RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

sys/fido2: documentation changes && code cleanup

Browse Source
This commit is contained in:
Ollrogge 2022-04-12 16:01:50 +02:00
parent f4ba7a21b4
commit deeea2b5f2
6 changed files with 96 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
sys/fido2/ctap/ctap.c
View File

@ -277,7 +277,7 @@ int fido2_ctap_init(void)
* dedicated for storing CTAP data
*/
ret = fido2_ctap_mem_read(&_state, fido2_ctap_mem_flash_page(), 0,
sizeof(_state));
sizeof(_state));
if (ret != CTAP2_OK) {
return -EPROTO;
@ -291,17 +291,13 @@ int fido2_ctap_init(void)
}
}
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
#ifdef CTAP_UP_BUTTON
ret = fido2_ctap_utils_init_gpio_pin(CTAP_UP_BUTTON, CTAP_UP_BUTTON_MODE, CTAP_UP_BUTTON_FLANK);
if (ret != CTAP2_OK) {
return -EPROTO;
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
ret = fido2_ctap_utils_init_gpio_pin(CTAP_UP_BUTTON, CTAP_UP_BUTTON_MODE,
CTAP_UP_BUTTON_FLANK);
if (ret != CTAP2_OK) {
return -EPROTO;
}
}
#else
DEBUG("fido2_ctap: error - No button configured even though user presence is enabled \n");
return -EIO;
#endif /* CTAP_UP_BUTTON */
#endif /* !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP) */
ret = fido2_ctap_crypto_init();
@ -491,9 +487,10 @@ static int _make_credential(ctap_req_t *req_raw)
if (req.exclude_list_len > 0) {
if (_rks_exist(req.exclude_list, req.exclude_list_len, req.rp.id,
req.rp.id_len)) {
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
fido2_ctap_utils_user_presence_test();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
fido2_ctap_utils_user_presence_test();
}
ret = CTAP2_ERR_CREDENTIAL_EXCLUDED;
goto done;
}
@ -513,9 +510,10 @@ static int _make_credential(ctap_req_t *req_raw)
if (fido2_ctap_pin_is_set() && req.pin_auth_present) {
/* CTAP specification (version 20190130) section 5.5.8.1 */
if (req.pin_auth_len == 0) {
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
fido2_ctap_utils_user_presence_test();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
fido2_ctap_utils_user_presence_test();
}
ret = CTAP2_ERR_PIN_INVALID;
goto done;
}
@ -532,9 +530,10 @@ static int _make_credential(ctap_req_t *req_raw)
/* CTAP specification (version 20190130) section 5.5.8.1 */
else if (!fido2_ctap_pin_is_set() && req.pin_auth_present
&& req.pin_auth_len == 0) {
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
fido2_ctap_utils_user_presence_test();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
fido2_ctap_utils_user_presence_test();
}
ret = CTAP2_ERR_PIN_NOT_SET;
goto done;
}
@ -549,21 +548,22 @@ static int _make_credential(ctap_req_t *req_raw)
}
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
}
#endif
/* user presence test to create a new credential */
#if IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
up = true;
#else
if (fido2_ctap_utils_user_presence_test() == CTAP2_OK) {
if (IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
up = true;
}
#endif
else {
if (fido2_ctap_utils_user_presence_test() == CTAP2_OK) {
up = true;
}
}
ret = _make_auth_data_attest(&req, &auth_data, &k, uv, up, rk);
@ -634,9 +634,10 @@ static int _get_assertion(ctap_req_t *req_raw)
if (fido2_ctap_pin_is_set() && req.pin_auth_present) {
/* CTAP specification (version 20190130) section 5.5.8.2 */
if (req.pin_auth_len == 0) {
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
fido2_ctap_utils_user_presence_test();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
fido2_ctap_utils_user_presence_test();
}
ret = CTAP2_ERR_PIN_INVALID;
goto done;
}
@ -653,9 +654,10 @@ static int _get_assertion(ctap_req_t *req_raw)
/* CTAP specification (version 20190130) section 5.5.8.2 */
else if (!fido2_ctap_pin_is_set() && req.pin_auth_present
&& req.pin_auth_len == 0) {
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
fido2_ctap_utils_user_presence_test();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
fido2_ctap_utils_user_presence_test();
}
ret = CTAP2_ERR_PIN_NOT_SET;
goto done;
}
@ -670,19 +672,20 @@ static int _get_assertion(ctap_req_t *req_raw)
}
if (req.options.up) {
#if IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
up = true;
_assert_state.up = true;
#else
if (fido2_ctap_utils_user_presence_test() == CTAP2_OK) {
if (IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
up = true;
_assert_state.up = true;
}
else {
ret = CTAP2_ERR_OPERATION_DENIED;
goto done;
if (fido2_ctap_utils_user_presence_test() == CTAP2_OK) {
up = true;
_assert_state.up = true;
}
else {
ret = CTAP2_ERR_OPERATION_DENIED;
goto done;
}
}
#endif
}
if (req.options.uv) {
@ -702,12 +705,10 @@ static int _get_assertion(ctap_req_t *req_raw)
rk = &_assert_state.rks[_assert_state.cred_counter++];
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
ret = _make_auth_data_assert(req.rp_id, req.rp_id_len, &auth_data, uv,
up,
@ -996,12 +997,12 @@ static int _set_pin(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
}
#endif
sz = fmt_strnlen((char *)new_pin_dec, CTAP_PIN_MAX_SIZE + 1);
if (sz < CTAP_PIN_MIN_SIZE || sz > CTAP_PIN_MAX_SIZE) {
@ -1101,12 +1102,12 @@ static int _change_pin(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
}
#endif
/* verify decrypted pinHash against LEFT(SHA-256(curPin), 16) */
if (memcmp(pin_hash_dec, _state.pin_hash, CTAP_PIN_TOKEN_SZ) != 0) {
@ -1190,12 +1191,12 @@ static int _get_pin_token(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
}
#endif
/* sha256 of shared secret ((abG).x) to obtain shared key */
ret = fido2_ctap_crypto_sha256(shared_secret, sizeof(shared_secret), shared_key);

3
sys/fido2/ctap/ctap_cbor.c
View File

@ -1574,6 +1574,7 @@ static int _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
{
size_t len2 = *allow_list_len;
int retval = _parse_exclude_list(it, allow_list, &len2);
*allow_list_len = (uint8_t)len2;
return retval;
}
@ -1729,6 +1730,7 @@ static int _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len)
{
size_t len2 = *len;
int retval = _parse_byte_array(it, dst, &len2);
*len = (uint8_t)len2;
return retval;
}
@ -1757,6 +1759,7 @@ static int _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len)
{
size_t len2 = *len;
int retval = _parse_text_string(it, dst, &len2);
*len = (uint8_t)len2;
return retval;
}

11
sys/fido2/ctap/ctap_utils.c
View File

@ -29,8 +29,6 @@
#define ENABLE_DEBUG (0)
#include "debug.h"
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
/**
* @brief Flag holding information if user is present or not
*/
@ -63,9 +61,9 @@ int fido2_ctap_utils_user_presence_test(void)
gpio_irq_enable(_pin);
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)
fido2_ctap_utils_led_animation();
#endif
if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)) {
fido2_ctap_utils_led_animation();
}
ret = _user_present ? CTAP2_OK : CTAP2_ERR_ACTION_TIMEOUT;
@ -81,7 +79,6 @@ static void _gpio_cb(void *arg)
_user_present = true;
}
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)
void fido2_ctap_utils_led_animation(void)
{
uint32_t start = ztimer_now(ZTIMER_MSEC);
@ -118,5 +115,3 @@ void fido2_ctap_utils_led_animation(void)
LED2_OFF;
#endif
}
#endif /* !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED) */
#endif /* CONFIG_FIDO2_CTAP_DISABLE_UP */

8
sys/fido2/doc.txt
View File

@ -17,6 +17,10 @@
*
* @warning The FIDO2 implementation currently stores private keys in plain text inside flash memory.
*
* @warning This implementation persists FIDO CTAP data across reboots and when unpowered;
* any firmware update loses the data because it will be overwritten. This applies both to firmware updates through
* bootloaders and to firmware updates through external programmers.
*
* FIDO2 is an authentication standard that seeks to solve the password problem
* by enabling passwordless authentication. Instead of using passwords to
* authenticate to web services, FIDO2 enables users to use common devices
@ -102,6 +106,8 @@
*
* Abstraction for flash operations. Uses the RIOT [Flashpage MTD driver](http://api.riot-os.org/group__drivers__mtd__flashpage.html).
*
* Flash memory is reserved at build time using the `FLASH_WRITABLE_INIT` macro. The amount of flashpages reserved can be configured as `FIDO2_CTAP_NUM_FLASHPAGES` in KConfig. The implementation needs at least 1 flashpage to store state information and 1 flashpage to store credentials also called resident keys (rks). Therefore, the minimum amount of flashpages needed is 2. State information is stored on the first flashpage, credentials (rks) on the following flashpages.
*
* Adds additional functionality to speedup flash accesses (e.g. by checking if a flash page is erased to avoid unnecessary erasures of flash pages).
*
* **ctap_utils**
@ -134,6 +140,8 @@
*
* * Resident Credentials
* * Resident credentials are credentials stored on the authenticator.
* * They are also called resident key (rk) credentials due to the key material
* being stored on the device.
* * This implementation stores resident keys in flash memory.
* @warning As of now the credentials (containing a private key) are stored
* in plain text inside flash memory

22
sys/include/fido2/ctap/ctap.h
View File

@ -131,7 +131,6 @@ extern "C" {
#define CTAP_STACKSIZE 15000
#endif
#if !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)
/**
* @brief CTAP user presence button
*/
@ -142,10 +141,13 @@ extern "C" {
/* set default button if no button is configured */
#ifdef BTN0_PIN
#define CTAP_UP_BUTTON BTN0_PIN
/* if no button available disable UP test */
#else
#define CTAP_UP_BUTTON 0
/**
* @brief Disable user presence test configuration
*/
#define CONFIG_FIDO2_CTAP_DISABLE_UP 1
#endif
#endif /* BTN0_PIN */
#endif
/**
@ -174,7 +176,19 @@ extern "C" {
#define CTAP_UP_BUTTON_FLANK GPIO_FALLING
#endif
#endif /* !IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP) */
/**
* @brief Disable user presence test configuration
*/
#ifndef CONFIG_FIDO2_CTAP_DISABLE_UP
#define CONFIG_FIDO2_CTAP_DISABLE_UP 0
#endif
/**
* @brief Disable user LED animation configuration
*/
#ifndef CONFIG_FIDO2_CTAP_DISABLE_LED
#define CONFIG_FIDO2_CTAP_DISABLE_LED 0
#endif
/**
* @brief Max size of relying party name

4
sys/include/fido2/ctap/ctap_crypto.h
View File

@ -227,7 +227,7 @@ int fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
*
* @return @ref ctap_status_codes_t
*/
int fido2_ctap_crypto_aes_enc(uint8_t *out, size_t *out_len, uint8_t * in,
int fido2_ctap_crypto_aes_enc(uint8_t * out, size_t *out_len, uint8_t * in,
size_t in_len, const uint8_t * key, size_t key_len);
/**
@ -242,7 +242,7 @@ int fido2_ctap_crypto_aes_enc(uint8_t *out, size_t *out_len, uint8_t * in,
*
* @return @ref ctap_status_codes_t
*/
int fido2_ctap_crypto_aes_dec(uint8_t *out, size_t *out_len, uint8_t * in,
int fido2_ctap_crypto_aes_dec(uint8_t * out, size_t *out_len, uint8_t * in,
size_t in_len, const uint8_t * key, size_t key_len);
/**