arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-08 09:58:46 +00:00
Code Issues Releases Wiki Activity

core/webauthn: Clean up bytes/bytearray typing around uctypes.

Browse Source
This commit is contained in:
Andrew Kozlik 2020-03-05 18:32:29 +01:00 committed by Andrew Kozlik
parent e378820f7f
commit f610787f8d
4 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/apps/common/cbor.py
View File

@ -143,7 +143,7 @@ def _cbor_decode(cbor: bytes) -> Tuple[Value, bytes]:
return (data[0:ln], data[ln:]) return (data[0:ln], data[ln:])
elif fb_type == _CBOR_TEXT_STRING: elif fb_type == _CBOR_TEXT_STRING:
ln, data = _read_length(cbor[1:], fb_aux) ln, data = _read_length(cbor[1:], fb_aux)
return (bytes(data[0:ln]).decode(), data[ln:]) return (data[0:ln].decode(), data[ln:])
elif fb_type == _CBOR_ARRAY: elif fb_type == _CBOR_ARRAY:
if fb_aux == _CBOR_VAR_FOLLOWS: if fb_aux == _CBOR_VAR_FOLLOWS:
res = [] # type: Value res = [] # type: Value

3
core/src/apps/webauthn/add_resident_credential.py
View File

@ -34,8 +34,7 @@ async def add_resident_credential(
raise wire.ProcessError("Missing credential ID parameter.") raise wire.ProcessError("Missing credential ID parameter.")
try: try:
cred = Fido2Credential.from_cred_id(msg.credential_id, None) cred = Fido2Credential.from_cred_id(bytes(msg.credential_id), None)
except Exception: except Exception:
text = Text("Import credential", ui.ICON_WRONG, ui.RED) text = Text("Import credential", ui.ICON_WRONG, ui.RED)
text.normal( text.normal(

6
core/src/apps/webauthn/credential.py
View File

@ -219,7 +219,7 @@ class Fido2Credential(Credential):
return ( return (
isinstance(self.rp_id, str) isinstance(self.rp_id, str)
and isinstance(self.rp_name, (str, type(None))) and isinstance(self.rp_name, (str, type(None)))
and isinstance(self.user_id, (bytes, bytearray)) and isinstance(self.user_id, bytes)
and isinstance(self.user_name, (str, type(None))) and isinstance(self.user_name, (str, type(None)))
and isinstance(self.user_display_name, (str, type(None))) and isinstance(self.user_display_name, (str, type(None)))
and isinstance(self.hmac_secret, bool) and isinstance(self.hmac_secret, bool)
@ -227,7 +227,7 @@ class Fido2Credential(Credential):
and isinstance(self.creation_time, (int, type(None))) and isinstance(self.creation_time, (int, type(None)))
and isinstance(self.algorithm, (int, type(None))) and isinstance(self.algorithm, (int, type(None)))
and isinstance(self.curve, (int, type(None))) and isinstance(self.curve, (int, type(None)))
and isinstance(self.id, (bytes, bytearray)) and isinstance(self.id, bytes)
) )
def app_name(self) -> str: def app_name(self) -> str:
@ -285,7 +285,7 @@ class Fido2Credential(Credential):
common.COSE_CURVE_ED25519, common.COSE_CURVE_ED25519,
): ):
return ed25519.sign( return ed25519.sign(
self._private_key(), b"".join(bytes(segment) for segment in data) self._private_key(), b"".join(segment for segment in data)
) )
raise TypeError raise TypeError

33
core/src/apps/webauthn/fido2.py
View File

@ -320,7 +320,7 @@ def resp_cmd_authenticate(siglen: int) -> dict:
} }
def overlay_struct(buf: bytes, desc: dict) -> Any: def overlay_struct(buf: bytearray, desc: dict) -> Any:
desc_size = uctypes.sizeof(desc, uctypes.BIG_ENDIAN) # type: ignore desc_size = uctypes.sizeof(desc, uctypes.BIG_ENDIAN) # type: ignore
if desc_size > len(buf): if desc_size > len(buf):
raise ValueError("desc is too big (%d > %d)" % (desc_size, len(buf))) raise ValueError("desc is too big (%d > %d)" % (desc_size, len(buf)))
@ -373,7 +373,7 @@ async def read_cmd(iface: io.HID) -> Optional[Cmd]:
buf = await read buf = await read
while True: while True:
ifrm = overlay_struct(buf, desc_init) ifrm = overlay_struct(bytearray(buf), desc_init)
bcnt = ifrm.bcnt bcnt = ifrm.bcnt
data = ifrm.data data = ifrm.data
datalen = len(data) datalen = len(data)
@ -406,11 +406,11 @@ async def read_cmd(iface: io.HID) -> Optional[Cmd]:
while datalen < bcnt: while datalen < bcnt:
buf = await loop.race(read, loop.sleep(_CTAP_HID_TIMEOUT_MS * 1000)) buf = await loop.race(read, loop.sleep(_CTAP_HID_TIMEOUT_MS * 1000))
if not isinstance(buf, (bytes, bytearray)): if not isinstance(buf, bytes):
await send_cmd(cmd_error(ifrm.cid, _ERR_MSG_TIMEOUT), iface) await send_cmd(cmd_error(ifrm.cid, _ERR_MSG_TIMEOUT), iface)
return None return None
cfrm = overlay_struct(buf, desc_cont) cfrm = overlay_struct(bytearray(buf), desc_cont)
if cfrm.seq == _CMD_INIT: if cfrm.seq == _CMD_INIT:
# _CMD_INIT frame, cancels current channel # _CMD_INIT frame, cancels current channel
@ -434,7 +434,7 @@ async def read_cmd(iface: io.HID) -> Optional[Cmd]:
datalen += utils.memcpy(data, datalen, cfrm.data, 0, bcnt - datalen) datalen += utils.memcpy(data, datalen, cfrm.data, 0, bcnt - datalen)
seq += 1 seq += 1
else: else:
return Cmd(ifrm.cid, ifrm.cmd, data) return Cmd(ifrm.cid, ifrm.cmd, bytes(data))
async def send_cmd(cmd: Cmd, iface: io.HID) -> None: async def send_cmd(cmd: Cmd, iface: io.HID) -> None:
@ -1097,7 +1097,7 @@ def cmd_init(req: Cmd) -> Cmd:
resp.versionBuild = 0 resp.versionBuild = 0
resp.capFlags = _CAPFLAG_WINK | _CAPFLAG_CBOR resp.capFlags = _CAPFLAG_WINK | _CAPFLAG_CBOR
return Cmd(req.cid, req.cmd, buf) return Cmd(req.cid, req.cmd, bytes(buf))
def cmd_wink(req: Cmd) -> Cmd: def cmd_wink(req: Cmd) -> Cmd:
@ -1123,7 +1123,7 @@ def msg_register(req: Msg, dialog_mgr: DialogManager) -> Cmd:
# parse challenge and rp_id_hash # parse challenge and rp_id_hash
chal = req.data[:32] chal = req.data[:32]
cred = U2fCredential() cred = U2fCredential()
cred.rp_id_hash = bytes(req.data[32:]) cred.rp_id_hash = req.data[32:]
cred.generate_key_handle() cred.generate_key_handle()
# check equality with last request # check equality with last request
@ -1181,7 +1181,7 @@ def msg_register_sign(challenge: bytes, cred: U2fCredential) -> bytes:
utils.memcpy(resp.sig, 0, sig, 0, len(sig)) utils.memcpy(resp.sig, 0, sig, 0, len(sig))
resp.status = _SW_NO_ERROR resp.status = _SW_NO_ERROR
return buf return bytes(buf)
def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd: def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
@ -1198,10 +1198,13 @@ def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
# check keyHandleLen # check keyHandleLen
khlen = req.data[_REQ_CMD_AUTHENTICATE_KHLEN] khlen = req.data[_REQ_CMD_AUTHENTICATE_KHLEN]
auth = overlay_struct(req.data, req_cmd_authenticate(khlen)) auth = overlay_struct(bytearray(req.data), req_cmd_authenticate(khlen))
challenge = bytes(auth.chal)
rp_id_hash = bytes(auth.appId)
key_handle = bytes(auth.keyHandle)
try: try:
cred = Credential.from_bytes(auth.keyHandle, bytes(auth.appId)) cred = Credential.from_bytes(key_handle, rp_id_hash)
except Exception: except Exception:
# specific error logged in msg_authenticate_genkey # specific error logged in msg_authenticate_genkey
return msg_error(req.cid, _SW_WRONG_DATA) return msg_error(req.cid, _SW_WRONG_DATA)
@ -1243,7 +1246,7 @@ def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
# sign the authentication challenge and return # sign the authentication challenge and return
if __debug__: if __debug__:
log.info(__name__, "signing authentication") log.info(__name__, "signing authentication")
buf = msg_authenticate_sign(auth.chal, auth.appId, cred) buf = msg_authenticate_sign(challenge, rp_id_hash, cred)
dialog_mgr.reset() dialog_mgr.reset()
@ -1269,7 +1272,7 @@ def msg_authenticate_sign(
utils.memcpy(resp.sig, 0, sig, 0, len(sig)) utils.memcpy(resp.sig, 0, sig, 0, len(sig))
resp.status = _SW_NO_ERROR resp.status = _SW_NO_ERROR
return buf return bytes(buf)
def msg_version(req: Msg) -> Cmd: def msg_version(req: Msg) -> Cmd:
@ -1302,7 +1305,7 @@ def credentials_from_descriptor_list(
continue continue
credential_id = credential_descriptor["id"] credential_id = credential_descriptor["id"]
if not isinstance(credential_id, (bytes, bytearray)): if not isinstance(credential_id, bytes):
raise TypeError raise TypeError
try: try:
cred = Credential.from_bytes(credential_id, rp_id_hash) cred = Credential.from_bytes(credential_id, rp_id_hash)
@ -1406,7 +1409,7 @@ def cbor_make_credential(req: Cmd, dialog_mgr: DialogManager) -> Optional[Cmd]:
not cred.check_data_types() not cred.check_data_types()
or not isinstance(user.get("icon", ""), str) or not isinstance(user.get("icon", ""), str)
or not isinstance(rp.get("icon", ""), str) or not isinstance(rp.get("icon", ""), str)
or not isinstance(client_data_hash, (bytes, bytearray)) or not isinstance(client_data_hash, bytes)
or not isinstance(resident_key, bool) or not isinstance(resident_key, bool)
or not isinstance(user_verification, bool) or not isinstance(user_verification, bool)
): ):
@ -1562,7 +1565,7 @@ def cbor_get_assertion(req: Cmd, dialog_mgr: DialogManager) -> Optional[Cmd]:
# Check data types. # Check data types.
if ( if (
not isinstance(hmac_secret, (dict, type(None))) not isinstance(hmac_secret, (dict, type(None)))
or not isinstance(client_data_hash, (bytes, bytearray)) or not isinstance(client_data_hash, bytes)
or not isinstance(user_presence, bool) or not isinstance(user_presence, bool)
or not isinstance(user_verification, bool) or not isinstance(user_verification, bool)
): ):