Don't assume AppId is hashed

This allows alternative token implementations to use CTAP2 based API,
that expects relying party is hashed by the platform, not by the
application.

Author: ueno

Cargo.toml

@@ -45,6 +45,7 @@ log = "0.4"
 libc = "0.2"
 runloop = "0.1.0"
 bitflags = "1.0"
+sha2 = "^0.8.2"
 tokio = { version = "0.2", optional = true, features = ["macros"] }
 warp = { version = "0.2.4", optional = true }
 serde = { version = "1.0", optional = true, features = ["derive"] }
@@ -53,7 +54,6 @@ bytes = { version = "0.5", optional = true, features = ["serde"] }
 base64 = { version = "^0.10", optional = true }
 
 [dev-dependencies]
-sha2 = "^0.8.2"
 base64 = "^0.10"
 env_logger = "^0.6"
 getopts = "^0.2"

examples/main.rs

@@ -3,7 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 use authenticator::{
-    authenticatorservice::AuthenticatorService, statecallback::StateCallback,
+    authenticatorservice::AuthenticatorService, statecallback::StateCallback, AppId,
     AuthenticatorTransports, KeyHandle, RegisterFlags, SignFlags, StatusUpdate,
 };
 use getopts::Options;
@@ -96,9 +96,8 @@ fn main() {
     challenge.input(challenge_str.as_bytes());
     let chall_bytes = challenge.result().to_vec();
 
-    let mut application = Sha256::default();
-    application.input(b"http://demo.yubico.com");
-    let app_bytes = application.result().to_vec();
+    let app_bytes = b"http://demo.yubico.com".to_vec();
+    let app_id: AppId = app_bytes.into();
 
     let flags = RegisterFlags::empty();
 
@@ -131,7 +130,7 @@ fn main() {
             flags,
             timeout_ms,
             chall_bytes.clone(),
-            app_bytes.clone(),
+            app_id.clone(),
             vec![],
             status_tx.clone(),
             callback,
@@ -163,7 +162,7 @@ fn main() {
         flags,
         timeout_ms,
         chall_bytes,
-        vec![app_bytes],
+        vec![app_id.clone()],
         vec![key_handle],
         status_tx,
         callback,

src/authenticatorservice.rs

@@ -105,7 +105,7 @@ impl AuthenticatorService {
         status: Sender<crate::StatusUpdate>,
         callback: StateCallback<crate::Result<crate::RegisterResult>>,
     ) -> crate::Result<()> {
-        if challenge.len() != PARAMETER_SIZE || application.len() != PARAMETER_SIZE {
+        if challenge.len() != PARAMETER_SIZE {
             return Err(AuthenticatorError::InvalidRelyingPartyInput);
         }
 
@@ -167,12 +167,6 @@ impl AuthenticatorService {
             return Err(AuthenticatorError::InvalidRelyingPartyInput);
         }
 
-        for app_id in &app_ids {
-            if app_id.len() != PARAMETER_SIZE {
-                return Err(AuthenticatorError::InvalidRelyingPartyInput);
-            }
-        }
-
         for key_handle in &key_handles {
             if key_handle.credential.len() > 256 {
                 return Err(AuthenticatorError::InvalidRelyingPartyInput);

src/capi.rs

@@ -82,7 +82,7 @@ pub unsafe extern "C" fn rust_u2f_app_ids_add(
     id_ptr: *const u8,
     id_len: usize,
 ) {
-    (*ids).push(from_raw(id_ptr, id_len));
+    (*ids).push(from_raw(id_ptr, id_len).into());
 }
 
 /// # Safety
@@ -232,7 +232,7 @@ pub unsafe extern "C" fn rust_u2f_mgr_register(
 
     let flags = crate::RegisterFlags::from_bits_truncate(flags);
     let challenge = from_raw(challenge_ptr, challenge_len);
-    let application = from_raw(application_ptr, application_len);
+    let application = from_raw(application_ptr, application_len).into();
     let key_handles = (*khs).clone();
 
     let (status_tx, status_rx) = channel::<crate::StatusUpdate>();
@@ -333,7 +333,7 @@ pub unsafe extern "C" fn rust_u2f_mgr_sign(
                 let mut bufs = HashMap::new();
                 bufs.insert(RESBUF_ID_KEYHANDLE, key_handle);
                 bufs.insert(RESBUF_ID_SIGNATURE, signature);
-                bufs.insert(RESBUF_ID_APPID, app_id);
+                bufs.insert(RESBUF_ID_APPID, app_id.to_u2f());
                 bufs.insert(RESBUF_ID_VENDOR_NAME, dev_info.vendor_name);
                 bufs.insert(RESBUF_ID_DEVICE_NAME, dev_info.device_name);
                 bufs.insert(RESBUF_ID_FIRMWARE_MAJOR, vec![dev_info.version_major]);

src/lib.rs

@@ -104,7 +104,8 @@ pub struct KeyHandle {
     pub transports: AuthenticatorTransports,
 }
 
-pub type AppId = Vec<u8>;
+#[derive(Clone, Debug)]
+pub struct AppId(Vec<u8>);
 pub type RegisterResult = (Vec<u8>, u2ftypes::U2FDeviceInfo);
 pub type SignResult = (AppId, Vec<u8>, Vec<u8>, u2ftypes::U2FDeviceInfo);
 

src/manager.rs

@@ -121,7 +121,7 @@ impl AuthenticatorTransport for U2FManager {
         status: Sender<crate::StatusUpdate>,
         callback: StateCallback<crate::Result<crate::RegisterResult>>,
     ) -> crate::Result<()> {
-        if challenge.len() != PARAMETER_SIZE || application.len() != PARAMETER_SIZE {
+        if challenge.len() != PARAMETER_SIZE {
             return Err(AuthenticatorError::InvalidRelyingPartyInput);
         }
 
@@ -161,12 +161,6 @@ impl AuthenticatorTransport for U2FManager {
             return Err(AuthenticatorError::InvalidRelyingPartyInput);
         }
 
-        for app_id in &app_ids {
-            if app_id.len() != PARAMETER_SIZE {
-                return Err(AuthenticatorError::InvalidRelyingPartyInput);
-            }
-        }
-
         for key_handle in &key_handles {
             if key_handle.credential.len() > 256 {
                 return Err(AuthenticatorError::InvalidRelyingPartyInput);

src/statemachine.rs

@@ -112,12 +112,14 @@ impl StateMachine {
                 },
             );
 
+            let app_id_hash = application.to_u2f();
+
             // Iterate the exclude list and see if there are any matches.
             // If so, we'll keep polling the device anyway to test for user
             // consent, to be consistent with CTAP2 device behavior.
             let excluded = key_handles.iter().any(|key_handle| {
                 is_valid_transport(key_handle.transports)
-                    && u2f_is_keyhandle_valid(dev, &challenge, &application, &key_handle.credential)
+                    && u2f_is_keyhandle_valid(dev, &challenge, &app_id_hash, &key_handle.credential)
                         .unwrap_or(false) /* no match on failure */
             });
 
@@ -130,7 +132,7 @@ impl StateMachine {
                         )));
                         break;
                     }
-                } else if let Ok(bytes) = u2f_register(dev, &challenge, &application) {
+                } else if let Ok(bytes) = u2f_register(dev, &challenge, &app_id_hash) {
                     let dev_info = dev.get_device_info();
                     send_status(
                         &status_mutex,
@@ -201,7 +203,9 @@ impl StateMachine {
             // valid key handle for an appId, we'll use that appId below.
             let (app_id, valid_handles) =
                 find_valid_key_handles(&app_ids, &key_handles, |app_id, key_handle| {
-                    u2f_is_keyhandle_valid(dev, &challenge, app_id, &key_handle.credential)
+                    let app_id: crate::AppId = app_id.clone().into();
+                    let app_id_hash = app_id.to_u2f();
+                    u2f_is_keyhandle_valid(dev, &challenge, &app_id_hash, &key_handle.credential)
                         .unwrap_or(false) /* no match on failure */
                 });
 
@@ -225,6 +229,8 @@ impl StateMachine {
                 },
             );
 
+            let app_id_hash = app_id.to_u2f();
+
             'outer: while alive() {
                 // If the device matches none of the given key handles
                 // then just make it blink with bogus data.
@@ -239,7 +245,8 @@ impl StateMachine {
                 } else {
                     // Otherwise, try to sign.
                     for key_handle in &valid_handles {
-                        if let Ok(bytes) = u2f_sign(dev, &challenge, app_id, &key_handle.credential)
+                        if let Ok(bytes) =
+                            u2f_sign(dev, &challenge, &app_id_hash, &key_handle.credential)
                         {
                             let dev_info = dev.get_device_info();
                             send_status(

src/util.rs

@@ -4,7 +4,11 @@
 
 extern crate libc;
 
+use sha2::Digest;
 use std::io;
+use std::ops::Deref;
+
+use crate::AppId;
 
 macro_rules! try_or {
     ($val:expr, $or:expr) => {
@@ -65,3 +69,25 @@ pub fn from_unix_result<T: Signed>(rv: T) -> io::Result<T> {
 pub fn io_err(msg: &str) -> io::Error {
     io::Error::new(io::ErrorKind::Other, msg)
 }
+
+impl AppId {
+    pub fn to_u2f(&self) -> Vec<u8> {
+        let mut sha256 = sha2::Sha256::default();
+        sha256.input(&self.0);
+        sha256.result().to_vec()
+    }
+}
+
+impl Deref for AppId {
+    type Target = Vec<u8>;
+
+    fn deref(&self) -> &Vec<u8> {
+        &self.0
+    }
+}
+
+impl From<Vec<u8>> for AppId {
+    fn from(v: Vec<u8>) -> Self {
+        Self(v)
+    }
+}

src/virtualdevices/software_u2f.rs

@@ -34,7 +34,12 @@ impl SoftwareU2FToken {
         _app_ids: Vec<crate::AppId>,
         _key_handles: Vec<crate::KeyHandle>,
     ) -> crate::Result<crate::SignResult> {
-        Ok((vec![0u8; 0], vec![0u8; 0], vec![0u8; 0], self.dev_info()))
+        Ok((
+            vec![0u8; 0].into(),
+            vec![0u8; 0],
+            vec![0u8; 0],
+            self.dev_info(),
+        ))
     }
 
     pub fn dev_info(&self) -> crate::u2ftypes::U2FDeviceInfo {