// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "device/fido/pin.h" #include <numeric> #include <string> #include <utility> #include "base/i18n/char_iterator.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "components/cbor/reader.h" #include "components/cbor/values.h" #include "components/cbor/writer.h" #include "device/fido/fido_constants.h" #include "device/fido/pin_internal.h" #include "third_party/boringssl/src/include/openssl/aes.h" #include "third_party/boringssl/src/include/openssl/ec.h" #include "third_party/boringssl/src/include/openssl/nid.h" #include "third_party/boringssl/src/include/openssl/sha.h" namespace device { namespace pin { namespace { uint8_t PermissionsToByte(base::span<const pin::Permissions> permissions) { … } } // namespace // HasAtLeastFourCodepoints returns true if |pin| is UTF-8 encoded and contains // four or more code points. This reflects the "4 Unicode characters" // requirement in CTAP2. static bool HasAtLeastFourCodepoints(const std::string& pin) { … } PINEntryError ValidatePIN(const std::string& pin, uint32_t min_pin_length, std::optional<std::string> current_pin) { … } PINEntryError ValidatePIN(const std::u16string& pin16, uint32_t min_pin_length, std::optional<std::string> current_pin) { … } // EncodePINCommand returns a CTAP2 PIN command for the operation |subcommand|. // Additional elements of the top-level CBOR map can be added with the optional // |add_additional| callback. static std::pair<CtapRequestCommand, std::optional<cbor::Value>> EncodePINCommand( PINUVAuthProtocol protocol_version, Subcommand subcommand, std::function<void(cbor::Value::MapValue*)> add_additional = nullptr) { … } RetriesResponse::RetriesResponse() = default; // static std::optional<RetriesResponse> RetriesResponse::ParsePinRetries( const std::optional<cbor::Value>& cbor) { … } // static std::optional<RetriesResponse> RetriesResponse::ParseUvRetries( const std::optional<cbor::Value>& cbor) { … } // static std::optional<RetriesResponse> RetriesResponse::Parse( const std::optional<cbor::Value>& cbor, const int retries_key) { … } KeyAgreementResponse::KeyAgreementResponse() = default; // static std::optional<KeyAgreementResponse> KeyAgreementResponse::Parse( const std::optional<cbor::Value>& cbor) { … } // static std::optional<KeyAgreementResponse> KeyAgreementResponse::ParseFromCOSE( const cbor::Value::MapValue& cose_key) { … } std::array<uint8_t, kP256X962Length> KeyAgreementResponse::X962() const { … } SetRequest::SetRequest(PINUVAuthProtocol protocol, const std::string& pin, const KeyAgreementResponse& peer_key) : … { … } cbor::Value::MapValue EncodeCOSEPublicKey( base::span<const uint8_t, kP256X962Length> x962) { … } ChangeRequest::ChangeRequest(PINUVAuthProtocol protocol, const std::string& old_pin, const std::string& new_pin, const KeyAgreementResponse& peer_key) : … { … } // static std::optional<EmptyResponse> EmptyResponse::Parse( const std::optional<cbor::Value>& cbor) { … } TokenResponse::TokenResponse(PINUVAuthProtocol protocol) : … { … } TokenResponse::~TokenResponse() = default; TokenResponse::TokenResponse(const TokenResponse&) = default; TokenResponse& TokenResponse::operator=(const TokenResponse&) = default; std::optional<TokenResponse> TokenResponse::Parse( PINUVAuthProtocol protocol, base::span<const uint8_t> shared_key, const std::optional<cbor::Value>& cbor) { … } std::pair<PINUVAuthProtocol, std::vector<uint8_t>> TokenResponse::PinAuth( base::span<const uint8_t> client_data_hash) const { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const PinRetriesRequest& request) { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const UvRetriesRequest& request) { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const KeyAgreementRequest& request) { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const SetRequest& request) { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const ChangeRequest& request) { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const ResetRequest&) { … } TokenRequest::TokenRequest(PINUVAuthProtocol protocol, const KeyAgreementResponse& peer_key) : … { … } TokenRequest::~TokenRequest() = default; TokenRequest::TokenRequest(TokenRequest&& other) = default; const std::vector<uint8_t>& TokenRequest::shared_key() const { … } PinTokenRequest::PinTokenRequest(PINUVAuthProtocol protocol, const std::string& pin, const KeyAgreementResponse& peer_key) : … { … } PinTokenRequest::~PinTokenRequest() = default; PinTokenRequest::PinTokenRequest(PinTokenRequest&& other) = default; // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const PinTokenRequest& request) { … } PinTokenWithPermissionsRequest::PinTokenWithPermissionsRequest( PINUVAuthProtocol protocol, const std::string& pin, const KeyAgreementResponse& peer_key, base::span<const pin::Permissions> permissions, const std::optional<std::string> rp_id) : … { … } // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const PinTokenWithPermissionsRequest& request) { … } PinTokenWithPermissionsRequest::~PinTokenWithPermissionsRequest() = default; PinTokenWithPermissionsRequest::PinTokenWithPermissionsRequest( PinTokenWithPermissionsRequest&& other) = default; UvTokenRequest::UvTokenRequest(PINUVAuthProtocol protocol, const KeyAgreementResponse& peer_key, std::optional<std::string> rp_id, base::span<const pin::Permissions> permissions) : … { … } UvTokenRequest::~UvTokenRequest() = default; UvTokenRequest::UvTokenRequest(UvTokenRequest&& other) = default; // static std::pair<CtapRequestCommand, std::optional<cbor::Value>> AsCTAPRequestValuePair(const UvTokenRequest& request) { … } static std::vector<uint8_t> ConcatSalts( base::span<const uint8_t, 32> salt1, const std::optional<std::array<uint8_t, 32>>& salt2) { … } HMACSecretRequest::HMACSecretRequest( PINUVAuthProtocol protocol, const KeyAgreementResponse& peer_key, base::span<const uint8_t, 32> salt1, const std::optional<std::array<uint8_t, 32>>& salt2) : … { … } HMACSecretRequest::~HMACSecretRequest() = default; HMACSecretRequest::HMACSecretRequest(const HMACSecretRequest& other) = default; std::optional<std::vector<uint8_t>> HMACSecretRequest::Decrypt( base::span<const uint8_t> ciphertext) { … } } // namespace pin } // namespace device
Codebase Browser
chromium