shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

base: shimun:4.0.0
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert
..
compare: shimun:reset-timeout
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert

4 Commits
4.0.0 ... reset-time

Author SHA1 Message Date
Conor Patrick
c555e4ce46 enforce 10s window where device reset is possible 2020-03-28 15:51:53 -04:00
Conor Patrick
299e91b91b dont return index >= ctap_rk_size() 
Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407
 2020-03-28 15:45:16 -04:00
Conor Patrick
cbf40f4ec7 hmac-secret should be different when UV=1 2020-03-28 12:28:05 -04:00
Conor Patrick
8d93f88631 Update STABLE_VERSION 2020-03-27 11:29:11 -04:00
2 changed files with 17 additions and 9 deletions
Expand all files Collapse all files

2
STABLE_VERSION
View File

@@ -1 +1 @@
3.2.0
4.0.0

24
fido2/ctap.c
View File

@@ -31,6 +31,7 @@ uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
uint8_t KEY_AGREEMENT_PUB[64];
static uint8_t KEY_AGREEMENT_PRIV[32];
static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
static uint32_t BOOT_TIME = 0;
AuthenticatorState STATE;
@@ -461,6 +462,7 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
// Generate credRandom
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
crypto_sha256_update(&getAssertionState.user_verified, 1);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
// Decrypt saltEnc
@@ -1586,18 +1588,15 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
if (initialRpIdHash != NULL) {
memmove(lastRpIdHash, initialRpIdHash, 32);
index = 0;
index = -1;
}
else
{
ctap_load_rk(index, &rk);
memmove(lastRpIdHash, rk.id.rpIdHash, 32);
index++;
}
ctap_load_rk(index, &rk);
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 )
do
{
index++;
if ((unsigned int)index >= ctap_rk_size())
@@ -1606,6 +1605,7 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
}
ctap_load_rk(index, &rk);
}
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 );
return index;
}
@@ -2286,10 +2286,17 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break;
case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n");
status = ctap2_user_presence_test();
if (status == CTAP1_ERR_SUCCESS)
if ((millis() - BOOT_TIME) > 10 * 1000)
{
ctap_reset();
status = CTAP2_ERR_NOT_ALLOWED;
}
else
{
status = ctap2_user_presence_test();
if (status == CTAP1_ERR_SUCCESS)
{
ctap_reset();
}
}
break;
case GET_NEXT_ASSERTION:
@@ -2383,6 +2390,7 @@ void ctap_init()
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved,
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved
);
BOOT_TIME = millis();
crypto_ecc256_init();
int is_init = authenticator_read_state(&STATE);