Fix uv_auth_param calculation

Yubico · Oct 9, 2024 · c625f3e · c625f3e
1 parent 99e0491
commit c625f3e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 17 deletions.
diff --git a/fido2/ctap2/base.py b/fido2/ctap2/base.py
@@ -53,8 +53,10 @@ def _as_cbor(data):
     if isinstance(data, Sequence):
         return [_as_cbor(d) for d in data]
     if isinstance(data, _DataClassMapping):
-        # Remove empty values and do not serialize value
-        return {k: v for k, v in asdict(data).items() if v is not None}  # type: ignore
+        data = asdict(data)  # type: ignore
+    if isinstance(data, Mapping):
+        # Remove empty values and recurse
+        return {k: _as_cbor(v) for k, v in data.items() if v is not None}
     return data
 
 

diff --git a/fido2/ctap2/bio.py b/fido2/ctap2/bio.py
@@ -29,7 +29,7 @@
 
 from .. import cbor
 from ..ctap import CtapError
-from .base import Ctap2, Info
+from .base import Ctap2, Info, _as_cbor
 from .pin import PinProtocol
 
 from enum import IntEnum, unique
@@ -203,8 +203,7 @@ def __init__(self, ctap: Ctap2, pin_uv_protocol: PinProtocol, pin_uv_token: byte
         self.pin_uv_token = pin_uv_token
 
     def _call(self, sub_cmd, params=None, auth=True, event=None, on_keepalive=None):
-        if params is not None:
-            params = {k: v for k, v in params.items() if v is not None}
+        params = _as_cbor(params)
         kwargs = {
             "modality": self.modality,
             "sub_cmd": sub_cmd,

diff --git a/fido2/ctap2/config.py b/fido2/ctap2/config.py
@@ -28,7 +28,7 @@
 from __future__ import annotations
 
 from .. import cbor
-from .base import Ctap2, Info
+from .base import Ctap2, Info, _as_cbor
 from .pin import PinProtocol, _PinUv
 
 from typing import Optional, List
@@ -78,17 +78,11 @@ def __init__(
         )
 
     def _call(self, sub_cmd, params=None):
-        if params:
-            params = {k: v for k, v in params.items() if v is not None}
-        else:
-            params = None
+        params = _as_cbor(params)
         if self.pin_uv:
-            msg = (
-                b"\xff" * 32
-                + b"\x0d"
-                + struct.pack("<B", sub_cmd)
-                + (cbor.encode(params) if params else b"")
-            )
+            msg = b"\xff" * 32 + b"\x0d" + struct.pack("<B", sub_cmd)
+            if params is not None:
+                msg += cbor.encode(params)
             pin_uv_protocol = self.pin_uv.protocol.VERSION
             pin_uv_param = self.pin_uv.protocol.authenticate(self.pin_uv.token, msg)
         else:

diff --git a/fido2/ctap2/credman.py b/fido2/ctap2/credman.py
@@ -30,7 +30,7 @@
 from .. import cbor
 from ..ctap import CtapError
 from ..webauthn import PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity
-from .base import Ctap2, Info
+from .base import Ctap2, Info, _as_cbor
 from .pin import PinProtocol, _PinUv
 
 from enum import IntEnum, unique
@@ -108,6 +108,7 @@ def __init__(
         self.pin_uv = _PinUv(pin_uv_protocol, pin_uv_token)
 
     def _call(self, sub_cmd, params=None, auth=True):
+        params = _as_cbor(params)
         kwargs = {"sub_cmd": sub_cmd, "sub_cmd_params": params}
         if auth:
             msg = struct.pack(">B", sub_cmd)