Enrik Berkhan
fe24b9edd1
POC: add ed25519 support based on libsodium (PC) or salty (solo).
...
For now:
- libsodium(-dev) is expected to be preinstalled on build system for PC
build
2020-10-17 14:40:41 +02:00
Conor Patrick
299e91b91b
dont return index >= ctap_rk_size()
...
Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407
2020-03-28 15:45:16 -04:00
Conor Patrick
cbf40f4ec7
hmac-secret should be different when UV=1
2020-03-28 12:28:05 -04:00
Conor Patrick
5f8a9a44fc
refactor credmgmt
2020-03-27 10:56:51 -04:00
Conor Patrick
04cffb6509
allow depth-first-search and account for interleaved RK's
2020-03-27 10:56:51 -04:00
Radoslav Gerganov
f002d08071
Add support for the security manager in Google Chrome
...
This patch fixes the following issues to make Google Chrome happy:
1. Adds CTAP_CBOR_CRED_MGMT(0x0A) which is an alias to CTAP_CBOR_CRED_MGMT_PRE(0x41)
2. Returns success instead of NO_CREDENTIALS when there are no RKs
3. Skip the "icon" property if it's empty
Tested with Google Chrome Version 80.0.3987.149
2020-03-27 00:22:28 -04:00
Radoslav Gerganov
e53b83257d
Do not return NO_CREDENTIALS if there are no RKs and meta is requested
...
Fixes-issue: #403
2020-03-27 00:22:28 -04:00
Conor Patrick
530e175ad1
cleanup
2020-03-25 14:57:39 -04:00
Conor Patrick
241f58657b
consider credProtect with exclude list, and also check user presence
2020-03-25 14:57:39 -04:00
Conor Patrick
3b42289cce
add rpId to RK's, fix counting of unique RP's
2020-03-25 14:57:39 -04:00
Conor Patrick
b3712b57fc
refactor to reuse more code
2020-03-25 14:57:39 -04:00
Conor Patrick
37769bb735
to support deleted credentials, need to scan all rk slots since it's no longer continuous
2020-03-25 14:57:39 -04:00
Conor Patrick
98bcf647c4
implement rk delete command for cred mgmt
2020-03-25 14:57:39 -04:00
Conor Patrick
682a443f4e
refactor credMgmt to parse as subCommandParams, and get ready for delete command
2020-03-25 14:57:39 -04:00
Conor Patrick
a28a05673f
definitely need to update rpIdHash
2020-03-25 14:57:39 -04:00
Conor Patrick
3a70ee0ec6
refactor authData and extension handling to work for getNextAssertion
2020-03-25 14:57:39 -04:00
Conor Patrick
872a320abc
Fix credential order: need to start with most recent
2020-03-25 14:57:39 -04:00
Conor Patrick
3cbf7ec451
move credProtect checking to credential filtering step
2020-03-25 14:57:39 -04:00
Conor Patrick
fdc5a68fcd
update info/feature detection details
2020-03-25 14:57:39 -04:00
Conor Patrick
1c1005a0e8
add credprotect parameter to output
2020-03-25 14:57:39 -04:00
Conor Patrick
4831410111
add credProtect extension
2020-03-25 14:57:39 -04:00
Radoslav Gerganov
7112633779
Fix user presence test when pinAuth is empty
...
The check_retr macro is evaluating its argument twice, so when we do:
check_retr( ctap2_user_presence_test(...) )
the user presence function is called twice and the user has to press the
button twice. This is regression introduced with commit 3b53537
.
2020-03-21 12:48:05 -04:00
Radoslav Gerganov
79b43a90fd
Implement commands for management of resident keys
...
Implement command 0x41 which is used by OpenSSH for reading RKs. It has
the following subcommands:
* CMD_CRED_METADATA - get number of saved/remaining RKs
* CMD_RP_BEGIN/CMD_RP_NEXT - iterate over the saved RPs
* CMD_RK_BEGIN/CMD_RK_NEXT - iterate over the RKs for a given RP
Fixes issue #374 and issue #314
2020-03-21 11:59:22 -04:00
Conor Patrick
1d59bbfdd4
support different aaguid's in cert for different solo models
2019-12-01 18:09:08 -05:00
Conor Patrick
54c66d80b6
overwrite x509 fields for tap or somu
2019-12-01 18:09:08 -05:00
Conor Patrick
1d63154699
move sense of "backup" from ctap to device layer
2019-11-22 19:02:52 -05:00
Conor Patrick
d266e7927c
reorganize crypto and device.c to be more based on fido2/
2019-11-22 19:02:52 -05:00
Conor Patrick
b4f59ec355
pull certificate from flash page
2019-10-27 10:25:00 -04:00
Conor Patrick
00b09e0d40
add u2f length arg
2019-10-08 16:10:29 -04:00
Conor Patrick
08658eb11e
Merge branch 'master' into bootloader-downgrade-protection
2019-10-08 13:44:20 -04:00
Conor Patrick
0ebe0ff502
add ctap function to overwrite key bytes
2019-10-08 13:42:37 -04:00
Conor Patrick
8c256298ae
default up to enabled
2019-09-17 00:13:57 +08:00
Conor Patrick
c61f15a090
allow get_assertion with disabled UP
2019-09-17 00:13:57 +08:00
Conor Patrick
f072561899
properly check the rpId in request
2019-09-17 00:13:57 +08:00
Conor Patrick
a9bbdee35b
Merge branch 'master' into remove-pin-storage
2019-09-02 21:45:21 +08:00
Szczepan Zalega
cb13fb65de
Store version in the bootloader. Debug code.
2019-08-24 10:17:43 +02:00
Conor Patrick
41ceb78f6c
add user presence to flags
2019-08-23 14:48:21 +08:00
Conor Patrick
3b53537077
refactor fido2 user presence handling & increase timeout to 29s
2019-08-23 13:19:28 +08:00
merlokk
0d621d13f9
fix decoding apdu
2019-08-22 20:55:12 +08:00
Conor Patrick
a72f0ede05
take a lazy approach to key agreement generation to not hold up boot time for nfc
2019-08-21 12:06:06 +08:00
Conor Patrick
adcbd3aeb8
speed up public key derivation slightly for nfc
2019-08-21 12:06:06 +08:00
Conor Patrick
b706cc30b0
for now, always gen key agreement
2019-08-21 12:06:06 +08:00
Szczepan Zalega
b452e3dfe4
Correct doc
2019-08-20 11:47:14 +02:00
Szczepan Zalega
8e3753e711
Add initial STATE migration code (2)
2019-08-20 11:34:51 +02:00
Szczepan Zalega
816ca21f08
Correct writing salted hash
...
pinHashEnc is 16 bytes, which is too small to store sha256 result.
2019-08-20 11:34:48 +02:00
Szczepan Zalega
5a448d636c
Add comments
2019-08-20 11:34:29 +02:00
Szczepan Zalega
7be0553377
Replace FIDO2 PIN storage with its hash
2019-08-20 11:34:26 +02:00
Conor Patrick
690d7c716a
move CTAPHID_STATUS_PROCESSING to after UP
2019-07-29 12:39:59 -04:00
Conor Patrick
78e3b291c2
make sure device status is set in all user presence tests
2019-07-28 22:10:56 -04:00
Conor Patrick
b47854c335
use error code PIN_AUTH_INVALID
2019-07-28 21:41:11 -04:00