implement cx counting mechanism

14e812a7 · Josh Ji · 2472e250 · 14e812a7 · 14e812a7
Commit 14e812a7 authored 2 years ago by Josh Ji
Showing with 17 additions and 5 deletions

src/main/java/com/josh/vku2f/CTAP2.java src/main/java/com/josh/vku2f/CTAP2.java +1 -0

src/main/java/com/josh/vku2f/IDSecret.java src/main/java/com/josh/vku2f/IDSecret.java +16 -5

No files found.
--- a/src/main/java/com/josh/vku2f/CTAP2.java
+++ b/src/main/java/com/josh/vku2f/CTAP2.java
@@ -627,6 +627,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 					cborEncoder.encodeTextString(Utf8Strings.UTF8_EXTENSIONS, (short) 0, (short) Utf8Strings.UTF8_EXTENSIONS.length);
 					// add extension element
 					cborEncoder.startArray((short) 2);
+					idSecret.next();
 					cborEncoder.encodeByteString(idSecret.hmac, (short) 0, (short) idSecret.hmac.length);
 					cborEncoder.encodeByteString(idSecret.encryptedCx, (short) 0, (short) idSecret.encryptedCx.length);
 				}

--- a/src/main/java/com/josh/vku2f/IDSecret.java
+++ b/src/main/java/com/josh/vku2f/IDSecret.java
@@ -22,9 +22,10 @@ public class IDSecret {
 	public final byte[] PuKp = new byte[65];
 	public  final byte[] sharedSecret = new byte[20];
 	public final byte[] hashedSharedSecret = new byte[32];
-	public final byte[] Cx = new byte[16];
+	public final byte[] Cx = new byte[4];
+	public final byte[] paddedCx = new byte[16]; // for pkcs#7 padding
 	public final byte[] encryptedCx = new byte[16];
-	public final byte[] hmac = new byte[32];
+	public final byte[] hmac = new byte[48];
 	private AESKey aesKey;
 	private Cipher aesEncrypt;
 	private Cipher aesDecrypt;
@@ -78,7 +79,9 @@ public class IDSecret {
 	}

 	public void encryptCx(){
-		aesEncrypt.doFinal(Cx, (short)0, (short)Cx.length, encryptedCx, (short)0);
+		Util.arrayFill(paddedCx, (short)4, (short)12, (byte)0x0c );
+		Util.arrayCopy(Cx, (short)0, paddedCx, (short)0, (short)Cx.length);
+		aesEncrypt.doFinal(paddedCx, (short)0, (short) paddedCx.length, encryptedCx, (short)0);
 	}

 	/**
@@ -95,10 +98,18 @@ public class IDSecret {
 			updateOffset += (byte)32;
 		}
 		sha256.doFinal(scratch, updateOffset, scratchLength, scratch, (short)0);
+		Util.arrayFill(scratch, (short)32, (short)16, (byte)0x10);
 		aesEncrypt.update(scratch, (short)0, (short)16, outputBuffer, outputOffset);
-		aesEncrypt.doFinal(scratch, (short)16, (short)16 , outputBuffer, (short)(outputOffset+16) );
+		aesEncrypt.update(scratch, (short)16, (short)16 , outputBuffer, (short)(outputOffset+16) );
+		aesEncrypt.doFinal(scratch, (short)32, (short)16, outputBuffer, (short)(outputOffset+32) );

-		Util.arrayCopy(outputBuffer, (short)0, hmac, (short)0, (short)32 );
+		Util.arrayCopy(outputBuffer, (short)0, hmac, (short)0, (short)hmac.length );
+	}
+
+	public void next(){
+		plusOne(Cx);
+		encryptCx();
+		generateHMAC(tempBuffer, (short)0);
 	}

 	/**