Merge branch 'jens/pin-protocol-v2'

Author: jensutbult

YubiKit/YubiKit/Connections/Shared/Sessions/FIDO2/YKFFIDO2Session+Private.h

@@ -18,6 +18,12 @@
 
 @protocol YKFConnectionControllerProtocol, YKFSCPKeyParamsProtocol;
 
+typedef NS_ENUM(NSUInteger, YKFFIDOPinProtocol) {
+    YKFFIDOPinProtocolV1 = 1,
+    YKFFIDOPinProtocolV2 = 2,
+};
+
+
 NS_ASSUME_NONNULL_BEGIN
 
 @interface YKFFIDO2Session()<YKFSessionProtocol>

YubiKit/YubiKit/Connections/Shared/Sessions/FIDO2/YKFFIDO2Session.m

@@ -58,6 +58,14 @@
 NSString* const YKFFIDO2OptionUV = @"uv";
 NSString* const YKFFIDO2OptionUP = @"up";
 
+@interface NSData(NSData_PinProtocols)
+
+- (NSData *)ykf_authenticateDataWithKey:(NSData *)data pinProtocol:(YKFFIDOPinProtocol)pinProtocol;
+- (NSData *)ykf_encryptDataWithKey:(NSData *)data pinProtocol:(YKFFIDOPinProtocol)pinProtocol;
+- (NSData *)ykf_decryptDataWithKey:(NSData *)data pinProtocol:(YKFFIDOPinProtocol)pinProtocol;
+
+@end
+
 #pragma mark - Private Response Blocks
 
 typedef void (^YKFFIDO2SessionResultCompletionBlock)
@@ -80,6 +88,8 @@ @interface YKFFIDO2Session()
 // Keeps the state of the application selection to avoid reselecting the application.
 @property BOOL applicationSelected;
 
+@property (nonatomic, readwrite) YKFFIDOPinProtocol pinProtocol;
+
 @end
 
 @implementation YKFFIDO2Session
@@ -97,8 +107,18 @@ + (void)sessionWithConnectionController:(nonnull id<YKFConnectionControllerProto
         if (error) {
             completion(nil, error);
         } else {
-            [session updateKeyState:YKFFIDO2SessionKeyStateIdle];
-            completion(session, nil);
+            [session getInfoWithCompletion:^(YKFFIDO2GetInfoResponse * _Nullable response, NSError * _Nullable error) {
+                if ([response.pinProtocols containsObject: @2]) {
+                    session.pinProtocol = YKFFIDOPinProtocolV2;
+                } else if ([response.pinProtocols containsObject: @1]) {
+                    session.pinProtocol = YKFFIDOPinProtocolV1;
+                } else {
+                    completion(nil, [YKFFIDO2Error errorWithCode:YKFFIDO2ErrorCodeOTHER]);
+                    return;
+                }
+                completion(session, nil);
+                [session updateKeyState:YKFFIDO2SessionKeyStateIdle];
+            }];
         }
     }];
 }
@@ -189,13 +209,13 @@ - (void)verifyPin:(NSString *)pin completion:(YKFFIDO2SessionGenericCompletionBl
 
         // Get the authenticator pinToken
         YKFFIDO2ClientPinRequest *clientPinGetPinTokenRequest = [[YKFFIDO2ClientPinRequest alloc] init];
-        clientPinGetPinTokenRequest.pinProtocol = 1;
+        clientPinGetPinTokenRequest.pinProtocol = self.pinProtocol;
         clientPinGetPinTokenRequest.subCommand = YKFFIDO2ClientPinRequestSubCommandGetPINToken;
         clientPinGetPinTokenRequest.keyAgreement = cosePlatformPublicKey;
 
         NSData *pinData = [pin dataUsingEncoding:NSUTF8StringEncoding];
         NSData *pinHash = [[pinData ykf_SHA256] subdataWithRange:NSMakeRange(0, 16)];
-        clientPinGetPinTokenRequest.pinHashEnc = [pinHash ykf_aes256EncryptedDataWithKey:sharedSecret];
+        clientPinGetPinTokenRequest.pinHashEnc = [pinHash ykf_encryptDataWithKey:sharedSecret pinProtocol:self.pinProtocol];
 
         [strongSelf executeClientPinRequest:clientPinGetPinTokenRequest completion:^(YKFFIDO2ClientPinResponse *response, NSError *error) {
             if (error) {
@@ -209,7 +229,7 @@ - (void)verifyPin:(NSString *)pin completion:(YKFFIDO2SessionGenericCompletionBl
             }
 
             // Cache the pinToken
-            strongSelf.pinToken = [response.pinToken ykf_aes256DecryptedDataWithKey:sharedSecret];
+            strongSelf.pinToken = [encryptedPinToken ykf_decryptDataWithKey:sharedSecret pinProtocol:self.pinProtocol];
 
             if (!strongSelf.pinToken) {
                 completion([YKFFIDO2Error errorWithCode:YKFFIDO2ErrorCodeINVALID_CBOR]);
@@ -299,13 +319,12 @@ - (void)setPin:(nonnull NSString *)pin completion:(nonnull YKFFIDO2SessionGeneri
 
         // Set the new PIN
         YKFFIDO2ClientPinRequest *setPinRequest = [[YKFFIDO2ClientPinRequest alloc] init];
-        setPinRequest.pinProtocol = 1;
+        setPinRequest.pinProtocol = self.pinProtocol;
         setPinRequest.subCommand = YKFFIDO2ClientPinRequestSubCommandSetPIN;
         setPinRequest.keyAgreement = cosePlatformPublicKey;
 
-        
-        setPinRequest.pinEnc = [pinData ykf_aes256EncryptedDataWithKey:sharedSecret];
-        setPinRequest.pinAuth = [[setPinRequest.pinEnc ykf_fido2HMACWithKey:sharedSecret] subdataWithRange:NSMakeRange(0, 16)];
+        setPinRequest.pinEnc = [pinData ykf_encryptDataWithKey:sharedSecret pinProtocol:self.pinProtocol];
+        setPinRequest.pinAuth = [setPinRequest.pinEnc ykf_authenticateDataWithKey:sharedSecret pinProtocol:self.pinProtocol];
 
         [strongSelf executeClientPinRequest:setPinRequest completion:^(YKFFIDO2ClientPinResponse *response, NSError *error) {
             if (error) {
@@ -351,9 +370,8 @@ - (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash
     NSUInteger pinProtocol = 0;
     if (self.pinToken) {
         YKFParameterAssertReturn(clientDataHash);
-        pinProtocol = 1;
-        NSData *hmac = [clientDataHash ykf_fido2HMACWithKey:self.pinToken];
-        pinAuth = [hmac subdataWithRange:NSMakeRange(0, 16)];
+        pinProtocol = self.pinProtocol;
+        pinAuth = [clientDataHash ykf_authenticateDataWithKey:self.pinToken pinProtocol:self.pinProtocol];
         if (!pinAuth) {
             completion(nil, [YKFFIDO2Error errorWithCode:YKFFIDO2ErrorCodeOTHER]);
         }
@@ -400,9 +418,8 @@ - (void)getAssertionWithClientDataHash:(NSData *)clientDataHash
     NSUInteger pinProtocol = 0;
     if (self.pinToken) {
         YKFParameterAssertReturn(clientDataHash);
-        pinProtocol = 1;
-        NSData *hmac = [clientDataHash ykf_fido2HMACWithKey:self.pinToken];
-        pinAuth = [hmac subdataWithRange:NSMakeRange(0, 16)];
+        pinProtocol = self.pinProtocol;
+        pinAuth = [clientDataHash ykf_authenticateDataWithKey:self.pinToken pinProtocol:self.pinProtocol];
         if (!pinAuth) {
             completion(nil, [YKFFIDO2Error errorWithCode:YKFFIDO2ErrorCodeOTHER]);
         }
@@ -537,7 +554,7 @@ - (void)executeGetSharedSecretWithCompletion:(YKFFIDO2SessionClientPinSharedSecr
 
     // Get the authenticator public key.
     YKFFIDO2ClientPinRequest *clientPinKeyAgreementRequest = [[YKFFIDO2ClientPinRequest alloc] init];
-    clientPinKeyAgreementRequest.pinProtocol = 1;
+    clientPinKeyAgreementRequest.pinProtocol = self.pinProtocol;
     clientPinKeyAgreementRequest.subCommand = YKFFIDO2ClientPinRequestSubCommandGetKeyAgreement;
     clientPinKeyAgreementRequest.keyAgreement = cosePlatformPublicKey;
 
@@ -563,7 +580,20 @@ - (void)executeGetSharedSecretWithCompletion:(YKFFIDO2SessionClientPinSharedSecr
             completion(nil, nil, [YKFFIDO2Error errorWithCode:YKFFIDO2ErrorCodeOTHER]);
             return;
         }
-        sharedSecret = [sharedSecret ykf_SHA256];
+        
+        switch (_pinProtocol) {
+            case YKFFIDOPinProtocolV1:
+                sharedSecret = [sharedSecret ykf_SHA256];
+                break;
+            case YKFFIDOPinProtocolV2: {
+                NSData *hmacKey = [sharedSecret ykf_deriveHKDFWithSalt:[NSMutableData dataWithLength:32] info:[@"CTAP2 HMAC key" dataUsingEncoding:NSUTF8StringEncoding]];
+                NSData *aesKey = [sharedSecret ykf_deriveHKDFWithSalt:[NSMutableData dataWithLength:32] info:[@"CTAP2 AES key" dataUsingEncoding:NSUTF8StringEncoding]];
+                NSMutableData *result = [hmacKey mutableCopy];
+                [result appendData:aesKey];
+                sharedSecret = result;
+                break;
+            }
+        }
 
         // Success
         completion(sharedSecret, cosePlatformPublicKey, nil);
@@ -641,3 +671,50 @@ - (void)handleTouchRequired:(YKFAPDU *)apdu  retryCount:(int)retryCount completi
 }
 
 @end
+
+
+#pragma mark - INT conversion
+
+@implementation NSData (NSData_PinProtocols)
+
+- (NSData *)ykf_authenticateDataWithKey:(NSData *)key pinProtocol:(YKFFIDOPinProtocol)pinProtocol {
+    switch (pinProtocol) {
+        case YKFFIDOPinProtocolV1:
+            return [[self ykf_fido2HMACWithKey:key] subdataWithRange:NSMakeRange(0, 16)];
+        case YKFFIDOPinProtocolV2:
+            return [self ykf_fido2HMACWithKey:[key subdataWithRange:NSMakeRange(0, 32)]];
+    }
+    return [NSData new];
+}
+
+- (NSData *)ykf_encryptDataWithKey:(NSData *)key pinProtocol:(YKFFIDOPinProtocol)pinProtocol {
+    switch (pinProtocol) {
+        case YKFFIDOPinProtocolV1:
+            return [self ykf_aes256Operation:kCCEncrypt withKey:key];
+        case YKFFIDOPinProtocolV2: {
+            NSData *aesKey = [key subdataWithRange:NSMakeRange(32, key.length-32)];
+            NSData *iv = [NSData ykf_randomDataOfSize:16];
+            NSData *cipher = [self ykf_cryptOperation:kCCEncrypt algorithm:kCCAlgorithmAES mode:kCCModeCBC key:aesKey iv:iv];
+            NSMutableData *result = [iv mutableCopy];
+            [result appendData:cipher];
+            return result;
+        }
+    }
+    return [NSData new];
+}
+
+- (NSData *)ykf_decryptDataWithKey:(NSData *)key pinProtocol:(YKFFIDOPinProtocol)pinProtocol {
+    switch (pinProtocol) {
+        case YKFFIDOPinProtocolV1:
+            return [self ykf_aes256Operation:kCCDecrypt withKey:key];
+        case YKFFIDOPinProtocolV2: {
+            NSData *aesKey = [key subdataWithRange:NSMakeRange(32, key.length-32)];
+            NSData *iv = [self subdataWithRange:NSMakeRange(0, 16)];
+            NSData *cipher = [self subdataWithRange:NSMakeRange(16, self.length-16)];
+            return [cipher ykf_cryptOperation:kCCDecrypt algorithm:kCCAlgorithmAES mode:kCCModeCBC key:aesKey iv:iv];
+        }
+    }
+    return [NSData new];
+}
+
+@end

YubiKit/YubiKit/Helpers/Additions/YKFNSDataAdditions+Private.h

@@ -51,6 +51,8 @@ NS_ASSUME_NONNULL_BEGIN
 
 + (nullable NSData *)ykf_randomDataOfSize:(size_t)sizeInBytes;
 
+- (NSData *)ykf_deriveHKDFWithSalt:(NSData *)salt info:(NSData *)info;
+
 - (NSData *)ykf_toLength:(int)length;
 
 @end

YubiKit/YubiKit/Helpers/Additions/YKFNSDataAdditions.m

@@ -237,6 +237,23 @@ + (nullable NSData *)ykf_randomDataOfSize:(size_t)sizeInBytes {
     return [NSData dataWithBytesNoCopy:buff length:sizeInBytes freeWhenDone:YES];
 }
 
+// Note that this is not a complete implementation of hkdf. This only outputs 32 bytes.
+- (NSData *)ykf_hkdfExtract:(NSData *)salt {
+    return [self ykf_fido2HMACWithKey:salt];
+}
+
+-(NSData *)ykf_hkdfExpand:(NSData *)info {
+    NSMutableData *data = [info mutableCopy];
+    UInt8 zero = 0x01;
+    [data appendBytes:&zero length:1];
+    return [data ykf_fido2HMACWithKey:self];
+}
+
+- (NSData *)ykf_deriveHKDFWithSalt:(NSData *)salt info:(NSData *)info {
+    NSData *prk = [self ykf_hkdfExtract:salt];
+    return [prk ykf_hkdfExpand:info];
+}
+
 - (NSData *)ykf_toLength:(int)length {
     if (self.length == length) {
         return self;

YubiKitTests/Tests/FIDO2Tests.swift

@@ -67,8 +67,10 @@ class FIDO2Tests: XCTestCase {
         runYubiKitTest { connection, completion in
             if connection as? YKFNFCConnection != nil {
                 connection.fido2TestSession { session in
-                    session.setPin("123456") { _ in
+                    session.setPin("123456") { error in
+                        guard error == nil else { XCTAssertTrue(false, "🔴 Failed to set pin: \(error!)"); return }
                         session.verifyPin("123456") { error in
+                            guard error == nil else { XCTAssertTrue(false, "🔴 Failed to verify pin: \(error!)"); return }
                             session.addCredentialAndAssert(algorithm: YKFFIDO2PublicKeyAlgorithmES256, options: [YKFFIDO2OptionRK: false]) { response in
                                 print("✅ Created new FIDO2 credential: \(response)")
                                 session.getAssertionAndAssert(response: response, options: [YKFFIDO2OptionUP: true]) { response in