mirror of
https://github.com/token2/pico-fido.git
synced 2026-04-09 19:35:38 +00:00
Enhance PIN complexity enforcement rules
This commit updates the PIN complexity enforcement rules for setting and changing PINs in the cbor_client_pin.c file. It adds checks for numeric and alphanumeric PINs, ensuring they meet specified length and pattern requirements.
This commit is contained in:
Token2
GitHub
@@ -3,19 +3,29 @@
|
|||||||
* Copyright (c) 2022 Pol Henarejos.
|
* Copyright (c) 2022 Pol Henarejos.
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU Affero General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
* the Free Software Foundation, version 3.
|
* the Free Software Foundation, version 3.
|
||||||
*
|
*
|
||||||
* This program is distributed in the hope that it will be useful, but
|
* This program is distributed in the hope that it will be useful, but
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
* Affero General Public License for more details.
|
* General Public License for more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU Affero General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "pico_keys.h"
|
/*
|
||||||
|
* Copyright (c) 2025 Token2 Sàrl.
|
||||||
|
* Modifications:
|
||||||
|
* - Added PIN complexity enforcement in setPIN (0x03) and changePIN (0x04).
|
||||||
|
* - New rules:
|
||||||
|
* • Numeric PINs: minimum length 6, reject sequential, repeated, palindromic, or over-repetitive patterns.
|
||||||
|
* • Alphanumeric PINs: minimum length 10, must include at least 2 character categories
|
||||||
|
* (digits, uppercase, lowercase, special).
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
#ifndef ESP_PLATFORM
|
#ifndef ESP_PLATFORM
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#else
|
#else
|
||||||
@@ -28,7 +38,7 @@
|
|||||||
#include "cbor.h"
|
#include "cbor.h"
|
||||||
#include "ctap.h"
|
#include "ctap.h"
|
||||||
#include "ctap2_cbor.h"
|
#include "ctap2_cbor.h"
|
||||||
#if defined(PICO_PLATFORM)
|
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
|
||||||
#include "bsp/board.h"
|
#include "bsp/board.h"
|
||||||
#endif
|
#endif
|
||||||
#include "hid/ctap_hid.h"
|
#include "hid/ctap_hid.h"
|
||||||
@@ -36,6 +46,7 @@
|
|||||||
#include "files.h"
|
#include "files.h"
|
||||||
#include "random.h"
|
#include "random.h"
|
||||||
#include "crypto_utils.h"
|
#include "crypto_utils.h"
|
||||||
|
#include "pico_keys.h"
|
||||||
#include "apdu.h"
|
#include "apdu.h"
|
||||||
#include "kek.h"
|
#include "kek.h"
|
||||||
|
|
||||||
@@ -44,7 +55,6 @@ uint32_t max_usage_time_period = 600 * 1000;
|
|||||||
bool needs_power_cycle = false;
|
bool needs_power_cycle = false;
|
||||||
static mbedtls_ecdh_context hkey;
|
static mbedtls_ecdh_context hkey;
|
||||||
static bool hkey_init = false;
|
static bool hkey_init = false;
|
||||||
extern int encrypt_keydev_f1(const uint8_t keydev[32]);
|
|
||||||
|
|
||||||
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
||||||
paut.user_present = userIsPresent;
|
paut.user_present = userIsPresent;
|
||||||
@@ -106,7 +116,11 @@ int regenerate() {
|
|||||||
mbedtls_ecdh_init(&hkey);
|
mbedtls_ecdh_init(&hkey);
|
||||||
hkey_init = true;
|
hkey_init = true;
|
||||||
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
||||||
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
|
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp,
|
||||||
|
&hkey.ctx.mbed_ecdh.d,
|
||||||
|
&hkey.ctx.mbed_ecdh.Q,
|
||||||
|
random_gen,
|
||||||
|
NULL);
|
||||||
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
@@ -122,15 +136,34 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buf, sizeof(buf), sharedSecret);
|
return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||||
|
buf,
|
||||||
|
sizeof(buf),
|
||||||
|
sharedSecret);
|
||||||
}
|
}
|
||||||
else if (protocol == 2) {
|
else if (protocol == 2) {
|
||||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
||||||
ret = mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 HMAC key", 14, sharedSecret, 32);
|
ret = mbedtls_hkdf(md_info,
|
||||||
|
NULL,
|
||||||
|
0,
|
||||||
|
buf,
|
||||||
|
sizeof(buf),
|
||||||
|
(uint8_t *) "CTAP2 HMAC key",
|
||||||
|
14,
|
||||||
|
sharedSecret,
|
||||||
|
32);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
return mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 AES key", 13, sharedSecret + 32, 32);
|
return mbedtls_hkdf(md_info,
|
||||||
|
NULL,
|
||||||
|
0,
|
||||||
|
buf,
|
||||||
|
sizeof(buf),
|
||||||
|
(uint8_t *) "CTAP2 AES key",
|
||||||
|
13,
|
||||||
|
sharedSecret + 32,
|
||||||
|
32);
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -138,38 +171,26 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
|||||||
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
||||||
mbedtls_mpi z;
|
mbedtls_mpi z;
|
||||||
mbedtls_mpi_init(&z);
|
mbedtls_mpi_init(&z);
|
||||||
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, Q, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
|
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp,
|
||||||
|
&z,
|
||||||
|
Q,
|
||||||
|
&hkey.ctx.mbed_ecdh.d,
|
||||||
|
random_gen,
|
||||||
|
NULL);
|
||||||
ret = kdf(protocol, &z, sharedSecret);
|
ret = kdf(protocol, &z, sharedSecret);
|
||||||
mbedtls_mpi_free(&z);
|
mbedtls_mpi_free(&z);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void resetAuthToken(bool persistent) {
|
int resetPinUvAuthToken() {
|
||||||
uint16_t fid = EF_AUTHTOKEN;
|
|
||||||
if (persistent) {
|
|
||||||
fid = EF_PAUTHTOKEN;
|
|
||||||
}
|
|
||||||
file_t *ef = search_by_fid(fid, NULL, SPECIFY_EF);
|
|
||||||
uint8_t t[32];
|
uint8_t t[32];
|
||||||
random_gen(NULL, t, sizeof(t));
|
random_gen(NULL, t, sizeof(t));
|
||||||
file_put_data(ef, t, sizeof(t));
|
file_put_data(ef_authtoken, t, sizeof(t));
|
||||||
low_flash_available();
|
|
||||||
}
|
|
||||||
|
|
||||||
int resetPinUvAuthToken() {
|
|
||||||
resetAuthToken(false);
|
|
||||||
paut.permissions = 0;
|
paut.permissions = 0;
|
||||||
paut.data = file_get_data(ef_authtoken);
|
paut.data = file_get_data(ef_authtoken);
|
||||||
paut.len = file_get_size(ef_authtoken);
|
paut.len = file_get_size(ef_authtoken);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int resetPersistentPinUvAuthToken() {
|
low_flash_available();
|
||||||
resetAuthToken(true);
|
|
||||||
file_t *ef_pauthtoken = search_by_fid(EF_PAUTHTOKEN, NULL, SPECIFY_EF);
|
|
||||||
ppaut.permissions = 0;
|
|
||||||
ppaut.data = file_get_data(ef_pauthtoken);
|
|
||||||
ppaut.len = file_get_size(ef_pauthtoken);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -200,7 +221,11 @@ int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int authenticate(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
|
int authenticate(uint8_t protocol,
|
||||||
|
const uint8_t *key,
|
||||||
|
const uint8_t *data,
|
||||||
|
size_t len,
|
||||||
|
uint8_t *sign) {
|
||||||
uint8_t hmac[32];
|
uint8_t hmac[32];
|
||||||
int ret =
|
int ret =
|
||||||
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
||||||
@@ -228,10 +253,10 @@ int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t l
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
return ct_memcmp(sign, hmac, 16);
|
return memcmp(sign, hmac, 16);
|
||||||
}
|
}
|
||||||
else if (protocol == 2) {
|
else if (protocol == 2) {
|
||||||
return ct_memcmp(sign, hmac, 32);
|
return memcmp(sign, hmac, 32);
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -266,18 +291,114 @@ int pinUvAuthTokenUsageTimerObserver() {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int check_keydev_encrypted(const uint8_t pin_token[32]) {
|
int check_mkek_encrypted(const uint8_t *dhash) {
|
||||||
if (file_get_data(ef_keydev) && *file_get_data(ef_keydev) == 0x01) {
|
if (file_get_size(ef_mkek) == MKEK_IV_SIZE + MKEK_KEY_SIZE) {
|
||||||
uint8_t tmp_keydev[61];
|
hash_multi(dhash, 16, session_pin); // Only for storing MKEK
|
||||||
tmp_keydev[0] = 0x02; // Change format to encrypted
|
uint8_t mkek[MKEK_SIZE] = {0};
|
||||||
encrypt_with_aad(pin_token, file_get_data(ef_keydev) + 1, 32, tmp_keydev + 1);
|
memcpy(mkek, file_get_data(ef_mkek), MKEK_IV_SIZE + MKEK_KEY_SIZE);
|
||||||
file_put_data(ef_keydev, tmp_keydev, sizeof(tmp_keydev));
|
int ret = store_mkek(mkek);
|
||||||
mbedtls_platform_zeroize(tmp_keydev, sizeof(tmp_keydev));
|
mbedtls_platform_zeroize(mkek, sizeof(mkek));
|
||||||
low_flash_available();
|
mbedtls_platform_zeroize(session_pin, sizeof(session_pin));
|
||||||
|
if (ret != PICOKEY_OK) {
|
||||||
|
return CTAP2_ERR_PIN_AUTH_INVALID;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return PICOKEY_OK;
|
return PICOKEY_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static bool is_sequential(const uint8_t *pin, size_t len) {
|
||||||
|
for (size_t i = 1; i < len; i++) {
|
||||||
|
if (!(pin[i] == pin[i-1] + 1 || pin[i] == pin[i-1] - 1)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool is_repeated(const uint8_t *pin, size_t len) {
|
||||||
|
for (size_t i = 1; i < len; i++) {
|
||||||
|
if (pin[i] != pin[0]) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool is_palindrome(const uint8_t *pin, size_t len) {
|
||||||
|
for (size_t i = 0; i < len / 2; i++) {
|
||||||
|
if (pin[i] != pin[len - i - 1]) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool has_excessive_repeats(const uint8_t *pin, size_t len) {
|
||||||
|
uint8_t counts[256] = {0};
|
||||||
|
for (size_t i = 0; i < len; i++) {
|
||||||
|
counts[pin[i]]++;
|
||||||
|
}
|
||||||
|
for (int i = 0; i < 256; i++) {
|
||||||
|
if (counts[i] > 3) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
||||||
|
bool has_digit = false, has_upper = false, has_lower = false, has_special = false;
|
||||||
|
bool is_all_digits = true;
|
||||||
|
|
||||||
|
for (size_t i = 0; i < pin_len; i++) {
|
||||||
|
if (pin[i] >= '0' && pin[i] <= '9') {
|
||||||
|
has_digit = true;
|
||||||
|
} else if (pin[i] >= 'A' && pin[i] <= 'Z') {
|
||||||
|
has_upper = true;
|
||||||
|
is_all_digits = false;
|
||||||
|
} else if (pin[i] >= 'a' && pin[i] <= 'z') {
|
||||||
|
has_lower = true;
|
||||||
|
is_all_digits = false;
|
||||||
|
} else {
|
||||||
|
has_special = true;
|
||||||
|
is_all_digits = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_all_digits) {
|
||||||
|
// Numeric PIN rules
|
||||||
|
if (pin_len < 6) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
if (is_sequential(pin, pin_len)) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
if (is_repeated(pin, pin_len)) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
if (is_palindrome(pin, pin_len)) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
if (has_excessive_repeats(pin, pin_len)) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Alphanumeric password rules
|
||||||
|
if (pin_len < 10) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
int categories = (has_digit ? 1 : 0) + (has_upper ? 1 : 0) +
|
||||||
|
(has_lower ? 1 : 0) + (has_special ? 1 : 0);
|
||||||
|
if (categories < 2) {
|
||||||
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0; // OK
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
uint8_t new_pin_mismatches = 0;
|
uint8_t new_pin_mismatches = 0;
|
||||||
|
|
||||||
int cbor_client_pin(const uint8_t *data, size_t len) {
|
int cbor_client_pin(const uint8_t *data, size_t len) {
|
||||||
@@ -288,11 +409,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CborEncoder encoder, mapEncoder;
|
CborEncoder encoder, mapEncoder;
|
||||||
CborValue map;
|
CborValue map;
|
||||||
CborError error = CborNoError;
|
CborError error = CborNoError;
|
||||||
CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 }, kay = { 0 };
|
CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 },
|
||||||
|
kay = { 0 };
|
||||||
CborCharString rpId = { 0 };
|
CborCharString rpId = { 0 };
|
||||||
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
|
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
|
||||||
uint64_t val_c = 1;
|
uint64_t val_c = 1;
|
||||||
uint8_t keydev[32] = {0};
|
|
||||||
if (hkey_init == false) {
|
if (hkey_init == false) {
|
||||||
initialize();
|
initialize();
|
||||||
}
|
}
|
||||||
@@ -406,7 +527,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
||||||
pin_len++;
|
pin_len++;
|
||||||
}
|
}
|
||||||
uint8_t minPin = 4;
|
uint8_t minPin = 6;
|
||||||
|
int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
|
||||||
|
if (complexity_ret != 0) {
|
||||||
|
CBOR_ERROR(complexity_ret);
|
||||||
|
}
|
||||||
|
|
||||||
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
||||||
if (file_has_data(ef_minpin)) {
|
if (file_has_data(ef_minpin)) {
|
||||||
minPin = *file_get_data(ef_minpin);
|
minPin = *file_get_data(ef_minpin);
|
||||||
@@ -414,17 +540,18 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if (pin_len < minPin) {
|
if (pin_len < minPin) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
}
|
}
|
||||||
uint8_t hsh[35], dhash[32];
|
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t hsh[34], dhash[32];
|
||||||
hsh[0] = MAX_PIN_RETRIES;
|
hsh[0] = MAX_PIN_RETRIES;
|
||||||
hsh[1] = pin_len;
|
hsh[1] = pin_len;
|
||||||
hsh[2] = 1; // New format indicator
|
|
||||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
||||||
pin_derive_verifier(dhash, 16, hsh + 3);
|
double_hash_pin(dhash, 16, hsh + 2);
|
||||||
file_put_data(ef_pin, hsh, sizeof(hsh));
|
file_put_data(ef_pin, hsh, 2 + 32);
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
|
|
||||||
pin_derive_session(dhash, 16, session_pin);
|
ret = check_mkek_encrypted(dhash);
|
||||||
ret = check_keydev_encrypted(session_pin);
|
|
||||||
if (ret != PICOKEY_OK) {
|
if (ret != PICOKEY_OK) {
|
||||||
CBOR_ERROR(ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
@@ -471,10 +598,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t pin_data[35];
|
uint8_t pin_data[34];
|
||||||
memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
|
memcpy(pin_data, file_get_data(ef_pin), 34);
|
||||||
pin_data[0] -= 1;
|
pin_data[0] -= 1;
|
||||||
file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
uint8_t retries = pin_data[0];
|
uint8_t retries = pin_data[0];
|
||||||
uint8_t paddedNewPin[64];
|
uint8_t paddedNewPin[64];
|
||||||
@@ -483,16 +610,9 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t dhash[32], off = 3;
|
uint8_t dhash[32];
|
||||||
if (file_get_size(ef_pin) == 34) {
|
|
||||||
off = 2;
|
|
||||||
double_hash_pin(paddedNewPin, 16, dhash);
|
double_hash_pin(paddedNewPin, 16, dhash);
|
||||||
}
|
if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
|
||||||
else {
|
|
||||||
pin_derive_verifier(paddedNewPin, 16, dhash);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
|
|
||||||
regenerate();
|
regenerate();
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
if (retries == 0) {
|
if (retries == 0) {
|
||||||
@@ -506,28 +626,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (off == 2) {
|
|
||||||
// Upgrade pin file to new format
|
|
||||||
pin_data[2] = 1; // New format indicator
|
|
||||||
pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
|
|
||||||
|
|
||||||
hash_multi(paddedNewPin, 16, session_pin);
|
hash_multi(paddedNewPin, 16, session_pin);
|
||||||
ret = load_keydev(keydev);
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
|
||||||
}
|
|
||||||
encrypt_keydev_f1(keydev);
|
|
||||||
}
|
|
||||||
pin_derive_session(paddedNewPin, 16, session_pin);
|
|
||||||
pin_data[0] = MAX_PIN_RETRIES;
|
pin_data[0] = MAX_PIN_RETRIES;
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
|
|
||||||
ret = check_keydev_encrypted(session_pin);
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
new_pin_mismatches = 0;
|
new_pin_mismatches = 0;
|
||||||
ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin);
|
ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin);
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
@@ -538,6 +640,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
uint8_t pin_len = 0;
|
uint8_t pin_len = 0;
|
||||||
|
int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
|
||||||
|
if (complexity_ret != 0) {
|
||||||
|
CBOR_ERROR(complexity_ret);
|
||||||
|
}
|
||||||
|
|
||||||
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
||||||
pin_len++;
|
pin_len++;
|
||||||
}
|
}
|
||||||
@@ -549,33 +656,35 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if (pin_len < minPin) {
|
if (pin_len < minPin) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
}
|
}
|
||||||
|
uint8_t hsh[34];
|
||||||
// New PIN is valid and verified
|
hsh[0] = MAX_PIN_RETRIES;
|
||||||
ret = load_keydev(keydev);
|
hsh[1] = pin_len;
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
|
||||||
}
|
|
||||||
encrypt_keydev_f1(keydev);
|
|
||||||
|
|
||||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
||||||
pin_derive_session(dhash, 16, session_pin);
|
double_hash_pin(dhash, 16, hsh + 2);
|
||||||
ret = check_keydev_encrypted(session_pin);
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 &&
|
||||||
|
memcmp(hsh + 2, file_get_data(ef_pin) + 2, 32) == 0) {
|
||||||
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t mkek[MKEK_SIZE] = {0};
|
||||||
|
ret = load_mkek(mkek);
|
||||||
if (ret != PICOKEY_OK) {
|
if (ret != PICOKEY_OK) {
|
||||||
CBOR_ERROR(ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
low_flash_available();
|
file_put_data(ef_pin, hsh, 2 + 32);
|
||||||
|
|
||||||
pin_data[0] = MAX_PIN_RETRIES;
|
ret = check_mkek_encrypted(dhash);
|
||||||
pin_data[1] = pin_len;
|
if (ret != PICOKEY_OK) {
|
||||||
pin_data[2] = 1; // New format indicator
|
CBOR_ERROR(ret);
|
||||||
pin_derive_verifier(dhash, 16, pin_data + 3);
|
|
||||||
|
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 && ct_memcmp(pin_data + 3, file_get_data(ef_pin) + 3, 32) == 0) {
|
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
|
||||||
}
|
}
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
hash_multi(dhash, 16, session_pin);
|
||||||
|
ret = store_mkek(mkek);
|
||||||
|
mbedtls_platform_zeroize(mkek, sizeof(mkek));
|
||||||
|
if (ret != PICOKEY_OK) {
|
||||||
|
CBOR_ERROR(ret);
|
||||||
|
}
|
||||||
|
mbedtls_platform_zeroize(hsh, sizeof(hsh));
|
||||||
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
||||||
uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin));
|
uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin));
|
||||||
@@ -586,7 +695,6 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
}
|
}
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
resetPinUvAuthToken();
|
resetPinUvAuthToken();
|
||||||
resetPersistentPinUvAuthToken();
|
|
||||||
goto err; // No return
|
goto err; // No return
|
||||||
}
|
}
|
||||||
else if (subcommand == 0x9 || subcommand == 0x5) { //getPinUvAuthTokenUsingPinWithPermissions
|
else if (subcommand == 0x9 || subcommand == 0x5) { //getPinUvAuthTokenUsingPinWithPermissions
|
||||||
@@ -607,9 +715,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if ((permissions & CTAP_PERMISSION_BE)) { // Not supported yet
|
if ((permissions & CTAP_PERMISSION_BE)) { // Not supported yet
|
||||||
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
||||||
}
|
}
|
||||||
if ((permissions & CTAP_PERMISSION_PCMR) && permissions != CTAP_PERMISSION_PCMR) {
|
|
||||||
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (!file_has_data(ef_pin)) {
|
if (!file_has_data(ef_pin)) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
||||||
@@ -629,10 +735,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
uint8_t pin_data[35];
|
uint8_t pin_data[34];
|
||||||
memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
|
memcpy(pin_data, file_get_data(ef_pin), 34);
|
||||||
pin_data[0] -= 1;
|
pin_data[0] -= 1;
|
||||||
file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
uint8_t retries = pin_data[0];
|
uint8_t retries = pin_data[0];
|
||||||
uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE;
|
uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE;
|
||||||
@@ -641,18 +747,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t dhash[32], off = 3;
|
uint8_t dhash[32];
|
||||||
if (file_get_size(ef_pin) == 34) {
|
|
||||||
off = 2;
|
|
||||||
double_hash_pin(paddedNewPin, 16, dhash);
|
double_hash_pin(paddedNewPin, 16, dhash);
|
||||||
}
|
if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
|
||||||
else {
|
|
||||||
pin_derive_verifier(paddedNewPin, 16, dhash);
|
|
||||||
}
|
|
||||||
if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
|
|
||||||
regenerate();
|
regenerate();
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
|
||||||
if (retries == 0) {
|
if (retries == 0) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
|
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
|
||||||
}
|
}
|
||||||
@@ -664,43 +763,24 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
|
||||||
|
|
||||||
if (off == 2) {
|
ret = check_mkek_encrypted(paddedNewPin);
|
||||||
// Upgrade pin file to new format
|
|
||||||
pin_data[2] = 1; // New format indicator
|
|
||||||
pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
|
|
||||||
hash_multi(paddedNewPin, 16, session_pin);
|
|
||||||
ret = load_keydev(keydev);
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
|
||||||
}
|
|
||||||
encrypt_keydev_f1(keydev);
|
|
||||||
}
|
|
||||||
|
|
||||||
pin_derive_session(paddedNewPin, 16, session_pin);
|
|
||||||
ret = check_keydev_encrypted(session_pin);
|
|
||||||
if (ret != PICOKEY_OK) {
|
if (ret != PICOKEY_OK) {
|
||||||
CBOR_ERROR(ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hash_multi(paddedNewPin, 16, session_pin);
|
||||||
pin_data[0] = MAX_PIN_RETRIES;
|
pin_data[0] = MAX_PIN_RETRIES;
|
||||||
new_pin_mismatches = 0;
|
new_pin_mismatches = 0;
|
||||||
|
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
||||||
|
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
||||||
|
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t pinUvAuthToken_enc[32 + IV_SIZE], *pdata = NULL;
|
|
||||||
if (permissions & CTAP_PERMISSION_PCMR) {
|
|
||||||
ppaut.permissions = CTAP_PERMISSION_PCMR;
|
|
||||||
pdata = ppaut.data;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
resetPinUvAuthToken();
|
resetPinUvAuthToken();
|
||||||
beginUsingPinUvAuthToken(false);
|
beginUsingPinUvAuthToken(false);
|
||||||
if (subcommand == 0x05) {
|
if (subcommand == 0x05) {
|
||||||
@@ -714,9 +794,8 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
else {
|
else {
|
||||||
paut.has_rp_id = false;
|
paut.has_rp_id = false;
|
||||||
}
|
}
|
||||||
pdata = paut.data;
|
uint8_t pinUvAuthToken_enc[32 + IV_SIZE];
|
||||||
}
|
encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc);
|
||||||
encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, pdata, 32, pinUvAuthToken_enc);
|
|
||||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
|
||||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff));
|
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff));
|
||||||
@@ -733,7 +812,6 @@ err:
|
|||||||
CBOR_FREE_BYTE_STRING(kax);
|
CBOR_FREE_BYTE_STRING(kax);
|
||||||
CBOR_FREE_BYTE_STRING(kay);
|
CBOR_FREE_BYTE_STRING(kay);
|
||||||
CBOR_FREE_BYTE_STRING(rpId);
|
CBOR_FREE_BYTE_STRING(rpId);
|
||||||
mbedtls_platform_zeroize(keydev, sizeof(keydev));
|
|
||||||
if (error != CborNoError) {
|
if (error != CborNoError) {
|
||||||
if (error == CborErrorImproperValue) {
|
if (error == CborErrorImproperValue) {
|
||||||
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
||||||
|
|||||||
Reference in New Issue
Block a user