Lines Matching +full:y +full:- +full:rp
2 * Copyright (c) 2018-2022 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
5 * SPDX-License-Identifier: BSD-2-Clause
31 return (cbor_decode_fmt(val, &cred->fmt)); in parse_makecred_reply()
33 if (fido_blob_decode(val, &cred->authdata_raw) < 0) { in parse_makecred_reply()
35 return (-1); in parse_makecred_reply()
37 return (cbor_decode_cred_authdata(val, cred->type, in parse_makecred_reply()
38 &cred->authdata_cbor, &cred->authdata, &cred->attcred, in parse_makecred_reply()
39 &cred->authdata_ext)); in parse_makecred_reply()
41 return (cbor_decode_attstmt(val, &cred->attstmt)); in parse_makecred_reply()
43 return (fido_blob_decode(val, &cred->largeblob_key)); in parse_makecred_reply()
56 fido_opt_t uv = cred->uv; in fido_dev_make_cred_tx()
65 if (cred->cdh.ptr == NULL || cred->type == 0) { in fido_dev_make_cred_tx()
67 (void *)cred->cdh.ptr, cred->type); in fido_dev_make_cred_tx()
72 if ((argv[0] = fido_blob_encode(&cred->cdh)) == NULL || in fido_dev_make_cred_tx()
73 (argv[1] = cbor_encode_rp_entity(&cred->rp)) == NULL || in fido_dev_make_cred_tx()
74 (argv[2] = cbor_encode_user_entity(&cred->user)) == NULL || in fido_dev_make_cred_tx()
75 (argv[3] = cbor_encode_pubkey_param(cred->type)) == NULL) { in fido_dev_make_cred_tx()
82 if (cred->excl.len) in fido_dev_make_cred_tx()
83 if ((argv[4] = cbor_encode_pubkey_list(&cred->excl)) == NULL) { in fido_dev_make_cred_tx()
90 if (cred->ext.mask) in fido_dev_make_cred_tx()
91 if ((argv[5] = cbor_encode_cred_ext(&cred->ext, in fido_dev_make_cred_tx()
92 &cred->blob)) == NULL) { in fido_dev_make_cred_tx()
105 if ((r = cbor_add_uv_params(dev, cmd, &cred->cdh, pk, ecdh, in fido_dev_make_cred_tx()
106 pin, cred->rp.id, &argv[7], &argv[8], ms)) != FIDO_OK) { in fido_dev_make_cred_tx()
114 if (cred->rk != FIDO_OPT_OMIT || uv != FIDO_OPT_OMIT) in fido_dev_make_cred_tx()
115 if ((argv[6] = cbor_encode_cred_opt(cred->rk, uv)) == NULL) { in fido_dev_make_cred_tx()
166 if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) || in fido_dev_make_cred_rx()
167 fido_blob_is_empty(&cred->attcred.id)) { in fido_dev_make_cred_rx()
198 int ms = dev->timeout_ms; in fido_dev_make_cred()
201 if (dev->flags & FIDO_DEV_WINHELLO) in fido_dev_make_cred()
205 if (pin != NULL || cred->rk == FIDO_OPT_TRUE || in fido_dev_make_cred()
206 cred->ext.mask != 0) in fido_dev_make_cred()
237 return (-1); in fido_check_rp_id()
253 int ok = -1; in get_signed_hash_u2f()
255 if (dgst->len < SHA256_DIGEST_LENGTH || in get_signed_hash_u2f()
261 EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 || in get_signed_hash_u2f()
262 EVP_DigestUpdate(ctx, id->ptr, id->len) != 1 || in get_signed_hash_u2f()
264 EVP_DigestUpdate(ctx, pk->x, sizeof(pk->x)) != 1 || in get_signed_hash_u2f()
265 EVP_DigestUpdate(ctx, pk->y, sizeof(pk->y)) != 1 || in get_signed_hash_u2f()
266 EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) { in get_signed_hash_u2f()
270 dgst->len = SHA256_DIGEST_LENGTH; in get_signed_hash_u2f()
285 int ok = -1; in verify_attstmt()
288 if (attstmt->x5c.len > INT_MAX) { in verify_attstmt()
289 fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len); in verify_attstmt()
290 return (-1); in verify_attstmt()
294 if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr, in verify_attstmt()
295 (int)attstmt->x5c.len)) == NULL || in verify_attstmt()
302 switch (attstmt->alg) { in verify_attstmt()
305 ok = es256_verify_sig(dgst, pkey, &attstmt->sig); in verify_attstmt()
308 ok = es384_verify_sig(dgst, pkey, &attstmt->sig); in verify_attstmt()
311 ok = rs256_verify_sig(dgst, pkey, &attstmt->sig); in verify_attstmt()
314 ok = rs1_verify_sig(dgst, pkey, &attstmt->sig); in verify_attstmt()
317 ok = eddsa_verify_sig(dgst, pkey, &attstmt->sig); in verify_attstmt()
320 fido_log_debug("%s: unknown alg %d", __func__, attstmt->alg); in verify_attstmt()
344 if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL || in fido_cred_verify()
345 cred->attstmt.x5c.ptr == NULL || cred->attstmt.sig.ptr == NULL || in fido_cred_verify()
346 cred->fmt == NULL || cred->attcred.id.ptr == NULL || in fido_cred_verify()
347 cred->rp.id == NULL) { in fido_cred_verify()
349 "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr, in fido_cred_verify()
350 (void *)cred->authdata_cbor.ptr, in fido_cred_verify()
351 (void *)cred->attstmt.x5c.ptr, in fido_cred_verify()
352 (void *)cred->attstmt.sig.ptr, (void *)cred->fmt, in fido_cred_verify()
353 (void *)cred->attcred.id.ptr, cred->rp.id); in fido_cred_verify()
358 if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) { in fido_cred_verify()
364 if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE, in fido_cred_verify()
365 cred->uv) < 0) { in fido_cred_verify()
371 if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) { in fido_cred_verify()
377 if ((cose_alg = cred->attstmt.alg) == COSE_UNSPEC) in fido_cred_verify()
380 if (!strcmp(cred->fmt, "packed")) { in fido_cred_verify()
381 if (fido_get_signed_hash(cose_alg, &dgst, &cred->cdh, in fido_cred_verify()
382 &cred->authdata_cbor) < 0) { in fido_cred_verify()
387 } else if (!strcmp(cred->fmt, "fido-u2f")) { in fido_cred_verify()
388 if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash, in fido_cred_verify()
389 sizeof(cred->authdata.rp_id_hash), &cred->cdh, in fido_cred_verify()
390 &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) { in fido_cred_verify()
395 } else if (!strcmp(cred->fmt, "tpm")) { in fido_cred_verify()
396 if (fido_get_signed_hash_tpm(&dgst, &cred->cdh, in fido_cred_verify()
397 &cred->authdata_raw, &cred->attstmt, &cred->attcred) < 0) { in fido_cred_verify()
403 fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt); in fido_cred_verify()
408 if (verify_attstmt(&dgst, &cred->attstmt) < 0) { in fido_cred_verify()
426 int ok = -1; in fido_cred_verify_self()
433 if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL || in fido_cred_verify_self()
434 cred->attstmt.x5c.ptr != NULL || cred->attstmt.sig.ptr == NULL || in fido_cred_verify_self()
435 cred->fmt == NULL || cred->attcred.id.ptr == NULL || in fido_cred_verify_self()
436 cred->rp.id == NULL) { in fido_cred_verify_self()
438 "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr, in fido_cred_verify_self()
439 (void *)cred->authdata_cbor.ptr, in fido_cred_verify_self()
440 (void *)cred->attstmt.x5c.ptr, in fido_cred_verify_self()
441 (void *)cred->attstmt.sig.ptr, (void *)cred->fmt, in fido_cred_verify_self()
442 (void *)cred->attcred.id.ptr, cred->rp.id); in fido_cred_verify_self()
447 if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) { in fido_cred_verify_self()
453 if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE, in fido_cred_verify_self()
454 cred->uv) < 0) { in fido_cred_verify_self()
460 if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) { in fido_cred_verify_self()
466 if (!strcmp(cred->fmt, "packed")) { in fido_cred_verify_self()
467 if (fido_get_signed_hash(cred->attcred.type, &dgst, &cred->cdh, in fido_cred_verify_self()
468 &cred->authdata_cbor) < 0) { in fido_cred_verify_self()
473 } else if (!strcmp(cred->fmt, "fido-u2f")) { in fido_cred_verify_self()
474 if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash, in fido_cred_verify_self()
475 sizeof(cred->authdata.rp_id_hash), &cred->cdh, in fido_cred_verify_self()
476 &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) { in fido_cred_verify_self()
482 fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt); in fido_cred_verify_self()
487 switch (cred->attcred.type) { in fido_cred_verify_self()
489 ok = es256_pk_verify_sig(&dgst, &cred->attcred.pubkey.es256, in fido_cred_verify_self()
490 &cred->attstmt.sig); in fido_cred_verify_self()
493 ok = es384_pk_verify_sig(&dgst, &cred->attcred.pubkey.es384, in fido_cred_verify_self()
494 &cred->attstmt.sig); in fido_cred_verify_self()
497 ok = rs256_pk_verify_sig(&dgst, &cred->attcred.pubkey.rs256, in fido_cred_verify_self()
498 &cred->attstmt.sig); in fido_cred_verify_self()
501 ok = eddsa_pk_verify_sig(&dgst, &cred->attcred.pubkey.eddsa, in fido_cred_verify_self()
502 &cred->attstmt.sig); in fido_cred_verify_self()
506 cred->attcred.type); in fido_cred_verify_self()
531 fido_blob_reset(&cred->authdata_cbor); in fido_cred_clean_authdata()
532 fido_blob_reset(&cred->authdata_raw); in fido_cred_clean_authdata()
533 fido_blob_reset(&cred->attcred.id); in fido_cred_clean_authdata()
535 memset(&cred->authdata_ext, 0, sizeof(cred->authdata_ext)); in fido_cred_clean_authdata()
536 memset(&cred->authdata, 0, sizeof(cred->authdata)); in fido_cred_clean_authdata()
537 memset(&cred->attcred, 0, sizeof(cred->attcred)); in fido_cred_clean_authdata()
543 fido_blob_reset(&attstmt->certinfo); in fido_cred_clean_attstmt()
544 fido_blob_reset(&attstmt->pubarea); in fido_cred_clean_attstmt()
545 fido_blob_reset(&attstmt->cbor); in fido_cred_clean_attstmt()
546 fido_blob_reset(&attstmt->x5c); in fido_cred_clean_attstmt()
547 fido_blob_reset(&attstmt->sig); in fido_cred_clean_attstmt()
555 fido_blob_reset(&cred->cd); in fido_cred_reset_tx()
556 fido_blob_reset(&cred->cdh); in fido_cred_reset_tx()
557 fido_blob_reset(&cred->user.id); in fido_cred_reset_tx()
558 fido_blob_reset(&cred->blob); in fido_cred_reset_tx()
560 free(cred->rp.id); in fido_cred_reset_tx()
561 free(cred->rp.name); in fido_cred_reset_tx()
562 free(cred->user.icon); in fido_cred_reset_tx()
563 free(cred->user.name); in fido_cred_reset_tx()
564 free(cred->user.display_name); in fido_cred_reset_tx()
567 memset(&cred->rp, 0, sizeof(cred->rp)); in fido_cred_reset_tx()
568 memset(&cred->user, 0, sizeof(cred->user)); in fido_cred_reset_tx()
569 memset(&cred->ext, 0, sizeof(cred->ext)); in fido_cred_reset_tx()
571 cred->type = 0; in fido_cred_reset_tx()
572 cred->rk = FIDO_OPT_OMIT; in fido_cred_reset_tx()
573 cred->uv = FIDO_OPT_OMIT; in fido_cred_reset_tx()
579 free(cred->fmt); in fido_cred_reset_rx()
580 cred->fmt = NULL; in fido_cred_reset_rx()
582 fido_cred_clean_attstmt(&cred->attstmt); in fido_cred_reset_rx()
583 fido_blob_reset(&cred->largeblob_key); in fido_cred_reset_rx()
616 if (fido_blob_decode(item, &cred->authdata_raw) < 0) { in fido_cred_set_authdata()
621 if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor, in fido_cred_set_authdata()
622 &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) { in fido_cred_set_authdata()
650 if (fido_blob_set(&cred->authdata_raw, ptr, len) < 0) { in fido_cred_set_authdata_raw()
662 if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor, in fido_cred_set_authdata_raw()
663 &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) { in fido_cred_set_authdata_raw()
682 if (fido_blob_set(&cred->attcred.id, ptr, len) < 0) in fido_cred_set_id()
691 if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0) in fido_cred_set_x509()
700 if (fido_blob_set(&cred->attstmt.sig, ptr, len) < 0) in fido_cred_set_sig()
713 fido_cred_clean_attstmt(&cred->attstmt); in fido_cred_set_attstmt()
723 if (cbor_decode_attstmt(item, &cred->attstmt) < 0) { in fido_cred_set_attstmt()
734 fido_cred_clean_attstmt(&cred->attstmt); in fido_cred_set_attstmt()
750 if (cred->excl.len == SIZE_MAX) { in fido_cred_exclude()
755 if ((list_ptr = recallocarray(cred->excl.ptr, cred->excl.len, in fido_cred_exclude()
756 cred->excl.len + 1, sizeof(fido_blob_t))) == NULL) { in fido_cred_exclude()
761 list_ptr[cred->excl.len++] = id_blob; in fido_cred_exclude()
762 cred->excl.ptr = list_ptr; in fido_cred_exclude()
770 fido_free_blob_array(&cred->excl); in fido_cred_empty_exclude_list()
771 memset(&cred->excl, 0, sizeof(cred->excl)); in fido_cred_empty_exclude_list()
780 if (!fido_blob_is_empty(&cred->cdh) || in fido_cred_set_clientdata()
781 fido_blob_set(&cred->cd, data, data_len) < 0) { in fido_cred_set_clientdata()
784 if (fido_sha256(&cred->cdh, data, data_len) < 0) { in fido_cred_set_clientdata()
785 fido_blob_reset(&cred->cd); in fido_cred_set_clientdata()
796 if (!fido_blob_is_empty(&cred->cd) || in fido_cred_set_clientdata_hash()
797 fido_blob_set(&cred->cdh, hash, hash_len) < 0) in fido_cred_set_clientdata_hash()
806 fido_rp_t *rp = &cred->rp; in fido_cred_set_rp() local
808 if (rp->id != NULL) { in fido_cred_set_rp()
809 free(rp->id); in fido_cred_set_rp()
810 rp->id = NULL; in fido_cred_set_rp()
812 if (rp->name != NULL) { in fido_cred_set_rp()
813 free(rp->name); in fido_cred_set_rp()
814 rp->name = NULL; in fido_cred_set_rp()
817 if (id != NULL && (rp->id = strdup(id)) == NULL) in fido_cred_set_rp()
819 if (name != NULL && (rp->name = strdup(name)) == NULL) in fido_cred_set_rp()
824 free(rp->id); in fido_cred_set_rp()
825 free(rp->name); in fido_cred_set_rp()
826 rp->id = NULL; in fido_cred_set_rp()
827 rp->name = NULL; in fido_cred_set_rp()
837 fido_user_t *up = &cred->user; in fido_cred_set_user()
839 if (up->id.ptr != NULL) { in fido_cred_set_user()
840 free(up->id.ptr); in fido_cred_set_user()
841 up->id.ptr = NULL; in fido_cred_set_user()
842 up->id.len = 0; in fido_cred_set_user()
844 if (up->name != NULL) { in fido_cred_set_user()
845 free(up->name); in fido_cred_set_user()
846 up->name = NULL; in fido_cred_set_user()
848 if (up->display_name != NULL) { in fido_cred_set_user()
849 free(up->display_name); in fido_cred_set_user()
850 up->display_name = NULL; in fido_cred_set_user()
852 if (up->icon != NULL) { in fido_cred_set_user()
853 free(up->icon); in fido_cred_set_user()
854 up->icon = NULL; in fido_cred_set_user()
857 if (user_id != NULL && fido_blob_set(&up->id, user_id, user_id_len) < 0) in fido_cred_set_user()
859 if (name != NULL && (up->name = strdup(name)) == NULL) in fido_cred_set_user()
862 (up->display_name = strdup(display_name)) == NULL) in fido_cred_set_user()
864 if (icon != NULL && (up->icon = strdup(icon)) == NULL) in fido_cred_set_user()
869 free(up->id.ptr); in fido_cred_set_user()
870 free(up->name); in fido_cred_set_user()
871 free(up->display_name); in fido_cred_set_user()
872 free(up->icon); in fido_cred_set_user()
874 up->id.ptr = NULL; in fido_cred_set_user()
875 up->id.len = 0; in fido_cred_set_user()
876 up->name = NULL; in fido_cred_set_user()
877 up->display_name = NULL; in fido_cred_set_user()
878 up->icon = NULL; in fido_cred_set_user()
887 cred->ext.mask = 0; in fido_cred_set_extensions()
891 cred->ext.mask |= ext; in fido_cred_set_extensions()
900 cred->rk = rk ? FIDO_OPT_TRUE : FIDO_OPT_FALSE; in fido_cred_set_options()
901 cred->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE; in fido_cred_set_options()
909 cred->rk = rk; in fido_cred_set_rk()
917 cred->uv = uv; in fido_cred_set_uv()
926 cred->ext.mask &= ~FIDO_EXT_CRED_PROTECT; in fido_cred_set_prot()
927 cred->ext.prot = 0; in fido_cred_set_prot()
934 cred->ext.mask |= FIDO_EXT_CRED_PROTECT; in fido_cred_set_prot()
935 cred->ext.prot = prot; in fido_cred_set_prot()
945 cred->ext.mask &= ~FIDO_EXT_MINPINLEN; in fido_cred_set_pin_minlen()
947 cred->ext.mask |= FIDO_EXT_MINPINLEN; in fido_cred_set_pin_minlen()
949 cred->ext.minpinlen = len; in fido_cred_set_pin_minlen()
959 if (fido_blob_set(&cred->blob, ptr, len) < 0) in fido_cred_set_blob()
962 cred->ext.mask |= FIDO_EXT_CRED_BLOB; in fido_cred_set_blob()
970 free(cred->fmt); in fido_cred_set_fmt()
971 cred->fmt = NULL; in fido_cred_set_fmt()
976 if (strcmp(fmt, "packed") && strcmp(fmt, "fido-u2f") && in fido_cred_set_fmt()
980 if ((cred->fmt = strdup(fmt)) == NULL) in fido_cred_set_fmt()
989 if (cred->type != 0) in fido_cred_set_type()
995 cred->type = cose_alg; in fido_cred_set_type()
1003 return (cred->type); in fido_cred_type()
1009 return (cred->authdata.flags); in fido_cred_flags()
1015 return (cred->authdata.sigcount); in fido_cred_sigcount()
1021 return (cred->cdh.ptr); in fido_cred_clientdata_hash_ptr()
1027 return (cred->cdh.len); in fido_cred_clientdata_hash_len()
1033 return (cred->attstmt.x5c.ptr); in fido_cred_x5c_ptr()
1039 return (cred->attstmt.x5c.len); in fido_cred_x5c_len()
1045 return (cred->attstmt.sig.ptr); in fido_cred_sig_ptr()
1051 return (cred->attstmt.sig.len); in fido_cred_sig_len()
1057 return (cred->authdata_cbor.ptr); in fido_cred_authdata_ptr()
1063 return (cred->authdata_cbor.len); in fido_cred_authdata_len()
1069 return (cred->authdata_raw.ptr); in fido_cred_authdata_raw_ptr()
1075 return (cred->authdata_raw.len); in fido_cred_authdata_raw_len()
1081 return (cred->attstmt.cbor.ptr); in fido_cred_attstmt_ptr()
1087 return (cred->attstmt.cbor.len); in fido_cred_attstmt_len()
1095 switch (cred->attcred.type) { in fido_cred_pubkey_ptr()
1097 ptr = &cred->attcred.pubkey.es256; in fido_cred_pubkey_ptr()
1100 ptr = &cred->attcred.pubkey.es384; in fido_cred_pubkey_ptr()
1103 ptr = &cred->attcred.pubkey.rs256; in fido_cred_pubkey_ptr()
1106 ptr = &cred->attcred.pubkey.eddsa; in fido_cred_pubkey_ptr()
1121 switch (cred->attcred.type) { in fido_cred_pubkey_len()
1123 len = sizeof(cred->attcred.pubkey.es256); in fido_cred_pubkey_len()
1126 len = sizeof(cred->attcred.pubkey.es384); in fido_cred_pubkey_len()
1129 len = sizeof(cred->attcred.pubkey.rs256); in fido_cred_pubkey_len()
1132 len = sizeof(cred->attcred.pubkey.eddsa); in fido_cred_pubkey_len()
1145 return (cred->attcred.id.ptr); in fido_cred_id_ptr()
1151 return (cred->attcred.id.len); in fido_cred_id_len()
1157 return (cred->attcred.aaguid); in fido_cred_aaguid_ptr()
1163 return (sizeof(cred->attcred.aaguid)); in fido_cred_aaguid_len()
1169 return (cred->ext.prot); in fido_cred_prot()
1175 return (cred->ext.minpinlen); in fido_cred_pin_minlen()
1181 return (cred->fmt); in fido_cred_fmt()
1187 return (cred->rp.id); in fido_cred_rp_id()
1193 return (cred->rp.name); in fido_cred_rp_name()
1199 return (cred->user.name); in fido_cred_user_name()
1205 return (cred->user.display_name); in fido_cred_display_name()
1211 return (cred->user.id.ptr); in fido_cred_user_id_ptr()
1217 return (cred->user.id.len); in fido_cred_user_id_len()
1223 return (cred->largeblob_key.ptr); in fido_cred_largeblob_key_ptr()
1229 return (cred->largeblob_key.len); in fido_cred_largeblob_key_len()