Moving up and uv flags to paut.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -34,13 +34,13 @@
|
|||||||
uint8_t permissions_rp_id = 0, permission_set = 0;
|
uint8_t permissions_rp_id = 0, permission_set = 0;
|
||||||
uint32_t usage_timer = 0, initial_usage_time_limit = 0;
|
uint32_t usage_timer = 0, initial_usage_time_limit = 0;
|
||||||
uint32_t max_usage_time_period = 600*1000;
|
uint32_t max_usage_time_period = 600*1000;
|
||||||
bool user_verified = false, user_present = false, needs_power_cycle = false;
|
bool needs_power_cycle = false;
|
||||||
mbedtls_ecdh_context hkey;
|
mbedtls_ecdh_context hkey;
|
||||||
bool hkey_init = false;
|
bool hkey_init = false;
|
||||||
|
|
||||||
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
int beginUsingPinUvAuthToken(bool userIsPresent) {
|
||||||
user_present = userIsPresent;
|
paut.user_present = userIsPresent;
|
||||||
user_verified = true;
|
paut.user_verified = true;
|
||||||
initial_usage_time_limit = board_millis();
|
initial_usage_time_limit = board_millis();
|
||||||
usage_timer = board_millis();
|
usage_timer = board_millis();
|
||||||
paut.in_use = true;
|
paut.in_use = true;
|
||||||
@@ -49,12 +49,12 @@ int beginUsingPinUvAuthToken(bool userIsPresent) {
|
|||||||
|
|
||||||
void clearUserPresentFlag() {
|
void clearUserPresentFlag() {
|
||||||
if (paut.in_use == true)
|
if (paut.in_use == true)
|
||||||
user_present = false;
|
paut.user_present = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
void clearUserVerifiedFlag() {
|
void clearUserVerifiedFlag() {
|
||||||
if (paut.in_use == true)
|
if (paut.in_use == true)
|
||||||
user_verified = false;
|
paut.user_verified = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
void clearPinUvAuthTokenPermissionsExceptLbw() {
|
void clearPinUvAuthTokenPermissionsExceptLbw() {
|
||||||
@@ -69,20 +69,20 @@ void stopUsingPinUvAuthToken() {
|
|||||||
paut.in_use = false;
|
paut.in_use = false;
|
||||||
memset(paut.rp_id_hash, 0, sizeof(paut.rp_id_hash));
|
memset(paut.rp_id_hash, 0, sizeof(paut.rp_id_hash));
|
||||||
initial_usage_time_limit = 0;
|
initial_usage_time_limit = 0;
|
||||||
user_present = user_verified = false;
|
paut.user_present = paut.user_verified = false;
|
||||||
user_present_time_limit = 0;
|
user_present_time_limit = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool getUserPresentFlagValue() {
|
bool getUserPresentFlagValue() {
|
||||||
if (paut.in_use != true)
|
if (paut.in_use != true)
|
||||||
user_present = false;
|
paut.user_present = false;
|
||||||
return user_present;
|
return paut.user_present;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool getUserVerifiedFlagValue() {
|
bool getUserVerifiedFlagValue() {
|
||||||
if (paut.in_use != true)
|
if (paut.in_use != true)
|
||||||
user_verified = false;
|
paut.user_verified = false;
|
||||||
return user_verified;
|
return paut.user_verified;
|
||||||
}
|
}
|
||||||
|
|
||||||
int regenerate() {
|
int regenerate() {
|
||||||
@@ -184,6 +184,8 @@ int authenticate(uint8_t protocol, const uint8_t *key, const uint8_t *data, size
|
|||||||
|
|
||||||
int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
|
int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
|
||||||
uint8_t hmac[32];
|
uint8_t hmac[32];
|
||||||
|
if (paut.in_use == false)
|
||||||
|
return -2;
|
||||||
int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@@ -64,8 +64,12 @@ extern void init_fido();
|
|||||||
#define FIDO2_PERMISSION_ACFG 0x20
|
#define FIDO2_PERMISSION_ACFG 0x20
|
||||||
|
|
||||||
#define MAX_PIN_RETRIES 8
|
#define MAX_PIN_RETRIES 8
|
||||||
|
extern bool getUserPresentFlagValue();
|
||||||
extern bool getUserVerifiedFlagValue();
|
extern bool getUserVerifiedFlagValue();
|
||||||
#define MAX_CREDENTIAL_COUNT_IN_LIST 16
|
extern void clearUserPresentFlag();
|
||||||
|
extern void clearUserVerifiedFlag();
|
||||||
|
extern void clearPinUvAuthTokenPermissionsExceptLbw();
|
||||||
|
#define MAX_CREDENTIAL_COUNT_IN_LIST 16
|
||||||
#define MAX_CRED_ID_LENGTH 1024
|
#define MAX_CRED_ID_LENGTH 1024
|
||||||
#define MAX_RESIDENT_CREDENTIALS 256
|
#define MAX_RESIDENT_CREDENTIALS 256
|
||||||
|
|
||||||
@@ -88,10 +92,13 @@ typedef struct pinUvAuthToken {
|
|||||||
bool in_use;
|
bool in_use;
|
||||||
uint8_t permissions;
|
uint8_t permissions;
|
||||||
uint8_t rp_id_hash[32];
|
uint8_t rp_id_hash[32];
|
||||||
|
bool user_present;
|
||||||
|
bool user_verified;
|
||||||
} pinUvAuthToken_t;
|
} pinUvAuthToken_t;
|
||||||
|
|
||||||
extern uint32_t user_present_time_limit;
|
extern uint32_t user_present_time_limit;
|
||||||
|
|
||||||
extern pinUvAuthToken_t paut;
|
extern pinUvAuthToken_t paut;
|
||||||
|
extern int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign);
|
||||||
|
|
||||||
#endif //_FIDO_H
|
#endif //_FIDO_H
|
||||||
|
|||||||
Reference in New Issue
Block a user