core/webauthn: unify signatures of Credential.from_bytes and friends

2024-11-26 01:18:28 +00:00 · 2019-11-06 13:56:52 +01:00 · 2019-11-06 13:56:52 +01:00 · 28d30ffd2f
commit 28d30ffd2f
parent 1397bbfeb5
2 changed files with 11 additions and 10 deletions
--- a/core/src/apps/webauthn/credential.py
+++ b/core/src/apps/webauthn/credential.py
@ -54,7 +54,7 @@ class Credential:
        return storage.device.next_u2f_counter() or 0

    @staticmethod
-    def from_bytes(data: bytes, rp_id_hash: bytes) -> Optional["Credential"]:
+    def from_bytes(data: bytes, rp_id_hash: bytes) -> "Credential":
        try:
            return Fido2Credential.from_cred_id(data, rp_id_hash)
        except Exception:
@ -274,11 +274,9 @@ class U2fCredential(Credential):
        return app_name

    @staticmethod
-    def from_key_handle(
-        key_handle: bytes, rp_id_hash: bytes
-    ) -> Optional["U2fCredential"]:
+    def from_key_handle(key_handle: bytes, rp_id_hash: bytes) -> "U2fCredential":
        if len(key_handle) != _KEY_HANDLE_LENGTH:
-            return None
+            raise ValueError  # key length mismatch

        # check the keyHandle and generate the signing key
        node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, "<8L")
@ -289,7 +287,7 @@ class U2fCredential(Credential):
            node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, ">8L")
        if node is None:
            # specific error logged in msg_authenticate_genkey
-            return None
+            raise ValueError  # failed to parse key handle in either direction

        cred = U2fCredential()
        cred.id = key_handle
--- a/core/src/apps/webauthn/fido2.py
+++ b/core/src/apps/webauthn/fido2.py
@ -1162,8 +1162,9 @@ def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
    khlen = req.data[_REQ_CMD_AUTHENTICATE_KHLEN]
    auth = overlay_struct(req.data, req_cmd_authenticate(khlen))

-    cred = Credential.from_bytes(auth.keyHandle, bytes(auth.appId))
-    if cred is None:
+    try:
+        cred = Credential.from_bytes(auth.keyHandle, bytes(auth.appId))
+    except Exception:
        # specific error logged in msg_authenticate_genkey
        return msg_error(req.cid, _SW_WRONG_DATA)

@ -1264,9 +1265,11 @@ def credentials_from_descriptor_list(
        credential_id = credential_descriptor["id"]
        if not isinstance(credential_id, (bytes, bytearray)):
            raise TypeError
-        cred = Credential.from_bytes(credential_id, rp_id_hash)
-        if cred is not None:
+        try:
+            cred = Credential.from_bytes(credential_id, rp_id_hash)
            cred_list.append(cred)
+        except Exception:
+            pass

    return cred_list