add ctap function to overwrite key bytes

2019-10-08 11:34:15 -04:00 · 2019-10-08 11:34:15 -04:00 · 1427c1d48e
commit 1427c1d48e
parent 208d26be89
2 changed files with 13 additions and 0 deletions
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -1761,7 +1761,18 @@ static void ctap_state_init()

    printf1(TAG_STOR, "Generated PIN SALT: ");
    dump_hex1(TAG_STOR, STATE.PIN_SALT, sizeof STATE.PIN_SALT);
+}

+/** Overwrite master secret from external source.
+ * @param keybytes an array of KEY_SPACE_BYTES length.
+ * 
+ * This function should only be called from a privilege mode.
+*/
+void ctap_load_external_keys(uint8_t * keybytes){
+    memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES);
+    authenticator_write_state(&STATE, 0);
+    authenticator_write_state(&STATE, 1);
+    crypto_load_master_secret(STATE.key_space);
 }

 void ctap_init()
--- a/fido2/ctap.h
+++ b/fido2/ctap.h
@ -361,4 +361,6 @@ extern uint8_t KEY_AGREEMENT_PUB[64];

 void lock_device_permanently();

+void ctap_load_external_keys(uint8_t * keybytes);
+
 #endif