kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure store behaves as expected in prod

Browse Source
This commit is contained in:
Jean-Michel Picod
2020-11-25 17:44:19 +01:00
parent 41f7cc7b14
commit f47e1e2a86
1 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/ctap/storage.rs
View File

@@ -229,6 +229,18 @@ impl PersistentStore {
}) })
.unwrap(); .unwrap();
} }
// TODO(jmichel): remove this when vendor command is in place
#[cfg(not(any(test, feature = "ram_storage")))]
self.load_attestation_from_firmware();
if self.store.find_one(&Key::Aaguid).is_none() {
self.set_aaguid(key_material::AAGUID).unwrap();
}
}
// TODO(jmichel): remove this function when vendor command is in place.
#[cfg(not(any(test, feature = "ram_storage")))]
fn load_attestation_from_firmware(&mut self) {
// The following 2 entries are meant to be written by vendor-specific commands. // The following 2 entries are meant to be written by vendor-specific commands.
if self.store.find_one(&Key::AttestationPrivateKey).is_none() { if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY) self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
@@ -238,10 +250,6 @@ impl PersistentStore {
self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE) self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
.unwrap(); .unwrap();
} }
if self.store.find_one(&Key::Aaguid).is_none() {
self.set_aaguid(key_material::AAGUID).unwrap();
}
} }
pub fn find_credential( pub fn find_credential(
@@ -1000,6 +1008,23 @@ mod test {
let mut rng = ThreadRng256 {}; let mut rng = ThreadRng256 {};
let mut persistent_store = PersistentStore::new(&mut rng); let mut persistent_store = PersistentStore::new(&mut rng);
// Make sure the attestation are absent. There is no batch attestation in tests.
assert!(persistent_store
.attestation_private_key()
.unwrap()
.is_none());
assert!(persistent_store
.attestation_certificate()
.unwrap()
.is_none());
// Make sure the persistent keys are initialized.
persistent_store
.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
.unwrap();
persistent_store
.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
.unwrap();
assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID); assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
// The persistent keys stay initialized and preserve their value after a reset. // The persistent keys stay initialized and preserve their value after a reset.