mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-24 15:28:10 +00:00
common/tools: Check for collisions between U2F app IDs and WebAuthn RP ID hashes.
This commit is contained in:
parent
7d07161efe
commit
7c66a16bef
@ -507,6 +507,27 @@ def check_fido(apps):
|
||||
print_log(logging.ERROR, webauthn_str, bucket_str)
|
||||
check_passed = False
|
||||
|
||||
domain_hashes = {}
|
||||
for app in apps:
|
||||
if "webauthn" in app:
|
||||
for domain in app["webauthn"]:
|
||||
domain_hashes[sha256(domain.encode()).digest()] = domain
|
||||
for app in apps:
|
||||
if "u2f" in app:
|
||||
for u2f in app["u2f"]:
|
||||
domain = domain_hashes.get(bytes.fromhex(u2f["app_id"]))
|
||||
if domain:
|
||||
print_log(
|
||||
logging.ERROR,
|
||||
"colliding WebAuthn domain "
|
||||
+ crayon(None, domain, bold=True)
|
||||
+ " and U2F app_id "
|
||||
+ crayon(None, u2f["app_id"], bold=True)
|
||||
+ " for "
|
||||
+ u2f["label"],
|
||||
)
|
||||
check_passed = False
|
||||
|
||||
for app in apps:
|
||||
if "name" not in app:
|
||||
print_log(logging.ERROR, app["key"], ": missing name")
|
||||
|
Loading…
Reference in New Issue
Block a user