misc: adopt fido_int_array_t in alg plumbing

Co-Authored-By: Mofidul Jamal <[email protected]>
Yubico · Nov 15, 2024 · 1f744e4 · 1f744e4
1 parent 24890b5
commit 1f744e4
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 27 deletions.
diff --git a/src/cbor.c b/src/cbor.c
@@ -515,34 +515,29 @@ cbor_encode_pubkey_param(int cose_alg)
 }
 
 cbor_item_t *
-cbor_encode_pubkey_param_array(int cose_alg)
+cbor_encode_pubkey_param_array(const fido_int_array_t *algs)
 {
 	cbor_item_t		*item = NULL;
 	cbor_item_t		*body = NULL;
-	bool			 r = false;
 
-	if ((item = cbor_new_definite_array(1)) == NULL) {
-		fido_log_debug("%s: cbor_new_definite_array", __func__);
+	if ((item = cbor_new_definite_array(algs->len)) == NULL)
 		goto fail;
-	}
 
-	if ((body = cbor_encode_pubkey_param(cose_alg)) == NULL) {
-		fido_log_debug("%s: cbor_encode_pubkey_param", __func__);
-		goto fail;
+	for (size_t i = 0; i < algs->len; i++) {
+		if ((body = cbor_encode_pubkey_param(algs->ptr[i])) == NULL ||
+		     cbor_array_push(item, body) == false)
+			goto fail;
+		cbor_decref(&body);
 	}
 
-	r = cbor_array_push(item, body);
-	cbor_decref(&body);
-
+	return (item);
 fail:
-	if (r != true) {
-		if (item != NULL) {
-			cbor_decref(&item);
-			item = NULL;
-		}
-	}
+	if (body != NULL)
+		cbor_decref(&body);
+	if (item != NULL)
+		cbor_decref(&item);
 
-	return (item);
+	return (NULL);
 }
 
 cbor_item_t *

diff --git a/src/cred.c b/src/cred.c
@@ -58,6 +58,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
 	fido_opt_t	 uv = cred->uv;
 	es256_pk_t	*pk = NULL;
 	cbor_item_t	*argv[10];
+	const fido_int_array_t algs = { &cred->type, 1 };
 	const uint8_t	 cmd = CTAP_CBOR_MAKECRED;
 	int		 r;
 
@@ -74,7 +75,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
 	if ((argv[0] = fido_blob_encode(&cred->cdh)) == NULL ||
 	    (argv[1] = cbor_encode_rp_entity(&cred->rp)) == NULL ||
 	    (argv[2] = cbor_encode_user_entity(&cred->user)) == NULL ||
-	    (argv[3] = cbor_encode_pubkey_param_array(cred->type)) == NULL) {
+	    (argv[3] = cbor_encode_pubkey_param_array(&algs)) == NULL) {
 		fido_log_debug("%s: cbor encode", __func__);
 		r = FIDO_ERR_INTERNAL;
 		goto fail;

diff --git a/src/extern.h b/src/extern.h
@@ -50,7 +50,7 @@ cbor_item_t *cbor_encode_pin_auth(const fido_dev_t *, const fido_blob_t *,
 cbor_item_t *cbor_encode_pin_opt(const fido_dev_t *);
 cbor_item_t *cbor_encode_pubkey(const fido_blob_t *);
 cbor_item_t *cbor_encode_pubkey_list(const fido_blob_array_t *);
-cbor_item_t *cbor_encode_pubkey_param_array(int);
+cbor_item_t *cbor_encode_pubkey_param_array(const fido_int_array_t *);
 cbor_item_t *cbor_encode_rp_entity(const fido_rp_t *);
 cbor_item_t *cbor_encode_str_array(const fido_str_array_t *);
 cbor_item_t *cbor_encode_user_entity(const fido_user_t *);

diff --git a/src/touch.c b/src/touch.c
@@ -20,6 +20,8 @@ fido_dev_get_touch_begin(fido_dev_t *dev)
 	fido_user_t	 user;
 	int		 ms = dev->timeout_ms;
 	int		 r = FIDO_ERR_INTERNAL;
+	int		 alg = COSE_ES256;
+	const fido_int_array_t algs = { &alg, 1 };
 
 	memset(&f, 0, sizeof(f));
 	memset(argv, 0, sizeof(argv));
@@ -49,7 +51,7 @@ fido_dev_get_touch_begin(fido_dev_t *dev)
 	if ((argv[0] = cbor_build_bytestring(cdh, sizeof(cdh))) == NULL ||
 	    (argv[1] = cbor_encode_rp_entity(&rp)) == NULL ||
 	    (argv[2] = cbor_encode_user_entity(&user)) == NULL ||
-	    (argv[3] = cbor_encode_pubkey_param_array(COSE_ES256)) == NULL) {
+	    (argv[3] = cbor_encode_pubkey_param_array(&algs)) == NULL) {
 		fido_log_debug("%s: cbor encode", __func__);
 		goto fail;
 	}

diff --git a/src/winhello.c b/src/winhello.c
@@ -381,16 +381,25 @@ pack_cose(WEBAUTHN_COSE_CREDENTIAL_PARAMETER *alg, int type)
 }
 
 static int
-pack_cose_array(WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *cose, int type)
+pack_cose_array(WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *cose,
+    const fido_int_array_t *algs)
 {
-	if ((cose->pCredentialParameters = calloc(1,
+	if (algs->ptr == NULL || algs->len > ULONG_MAX) {
+		fido_log_debug("%s: algs (%p, %zu)", __func__,
+		    (void *) algs->ptr, algs->len);
+		return -1;
+	}
+	if ((cose->pCredentialParameters = calloc(algs->len,
 	    sizeof(*cose->pCredentialParameters))) == NULL) {
 		fido_log_debug("%s: calloc", __func__);
 		return -1;
 	}
-	cose->cCredentialParameters = 1;
-	if (pack_cose(cose->pCredentialParameters[0], type) != 0)
-		return -1;
+	for (size_t i = 0; i < algs->len; i++) {
+		if (pack_cose(&cose->pCredentialParameters[i],
+		    algs->ptr[i]) != 0)
+			return -1;
+		cose->cCredentialParameters++;
+	}
 
 	return 0;
 }
@@ -707,6 +716,7 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred,
     const char *pin, int ms)
 {
 	WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *opt;
+	const fido_int_array_t algs = { &cred->type, 1 };
 
 	if (pack_rp(&ctx->rp_id, &ctx->rp_name, &ctx->rp, &cred->rp) < 0) {
 		fido_log_debug("%s: pack_rp", __func__);
@@ -717,7 +727,7 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred,
 		fido_log_debug("%s: pack_user", __func__);
 		return FIDO_ERR_INTERNAL;
 	}
-	if (pack_cose_array(&ctx->cose, cred->type) < 0) {
+	if (pack_cose_array(&ctx->cose, &algs) < 0) {
 		fido_log_debug("%s: pack_cose_array", __func__);
 		return FIDO_ERR_INTERNAL;
 	}