From 705d0b7a6b2ccd4e3a75f15cea589e8fe4519c8d Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 26 Nov 2018 17:52:02 +0200 Subject: [PATCH] added signature verify --- client/cmdhffido.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/client/cmdhffido.c b/client/cmdhffido.c index d8ead11ad..4adc4e60d 100644 --- a/client/cmdhffido.c +++ b/client/cmdhffido.c @@ -648,7 +648,7 @@ int GetExistsFileNameJson(char *prefixDir, char *reqestedFileName, char *fileNam return 0; } -bool CheckHash(json_t *json, uint8_t *hash) { +bool CheckrpIdHash(json_t *json, uint8_t *hash) { char hashval[300] = {0}; uint8_t hash2[32] = {0}; @@ -692,7 +692,7 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v PrintAndLog("RP ID Hash: %s", sprint_hex(ubuf, 32)); // check RP ID Hash - if (CheckHash(root, ubuf)) { + if (CheckrpIdHash(root, ubuf)) { PrintAndLog("rpIdHash OK."); } else { PrintAndLog("rpIdHash ERROR!"); @@ -786,13 +786,21 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v PrintAndLog(" s: %s", sprint_hex(sval, 32)); } + uint8_t clientDataHash[32] = {0}; + size_t clientDataHashLen = 0; + res = JsonLoadBufAsHex(root, "$.ClientDataHash", clientDataHash, sizeof(clientDataHash), &clientDataHashLen); + if (res || clientDataHashLen != 32) { + PrintAndLog("ERROR: Can't get clientDataHash from json!"); + return 2; + } + uint8_t xbuf[4096] = {0}; size_t xbuflen = 0; res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, authDataStatic, 37, // rpIdHash[32] + flags[1] + signCount[4] - &data[0], 32, // Hash of the serialized client data + clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json NULL, 0); - //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); + PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); res = ecdsa_signature_verify(public_key, xbuf, xbuflen, sign, signLen); if (res) { if (res == -0x4e00) {