From 98a558a5021b8bfb249e55e1466548ca7c6a2691 Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Sat, 30 May 2020 20:15:59 +0200 Subject: [PATCH 01/13] Access the persistent keys through the store This permits to set them using a vendor command and thus not embed their value in the application. --- src/ctap/mod.rs | 18 +++---- src/ctap/status_code.rs | 6 +++ src/ctap/storage.rs | 113 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 126 insertions(+), 11 deletions(-) diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs index a39a983..758f94a 100644 --- a/src/ctap/mod.rs +++ b/src/ctap/mod.rs @@ -37,7 +37,6 @@ use self::data_formats::{ PublicKeyCredentialType, PublicKeyCredentialUserEntity, SignatureAlgorithm, }; use self::hid::ChannelID; -use self::key_material::{AAGUID, ATTESTATION_CERTIFICATE, ATTESTATION_PRIVATE_KEY}; use self::response::{ AuthenticatorClientPinResponse, AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse, AuthenticatorMakeCredentialResponse, ResponseData, @@ -509,7 +508,7 @@ where }; let mut auth_data = self.generate_auth_data(&rp_id_hash, flags); - auth_data.extend(AAGUID); + auth_data.extend(self.persistent_store.aaguid()?); // The length is fixed to 0x20 or 0x70 and fits one byte. if credential_id.len() > 0xFF { return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG); @@ -534,10 +533,11 @@ where signature_data.extend(client_data_hash); let (signature, x5c) = if USE_BATCH_ATTESTATION { let attestation_key = - crypto::ecdsa::SecKey::from_bytes(ATTESTATION_PRIVATE_KEY).unwrap(); + crypto::ecdsa::SecKey::from_bytes(self.persistent_store.attestation_private_key()?) + .unwrap(); ( attestation_key.sign_rfc6979::(&signature_data), - Some(vec![ATTESTATION_CERTIFICATE.to_vec()]), + Some(vec![self.persistent_store.attestation_certificate()?]), ) } else { ( @@ -769,7 +769,7 @@ where String::from(FIDO2_VERSION_STRING), ], extensions: Some(vec![String::from("hmac-secret")]), - aaguid: *AAGUID, + aaguid: *self.persistent_store.aaguid()?, options: Some(options_map), max_msg_size: Some(1024), pin_protocols: Some(vec![ @@ -1124,7 +1124,7 @@ mod test { 0x02, 0x81, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x03, 0x50, ]); - expected_response.extend(AAGUID); + expected_response.extend(ctap_state.persistent_store.aaguid().unwrap()); expected_response.extend(&[ 0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01, @@ -1197,7 +1197,7 @@ mod test { 0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2, 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00, ]; - expected_auth_data.extend(AAGUID); + expected_auth_data.extend(ctap_state.persistent_store.aaguid().unwrap()); expected_auth_data.extend(&[0x00, 0x20]); assert_eq!( auth_data[0..expected_auth_data.len()], @@ -1234,7 +1234,7 @@ mod test { 0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2, 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00, ]; - expected_auth_data.extend(AAGUID); + expected_auth_data.extend(ctap_state.persistent_store.aaguid().unwrap()); expected_auth_data.extend(&[0x00, ENCRYPTED_CREDENTIAL_ID_SIZE as u8]); assert_eq!( auth_data[0..expected_auth_data.len()], @@ -1330,7 +1330,7 @@ mod test { 0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2, 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00, ]; - expected_auth_data.extend(AAGUID); + expected_auth_data.extend(ctap_state.persistent_store.aaguid().unwrap()); expected_auth_data.extend(&[0x00, 0x20]); assert_eq!( auth_data[0..expected_auth_data.len()], diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs index 1e0c2bf..b58b8d0 100644 --- a/src/ctap/status_code.rs +++ b/src/ctap/status_code.rs @@ -67,5 +67,11 @@ pub enum Ctap2StatusCode { // CTAP2_ERR_VENDOR_FIRST = 0xF0, CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG = 0xF0, CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR = 0xF1, + + /// An internal invariant is broken. + /// + /// This type of error is unexpected and the current state is undefined. + CTAP2_ERR_VENDOR_INTERNAL_ERROR = 0xF2, + CTAP2_ERR_VENDOR_LAST = 0xFF, } diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index f0a2ca4..b8cfa37 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -14,6 +14,7 @@ use crate::crypto::rng256::Rng256; use crate::ctap::data_formats::PublicKeyCredentialSource; +use crate::ctap::key_material; use crate::ctap::status_code::Ctap2StatusCode; use crate::ctap::PIN_AUTH_LENGTH; use alloc::string::String; @@ -56,9 +57,14 @@ const GLOBAL_SIGNATURE_COUNTER: usize = 1; const MASTER_KEYS: usize = 2; const PIN_HASH: usize = 3; const PIN_RETRIES: usize = 4; -const NUM_TAGS: usize = 5; +const ATTESTATION_PRIVATE_KEY: usize = 5; +const ATTESTATION_CERTIFICATE: usize = 6; +const AAGUID: usize = 7; +const NUM_TAGS: usize = 8; const MAX_PIN_RETRIES: u8 = 6; +const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32; +const AAGUID_LENGTH: usize = 16; #[derive(PartialEq, Eq, PartialOrd, Ord)] enum Key { @@ -73,6 +79,9 @@ enum Key { MasterKeys, PinHash, PinRetries, + AttestationPrivateKey, + AttestationCertificate, + Aaguid, } pub struct MasterKeys<'a> { @@ -124,6 +133,9 @@ impl StoreConfig for Config { MASTER_KEYS => add(Key::MasterKeys), PIN_HASH => add(Key::PinHash), PIN_RETRIES => add(Key::PinRetries), + ATTESTATION_PRIVATE_KEY => add(Key::AttestationPrivateKey), + ATTESTATION_CERTIFICATE => add(Key::AttestationCertificate), + AAGUID => add(Key::Aaguid), _ => debug_assert!(false), } } @@ -211,6 +223,33 @@ impl PersistentStore { }) .unwrap(); } + if self.store.find_one(&Key::AttestationPrivateKey).is_none() { + self.store + .insert(StoreEntry { + tag: ATTESTATION_PRIVATE_KEY, + data: key_material::ATTESTATION_PRIVATE_KEY, + sensitive: false, + }) + .unwrap(); + } + if self.store.find_one(&Key::AttestationCertificate).is_none() { + self.store + .insert(StoreEntry { + tag: ATTESTATION_CERTIFICATE, + data: key_material::ATTESTATION_CERTIFICATE, + sensitive: false, + }) + .unwrap(); + } + if self.store.find_one(&Key::Aaguid).is_none() { + self.store + .insert(StoreEntry { + tag: AAGUID, + data: key_material::AAGUID, + sensitive: false, + }) + .unwrap(); + } } pub fn find_credential( @@ -394,10 +433,44 @@ impl PersistentStore { .unwrap(); } + pub fn attestation_private_key( + &self, + ) -> Result<&[u8; ATTESTATION_PRIVATE_KEY_LENGTH], Ctap2StatusCode> { + let (_, entry) = self + .store + .find_one(&Key::AttestationPrivateKey) + .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; + let data = entry.data; + if data.len() != ATTESTATION_PRIVATE_KEY_LENGTH { + return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR); + } + Ok(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH)) + } + + pub fn attestation_certificate(&self) -> Result, Ctap2StatusCode> { + let (_, entry) = self + .store + .find_one(&Key::AttestationCertificate) + .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; + Ok(entry.data.to_vec()) + } + + pub fn aaguid(&self) -> Result<&[u8; AAGUID_LENGTH], Ctap2StatusCode> { + let (_, entry) = self + .store + .find_one(&Key::Aaguid) + .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; + let data = entry.data; + if data.len() != AAGUID_LENGTH { + return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR); + } + Ok(array_ref!(data, 0, AAGUID_LENGTH)) + } + pub fn reset(&mut self, rng: &mut impl Rng256) { loop { let index = { - let mut iter = self.store.iter(); + let mut iter = self.store.iter().filter(|(_, entry)| should_reset(entry)); match iter.next() { None => break, Some((index, _)) => index, @@ -419,6 +492,13 @@ impl From for Ctap2StatusCode { } } +fn should_reset<'a>(entry: &StoreEntry<'a>) -> bool { + match entry.tag { + ATTESTATION_PRIVATE_KEY | ATTESTATION_CERTIFICATE | AAGUID => false, + _ => true, + } +} + fn deserialize_credential(data: &[u8]) -> Option { let cbor = cbor::read(data).ok()?; cbor.try_into().ok() @@ -696,4 +776,33 @@ mod test { persistent_store.reset_pin_retries(); assert_eq!(persistent_store.pin_retries(), MAX_PIN_RETRIES); } + + #[test] + fn test_persistent_keys() { + let mut rng = ThreadRng256 {}; + let mut persistent_store = PersistentStore::new(&mut rng); + + // The persistent keys are initialized on a fresh store. + assert_eq!( + persistent_store.attestation_private_key().unwrap(), + key_material::ATTESTATION_PRIVATE_KEY + ); + assert_eq!( + persistent_store.attestation_certificate().unwrap(), + key_material::ATTESTATION_CERTIFICATE + ); + assert_eq!(persistent_store.aaguid().unwrap(), key_material::AAGUID); + + // The persistent keys stay initialized and preserve their value after a reset. + persistent_store.reset(&mut rng); + assert_eq!( + persistent_store.attestation_private_key().unwrap(), + key_material::ATTESTATION_PRIVATE_KEY + ); + assert_eq!( + persistent_store.attestation_certificate().unwrap(), + key_material::ATTESTATION_CERTIFICATE + ); + assert_eq!(persistent_store.aaguid().unwrap(), key_material::AAGUID); + } } From a195cfec02ed9fcf237a4e92827543f52bcefbdc Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Sat, 30 May 2020 20:29:50 +0200 Subject: [PATCH 02/13] Update reproducible hashes --- reproducible/reference_binaries_macos-10.15.sha256sum | 10 +++++----- reproducible/reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index cf4fea0..f299ed1 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ b113945b033eb229e3821542f5889769e5fd2e2ae3cb85c6d13a4e05a44a9866 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -13d923f9efad028c9fa5d14920f940ad0108b290088a84ca82f08a3e09a4e569 target/nrf52840dk_merged.hex +89a36f326b7e2db764315f976c8a26644ab3fd11fd03ca5edfc308c833fe7576 target/nrf52840dk_merged.hex 346016903ddf244a239162b7c703aafe7ec70a115175e2204892e874f930f6be third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -f1f0de2e54c0dc88fd503271322a985f9c769fc26a72e651f84b834cd623c09c target/nrf52840_dongle_merged.hex +a146c240423bb72ccd1046b90dbc52ef23bd1b14996f54754b64af849590c487 target/nrf52840_dongle_merged.hex adcc4caaea86f7b0d54111d3080802e7389a4e69a8f17945d026ee732ea8daa4 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -d080c9267370b4a69e64e6098391cded7d3532feaa123c6331b12608aacd0112 target/nrf52840_dongle_dfu_merged.hex +d8ed0d7f3bfce18ebe512c7a7d884de8e006508611e7f8055a9beff38e50287b target/nrf52840_dongle_dfu_merged.hex 97a7dbdb7c3caa345307d5ff7f7607dad5c2cdc523b43c68d3b741ddce318e92 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -5bdcfa69ff5e86cd8175e0d78912e54e803c284502e035416333a8da2eaa1616 target/nrf52840_mdk_dfu_merged.hex -c68c723d21264b54a7167d999ad18294d10b05d48412595ccbe596865e166e5d target/tab/ctap2.tab +aca4e384a86b81cd9c1f35bc8201957c4a3e5733411d54bda59cb9086d002d79 target/nrf52840_mdk_dfu_merged.hex +7a8811f32efcd4ce81a586837dd44edfe770dbb2980fd1d73ac6b2d579850cec target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index 8e87cac..82dd546 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ 921d6fc31f7235456dd41abc7e634a37ee87b5016b80c979d20ac5d3fcfc6b6b third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -e8e6b802722bf41eb5054ec94e87332fa996e954aad7d02db09beb798d7e381c target/nrf52840dk_merged.hex +35017137a06dc2e65e13037b3ac269252eafea13e6790976ea31fa1b36870651 target/nrf52840dk_merged.hex aab5bdc406b1e874b83872c9358d310070b3ce948ec0e20c054fb923ec879249 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -aab3193acc08bc38c4219968da5e9d99f6f73b78fe91d74e8cbc3b94166c7dd3 target/nrf52840_dongle_merged.hex +f0ff3e88c0935f832084e0c39cc65fe2278336424c9e970d42b5f5f270838b3a target/nrf52840_dongle_merged.hex 26b8513e76058e86a01a4b408411ce429834eb2843993eb1671f2487b160bc9a third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -99a71cc0622f7cc0abdce686ff6581ec8b9fee6075b7cd771a68c08717e4198f target/nrf52840_dongle_dfu_merged.hex +a8374b73fbcd7f807831f0ca558d64e93d5670e51d570dcf8da22c7db9c914fe target/nrf52840_dongle_dfu_merged.hex 7cc558a66505e8cf8170aab50e6ddcb28f349fd7ced35ce841ccec33a533bea1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -810f3ef6353177742bba06618bdc865efd819e97cbed605769f12f9d66831671 target/nrf52840_mdk_dfu_merged.hex -54e05927ab650c2ccf10cde165e992e48869888609cc6e8b4429a5c7a420f145 target/tab/ctap2.tab +395dea574ef660102a80446c8d1b0d56c76f9a0e0f75327547b54595676cfaf4 target/nrf52840_mdk_dfu_merged.hex +35cbaa5af951807a0f9a73e11e3604565cf5a015925fba41009dcfa092358d64 target/tab/ctap2.tab From 5f8cb116a5f50dca899c3e2e200c9b3d07b96961 Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Tue, 2 Jun 2020 11:00:26 +0200 Subject: [PATCH 03/13] Only write attestation if compiled with batch attestation --- src/ctap/mod.rs | 28 +++++++++++-------- src/ctap/storage.rs | 65 +++++++++++++++++++++++---------------------- 2 files changed, 50 insertions(+), 43 deletions(-) diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs index 758f94a..bd1db51 100644 --- a/src/ctap/mod.rs +++ b/src/ctap/mod.rs @@ -531,19 +531,25 @@ where let mut signature_data = auth_data.clone(); signature_data.extend(client_data_hash); - let (signature, x5c) = if USE_BATCH_ATTESTATION { - let attestation_key = - crypto::ecdsa::SecKey::from_bytes(self.persistent_store.attestation_private_key()?) - .unwrap(); - ( - attestation_key.sign_rfc6979::(&signature_data), - Some(vec![self.persistent_store.attestation_certificate()?]), - ) - } else { - ( + // We currently use the presence of the attestation private key in the persistent storage to + // decide whether batch attestation is needed. + let (signature, x5c) = match self.persistent_store.attestation_private_key()? { + Some(attestation_private_key) => { + let attestation_key = + crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap(); + let attestation_certificate = self + .persistent_store + .attestation_certificate()? + .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; + ( + attestation_key.sign_rfc6979::(&signature_data), + Some(vec![attestation_certificate]), + ) + } + None => ( sk.sign_rfc6979::(&signature_data), None, - ) + ), }; let attestation_statement = PackedAttestationStatement { alg: SignatureAlgorithm::ES256 as i64, diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index b8cfa37..e3fef55 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -14,9 +14,8 @@ use crate::crypto::rng256::Rng256; use crate::ctap::data_formats::PublicKeyCredentialSource; -use crate::ctap::key_material; use crate::ctap::status_code::Ctap2StatusCode; -use crate::ctap::PIN_AUTH_LENGTH; +use crate::ctap::{key_material, PIN_AUTH_LENGTH, USE_BATCH_ATTESTATION}; use alloc::string::String; use alloc::vec::Vec; use core::convert::TryInto; @@ -223,23 +222,26 @@ impl PersistentStore { }) .unwrap(); } - if self.store.find_one(&Key::AttestationPrivateKey).is_none() { - self.store - .insert(StoreEntry { - tag: ATTESTATION_PRIVATE_KEY, - data: key_material::ATTESTATION_PRIVATE_KEY, - sensitive: false, - }) - .unwrap(); - } - if self.store.find_one(&Key::AttestationCertificate).is_none() { - self.store - .insert(StoreEntry { - tag: ATTESTATION_CERTIFICATE, - data: key_material::ATTESTATION_CERTIFICATE, - sensitive: false, - }) - .unwrap(); + // The following 3 entries are meant to be written by vendor-specific commands. + if USE_BATCH_ATTESTATION { + if self.store.find_one(&Key::AttestationPrivateKey).is_none() { + self.store + .insert(StoreEntry { + tag: ATTESTATION_PRIVATE_KEY, + data: key_material::ATTESTATION_PRIVATE_KEY, + sensitive: false, + }) + .unwrap(); + } + if self.store.find_one(&Key::AttestationCertificate).is_none() { + self.store + .insert(StoreEntry { + tag: ATTESTATION_CERTIFICATE, + data: key_material::ATTESTATION_CERTIFICATE, + sensitive: false, + }) + .unwrap(); + } } if self.store.find_one(&Key::Aaguid).is_none() { self.store @@ -435,24 +437,23 @@ impl PersistentStore { pub fn attestation_private_key( &self, - ) -> Result<&[u8; ATTESTATION_PRIVATE_KEY_LENGTH], Ctap2StatusCode> { - let (_, entry) = self - .store - .find_one(&Key::AttestationPrivateKey) - .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; - let data = entry.data; + ) -> Result, Ctap2StatusCode> { + let data = match self.store.find_one(&Key::AttestationPrivateKey) { + None => return Ok(None), + Some((_, entry)) => entry.data, + }; if data.len() != ATTESTATION_PRIVATE_KEY_LENGTH { return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR); } - Ok(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH)) + Ok(Some(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH))) } - pub fn attestation_certificate(&self) -> Result, Ctap2StatusCode> { - let (_, entry) = self - .store - .find_one(&Key::AttestationCertificate) - .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?; - Ok(entry.data.to_vec()) + pub fn attestation_certificate(&self) -> Result>, Ctap2StatusCode> { + let data = match self.store.find_one(&Key::AttestationCertificate) { + None => return Ok(None), + Some((_, entry)) => entry.data, + }; + Ok(Some(data.to_vec())) } pub fn aaguid(&self) -> Result<&[u8; AAGUID_LENGTH], Ctap2StatusCode> { From d74a5e8894e8b43c41ad597cf2532e7f727b344c Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Tue, 2 Jun 2020 11:35:17 +0200 Subject: [PATCH 04/13] Add setter functions and fix tests --- src/ctap/storage.rs | 97 +++++++++++++++++++++++++++++++-------------- 1 file changed, 67 insertions(+), 30 deletions(-) diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index e3fef55..f4a2786 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -225,32 +225,16 @@ impl PersistentStore { // The following 3 entries are meant to be written by vendor-specific commands. if USE_BATCH_ATTESTATION { if self.store.find_one(&Key::AttestationPrivateKey).is_none() { - self.store - .insert(StoreEntry { - tag: ATTESTATION_PRIVATE_KEY, - data: key_material::ATTESTATION_PRIVATE_KEY, - sensitive: false, - }) + self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY) .unwrap(); } if self.store.find_one(&Key::AttestationCertificate).is_none() { - self.store - .insert(StoreEntry { - tag: ATTESTATION_CERTIFICATE, - data: key_material::ATTESTATION_CERTIFICATE, - sensitive: false, - }) + self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE) .unwrap(); } } if self.store.find_one(&Key::Aaguid).is_none() { - self.store - .insert(StoreEntry { - tag: AAGUID, - data: key_material::AAGUID, - sensitive: false, - }) - .unwrap(); + self.set_aaguid(key_material::AAGUID).unwrap(); } } @@ -448,6 +432,22 @@ impl PersistentStore { Ok(Some(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH))) } + pub fn set_attestation_private_key( + &mut self, + attestation_private_key: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH], + ) -> Result<(), Ctap2StatusCode> { + let entry = StoreEntry { + tag: ATTESTATION_PRIVATE_KEY, + data: attestation_private_key, + sensitive: false, + }; + match self.store.find_one(&Key::AttestationPrivateKey) { + None => self.store.insert(entry)?, + Some((index, _)) => self.store.replace(index, entry)?, + } + Ok(()) + } + pub fn attestation_certificate(&self) -> Result>, Ctap2StatusCode> { let data = match self.store.find_one(&Key::AttestationCertificate) { None => return Ok(None), @@ -456,6 +456,22 @@ impl PersistentStore { Ok(Some(data.to_vec())) } + pub fn set_attestation_certificate( + &mut self, + attestation_certificate: &[u8], + ) -> Result<(), Ctap2StatusCode> { + let entry = StoreEntry { + tag: ATTESTATION_CERTIFICATE, + data: attestation_certificate, + sensitive: false, + }; + match self.store.find_one(&Key::AttestationCertificate) { + None => self.store.insert(entry)?, + Some((index, _)) => self.store.replace(index, entry)?, + } + Ok(()) + } + pub fn aaguid(&self) -> Result<&[u8; AAGUID_LENGTH], Ctap2StatusCode> { let (_, entry) = self .store @@ -468,6 +484,19 @@ impl PersistentStore { Ok(array_ref!(data, 0, AAGUID_LENGTH)) } + pub fn set_aaguid(&mut self, aaguid: &[u8; AAGUID_LENGTH]) -> Result<(), Ctap2StatusCode> { + let entry = StoreEntry { + tag: AAGUID, + data: aaguid, + sensitive: false, + }; + match self.store.find_one(&Key::Aaguid) { + None => self.store.insert(entry)?, + Some((index, _)) => self.store.replace(index, entry)?, + } + Ok(()) + } + pub fn reset(&mut self, rng: &mut impl Rng256) { loop { let index = { @@ -783,25 +812,33 @@ mod test { let mut rng = ThreadRng256 {}; let mut persistent_store = PersistentStore::new(&mut rng); - // The persistent keys are initialized on a fresh store. - assert_eq!( - persistent_store.attestation_private_key().unwrap(), - key_material::ATTESTATION_PRIVATE_KEY - ); - assert_eq!( - persistent_store.attestation_certificate().unwrap(), - key_material::ATTESTATION_CERTIFICATE - ); + // Make sure the attestation are absent. There is no batch attestation in tests. + assert!(persistent_store + .attestation_private_key() + .unwrap() + .is_none()); + assert!(persistent_store + .attestation_certificate() + .unwrap() + .is_none()); + + // Make sure the persistent keys are initialized. + persistent_store + .set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY) + .unwrap(); + persistent_store + .set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE) + .unwrap(); assert_eq!(persistent_store.aaguid().unwrap(), key_material::AAGUID); // The persistent keys stay initialized and preserve their value after a reset. persistent_store.reset(&mut rng); assert_eq!( - persistent_store.attestation_private_key().unwrap(), + persistent_store.attestation_private_key().unwrap().unwrap(), key_material::ATTESTATION_PRIVATE_KEY ); assert_eq!( - persistent_store.attestation_certificate().unwrap(), + persistent_store.attestation_certificate().unwrap().unwrap(), key_material::ATTESTATION_CERTIFICATE ); assert_eq!(persistent_store.aaguid().unwrap(), key_material::AAGUID); From 7ba4a21632371a8a0c503f4dae5bf86b7f64052d Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Tue, 2 Jun 2020 11:47:48 +0200 Subject: [PATCH 05/13] Update reproducible hashes --- reproducible/reference_binaries_macos-10.15.sha256sum | 10 +++++----- reproducible/reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index f299ed1..ca790b0 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ b113945b033eb229e3821542f5889769e5fd2e2ae3cb85c6d13a4e05a44a9866 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -89a36f326b7e2db764315f976c8a26644ab3fd11fd03ca5edfc308c833fe7576 target/nrf52840dk_merged.hex +53df92ff658b43fd56f53a7ddf67dd8e63dd9401ba840ea86f9805a23e1ee29b target/nrf52840dk_merged.hex 346016903ddf244a239162b7c703aafe7ec70a115175e2204892e874f930f6be third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -a146c240423bb72ccd1046b90dbc52ef23bd1b14996f54754b64af849590c487 target/nrf52840_dongle_merged.hex +e366d9aeff8aa202be78490932b03b5d87188ec38c674f5891d38f58f7e9b83a target/nrf52840_dongle_merged.hex adcc4caaea86f7b0d54111d3080802e7389a4e69a8f17945d026ee732ea8daa4 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -d8ed0d7f3bfce18ebe512c7a7d884de8e006508611e7f8055a9beff38e50287b target/nrf52840_dongle_dfu_merged.hex +6bd5cfd1069eef2a2bc9f37add964b3e43e4e7e13bad7925612811ea8bc1f7ca target/nrf52840_dongle_dfu_merged.hex 97a7dbdb7c3caa345307d5ff7f7607dad5c2cdc523b43c68d3b741ddce318e92 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -aca4e384a86b81cd9c1f35bc8201957c4a3e5733411d54bda59cb9086d002d79 target/nrf52840_mdk_dfu_merged.hex -7a8811f32efcd4ce81a586837dd44edfe770dbb2980fd1d73ac6b2d579850cec target/tab/ctap2.tab +1a03451ad6cf068b3426f6f62d9dc9cc9fd0a511869e145c00badc325f010c1c target/nrf52840_mdk_dfu_merged.hex +c3d596f942135d6d2919f4641ad761f464b7f6a119fbd2a914314244cfd92bbf target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index 82dd546..1242d5b 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ 921d6fc31f7235456dd41abc7e634a37ee87b5016b80c979d20ac5d3fcfc6b6b third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -35017137a06dc2e65e13037b3ac269252eafea13e6790976ea31fa1b36870651 target/nrf52840dk_merged.hex +ba37efda1b1b20cb248a7465fca0b2a3c37a892320b35245d87946f4360026ef target/nrf52840dk_merged.hex aab5bdc406b1e874b83872c9358d310070b3ce948ec0e20c054fb923ec879249 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -f0ff3e88c0935f832084e0c39cc65fe2278336424c9e970d42b5f5f270838b3a target/nrf52840_dongle_merged.hex +449273c24167ecc17a264dd3d5be30a81d434846bbf762249ddec1539da9d07f target/nrf52840_dongle_merged.hex 26b8513e76058e86a01a4b408411ce429834eb2843993eb1671f2487b160bc9a third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -a8374b73fbcd7f807831f0ca558d64e93d5670e51d570dcf8da22c7db9c914fe target/nrf52840_dongle_dfu_merged.hex +14a71aaac9ec8940bafcaaa162075ee1d9cc1b5c0406692a496205a8ac987f79 target/nrf52840_dongle_dfu_merged.hex 7cc558a66505e8cf8170aab50e6ddcb28f349fd7ced35ce841ccec33a533bea1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -395dea574ef660102a80446c8d1b0d56c76f9a0e0f75327547b54595676cfaf4 target/nrf52840_mdk_dfu_merged.hex -35cbaa5af951807a0f9a73e11e3604565cf5a015925fba41009dcfa092358d64 target/tab/ctap2.tab +f30a0cad73d9fc664324585f07cecb40981d67413d9ebeef1e97334afb0363f3 target/nrf52840_mdk_dfu_merged.hex +d75a1f5468a4b838efa7602607f5178e042ad41891c53a230dc91a7b464018de target/tab/ctap2.tab From 3d2de2b02a0abdee6226880dd2726bfd1c294c92 Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Wed, 3 Jun 2020 11:45:05 +0200 Subject: [PATCH 06/13] Update reproducible hashes --- reproducible/reference_binaries_macos-10.15.sha256sum | 10 +++++----- reproducible/reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index 98b20af..3b0dabe 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ 1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -84d97929d7592d89c7f321ffccafa4148263607e28918e53d9286be8ca55c209 target/nrf52840dk_merged.hex +7ffc52ea6bfd1c3fde3398da4e894b5659770a74b466e052b4c3999436f9d78e target/nrf52840dk_merged.hex 88f00a5e1dae6ab3f7571c254ac75f5f3e29ebea7f3ca46c16cfdc3708e804fc third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -02009688b6ef8583f78f9b94ba8af65dfa3749b20516972cdb0d8ea7ac409268 target/nrf52840_dongle_merged.hex +a0cd9144582b616a51d4f097713cbd697d418c19d031906f58fc630d7286ed85 target/nrf52840_dongle_merged.hex 1bc69b48a2c48da55db8b322902e1fe3f2e095c0dd8517db28837d86e0addc85 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -a24e7459b93eea1fc7557ecd9e4271a2ed729425990d6198be6791f364b1384b target/nrf52840_dongle_dfu_merged.hex +5879d90971a7429e8890ce4a5db694499f391ffd7c6707c6820538ee8126ff5f target/nrf52840_dongle_dfu_merged.hex f38ee31d3a09e7e11848e78b5318f95517b6dcd076afcb37e6e3d3e5e9995cc7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -5315b77b997952de10e239289e54b44c24105646f2411074332bb46f4b686ae6 target/nrf52840_mdk_dfu_merged.hex -9012744b93f8bac122fa18916cf8c22d1b8f729a284366802ed222bbc985e3f0 target/tab/ctap2.tab +a4e7451174ee75a27acfb9bdd3c977f5cf3e756e40219b706c97eab3a21c7ac0 target/nrf52840_mdk_dfu_merged.hex +f364a923a4c56b5bbba8b590c8c296b29f4448f3117cedf433d4752867fac6ef target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index 3171ce7..c597106 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -805ca30b898b41a091cc136ab9b78b4e566e10c5469902d18c326c132ed4193e target/nrf52840dk_merged.hex +9624888f52510e1e7a13681a959ecb9dd0e325b3856422b48d28abadc6546211 target/nrf52840dk_merged.hex 0a9929ba8fa57e8a502a49fc7c53177397202e1b11f4c7c3cb6ed68b2b99dd46 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -960dce1eb78f34a3c4cfdb543314da8ce211dced41f34da053669c8773926e1d target/nrf52840_dongle_merged.hex +31b41cc1010c621765a4385ecd678950ddb2e1eaa11e0efaa9df818a1abfd022 target/nrf52840_dongle_merged.hex cca9086c9149c607589b23ffa599a5e4c26db7c20bd3700b79528bd3a5df991d third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -1755746cb3a28162a0bbd0b994332fa9ffaedca684803dfd9ef584040cea73ca target/nrf52840_dongle_dfu_merged.hex +0a9c92d56b02b42c7d783606f7711c474fc73518a32b9c7e244c078011a67e6d target/nrf52840_dongle_dfu_merged.hex 8857488ba6a69e366f0da229bbfc012a2ad291d3a88d9494247d600c10bb19b7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -04b94cd65bf83fa12030c4deaa831e0251f5f8b9684ec972d03a46e8f32e98b4 target/nrf52840_mdk_dfu_merged.hex -69dd51b947013b77e3577784384c935ed76930d1fb3ba46e9a5b6b5d71941057 target/tab/ctap2.tab +a5fb5ebcf475f88be0273a4679975bcfee72014102a6191370a80120ca287f11 target/nrf52840_mdk_dfu_merged.hex +7940a87663cf40941ea8c50ad1d99abf2ccbcacfcd157c1b0449dd3ed78e180e target/tab/ctap2.tab From 0073c153d257986e3260cac181bea80b50af789b Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Thu, 4 Jun 2020 14:32:04 +0200 Subject: [PATCH 07/13] Propagate the NBYTES constant from Int256 to SecKey --- libraries/crypto/src/ecdsa.rs | 6 ++++-- src/ctap/storage.rs | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs index 966552d..8b4329a 100644 --- a/libraries/crypto/src/ecdsa.rs +++ b/libraries/crypto/src/ecdsa.rs @@ -22,6 +22,8 @@ use super::{Hash256, HashBlockSize64Bytes}; use alloc::vec::Vec; use core::marker::PhantomData; +pub use super::ec::int256::NBYTES; + #[derive(Clone, PartialEq)] #[cfg_attr(feature = "derive_debug", derive(Debug))] pub struct SecKey { @@ -140,7 +142,7 @@ impl SecKey { } } - pub fn from_bytes(bytes: &[u8; 32]) -> Option { + pub fn from_bytes(bytes: &[u8; NBYTES]) -> Option { let k = NonZeroExponentP256::from_int_checked(Int256::from_bin(bytes)); // The branching here is fine because all this reveals is whether the key was invalid. if bool::from(k.is_none()) { @@ -150,7 +152,7 @@ impl SecKey { Some(SecKey { k }) } - pub fn to_bytes(&self, bytes: &mut [u8; 32]) { + pub fn to_bytes(&self, bytes: &mut [u8; NBYTES]) { self.k.to_int().to_bin(bytes); } } diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index 452bff6..c138660 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -62,7 +62,7 @@ const AAGUID: usize = 7; const NUM_TAGS: usize = 8; const MAX_PIN_RETRIES: u8 = 6; -const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32; +const ATTESTATION_PRIVATE_KEY_LENGTH: usize = crypto::ecdsa::NBYTES; const AAGUID_LENGTH: usize = 16; #[derive(PartialEq, Eq, PartialOrd, Ord)] From 935ccf366865c4c0055be67127222177fe2f5cda Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Tue, 9 Jun 2020 11:55:36 +0200 Subject: [PATCH 08/13] Revert "Propagate the NBYTES constant from Int256 to SecKey" This reverts commit 0073c153d257986e3260cac181bea80b50af789b. --- libraries/crypto/src/ecdsa.rs | 6 ++---- src/ctap/storage.rs | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs index 8b4329a..966552d 100644 --- a/libraries/crypto/src/ecdsa.rs +++ b/libraries/crypto/src/ecdsa.rs @@ -22,8 +22,6 @@ use super::{Hash256, HashBlockSize64Bytes}; use alloc::vec::Vec; use core::marker::PhantomData; -pub use super::ec::int256::NBYTES; - #[derive(Clone, PartialEq)] #[cfg_attr(feature = "derive_debug", derive(Debug))] pub struct SecKey { @@ -142,7 +140,7 @@ impl SecKey { } } - pub fn from_bytes(bytes: &[u8; NBYTES]) -> Option { + pub fn from_bytes(bytes: &[u8; 32]) -> Option { let k = NonZeroExponentP256::from_int_checked(Int256::from_bin(bytes)); // The branching here is fine because all this reveals is whether the key was invalid. if bool::from(k.is_none()) { @@ -152,7 +150,7 @@ impl SecKey { Some(SecKey { k }) } - pub fn to_bytes(&self, bytes: &mut [u8; NBYTES]) { + pub fn to_bytes(&self, bytes: &mut [u8; 32]) { self.k.to_int().to_bin(bytes); } } diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index c138660..452bff6 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -62,7 +62,7 @@ const AAGUID: usize = 7; const NUM_TAGS: usize = 8; const MAX_PIN_RETRIES: u8 = 6; -const ATTESTATION_PRIVATE_KEY_LENGTH: usize = crypto::ecdsa::NBYTES; +const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32; const AAGUID_LENGTH: usize = 16; #[derive(PartialEq, Eq, PartialOrd, Ord)] From 87394f5a1a3322ce19e723bc67511f7fc79a2b2b Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Tue, 9 Jun 2020 12:06:19 +0200 Subject: [PATCH 09/13] Update reproducible hashes --- reproducible/reference_binaries_macos-10.15.sha256sum | 10 +++++----- reproducible/reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index 0228740..82cd7fc 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ 1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -022268c93fa8bbd9e54e082982b87c10a0e7c0486704de8219d1bb374304636a target/nrf52840dk_merged.hex +6b0a7402c38a37fc729644a4a92bfba8bc4431ad21f3a16d1527f2258e2231d1 target/nrf52840dk_merged.hex 88f00a5e1dae6ab3f7571c254ac75f5f3e29ebea7f3ca46c16cfdc3708e804fc third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -8d68ecc700527789b8edf318f0872ca8fc3b72fa73236f4e06bec89a3682fcf8 target/nrf52840_dongle_merged.hex +454ac8d360dec8705e243840df3807526b2383810a77573e9d4409dba96f43df target/nrf52840_dongle_merged.hex 1bc69b48a2c48da55db8b322902e1fe3f2e095c0dd8517db28837d86e0addc85 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -af5465e4209914aaf74ee878d03e883a717827119e47b9295aa279ee21f0c5f4 target/nrf52840_dongle_dfu_merged.hex +9efeed7965ba491a468640bd47b53010403244562b9ade71e0090b211888274c target/nrf52840_dongle_dfu_merged.hex f38ee31d3a09e7e11848e78b5318f95517b6dcd076afcb37e6e3d3e5e9995cc7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -23603386a615e4e8cb2173c5ce4762110e6cbb979efdbb6e8bef9bc1e3988de4 target/nrf52840_mdk_dfu_merged.hex -c2cbcc28b835934be4c3d3e3c5bdaba642a5811d760c1d2cb73d26b6474e4219 target/tab/ctap2.tab +911aa4f4f748910394c9f16d2e36dd06e71e311b2f9fee3f40522a13a2e4b671 target/nrf52840_mdk_dfu_merged.hex +529ac9aef3941b45e7e480810ae4e821da433985b149028aa6a33f33e0dc1685 target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index 666eecd..466282e 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -d8b62ece387a77cc21f2c10a5f5d65d0d57bf4739b47fd86d2c9ecdd90fbfd7e target/nrf52840dk_merged.hex +bebc884aa49b79359b22916ca3d20eca3cddc3d4283ff6d0da1f0d46e1b6a1fb target/nrf52840dk_merged.hex 0a9929ba8fa57e8a502a49fc7c53177397202e1b11f4c7c3cb6ed68b2b99dd46 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -380de1a910b4d9eeb0c814b11b074b2e66334968cc99a4bd34d52a1fce3c5a79 target/nrf52840_dongle_merged.hex +8dca8415a01411d5f5589ec9688c9c6d229ca5a50fc27457060d001d90087c4b target/nrf52840_dongle_merged.hex cca9086c9149c607589b23ffa599a5e4c26db7c20bd3700b79528bd3a5df991d third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -4edd988b3e37991f1e58fc520e41f7666f8ae3e8d3993e1bb2fb71657a71fa50 target/nrf52840_dongle_dfu_merged.hex +64b36280f65508f5a6ca9a1708cc5cbd71663eb8068221434edf1c0201b9a339 target/nrf52840_dongle_dfu_merged.hex 8857488ba6a69e366f0da229bbfc012a2ad291d3a88d9494247d600c10bb19b7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -a51aba1cd12e55aa33fd9017af406583ebf14e1c690295b15cf147713dfe2561 target/nrf52840_mdk_dfu_merged.hex -40b413a8b645b4b47fae62a4311acb12cb0c57faff2757e45c18d9e5d441e52d target/tab/ctap2.tab +2673ba4581bd704ab55f148b361ac530d07329106c3dc2d5594be90106764095 target/nrf52840_mdk_dfu_merged.hex +ba0e11a0036f167a56864de43db3602a8a855b38be8a53afc3a97fcaa40f2201 target/tab/ctap2.tab From c90e5d5db1592e0663afd15408e716c91457a98f Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Wed, 17 Jun 2020 13:01:45 +0200 Subject: [PATCH 10/13] Update reproducible hashes --- reproducible/reference_binaries_macos-10.15.sha256sum | 10 +++++----- reproducible/reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- reproducible/reference_elf2tab_macos-10.15.txt | 8 ++++---- reproducible/reference_elf2tab_ubuntu-18.04.txt | 8 ++++---- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index fce6c5d..578e88a 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ 1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -022268c93fa8bbd9e54e082982b87c10a0e7c0486704de8219d1bb374304636a target/nrf52840dk_merged.hex +6b0a7402c38a37fc729644a4a92bfba8bc4431ad21f3a16d1527f2258e2231d1 target/nrf52840dk_merged.hex 052eec0ae526038352b9f7573468d0cf7fb5ec331d4dc1a2df75fdbd514ea5ca third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -d2373ac9df2ba8feff88f19e67ec87a58e635b94f0a0f759b6fcf4c750b256c9 target/nrf52840_dongle_merged.hex +b35ac62a490c62d4b23dddf1d8e6946badb32b5b35b40bbd75587815530094c9 target/nrf52840_dongle_merged.hex 908d7f4f40936d968b91ab6e19b2406612fe8c2c273d9c0b71ef1f55116780e0 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -3c6f18ad1e1ceedeb622f39cd00ae3328ea5ad1557a9042c1b4bf831d5e1fb0d target/nrf52840_dongle_dfu_merged.hex +1adb9f71697947109020b25ad2b3fb3b03e6a07945dee14351ad67341241205e target/nrf52840_dongle_dfu_merged.hex 34ecbecaebf1188277f2310fe769c8c60310d8576493242712854deb4ba1036e third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -d1320adfcec35099ade04988111a947c05d14c43851fc5800d17d7a83bdba033 target/nrf52840_mdk_dfu_merged.hex -c2cbcc28b835934be4c3d3e3c5bdaba642a5811d760c1d2cb73d26b6474e4219 target/tab/ctap2.tab +1661fb4da7cbaf01529e593600f47c4613446a37f400cb0b238249d100a3d9f1 target/nrf52840_mdk_dfu_merged.hex +529ac9aef3941b45e7e480810ae4e821da433985b149028aa6a33f33e0dc1685 target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index b1ef07f..b8b0305 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -d8b62ece387a77cc21f2c10a5f5d65d0d57bf4739b47fd86d2c9ecdd90fbfd7e target/nrf52840dk_merged.hex +bebc884aa49b79359b22916ca3d20eca3cddc3d4283ff6d0da1f0d46e1b6a1fb target/nrf52840dk_merged.hex 30f239390ae9bef0825731e4c82d40470fc5e9bded2bf0d942e92dbb5d4faba1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -c9349bd480b30e28214bb8d58d10938889050b92d34fbeb70e3110919b3a2601 target/nrf52840_dongle_merged.hex +1bf5219f7b096b4ade330e9b02544b09d10972ddf253c7fdfbd6241b03e98f31 target/nrf52840_dongle_merged.hex e3acf15d5ae3a22aecff6cc58db5fc311f538f47328d348b7ad7db7f9ab5e72c third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -08f3ca1bb79e13e83149324244929b68f8d7583630d9a62a8ffdedb710c95d8b target/nrf52840_dongle_dfu_merged.hex +b83edda1b2588e3eff019fc8b2e16097e159f8a43fa5fc62a6e23497882c8dca target/nrf52840_dongle_dfu_merged.hex cae312a26a513ada6c198fdc59b2bba3860c51726b817a9fd17a4331ee12c882 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -849c67c811da8d359d4e55d81d2587b3efa2f6065d72e4db09c3e571af8fef94 target/nrf52840_mdk_dfu_merged.hex -40b413a8b645b4b47fae62a4311acb12cb0c57faff2757e45c18d9e5d441e52d target/tab/ctap2.tab +d376cb19e672ab80b9dd25e9df40af7ac833d03ede32f4a2ae21fdfd4e31d365 target/nrf52840_mdk_dfu_merged.hex +ba0e11a0036f167a56864de43db3602a8a855b38be8a53afc3a97fcaa40f2201 target/tab/ctap2.tab diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 94273d9..ab8a85c 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index fd00e16..122e103 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 From d2247d94826a816529277904db8355813c07b76d Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Wed, 17 Jun 2020 14:06:39 +0200 Subject: [PATCH 11/13] Update reproducible hashes --- reproducible/reference_elf2tab_macos-10.15.txt | 8 ++++---- reproducible/reference_elf2tab_ubuntu-18.04.txt | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index ab8a85c..e701412 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index 122e103..4810644 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 From 46df22fa7cf58228194bc9fa05f0834b2332914d Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Fri, 19 Jun 2020 17:40:24 +0200 Subject: [PATCH 12/13] Remove unnecessary lifetime name --- src/ctap/storage.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs index 5613b19..60dd99d 100644 --- a/src/ctap/storage.rs +++ b/src/ctap/storage.rs @@ -523,7 +523,7 @@ impl From for Ctap2StatusCode { } } -fn should_reset<'a>(entry: &StoreEntry<'a>) -> bool { +fn should_reset(entry: &StoreEntry<'_>) -> bool { match entry.tag { ATTESTATION_PRIVATE_KEY | ATTESTATION_CERTIFICATE | AAGUID => false, _ => true, From 60ead603471c9ce347497b88805853dff174ed84 Mon Sep 17 00:00:00 2001 From: Julien Cretin Date: Mon, 22 Jun 2020 10:29:25 +0200 Subject: [PATCH 13/13] Update reproducible hashes --- .../reference_binaries_macos-10.15.sha256sum | 10 +++++----- .../reference_binaries_ubuntu-18.04.sha256sum | 10 +++++----- reproducible/reference_elf2tab_macos-10.15.txt | 16 ++++++++-------- reproducible/reference_elf2tab_ubuntu-18.04.txt | 16 ++++++++-------- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum index 6d3272e..ab2e9a3 100644 --- a/reproducible/reference_binaries_macos-10.15.sha256sum +++ b/reproducible/reference_binaries_macos-10.15.sha256sum @@ -1,9 +1,9 @@ 0b54df6d548849e24d67b9b022ca09cb33c51f078ce85d0c9c4635ffc69902e1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -9ff63684ca08375e643f14f33dc6dc8131681bb562fb0df18f9c7f637e90cc73 target/nrf52840dk_merged.hex +f49e2205136159671f8291b284fc02300cf659f088a2ca301d74111e0e96849a target/nrf52840dk_merged.hex 052eec0ae526038352b9f7573468d0cf7fb5ec331d4dc1a2df75fdbd514ea5ca third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -d2373ac9df2ba8feff88f19e67ec87a58e635b94f0a0f759b6fcf4c750b256c9 target/nrf52840_dongle_merged.hex +b35ac62a490c62d4b23dddf1d8e6946badb32b5b35b40bbd75587815530094c9 target/nrf52840_dongle_merged.hex 908d7f4f40936d968b91ab6e19b2406612fe8c2c273d9c0b71ef1f55116780e0 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -3c6f18ad1e1ceedeb622f39cd00ae3328ea5ad1557a9042c1b4bf831d5e1fb0d target/nrf52840_dongle_dfu_merged.hex +1adb9f71697947109020b25ad2b3fb3b03e6a07945dee14351ad67341241205e target/nrf52840_dongle_dfu_merged.hex 34ecbecaebf1188277f2310fe769c8c60310d8576493242712854deb4ba1036e third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -d1320adfcec35099ade04988111a947c05d14c43851fc5800d17d7a83bdba033 target/nrf52840_mdk_dfu_merged.hex -c2cbcc28b835934be4c3d3e3c5bdaba642a5811d760c1d2cb73d26b6474e4219 target/tab/ctap2.tab +1661fb4da7cbaf01529e593600f47c4613446a37f400cb0b238249d100a3d9f1 target/nrf52840_mdk_dfu_merged.hex +529ac9aef3941b45e7e480810ae4e821da433985b149028aa6a33f33e0dc1685 target/tab/ctap2.tab diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum index ea64676..5e3e757 100644 --- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum +++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum @@ -1,9 +1,9 @@ 29382e72d0f3c6a72ce9517211952ff29ea270193d7f0ddc48ca69009ee29925 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin -bb2fbf0d9dab2b489a49d1dc3db8923086ab109d14f1f1aa8296f086a03b75dd target/nrf52840dk_merged.hex +e446a94d67f77d5346be6e476641f4ff50561f5a77bfa8bc49262f89e7399893 target/nrf52840dk_merged.hex 30f239390ae9bef0825731e4c82d40470fc5e9bded2bf0d942e92dbb5d4faba1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin -c9349bd480b30e28214bb8d58d10938889050b92d34fbeb70e3110919b3a2601 target/nrf52840_dongle_merged.hex +1bf5219f7b096b4ade330e9b02544b09d10972ddf253c7fdfbd6241b03e98f31 target/nrf52840_dongle_merged.hex e3acf15d5ae3a22aecff6cc58db5fc311f538f47328d348b7ad7db7f9ab5e72c third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin -08f3ca1bb79e13e83149324244929b68f8d7583630d9a62a8ffdedb710c95d8b target/nrf52840_dongle_dfu_merged.hex +b83edda1b2588e3eff019fc8b2e16097e159f8a43fa5fc62a6e23497882c8dca target/nrf52840_dongle_dfu_merged.hex cae312a26a513ada6c198fdc59b2bba3860c51726b817a9fd17a4331ee12c882 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin -849c67c811da8d359d4e55d81d2587b3efa2f6065d72e4db09c3e571af8fef94 target/nrf52840_mdk_dfu_merged.hex -40b413a8b645b4b47fae62a4311acb12cb0c57faff2757e45c18d9e5d441e52d target/tab/ctap2.tab +d376cb19e672ab80b9dd25e9df40af7ac833d03ede32f4a2ae21fdfd4e31d365 target/nrf52840_mdk_dfu_merged.hex +ba0e11a0036f167a56864de43db3602a8a855b38be8a53afc3a97fcaa40f2201 target/tab/ctap2.tab diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt index 94273d9..e701412 100644 --- a/reproducible/reference_elf2tab_macos-10.15.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. - Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171876 (0x29f64) bytes. + Adding .stack section. Offset: 172004 (0x29fe4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt index fd00e16..4810644 100644 --- a/reproducible/reference_elf2tab_ubuntu-18.04.txt +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. - Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 171316 (0x29d34) bytes. + Adding .stack section. Offset: 171444 (0x29db4). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2