From 375a1470bd71cf257c7bf922bfd274ad63f0fa3b Mon Sep 17 00:00:00 2001 From: Bryan Jacobs Date: Sat, 13 Jan 2024 16:57:12 +1100 Subject: [PATCH] libfido2-compat error translation --- .../kotlin/us/q3q/fidok/fido2compat/Assert.kt | 24 ++++----- .../us/q3q/fidok/fido2compat/Credential.kt | 49 +++++++------------ .../kotlin/us/q3q/fidok/fido2compat/Info.kt | 2 +- .../kotlin/us/q3q/fidok/fido2compat/Init.kt | 30 +++++++++++- 4 files changed, 59 insertions(+), 46 deletions(-) diff --git a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Assert.kt b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Assert.kt index dbf87d8..3fbff0f 100644 --- a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Assert.kt +++ b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Assert.kt @@ -65,7 +65,7 @@ fun fido_assert_set_rp( assertHandle.rpId = id - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -77,9 +77,9 @@ fun fido_dev_get_assert( ): Int { val devHandle = dev.asStableRef().get() val assertHandle = assert.asStableRef().get() - val authenticator = devHandle.authenticatorDevice ?: return FIDO_ERR_NOTFOUND + val authenticator = devHandle.authenticatorDevice ?: return FidoCompatErrors.FIDO_ERR_NOTFOUND.v - val rpId = assertHandle.rpId ?: return FIDO_ERR_INVALID_PARAM + val rpId = assertHandle.rpId ?: return FidoCompatErrors.FIDO_ERR_INVALID_PARAM.v val client = get_fidocompat_lib().ctapClient( @@ -127,7 +127,7 @@ fun fido_dev_get_assert( ) } - if (result == FIDO_OK) { + if (result == FidoCompatErrors.FIDO_OK.v) { assertHandle.assertions = assertResponse!! if (hmacSecretExtension != null) { assertHandle.hmacSecrets = @@ -161,7 +161,7 @@ fun fido_assert_set_clientdata( if (ptr == null) { assertHandle.clientDataHash = null - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } val clientData = @@ -171,7 +171,7 @@ fun fido_assert_set_clientdata( val clientDataHash = get_fidocompat_lib().cryptoProvider.sha256(clientData).hash assertHandle.clientDataHash = clientDataHash - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -185,7 +185,7 @@ fun fido_assert_set_clientdata_hash( if (ptr == null) { assertHandle.clientDataHash = null - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } val clientDataHash = @@ -194,7 +194,7 @@ fun fido_assert_set_clientdata_hash( } assertHandle.clientDataHash = clientDataHash - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -207,7 +207,7 @@ fun fido_assert_set_extensions( assertHandle.extensions = flags - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -225,7 +225,7 @@ fun fido_assert_empty_allow_list(assert: fido_assert_t): Int { assertHandle.allowList = mutableListOf() - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -243,7 +243,7 @@ fun fido_assert_allow_cred( } assertHandle.allowList.add(credIdBytes) - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -265,7 +265,7 @@ fun fido_assert_set_hmac_salt( } assertHandle.hmacSalt = hmacSalt - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) diff --git a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Credential.kt b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Credential.kt index 94222fc..fbbcf69 100644 --- a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Credential.kt +++ b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Credential.kt @@ -31,19 +31,6 @@ import kotlin.experimental.ExperimentalNativeApi typealias fido_cred_t = COpaquePointer -const val FIDO_OK = 0 -const val FIDO_ERR_TX = -1 -const val FIDO_ERR_RX = -2 -const val FIDO_ERR_RX_NOT_CBOR = -3 -const val FIDO_ERR_RX_INVALID_CBOR = -4 -const val FIDO_ERR_INVALID_PARAM = -5 -const val FIDO_ERR_INVALID_SIG = -6 -const val FIDO_ERR_INVALID_ARGUMENT = -7 -const val FIDO_ERR_USER_PRESENCE_REQUIRED = -8 -const val FIDO_ERR_INTERNAL = -9 -const val FIDO_ERR_NOTFOUND = -10 -const val FIDO_ERR_COMPRESS = -11 - const val FIDO_OPT_OMIT = 0 const val FIDO_OPT_FALSE = 1 const val FIDO_OPT_TRUE = 2 @@ -101,7 +88,7 @@ fun fido_cred_set_rp( credHandle.rpId = id credHandle.rpName = name - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -123,7 +110,7 @@ fun fido_cred_set_user( credHandle.userName = name credHandle.userDisplayName = display_name - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -140,12 +127,12 @@ fun fido_cred_set_type( } if (matchingAlg == null) { - return FIDO_ERR_INVALID_ARGUMENT + return FidoCompatErrors.FIDO_ERR_INVALID_ARGUMENT.v } credHandle.type = matchingAlg - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -157,9 +144,9 @@ fun fido_dev_make_cred( ): Int { val devHandle = dev.asStableRef().get() val credHandle = cred.asStableRef().get() - val authenticator = devHandle.authenticatorDevice ?: return FIDO_ERR_NOTFOUND + val authenticator = devHandle.authenticatorDevice ?: return FidoCompatErrors.FIDO_ERR_NOTFOUND.v - val rpId = credHandle.rpId ?: return FIDO_ERR_INVALID_PARAM + val rpId = credHandle.rpId ?: return FidoCompatErrors.FIDO_ERR_INVALID_PARAM.v val client = get_fidocompat_lib().ctapClient( @@ -210,7 +197,7 @@ fun fido_dev_make_cred( ) } - if (result == FIDO_OK) { + if (result == FidoCompatErrors.FIDO_OK.v) { credHandle.cred = credResponse if (credProtect != null) { credHandle.prot = credProtect.getLevel() @@ -275,7 +262,7 @@ fun fido_cred_set_clientdata( if (ptr == null) { credHandle.clientDataHash = null - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } val clientData = @@ -285,7 +272,7 @@ fun fido_cred_set_clientdata( val clientDataHash = get_fidocompat_lib().cryptoProvider.sha256(clientData).hash credHandle.clientDataHash = clientDataHash - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -299,7 +286,7 @@ fun fido_cred_set_clientdata_hash( if (ptr == null) { credHandle.clientDataHash = null - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } val clientDataHash = @@ -308,7 +295,7 @@ fun fido_cred_set_clientdata_hash( } credHandle.clientDataHash = clientDataHash - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -321,7 +308,7 @@ fun fido_cred_set_extensions( credHandle.extensions = flags - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -334,7 +321,7 @@ fun fido_cred_set_prot( if (prot != 0) { if (prot < 0 || prot > 3) { - return FIDO_ERR_INVALID_PARAM + return FidoCompatErrors.FIDO_ERR_INVALID_PARAM.v } credHandle.extensions = credHandle.extensions.or(FIDO_EXT_CRED_PROTECT) credHandle.prot = prot.toUByte() @@ -343,7 +330,7 @@ fun fido_cred_set_prot( credHandle.prot = 0u } - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -370,10 +357,10 @@ fun fido_cred_set_rk( } else if (rk == FIDO_OPT_FALSE || rk == FIDO_OPT_OMIT) { credHandle.rk = false } else { - return FIDO_ERR_INVALID_ARGUMENT + return FidoCompatErrors.FIDO_ERR_INVALID_ARGUMENT.v } - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -383,7 +370,7 @@ fun fido_cred_empty_exclude_list(cred: fido_cred_t): Int { credHandle.excludeList = mutableListOf() - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } @OptIn(ExperimentalForeignApi::class) @@ -401,5 +388,5 @@ fun fido_cred_exclude( } credHandle.excludeList.add(credIdBytes) - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } diff --git a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Info.kt b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Info.kt index b9fe712..ed3b76f 100644 --- a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Info.kt +++ b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Info.kt @@ -58,7 +58,7 @@ fun fido_dev_get_cbor_info( val devHandle = dev.asStableRef().get() val infoHandle = ci.asStableRef().get() - val authenticator = devHandle.authenticatorDevice ?: return FIDO_ERR_TX + val authenticator = devHandle.authenticatorDevice ?: return FidoCompatErrors.FIDO_ERR_TX.v val client = get_fidocompat_lib().ctapClient( diff --git a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Init.kt b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Init.kt index d1281e6..7a70695 100644 --- a/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Init.kt +++ b/library/src/nativeMain/kotlin/us/q3q/fidok/fido2compat/Init.kt @@ -4,11 +4,27 @@ package us.q3q.fidok.fido2compat import us.q3q.fidok.BotanCryptoProvider import us.q3q.fidok.ctap.CTAPError +import us.q3q.fidok.ctap.CTAPResponse import us.q3q.fidok.ctap.DeviceCommunicationException import us.q3q.fidok.ctap.FIDOkLibrary import us.q3q.fidok.platformDeviceProviders import kotlin.experimental.ExperimentalNativeApi +enum class FidoCompatErrors(val v: Int) { + FIDO_OK(0), + FIDO_ERR_TX(-1), + FIDO_ERR_RX(-2), + FIDO_ERR_RX_NOT_CBOR(-3), + FIDO_ERR_RX_INVALID_CBOR(-4), + FIDO_ERR_INVALID_PARAM(-5), + FIDO_ERR_INVALID_SIG(-6), + FIDO_ERR_INVALID_ARGUMENT(-7), + FIDO_ERR_USER_PRESENCE_REQUIRED(-8), + FIDO_ERR_INTERNAL(-9), + FIDO_ERR_NOTFOUND(-10), + FIDO_ERR_COMPRESS(-11), +} + internal var library: FIDOkLibrary? = null @OptIn(ExperimentalNativeApi::class) @@ -23,6 +39,16 @@ fun fido_init(flags: Int) { } } +@OptIn(ExperimentalNativeApi::class) +@CName("fido_strerr") +fun fido_strerr(n: Int): String { + return if (n <= 0) { + FidoCompatErrors.entries.firstOrNull { it.v == n } + } else { + CTAPResponse.entries.firstOrNull { it.value.toInt() == n } + }?.name ?: "Unknown error $n" +} + fun get_fidocompat_lib(): FIDOkLibrary { return library ?: throw IllegalStateException("fido_init not called") @@ -31,10 +57,10 @@ fun get_fidocompat_lib(): FIDOkLibrary { fun fido_do_with_error_handling(c: () -> Unit): Int { try { c() - return FIDO_OK + return FidoCompatErrors.FIDO_OK.v } catch (e: CTAPError) { return e.code.toInt() } catch (e: DeviceCommunicationException) { - return FIDO_ERR_TX + return FidoCompatErrors.FIDO_ERR_TX.v } }