855
58.0k
}
856
857
uint32_t
858
fido_assert_sigcount(const fido_assert_t *assert, size_t idx)
859
58.0k
{
860
58.0k
        if (idx >= assert->stmt_len)
861
3.32k
                return (0);
862
863
54.6k
        return (assert->stmt[idx].authdata.sigcount);
864
58.0k
}
865
866
const unsigned char *
867
fido_assert_authdata_ptr(const fido_assert_t *assert, size_t idx)
868
58.0k
{
869
58.0k
        if (idx >= assert->stmt_len)
870
3.32k
                return (NULL);
871
872
54.6k
        return (assert->stmt[idx].authdata_cbor.ptr);
873
58.0k
}
874
875
size_t
876
fido_assert_authdata_len(const fido_assert_t *assert, size_t idx)
877
58.0k
{
878
58.0k
        if (idx >= assert->stmt_len)
879
3.32k
                return (0);
880
881
54.6k
        return (assert->stmt[idx].authdata_cbor.len);
882
58.0k
}
883
884
const unsigned char *
885
fido_assert_authdata_raw_ptr(const fido_assert_t *assert, size_t idx)
886
58.0k
{
887
58.0k
        if (idx >= assert->stmt_len)
888
3.32k
                return (NULL);
889
890
54.6k
        return (assert->stmt[idx].authdata_raw.ptr);
891
58.0k
}
892
893
size_t
894
fido_assert_authdata_raw_len(const fido_assert_t *assert, size_t idx)
895
58.0k
{
896
58.0k
        if (idx >= assert->stmt_len)
897
3.32k
                return (0);
898
899
54.6k
        return (assert->stmt[idx].authdata_raw.len);
900
58.0k
}
901
902
const unsigned char *
903
fido_assert_sig_ptr(const fido_assert_t *assert, size_t idx)
904
58.0k
{
905
58.0k
        if (idx >= assert->stmt_len)
906
3.32k
                return (NULL);
907
908
54.6k
        return (assert->stmt[idx].sig.ptr);
909
58.0k
}
910
911
size_t
912
fido_assert_sig_len(const fido_assert_t *assert, size_t idx)
913
58.0k
{
914
58.0k
        if (idx >= assert->stmt_len)
915
3.32k
                return (0);
916
917
54.6k
        return (assert->stmt[idx].sig.len);
918
58.0k
}
919
920
const unsigned char *
921
fido_assert_id_ptr(const fido_assert_t *assert, size_t idx)
922
58.0k
{
923
58.0k
        if (idx >= assert->stmt_len)
924
3.32k
                return (NULL);
925
926
54.6k
        return (assert->stmt[idx].id.ptr);
927
58.0k
}
928
929
size_t
930
fido_assert_id_len(const fido_assert_t *assert, size_t idx)
931
58.0k
{
932
58.0k
        if (idx >= assert->stmt_len)
933
3.32k
                return (0);
934
935
54.6k
        return (assert->stmt[idx].id.len);
936
58.0k
}
937
938
const unsigned char *
939
fido_assert_user_id_ptr(const fido_assert_t *assert, size_t idx)
940
58.0k
{
941
58.0k
        if (idx >= assert->stmt_len)
942
3.32k
                return (NULL);
943
944
54.6k
        return (assert->stmt[idx].user.id.ptr);
945
58.0k
}
946
947
size_t
948
fido_assert_user_id_len(const fido_assert_t *assert, size_t idx)
949
58.0k
{
950
58.0k
        if (idx >= assert->stmt_len)
951
3.32k
                return (0);
952
953
54.6k
        return (assert->stmt[idx].user.id.len);
954
58.0k
}
955
956
const char *
957
fido_assert_user_icon(const fido_assert_t *assert, size_t idx)
958
58.0k
{
959
58.0k
        if (idx >= assert->stmt_len)
960
3.32k
                return (NULL);
961
962
54.6k
        return (assert->stmt[idx].user.icon);
963
58.0k
}
964
965
const char *
966
fido_assert_user_name(const fido_assert_t *assert, size_t idx)
967
58.0k
{
968
58.0k
        if (idx >= assert->stmt_len)
969
3.32k
                return (NULL);
970
971
54.6k
        return (assert->stmt[idx].user.name);
972
58.0k
}
973
974
const char *
975
fido_assert_user_display_name(const fido_assert_t *assert, size_t idx)
976
58.0k
{
977
58.0k
        if (idx >= assert->stmt_len)
978
3.32k
                return (NULL);
979
980
54.6k
        return (assert->stmt[idx].user.display_name);
981
58.0k
}
982
983
const unsigned char *
984
fido_assert_hmac_secret_ptr(const fido_assert_t *assert, size_t idx)
985
58.0k
{
986
58.0k
        if (idx >= assert->stmt_len)
987
3.32k
                return (NULL);
988
989
54.6k
        return (assert->stmt[idx].hmac_secret.ptr);
990
58.0k
}
991
992
size_t
993
fido_assert_hmac_secret_len(const fido_assert_t *assert, size_t idx)
994
58.0k
{
995
58.0k
        if (idx >= assert->stmt_len)
996
3.32k
                return (0);
997
998
54.6k
        return (assert->stmt[idx].hmac_secret.len);
999
58.0k
}
1000
1001
const unsigned char *
1002
fido_assert_largeblob_key_ptr(const fido_assert_t *assert, size_t idx)
1003
58.0k
{
1004
58.0k
        if (idx >= assert->stmt_len)
1005
3.32k
                return (NULL);
1006
1007
54.6k
        return (assert->stmt[idx].largeblob_key.ptr);
1008
58.0k
}
1009
1010
size_t
1011
fido_assert_largeblob_key_len(const fido_assert_t *assert, size_t idx)
1012
58.0k
{
1013
58.0k
        if (idx >= assert->stmt_len)
1014
3.32k
                return (0);
1015
1016
54.6k
        return (assert->stmt[idx].largeblob_key.len);
1017
58.0k
}
1018
1019
const unsigned char *
1020
fido_assert_blob_ptr(const fido_assert_t *assert, size_t idx)
1021
58.0k
{
1022
58.0k
        if (idx >= assert->stmt_len)
1023
3.32k
                return (NULL);
1024
1025
54.6k
        return (assert->stmt[idx].authdata_ext.blob.ptr);
1026
58.0k
}
1027
1028
size_t
1029
fido_assert_blob_len(const fido_assert_t *assert, size_t idx)
1030
58.0k
{
1031
58.0k
        if (idx >= assert->stmt_len)
1032
3.32k
                return (0);
1033
1034
54.6k
        return (assert->stmt[idx].authdata_ext.blob.len);
1035
58.0k
}
1036
1037
static void
1038
fido_assert_clean_authdata(fido_assert_stmt *stmt)
1039
3.79k
{
1040
3.79k
        fido_blob_reset(&stmt->authdata_cbor);
1041
3.79k
        fido_blob_reset(&stmt->authdata_raw);
1042
3.79k
        fido_assert_reset_extattr(&stmt->authdata_ext);
1043
3.79k
        memset(&stmt->authdata, 0, sizeof(stmt->authdata));
1044
3.79k
}
1045
1046
int
1047
fido_assert_set_authdata(fido_assert_t *assert, size_t idx,
1048
    const unsigned char *ptr, size_t len)
1049
116k
{
1050
116k
        cbor_item_t             *item = NULL;
1051
116k
        fido_assert_stmt        *stmt = NULL;
1052
116k
        struct cbor_load_result  cbor;
1053
116k
        int                      r;
1054
1055
116k
        if (idx >= assert->stmt_len || ptr == NULL || len == 0)
1056
113k
                return (FIDO_ERR_INVALID_ARGUMENT);
1057
1058
2.98k
        stmt = &assert->stmt[idx];
1059
2.98k
        fido_assert_clean_authdata(stmt);
1060
1061
2.98k
        if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
1062
31
                fido_log_debug("%s: cbor_load", __func__);
1063
31
                r = FIDO_ERR_INVALID_ARGUMENT;
1064
31
                goto fail;
1065
31
        }
1066
1067
2.95k
        if (fido_blob_decode(item, &stmt->authdata_raw) < 0) {
1068
29
            fido_log_debug("%s: fido_blob_decode", __func__);
1069
29
            r = FIDO_ERR_INTERNAL;
1070
29
            goto fail;
1071
29
        }
1072
1073
2.92k
        if (cbor_decode_assert_authdata(item, &stmt->authdata_cbor,
1074
2.92k
            &stmt->authdata, &stmt->authdata_ext) < 0) {
1075
217
                fido_log_debug("%s: cbor_decode_assert_authdata", __func__);
1076
217
                r = FIDO_ERR_INVALID_ARGUMENT;
1077
217
                goto fail;
1078
217
        }
1079
1080
2.70k
        r = FIDO_OK;
1081
2.98k
fail:
1082
2.98k
        if (item != NULL)
1083
2.95k
                cbor_decref(&item);
1084
1085
2.98k
        if (r != FIDO_OK)
1086
277
                fido_assert_clean_authdata(stmt);
1087
1088
2.98k
        return (r);
1089
2.70k
}
1090
1091
int
1092
fido_assert_set_authdata_raw(fido_assert_t *assert, size_t idx,
1093
    const unsigned char *ptr, size_t len)
1094
113k
{
1095
113k
        cbor_item_t             *item = NULL;
1096
113k
        fido_assert_stmt        *stmt = NULL;
1097
113k
        int                      r;
1098
1099
113k
        if (idx >= assert->stmt_len || ptr == NULL || len == 0)
1100
113k
                return (FIDO_ERR_INVALID_ARGUMENT);
1101
1102
271
        stmt = &assert->stmt[idx];
1103
271
        fido_assert_clean_authdata(stmt);
1104
1105
271
        if (fido_blob_set(&stmt->authdata_raw, ptr, len) < 0) {
1106
2
                fido_log_debug("%s: fido_blob_set", __func__);
1107
2
                r = FIDO_ERR_INTERNAL;
1108
2
                goto fail;
1109
2
        }
1110
1111
269
        if ((item = cbor_build_bytestring(ptr, len)) == NULL) {
1112
2
                fido_log_debug("%s: cbor_build_bytestring", __func__);
1113
2
                r = FIDO_ERR_INTERNAL;
1114
2
                goto fail;
1115
2
        }
1116
1117
267
        if (cbor_decode_assert_authdata(item, &stmt->authdata_cbor,
1118
267
            &stmt->authdata, &stmt->authdata_ext) < 0) {
1119
261
                fido_log_debug("%s: cbor_decode_assert_authdata", __func__);
1120
261
                r = FIDO_ERR_INVALID_ARGUMENT;
1121
261
                goto fail;
1122
261
        }
1123
1124
6
        r = FIDO_OK;
1125
271
fail:
1126
271
        if (item != NULL)
1127
267
                cbor_decref(&item);
1128
1129
271
        if (r != FIDO_OK)
1130
265
                fido_assert_clean_authdata(stmt);
1131
1132
271
        return (r);
1133
6
}
1134
1135
int
1136
fido_assert_set_sig(fido_assert_t *a, size_t idx, const unsigned char *ptr,
1137
    size_t len)
1138
116k
{
1139
116k
        if (idx >= a->stmt_len || ptr == NULL || len == 0)
1140
113k
                return (FIDO_ERR_INVALID_ARGUMENT);
1141
2.94k
        if (fido_blob_set(&a->stmt[idx].sig, ptr, len) < 0)
1142
15
                return (FIDO_ERR_INTERNAL);
1143
1144
2.92k
        return (FIDO_OK);
1145
2.94k
}
1146
1147
/* XXX shrinking leaks memory; fortunately that shouldn't happen */
1148
int
1149
fido_assert_set_count(fido_assert_t *assert, size_t n)
1150
58.8k
{
1151
58.8k
        void *new_stmt;
1152
1153
58.8k
#ifdef FIDO_FUZZ
1154
58.8k
        if (n > UINT8_MAX) {
1155
31
                fido_log_debug("%s: n > UINT8_MAX", __func__);
1156
31
                return (FIDO_ERR_INTERNAL);
1157
31
        }
1158
58.7k
#endif
1159
1160
58.7k
        new_stmt = recallocarray(assert->stmt, assert->stmt_cnt, n,
1161
58.7k
            sizeof(fido_assert_stmt));
1162
58.7k
        if (new_stmt == NULL)
1163
159
                return (FIDO_ERR_INTERNAL);
1164
1165
58.6k
        assert->stmt = new_stmt;
1166
58.6k
        assert->stmt_cnt = n;
1167
58.6k
        assert->stmt_len = n;
1168
1169
58.6k
        return (FIDO_OK);
1170
58.7k
}