mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 05:43:48 -07:00
refactoring
This commit is contained in:
merlokk
parent
71215aa4c9
commit
305c0c099b
1 changed files with 48 additions and 74 deletions
|
|
@ -352,6 +352,52 @@ bool CheckrpIdHash(json_t *json, uint8_t *hash) {
|
|||
return !memcmp(hash, hash2, 32);
|
||||
}
|
||||
|
||||
// check ANSI X9.62 format ECDSA signature (on P-256)
|
||||
int FIDO2CheckSignature(json_t *root, uint8_t *publickey, uint8_t *sign, size_t signLen, uint8_t *authData, size_t authDataLen, bool verbose) {
|
||||
int res;
|
||||
uint8_t rval[300] = {0};
|
||||
uint8_t sval[300] = {0};
|
||||
res = ecdsa_asn1_get_signature(sign, signLen, rval, sval);
|
||||
if (!res) {
|
||||
if (verbose) {
|
||||
PrintAndLog(" r: %s", sprint_hex(rval, 32));
|
||||
PrintAndLog(" s: %s", sprint_hex(sval, 32));
|
||||
}
|
||||
|
||||
uint8_t clientDataHash[32] = {0};
|
||||
size_t clientDataHashLen = 0;
|
||||
res = JsonLoadBufAsHex(root, "$.ClientDataHash", clientDataHash, sizeof(clientDataHash), &clientDataHashLen);
|
||||
if (res || clientDataHashLen != 32) {
|
||||
PrintAndLog("ERROR: Can't get clientDataHash from json!");
|
||||
return 2;
|
||||
}
|
||||
|
||||
uint8_t xbuf[4096] = {0};
|
||||
size_t xbuflen = 0;
|
||||
res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen,
|
||||
authData, authDataLen, // rpIdHash[32] + flags[1] + signCount[4]
|
||||
clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json
|
||||
NULL, 0);
|
||||
//PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
|
||||
res = ecdsa_signature_verify(publickey, xbuf, xbuflen, sign, signLen);
|
||||
if (res) {
|
||||
if (res == -0x4e00) {
|
||||
PrintAndLog("Signature is NOT VALID.");
|
||||
} else {
|
||||
PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));
|
||||
}
|
||||
return res;
|
||||
} else {
|
||||
PrintAndLog("Signature is OK.");
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Invalid signature. res=%d.", res);
|
||||
return res;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int FIDO2MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, bool verbose, bool verbose2, bool showCBOR, bool showDERTLV) {
|
||||
CborParser parser;
|
||||
CborValue map, mapsmt;
|
||||
|
|
@ -513,43 +559,7 @@ int FIDO2MakeCredentionalParseRes(json_t *root, uint8_t *data, size_t dataLen, b
|
|||
JsonSaveBufAsHexCompact(root, "$.AppData.DERPublicKey", public_key, sizeof(public_key));
|
||||
|
||||
// check ANSI X9.62 format ECDSA signature (on P-256)
|
||||
uint8_t rval[300] = {0};
|
||||
uint8_t sval[300] = {0};
|
||||
res = ecdsa_asn1_get_signature(sign, signLen, rval, sval);
|
||||
if (!res) {
|
||||
if (verbose) {
|
||||
PrintAndLog(" r: %s", sprint_hex(rval, 32));
|
||||
PrintAndLog(" s: %s", sprint_hex(sval, 32));
|
||||
}
|
||||
|
||||
uint8_t clientDataHash[32] = {0};
|
||||
size_t clientDataHashLen = 0;
|
||||
res = JsonLoadBufAsHex(root, "$.ClientDataHash", clientDataHash, sizeof(clientDataHash), &clientDataHashLen);
|
||||
if (res || clientDataHashLen != 32) {
|
||||
PrintAndLog("ERROR: Can't get clientDataHash from json!");
|
||||
return 2;
|
||||
}
|
||||
|
||||
uint8_t xbuf[4096] = {0};
|
||||
size_t xbuflen = 0;
|
||||
res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen,
|
||||
authData, authDataLen, // rpIdHash[32] + flags[1] + signCount[4] + ...
|
||||
clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json
|
||||
NULL, 0);
|
||||
//PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
|
||||
res = ecdsa_signature_verify(public_key, xbuf, xbuflen, sign, signLen);
|
||||
if (res) {
|
||||
if (res == -0x4e00) {
|
||||
PrintAndLog("Signature is NOT VALID.");
|
||||
} else {
|
||||
PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Signature is OK.");
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Invalid signature. res=%d.", res);
|
||||
}
|
||||
FIDO2CheckSignature(root, public_key, sign, signLen, authData, authDataLen, verbose);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -749,43 +759,7 @@ int FIDO2GetAssertionParseRes(json_t *root, uint8_t *data, size_t dataLen, bool
|
|||
JsonLoadBufAsHex(root, "$.AppData.COSEPublicKey", PublicKey, 65, &PublicKeyLen);
|
||||
|
||||
// check ANSI X9.62 format ECDSA signature (on P-256)
|
||||
uint8_t rval[300] = {0};
|
||||
uint8_t sval[300] = {0};
|
||||
res = ecdsa_asn1_get_signature(sign, signLen, rval, sval);
|
||||
if (!res) {
|
||||
if (verbose) {
|
||||
PrintAndLog(" r: %s", sprint_hex(rval, 32));
|
||||
PrintAndLog(" s: %s", sprint_hex(sval, 32));
|
||||
}
|
||||
|
||||
uint8_t clientDataHash[32] = {0};
|
||||
size_t clientDataHashLen = 0;
|
||||
res = JsonLoadBufAsHex(root, "$.ClientDataHash", clientDataHash, sizeof(clientDataHash), &clientDataHashLen);
|
||||
if (res || clientDataHashLen != 32) {
|
||||
PrintAndLog("ERROR: Can't get clientDataHash from json!");
|
||||
return 2;
|
||||
}
|
||||
|
||||
uint8_t xbuf[4096] = {0};
|
||||
size_t xbuflen = 0;
|
||||
res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen,
|
||||
authData, authDataLen, // rpIdHash[32] + flags[1] + signCount[4]
|
||||
clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json
|
||||
NULL, 0);
|
||||
//PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
|
||||
res = ecdsa_signature_verify(PublicKey, xbuf, xbuflen, sign, signLen);
|
||||
if (res) {
|
||||
if (res == -0x4e00) {
|
||||
PrintAndLog("Signature is NOT VALID.");
|
||||
} else {
|
||||
PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Signature is OK.");
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Invalid signature. res=%d.", res);
|
||||
}
|
||||
FIDO2CheckSignature(root, PublicKey, sign, signLen, authData, authDataLen, verbose);
|
||||
|
||||
free(ubuf);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue