Skip to content
Permalink
Browse files

change u2f to return early if button not immediately pressed

  • Loading branch information...
conorpp committed May 10, 2019
1 parent 4854192 commit 0f50ae7d63209b4dec0c7bd6ff9c4ca0efc01982
Showing with 30 additions and 27 deletions.
  1. +4 −4 fido2/ctap.c
  2. +2 −0 fido2/ctap.h
  3. +4 −4 fido2/device.h
  4. +4 −4 fido2/extensions/wallet.c
  5. +3 −6 fido2/u2f.c
  6. +13 −9 targets/stm32l432/src/device.c
@@ -458,7 +458,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au

int but;

but = ctap_user_presence_test();
but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);

if (!but)
{
@@ -696,7 +696,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
}
if (MC.pinAuthEmpty)
{
if (!ctap_user_presence_test())
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
@@ -1132,7 +1132,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

if (GA.pinAuthEmpty)
{
if (!ctap_user_presence_test())
if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
@@ -1641,7 +1641,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break;
case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n");
if (ctap_user_presence_test())
if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
{
ctap_reset();
}
@@ -131,6 +131,8 @@
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot

#define CTAP2_UP_DELAY_MS 5000

typedef struct
{
uint8_t id[USER_ID_MAX_SIZE];
@@ -53,23 +53,23 @@ int device_is_button_pressed();

// Test for user presence
// Return 1 for user is present, 0 user not present, -1 if cancel is requested.
extern int ctap_user_presence_test();
int ctap_user_presence_test(uint32_t delay);

// Generate @num bytes of random numbers to @dest
// return 1 if success, error otherwise
extern int ctap_generate_rng(uint8_t * dst, size_t num);
int ctap_generate_rng(uint8_t * dst, size_t num);

// Increment atomic counter and return it.
// Must support two counters, @sel selects counter0 or counter1.
uint32_t ctap_atomic_count(int sel);

// Verify the user
// return 1 if user is verified, 0 if not
extern int ctap_user_verification(uint8_t arg);
int ctap_user_verification(uint8_t arg);

// Must be implemented by application
// data is HID_MESSAGE_SIZE long in bytes
extern void ctaphid_write_block(uint8_t * data);
void ctaphid_write_block(uint8_t * data);


// Resident key
@@ -85,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED;
}

if (!ctap_user_presence_test())
if (!ctap_user_presence_test(5000))
{
return CTAP2_ERR_OPERATION_DENIED;
}
@@ -111,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED;
}

if (!ctap_user_presence_test())
if (!ctap_user_presence_test(5000))
{
return CTAP2_ERR_OPERATION_DENIED;
}
@@ -133,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED;
}

if (!ctap_user_presence_test())
if (!ctap_user_presence_test(5000))
{
return CTAP2_ERR_OPERATION_DENIED;
}
@@ -359,7 +359,7 @@ int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
}
}

if (ctap_user_presence_test())
if (ctap_user_presence_test(5000))
{
printf1(TAG_WALLET,"Reseting device!\n");
ctap_reset();
@@ -205,7 +205,6 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
}



static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
{

@@ -243,13 +242,12 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c

if(up)
{
device_set_status(CTAPHID_STATUS_UPNEEDED);
if (ctap_user_presence_test() == 0)
if (ctap_user_presence_test(750) == 0)
{
return U2F_SW_CONDITIONS_NOT_SATISFIED;
}
}

count = ctap_atomic_count(0);
hash[0] = (count >> 24) & 0xff;
hash[1] = (count >> 16) & 0xff;
@@ -290,8 +288,7 @@ static int16_t u2f_register(struct u2f_register_request * req)

const uint16_t attest_size = attestation_cert_der_size;

device_set_status(CTAPHID_STATUS_UPNEEDED);
if ( ! ctap_user_presence_test())
if ( ! ctap_user_presence_test(750))
{
return U2F_SW_CONDITIONS_NOT_SATISFIED;
}
@@ -63,7 +63,7 @@ void TIM6_DAC_IRQHandler()
// timer is only 16 bits, so roll it over here
TIM6->SR = 0;
__90_ms += 1;
if ((millis() - __last_update) > 8)
if ((millis() - __last_update) > 90)
{
if (__device_status != CTAPHID_STATUS_IDLE)
{
@@ -488,7 +488,7 @@ static int handle_packets()
return 0;
}

int ctap_user_presence_test()
int ctap_user_presence_test(uint32_t up_delay)
{
int ret;
if (device_is_nfc() == NFC_IS_ACTIVE)
@@ -513,22 +513,26 @@ int ctap_user_presence_test()
uint32_t t1 = millis();
led_rgb(0xff3520);

while (IS_BUTTON_PRESSED())
if (IS_BUTTON_PRESSED == is_touch_button_pressed)
{
if (t1 + 5000 < millis())
// Wait for user to release touch button if it's already pressed
while (IS_BUTTON_PRESSED())
{
printf1(TAG_GEN,"Button not pressed\n");
goto fail;
if (t1 + up_delay < millis())
{
printf1(TAG_GEN,"Button not pressed\n");
goto fail;
}
ret = handle_packets();
if (ret) return ret;
}
ret = handle_packets();
if (ret) return ret;
}

t1 = millis();

do
{
if (t1 + 5000 < millis())
if (t1 + up_delay < millis())
{
goto fail;
}

0 comments on commit 0f50ae7

Please sign in to comment.
You can’t perform that action at this time.