Commit Graph

270 Commits

Author SHA1 Message Date
Radoslav Gerganov
5043c6877c Add support for the security manager in Google Chrome
This patch fixes the following issues to make Google Chrome happy:
1. Adds CTAP_CBOR_CRED_MGMT(0x0A) which is an alias to CTAP_CBOR_CRED_MGMT_PRE(0x41)
2. Returns success instead of NO_CREDENTIALS when there are no RKs
3. Skip the "icon" property if it's empty

Tested with Google Chrome Version 80.0.3987.149
2020-03-26 18:13:50 +02:00
Radoslav Gerganov
08cd76d50c Do not return NO_CREDENTIALS if there are no RKs and meta is requested
Fixes-issue: #403
2020-03-26 15:14:05 +02:00
Conor Patrick
530e175ad1 cleanup 2020-03-25 14:57:39 -04:00
Conor Patrick
6cd3873b37 add reboot command for better testing 2020-03-25 14:57:39 -04:00
Conor Patrick
241f58657b consider credProtect with exclude list, and also check user presence 2020-03-25 14:57:39 -04:00
Conor Patrick
3b42289cce add rpId to RK's, fix counting of unique RP's 2020-03-25 14:57:39 -04:00
Conor Patrick
b3712b57fc refactor to reuse more code 2020-03-25 14:57:39 -04:00
Conor Patrick
37769bb735 to support deleted credentials, need to scan all rk slots since it's no longer continuous 2020-03-25 14:57:39 -04:00
Conor Patrick
d677f8c346 add rk delete implementations 2020-03-25 14:57:39 -04:00
Conor Patrick
98bcf647c4 implement rk delete command for cred mgmt 2020-03-25 14:57:39 -04:00
Conor Patrick
682a443f4e refactor credMgmt to parse as subCommandParams, and get ready for delete command 2020-03-25 14:57:39 -04:00
Conor Patrick
a28a05673f definitely need to update rpIdHash 2020-03-25 14:57:39 -04:00
Conor Patrick
3a70ee0ec6 refactor authData and extension handling to work for getNextAssertion 2020-03-25 14:57:39 -04:00
Conor Patrick
872a320abc Fix credential order: need to start with most recent 2020-03-25 14:57:39 -04:00
Conor Patrick
3cbf7ec451 move credProtect checking to credential filtering step 2020-03-25 14:57:39 -04:00
Conor Patrick
97eb6bba8a bug fix 2020-03-25 14:57:39 -04:00
Conor Patrick
fdc5a68fcd update info/feature detection details 2020-03-25 14:57:39 -04:00
Conor Patrick
1c1005a0e8 add credprotect parameter to output 2020-03-25 14:57:39 -04:00
Conor Patrick
4831410111 add credProtect extension 2020-03-25 14:57:39 -04:00
Radoslav Gerganov
05bc8bee55 Check return values when parsing CTAP commands 2020-03-21 12:49:05 -04:00
Radoslav Gerganov
7112633779 Fix user presence test when pinAuth is empty
The check_retr macro is evaluating its argument twice, so when we do:

    check_retr( ctap2_user_presence_test(...) )

the user presence function is called twice and the user has to press the
button twice. This is regression introduced with commit 3b53537.
2020-03-21 12:48:05 -04:00
Radoslav Gerganov
79b43a90fd Implement commands for management of resident keys
Implement command 0x41 which is used by OpenSSH for reading RKs. It has
the following subcommands:
 * CMD_CRED_METADATA - get number of saved/remaining RKs
 * CMD_RP_BEGIN/CMD_RP_NEXT - iterate over the saved RPs
 * CMD_RK_BEGIN/CMD_RK_NEXT - iterate over the RKs for a given RP

Fixes issue #374 and issue #314
2020-03-21 11:59:22 -04:00
Conor Patrick
f2d6698066 Update version.c 2020-03-16 14:59:01 -04:00
Conor Patrick
5738bcc7a3 more strict checks in cbor parsing 2020-02-27 15:40:27 -05:00
Conor Patrick
1b862d3b0c fix error return 2020-02-18 11:18:08 -05:00
Conor Patrick
349cbc39f2 fix offset 2020-02-18 11:18:08 -05:00
Conor Patrick
da31f984dd add version check 2020-02-18 11:18:08 -05:00
Conor Patrick
9d3e8c06fc subsequent button presses do not need to wait long 2020-02-18 11:18:08 -05:00
Conor Patrick
aeafd09007 only use .flag section for hw builds 2020-02-17 13:41:05 -05:00
Conor Patrick
e713daba26 add temporary command to force flash locking 2020-02-13 17:17:23 -05:00
Conor Patrick
46f2920e63 bugfix hid cancel 2019-12-01 18:09:08 -05:00
Conor Patrick
8a44d14fef adjust default impl 2019-12-01 18:09:08 -05:00
Conor Patrick
1d59bbfdd4 support different aaguid's in cert for different solo models 2019-12-01 18:09:08 -05:00
Conor Patrick
54c66d80b6 overwrite x509 fields for tap or somu 2019-12-01 18:09:08 -05:00
Conor Patrick
6cb15a6482 small fixes 2019-11-22 19:02:52 -05:00
Conor Patrick
85ddc40036 add weak definitions for nonvolatila functions 2019-11-22 19:02:52 -05:00
Conor Patrick
1d63154699 move sense of "backup" from ctap to device layer 2019-11-22 19:02:52 -05:00
Conor Patrick
ee55bf3ba0 document device.h 2019-11-22 19:02:52 -05:00
Conor Patrick
3b4b6dd4fe remove solo functions from device.h 2019-11-22 19:02:52 -05:00
Conor Patrick
dcd256faf4 add initial weak definitions 2019-11-22 19:02:52 -05:00
Conor Patrick
85365c635d refactor to use libsolo 2019-11-22 19:02:52 -05:00
Conor Patrick
a388607dab build fido2 locally as lib 2019-11-22 19:02:52 -05:00
Conor Patrick
d266e7927c reorganize crypto and device.c to be more based on fido2/ 2019-11-22 19:02:52 -05:00
Conor Patrick
8b146c4a16 fix issue with bootloader not replying data 2019-10-28 10:51:35 -04:00
Conor Patrick
c0df8b680d fix build 2019-10-27 10:25:00 -04:00
Conor Patrick
9ac2aa90c3 store all info in same page, dont use authenticator state 2019-10-27 10:25:00 -04:00
Conor Patrick
d33749fc16 add locked variable to GETVERSION hid command 2019-10-27 10:25:00 -04:00
Conor Patrick
7212982385 remove hacker macros 2019-10-27 10:25:00 -04:00
Conor Patrick
666cd6a0ba migrate certs 2019-10-27 10:25:00 -04:00
Conor Patrick
b4f59ec355 pull certificate from flash page 2019-10-27 10:25:00 -04:00