kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use transactions, and how to store a bool

Browse Source
This commit is contained in:
Fabian Kaczmarczyck
2021-01-22 10:55:11 +01:00
parent 5fe111698b
commit c38f00624a
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/ctap/pin_protocol_v1.rs
View File

@@ -328,6 +328,7 @@ impl PinProtocolV1 {
let token_encryption_key = crypto::aes256::EncryptionKey::new(&shared_secret); let token_encryption_key = crypto::aes256::EncryptionKey::new(&shared_secret);
let pin_decryption_key = crypto::aes256::DecryptionKey::new(&token_encryption_key); let pin_decryption_key = crypto::aes256::DecryptionKey::new(&token_encryption_key);
self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?; self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?;
// TODO(kaczmarczyck) can this be moved up in the specification?
if persistent_store.has_force_pin_change()? { if persistent_store.has_force_pin_change()? {
return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID); return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
} }

17
src/ctap/storage.rs
View File

@@ -30,6 +30,7 @@ use arrayref::array_ref;
use cbor::cbor_array_vec; use cbor::cbor_array_vec;
use core::convert::TryInto; use core::convert::TryInto;
use crypto::rng256::Rng256; use crypto::rng256::Rng256;
use persistent_store::StoreUpdate;
// Those constants may be modified before compilation to tune the behavior of the key. // Those constants may be modified before compilation to tune the behavior of the key.
// //
@@ -384,9 +385,15 @@ impl PersistentStore {
let mut pin_properties = [0; 1 + PIN_AUTH_LENGTH]; let mut pin_properties = [0; 1 + PIN_AUTH_LENGTH];
pin_properties[0] = pin_code_point_length; pin_properties[0] = pin_code_point_length;
pin_properties[1..].clone_from_slice(pin_hash); pin_properties[1..].clone_from_slice(pin_hash);
self.store.insert(key::PIN_PROPERTIES, &pin_properties)?; Ok(self.store.transaction(&[
// If this second transaction fails, you are forced to retry. StoreUpdate::Insert {
Ok(self.store.remove(key::FORCE_PIN_CHANGE)?) key: key::PIN_PROPERTIES,
value: &pin_properties[..],
},
StoreUpdate::Remove {
key: key::FORCE_PIN_CHANGE,
},
])?)
} }
/// Returns the number of remaining PIN retries. /// Returns the number of remaining PIN retries.
@@ -547,14 +554,14 @@ impl PersistentStore {
pub fn has_force_pin_change(&self) -> Result<bool, Ctap2StatusCode> { pub fn has_force_pin_change(&self) -> Result<bool, Ctap2StatusCode> {
match self.store.find(key::FORCE_PIN_CHANGE)? { match self.store.find(key::FORCE_PIN_CHANGE)? {
None => Ok(false), None => Ok(false),
Some(value) if value.len() == 1 && value[0] == 1 => Ok(true), Some(value) if value.is_empty() => Ok(true),
_ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR), _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
} }
} }
/// Marks the PIN as outdated with respect to the new PIN policy. /// Marks the PIN as outdated with respect to the new PIN policy.
pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> { pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[1])?) Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
} }
} }