Compare commits

..

4 Commits

Author SHA1 Message Date
Conor Patrick
c555e4ce46 enforce 10s window where device reset is possible 2020-03-28 15:51:53 -04:00
Conor Patrick
299e91b91b dont return index >= ctap_rk_size()
Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407
2020-03-28 15:45:16 -04:00
Conor Patrick
cbf40f4ec7 hmac-secret should be different when UV=1 2020-03-28 12:28:05 -04:00
Conor Patrick
8d93f88631 Update STABLE_VERSION 2020-03-27 11:29:11 -04:00
2 changed files with 17 additions and 9 deletions

View File

@@ -1 +1 @@
3.2.0
4.0.0

View File

@@ -31,6 +31,7 @@ uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
uint8_t KEY_AGREEMENT_PUB[64];
static uint8_t KEY_AGREEMENT_PRIV[32];
static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
static uint32_t BOOT_TIME = 0;
AuthenticatorState STATE;
@@ -461,6 +462,7 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
// Generate credRandom
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
crypto_sha256_update(&getAssertionState.user_verified, 1);
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
// Decrypt saltEnc
@@ -1586,18 +1588,15 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
if (initialRpIdHash != NULL) {
memmove(lastRpIdHash, initialRpIdHash, 32);
index = 0;
index = -1;
}
else
{
ctap_load_rk(index, &rk);
memmove(lastRpIdHash, rk.id.rpIdHash, 32);
index++;
}
ctap_load_rk(index, &rk);
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 )
do
{
index++;
if ((unsigned int)index >= ctap_rk_size())
@@ -1606,6 +1605,7 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
}
ctap_load_rk(index, &rk);
}
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 );
return index;
}
@@ -2286,10 +2286,17 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break;
case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n");
status = ctap2_user_presence_test();
if (status == CTAP1_ERR_SUCCESS)
if ((millis() - BOOT_TIME) > 10 * 1000)
{
ctap_reset();
status = CTAP2_ERR_NOT_ALLOWED;
}
else
{
status = ctap2_user_presence_test();
if (status == CTAP1_ERR_SUCCESS)
{
ctap_reset();
}
}
break;
case GET_NEXT_ASSERTION:
@@ -2383,6 +2390,7 @@ void ctap_init()
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved,
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved
);
BOOT_TIME = millis();
crypto_ecc256_init();
int is_init = authenticator_read_state(&STATE);