dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Fix resetting pin mismatches.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-09-22 19:24:28 +02:00
parent f045ec8d03
commit 2d5fffedb9
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/fido/cbor_client_pin.c
View File

@@ -365,7 +365,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if (ret != 0) if (ret != 0)
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
if (paddedNewPin[63] != 0) if (paddedNewPin[63] != 0)
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
uint8_t pin_len = 0; uint8_t pin_len = 0;
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin)) while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin))
pin_len++; pin_len++;
@@ -384,7 +384,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2) if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2)
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
if (!file_has_data(ef_pin)) if (!file_has_data(ef_pin))
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
if (*file_get_data(ef_pin) == 0) if (*file_get_data(ef_pin) == 0)
CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED); CBOR_ERROR(CTAP2_ERR_PIN_BLOCKED);
if (newPinEnc.len != 64 || pinHashEnc.len != 16) if (newPinEnc.len != 64 || pinHashEnc.len != 16)
@@ -431,6 +431,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP2_ERR_PIN_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
} }
retries = MAX_PIN_RETRIES; retries = MAX_PIN_RETRIES;
new_pin_mismatches = 0;
flash_write_data_to_file(ef_pin, &retries, 1); flash_write_data_to_file(ef_pin, &retries, 1);
ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin); ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin);
mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret));
@@ -496,6 +497,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP2_ERR_PIN_INVALID); CBOR_ERROR(CTAP2_ERR_PIN_INVALID);
} }
retries = MAX_PIN_RETRIES; retries = MAX_PIN_RETRIES;
new_pin_mismatches = 0;
flash_write_data_to_file(ef_pin, &retries, 1); flash_write_data_to_file(ef_pin, &retries, 1);
low_flash_available(); low_flash_available();
beginUsingPinUvAuthToken(false); beginUsingPinUvAuthToken(false);