implement hmac extension

Author: shimunn

src/cbor.rs

@@ -4,11 +4,11 @@
 // http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
 // http://opensource.org/licenses/MIT>, at your option. This file may not be
 // copied, modified, or distributed except according to those terms.
-use cbor_codec::{Config, Encoder, Decoder, GenericDecoder, GenericEncoder};
-use cbor_codec::value::Value;
 use cbor_codec::value;
+use cbor_codec::value::Value;
+use cbor_codec::{Config, Decoder, Encoder, GenericDecoder, GenericEncoder};
 
-use byteorder::{WriteBytesExt, ReadBytesExt, BigEndian, ByteOrder};
+use byteorder::{BigEndian, ByteOrder, ReadBytesExt, WriteBytesExt};
 use failure::ResultExt;
 
 use std::collections::HashMap;
@@ -29,25 +29,23 @@ impl<'a> Request<'a> {
         match self {
             Request::MakeCredential(req) => req.encode(&mut encoder),
             Request::GetAssertion(req) => req.encode(&mut encoder),
-            Request::GetInfo => {
-                encoder
-                    .writer()
-                    .write_u8(0x04)
-                    .context(FidoErrorKind::CborEncode)
-                    .map_err(From::from)
-            }
+            Request::GetInfo => encoder
+                .writer()
+                .write_u8(0x04)
+                .context(FidoErrorKind::CborEncode)
+                .map_err(From::from),
             Request::ClientPin(req) => req.encode(&mut encoder),
         }
     }
 
     pub fn decode<R: ReadBytesExt>(&self, reader: R) -> FidoResult<Response> {
         Ok(match self {
-            Request::MakeCredential(_) => Response::MakeCredential(
-                MakeCredentialResponse::decode(reader)?,
-            ),
-            Request::GetAssertion(_) => Response::GetAssertion(
-                GetAssertionResponse::decode(reader)?,
-            ),
+            Request::MakeCredential(_) => {
+                Response::MakeCredential(MakeCredentialResponse::decode(reader)?)
+            }
+            Request::GetAssertion(_) => {
+                Response::GetAssertion(GetAssertionResponse::decode(reader)?)
+            }
             Request::GetInfo => Response::GetInfo(GetInfoResponse::decode(reader)?),
             Request::ClientPin(_) => Response::ClientPin(ClientPinResponse::decode(reader)?),
         })
@@ -77,9 +75,10 @@ pub struct MakeCredentialRequest<'a> {
 
 impl<'a> MakeCredentialRequest<'a> {
     pub fn encode<W: WriteBytesExt>(&self, mut encoder: &mut Encoder<W>) -> FidoResult<()> {
-        encoder.writer().write_u8(0x01).context(
-            FidoErrorKind::CborEncode,
-        )?; // authenticatorMakeCredential
+        encoder
+            .writer()
+            .write_u8(0x01)
+            .context(FidoErrorKind::CborEncode)?; // authenticatorMakeCredential
         let mut length = 4;
         length += !self.exclude_list.is_empty() as usize;
         length += !self.extensions.is_empty() as usize;
@@ -176,9 +175,10 @@ pub struct GetAssertionRequest<'a> {
 
 impl<'a> GetAssertionRequest<'a> {
     pub fn encode<W: WriteBytesExt>(&self, mut encoder: &mut Encoder<W>) -> FidoResult<()> {
-        encoder.writer().write_u8(0x02).context(
-            FidoErrorKind::CborEncode,
-        )?; // authenticatorGetAssertion
+        encoder
+            .writer()
+            .write_u8(0x02)
+            .context(FidoErrorKind::CborEncode)?; // authenticatorGetAssertion
         let mut length = 2;
         length += !self.allow_list.is_empty() as usize;
         length += !self.extensions.is_empty() as usize;
@@ -315,9 +315,10 @@ pub struct ClientPinRequest<'a> {
 
 impl<'a> ClientPinRequest<'a> {
     pub fn encode<W: WriteBytesExt>(&self, encoder: &mut Encoder<W>) -> FidoResult<()> {
-        encoder.writer().write_u8(0x06).context(
-            FidoErrorKind::CborEncode,
-        )?; // authenticatorClientPIN
+        encoder
+            .writer()
+            .write_u8(0x06)
+            .context(FidoErrorKind::CborEncode)?; // authenticatorClientPIN
         let mut length = 2;
         length += self.key_agreement.is_some() as usize;
         length += self.pin_auth.is_some() as usize;
@@ -383,7 +384,6 @@ impl ClientPinResponse {
     }
 }
 
-
 #[derive(Debug)]
 pub struct OptionsInfo {
     pub plat: bool,
@@ -439,21 +439,28 @@ impl AuthenticatorData {
         let flags = bytes[32];
         data.up = (flags & 0x01) == 0x01;
         data.uv = (flags & 0x02) == 0x02;
+        let is_attested = (flags & 0x40) == 0x40;
+        let has_extension_data = (flags & 0x80) == 0x80;
         data.sign_count = BigEndian::read_u32(&bytes[33..37]);
         if bytes.len() < 38 {
             return Ok(data);
         }
+
         let mut cur = Cursor::new(&bytes[37..]);
-        let attested_credential_data = AttestedCredentialData::from_bytes(&mut cur)?;
-        data.attested_credential_data = attested_credential_data;
-        if cur.position() >= (bytes.len() - 37) as u64 {
-            return Ok(data);
+        if is_attested {
+            let attested_credential_data = AttestedCredentialData::from_bytes(&mut cur)?;
+            data.attested_credential_data = attested_credential_data;
+            if cur.position() >= (bytes.len() - 37) as u64 {
+                return Ok(data);
+            }
         }
-        let mut decoder = GenericDecoder::new(Config::default(), cur);
-        for _ in 0..decoder.borrow_mut().object()? {
-            let key = decoder.borrow_mut().text()?;
-            let value = decoder.value()?;
-            data.extensions.insert(key.to_string(), value);
+        if has_extension_data {
+            let mut decoder = GenericDecoder::new(Config::default(), cur);
+            for _ in 0..decoder.borrow_mut().object()? {
+                let key = decoder.borrow_mut().text()?;
+                let value = decoder.value()?;
+                data.extensions.insert(key.to_string(), value);
+            }
         }
         Ok(data)
     }
@@ -494,15 +501,15 @@ impl P256Key {
         if cose.key_type != 2 || cose.algorithm != -7 {
             Err(FidoErrorKind::KeyType)?
         }
-        if let (Some(Value::U8(curve)),
-                Some(Value::Bytes(value::Bytes::Bytes(x))),
-                Some(Value::Bytes(value::Bytes::Bytes(y)))) =
-            (
-                cose.parameters.get(&-1),
-                cose.parameters.get(&-2),
-                cose.parameters.get(&-3),
-            )
-        {
+        if let (
+            Some(Value::U8(curve)),
+            Some(Value::Bytes(value::Bytes::Bytes(x))),
+            Some(Value::Bytes(value::Bytes::Bytes(y))),
+        ) = (
+            cose.parameters.get(&-1),
+            cose.parameters.get(&-2),
+            cose.parameters.get(&-3),
+        ) {
             if *curve != 1 {
                 Err(FidoErrorKind::KeyType)?
             }
@@ -532,9 +539,10 @@ impl P256Key {
                 (-1, Value::U8(1)),
                 (-2, Value::Bytes(value::Bytes::Bytes(self.x.to_vec()))),
                 (-3, Value::Bytes(value::Bytes::Bytes(self.y.to_vec()))),
-            ].iter()
-                .cloned()
-                .collect(),
+            ]
+            .iter()
+            .cloned()
+            .collect(),
         }
     }
 

src/crypto.rs

@@ -4,15 +4,16 @@
 // http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
 // http://opensource.org/licenses/MIT>, at your option. This file may not be
 // copied, modified, or distributed except according to those terms.
-use ring::{agreement, rand, digest, hmac, signature};
+use super::cbor::{CoseKey, P256Key};
+use super::error::*;
+use failure::ResultExt;
 use ring::error::Unspecified;
-use untrusted::Input;
-use rust_crypto::blockmodes::NoPadding;
+use ring::{agreement, digest, hmac, rand, signature};
 use rust_crypto::aes;
+use rust_crypto::blockmodes::NoPadding;
 use rust_crypto::buffer::{RefReadBuffer, RefWriteBuffer};
-use failure::ResultExt;
-use super::cbor::{CoseKey, P256Key};
-use super::error::*;
+use rust_crypto::symmetriccipher::{Decryptor, Encryptor};
+use untrusted::Input;
 
 #[derive(Debug)]
 pub struct SharedSecret {
@@ -26,9 +27,9 @@ impl SharedSecret {
         let private = agreement::EphemeralPrivateKey::generate(&agreement::ECDH_P256, &rng)
             .context(FidoErrorKind::GenerateKey)?;
         let public = &mut [0u8; agreement::PUBLIC_KEY_MAX_LEN][..private.public_key_len()];
-        private.compute_public_key(public).context(
-            FidoErrorKind::GenerateKey,
-        )?;
+        private
+            .compute_public_key(public)
+            .context(FidoErrorKind::GenerateKey)?;
         let peer = P256Key::from_cose(peer_key)
             .context(FidoErrorKind::ParsePublic)?
             .bytes();
@@ -39,7 +40,8 @@ impl SharedSecret {
             peer,
             Unspecified,
             |material| Ok(digest::digest(&digest::SHA256, material)),
-        ).context(FidoErrorKind::GenerateSecret)?;
+        )
+        .context(FidoErrorKind::GenerateSecret)?;
         let mut res = SharedSecret {
             public_key: P256Key::from_bytes(&public)
                 .context(FidoErrorKind::ParsePublic)?
@@ -50,42 +52,46 @@ impl SharedSecret {
         Ok(res)
     }
 
-    pub fn encrypt_pin(&self, pin: &str) -> FidoResult<[u8; 16]> {
-        let mut encryptor = aes::cbc_encryptor(
+    pub fn encryptor(&self) -> Box<dyn Encryptor + 'static> {
+        aes::cbc_encryptor(
             aes::KeySize::KeySize256,
             &self.shared_secret,
             &[0u8; 16],
             NoPadding,
-        );
+        )
+    }
+
+    pub fn encrypt_pin(&self, pin: &str) -> FidoResult<[u8; 16]> {
+        let mut encryptor = self.encryptor();
         let pin_bytes = pin.as_bytes();
         let hash = digest::digest(&digest::SHA256, &pin_bytes);
         let in_bytes = &hash.as_ref()[0..16];
         let mut input = RefReadBuffer::new(&in_bytes);
         let mut out_bytes = [0; 16];
         let mut output = RefWriteBuffer::new(&mut out_bytes);
-        encryptor.encrypt(&mut input, &mut output, true).map_err(
-            |_| {
-                FidoErrorKind::EncryptPin
-            },
-        )?;
+        encryptor
+            .encrypt(&mut input, &mut output, true)
+            .map_err(|_| FidoErrorKind::EncryptPin)?;
         Ok(out_bytes)
     }
 
-    pub fn decrypt_token(&self, data: &mut [u8]) -> FidoResult<PinToken> {
-        let mut decryptor = aes::cbc_decryptor(
+    pub fn decryptor(&self) -> Box<dyn Decryptor + 'static> {
+        aes::cbc_decryptor(
             aes::KeySize::KeySize256,
             &self.shared_secret,
             &[0u8; 16],
             NoPadding,
-        );
+        )
+    }
+
+    pub fn decrypt_token(&self, data: &mut [u8]) -> FidoResult<PinToken> {
+        let mut decryptor = self.decryptor();
         let mut input = RefReadBuffer::new(data);
         let mut out_bytes = [0; 16];
         let mut output = RefWriteBuffer::new(&mut out_bytes);
-        decryptor.decrypt(&mut input, &mut output, true).map_err(
-            |_| {
-                FidoErrorKind::DecryptPin
-            },
-        )?;
+        decryptor
+            .decrypt(&mut input, &mut output, true)
+            .map_err(|_| FidoErrorKind::DecryptPin)?;
         Ok(PinToken(hmac::SigningKey::new(&digest::SHA256, &out_bytes)))
     }
 }
@@ -119,5 +125,6 @@ pub fn verify_signature(
         public_key,
         msg,
         signature,
-    ).is_ok()
+    )
+    .is_ok()
 }

src/error.rs

@@ -4,11 +4,11 @@
 // http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
 // http://opensource.org/licenses/MIT>, at your option. This file may not be
 // copied, modified, or distributed except according to those terms.
-use cbor_codec::{EncodeError, DecodeError};
+use cbor_codec::{DecodeError, EncodeError};
 
+use failure::{Backtrace, Context, Fail};
 use std::fmt;
 use std::fmt::Display;
-use failure::{Context, Backtrace, Fail};
 
 pub type FidoResult<T> = Result<T, FidoError>;
 
@@ -52,7 +52,7 @@ pub enum FidoErrorKind {
 }
 
 impl Fail for FidoError {
-    fn cause(&self) -> Option<&Fail> {
+    fn cause(&self) -> Option<&dyn Fail> {
         self.0.cause()
     }