reset device

2018-05-22 21:25:44 -04:00 · 2018-05-22 21:25:44 -04:00 · 6049f25bd4
commit 6049f25bd4
parent 35900455d5
4 changed files with 26 additions and 0 deletions
--- a/crypto.c
+++ b/crypto.c
@ -38,6 +38,11 @@ void crypto_sha256_init()
    sha256_init(&sha256_ctx);
 }

+void crypto_reset_master_secret()
+{
+    ctap_generate_rng(master_secret, 32);
+}
+

 void crypto_sha256_update(uint8_t * data, size_t len)
 {
--- a/crypto.h
+++ b/crypto.h
@ -33,6 +33,7 @@ void crypto_aes256_reset_iv();
 void crypto_aes256_decrypt(uint8_t * buf, int lenth);
 void crypto_aes256_encrypt(uint8_t * buf, int lenth);

+void crypto_reset_master_secret();


 extern const uint8_t attestation_cert_der[];
--- a/ctap.c
+++ b/ctap.c
@ -1994,6 +1994,14 @@ uint8_t ctap_handle_packet(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        case CTAP_RESET:
            printf1(TAG_CTAP,"CTAP_RESET\n");
+            if (ctap_user_presence_test())
+            {
+                ctap_reset();
+            }
+            else
+            {
+                status = CTAP2_ERR_NOT_ALLOWED;
+            }
            break;
        case GET_NEXT_ASSERTION:
            printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n");
@ -2085,3 +2093,14 @@ void ctap_reset_pin_attempts()
    _flash_tries = 8;
 }

+void ctap_reset()
+{
+    _flash_tries = 8;
+    PIN_CODE_SET = 0;
+    DEVICE_LOCKOUT = 0;
+    memset(PIN_CODE,0,sizeof(PIN_CODE));
+    memset(PIN_CODE_HASH,0,sizeof(PIN_CODE_HASH));
+    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+    crypto_reset_master_secret();
+}
+
--- a/ctap.h
+++ b/ctap.h
@ -229,6 +229,7 @@ int8_t ctap_leftover_pin_attempts();
 void ctap_reset_pin_attempts();
 uint8_t ctap_is_pin_set();
 uint8_t ctap_pin_matches(uint8_t * pin, int len);
+void ctap_reset();


 // Test for user presence