From 23ef267100c2c0617b612035f5741f2d8bdb4953 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sat, 17 Nov 2018 18:11:46 +0200 Subject: [PATCH] added fido2 error codes description --- client/cmdhffido.c | 2 +- client/fido/fidocore.c | 91 ++++++++++++++++++++++++++++++++++++++++++ client/fido/fidocore.h | 2 + 3 files changed, 94 insertions(+), 1 deletion(-) diff --git a/client/cmdhffido.c b/client/cmdhffido.c index 2a61a29c7..e344e4445 100644 --- a/client/cmdhffido.c +++ b/client/cmdhffido.c @@ -143,7 +143,7 @@ int CmdHFFidoInfo(const char *cmd) { } if(buf[0]) { - PrintAndLog("FIDO2 ger version error: %d", buf[0]); + PrintAndLog("FIDO2 ger version error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); return 0; } diff --git a/client/fido/fidocore.c b/client/fido/fidocore.c index 4676aa7d3..1263baef9 100644 --- a/client/fido/fidocore.c +++ b/client/fido/fidocore.c @@ -11,6 +11,97 @@ // #include "fidocore.h" +typedef struct { + uint8_t ErrorCode; + char *ShortDescription; + char *Description; +} fido2Error_t; + +fido2Error_t fido2Errors[] = { + {0xFF, "n/a", "n/a"}, + {0x00, "CTAP1_ERR_SUCCESS", "Indicates successful response."}, + {0x01, "CTAP1_ERR_INVALID_COMMAND", "The command is not a valid CTAP command."}, + {0x02, "CTAP1_ERR_INVALID_PARAMETER", "The command included an invalid parameter."}, + {0x03, "CTAP1_ERR_INVALID_LENGTH", "Invalid message or item length."}, + {0x04, "CTAP1_ERR_INVALID_SEQ", "Invalid message sequencing."}, + {0x05, "CTAP1_ERR_TIMEOUT", "Message timed out."}, + {0x06, "CTAP1_ERR_CHANNEL_BUSY", "Channel busy."}, + {0x0A, "CTAP1_ERR_LOCK_REQUIRED", "Command requires channel lock."}, + {0x0B, "CTAP1_ERR_INVALID_CHANNEL", "Command not allowed on this cid."}, + {0x10, "CTAP2_ERR_CBOR_PARSING", "Error while parsing CBOR."}, + {0x11, "CTAP2_ERR_CBOR_UNEXPECTED_TYPE", "Invalid/unexpected CBOR error."}, + {0x12, "CTAP2_ERR_INVALID_CBOR", "Error when parsing CBOR."}, + {0x13, "CTAP2_ERR_INVALID_CBOR_TYPE", "Invalid or unexpected CBOR type."}, + {0x14, "CTAP2_ERR_MISSING_PARAMETER", "Missing non-optional parameter."}, + {0x15, "CTAP2_ERR_LIMIT_EXCEEDED", "Limit for number of items exceeded."}, + {0x16, "CTAP2_ERR_UNSUPPORTED_EXTENSION", "Unsupported extension."}, + {0x17, "CTAP2_ERR_TOO_MANY_ELEMENTS", "Limit for number of items exceeded."}, + {0x18, "CTAP2_ERR_EXTENSION_NOT_SUPPORTED", "Unsupported extension."}, + {0x19, "CTAP2_ERR_CREDENTIAL_EXCLUDED", "Valid credential found in the exludeList."}, + {0x20, "CTAP2_ERR_CREDENTIAL_NOT_VALID", "Credential not valid for authenticator."}, + {0x21, "CTAP2_ERR_PROCESSING", "Processing (Lengthy operation is in progress)."}, + {0x22, "CTAP2_ERR_INVALID_CREDENTIAL", "Credential not valid for the authenticator."}, + {0x23, "CTAP2_ERR_USER_ACTION_PENDING", "Authentication is waiting for user interaction."}, + {0x24, "CTAP2_ERR_OPERATION_PENDING", "Processing, lengthy operation is in progress."}, + {0x25, "CTAP2_ERR_NO_OPERATIONS", "No request is pending."}, + {0x26, "CTAP2_ERR_UNSUPPORTED_ALGORITHM", "Authenticator does not support requested algorithm."}, + {0x27, "CTAP2_ERR_OPERATION_DENIED", "Not authorized for requested operation."}, + {0x28, "CTAP2_ERR_KEY_STORE_FULL", "Internal key storage is full."}, + {0x29, "CTAP2_ERR_NOT_BUSY", "Authenticator cannot cancel as it is not busy."}, + {0x2A, "CTAP2_ERR_NO_OPERATION_PENDING", "No outstanding operations."}, + {0x2B, "CTAP2_ERR_UNSUPPORTED_OPTION", "Unsupported option."}, + {0x2C, "CTAP2_ERR_INVALID_OPTION", "Unsupported option."}, + {0x2D, "CTAP2_ERR_KEEPALIVE_CANCEL", "Pending keep alive was cancelled."}, + {0x2E, "CTAP2_ERR_NO_CREDENTIALS", "No valid credentials provided."}, + {0x2F, "CTAP2_ERR_USER_ACTION_TIMEOUT", "Timeout waiting for user interaction."}, + {0x30, "CTAP2_ERR_NOT_ALLOWED", "Continuation command, such as, authenticatorGetNextAssertion not allowed."}, + {0x31, "CTAP2_ERR_PIN_INVALID", "PIN Blocked."}, + {0x32, "CTAP2_ERR_PIN_BLOCKED", "PIN Blocked."}, + {0x33, "CTAP2_ERR_PIN_AUTH_INVALID", "PIN authentication,pinAuth, verification failed."}, + {0x34, "CTAP2_ERR_PIN_AUTH_BLOCKED", "PIN authentication,pinAuth, blocked. Requires power recycle to reset."}, + {0x35, "CTAP2_ERR_PIN_NOT_SET", "No PIN has been set."}, + {0x36, "CTAP2_ERR_PIN_REQUIRED", "PIN is required for the selected operation."}, + {0x37, "CTAP2_ERR_PIN_POLICY_VIOLATION", "PIN policy violation. Currently only enforces minimum length."}, + {0x38, "CTAP2_ERR_PIN_TOKEN_EXPIRED", "pinToken expired on authenticator."}, + {0x39, "CTAP2_ERR_REQUEST_TOO_LARGE", "Authenticator cannot handle this request due to memory constraints."}, + {0x7F, "CTAP1_ERR_OTHER", "Other unspecified error."}, + {0xDF, "CTAP2_ERR_SPEC_LAST", "CTAP 2 spec last error."}, +}; + +typedef struct { + uint8_t MemberNumber; + char *Description; +} fido2Desc_t; + +typedef fido2Desc_t fido2ArrayDesc_t[]; +/* +typedef struct { + fido2Desc_t Query[]; + fido2Desc_t Resp[]; +} fido2CmdDesc_t; + +fido2CmdDesc_t fido2CmdDesc[] = { // fido2CommandsCount + {fido2CmdGetInfoRespDesc, fido2CmdGetInfoRespDesc}, + {fido2CmdGetInfoRespDesc, fido2CmdGetInfoRespDesc}, +}; +*/ +fido2Desc_t fido2CmdGetInfoRespDesc[] = { + {0x01, "versions"}, + {0x02, "extensions"}, + {0x03, "aaguid"}, + {0x04, "options"}, + {0x05, "maxMsgSize"}, + {0x06, "pinProtocols"}, + {0xff, ""}, +}; + +char *fido2GetCmdErrorDescription(uint8_t errorCode) { + for (int i = 0; i < sizeof(fido2Errors) / sizeof(fido2Error_t); i++) + if (fido2Errors[i].ErrorCode == errorCode) + return fido2Errors[i].Description; + + return fido2Errors[0].Description; +} char *fido2GetCmdMemberDescription(uint8_t cmdCode, uint8_t memberNum) { diff --git a/client/fido/fidocore.h b/client/fido/fidocore.h index 10ed65ea0..252adec90 100644 --- a/client/fido/fidocore.h +++ b/client/fido/fidocore.h @@ -24,9 +24,11 @@ enum fido2Commands { fido2CmdReset = 0x07, fido2CmdGetNextAssertion = 0x08, }; +#define fido2CommandsCount 9 extern char *fido2GetCmdMemberDescription(uint8_t cmdCode, uint8_t memberNum); +extern char *fido2GetCmdErrorDescription(uint8_t errorCode); #endif /* __FIDOCORE_H__ */