core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response.

2025-02-17 01:52:02 +00:00 · 2020-03-14 20:20:59 +01:00 · 2020-03-14 20:20:59 +01:00 · cda9de8dd1
commit cda9de8dd1
parent 0af0e06d5b
2 changed files with 23 additions and 3 deletions
--- a/core/src/apps/webauthn/credential.py
+++ b/core/src/apps/webauthn/credential.py
@ -15,9 +15,13 @@ if False:

 # Credential ID values
 _CRED_ID_VERSION = b"\xf1\xd0\x02\x00"
-_CRED_ID_MIN_LENGTH = const(33)
+CRED_ID_MIN_LENGTH = const(33)
+CRED_ID_MAX_LENGTH = const(1024)
 _KEY_HANDLE_LENGTH = const(64)

+# Maximum user handle length in bytes.
+_USER_ID_MAX_LENGTH = const(64)
+
 # Maximum supported length of the RP name, user name or user displayName in bytes.
 # Note: The WebAuthn spec allows authenticators to truncate to 64 bytes or more.
 NAME_MAX_LENGTH = const(100)
@ -151,11 +155,14 @@ class Fido2Credential(Credential):
        tag = ctx.finish()
        self.id = _CRED_ID_VERSION + iv + ciphertext + tag

+        if len(self.id) > CRED_ID_MAX_LENGTH:
+            raise AssertionError
+
    @classmethod
    def from_cred_id(
        cls, cred_id: bytes, rp_id_hash: Optional[bytes]
    ) -> "Fido2Credential":
-        if len(cred_id) < _CRED_ID_MIN_LENGTH or cred_id[0:4] != _CRED_ID_VERSION:
+        if len(cred_id) < CRED_ID_MIN_LENGTH or cred_id[0:4] != _CRED_ID_VERSION:
            raise ValueError  # invalid length or version

        key = seed.derive_slip21_node_without_passphrase(
@ -228,6 +235,7 @@ class Fido2Credential(Credential):
        return (
            self.rp_id is not None
            and self.user_id is not None
+            and len(self.user_id) <= _USER_ID_MAX_LENGTH
            and self.creation_time is not None
        )

--- a/core/src/apps/webauthn/fido2.py
+++ b/core/src/apps/webauthn/fido2.py
@ -15,7 +15,12 @@ from trezor.ui.text import Text
 from apps.common import cbor
 from apps.webauthn import common
 from apps.webauthn.confirm import ConfirmContent, ConfirmInfo
-from apps.webauthn.credential import Credential, Fido2Credential, U2fCredential
+from apps.webauthn.credential import (
+    CRED_ID_MAX_LENGTH,
+    Credential,
+    Fido2Credential,
+    U2fCredential,
+)
 from apps.webauthn.resident_credentials import (
    find_by_rp_id_hash,
    store_resident_credential,
@ -98,6 +103,8 @@ _GETINFO_RESP_EXTENSIONS = const(0x02)  # array of str, optional
 _GETINFO_RESP_AAGUID = const(0x03)  # bytes(16), required
 _GETINFO_RESP_OPTIONS = const(0x04)  # map, optional
 _GETINFO_RESP_PIN_PROTOCOLS = const(0x06)  # list of unsigned integers, optional
+_GETINFO_RESP_MAX_CRED_COUNT_IN_LIST = const(0x07)  # int, optional
+_GETINFO_RESP_MAX_CRED_ID_LEN = const(0x08)  # int, optional

 # CBOR ClientPin command parameter keys
 _CLIENTPIN_CMD_PIN_PROTOCOL = const(0x01)  # unsigned int, required
@ -211,6 +218,9 @@ _DEFAULT_USE_SELF_ATTESTATION = True
 # The default value of the use_sign_count flag for newly created credentials.
 _DEFAULT_USE_SIGN_COUNT = True

+# The maximum number of credential IDs that can be supplied in the GetAssertion allow list.
+_MAX_CRED_COUNT_IN_LIST = const(10)
+
 # The CID of the last WINK command. Used to ensure that we do only one WINK at a time on any given CID.
 _last_wink_cid = 0

@ -1747,6 +1757,8 @@ def cbor_get_info(req: Cmd) -> Cmd:
            "uv": True,
        },
        _GETINFO_RESP_PIN_PROTOCOLS: [1],
+        _GETINFO_RESP_MAX_CRED_COUNT_IN_LIST: _MAX_CRED_COUNT_IN_LIST,
+        _GETINFO_RESP_MAX_CRED_ID_LEN: CRED_ID_MAX_LENGTH,
    }
    return Cmd(req.cid, _CMD_CBOR, bytes([_ERR_NONE]) + cbor.encode(response_data))