1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Commit Graph

17 Commits

Author SHA1 Message Date
Marian Buschsieweke
edc43201db
tree-wide: fix typos in doc and comments
This should not change any generated binary
2023-10-16 12:17:48 +02:00
Ollrogge
aa22771bd9 fido2/ctap: uncrustify files 2022-09-23 16:42:52 +02:00
Ollrogge
37c35112e2 fido2/ctap: simplify flash handling 2022-09-23 16:40:30 +02:00
Marian Buschsieweke
0f27ce4ad8
sys/fido2: fix insecure memory wiping 2022-09-20 17:44:24 +02:00
Ollrogge
deeea2b5f2 sys/fido2: documentation changes && code cleanup 2022-04-12 16:01:50 +02:00
Ollrogge
3306dffe23 sys/fido2: update flash handling && bug fixes 2022-04-11 13:03:41 +02:00
Francisco
a10b1572aa
Merge pull request #17627 from benpicco/mtd_flashpage_t
drivers/mtd_flashpage: add mtd_flashpage_t type
2022-03-25 16:24:04 +01:00
Leandro Lanzieri
9bb6449a1e
sys/fido2/ctap: fix parsing validation 2022-03-17 09:43:42 +01:00
Francisco Molina
8e3422781d sys/fido2: use ztimer instead of xtimer
- for ctap hid timeouts xtimer was used, use ztimer64_msec instead
  since the code is using absolute times, an already using ztimer_msec
- use event_timeout_ztimer instead of event_timeout to not pull in
  xtimer
2022-03-04 17:04:28 +01:00
Benjamin Valentin
574dc86716 sys/fido2: make use of mtd_flashpage_t 2022-02-08 17:14:34 +01:00
Leandro Lanzieri
1e300a4959
Merge pull request #17435 from Ollrogge/fido2_kconfig
sys/fido2: model Kconfig
2022-02-01 12:03:11 +01:00
Ollrogge
4b24012cbc sys/fido2: model Kconfig 2022-01-31 16:49:19 +01:00
benpicco
f33b3ad10d
Merge pull request #17242 from bergzand/pr/hid/add_descriptor_defines
usb/hid: Add HID report descriptor defines
2022-01-10 12:28:01 +01:00
a148f2d40d
sys/fido2: Adapt CTAP HID descriptors to use helper defines
Content of the HID report descriptor itself is unchanged
2022-01-10 11:35:58 +01:00
0e977b89ae
sys/crypto: remove deprecated CIPHER_AES_128 2022-01-07 11:14:10 +01:00
Marian Buschsieweke
8a178f49e7
sys/fido2: fix CBOR parsing
The TinyCBOR library takes a `size_t *` length argument in many
functions which at function call contains the length of a buffer, and
at exit the actual size of the data. The FIDO-2 code however uses
`uint8_t` fields in `struct`s to store the data. Previously, a pointer
to that `uint8_t` filed was just casted to `size_t *`, resulting in
three neighboring bytes also being interpreted as being part of the
buffer size - which could result in undetected buffer overflows.
Similar, upon exit of the function not only the `uint8_t` sized length
`struct` member but also three neighboring bytes were written to.

I didn't care to investigate, but this really looks like crafted CBOR
payloads send to the FIDO2 implementation could result in arbitrary
code execution on the device.
2021-11-13 20:32:02 +01:00
Ollrogge
e127a4d865 FIDO2 support in RIOT 2021-09-08 15:22:40 +02:00