kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moves CTAP secrets to the key store (#617)

Browse Source 
The PIN hash can be encrypted and decrypted, and CredRandom is part of
the master secrets.
This commit is contained in:
kaczmarczyck
2023-04-21 16:32:58 +02:00
committed by GitHub
parent a88a1b2a22
commit bcd382e5e9
5 changed files with 69 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libraries/opensk/src/ctap/mod.rs
View File

@@ -70,6 +70,7 @@ use crate::api::crypto::hkdf256::Hkdf256;
use crate::api::crypto::sha256::Sha256;
use crate::api::crypto::HASH_SIZE;
use crate::api::customization::Customization;
use crate::api::key_store::KeyStore;
use crate::api::rng::Rng;
use crate::api::user_presence::{UserPresence, UserPresenceError};
use crate::env::{EcdsaSk, Env, Hkdf, Sha};
@@ -956,9 +957,9 @@ impl<E: Env> CtapState<E> {
) -> Result<Secret<[u8; HASH_SIZE]>, Ctap2StatusCode> {
let private_key_bytes = private_key.to_bytes();
let salt = array_ref!(private_key_bytes, 0, 32);
let key = storage::cred_random_secret(env, has_uv)?;
let key = env.key_store().cred_random(has_uv)?;
let mut output = Secret::default();
Hkdf::<E>::hkdf_256(&key, salt, b"credRandom", &mut output);
Hkdf::<E>::hkdf_256(&*key, salt, b"credRandom", &mut output);
Ok(output)
}