Remove compile time crypto material.

2020-12-01 15:34:15 +01:00
parent efb6378311
commit 3c93c8ddc6
4 changed files with 7 additions and 94 deletions
--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -17,9 +17,3 @@ pub const AAGUID_LENGTH: usize = 16;

 pub const AAGUID: &[u8; AAGUID_LENGTH] =
    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
-
-pub const ATTESTATION_CERTIFICATE: &[u8] =
-    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));
-
-pub const ATTESTATION_PRIVATE_KEY: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH] =
-    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_pkey.bin"));
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -115,36 +115,12 @@ impl PersistentStore {
            self.store.insert(key::CRED_RANDOM_SECRET, &cred_random)?;
        }

-        // TODO(jmichel): remove this when vendor command is in place
-        #[cfg(not(test))]
-        self.load_attestation_data_from_firmware()?;
        if self.store.find_handle(key::AAGUID)?.is_none() {
            self.set_aaguid(key_material::AAGUID)?;
        }
        Ok(())
    }

-    // TODO(jmichel): remove this function when vendor command is in place.
-    #[cfg(not(test))]
-    fn load_attestation_data_from_firmware(&mut self) -> Result<(), Ctap2StatusCode> {
-        // The following 2 entries are meant to be written by vendor-specific commands.
-        if self
-            .store
-            .find_handle(key::ATTESTATION_PRIVATE_KEY)?
-            .is_none()
-        {
-            self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)?;
-        }
-        if self
-            .store
-            .find_handle(key::ATTESTATION_CERTIFICATE)?
-            .is_none()
-        {
-            self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)?;
-        }
-        Ok(())
-    }
-
    /// Returns the first matching credential.
    ///
    /// Returns `None` if no credentials are matched or if `check_cred_protect` is set and the first
@@ -989,11 +965,14 @@ mod test {
            .is_none());

        // Make sure the persistent keys are initialized.
+        // Put dummy values
+        let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+        let dummy_cert = [0xddu8; 20];
        persistent_store
-            .set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
+            .set_attestation_private_key(&dummy_key)
            .unwrap();
        persistent_store
-            .set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
+            .set_attestation_certificate(&dummy_cert)
            .unwrap();
        assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);

@@ -1001,11 +980,11 @@ mod test {
        persistent_store.reset(&mut rng).unwrap();
        assert_eq!(
            &persistent_store.attestation_private_key().unwrap().unwrap(),
-            key_material::ATTESTATION_PRIVATE_KEY
+            &dummy_key
        );
        assert_eq!(
            persistent_store.attestation_certificate().unwrap().unwrap(),
-            key_material::ATTESTATION_CERTIFICATE
+            &dummy_cert
        );
        assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
    }