Julien Cretin
d74a5e8894
Add setter functions and fix tests
2020-06-02 11:35:17 +02:00
Julien Cretin
5f8cb116a5
Only write attestation if compiled with batch attestation
2020-06-02 11:00:26 +02:00
Julien Cretin
98a558a502
Access the persistent keys through the store
...
This permits to set them using a vendor command and thus not embed their value
in the application.
2020-05-30 20:15:59 +02:00
Julien Cretin
752bf47ed5
Merge branch 'master' into no_wfr
2020-05-28 19:33:33 +02:00
Fabian Kaczmarczyck
a95ef72a93
improved testing, addresses comments and a default level fix
2020-05-25 19:56:29 +02:00
Julien Cretin
4e3162c475
Parse credentials by value
2020-05-15 19:43:37 +02:00
Julien Cretin
146e6f083b
Don't rely on unification for array element type
2020-05-14 21:32:16 +02:00
Fabian Kaczmarczyck
8d737b3c80
introduces a default level for credProtect
2020-05-13 18:49:35 +02:00
Fabian Kaczmarczyck
43d77fd106
implements the credProtect extension
2020-05-13 16:38:14 +02:00
Julien Cretin
ca6f910c26
Remove unknown fields
2020-05-13 11:09:32 +02:00
Julien Cretin
491721b421
Rename extend_cbor_map_options
2020-05-11 16:07:59 +02:00
Julien Cretin
e6fdcacd32
Remove mention to protobuf
2020-05-11 15:18:27 +02:00
Julien Cretin
f4b791ed91
Encode credentials as a protocol buffer message
...
This permits to decode a credential of a different version without failing.
2020-05-09 20:57:13 +02:00
Julien Cretin
ecf02eb6ce
Only store the storage location in the Kernel
2020-05-08 17:00:59 +02:00
Julien Cretin
718514d207
Merge branch 'master' into no_wfr
2020-04-29 15:12:39 +02:00
Julien Cretin
5c2b72ce83
Move storage bound checking to driver
2020-04-29 15:09:50 +02:00
Julien Cretin
892f950cc1
Add missing cfg
2020-04-29 12:59:22 +02:00
Julien Cretin
6247098069
Do not use writeable flash regions for persistent storage
...
They don't play well with DFU.
2020-04-29 12:52:31 +02:00
Fabian Kaczmarczyck
8bbf42623f
adds cargo checks and tests to workflows and locally
2020-04-29 09:53:44 +02:00
Fabian Kaczmarczyck
d9c4c729e8
adds a feature flag for CTAP2.1, addresses comments
2020-04-28 16:04:09 +02:00
Fabian Kaczmarczyck
8f20a75b17
add 2.1 features to GetInfo
2020-04-20 18:24:11 +02:00
Fabian Kaczmarczyck
a64d5d41d7
accept the algorithm identifier used by OpenSSH
2020-04-09 15:56:23 +02:00
Julien Cretin
e1fa8549e1
Merge branch 'master' into wipe
2020-03-18 10:59:24 +01:00
Fabian Kaczmarczyck
db6be4efac
apply suggestions: Vec to slice, if let to match, comments
2020-03-12 16:38:00 +01:00
Fabian Kaczmarczyck
8d52e8aad7
adding HMAC-secret support
2020-03-12 16:37:48 +01:00
Julien Cretin
61a4fb9784
Wipe sensitive data on entry deletion
...
When inserting (or replacing) entries in the store, the data may be marked as
sensitive. When that entry is deleted, the data is wiped by overwritting it with
zeroes. This may cost a few bytes of overhead per entry with sensitive data to
satisfy the constraint that words may only be written twice.
2020-03-10 14:27:07 +01:00
Julien Cretin
e52a671810
Support storing in RAM instead of flash
...
This permits to run without persistent storage. The benefit is that the board
doesn't implement a the syscall API in Tock. The disadvantage is that rebooting
the key will reset the storage.
2020-03-04 16:24:06 +01:00
Guillaume Endignoux
56acc4b73a
Don't dereference slices obtained from include_bytes.
2020-02-06 13:28:28 +01:00
Jean-Michel Picod
fdbfb1be2a
Change the way private key and cert are embedded.
...
OpenSSL seems to serialize bigints as signed value, which means the ECC
key may end up being 33 bytes instead of the 32 bytes we're expecting,
causing build to fail.
The shell script extraction is now replaced by a build.rs script that
uses OpenSSL to extract the content and do sanity checks.
Forcing generating cryptographic materials now always generate a key and
a certificate (useful to compile/flash multiple keys without them being
considered as clones). The self-signed CA is left untouched.
2020-02-05 18:48:28 +01:00
Jean-Michel Picod
f91d2fd3db
Initial commit
2020-01-30 11:47:29 +01:00
