From 2f905a115749ae7e3d4da8f7c65fd9632e0136db Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Thu, 5 Mar 2020 20:48:33 +0100
Subject: [PATCH] core/webauthn: Add algorithm and curve to
 WebAuthnListResidentCredentials response.

---
 common/protob/messages-webauthn.proto               |  2 ++
 core/src/apps/webauthn/list_resident_credentials.py |  2 ++
 core/src/trezor/messages/WebAuthnCredential.py      |  6 ++++++
 python/src/trezorlib/cli/fido.py                    | 11 +++++++++++
 python/src/trezorlib/messages/WebAuthnCredential.py |  6 ++++++
 5 files changed, 27 insertions(+)

diff --git a/common/protob/messages-webauthn.proto b/common/protob/messages-webauthn.proto
index ebdd26e56..10bf4604d 100644
--- a/common/protob/messages-webauthn.proto
+++ b/common/protob/messages-webauthn.proto
@@ -53,5 +53,7 @@ message WebAuthnCredentials {
         optional uint32 creation_time = 8;
         optional bool hmac_secret = 9;
         optional bool use_sign_count = 10;
+        optional sint32 algorithm = 11;
+        optional sint32 curve = 12;
     }
 }
diff --git a/core/src/apps/webauthn/list_resident_credentials.py b/core/src/apps/webauthn/list_resident_credentials.py
index 1fb4c2f55..77c5ca609 100644
--- a/core/src/apps/webauthn/list_resident_credentials.py
+++ b/core/src/apps/webauthn/list_resident_credentials.py
@@ -33,6 +33,8 @@ async def list_resident_credentials(
             creation_time=cred.creation_time,
             hmac_secret=cred.hmac_secret,
             use_sign_count=cred.use_sign_count,
+            algorithm=cred.algorithm,
+            curve=cred.curve,
         )
         for cred in resident_credentials.find_all()
     ]
diff --git a/core/src/trezor/messages/WebAuthnCredential.py b/core/src/trezor/messages/WebAuthnCredential.py
index 81eed7828..6f75df4d0 100644
--- a/core/src/trezor/messages/WebAuthnCredential.py
+++ b/core/src/trezor/messages/WebAuthnCredential.py
@@ -24,6 +24,8 @@ class WebAuthnCredential(p.MessageType):
         creation_time: int = None,
         hmac_secret: bool = None,
         use_sign_count: bool = None,
+        algorithm: int = None,
+        curve: int = None,
     ) -> None:
         self.index = index
         self.id = id
@@ -35,6 +37,8 @@ class WebAuthnCredential(p.MessageType):
         self.creation_time = creation_time
         self.hmac_secret = hmac_secret
         self.use_sign_count = use_sign_count
+        self.algorithm = algorithm
+        self.curve = curve
 
     @classmethod
     def get_fields(cls) -> Dict:
@@ -49,4 +53,6 @@ class WebAuthnCredential(p.MessageType):
             8: ('creation_time', p.UVarintType, 0),
             9: ('hmac_secret', p.BoolType, 0),
             10: ('use_sign_count', p.BoolType, 0),
+            11: ('algorithm', p.SVarintType, 0),
+            12: ('curve', p.SVarintType, 0),
         }
diff --git a/python/src/trezorlib/cli/fido.py b/python/src/trezorlib/cli/fido.py
index 8f920c043..359c01ae2 100644
--- a/python/src/trezorlib/cli/fido.py
+++ b/python/src/trezorlib/cli/fido.py
@@ -18,6 +18,10 @@ import click
 
 from .. import fido
 
+ALGORITHM_NAME = {-7: "ES256 (ECDSA w/ SHA-256)", -8: "EdDSA"}
+
+CURVE_NAME = {1: "P-256 (secp256r1)", 6: "Ed25519"}
+
 
 @click.group(name="fido")
 def cli():
@@ -33,6 +37,7 @@ def credentials():
 @click.pass_obj
 def credentials_list(connect):
     """List all resident credentials on the device."""
+
     creds = fido.list_credentials(connect())
     for cred in creds:
         click.echo("")
@@ -53,6 +58,12 @@ def credentials_list(connect):
             click.echo("  hmac-secret enabled:    {}".format(cred.hmac_secret))
         if cred.use_sign_count is not None:
             click.echo("  Use signature counter:  {}".format(cred.use_sign_count))
+        if cred.algorithm is not None:
+            algorithm = ALGORITHM_NAME.get(cred.algorithm, cred.algorithm)
+            click.echo("  Algorithm:              {}".format(algorithm))
+        if cred.curve is not None:
+            curve = CURVE_NAME.get(cred.curve, cred.curve)
+            click.echo("  Curve:                  {}".format(curve))
         click.echo("  Credential ID:          {}".format(cred.id.hex()))
 
     if not creds:
diff --git a/python/src/trezorlib/messages/WebAuthnCredential.py b/python/src/trezorlib/messages/WebAuthnCredential.py
index 5edf3d982..5046dab76 100644
--- a/python/src/trezorlib/messages/WebAuthnCredential.py
+++ b/python/src/trezorlib/messages/WebAuthnCredential.py
@@ -24,6 +24,8 @@ class WebAuthnCredential(p.MessageType):
         creation_time: int = None,
         hmac_secret: bool = None,
         use_sign_count: bool = None,
+        algorithm: int = None,
+        curve: int = None,
     ) -> None:
         self.index = index
         self.id = id
@@ -35,6 +37,8 @@ class WebAuthnCredential(p.MessageType):
         self.creation_time = creation_time
         self.hmac_secret = hmac_secret
         self.use_sign_count = use_sign_count
+        self.algorithm = algorithm
+        self.curve = curve
 
     @classmethod
     def get_fields(cls) -> Dict:
@@ -49,4 +53,6 @@ class WebAuthnCredential(p.MessageType):
             8: ('creation_time', p.UVarintType, 0),
             9: ('hmac_secret', p.BoolType, 0),
             10: ('use_sign_count', p.BoolType, 0),
+            11: ('algorithm', p.SVarintType, 0),
+            12: ('curve', p.SVarintType, 0),
         }