kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,116 Commits 4 Branches 2 Tags
06230d15e165dc53511d6d6f2aec7053788b06ff
Commit Graph

346 Commits

Author SHA1 Message Date
Julien Cretin
935ccf3668 Revert "Propagate the NBYTES constant from Int256 to SecKey" 
This reverts commit 0073c153d2.
 2020-06-09 11:55:36 +02:00
Fabian Kaczmarczyck
824963b382 fixes nits for refactoring 2020-06-08 18:41:48 +02:00
Fabian Kaczmarczyck
909773da36 changes extensions to proper parsed data structures 2020-06-08 16:36:57 +02:00
Fabian Kaczmarczyck
679c1cb291 reads CBOR maps by moving instead of references 2020-06-05 15:42:06 +02:00
Fabian Kaczmarczyck
b4003e36bf adding cbor::Value::from for i64-like enums 2020-06-05 09:48:03 +02:00
Fabian Kaczmarczyck
6a44d3349c fixing merge problems 2020-06-04 14:32:09 +02:00
Julien Cretin
0073c153d2 Propagate the NBYTES constant from Int256 to SecKey 2020-06-04 14:32:04 +02:00
kaczmarczyck
0aa6e57d93 Merge branch 'master' into cred-protect 2020-06-04 14:10:12 +02:00
Julien Cretin
acd9d93107 Merge branch 'master' into aaguid 2020-06-03 11:26:59 +02:00
Julien Cretin
d74a5e8894 Add setter functions and fix tests 2020-06-02 11:35:17 +02:00
Julien Cretin
5f8cb116a5 Only write attestation if compiled with batch attestation 2020-06-02 11:00:26 +02:00
Julien Cretin
98a558a502 Access the persistent keys through the store 
This permits to set them using a vendor command and thus not embed their value
in the application.
 2020-05-30 20:15:59 +02:00
Julien Cretin
752bf47ed5 Merge branch 'master' into no_wfr 2020-05-28 19:33:33 +02:00
Fabian Kaczmarczyck
a95ef72a93 improved testing, addresses comments and a default level fix 2020-05-25 19:56:29 +02:00
Julien Cretin
4e3162c475 Parse credentials by value 2020-05-15 19:43:37 +02:00
Julien Cretin
146e6f083b Don't rely on unification for array element type 2020-05-14 21:32:16 +02:00
Julien Cretin
ba5caf0691 Filter syscall at platform-level instead of driver-level 2020-05-14 20:19:21 +02:00
Fabian Kaczmarczyck
8d737b3c80 introduces a default level for credProtect 2020-05-13 18:49:35 +02:00
Fabian Kaczmarczyck
43d77fd106 implements the credProtect extension 2020-05-13 16:38:14 +02:00
Julien Cretin
cf31110922 Define the storage locations in the board 2020-05-13 15:17:35 +02:00
Julien Cretin
ca6f910c26 Remove unknown fields 2020-05-13 11:09:32 +02:00
Julien Cretin
491721b421 Rename extend_cbor_map_options 2020-05-11 16:07:59 +02:00
Julien Cretin
e6fdcacd32 Remove mention to protobuf 2020-05-11 15:18:27 +02:00
Julien Cretin
f4b791ed91 Encode credentials as a protocol buffer message 
This permits to decode a credential of a different version without failing.
 2020-05-09 20:57:13 +02:00
Julien Cretin
ecf02eb6ce Only store the storage location in the Kernel 2020-05-08 17:00:59 +02:00
Julien Cretin
3edb387615 Remove writable flash regions support 
Removing support for writable flash regions permits to save 1 page in the binary
due to alignment constraints. It also permits to reduce the diff with libtock-rs
which doesn't support writable flash regions.

This commit also updates the `SyscallStorage` documentation.
 2020-05-06 15:18:27 +02:00
Julien Cretin
718514d207 Merge branch 'master' into no_wfr 2020-04-29 15:12:39 +02:00
Julien Cretin
5c2b72ce83 Move storage bound checking to driver 2020-04-29 15:09:50 +02:00
Julien Cretin
892f950cc1 Add missing cfg 2020-04-29 12:59:22 +02:00
Julien Cretin
6247098069 Do not use writeable flash regions for persistent storage 
They don't play well with DFU.
 2020-04-29 12:52:31 +02:00
Fabian Kaczmarczyck
8bbf42623f adds cargo checks and tests to workflows and locally 2020-04-29 09:53:44 +02:00
Fabian Kaczmarczyck
d9c4c729e8 adds a feature flag for CTAP2.1, addresses comments 2020-04-28 16:04:09 +02:00
Fabian Kaczmarczyck
8f20a75b17 add 2.1 features to GetInfo 2020-04-20 18:24:11 +02:00
Fabian Kaczmarczyck
a64d5d41d7 accept the algorithm identifier used by OpenSSH 2020-04-09 15:56:23 +02:00
Julien Cretin
1a337ab90d Fix typos in documentation 2020-03-23 12:57:27 +01:00
Julien Cretin
4a9cc3ce2e Add more details to the store documentation 2020-03-22 17:17:21 +01:00
Julien Cretin
b798b195f4 Return invariant status only and assert in test 2020-03-18 11:10:01 +01:00
Julien Cretin
e1fa8549e1 Merge branch 'master' into wipe 2020-03-18 10:59:24 +01:00
Guillaume Endignoux
8f4d4c1210 Add a --verbose parameter to print all USB packets at the OpenSK level. 2020-03-13 15:59:51 +01:00
Fabian Kaczmarczyck
db6be4efac apply suggestions: Vec to slice, if let to match, comments 2020-03-12 16:38:00 +01:00
Fabian Kaczmarczyck
8d52e8aad7 adding HMAC-secret support 2020-03-12 16:37:48 +01:00
Julien Cretin
61a4fb9784 Wipe sensitive data on entry deletion 
When inserting (or replacing) entries in the store, the data may be marked as
sensitive. When that entry is deleted, the data is wiped by overwritting it with
zeroes. This may cost a few bytes of overhead per entry with sensitive data to
satisfy the constraint that words may only be written twice.
 2020-03-10 14:27:07 +01:00
Julien Cretin
e52a671810 Support storing in RAM instead of flash 
This permits to run without persistent storage. The benefit is that the board
doesn't implement a the syscall API in Tock. The disadvantage is that rebooting
the key will reset the storage.
 2020-03-04 16:24:06 +01:00
Guillaume Endignoux
56acc4b73a Don't dereference slices obtained from include_bytes. 2020-02-06 13:28:28 +01:00
Jean-Michel Picod
fdbfb1be2a Change the way private key and cert are embedded. 
OpenSSL seems to serialize bigints as signed value, which means the ECC
key may end up being 33 bytes instead of the 32 bytes we're expecting,
causing build to fail.
The shell script extraction is now replaced by a build.rs script that
uses OpenSSL to extract the content and do sanity checks.
Forcing generating cryptographic materials now always generate a key and
a certificate (useful to compile/flash multiple keys without them being
considered as clones). The self-signed CA is left untouched.
 2020-02-05 18:48:28 +01:00
Jean-Michel Picod
f91d2fd3db Initial commit 2020-01-30 11:47:29 +01:00