kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expose MasterKeys fields again

Browse Source
This commit is contained in:
Julien Cretin
2020-09-23 13:27:20 +02:00
parent 426722bb6b
commit 6a6891949b
2 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ctap/mod.rs
View File

@@ -191,7 +191,7 @@ where
application: &[u8; 32],
) -> Result<Vec<u8>, Ctap2StatusCode> {
let master_keys = self.persistent_store.master_keys()?;
let aes_enc_key = crypto::aes256::EncryptionKey::new(master_keys.encryption());
let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
let mut sk_bytes = [0; 32];
private_key.to_bytes(&mut sk_bytes);
let mut iv = [0; 16];
@@ -209,7 +209,7 @@ where
for b in &blocks {
encrypted_id.extend(b);
}
let id_hmac = hmac_256::<Sha256>(master_keys.hmac(), &encrypted_id[..]);
let id_hmac = hmac_256::<Sha256>(&master_keys.hmac, &encrypted_id[..]);
encrypted_id.extend(&id_hmac);
Ok(encrypted_id)
}
@@ -228,13 +228,13 @@ where
let master_keys = self.persistent_store.master_keys()?;
let payload_size = ENCRYPTED_CREDENTIAL_ID_SIZE - 32;
if !verify_hmac_256::<Sha256>(
master_keys.hmac(),
&master_keys.hmac,
&credential_id[..payload_size],
array_ref![credential_id, payload_size, 32],
) {
return Ok(None);
}
let aes_enc_key = crypto::aes256::EncryptionKey::new(master_keys.encryption());
let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
let mut iv = [0; 16];
iv.copy_from_slice(&credential_id[..16]);

30
src/ctap/storage.rs
View File

@@ -105,16 +105,9 @@ enum Key {
MinPinLengthRpIds,
}
pub struct MasterKeys([u8; 64]);
impl MasterKeys {
pub fn encryption(&self) -> &[u8; 32] {
array_ref!(&self.0, 0, 32)
}
pub fn hmac(&self) -> &[u8; 32] {
array_ref!(&self.0, 32, 32)
}
pub struct MasterKeys {
pub encryption: [u8; 32],
pub hmac: [u8; 32],
}
struct Config;
@@ -382,7 +375,10 @@ impl PersistentStore {
if entry.data.len() != 64 {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
Ok(MasterKeys(*array_ref![entry.data, 0, 64]))
Ok(MasterKeys {
encryption: *array_ref![entry.data, 0, 32],
hmac: *array_ref![entry.data, 32, 32],
})
}
pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
@@ -930,17 +926,17 @@ mod test {
// Master keys stay the same between resets.
let master_keys_1 = persistent_store.master_keys().unwrap();
let master_keys_2 = persistent_store.master_keys().unwrap();
assert_eq!(master_keys_2.encryption(), master_keys_1.encryption());
assert_eq!(master_keys_2.hmac(), master_keys_1.hmac());
assert_eq!(master_keys_2.encryption, master_keys_1.encryption);
assert_eq!(master_keys_2.hmac, master_keys_1.hmac);
// Master keys change after reset. This test may fail if the random generator produces the
// same keys.
let master_encryption_key = master_keys_1.encryption().to_vec();
let master_hmac_key = master_keys_1.hmac().to_vec();
let master_encryption_key = master_keys_1.encryption.to_vec();
let master_hmac_key = master_keys_1.hmac.to_vec();
persistent_store.reset(&mut rng).unwrap();
let master_keys_3 = persistent_store.master_keys().unwrap();
assert!(master_keys_3.encryption() != &master_encryption_key[..]);
assert!(master_keys_3.hmac() != &master_hmac_key[..]);
assert!(master_keys_3.encryption != &master_encryption_key[..]);
assert!(master_keys_3.hmac != &master_hmac_key[..]);
}
#[test]