dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Adding support for disabling secure aut.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-10-24 00:04:55 +02:00
parent 8c21a2bbcd
commit 71ecb23af6
2 changed files with 93 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/fido/cbor_config.c
View File

@@ -142,6 +142,17 @@ int cbor_config(const uint8_t *data, size_t len) {
CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
} }
else if (vendorCommandId == CTAP_CONFIG_AUT || vendorCommandId == CTAP_CONFIG_UNLOCK) { else if (vendorCommandId == CTAP_CONFIG_AUT || vendorCommandId == CTAP_CONFIG_UNLOCK) {
if (vendorCommandId == CTAP_CONFIG_AUT && (kax.present == false || kay.present == false || vendorAutCt.present == false || alg == 0)) { // Disable
if (!file_has_data(ef_keydev_enc))
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
if (has_keydev_dec == false)
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec));
mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec));
flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
low_flash_available();
}
else { // Enable
if (vendorCommandId == CTAP_CONFIG_AUT && !file_has_data(ef_keydev)) if (vendorCommandId == CTAP_CONFIG_AUT && !file_has_data(ef_keydev))
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
if (kax.present == false || kay.present == false || alg == 0) if (kax.present == false || kay.present == false || alg == 0)
@@ -186,7 +197,7 @@ int cbor_config(const uint8_t *data, size_t len) {
mbedtls_chachapoly_free(&chatx); mbedtls_chachapoly_free(&chatx);
mbedtls_ecdh_free(&hkey); mbedtls_ecdh_free(&hkey);
hkey_init = false; hkey_init = false;
if (ret != 0){ if (ret != 0) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
} }
@@ -224,6 +235,7 @@ int cbor_config(const uint8_t *data, size_t len) {
} }
goto err; //No return goto err; //No return
} }
}
else { else {
CBOR_ERROR(CTAP2_ERR_INVALID_SUBCOMMAND); CBOR_ERROR(CTAP2_ERR_INVALID_SUBCOMMAND);
} }

8
tools/pico-fido-tool.py
View File

@@ -121,9 +121,15 @@ class VendorConfig(Config):
def unlock_device(self): def unlock_device(self):
self._send_command_key(VendorConfig.CMD.CONFIG_UNLOCK) self._send_command_key(VendorConfig.CMD.CONFIG_UNLOCK)
def disable_device_aut(self):
self._call(
Config.CMD.VENDOR_PROTOTYPE,
{
VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT,
},
)
#vcfg.enable_disable_device_aut(True)
def parse_args(): def parse_args():
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()