mirror of
https://github.com/token2/pico-fido.git
synced 2026-04-09 03:15:39 +00:00
Update cbor_client_pin.c
This commit is contained in:
Token2
GitHub
@@ -1,20 +1,3 @@
|
|||||||
/*
|
|
||||||
* This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
|
|
||||||
* Copyright (c) 2022 Pol Henarejos.
|
|
||||||
*
|
|
||||||
* This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, version 3.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2025 Token2 Sàrl.
|
* Copyright (c) 2025 Token2 Sàrl.
|
||||||
* Modifications:
|
* Modifications:
|
||||||
@@ -25,7 +8,23 @@
|
|||||||
* (digits, uppercase, lowercase, special).
|
* (digits, uppercase, lowercase, special).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
|
||||||
|
* Copyright (c) 2022 Pol Henarejos.
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as published by
|
||||||
|
* the Free Software Foundation, version 3.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
#include "pico_keys.h"
|
||||||
#ifndef ESP_PLATFORM
|
#ifndef ESP_PLATFORM
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#else
|
#else
|
||||||
@@ -38,7 +37,7 @@
|
|||||||
#include "cbor.h"
|
#include "cbor.h"
|
||||||
#include "ctap.h"
|
#include "ctap.h"
|
||||||
#include "ctap2_cbor.h"
|
#include "ctap2_cbor.h"
|
||||||
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
|
#if defined(PICO_PLATFORM)
|
||||||
#include "bsp/board.h"
|
#include "bsp/board.h"
|
||||||
#endif
|
#endif
|
||||||
#include "hid/ctap_hid.h"
|
#include "hid/ctap_hid.h"
|
||||||
@@ -46,7 +45,6 @@
|
|||||||
#include "files.h"
|
#include "files.h"
|
||||||
#include "random.h"
|
#include "random.h"
|
||||||
#include "crypto_utils.h"
|
#include "crypto_utils.h"
|
||||||
#include "pico_keys.h"
|
|
||||||
#include "apdu.h"
|
#include "apdu.h"
|
||||||
#include "kek.h"
|
#include "kek.h"
|
||||||
|
|
||||||
@@ -55,7 +53,7 @@ uint32_t max_usage_time_period = 600 * 1000;
|
|||||||
bool needs_power_cycle = false;
|
bool needs_power_cycle = false;
|
||||||
static mbedtls_ecdh_context hkey;
|
static mbedtls_ecdh_context hkey;
|
||||||
static bool hkey_init = false;
|
static bool hkey_init = false;
|
||||||
|
extern int encrypt_keydev_f1(const uint8_t keydev[32]);
|
||||||
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
||||||
paut.user_present = userIsPresent;
|
paut.user_present = userIsPresent;
|
||||||
paut.user_verified = true;
|
paut.user_verified = true;
|
||||||
@@ -64,25 +62,21 @@ int beginUsingPinUvAuthToken(bool userIsPresent) {
|
|||||||
paut.in_use = true;
|
paut.in_use = true;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void clearUserPresentFlag() {
|
void clearUserPresentFlag() {
|
||||||
if (paut.in_use == true) {
|
if (paut.in_use == true) {
|
||||||
paut.user_present = false;
|
paut.user_present = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void clearUserVerifiedFlag() {
|
void clearUserVerifiedFlag() {
|
||||||
if (paut.in_use == true) {
|
if (paut.in_use == true) {
|
||||||
paut.user_verified = false;
|
paut.user_verified = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void clearPinUvAuthTokenPermissionsExceptLbw() {
|
void clearPinUvAuthTokenPermissionsExceptLbw() {
|
||||||
if (paut.in_use == true) {
|
if (paut.in_use == true) {
|
||||||
paut.permissions = CTAP_PERMISSION_LBW;
|
paut.permissions = CTAP_PERMISSION_LBW;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void stopUsingPinUvAuthToken() {
|
void stopUsingPinUvAuthToken() {
|
||||||
paut.permissions = 0;
|
paut.permissions = 0;
|
||||||
usage_timer = 0;
|
usage_timer = 0;
|
||||||
@@ -93,41 +87,32 @@ void stopUsingPinUvAuthToken() {
|
|||||||
paut.user_present = paut.user_verified = false;
|
paut.user_present = paut.user_verified = false;
|
||||||
user_present_time_limit = 0;
|
user_present_time_limit = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool getUserPresentFlagValue() {
|
bool getUserPresentFlagValue() {
|
||||||
if (paut.in_use != true) {
|
if (paut.in_use != true) {
|
||||||
paut.user_present = false;
|
paut.user_present = false;
|
||||||
}
|
}
|
||||||
return paut.user_present;
|
return paut.user_present;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool getUserVerifiedFlagValue() {
|
bool getUserVerifiedFlagValue() {
|
||||||
if (paut.in_use != true) {
|
if (paut.in_use != true) {
|
||||||
paut.user_verified = false;
|
paut.user_verified = false;
|
||||||
}
|
}
|
||||||
return paut.user_verified;
|
return paut.user_verified;
|
||||||
}
|
}
|
||||||
|
|
||||||
int regenerate() {
|
int regenerate() {
|
||||||
if (hkey_init == true) {
|
if (hkey_init == true) {
|
||||||
mbedtls_ecdh_free(&hkey);
|
mbedtls_ecdh_free(&hkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_ecdh_init(&hkey);
|
mbedtls_ecdh_init(&hkey);
|
||||||
hkey_init = true;
|
hkey_init = true;
|
||||||
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
||||||
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp,
|
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
|
||||||
&hkey.ctx.mbed_ecdh.d,
|
|
||||||
&hkey.ctx.mbed_ecdh.Q,
|
|
||||||
random_gen,
|
|
||||||
NULL);
|
|
||||||
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
uint8_t buf[32];
|
uint8_t buf[32];
|
||||||
@@ -136,64 +121,52 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
return mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buf, sizeof(buf), sharedSecret);
|
||||||
buf,
|
|
||||||
sizeof(buf),
|
|
||||||
sharedSecret);
|
|
||||||
}
|
}
|
||||||
else if (protocol == 2) {
|
else if (protocol == 2) {
|
||||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
||||||
ret = mbedtls_hkdf(md_info,
|
ret = mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 HMAC key", 14, sharedSecret, 32);
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
buf,
|
|
||||||
sizeof(buf),
|
|
||||||
(uint8_t *) "CTAP2 HMAC key",
|
|
||||||
14,
|
|
||||||
sharedSecret,
|
|
||||||
32);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
return mbedtls_hkdf(md_info,
|
return mbedtls_hkdf(md_info, NULL, 0, buf, sizeof(buf), (uint8_t *) "CTAP2 AES key", 13, sharedSecret + 32, 32);
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
buf,
|
|
||||||
sizeof(buf),
|
|
||||||
(uint8_t *) "CTAP2 AES key",
|
|
||||||
13,
|
|
||||||
sharedSecret + 32,
|
|
||||||
32);
|
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
||||||
mbedtls_mpi z;
|
mbedtls_mpi z;
|
||||||
mbedtls_mpi_init(&z);
|
mbedtls_mpi_init(&z);
|
||||||
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp,
|
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, Q, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
|
||||||
&z,
|
|
||||||
Q,
|
|
||||||
&hkey.ctx.mbed_ecdh.d,
|
|
||||||
random_gen,
|
|
||||||
NULL);
|
|
||||||
ret = kdf(protocol, &z, sharedSecret);
|
ret = kdf(protocol, &z, sharedSecret);
|
||||||
mbedtls_mpi_free(&z);
|
mbedtls_mpi_free(&z);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
void resetAuthToken(bool persistent) {
|
||||||
int resetPinUvAuthToken() {
|
uint16_t fid = EF_AUTHTOKEN;
|
||||||
|
if (persistent) {
|
||||||
|
fid = EF_PAUTHTOKEN;
|
||||||
|
}
|
||||||
|
file_t *ef = search_by_fid(fid, NULL, SPECIFY_EF);
|
||||||
uint8_t t[32];
|
uint8_t t[32];
|
||||||
random_gen(NULL, t, sizeof(t));
|
random_gen(NULL, t, sizeof(t));
|
||||||
file_put_data(ef_authtoken, t, sizeof(t));
|
file_put_data(ef, t, sizeof(t));
|
||||||
|
low_flash_available();
|
||||||
|
}
|
||||||
|
int resetPinUvAuthToken() {
|
||||||
|
resetAuthToken(false);
|
||||||
paut.permissions = 0;
|
paut.permissions = 0;
|
||||||
paut.data = file_get_data(ef_authtoken);
|
paut.data = file_get_data(ef_authtoken);
|
||||||
paut.len = file_get_size(ef_authtoken);
|
paut.len = file_get_size(ef_authtoken);
|
||||||
|
|
||||||
low_flash_available();
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
int resetPersistentPinUvAuthToken() {
|
||||||
|
resetAuthToken(true);
|
||||||
|
file_t *ef_pauthtoken = search_by_fid(EF_PAUTHTOKEN, NULL, SPECIFY_EF);
|
||||||
|
ppaut.permissions = 0;
|
||||||
|
ppaut.data = file_get_data(ef_pauthtoken);
|
||||||
|
ppaut.len = file_get_size(ef_pauthtoken);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) {
|
int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) {
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
memcpy(out, in, in_len);
|
memcpy(out, in, in_len);
|
||||||
@@ -204,10 +177,8 @@ int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in
|
|||||||
memcpy(out + IV_SIZE, in, in_len);
|
memcpy(out + IV_SIZE, in, in_len);
|
||||||
return aes_encrypt(key + 32, out, 32 * 8, PICO_KEYS_AES_MODE_CBC, out + IV_SIZE, in_len);
|
return aes_encrypt(key + 32, out, 32 * 8, PICO_KEYS_AES_MODE_CBC, out + IV_SIZE, in_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) {
|
int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) {
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
memcpy(out, in, in_len);
|
memcpy(out, in, in_len);
|
||||||
@@ -217,15 +188,9 @@ int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in
|
|||||||
memcpy(out, in + IV_SIZE, in_len - IV_SIZE);
|
memcpy(out, in + IV_SIZE, in_len - IV_SIZE);
|
||||||
return aes_decrypt(key + 32, in, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len - IV_SIZE);
|
return aes_decrypt(key + 32, in, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len - IV_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
int authenticate(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
|
||||||
int authenticate(uint8_t protocol,
|
|
||||||
const uint8_t *key,
|
|
||||||
const uint8_t *data,
|
|
||||||
size_t len,
|
|
||||||
uint8_t *sign) {
|
|
||||||
uint8_t hmac[32];
|
uint8_t hmac[32];
|
||||||
int ret =
|
int ret =
|
||||||
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
||||||
@@ -243,33 +208,27 @@ int authenticate(uint8_t protocol,
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t len, uint8_t *sign) {
|
int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t len, uint8_t *sign) {
|
||||||
uint8_t hmac[32];
|
uint8_t hmac[32];
|
||||||
//if (paut.in_use == false)
|
|
||||||
// return -2;
|
|
||||||
int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
if (protocol == 1) {
|
if (protocol == 1) {
|
||||||
return memcmp(sign, hmac, 16);
|
return ct_memcmp(sign, hmac, 16);
|
||||||
}
|
}
|
||||||
else if (protocol == 2) {
|
else if (protocol == 2) {
|
||||||
return memcmp(sign, hmac, 32);
|
return ct_memcmp(sign, hmac, 32);
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int initialize() {
|
int initialize() {
|
||||||
regenerate();
|
regenerate();
|
||||||
return resetPinUvAuthToken();
|
return resetPinUvAuthToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
int getPublicKey() {
|
int getPublicKey() {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int pinUvAuthTokenUsageTimerObserver() {
|
int pinUvAuthTokenUsageTimerObserver() {
|
||||||
if (usage_timer == 0) {
|
if (usage_timer == 0) {
|
||||||
return -1;
|
return -1;
|
||||||
@@ -286,71 +245,59 @@ int pinUvAuthTokenUsageTimerObserver() {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// TO DO: implement a rolling timer
|
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
int check_keydev_encrypted(const uint8_t pin_token[32]) {
|
||||||
int check_mkek_encrypted(const uint8_t *dhash) {
|
if (file_get_data(ef_keydev) && *file_get_data(ef_keydev) == 0x01) {
|
||||||
if (file_get_size(ef_mkek) == MKEK_IV_SIZE + MKEK_KEY_SIZE) {
|
uint8_t tmp_keydev[61];
|
||||||
hash_multi(dhash, 16, session_pin); // Only for storing MKEK
|
tmp_keydev[0] = 0x02;
|
||||||
uint8_t mkek[MKEK_SIZE] = {0};
|
encrypt_with_aad(pin_token, file_get_data(ef_keydev) + 1, 32, tmp_keydev + 1);
|
||||||
memcpy(mkek, file_get_data(ef_mkek), MKEK_IV_SIZE + MKEK_KEY_SIZE);
|
file_put_data(ef_keydev, tmp_keydev, sizeof(tmp_keydev));
|
||||||
int ret = store_mkek(mkek);
|
mbedtls_platform_zeroize(tmp_keydev, sizeof(tmp_keydev));
|
||||||
mbedtls_platform_zeroize(mkek, sizeof(mkek));
|
low_flash_available();
|
||||||
mbedtls_platform_zeroize(session_pin, sizeof(session_pin));
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
return CTAP2_ERR_PIN_AUTH_INVALID;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return PICOKEY_OK;
|
return PICOKEY_OK;
|
||||||
}
|
}
|
||||||
|
uint8_t new_pin_mismatches = 0;
|
||||||
|
|
||||||
|
// --- PIN Complexity Helpers ---
|
||||||
static bool is_sequential(const uint8_t *pin, size_t len) {
|
static bool is_sequential(const uint8_t *pin, size_t pin_len) {
|
||||||
for (size_t i = 1; i < len; i++) {
|
for (size_t i = 1; i < pin_len; i++) {
|
||||||
if (!(pin[i] == pin[i-1] + 1 || pin[i] == pin[i-1] - 1)) {
|
if (pin[i] != pin[i-1] + 1) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
static bool is_repeated(const uint8_t *pin, size_t pin_len) {
|
||||||
static bool is_repeated(const uint8_t *pin, size_t len) {
|
uint8_t first = pin[0];
|
||||||
for (size_t i = 1; i < len; i++) {
|
for (size_t i = 1; i < pin_len; i++) {
|
||||||
if (pin[i] != pin[0]) {
|
if (pin[i] != first) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
static bool is_palindrome(const uint8_t *pin, size_t pin_len) {
|
||||||
static bool is_palindrome(const uint8_t *pin, size_t len) {
|
for (size_t i = 0; i < pin_len / 2; i++) {
|
||||||
for (size_t i = 0; i < len / 2; i++) {
|
if (pin[i] != pin[pin_len - 1 - i]) {
|
||||||
if (pin[i] != pin[len - i - 1]) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
static bool has_excessive_repeats(const uint8_t *pin, size_t pin_len) {
|
||||||
static bool has_excessive_repeats(const uint8_t *pin, size_t len) {
|
for (size_t i = 0; i < pin_len - 2; i++) {
|
||||||
uint8_t counts[256] = {0};
|
if (pin[i] == pin[i+1] && pin[i] == pin[i+2]) {
|
||||||
for (size_t i = 0; i < len; i++) {
|
|
||||||
counts[pin[i]]++;
|
|
||||||
}
|
|
||||||
for (int i = 0; i < 256; i++) {
|
|
||||||
if (counts[i] > 3) {
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
||||||
bool has_digit = false, has_upper = false, has_lower = false, has_special = false;
|
bool has_digit = false, has_upper = false, has_lower = false, has_special = false;
|
||||||
bool is_all_digits = true;
|
bool is_all_digits = true;
|
||||||
|
|
||||||
for (size_t i = 0; i < pin_len; i++) {
|
for (size_t i = 0; i < pin_len; i++) {
|
||||||
if (pin[i] >= '0' && pin[i] <= '9') {
|
if (pin[i] >= '0' && pin[i] <= '9') {
|
||||||
has_digit = true;
|
has_digit = true;
|
||||||
@@ -365,9 +312,7 @@ static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
|||||||
is_all_digits = false;
|
is_all_digits = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_all_digits) {
|
if (is_all_digits) {
|
||||||
// Numeric PIN rules
|
|
||||||
if (pin_len < 6) {
|
if (pin_len < 6) {
|
||||||
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
}
|
}
|
||||||
@@ -384,7 +329,6 @@ static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
|||||||
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Alphanumeric password rules
|
|
||||||
if (pin_len < 10) {
|
if (pin_len < 10) {
|
||||||
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
}
|
}
|
||||||
@@ -394,13 +338,9 @@ static int check_pin_complexity(const uint8_t *pin, size_t pin_len) {
|
|||||||
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
return CTAP2_ERR_PIN_POLICY_VIOLATION;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
return 0; // OK
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
uint8_t new_pin_mismatches = 0;
|
|
||||||
|
|
||||||
int cbor_client_pin(const uint8_t *data, size_t len) {
|
int cbor_client_pin(const uint8_t *data, size_t len) {
|
||||||
size_t resp_size = 0;
|
size_t resp_size = 0;
|
||||||
uint64_t subcommand = 0x0, pinUvAuthProtocol = 0, permissions = 0;
|
uint64_t subcommand = 0x0, pinUvAuthProtocol = 0, permissions = 0;
|
||||||
@@ -409,11 +349,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CborEncoder encoder, mapEncoder;
|
CborEncoder encoder, mapEncoder;
|
||||||
CborValue map;
|
CborValue map;
|
||||||
CborError error = CborNoError;
|
CborError error = CborNoError;
|
||||||
CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 },
|
CborByteString pinUvAuthParam = { 0 }, newPinEnc = { 0 }, pinHashEnc = { 0 }, kax = { 0 }, kay = { 0 };
|
||||||
kay = { 0 };
|
|
||||||
CborCharString rpId = { 0 };
|
CborCharString rpId = { 0 };
|
||||||
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
|
CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
|
||||||
uint64_t val_c = 1;
|
uint64_t val_c = 1;
|
||||||
|
uint8_t keydev[32] = {0};
|
||||||
if (hkey_init == false) {
|
if (hkey_init == false) {
|
||||||
initialize();
|
initialize();
|
||||||
}
|
}
|
||||||
@@ -454,7 +394,6 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
CBOR_PARSE_MAP_END(map, 1);
|
CBOR_PARSE_MAP_END(map, 1);
|
||||||
|
|
||||||
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0);
|
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0);
|
||||||
if (subcommand == 0x0) {
|
if (subcommand == 0x0) {
|
||||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||||
@@ -473,7 +412,6 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CborEncoder mapEncoder2;
|
CborEncoder mapEncoder2;
|
||||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
|
||||||
|
|
||||||
CBOR_CHECK(COSE_key_shared(&hkey, &mapEncoder, &mapEncoder2));
|
CBOR_CHECK(COSE_key_shared(&hkey, &mapEncoder, &mapEncoder2));
|
||||||
}
|
}
|
||||||
else if (pinUvAuthProtocol == 0) {
|
else if (pinUvAuthProtocol == 0) {
|
||||||
@@ -527,12 +465,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
||||||
pin_len++;
|
pin_len++;
|
||||||
}
|
}
|
||||||
uint8_t minPin = 6;
|
// --- Check PIN Complexity ---
|
||||||
int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
|
ret = check_pin_complexity(paddedNewPin, pin_len);
|
||||||
if (complexity_ret != 0) {
|
if (ret != 0) {
|
||||||
CBOR_ERROR(complexity_ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
|
uint8_t minPin = 4;
|
||||||
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
||||||
if (file_has_data(ef_minpin)) {
|
if (file_has_data(ef_minpin)) {
|
||||||
minPin = *file_get_data(ef_minpin);
|
minPin = *file_get_data(ef_minpin);
|
||||||
@@ -540,18 +478,16 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if (pin_len < minPin) {
|
if (pin_len < minPin) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
}
|
}
|
||||||
|
uint8_t hsh[35], dhash[32];
|
||||||
|
|
||||||
|
|
||||||
uint8_t hsh[34], dhash[32];
|
|
||||||
hsh[0] = MAX_PIN_RETRIES;
|
hsh[0] = MAX_PIN_RETRIES;
|
||||||
hsh[1] = pin_len;
|
hsh[1] = pin_len;
|
||||||
|
hsh[2] = 1; // New format indicator
|
||||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
||||||
double_hash_pin(dhash, 16, hsh + 2);
|
pin_derive_verifier(dhash, 16, hsh + 3);
|
||||||
file_put_data(ef_pin, hsh, 2 + 32);
|
file_put_data(ef_pin, hsh, sizeof(hsh));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
|
pin_derive_session(dhash, 16, session_pin);
|
||||||
ret = check_mkek_encrypted(dhash);
|
ret = check_keydev_encrypted(session_pin);
|
||||||
if (ret != PICOKEY_OK) {
|
if (ret != PICOKEY_OK) {
|
||||||
CBOR_ERROR(ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
@@ -598,10 +534,10 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t pin_data[34];
|
uint8_t pin_data[35];
|
||||||
memcpy(pin_data, file_get_data(ef_pin), 34);
|
memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
|
||||||
pin_data[0] -= 1;
|
pin_data[0] -= 1;
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
uint8_t retries = pin_data[0];
|
uint8_t retries = pin_data[0];
|
||||||
uint8_t paddedNewPin[64];
|
uint8_t paddedNewPin[64];
|
||||||
@@ -610,9 +546,15 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t dhash[32];
|
uint8_t dhash[32], off = 3;
|
||||||
double_hash_pin(paddedNewPin, 16, dhash);
|
if (file_get_size(ef_pin) == 34) {
|
||||||
if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
|
off = 2;
|
||||||
|
double_hash_pin(paddedNewPin, 16, dhash);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
pin_derive_verifier(paddedNewPin, 16, dhash);
|
||||||
|
}
|
||||||
|
if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
|
||||||
regenerate();
|
regenerate();
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
if (retries == 0) {
|
if (retries == 0) {
|
||||||
@@ -626,10 +568,24 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
hash_multi(paddedNewPin, 16, session_pin);
|
if (off == 2) {
|
||||||
|
pin_data[2] = 1;
|
||||||
|
pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
|
||||||
|
hash_multi(paddedNewPin, 16, session_pin);
|
||||||
|
ret = load_keydev(keydev);
|
||||||
|
if (ret != PICOKEY_OK) {
|
||||||
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
|
}
|
||||||
|
encrypt_keydev_f1(keydev);
|
||||||
|
}
|
||||||
|
pin_derive_session(paddedNewPin, 16, session_pin);
|
||||||
pin_data[0] = MAX_PIN_RETRIES;
|
pin_data[0] = MAX_PIN_RETRIES;
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
|
ret = check_keydev_encrypted(session_pin);
|
||||||
|
if (ret != PICOKEY_OK) {
|
||||||
|
CBOR_ERROR(ret);
|
||||||
|
}
|
||||||
new_pin_mismatches = 0;
|
new_pin_mismatches = 0;
|
||||||
ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin);
|
ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin);
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
@@ -640,14 +596,14 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
uint8_t pin_len = 0;
|
uint8_t pin_len = 0;
|
||||||
int complexity_ret = check_pin_complexity(paddedNewPin, pin_len);
|
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
||||||
if (complexity_ret != 0) {
|
|
||||||
CBOR_ERROR(complexity_ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) {
|
|
||||||
pin_len++;
|
pin_len++;
|
||||||
}
|
}
|
||||||
|
// --- Check PIN Complexity ---
|
||||||
|
ret = check_pin_complexity(paddedNewPin, pin_len);
|
||||||
|
if (ret != 0) {
|
||||||
|
CBOR_ERROR(ret);
|
||||||
|
}
|
||||||
uint8_t minPin = 4;
|
uint8_t minPin = 4;
|
||||||
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
||||||
if (file_has_data(ef_minpin)) {
|
if (file_has_data(ef_minpin)) {
|
||||||
@@ -656,35 +612,27 @@ if (complexity_ret != 0) {
|
|||||||
if (pin_len < minPin) {
|
if (pin_len < minPin) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
}
|
}
|
||||||
uint8_t hsh[34];
|
ret = load_keydev(keydev);
|
||||||
hsh[0] = MAX_PIN_RETRIES;
|
if (ret != PICOKEY_OK) {
|
||||||
hsh[1] = pin_len;
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
|
}
|
||||||
|
encrypt_keydev_f1(keydev);
|
||||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, dhash);
|
||||||
double_hash_pin(dhash, 16, hsh + 2);
|
pin_derive_session(dhash, 16, session_pin);
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 &&
|
ret = check_keydev_encrypted(session_pin);
|
||||||
memcmp(hsh + 2, file_get_data(ef_pin) + 2, 32) == 0) {
|
if (ret != PICOKEY_OK) {
|
||||||
|
CBOR_ERROR(ret);
|
||||||
|
}
|
||||||
|
low_flash_available();
|
||||||
|
pin_data[0] = MAX_PIN_RETRIES;
|
||||||
|
pin_data[1] = pin_len;
|
||||||
|
pin_data[2] = 1;
|
||||||
|
pin_derive_verifier(dhash, 16, pin_data + 3);
|
||||||
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1 && ct_memcmp(pin_data + 3, file_get_data(ef_pin) + 3, 32) == 0) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
}
|
}
|
||||||
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
uint8_t mkek[MKEK_SIZE] = {0};
|
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
||||||
ret = load_mkek(mkek);
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(ret);
|
|
||||||
}
|
|
||||||
file_put_data(ef_pin, hsh, 2 + 32);
|
|
||||||
|
|
||||||
ret = check_mkek_encrypted(dhash);
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
hash_multi(dhash, 16, session_pin);
|
|
||||||
ret = store_mkek(mkek);
|
|
||||||
mbedtls_platform_zeroize(mkek, sizeof(mkek));
|
|
||||||
if (ret != PICOKEY_OK) {
|
|
||||||
CBOR_ERROR(ret);
|
|
||||||
}
|
|
||||||
mbedtls_platform_zeroize(hsh, sizeof(hsh));
|
|
||||||
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
||||||
uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin));
|
uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin));
|
||||||
@@ -695,6 +643,7 @@ if (complexity_ret != 0) {
|
|||||||
}
|
}
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
resetPinUvAuthToken();
|
resetPinUvAuthToken();
|
||||||
|
resetPersistentPinUvAuthToken();
|
||||||
goto err; // No return
|
goto err; // No return
|
||||||
}
|
}
|
||||||
else if (subcommand == 0x9 || subcommand == 0x5) { //getPinUvAuthTokenUsingPinWithPermissions
|
else if (subcommand == 0x9 || subcommand == 0x5) { //getPinUvAuthTokenUsingPinWithPermissions
|
||||||
@@ -712,10 +661,12 @@ if (complexity_ret != 0) {
|
|||||||
if (permissions == 0) {
|
if (permissions == 0) {
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
if ((permissions & CTAP_PERMISSION_BE)) { // Not supported yet
|
if ((permissions & CTAP_PERMISSION_BE)) {
|
||||||
|
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
||||||
|
}
|
||||||
|
if ((permissions & CTAP_PERMISSION_PCMR) && permissions != CTAP_PERMISSION_PCMR) {
|
||||||
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
if (!file_has_data(ef_pin)) {
|
if (!file_has_data(ef_pin)) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
||||||
@@ -735,10 +686,10 @@ if (complexity_ret != 0) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
uint8_t pin_data[34];
|
uint8_t pin_data[35];
|
||||||
memcpy(pin_data, file_get_data(ef_pin), 34);
|
memcpy(pin_data, file_get_data(ef_pin), file_get_size(ef_pin));
|
||||||
pin_data[0] -= 1;
|
pin_data[0] -= 1;
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, file_get_size(ef_pin));
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
uint8_t retries = pin_data[0];
|
uint8_t retries = pin_data[0];
|
||||||
uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE;
|
uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE;
|
||||||
@@ -747,11 +698,18 @@ if (complexity_ret != 0) {
|
|||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
}
|
}
|
||||||
uint8_t dhash[32];
|
uint8_t dhash[32], off = 3;
|
||||||
double_hash_pin(paddedNewPin, 16, dhash);
|
if (file_get_size(ef_pin) == 34) {
|
||||||
if (memcmp(dhash, file_get_data(ef_pin) + 2, 32) != 0) {
|
off = 2;
|
||||||
|
double_hash_pin(paddedNewPin, 16, dhash);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
pin_derive_verifier(paddedNewPin, 16, dhash);
|
||||||
|
}
|
||||||
|
if (ct_memcmp(dhash, file_get_data(ef_pin) + off, 32) != 0) {
|
||||||
regenerate();
|
regenerate();
|
||||||
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
|
||||||
|
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
||||||
if (retries == 0) {
|
if (retries == 0) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
|
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
|
||||||
}
|
}
|
||||||
@@ -763,39 +721,53 @@ if (complexity_ret != 0) {
|
|||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
||||||
ret = check_mkek_encrypted(paddedNewPin);
|
if (off == 2) {
|
||||||
|
pin_data[2] = 1;
|
||||||
|
pin_derive_verifier(paddedNewPin, 16, pin_data + 3);
|
||||||
|
hash_multi(paddedNewPin, 16, session_pin);
|
||||||
|
ret = load_keydev(keydev);
|
||||||
|
if (ret != PICOKEY_OK) {
|
||||||
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
|
}
|
||||||
|
encrypt_keydev_f1(keydev);
|
||||||
|
}
|
||||||
|
pin_derive_session(paddedNewPin, 16, session_pin);
|
||||||
|
ret = check_keydev_encrypted(session_pin);
|
||||||
if (ret != PICOKEY_OK) {
|
if (ret != PICOKEY_OK) {
|
||||||
CBOR_ERROR(ret);
|
CBOR_ERROR(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
hash_multi(paddedNewPin, 16, session_pin);
|
|
||||||
pin_data[0] = MAX_PIN_RETRIES;
|
pin_data[0] = MAX_PIN_RETRIES;
|
||||||
new_pin_mismatches = 0;
|
new_pin_mismatches = 0;
|
||||||
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
file_put_data(ef_pin, pin_data, sizeof(pin_data));
|
||||||
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
mbedtls_platform_zeroize(pin_data, sizeof(pin_data));
|
||||||
mbedtls_platform_zeroize(dhash, sizeof(dhash));
|
|
||||||
|
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
|
||||||
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
|
||||||
}
|
}
|
||||||
resetPinUvAuthToken();
|
uint8_t pinUvAuthToken_enc[32 + IV_SIZE], *pdata = NULL;
|
||||||
beginUsingPinUvAuthToken(false);
|
if (permissions & CTAP_PERMISSION_PCMR) {
|
||||||
if (subcommand == 0x05) {
|
ppaut.permissions = CTAP_PERMISSION_PCMR;
|
||||||
permissions = CTAP_PERMISSION_MC | CTAP_PERMISSION_GA;
|
pdata = ppaut.data;
|
||||||
}
|
|
||||||
paut.permissions = (uint8_t)permissions;
|
|
||||||
if (rpId.present == true) {
|
|
||||||
mbedtls_sha256((uint8_t *) rpId.data, rpId.len, paut.rp_id_hash, 0);
|
|
||||||
paut.has_rp_id = true;
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
paut.has_rp_id = false;
|
resetPinUvAuthToken();
|
||||||
|
beginUsingPinUvAuthToken(false);
|
||||||
|
if (subcommand == 0x05) {
|
||||||
|
permissions = CTAP_PERMISSION_MC | CTAP_PERMISSION_GA;
|
||||||
|
}
|
||||||
|
paut.permissions = (uint8_t)permissions;
|
||||||
|
if (rpId.present == true) {
|
||||||
|
mbedtls_sha256((uint8_t *) rpId.data, rpId.len, paut.rp_id_hash, 0);
|
||||||
|
paut.has_rp_id = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
paut.has_rp_id = false;
|
||||||
|
}
|
||||||
|
pdata = paut.data;
|
||||||
}
|
}
|
||||||
uint8_t pinUvAuthToken_enc[32 + IV_SIZE];
|
encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, pdata, 32, pinUvAuthToken_enc);
|
||||||
encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc);
|
|
||||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
|
||||||
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff));
|
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff));
|
||||||
@@ -812,6 +784,7 @@ err:
|
|||||||
CBOR_FREE_BYTE_STRING(kax);
|
CBOR_FREE_BYTE_STRING(kax);
|
||||||
CBOR_FREE_BYTE_STRING(kay);
|
CBOR_FREE_BYTE_STRING(kay);
|
||||||
CBOR_FREE_BYTE_STRING(rpId);
|
CBOR_FREE_BYTE_STRING(rpId);
|
||||||
|
mbedtls_platform_zeroize(keydev, sizeof(keydev));
|
||||||
if (error != CborNoError) {
|
if (error != CborNoError) {
|
||||||
if (error == CborErrorImproperValue) {
|
if (error == CborErrorImproperValue) {
|
||||||
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
||||||
|
|||||||
Reference in New Issue
Block a user