Merge branch 'master' into update-ring
This commit is contained in:
gendx
GitHub
16
deploy.sh
16
deploy.sh
@@ -148,15 +148,19 @@ build_app_padding () {
|
|||||||
) | xxd -p -r > "${tab_folder}/padding.bin"
|
) | xxd -p -r > "${tab_folder}/padding.bin"
|
||||||
}
|
}
|
||||||
|
|
||||||
build_app () {
|
comma_separated () {
|
||||||
# Flatten the array
|
# Flatten the array
|
||||||
# This is equivalent to the following python snippet: ' '.join(arr).replace(' ', ',')
|
# This is equivalent to the following python snippet: ' '.join(arr).replace(' ', ',')
|
||||||
local feature_list=$(IFS=$'\n'; echo "$@")
|
local list=$(IFS=$'\n'; echo "$@")
|
||||||
if [ "X${feature_list}" != "X" ]
|
if [ "X${list}" != "X" ]
|
||||||
then
|
then
|
||||||
feature_list="${feature_list// /,}"
|
feature_list="${list// /,}"
|
||||||
fi
|
fi
|
||||||
|
echo ${list}
|
||||||
|
}
|
||||||
|
|
||||||
|
build_app () {
|
||||||
|
local feature_list="$(comma_separated "$@")"
|
||||||
cargo build \
|
cargo build \
|
||||||
--release \
|
--release \
|
||||||
--target=thumbv7em-none-eabi \
|
--target=thumbv7em-none-eabi \
|
||||||
@@ -176,9 +180,11 @@ build_app () {
|
|||||||
}
|
}
|
||||||
|
|
||||||
build_crypto_bench () {
|
build_crypto_bench () {
|
||||||
|
local feature_list="$(comma_separated "$@")"
|
||||||
cargo build \
|
cargo build \
|
||||||
--release \
|
--release \
|
||||||
--target=thumbv7em-none-eabi \
|
--target=thumbv7em-none-eabi \
|
||||||
|
--features="${feature_list}" \
|
||||||
--example crypto_bench
|
--example crypto_bench
|
||||||
|
|
||||||
mkdir -p "target/tab"
|
mkdir -p "target/tab"
|
||||||
@@ -310,7 +316,7 @@ fi
|
|||||||
|
|
||||||
if [ "$install_app" = "crypto_bench" ]
|
if [ "$install_app" = "crypto_bench" ]
|
||||||
then
|
then
|
||||||
build_crypto_bench
|
build_crypto_bench "${!enabled_features[@]}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$install_app" != "none" ]
|
if [ "$install_app" != "none" ]
|
||||||
|
|||||||
@@ -13,7 +13,7 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
set -eux
|
set -ex
|
||||||
|
|
||||||
echo "Checking formatting..."
|
echo "Checking formatting..."
|
||||||
cargo fmt --all -- --check
|
cargo fmt --all -- --check
|
||||||
|
|||||||
@@ -309,7 +309,7 @@ impl Ctap1Command {
|
|||||||
signature_data.extend(key_handle);
|
signature_data.extend(key_handle);
|
||||||
signature_data.extend_from_slice(&user_pk);
|
signature_data.extend_from_slice(&user_pk);
|
||||||
|
|
||||||
let attestation_key = crypto::ecdsa::SecKey::from_bytes(&ATTESTATION_PRIVATE_KEY).unwrap();
|
let attestation_key = crypto::ecdsa::SecKey::from_bytes(ATTESTATION_PRIVATE_KEY).unwrap();
|
||||||
let signature = attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);
|
let signature = attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);
|
||||||
|
|
||||||
response.extend(signature.to_asn1_der());
|
response.extend(signature.to_asn1_der());
|
||||||
|
|||||||
@@ -12,10 +12,10 @@
|
|||||||
// See the License for the specific language governing permissions and
|
// See the License for the specific language governing permissions and
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
pub const AAGUID: [u8; 16] = *include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
|
pub const AAGUID: &[u8; 16] = include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
|
||||||
|
|
||||||
pub const ATTESTATION_CERTIFICATE: &[u8] =
|
pub const ATTESTATION_CERTIFICATE: &[u8] =
|
||||||
include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));
|
include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));
|
||||||
|
|
||||||
pub const ATTESTATION_PRIVATE_KEY: [u8; 32] =
|
pub const ATTESTATION_PRIVATE_KEY: &[u8; 32] =
|
||||||
*include_bytes!(concat!(env!("OUT_DIR"), "/opensk_pkey.bin"));
|
include_bytes!(concat!(env!("OUT_DIR"), "/opensk_pkey.bin"));
|
||||||
|
|||||||
@@ -429,7 +429,7 @@ where
|
|||||||
};
|
};
|
||||||
|
|
||||||
let mut auth_data = self.generate_auth_data(&rp_id_hash, flags);
|
let mut auth_data = self.generate_auth_data(&rp_id_hash, flags);
|
||||||
auth_data.extend(&AAGUID);
|
auth_data.extend(AAGUID);
|
||||||
// The length is fixed to 0x20 or 0x70 and fits one byte.
|
// The length is fixed to 0x20 or 0x70 and fits one byte.
|
||||||
if credential_id.len() > 0xFF {
|
if credential_id.len() > 0xFF {
|
||||||
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG);
|
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG);
|
||||||
@@ -446,7 +446,7 @@ where
|
|||||||
signature_data.extend(client_data_hash);
|
signature_data.extend(client_data_hash);
|
||||||
let (signature, x5c) = if USE_BATCH_ATTESTATION {
|
let (signature, x5c) = if USE_BATCH_ATTESTATION {
|
||||||
let attestation_key =
|
let attestation_key =
|
||||||
crypto::ecdsa::SecKey::from_bytes(&ATTESTATION_PRIVATE_KEY).unwrap();
|
crypto::ecdsa::SecKey::from_bytes(ATTESTATION_PRIVATE_KEY).unwrap();
|
||||||
(
|
(
|
||||||
attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
|
attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
|
||||||
Some(vec![ATTESTATION_CERTIFICATE.to_vec()]),
|
Some(vec![ATTESTATION_CERTIFICATE.to_vec()]),
|
||||||
@@ -640,7 +640,7 @@ where
|
|||||||
String::from(FIDO2_VERSION_STRING),
|
String::from(FIDO2_VERSION_STRING),
|
||||||
],
|
],
|
||||||
extensions: Some(vec![]),
|
extensions: Some(vec![]),
|
||||||
aaguid: AAGUID,
|
aaguid: *AAGUID,
|
||||||
options: Some(options_map),
|
options: Some(options_map),
|
||||||
max_msg_size: Some(1024),
|
max_msg_size: Some(1024),
|
||||||
pin_protocols: Some(vec![
|
pin_protocols: Some(vec![
|
||||||
@@ -978,7 +978,7 @@ mod test {
|
|||||||
0x82, 0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F,
|
0x82, 0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F,
|
||||||
0x32, 0x5F, 0x30, 0x02, 0x80, 0x03, 0x50,
|
0x32, 0x5F, 0x30, 0x02, 0x80, 0x03, 0x50,
|
||||||
]);
|
]);
|
||||||
expected_response.extend(&AAGUID);
|
expected_response.extend(AAGUID);
|
||||||
expected_response.extend(&[
|
expected_response.extend(&[
|
||||||
0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
|
0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
|
||||||
0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
|
0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
|
||||||
@@ -1045,7 +1045,7 @@ mod test {
|
|||||||
0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
|
0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
|
||||||
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
|
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
|
||||||
];
|
];
|
||||||
expected_auth_data.extend(&AAGUID);
|
expected_auth_data.extend(AAGUID);
|
||||||
expected_auth_data.extend(&[0x00, 0x20]);
|
expected_auth_data.extend(&[0x00, 0x20]);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
auth_data[0..expected_auth_data.len()],
|
auth_data[0..expected_auth_data.len()],
|
||||||
@@ -1082,7 +1082,7 @@ mod test {
|
|||||||
0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
|
0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
|
||||||
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
|
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
|
||||||
];
|
];
|
||||||
expected_auth_data.extend(&AAGUID);
|
expected_auth_data.extend(AAGUID);
|
||||||
expected_auth_data.extend(&[0x00, ENCRYPTED_CREDENTIAL_ID_SIZE as u8]);
|
expected_auth_data.extend(&[0x00, ENCRYPTED_CREDENTIAL_ID_SIZE as u8]);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
auth_data[0..expected_auth_data.len()],
|
auth_data[0..expected_auth_data.len()],
|
||||||
|
|||||||
Reference in New Issue
Block a user