Skip to content

Commit

Permalink
Merge pull request #232 from solokeys/windows_hello_error_codes
Browse files Browse the repository at this point in the history
Windows hello response codes
  • Loading branch information
conorpp authored Jul 29, 2019
2 parents 2af747d + 690d7c7 commit d4e6142
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 20 deletions.
23 changes: 13 additions & 10 deletions fido2/ctap.c
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,12 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
return sizeof(CredentialId);
}

static int ctap2_user_presence_test()
{
device_set_status(CTAPHID_STATUS_UPNEEDED);
return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
}

static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
{
CborEncoder cose_key;
Expand Down Expand Up @@ -459,11 +465,9 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au

count = auth_data_update_count(&authData->head);

device_set_status(CTAPHID_STATUS_UPNEEDED);

int but;

but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);

if (!but)
{
Expand All @@ -473,6 +477,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
{
return CTAP2_ERR_KEEPALIVE_CANCEL;
}

device_set_status(CTAPHID_STATUS_PROCESSING);

authData->head.flags = (but << 0);
Expand Down Expand Up @@ -700,11 +705,11 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
}
if (MC.pinAuthEmpty)
{
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
}
if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
{
Expand Down Expand Up @@ -1136,11 +1141,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

if (GA.pinAuthEmpty)
{
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
}
if (GA.pinAuthPresent)
{
Expand Down Expand Up @@ -1603,7 +1608,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
switch(cmd)
{
case CTAP_MAKE_CREDENTIAL:
device_set_status(CTAPHID_STATUS_PROCESSING);
printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n");
timestamp();
status = ctap_make_credential(&encoder, pkt_raw, length);
Expand All @@ -1614,7 +1618,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)

break;
case CTAP_GET_ASSERTION:
device_set_status(CTAPHID_STATUS_PROCESSING);
printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n");
timestamp();
status = ctap_get_assertion(&encoder, pkt_raw, length);
Expand Down Expand Up @@ -1646,7 +1649,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break;
case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n");
if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{
ctap_reset();
}
Expand Down
26 changes: 16 additions & 10 deletions tools/testing/tests/fido2.py
Original file line number Diff line number Diff line change
Expand Up @@ -1134,7 +1134,10 @@ def test_client_pin(self,):
rp["id"],
cdh,
other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_NOT_SET,
expectedError=[
CtapError.ERR.PIN_AUTH_INVALID,
CtapError.ERR.NO_CREDENTIALS,
],
)

with Test("Setting pin code, expect SUCCESS"):
Expand All @@ -1148,14 +1151,17 @@ def test_client_pin(self,):
user,
key_params,
other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_INVALID,
expectedError=CtapError.ERR.PIN_AUTH_INVALID,
)
self.testGA(
"Send MC request with new pin auth",
rp["id"],
cdh,
other={"pin_auth": b"", "pin_protocol": pin_protocol},
expectedError=CtapError.ERR.PIN_INVALID,
expectedError=[
CtapError.ERR.PIN_AUTH_INVALID,
CtapError.ERR.NO_CREDENTIALS,
],
)

self.testReset()
Expand Down Expand Up @@ -1311,13 +1317,13 @@ def test_fido2(self,):

self.testReset()

self.test_get_info()

self.test_get_assertion()

self.test_make_credential()

self.test_rk(None)
# self.test_get_info()
#
# self.test_get_assertion()
#
# self.test_make_credential()
#
# self.test_rk(None)

self.test_client_pin()

Expand Down

0 comments on commit d4e6142

Please sign in to comment.