diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c
index 7a4097c..750aa77 100644
--- a/src/fido/cbor_client_pin.c
+++ b/src/fido/cbor_client_pin.c
@@ -3,19 +3,29 @@
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
+ * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Affero General Public License for more details.
+ * General Public License for more details.
*
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
*/
+
+ /*
+ * Copyright (c) 2025 Token2 Sàrl.
+ * Modifications:
+ * - Added PIN complexity enforcement in setPIN (0x03) and changePIN (0x04).
+ * - New rules:
+ * • Numeric PINs: minimum length 6, reject sequential, repeated, palindromic, or over-repetitive patterns.
+ * • Alphanumeric PINs: minimum length 10, must include at least 2 character categories
+ * (digits, uppercase, lowercase, special).
+ */
+
-#include "pico_keys.h"
#ifndef ESP_PLATFORM
#include "common.h"
#else
@@ -28,7 +38,7 @@
#include "cbor.h"
#include "ctap.h"
#include "ctap2_cbor.h"
-#if defined(PICO_PLATFORM)
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"
@@ -36,6 +46,7 @@
#include "files.h"
#include "random.h"
#include "crypto_utils.h"
+#include "pico_keys.h"
#include "apdu.h"
#include "kek.h"
@@ -44,7 +55,6 @@ uint32_t max_usage_time_period = 600 * 1000;
bool needs_power_cycle = false;
static mbedtls_ecdh_context hkey;
static bool hkey_init = false;
-extern int encrypt_keydev_f1(const uint8_t keydev[32]);
int beginUsingPinUvAuthToken(bool userIsPresent) {
paut.user_present = userIsPresent;
@@ -106,7 +116,11 @@ int regenerate() {
mbedtls_ecdh_init(&hkey);
hkey_init = true;
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
- int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
+ int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp,
+ &hkey.ctx.mbed_ecdh.d,
+ &hkey.ctx.mbed_ecdh.Q,
+ random_gen,
+ NULL);
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
if (ret != 0) {
return ret;
@@ -122,15 +136,34 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
return ret;
}
if (protocol == 1) {
- return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buf, sizeof(buf), sharedSecret);
+ return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ buf,
+ sizeof(buf),
+ sharedSecret);
}
else if (protocol == 2) {
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
- ret = mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 HMAC key", 14, sharedSecret, 32);
+ ret = mbedtls_hkdf(md_info,
+ NULL,
+ 0,
+ buf,
+ sizeof(buf),
+ (uint8_t *) "CTAP2 HMAC key",
+ 14,
+ sharedSecret,
+ 32);
if (ret != 0) {
return ret;
}
- return mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 AES key", 13, sharedSecret + 32, 32);
+ return mbedtls_hkdf(md_info,
+ NULL,
+ 0,
+ buf,
+ sizeof(buf),
+ (uint8_t *) "CTAP2 AES key",
+ 13,
+ sharedSecret + 32,
+ 32);
}
return -1;
}
@@ -138,38 +171,26 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
mbedtls_mpi z;
mbedtls_mpi_init(&z);
- int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, Q, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
+ int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp,
+ &z,
+ Q,
+ &hkey.ctx.mbed_ecdh.d,
+ random_gen,
+ NULL);
ret = kdf(protocol, &z, sharedSecret);
mbedtls_mpi_free(&z);
return ret;
}
-void resetAuthToken(bool persistent) {
- uint16_t fid = EF_AUTHTOKEN;
- if (persistent) {
- fid = EF_PAUTHTOKEN;
- }
- file_t *ef = search_by_fid(fid, NULL, SPECIFY_EF);
+int resetPinUvAuthToken() {
uint8_t t[32];
random_gen(NULL, t, sizeof(t));
- file_put_data(ef, t, sizeof(t));
- low_flash_available();
-}
-
-int resetPinUvAuthToken() {
- resetAuthToken(false);
+ file_put_data(ef_authtoken, t, sizeof(t));
paut.permissions = 0;
paut.data = file_get_data(ef_authtoken);
paut.len = file_get_size(ef_authtoken);
- return 0;
-}
-int resetPersistentPinUvAuthToken() {
- resetAuthToken(true);
- file_t *ef_pauthtoken = search_by_fid(EF_PAUTHTOKEN, NULL, SPECIFY_EF);
- ppaut.permissions = 0;
- ppaut.data = file_get_data(ef_pauthtoken);
- ppaut.len = file_get_size(ef_pauthtoken);
+ low_flash_available();
return 0;
}
@@ -200,7 +221,11 @@ int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in
return -1;
}
-int authenticate(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
+int authenticate(uint8_t protocol,
+ const uint8_t *key,
+ const uint8_t *data,
+ size_t len,
+ uint8_t *sign) {
uint8_t hmac[32];
int ret =
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
@@ -228,10 +253,10 @@ int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t l
return ret;
}
if (protocol == 1) {
- return ct_memcmp(sign, hmac, 16);
+ return memcmp(sign, hmac, 16);
}
else if (protocol == 2) {
- return ct_memcmp(sign, hmac, 32);
+ return memcmp(sign, hmac, 32);
}
return -1;
}
@@ -266,18 +291,114 @@ int pinUvAuthTokenUsageTimerObserver() {
return 0;
}
-int check_keydev_encrypted(const uint8_t pin_token[32]) {
- if (file_get_data(ef_keydev) && *file_get_data(ef_keydev) == 0x01) {
- uint8_t tmp_keydev[61];
- tmp_keydev[0] = 0x02; // Change format to encrypted
- encrypt_with_aad(pin_token, file_get_data(ef_keydev) + 1, 32, tmp_keydev + 1);
- file_put_data(ef_keydev, tmp_keydev, sizeof(tmp_keydev));
- mbedtls_platform_zeroize(tmp_keydev, sizeof(tmp_keydev));
- low_flash_available();
+int check_mkek_encrypted(const uint8_t *dhash) {
+ if (file_get_size(ef_mkek) == MKEK_IV_SIZE + MKEK_KEY_SIZE) {
+ hash_multi(dhash, 16, session_pin); // Only for storing MKEK
+ uint8_t mkek[MKEK_SIZE] = {0};
+ memcpy(mkek, file_get_data(ef_mkek), MKEK_IV_SIZE + MKEK_KEY_SIZE);
+ int ret = store_mkek(mkek);
+ mbedtls_platform_zeroize(mkek, sizeof(mkek));
+ mbedtls_platform_zeroize(session_pin, sizeof(session_pin));
+ if (ret != PICOKEY_OK) {
+ return CTAP2_ERR_PIN_AUTH_INVALID;
+ }
}
return PICOKEY_OK;
}
+
+static bool is_sequential(const uint8_t *pin, size_t len) {
+ for (size_t i = 1; i < len; i++) {
+ if (!(pin[i] == pin[i-1] + 1 || pin[i] == pin[i-1] - 1)) {
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool is_repeated(const uint8_t *pin, size_t len) {
+ for (size_t i = 1; i < len; i++) {
+ if (pin[i] != pin[0]) {
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool is_palindrome(const uint8_t *pin, size_t len) {
+ for (size_t i = 0; i < len / 2; i++) {
+ if (pin[i] != pin[len - i - 1]) {
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool has_excessive_repeats(const uint8_t *pin, size_t len) {
+ uint8_t counts[256] = {0};
+ for (size_t i = 0; i < len; i++) {
+ counts[pin[i]]++;
+ }
+ for (int i = 0; i < 256; i++) {
+ if (counts[i] > 3) {
+ return true;
+ }
+ }
+ return false;
+}
+
+static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
+ bool has_digit = false, has_upper = false, has_lower = false, has_special = false;
+ bool is_all_digits = true;
+
+ for (size_t i = 0; i < pin_len; i++) {
+ if (pin[i] >= '0' && pin[i] <= '9') {
+ has_digit = true;
+ } else if (pin[i] >= 'A' && pin[i] <= 'Z') {
+ has_upper = true;
+ is_all_digits = false;
+ } else if (pin[i] >= 'a' && pin[i] <= 'z') {
+ has_lower = true;
+ is_all_digits = false;
+ } else {
+ has_special = true;
+ is_all_digits = false;
+ }
+ }
+
+ if (is_all_digits) {
+ // Numeric PIN rules
+ if (pin_len < 6) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ if (is_sequential(pin, pin_len)) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ if (is_repeated(pin, pin_len)) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ if (is_palindrome(pin, pin_len)) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ if (has_excessive_repeats(pin, pin_len)) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ } else {
+ // Alphanumeric password rules
+ if (pin_len < 10) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ int categories = (has_digit ? 1 : 0) + (has_upper ? 1 : 0) +
+ (has_lower ? 1 : 0) + (has_special ? 1 : 0);
+ if (categories < 2) {
+ return CTAP2_ERR_PIN_POLICY_VIOLATION;
+ }
+ }
+
+ return 0; // OK
+}
+
+
uint8_t new_pin_mismatches = 0;
int cbor_client_pin(const uint8_t *data, size_t len) {
@@ -288,11 +409,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CborEncoder encoder, mapEncoder;
CborValue map;
CborError error = CborNoError;
- CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 }, kay = { 0 };
+ CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 },
+ kay = { 0 };
CborCharString rpId = { 0 };
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
uint64_t val_c = 1;
- uint8_t keydev[32] = {0};
if (hkey_init == false) {
initialize();
}
@@ -406,7 +527,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
pin_len++;
}
- uint8_t minPin = 4;
+ uint8_t minPin = 6;
+ int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
+ if (complexity_ret != 0) {
+ CBOR_ERROR(complexity_ret);
+ }
+
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
if (file_has_data(ef_minpin)) {
minPin = *file_get_data(ef_minpin);
@@ -414,17 +540,18 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if (pin_len < minPin) {
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
}
- uint8_t hsh[35], dhash[32];
+
+
+
+ uint8_t hsh[34], dhash[32];
hsh[0] = MAX_PIN_RETRIES;
hsh[1] = pin_len;
- hsh[2] = 1; // New format indicator
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
- pin_derive_verifier(dhash, 16, hsh + 3);
- file_put_data(ef_pin, hsh, sizeof(hsh));
+ double_hash_pin(dhash, 16, hsh + 2);
+ file_put_data(ef_pin, hsh, 2 + 32);
low_flash_available();
- pin_derive_session(dhash, 16, session_pin);
- ret = check_keydev_encrypted(session_pin);
+ ret = check_mkek_encrypted(dhash);
if (ret != PICOKEY_OK) {
CBOR_ERROR(ret);
}
@@ -471,10 +598,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
- uint8_t pin_data[35];
- memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
+ uint8_t pin_data[34];
+ memcpy(pin_data, file_get_data(ef_pin), 34);
pin_data[0] -= 1;
- file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
+ file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64];
@@ -483,16 +610,9 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
- uint8_t dhash[32], off = 3;
- if (file_get_size(ef_pin) == 34) {
- off = 2;
- double_hash_pin(paddedNewPin, 16, dhash);
- }
- else {
- pin_derive_verifier(paddedNewPin, 16, dhash);
- }
-
- if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
+ uint8_t dhash[32];
+ double_hash_pin(paddedNewPin, 16, dhash);
+ if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
regenerate();
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
if (retries == 0) {
@@ -506,28 +626,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
}
}
- if (off == 2) {
- // Upgrade pin file to new format
- pin_data[2] = 1; // New format indicator
- pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
-
- hash_multi(paddedNewPin, 16, session_pin);
- ret = load_keydev(keydev);
- if (ret != PICOKEY_OK) {
- CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
- }
- encrypt_keydev_f1(keydev);
- }
- pin_derive_session(paddedNewPin, 16, session_pin);
+ hash_multi(paddedNewPin, 16, session_pin);
pin_data[0] = MAX_PIN_RETRIES;
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
-
- ret = check_keydev_encrypted(session_pin);
- if (ret != PICOKEY_OK) {
- CBOR_ERROR(ret);
- }
-
new_pin_mismatches = 0;
ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin);
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
@@ -538,7 +640,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
uint8_t pin_len = 0;
- while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
+ int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
+if (complexity_ret != 0) {
+ CBOR_ERROR(complexity_ret);
+}
+
+ while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
pin_len++;
}
uint8_t minPin = 4;
@@ -549,33 +656,35 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if (pin_len < minPin) {
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
}
-
- // New PIN is valid and verified
- ret = load_keydev(keydev);
- if (ret != PICOKEY_OK) {
- CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
- }
- encrypt_keydev_f1(keydev);
-
+ uint8_t hsh[34];
+ hsh[0] = MAX_PIN_RETRIES;
+ hsh[1] = pin_len;
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
- pin_derive_session(dhash, 16, session_pin);
- ret = check_keydev_encrypted(session_pin);
+ double_hash_pin(dhash, 16, hsh + 2);
+ if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 &&
+ memcmp(hsh + 2, file_get_data(ef_pin) + 2, 32) == 0) {
+ CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
+ }
+
+ uint8_t mkek[MKEK_SIZE] = {0};
+ ret = load_mkek(mkek);
if (ret != PICOKEY_OK) {
CBOR_ERROR(ret);
}
- low_flash_available();
+ file_put_data(ef_pin, hsh, 2 + 32);
- pin_data[0] = MAX_PIN_RETRIES;
- pin_data[1] = pin_len;
- pin_data[2] = 1; // New format indicator
- pin_derive_verifier(dhash, 16, pin_data + 3);
-
- if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 && ct_memcmp(pin_data + 3, file_get_data(ef_pin) + 3, 32) == 0) {
- CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
+ ret = check_mkek_encrypted(dhash);
+ if (ret != PICOKEY_OK) {
+ CBOR_ERROR(ret);
}
- file_put_data(ef_pin, pin_data, sizeof(pin_data));
- mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
+ hash_multi(dhash, 16, session_pin);
+ ret = store_mkek(mkek);
+ mbedtls_platform_zeroize(mkek, sizeof(mkek));
+ if (ret != PICOKEY_OK) {
+ CBOR_ERROR(ret);
+ }
+ mbedtls_platform_zeroize(hsh, sizeof(hsh));
mbedtls_platform_zeroize(dhash, sizeof(dhash));
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin));
@@ -586,7 +695,6 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
}
low_flash_available();
resetPinUvAuthToken();
- resetPersistentPinUvAuthToken();
goto err; // No return
}
else if (subcommand == 0x9 || subcommand == 0x5) { //getPinUvAuthTokenUsingPinWithPermissions
@@ -607,9 +715,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if ((permissions & CTAP_PERMISSION_BE)) { // Not supported yet
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
}
- if ((permissions & CTAP_PERMISSION_PCMR) && permissions != CTAP_PERMISSION_PCMR) {
- CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
- }
+
}
if (!file_has_data(ef_pin)) {
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
@@ -629,10 +735,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
- uint8_t pin_data[35];
- memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
+ uint8_t pin_data[34];
+ memcpy(pin_data, file_get_data(ef_pin), 34);
pin_data[0] -= 1;
- file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
+ file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE;
@@ -641,18 +747,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
- uint8_t dhash[32], off = 3;
- if (file_get_size(ef_pin) == 34) {
- off = 2;
- double_hash_pin(paddedNewPin, 16, dhash);
- }
- else {
- pin_derive_verifier(paddedNewPin, 16, dhash);
- }
- if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
+ uint8_t dhash[32];
+ double_hash_pin(paddedNewPin, 16, dhash);
+ if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
regenerate();
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
- mbedtls_platform_zeroize(dhash, sizeof(dhash));
if (retries == 0) {
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
}
@@ -664,59 +763,39 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
}
}
- mbedtls_platform_zeroize(dhash, sizeof(dhash));
- if (off == 2) {
- // Upgrade pin file to new format
- pin_data[2] = 1; // New format indicator
- pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
- hash_multi(paddedNewPin, 16, session_pin);
- ret = load_keydev(keydev);
- if (ret != PICOKEY_OK) {
- CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
- }
- encrypt_keydev_f1(keydev);
- }
-
- pin_derive_session(paddedNewPin, 16, session_pin);
- ret = check_keydev_encrypted(session_pin);
+ ret = check_mkek_encrypted(paddedNewPin);
if (ret != PICOKEY_OK) {
CBOR_ERROR(ret);
}
+ hash_multi(paddedNewPin, 16, session_pin);
pin_data[0] = MAX_PIN_RETRIES;
new_pin_mismatches = 0;
-
file_put_data(ef_pin, pin_data, sizeof(pin_data));
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
+ mbedtls_platform_zeroize(dhash, sizeof(dhash));
low_flash_available();
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
}
- uint8_t pinUvAuthToken_enc[32 + IV_SIZE], *pdata = NULL;
- if (permissions & CTAP_PERMISSION_PCMR) {
- ppaut.permissions = CTAP_PERMISSION_PCMR;
- pdata = ppaut.data;
+ resetPinUvAuthToken();
+ beginUsingPinUvAuthToken(false);
+ if (subcommand == 0x05) {
+ permissions = CTAP_PERMISSION_MC | CTAP_PERMISSION_GA;
+ }
+ paut.permissions = (uint8_t)permissions;
+ if (rpId.present == true) {
+ mbedtls_sha256((uint8_t *) rpId.data, rpId.len, paut.rp_id_hash, 0);
+ paut.has_rp_id = true;
}
else {
- resetPinUvAuthToken();
- beginUsingPinUvAuthToken(false);
- if (subcommand == 0x05) {
- permissions = CTAP_PERMISSION_MC | CTAP_PERMISSION_GA;
- }
- paut.permissions = (uint8_t)permissions;
- if (rpId.present == true) {
- mbedtls_sha256((uint8_t *) rpId.data, rpId.len, paut.rp_id_hash, 0);
- paut.has_rp_id = true;
- }
- else {
- paut.has_rp_id = false;
- }
- pdata = paut.data;
+ paut.has_rp_id = false;
}
- encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, pdata, 32, pinUvAuthToken_enc);
+ uint8_t pinUvAuthToken_enc[32 + IV_SIZE];
+ encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc);
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff));
@@ -733,7 +812,6 @@ err:
CBOR_FREE_BYTE_STRING(kax);
CBOR_FREE_BYTE_STRING(kay);
CBOR_FREE_BYTE_STRING(rpId);
- mbedtls_platform_zeroize(keydev, sizeof(keydev));
if (error != CborNoError) {
if (error == CborErrorImproperValue) {
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;