shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

change u2f to return early if button not immediately pressed

Browse Source
This commit is contained in:
Conor Patrick 2019-05-10 15:56:52 -04:00
parent 4854192c63
commit 0f50ae7d63
6 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fido2/ctap.c
View File

@ -458,7 +458,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
int but; int but;
but = ctap_user_presence_test(); but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
if (!but) if (!but)
{ {
@ -696,7 +696,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
} }
if (MC.pinAuthEmpty) if (MC.pinAuthEmpty)
{ {
if (!ctap_user_presence_test()) if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
@ -1132,7 +1132,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
if (GA.pinAuthEmpty) if (GA.pinAuthEmpty)
{ {
if (!ctap_user_presence_test()) if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
@ -1641,7 +1641,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break; break;
case CTAP_RESET: case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n"); printf1(TAG_CTAP,"CTAP_RESET\n");
if (ctap_user_presence_test()) if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{ {
ctap_reset(); ctap_reset();
} }

2
fido2/ctap.h
View File

@ -131,6 +131,8 @@
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total #define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot #define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot
#define CTAP2_UP_DELAY_MS 5000
typedef struct typedef struct
{ {
uint8_t id[USER_ID_MAX_SIZE]; uint8_t id[USER_ID_MAX_SIZE];

8
fido2/device.h
View File

@ -53,11 +53,11 @@ int device_is_button_pressed();
// Test for user presence // Test for user presence
// Return 1 for user is present, 0 user not present, -1 if cancel is requested. // Return 1 for user is present, 0 user not present, -1 if cancel is requested.
extern int ctap_user_presence_test(); int ctap_user_presence_test(uint32_t delay);
// Generate @num bytes of random numbers to @dest // Generate @num bytes of random numbers to @dest
// return 1 if success, error otherwise // return 1 if success, error otherwise
extern int ctap_generate_rng(uint8_t * dst, size_t num); int ctap_generate_rng(uint8_t * dst, size_t num);
// Increment atomic counter and return it. // Increment atomic counter and return it.
// Must support two counters, @sel selects counter0 or counter1. // Must support two counters, @sel selects counter0 or counter1.
@ -65,11 +65,11 @@ uint32_t ctap_atomic_count(int sel);
// Verify the user // Verify the user
// return 1 if user is verified, 0 if not // return 1 if user is verified, 0 if not
extern int ctap_user_verification(uint8_t arg); int ctap_user_verification(uint8_t arg);
// Must be implemented by application // Must be implemented by application
// data is HID_MESSAGE_SIZE long in bytes // data is HID_MESSAGE_SIZE long in bytes
extern void ctaphid_write_block(uint8_t * data); void ctaphid_write_block(uint8_t * data);
// Resident key // Resident key

8
fido2/extensions/wallet.c
View File

@ -85,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED; return CTAP2_ERR_NOT_ALLOWED;
} }
if (!ctap_user_presence_test()) if (!ctap_user_presence_test(5000))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
@ -111,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED; return CTAP2_ERR_NOT_ALLOWED;
} }
if (!ctap_user_presence_test()) if (!ctap_user_presence_test(5000))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
@ -133,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED; return CTAP2_ERR_NOT_ALLOWED;
} }
if (!ctap_user_presence_test()) if (!ctap_user_presence_test(5000))
{ {
return CTAP2_ERR_OPERATION_DENIED; return CTAP2_ERR_OPERATION_DENIED;
} }
@ -359,7 +359,7 @@ int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
} }
} }
if (ctap_user_presence_test()) if (ctap_user_presence_test(5000))
{ {
printf1(TAG_WALLET,"Reseting device!\n"); printf1(TAG_WALLET,"Reseting device!\n");
ctap_reset(); ctap_reset();

7
fido2/u2f.c
View File

@ -205,7 +205,6 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
} }
static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control) static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
{ {
@ -243,8 +242,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
if(up) if(up)
{ {
device_set_status(CTAPHID_STATUS_UPNEEDED); if (ctap_user_presence_test(750) == 0)
if (ctap_user_presence_test() == 0)
{ {
return U2F_SW_CONDITIONS_NOT_SATISFIED; return U2F_SW_CONDITIONS_NOT_SATISFIED;
} }
@ -290,8 +288,7 @@ static int16_t u2f_register(struct u2f_register_request * req)
const uint16_t attest_size = attestation_cert_der_size; const uint16_t attest_size = attestation_cert_der_size;
device_set_status(CTAPHID_STATUS_UPNEEDED); if ( ! ctap_user_presence_test(750))
if ( ! ctap_user_presence_test())
{ {
return U2F_SW_CONDITIONS_NOT_SATISFIED; return U2F_SW_CONDITIONS_NOT_SATISFIED;
} }

12
targets/stm32l432/src/device.c
View File

@ -63,7 +63,7 @@ void TIM6_DAC_IRQHandler()
// timer is only 16 bits, so roll it over here // timer is only 16 bits, so roll it over here
TIM6->SR = 0; TIM6->SR = 0;
__90_ms += 1; __90_ms += 1;
if ((millis() - __last_update) > 8) if ((millis() - __last_update) > 90)
{ {
if (__device_status != CTAPHID_STATUS_IDLE) if (__device_status != CTAPHID_STATUS_IDLE)
{ {
@ -488,7 +488,7 @@ static int handle_packets()
return 0; return 0;
} }
int ctap_user_presence_test() int ctap_user_presence_test(uint32_t up_delay)
{ {
int ret; int ret;
if (device_is_nfc() == NFC_IS_ACTIVE) if (device_is_nfc() == NFC_IS_ACTIVE)
@ -513,9 +513,12 @@ int ctap_user_presence_test()
uint32_t t1 = millis(); uint32_t t1 = millis();
led_rgb(0xff3520); led_rgb(0xff3520);
if (IS_BUTTON_PRESSED == is_touch_button_pressed)
{
// Wait for user to release touch button if it's already pressed
while (IS_BUTTON_PRESSED()) while (IS_BUTTON_PRESSED())
{ {
if (t1 + 5000 < millis()) if (t1 + up_delay < millis())
{ {
printf1(TAG_GEN,"Button not pressed\n"); printf1(TAG_GEN,"Button not pressed\n");
goto fail; goto fail;
@ -523,12 +526,13 @@ while (IS_BUTTON_PRESSED())
ret = handle_packets(); ret = handle_packets();
if (ret) return ret; if (ret) return ret;
} }
}
t1 = millis(); t1 = millis();
do do
{ {
if (t1 + 5000 < millis()) if (t1 + up_delay < millis())
{ {
goto fail; goto fail;
} }