Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin hash space opt #52

Merged
merged 4 commits into from
Jul 26, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Implement PIN token permissions ([#63][])
- Implement UpdateUserInformation subcommand for CredentialManagement
- Support CTAP 2.1
- Serialize PIN hash with `serde-bytes` ([#52][])

[#26]: https://github.com/solokeys/fido-authenticator/issues/26
[#28]: https://github.com/solokeys/fido-authenticator/issues/28
Expand All @@ -37,6 +38,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
[#61]: https://github.com/Nitrokey/fido-authenticator/pull/61
[#62]: https://github.com/Nitrokey/fido-authenticator/pull/62
[#63]: https://github.com/Nitrokey/fido-authenticator/pull/63
[#52]: https://github.com/Nitrokey/fido-authenticator/issues/52

## [0.1.1] - 2022-08-22
- Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp
Expand Down
1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ x509-parser = "0.16.0"
features = ["dispatch"]

[patch.crates-io]
cbor-smol = { git = "https://github.com/sosthene-nitrokey/cbor-smol.git", rev = "94ee8c28edf9248b402aa4335c1dee157995197b"}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fear that this is a change that could easily be missed when updating dependencies, breaking existing state. What do you think about introducing a dummy feature in the fork like bytes-from-array so that we get an error if we don’t have the correctly patched cbor-smol version?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually this change is already in nitrokey-3-firmware

ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "72eb68b61e3f14957c5ab89bd22f776ac860eb62" }
ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }
apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" }
Expand Down
21 changes: 21 additions & 0 deletions src/state.rs
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,7 @@ pub struct PersistentState {
key_encryption_key: Option<KeyId>,
key_wrapping_key: Option<KeyId>,
consecutive_pin_mismatches: u8,
#[serde(with = "serde_bytes")]
pin_hash: Option<[u8; 16]>,
// Ideally, we'd dogfood a "Monotonic Counter" from trussed.
// TODO: Add per-key counters for resident keys.
Expand Down Expand Up @@ -515,3 +516,23 @@ impl RuntimeState {
self.pin_protocol = Some(PinProtocolState::new(trussed));
}
}

#[cfg(test)]
mod tests {
use super::*;
use hex_literal::hex;

#[test]
fn deser() {
let _state: PersistentState = trussed::cbor_deserialize(&hex!(
"
a5726b65795f656e6372797074696f6e5f6b657950b19a5a2845e5ec71e3
2a1b890892376c706b65795f7772617070696e675f6b6579f6781a636f6e
73656375746976655f70696e5f6d69736d617463686573006870696e5f68
6173689018ef1879187c1881181818f0182d18fb186418960718dd185d18
3f188c18766974696d657374616d7009
"
))
.unwrap();
}
}
Loading