shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
1,210 Commits 44 Branches 28 Tags
Commit Graph

124 Commits

Author SHA1 Message Date
Conor Patrick
78e3b291c2 make sure device status is set in all user presence tests 2019-07-28 22:10:56 -04:00
Conor Patrick
b47854c335 use error code PIN_AUTH_INVALID 2019-07-28 21:41:11 -04:00
Conor Patrick
f17faca689 use correct size for auth_data for signature 2019-07-26 23:53:20 -04:00
Conor Patrick
bddd60c080 use persisted key info 2019-05-27 13:54:29 -04:00
Conor Patrick
e1474e8e8e fix potential memory leaks 2019-05-13 15:32:04 -04:00
Conor Patrick
0f50ae7d63 change u2f to return early if button not immediately pressed 2019-05-10 15:56:52 -04:00
Conor Patrick
e105afd647 fix build 2019-05-09 17:51:41 -04:00
Conor Patrick
e402d36bf1 fix user presence skipping for nfc 2019-05-09 17:26:28 -04:00
Conor Patrick
6ae1cd3865 remove not-useful logs 2019-04-24 18:36:36 -04:00
Conor Patrick
ec98af115f restore button in ctap_make_auth_data 2019-04-24 16:54:26 -04:00
Conor Patrick
813eb97d2f reuse memory for allow_list of creds 2019-04-24 11:45:30 -04:00
Conor Patrick
b0baace2e7 move custom credid to different location 2019-04-24 00:15:32 -04:00
Conor Patrick
ce96fffddd add info to authData for ext reqs 2019-04-23 21:57:27 -04:00
Conor Patrick
eab8b81c95 include nfc in user presence test 2019-04-23 14:05:18 -04:00
Adam Langley
73f538dd0e Fix COSE type of key-agreement keys. 
The key-agreement keys in the PIN protocol use COSE type -25. I'm not
sure if that's written down anywhere, but it's what everything else does
and it's an ECDH type rather than an ECDSA type.
 2019-04-20 16:45:04 -07:00
Adam Langley
a5f794c0ff Handle empty pinAuth fields. 
CTAP2 specifies that an empty pinAuth field is special: it indicates
that the device should block for touch, i.e. it's just a way of letting
a user select from multiple authenticators[1].

This change handles empty pinAuth fields in GetAssertion and
MakeCredential commands.

[1] https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential
 2019-04-20 16:26:32 -07:00
Conor Patrick
9bb706987f solo ext bugfix 2019-04-13 22:42:05 -04:00
Conor Patrick
44fa3bbb8e Add checks to use U2F key if necessary 2019-04-13 22:37:31 -04:00
Conor Patrick
7068be9cd5 reorder options 2019-04-10 13:13:38 -04:00
Conor Patrick
5fc8d214fd remove add_user param 2019-04-10 12:47:23 -04:00
Conor Patrick
5f49f4680e re-order items in get_assertion response 2019-04-10 12:22:35 -04:00
Conor Patrick
4cc72bcd97 rearrange cbor encoding order in make_credential and get_info 2019-04-10 12:11:31 -04:00
Conor Patrick
893d4131b2 change how pin is enforced for GA 2019-03-26 19:00:12 -04:00
Conor Patrick
a1a75e4ab5 check errors 2019-03-21 12:47:15 -04:00
Conor Patrick
02e83073e0 add hmac-secret to reg response 2019-03-20 23:58:42 -04:00
Conor Patrick
3a48756f96 remove extra layer of map 2019-03-20 23:40:58 -04:00
Conor Patrick
946e932b1e refactor to use less ram 2019-03-20 23:28:45 -04:00
Conor Patrick
142d4002e5 remove warning, reduce memory 2019-03-20 23:14:17 -04:00
Conor Patrick
2d233f164e small bug fixes 2019-03-20 21:03:03 -04:00
Conor Patrick
b62e9906c7 make new function 2019-03-20 20:13:16 -04:00
Conor Patrick
074225d87a hmac-secret fully functional 2019-03-20 20:03:12 -04:00
Conor Patrick
bb9b2ea9d4 validate saltAuth 2019-03-20 18:10:52 -04:00
Conor Patrick
e8d5bc5829 refactor ctap_make_auth_data arguments 2019-03-20 17:43:50 -04:00
Conor Patrick
821880a8d6 parse extension info in MC 2019-03-20 15:45:10 -04:00
Conor Patrick
dc946f5b35 centralize reset key agreement 2019-03-02 19:38:27 -05:00
Conor Patrick
e31e703afd minor improvements 2019-03-01 23:42:22 -05:00
Conor Patrick
e8d0ad5e7c autodetect passive nfc operation or usb operation 2019-02-26 15:04:23 -05:00
Conor Patrick
347d0942b1 refactor fromNFC 2019-02-26 14:07:27 -05:00
Conor Patrick
1a6895ca25 merge 2019-02-26 13:10:16 -05:00
Conor Patrick
99f09790f1 deterministic 2019-02-14 16:03:19 -05:00
Conor Patrick
6745c9a0cb bugfix/skip-auth for fido2 extension 2019-02-14 15:53:02 -05:00
Conor Patrick
f48becc6dc bridge extension to fido2 interface 2019-02-14 15:15:58 -05:00
Conor Patrick
831976f3a2 replace macros with DEBUG_LEVEL aware timestamp function 2019-02-12 20:28:48 -05:00
yparitcher
1dd835d698
add -Wextra: further code cleanup 
please fix Wno-unused-parameter -Wno-missing-field-initializers in the future
 2019-02-12 18:22:03 -05:00
yparitcher
400b37a96a
clean up build: GCC warnings 2019-02-12 18:19:38 -05:00
Conor Patrick
ed676151f1 update license to apache2 + mit 2019-02-12 17:18:17 -05:00
Conor Patrick
2893cd7ce3 move inits to device_init 2019-02-11 22:00:18 -05:00
merlokk
375db69e3a fido2 works 2019-02-06 19:06:49 +02:00
Szczepan Zalega
449faea7d3
Fix buffer overread in ctap_encode_der_sig() 
Take into account leading zeroes in the size to copy, for both R and S
ingredients of the signature.
Issue was occuring only in cases, when there was a leading zero for the
S part.

Refactor ctap_encode_der_sig():
- add in_ and out_ prefixes to the function arguments
- mark pointers const
- clear out buffer

Tested via simulated device on:
- Fedora 29
- gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6)
- libasan 8.2.1 / 6.fc29
(same machine, as in the related issue description)
by running ctap_test() Python test in a loop for 20 minutes (dev's
counter 400k+). Earlier issue was occuring in first minutes.

Tested on Nucleo32 board, by running the ctap_test() 20 times.

Fixes https://github.com/solokeys/solo/issues/94

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
 2019-02-02 18:33:10 +01:00
Conor Patrick
3d9dd08208 non-c99 compatibility 2019-01-05 19:42:28 -05:00