kopia lustrzana https://github.com/solokeys/solo1
pin error handling
rodzic
5980c77775
commit
6a94af0729
38
ctap.c
38
ctap.c
|
@ -199,7 +199,7 @@ uint8_t ctap_get_info(CborEncoder * encoder)
|
|||
ret = cbor_encode_uint(&map, RESP_options);
|
||||
check_ret(ret);
|
||||
{
|
||||
ret = cbor_encoder_create_map(&map, &options,4);
|
||||
ret = cbor_encoder_create_map(&map, &options,5);
|
||||
check_ret(ret);
|
||||
{
|
||||
ret = cbor_encode_text_string(&options, "plat", 4);
|
||||
|
@ -229,6 +229,13 @@ uint8_t ctap_get_info(CborEncoder * encoder)
|
|||
ret = cbor_encode_boolean(&options, 0); // NOT [yet] capable of verifying user
|
||||
check_ret(ret);
|
||||
}
|
||||
ret = cbor_encode_text_string(&options, "clientPin", 9);
|
||||
check_ret(ret);
|
||||
{
|
||||
ret = cbor_encode_boolean(&options, ctap_is_pin_set()); // NOT [yet] capable of verifying user
|
||||
check_ret(ret);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
ret = cbor_encoder_close_container(&map, &options);
|
||||
|
@ -1041,15 +1048,18 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
|
|||
return CTAP2_ERR_MISSING_PARAMETER;
|
||||
}
|
||||
|
||||
if (PIN_CODE_SET == 1 && MC.pinAuthPresent == 0)
|
||||
if (ctap_is_pin_set() == 1 && MC.pinAuthPresent == 0)
|
||||
{
|
||||
printf2(TAG_ERR,"pinAuth is required\n");
|
||||
return CTAP2_ERR_PIN_REQUIRED;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = verify_pin_auth(MC.pinAuth, MC.clientDataHash);
|
||||
check_retr(ret);
|
||||
if (ctap_is_pin_set())
|
||||
{
|
||||
ret = verify_pin_auth(MC.pinAuth, MC.clientDataHash);
|
||||
check_retr(ret);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -1402,8 +1412,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
|
|||
}
|
||||
else
|
||||
{
|
||||
ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
|
||||
check_retr(ret);
|
||||
if (ctap_is_pin_set())
|
||||
{
|
||||
ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
|
||||
check_retr(ret);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -1693,6 +1706,10 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor
|
|||
return CTAP1_ERR_OTHER;
|
||||
}
|
||||
|
||||
if (ctap_is_pin_set())
|
||||
{
|
||||
return CTAP2_ERR_PIN_REQUIRED;
|
||||
}
|
||||
|
||||
crypto_ecc256_shared_secret(platform_pubkey, KEY_AGREEMENT_PRIV, shared_secret);
|
||||
|
||||
|
@ -1831,6 +1848,10 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
|
|||
|
||||
break;
|
||||
case CP_cmdGetPinToken:
|
||||
if (!ctap_is_pin_set())
|
||||
{
|
||||
return CTAP2_ERR_PIN_NOT_SET;
|
||||
}
|
||||
num_map++;
|
||||
ret = cbor_encoder_create_map(encoder, &map, num_map);
|
||||
check_ret(ret);
|
||||
|
@ -1966,6 +1987,11 @@ void ctap_init()
|
|||
crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
|
||||
}
|
||||
|
||||
uint8_t ctap_is_pin_set()
|
||||
{
|
||||
return PIN_CODE_SET == 1;
|
||||
}
|
||||
|
||||
void ctap_update_pin(uint8_t * pin, int len)
|
||||
{
|
||||
// TODO this should go in flash
|
||||
|
|
1
ctap.h
1
ctap.h
|
@ -227,6 +227,7 @@ void ctap_update_pin(uint8_t * pin, int len);
|
|||
uint8_t ctap_decrement_pin_attempts();
|
||||
int8_t ctap_leftover_pin_attempts();
|
||||
void ctap_reset_pin_attempts();
|
||||
uint8_t ctap_is_pin_set();
|
||||
|
||||
|
||||
// Test for user presence
|
||||
|
|
Ładowanie…
Reference in New Issue