New routines to set attestation object containing CBOR encoded authDa…

…ta, fmt and attStmt
Yubico · Feb 7, 2024 · 1a029fc · 1a029fc
1 parent c4c7685
commit 1a029fc
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 0 deletions.
diff --git a/src/cbor.c b/src/cbor.c
@@ -1474,6 +1474,20 @@ cbor_decode_attstmt(const cbor_item_t *item, fido_attstmt_t *attstmt)
 	return (0);
 }
 
+int
+cbor_decode_attobj(const cbor_item_t *item, void *arg,
+    int(*parser)(const cbor_item_t *, const cbor_item_t *, void *))
+{
+	if (cbor_isa_map(item) == false ||
+	    cbor_map_is_definite(item) == false ||
+	    cbor_map_iter(item, arg, parser) < 0) {
+		fido_log_debug("%s: cbor type", __func__);
+		return (-1);
+	}
+
+	return (0);
+}
+
 int
 cbor_decode_uint64(const cbor_item_t *item, uint64_t *n)
 {

diff --git a/src/cred.c b/src/cred.c
@@ -736,6 +736,81 @@ fido_cred_set_attstmt(fido_cred_t *cred, const unsigned char *ptr, size_t len)
 	return (r);
 }
 
+static int
+parse_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
+{
+	fido_cred_t *cred = arg;
+	char		*name = NULL;
+	int			 r = -1;
+
+	if (cbor_string_copy(key, &name) < 0) {
+		fido_log_debug("%s: cbor type", __func__);
+		return (0); /* ignore */
+	}
+
+	if (!strcmp(name, "fmt")) {
+		if (cbor_decode_fmt(val, &cred->fmt) < 0) {
+			fido_log_debug("%s: cbor_decode_fmt", __func__);
+			goto fail;
+		}
+	} else if (!strcmp(name, "attStmt")) {
+		if (cbor_decode_attstmt(val, &cred->attstmt) < 0) {
+			fido_log_debug("%s: cbor_decode_attstmt", __func__);
+			goto fail;
+		}
+	}
+	else if (!strcmp(name, "authData")) {
+		if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
+			fido_log_debug("%s: fido_blob_decode", __func__);
+			goto fail;
+		} 
+
+		if (cbor_decode_cred_authdata(val, cred->type,
+			&cred->authdata_cbor, &cred->authdata, &cred->attcred,
+			&cred->authdata_ext) < 0) {
+			fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
+			goto fail;
+		}
+	} else { /* ignore */
+		fido_log_debug("%s: unknown name", __func__);
+	}
+
+	r = FIDO_OK;
+fail:
+	if (name!= NULL)
+		free(name);
+
+	return (r);
+}
+
+int
+fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len)
+{
+	cbor_item_t		*item = NULL;
+	struct cbor_load_result	 cbor;
+	int			 r = FIDO_ERR_INVALID_ARGUMENT;
+
+	if (ptr == NULL || len == 0)
+		goto fail;
+
+	if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
+		fido_log_debug("%s: cbor_load", __func__);
+		goto fail;
+	}
+
+	if (cbor_decode_attobj(item, cred, parse_attobj) < 0) {
+		fido_log_debug("%s: cbor_decode_attobj", __func__);
+		goto fail;
+	}
+
+	r = FIDO_OK;
+fail:
+	if (item != NULL)
+		cbor_decref(&item);
+
+	return (r);
+}
+
 int
 fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
 {

diff --git a/src/export.gnu b/src/export.gnu
@@ -169,6 +169,7 @@
 		fido_cred_rp_id;
 		fido_cred_rp_name;
 		fido_cred_set_attstmt;
+		fido_cred_set_attobj;
 		fido_cred_set_authdata;
 		fido_cred_set_authdata_raw;
 		fido_cred_set_blob;

diff --git a/src/export.llvm b/src/export.llvm
@@ -167,6 +167,7 @@ _fido_cred_pubkey_ptr
 _fido_cred_rp_id
 _fido_cred_rp_name
 _fido_cred_set_attstmt
+_fido_cred_set_attobj
 _fido_cred_set_authdata
 _fido_cred_set_authdata_raw
 _fido_cred_set_blob

diff --git a/src/export.msvc b/src/export.msvc
@@ -168,6 +168,7 @@ fido_cred_pubkey_ptr
 fido_cred_rp_id
 fido_cred_rp_name
 fido_cred_set_attstmt
+fido_cred_set_attobj
 fido_cred_set_authdata
 fido_cred_set_authdata_raw
 fido_cred_set_blob

diff --git a/src/extern.h b/src/extern.h
@@ -58,6 +58,7 @@ cbor_item_t *es256_pk_encode(const es256_pk_t *, int);
 
 /* cbor decoding functions */
 int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *);
+int cbor_decode_attobj(const cbor_item_t *item, void *arg, int(*parser)(const cbor_item_t *, const cbor_item_t *, void *));
 int cbor_decode_bool(const cbor_item_t *, bool *);
 int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *,
     fido_authdata_t *, fido_attcred_t *, fido_cred_ext_t *);

diff --git a/src/fido.h b/src/fido.h
@@ -151,6 +151,7 @@ int fido_cred_empty_exclude_list(fido_cred_t *);
 int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_prot(const fido_cred_t *);
 int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t);
+int fido_cred_set_attobj(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t);