shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

merge into: shimun:max_enumeration_issue
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert
...
pull from: shimun:reset-timeout
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert

2 Commits
max_enumer ... reset-time

Author SHA1 Message Date
Conor Patrick
c555e4ce46 enforce 10s window where device reset is possible 2020-03-28 15:51:53 -04:00
Conor Patrick
299e91b91b dont return index >= ctap_rk_size() 
Fixes issue found by @My1: https://github.com/solokeys/solo/issues/407
 2020-03-28 15:45:16 -04:00
1 changed files with 15 additions and 8 deletions
Expand all files Collapse all files

23
fido2/ctap.c
View File

@ -31,6 +31,7 @@ uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
uint8_t KEY_AGREEMENT_PUB[64]; uint8_t KEY_AGREEMENT_PUB[64];
static uint8_t KEY_AGREEMENT_PRIV[32]; static uint8_t KEY_AGREEMENT_PRIV[32];
static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS; static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
static uint32_t BOOT_TIME = 0;
AuthenticatorState STATE; AuthenticatorState STATE;
@ -1587,18 +1588,15 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
if (initialRpIdHash != NULL) { if (initialRpIdHash != NULL) {
memmove(lastRpIdHash, initialRpIdHash, 32); memmove(lastRpIdHash, initialRpIdHash, 32);
index = 0; index = -1;
} }
else else
{ {
ctap_load_rk(index, &rk); ctap_load_rk(index, &rk);
memmove(lastRpIdHash, rk.id.rpIdHash, 32); memmove(lastRpIdHash, rk.id.rpIdHash, 32);
index++;
} }
ctap_load_rk(index, &rk); do
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 )
{ {
index++; index++;
if ((unsigned int)index >= ctap_rk_size()) if ((unsigned int)index >= ctap_rk_size())
@ -1607,6 +1605,7 @@ static int scan_for_next_rk(int index, uint8_t * initialRpIdHash){
} }
ctap_load_rk(index, &rk); ctap_load_rk(index, &rk);
} }
while ( memcmp( rk.id.rpIdHash, lastRpIdHash, 32 ) != 0 );
return index; return index;
} }
@ -2287,10 +2286,17 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break; break;
case CTAP_RESET: case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n"); printf1(TAG_CTAP,"CTAP_RESET\n");
status = ctap2_user_presence_test(); if ((millis() - BOOT_TIME) > 10 * 1000)
if (status == CTAP1_ERR_SUCCESS)
{ {
ctap_reset(); status = CTAP2_ERR_NOT_ALLOWED;
}
else
{
status = ctap2_user_presence_test();
if (status == CTAP1_ERR_SUCCESS)
{
ctap_reset();
}
} }
break; break;
case GET_NEXT_ASSERTION: case GET_NEXT_ASSERTION:
@ -2384,6 +2390,7 @@ void ctap_init()
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved, firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved,
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved
); );
BOOT_TIME = millis();
crypto_ecc256_init(); crypto_ecc256_init();
int is_init = authenticator_read_state(&STATE); int is_init = authenticator_read_state(&STATE);