shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

pin error handling

Browse Source
This commit is contained in:
Conor Patrick 2018-05-22 19:58:22 -04:00
parent 5980c77775
commit 6a94af0729
2 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ctap.c
View File

@ -199,7 +199,7 @@ uint8_t ctap_get_info(CborEncoder * encoder)
ret = cbor_encode_uint(&map, RESP_options); ret = cbor_encode_uint(&map, RESP_options);
check_ret(ret); check_ret(ret);
{ {
ret = cbor_encoder_create_map(&map, &options,4); ret = cbor_encoder_create_map(&map, &options,5);
check_ret(ret); check_ret(ret);
{ {
ret = cbor_encode_text_string(&options, "plat", 4); ret = cbor_encode_text_string(&options, "plat", 4);
@ -229,6 +229,13 @@ uint8_t ctap_get_info(CborEncoder * encoder)
ret = cbor_encode_boolean(&options, 0); // NOT [yet] capable of verifying user ret = cbor_encode_boolean(&options, 0); // NOT [yet] capable of verifying user
check_ret(ret); check_ret(ret);
} }
ret = cbor_encode_text_string(&options, "clientPin", 9);
check_ret(ret);
{
ret = cbor_encode_boolean(&options, ctap_is_pin_set()); // NOT [yet] capable of verifying user
check_ret(ret);
}
} }
ret = cbor_encoder_close_container(&map, &options); ret = cbor_encoder_close_container(&map, &options);
@ -1041,16 +1048,19 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
return CTAP2_ERR_MISSING_PARAMETER; return CTAP2_ERR_MISSING_PARAMETER;
} }
if (PIN_CODE_SET == 1 && MC.pinAuthPresent == 0) if (ctap_is_pin_set() == 1 && MC.pinAuthPresent == 0)
{ {
printf2(TAG_ERR,"pinAuth is required\n"); printf2(TAG_ERR,"pinAuth is required\n");
return CTAP2_ERR_PIN_REQUIRED; return CTAP2_ERR_PIN_REQUIRED;
} }
else else
{
if (ctap_is_pin_set())
{ {
ret = verify_pin_auth(MC.pinAuth, MC.clientDataHash); ret = verify_pin_auth(MC.pinAuth, MC.clientDataHash);
check_retr(ret); check_retr(ret);
} }
}
@ -1401,10 +1411,13 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
return CTAP2_ERR_PIN_REQUIRED; return CTAP2_ERR_PIN_REQUIRED;
} }
else else
{
if (ctap_is_pin_set())
{ {
ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash); ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
check_retr(ret); check_retr(ret);
} }
}
CborEncoder map; CborEncoder map;
@ -1693,6 +1706,10 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor
return CTAP1_ERR_OTHER; return CTAP1_ERR_OTHER;
} }
if (ctap_is_pin_set())
{
return CTAP2_ERR_PIN_REQUIRED;
}
crypto_ecc256_shared_secret(platform_pubkey, KEY_AGREEMENT_PRIV, shared_secret); crypto_ecc256_shared_secret(platform_pubkey, KEY_AGREEMENT_PRIV, shared_secret);
@ -1831,6 +1848,10 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
break; break;
case CP_cmdGetPinToken: case CP_cmdGetPinToken:
if (!ctap_is_pin_set())
{
return CTAP2_ERR_PIN_NOT_SET;
}
num_map++; num_map++;
ret = cbor_encoder_create_map(encoder, &map, num_map); ret = cbor_encoder_create_map(encoder, &map, num_map);
check_ret(ret); check_ret(ret);
@ -1966,6 +1987,11 @@ void ctap_init()
crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV); crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
} }
uint8_t ctap_is_pin_set()
{
return PIN_CODE_SET == 1;
}
void ctap_update_pin(uint8_t * pin, int len) void ctap_update_pin(uint8_t * pin, int len)
{ {
// TODO this should go in flash // TODO this should go in flash

1
ctap.h
View File

@ -227,6 +227,7 @@ void ctap_update_pin(uint8_t * pin, int len);
uint8_t ctap_decrement_pin_attempts(); uint8_t ctap_decrement_pin_attempts();
int8_t ctap_leftover_pin_attempts(); int8_t ctap_leftover_pin_attempts();
void ctap_reset_pin_attempts(); void ctap_reset_pin_attempts();
uint8_t ctap_is_pin_set();
// Test for user presence // Test for user presence