shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
1,174 Commits 44 Branches 28 Tags
Commit Graph

100 Commits

Author SHA1 Message Date
Radoslav Gerganov
79b43a90fd Implement commands for management of resident keys 
Implement command 0x41 which is used by OpenSSH for reading RKs. It has
the following subcommands:
 * CMD_CRED_METADATA - get number of saved/remaining RKs
 * CMD_RP_BEGIN/CMD_RP_NEXT - iterate over the saved RPs
 * CMD_RK_BEGIN/CMD_RK_NEXT - iterate over the RKs for a given RP

Fixes issue #374 and issue #314
 2020-03-21 11:59:22 -04:00
Conor Patrick
1d59bbfdd4 support different aaguid's in cert for different solo models 2019-12-01 18:09:08 -05:00
Conor Patrick
54c66d80b6 overwrite x509 fields for tap or somu 2019-12-01 18:09:08 -05:00
Conor Patrick
1d63154699 move sense of "backup" from ctap to device layer 2019-11-22 19:02:52 -05:00
Conor Patrick
d266e7927c reorganize crypto and device.c to be more based on fido2/ 2019-11-22 19:02:52 -05:00
Conor Patrick
b4f59ec355 pull certificate from flash page 2019-10-27 10:25:00 -04:00
Conor Patrick
00b09e0d40 add u2f length arg 2019-10-08 16:10:29 -04:00
Conor Patrick
08658eb11e
Merge branch 'master' into bootloader-downgrade-protection 2019-10-08 13:44:20 -04:00
Conor Patrick
0ebe0ff502 add ctap function to overwrite key bytes 2019-10-08 13:42:37 -04:00
Conor Patrick
8c256298ae default up to enabled 2019-09-17 00:13:57 +08:00
Conor Patrick
c61f15a090 allow get_assertion with disabled UP 2019-09-17 00:13:57 +08:00
Conor Patrick
f072561899 properly check the rpId in request 2019-09-17 00:13:57 +08:00
Conor Patrick
a9bbdee35b
Merge branch 'master' into remove-pin-storage 2019-09-02 21:45:21 +08:00
Szczepan Zalega
cb13fb65de
Store version in the bootloader. Debug code. 2019-08-24 10:17:43 +02:00
Conor Patrick
41ceb78f6c add user presence to flags 2019-08-23 14:48:21 +08:00
Conor Patrick
3b53537077 refactor fido2 user presence handling & increase timeout to 29s 2019-08-23 13:19:28 +08:00
merlokk
0d621d13f9 fix decoding apdu 2019-08-22 20:55:12 +08:00
Conor Patrick
a72f0ede05 take a lazy approach to key agreement generation to not hold up boot time for nfc 2019-08-21 12:06:06 +08:00
Conor Patrick
adcbd3aeb8 speed up public key derivation slightly for nfc 2019-08-21 12:06:06 +08:00
Conor Patrick
b706cc30b0 for now, always gen key agreement 2019-08-21 12:06:06 +08:00
Szczepan Zalega
b452e3dfe4
Correct doc 2019-08-20 11:47:14 +02:00
Szczepan Zalega
8e3753e711
Add initial STATE migration code (2) 2019-08-20 11:34:51 +02:00
Szczepan Zalega
816ca21f08
Correct writing salted hash 
pinHashEnc is 16 bytes, which is too small to store sha256 result.
 2019-08-20 11:34:48 +02:00
Szczepan Zalega
5a448d636c
Add comments 2019-08-20 11:34:29 +02:00
Szczepan Zalega
7be0553377
Replace FIDO2 PIN storage with its hash 2019-08-20 11:34:26 +02:00
Conor Patrick
690d7c716a move CTAPHID_STATUS_PROCESSING to after UP 2019-07-29 12:39:59 -04:00
Conor Patrick
78e3b291c2 make sure device status is set in all user presence tests 2019-07-28 22:10:56 -04:00
Conor Patrick
b47854c335 use error code PIN_AUTH_INVALID 2019-07-28 21:41:11 -04:00
Conor Patrick
f17faca689 use correct size for auth_data for signature 2019-07-26 23:53:20 -04:00
Conor Patrick
bddd60c080 use persisted key info 2019-05-27 13:54:29 -04:00
Conor Patrick
e1474e8e8e fix potential memory leaks 2019-05-13 15:32:04 -04:00
Conor Patrick
0f50ae7d63 change u2f to return early if button not immediately pressed 2019-05-10 15:56:52 -04:00
Conor Patrick
e105afd647 fix build 2019-05-09 17:51:41 -04:00
Conor Patrick
e402d36bf1 fix user presence skipping for nfc 2019-05-09 17:26:28 -04:00
Conor Patrick
6ae1cd3865 remove not-useful logs 2019-04-24 18:36:36 -04:00
Conor Patrick
ec98af115f restore button in ctap_make_auth_data 2019-04-24 16:54:26 -04:00
Conor Patrick
813eb97d2f reuse memory for allow_list of creds 2019-04-24 11:45:30 -04:00
Conor Patrick
b0baace2e7 move custom credid to different location 2019-04-24 00:15:32 -04:00
Conor Patrick
ce96fffddd add info to authData for ext reqs 2019-04-23 21:57:27 -04:00
Conor Patrick
eab8b81c95 include nfc in user presence test 2019-04-23 14:05:18 -04:00
Adam Langley
73f538dd0e Fix COSE type of key-agreement keys. 
The key-agreement keys in the PIN protocol use COSE type -25. I'm not
sure if that's written down anywhere, but it's what everything else does
and it's an ECDH type rather than an ECDSA type.
 2019-04-20 16:45:04 -07:00
Adam Langley
a5f794c0ff Handle empty pinAuth fields. 
CTAP2 specifies that an empty pinAuth field is special: it indicates
that the device should block for touch, i.e. it's just a way of letting
a user select from multiple authenticators[1].

This change handles empty pinAuth fields in GetAssertion and
MakeCredential commands.

[1] https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential
 2019-04-20 16:26:32 -07:00
Conor Patrick
9bb706987f solo ext bugfix 2019-04-13 22:42:05 -04:00
Conor Patrick
44fa3bbb8e Add checks to use U2F key if necessary 2019-04-13 22:37:31 -04:00
Conor Patrick
7068be9cd5 reorder options 2019-04-10 13:13:38 -04:00
Conor Patrick
5fc8d214fd remove add_user param 2019-04-10 12:47:23 -04:00
Conor Patrick
5f49f4680e re-order items in get_assertion response 2019-04-10 12:22:35 -04:00
Conor Patrick
4cc72bcd97 rearrange cbor encoding order in make_credential and get_info 2019-04-10 12:11:31 -04:00
Conor Patrick
893d4131b2 change how pin is enforced for GA 2019-03-26 19:00:12 -04:00
Conor Patrick
a1a75e4ab5 check errors 2019-03-21 12:47:15 -04:00