kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Inline Helper

Browse Source
This commit is contained in:
Julien Cretin
2022-07-14 12:46:01 +02:00
parent b28f8f6d33
commit 07a28fe611
6 changed files with 53 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/api/attestation_store.rs
View File

@@ -43,30 +43,6 @@ pub enum Error {
/// Keys of the environment store reserved for the attestation store. /// Keys of the environment store reserved for the attestation store.
pub const STORAGE_KEYS: &[usize] = &[1, 2]; pub const STORAGE_KEYS: &[usize] = &[1, 2];
/// Implements a default attestation store using the environment store.
///
/// Supports only one attestation at a time.
pub trait Helper: Env {
/// Returns the current attestation id.
fn attestation_id(&self) -> Id;
}
impl<T: Helper> AttestationStore for T {
fn get(&mut self, id: &Id) -> Result<Option<Attestation>, Error> {
if id != &self.attestation_id() {
return Err(Error::NoSupport);
}
helper_get(self)
}
fn set(&mut self, id: &Id, attestation: Option<&Attestation>) -> Result<(), Error> {
if id != &self.attestation_id() {
return Err(Error::NoSupport);
}
helper_set(self, attestation)
}
}
pub fn helper_get(env: &mut impl Env) -> Result<Option<Attestation>, Error> { pub fn helper_get(env: &mut impl Env) -> Result<Option<Attestation>, Error> {
let private_key = env.store().find(PRIVATE_KEY_STORAGE_KEY)?; let private_key = env.store().find(PRIVATE_KEY_STORAGE_KEY)?;
let certificate = env.store().find(CERTIFICATE_STORAGE_KEY)?; let certificate = env.store().find(CERTIFICATE_STORAGE_KEY)?;

3
src/ctap/mod.rs
View File

@@ -2126,7 +2126,6 @@ mod test {
#[test] #[test]
fn test_process_make_credential_with_enterprise_attestation_vendor_facilitated() { fn test_process_make_credential_with_enterprise_attestation_vendor_facilitated() {
let mut env = TestEnv::new(); let mut env = TestEnv::new();
env.set_attestation_id(attestation_store::Id::Enterprise);
env.customization_mut().setup_enterprise_attestation( env.customization_mut().setup_enterprise_attestation(
Some(EnterpriseAttestationMode::VendorFacilitated), Some(EnterpriseAttestationMode::VendorFacilitated),
Some(vec!["example.com".to_string()]), Some(vec!["example.com".to_string()]),
@@ -2173,7 +2172,6 @@ mod test {
#[test] #[test]
fn test_process_make_credential_with_enterprise_attestation_platform_managed() { fn test_process_make_credential_with_enterprise_attestation_platform_managed() {
let mut env = TestEnv::new(); let mut env = TestEnv::new();
env.set_attestation_id(attestation_store::Id::Enterprise);
env.customization_mut().setup_enterprise_attestation( env.customization_mut().setup_enterprise_attestation(
Some(EnterpriseAttestationMode::PlatformManaged), Some(EnterpriseAttestationMode::PlatformManaged),
Some(vec!["example.com".to_string()]), Some(vec!["example.com".to_string()]),
@@ -2210,7 +2208,6 @@ mod test {
#[test] #[test]
fn test_process_make_credential_with_enterprise_attestation_invalid() { fn test_process_make_credential_with_enterprise_attestation_invalid() {
let mut env = TestEnv::new(); let mut env = TestEnv::new();
env.set_attestation_id(attestation_store::Id::Enterprise);
env.customization_mut() env.customization_mut()
.setup_enterprise_attestation(Some(EnterpriseAttestationMode::PlatformManaged), None); .setup_enterprise_attestation(Some(EnterpriseAttestationMode::PlatformManaged), None);

1
src/ctap/storage.rs
View File

@@ -1141,7 +1141,6 @@ mod test {
#[test] #[test]
fn test_enterprise_attestation() { fn test_enterprise_attestation() {
let mut env = TestEnv::new(); let mut env = TestEnv::new();
env.set_attestation_id(attestation_store::Id::Enterprise);
let dummy_attestation = Attestation { let dummy_attestation = Attestation {
private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH], private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],

25
src/env/test/mod.rs vendored
View File

@@ -13,6 +13,7 @@
// limitations under the License. // limitations under the License.
use self::upgrade_storage::BufferUpgradeStorage; use self::upgrade_storage::BufferUpgradeStorage;
use crate::api::attestation_store::AttestationStore;
use crate::api::connection::{HidConnection, SendOrRecvResult, SendOrRecvStatus}; use crate::api::connection::{HidConnection, SendOrRecvResult, SendOrRecvStatus};
use crate::api::customization::DEFAULT_CUSTOMIZATION; use crate::api::customization::DEFAULT_CUSTOMIZATION;
use crate::api::firmware_protection::FirmwareProtection; use crate::api::firmware_protection::FirmwareProtection;
@@ -36,7 +37,6 @@ pub struct TestEnv {
store: Store<BufferStorage>, store: Store<BufferStorage>,
upgrade_storage: Option<BufferUpgradeStorage>, upgrade_storage: Option<BufferUpgradeStorage>,
customization: TestCustomization, customization: TestCustomization,
attestation_id: attestation_store::Id,
} }
pub struct TestRng256 { pub struct TestRng256 {
@@ -107,14 +107,12 @@ impl TestEnv {
let store = Store::new(storage).ok().unwrap(); let store = Store::new(storage).ok().unwrap();
let upgrade_storage = Some(BufferUpgradeStorage::new().unwrap()); let upgrade_storage = Some(BufferUpgradeStorage::new().unwrap());
let customization = DEFAULT_CUSTOMIZATION.into(); let customization = DEFAULT_CUSTOMIZATION.into();
let attestation_id = attestation_store::Id::Batch;
TestEnv { TestEnv {
rng, rng,
user_presence, user_presence,
store, store,
upgrade_storage, upgrade_storage,
customization, customization,
attestation_id,
} }
} }
@@ -129,10 +127,6 @@ impl TestEnv {
pub fn rng(&mut self) -> &mut TestRng256 { pub fn rng(&mut self) -> &mut TestRng256 {
&mut self.rng &mut self.rng
} }
pub fn set_attestation_id(&mut self, id: attestation_store::Id) {
self.attestation_id = id;
}
} }
impl TestUserPresence { impl TestUserPresence {
@@ -157,9 +151,20 @@ impl FirmwareProtection for TestEnv {
impl key_store::Helper for TestEnv {} impl key_store::Helper for TestEnv {}
impl attestation_store::Helper for TestEnv { impl AttestationStore for TestEnv {
fn attestation_id(&self) -> attestation_store::Id { fn get(
self.attestation_id.clone() &mut self,
_id: &attestation_store::Id,
) -> Result<Option<attestation_store::Attestation>, attestation_store::Error> {
attestation_store::helper_get(self)
}
fn set(
&mut self,
_id: &attestation_store::Id,
attestation: Option<&attestation_store::Attestation>,
) -> Result<(), attestation_store::Error> {
attestation_store::helper_set(self, attestation)
} }
} }

24
src/env/tock/mod.rs vendored
View File

@@ -13,6 +13,7 @@
// limitations under the License. // limitations under the License.
pub use self::storage::{TockStorage, TockUpgradeStorage}; pub use self::storage::{TockStorage, TockUpgradeStorage};
use crate::api::attestation_store::AttestationStore;
use crate::api::connection::{HidConnection, SendOrRecvError, SendOrRecvResult, SendOrRecvStatus}; use crate::api::connection::{HidConnection, SendOrRecvError, SendOrRecvResult, SendOrRecvStatus};
use crate::api::customization::{CustomizationImpl, DEFAULT_CUSTOMIZATION}; use crate::api::customization::{CustomizationImpl, DEFAULT_CUSTOMIZATION};
use crate::api::firmware_protection::FirmwareProtection; use crate::api::firmware_protection::FirmwareProtection;
@@ -196,9 +197,26 @@ impl FirmwareProtection for TockEnv {
impl key_store::Helper for TockEnv {} impl key_store::Helper for TockEnv {}
impl attestation_store::Helper for TockEnv { impl AttestationStore for TockEnv {
fn attestation_id(&self) -> attestation_store::Id { fn get(
attestation_store::Id::Batch &mut self,
id: &attestation_store::Id,
) -> Result<Option<attestation_store::Attestation>, attestation_store::Error> {
if !matches!(id, attestation_store::Id::Batch) {
return Err(attestation_store::Error::NoSupport);
}
attestation_store::helper_get(self)
}
fn set(
&mut self,
id: &attestation_store::Id,
attestation: Option<&attestation_store::Attestation>,
) -> Result<(), attestation_store::Error> {
if !matches!(id, attestation_store::Id::Batch) {
return Err(attestation_store::Error::NoSupport);
}
attestation_store::helper_set(self, attestation)
} }
} }

27
src/test_helpers/mod.rs
View File

@@ -12,10 +12,10 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
use crate::api::attestation_store::{self, Attestation, AttestationStore};
use crate::clock::CtapInstant; use crate::clock::CtapInstant;
use crate::ctap::command::{ use crate::ctap::command::{
AuthenticatorAttestationMaterial, AuthenticatorConfigParameters, Command, AuthenticatorAttestationMaterial, AuthenticatorConfigParameters,
AuthenticatorVendorConfigureParameters, Command,
}; };
use crate::ctap::data_formats::ConfigSubCommand; use crate::ctap::data_formats::ConfigSubCommand;
use crate::ctap::status_code::Ctap2StatusCode; use crate::ctap::status_code::Ctap2StatusCode;
@@ -25,22 +25,29 @@ use crate::env::Env;
// In tests where we define a dummy user-presence check that immediately returns, the channel // In tests where we define a dummy user-presence check that immediately returns, the channel
// ID is irrelevant, so we pass this (dummy but valid) value. // ID is irrelevant, so we pass this (dummy but valid) value.
const DUMMY_CHANNEL: Channel = Channel::MainHid([0x12, 0x34, 0x56, 0x78]); const DUMMY_CHANNEL: Channel = Channel::MainHid([0x12, 0x34, 0x56, 0x78]);
#[cfg(feature = "vendor_hid")]
const VENDOR_CHANNEL: Channel = Channel::VendorHid([0x12, 0x34, 0x56, 0x78]);
pub fn enable_enterprise_attestation( pub fn enable_enterprise_attestation(
state: &mut CtapState, state: &mut CtapState,
env: &mut impl Env, env: &mut impl Env,
) -> Result<AuthenticatorAttestationMaterial, Ctap2StatusCode> { ) -> Result<AuthenticatorAttestationMaterial, Ctap2StatusCode> {
let dummy_key = [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
let dummy_cert = vec![0xdd; 20];
let attestation_material = AuthenticatorAttestationMaterial { let attestation_material = AuthenticatorAttestationMaterial {
certificate: vec![0xdd; 20], certificate: dummy_cert,
private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH], private_key: dummy_key,
}; };
let configure_params = AuthenticatorVendorConfigureParameters {
let attestation = Attestation { lockdown: false,
private_key: attestation_material.private_key, attestation_material: Some(attestation_material.clone()),
certificate: attestation_material.certificate.clone(),
}; };
env.attestation_store() #[cfg(feature = "vendor_hid")]
.set(&attestation_store::Id::Enterprise, Some(&attestation))?; let vendor_channel = VENDOR_CHANNEL;
#[cfg(not(feature = "vendor_hid"))]
let vendor_channel = DUMMY_CHANNEL;
let vendor_command = Command::AuthenticatorVendorConfigure(configure_params);
state.process_parsed_command(env, vendor_command, vendor_channel, CtapInstant::new(0))?;
let config_params = AuthenticatorConfigParameters { let config_params = AuthenticatorConfigParameters {
sub_command: ConfigSubCommand::EnableEnterpriseAttestation, sub_command: ConfigSubCommand::EnableEnterpriseAttestation,