Send proper error code when SEP and laptop is closed

github · Jun 14, 2018 · d1be691 · d1be691
1 parent 9564745
commit d1be691
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/SoftU2FTool/KnownFacets.swift b/SoftU2FTool/KnownFacets.swift
@@ -15,5 +15,9 @@ let KnownFacets: [Data: String] = [
     SHA256.digest("https://vault.bitwarden.com/app-id.json"): "https://vault.bitwarden.com",
     SHA256.digest("https://keepersecurity.com"): "https://keepersecurity.com",
     SHA256.digest("https://api-9dcf9b83.duosecurity.com"): "https://api-9dcf9b83.duosecurity.com",
-    SHA256.digest("https://dashboard.stripe.com"): "https://dashboard.stripe.com"
+    SHA256.digest("https://dashboard.stripe.com"): "https://dashboard.stripe.com",
+
+    // When we return an error during authentication, Chrome will send a registration request with
+    // a bogus AppID.
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".data(using: .ascii)!: "bogus"
 ]
diff --git a/SoftU2FTool/U2FAuthenticator.swift b/SoftU2FTool/U2FAuthenticator.swift
@@ -98,6 +98,14 @@ class U2FAuthenticator {
         let req = try APDU.RegisterRequest(raw: raw)
 
         let facet = KnownFacets[req.applicationParameter]
+
+        // When we return an error during authentication, Chrome will send a registration request with
+        // a bogus AppID.
+        if facet == "bogus" {
+            self.sendError(status: .OtherError, cid: cid)
+            return
+        }
+
         let notification = UserPresence.Notification.Register(facet: facet)
 
         UserPresence.test(notification) { tupSuccess in
@@ -155,7 +163,7 @@ class U2FAuthenticator {
 
         if reg.inSEP && !laptopIsOpen {
             // Can't use SEP/TouchID if laptop is closed.
-            sendError(status: .OtherError, cid: cid)
+            sendError(status: .ConditionsNotSatisfied, cid: cid)
             return
         }