RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-04-02 10:30:16 +08:00
Code Issues Projects Releases Packages Wiki Activity

verify signature OK,

Browse source 
added some logging options
This commit is contained in:
merlokk 2018-11-27 00:11:53 +02:00
parent 66d994920f
commit 890173a623
1 changed files with 34 additions and 13 deletions

39
client/cmdhffido.c
View file

@ -658,7 +658,7 @@ bool CheckrpIdHash(json_t *json, uint8_t *hash) {
return !memcmp(hash, hash2, 32); return !memcmp(hash, hash2, 32);
} }
int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool verbose, bool showCBOR, bool showDERTLV) { int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool verbose, bool verbose2, bool showCBOR, bool showDERTLV) {
CborParser parser; CborParser parser;
CborValue map, mapsmt; CborValue map, mapsmt;
int res; int res;
@ -677,17 +677,22 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v
free(buf); free(buf);
// authData // authData
uint8_t authDataStatic[37] = {0}; uint8_t authData[400] = {0};
size_t authDataLen = 0;
res = CborMapGetKeyById(&parser, &map, data, dataLen, 2); res = CborMapGetKeyById(&parser, &map, data, dataLen, 2);
if (res) if (res)
return res; return res;
res = cbor_value_dup_byte_string(&map, &ubuf, &n, &map); res = cbor_value_dup_byte_string(&map, &ubuf, &n, &map);
cbor_check(res); cbor_check(res);
if (n >= 37) authDataLen = n;
memcpy(authDataStatic, ubuf, 37); memcpy(authData, ubuf, authDataLen);
PrintAndLog("authData: %s", sprint_hex_inrow(ubuf, n)); if (verbose2) {
PrintAndLog("authData[%d]: %s", n, sprint_hex_inrow(authData, authDataLen));
} else {
PrintAndLog("authData[%d]: %s...", n, sprint_hex(authData, MIN(authDataLen, 16)));
}
PrintAndLog("RP ID Hash: %s", sprint_hex(ubuf, 32)); PrintAndLog("RP ID Hash: %s", sprint_hex(ubuf, 32));
@ -727,14 +732,20 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v
//Credentional public key (COSE_KEY) //Credentional public key (COSE_KEY)
uint8_t coseKey[65] = {0}; uint8_t coseKey[65] = {0};
uint16_t cplen = n - 55 - cridlen; uint16_t cplen = n - 55 - cridlen;
if (verbose2) {
PrintAndLog("Credentional public key (COSE_KEY)[%d]: %s", cplen, sprint_hex_inrow(&ubuf[55 + cridlen], cplen)); PrintAndLog("Credentional public key (COSE_KEY)[%d]: %s", cplen, sprint_hex_inrow(&ubuf[55 + cridlen], cplen));
} else {
PrintAndLog("Credentional public key (COSE_KEY)[%d]: %s...", cplen, sprint_hex(&ubuf[55 + cridlen], MIN(cplen, 16)));
}
JsonSaveBufAsHexCompact(root, "$.AppData.COSE_KEY", &ubuf[55 + cridlen], cplen); JsonSaveBufAsHexCompact(root, "$.AppData.COSE_KEY", &ubuf[55 + cridlen], cplen);
if (showCBOR) { if (showCBOR) {
PrintAndLog("COSE structure:"); PrintAndLog("COSE structure:");
PrintAndLog("---------------- CBOR ------------------"); PrintAndLog("---------------- CBOR ------------------");
TinyCborPrintFIDOPackage(fido2COSEKey, true, &ubuf[55 + cridlen], cplen); TinyCborPrintFIDOPackage(fido2COSEKey, true, &ubuf[55 + cridlen], cplen);
PrintAndLog("---------------- CBOR ------------------"); PrintAndLog("---------------- CBOR ------------------");
} }
res = COSEGetECDSAKey(&ubuf[55 + cridlen], cplen, verbose, coseKey); res = COSEGetECDSAKey(&ubuf[55 + cridlen], cplen, verbose, coseKey);
if (res) { if (res) {
PrintAndLog("ERROR: Can't get COSE_KEY."); PrintAndLog("ERROR: Can't get COSE_KEY.");
@ -773,13 +784,23 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v
if (!strcmp(key, "sig")) { if (!strcmp(key, "sig")) {
res = CborGetBinStringValue(&mapsmt, sign, sizeof(sign), &signLen); res = CborGetBinStringValue(&mapsmt, sign, sizeof(sign), &signLen);
cbor_check(res); cbor_check(res);
if (verbose2) {
PrintAndLog("signature [%d]: %s", signLen, sprint_hex_inrow(sign, signLen)); PrintAndLog("signature [%d]: %s", signLen, sprint_hex_inrow(sign, signLen));
} else {
PrintAndLog("signature [%d]: %s...", signLen, sprint_hex(sign, MIN(signLen, 16)));
}
} }
if (!strcmp(key, "x5c")) { if (!strcmp(key, "x5c")) {
res = CborGetArrayBinStringValue(&mapsmt, der, sizeof(der), &derLen); res = CborGetArrayBinStringValue(&mapsmt, der, sizeof(der), &derLen);
cbor_check(res); cbor_check(res);
PrintAndLog("DER [%d]: %s", derLen, sprint_hex_inrow(der, derLen)); if (verbose2) {
PrintAndLog("DER certificate[%d]:\n------------------DER-------------------", derLen);
dump_buffer_simple((const unsigned char *)der, derLen, NULL);
PrintAndLog("\n----------------DER---------------------");
} else {
PrintAndLog("DER [%d]: %s...", derLen, sprint_hex(der, MIN(derLen, 16)));
}
JsonSaveBufAsHexCompact(root, "$.AppData.DER", der, derLen); JsonSaveBufAsHexCompact(root, "$.AppData.DER", der, derLen);
} }
} }
@ -818,10 +839,10 @@ int MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool v
uint8_t xbuf[4096] = {0}; uint8_t xbuf[4096] = {0};
size_t xbuflen = 0; size_t xbuflen = 0;
res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen,
authDataStatic, 37, // rpIdHash[32] + flags[1] + signCount[4] authData, authDataLen, // rpIdHash[32] + flags[1] + signCount[4] + ...
clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json
NULL, 0); NULL, 0);
PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
res = ecdsa_signature_verify(public_key, xbuf, xbuflen, sign, signLen); res = ecdsa_signature_verify(public_key, xbuf, xbuflen, sign, signLen);
if (res) { if (res) {
if (res == -0x4e00) { if (res == -0x4e00) {
@ -944,7 +965,7 @@ int CmdHFFido2MakeCredential(const char *cmd) {
} }
// parse returned cbor // parse returned cbor
MakeCredentionalParseRes(root, &buf[1], len - 1, verbose, showCBOR, showDERTLV); MakeCredentionalParseRes(root, &buf[1], len - 1, verbose, verbose2, showCBOR, showDERTLV);
if (root) { if (root) {
res = json_dump_file(root, fname, JSON_INDENT(2)); res = json_dump_file(root, fname, JSON_INDENT(2));