kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make private key sensitive and ensure attestation is OTP

Browse Source
This commit is contained in:
Jean-Michel Picod
2020-11-25 17:44:52 +01:00
parent f47e1e2a86
commit f2b3ca4029
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/ctap/storage.rs
View File

@@ -552,11 +552,11 @@ impl PersistentStore {
let entry = StoreEntry { let entry = StoreEntry {
tag: ATTESTATION_PRIVATE_KEY, tag: ATTESTATION_PRIVATE_KEY,
data: attestation_private_key, data: attestation_private_key,
sensitive: false, sensitive: true,
}; };
match self.store.find_one(&Key::AttestationPrivateKey) { match self.store.find_one(&Key::AttestationPrivateKey) {
None => self.store.insert(entry)?, None => self.store.insert(entry)?,
Some((index, _)) => self.store.replace(index, entry)?, _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
} }
Ok(()) Ok(())
} }
@@ -580,7 +580,7 @@ impl PersistentStore {
}; };
match self.store.find_one(&Key::AttestationCertificate) { match self.store.find_one(&Key::AttestationCertificate) {
None => self.store.insert(entry)?, None => self.store.insert(entry)?,
Some((index, _)) => self.store.replace(index, entry)?, _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
} }
Ok(()) Ok(())
} }