Skip to content

Commit

Permalink
Merge pull request #385 from Nitrokey/fido2-large-blobs
Browse files Browse the repository at this point in the history
fido-authenticator: Add large blobs support
  • Loading branch information
robin-nitrokey authored Nov 29, 2023
2 parents 122b840 + f71a4e8 commit 9aa1d68
Show file tree
Hide file tree
Showing 8 changed files with 48 additions and 14 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
# Unreleased

### Features

- Add an SE050 driver and its tests ([#335][])
- Use SE050 entropy to bootstrap the random number generator ([#335][])
- fido-authenticator: Implement the largeBlobKey extension and the largeBlobs command ([fido-authenticator#38][])

[fido-authenticator#38]: https://github.com/Nitrokey/fido-authenticator/issues/38

# 1.6.0 (2023-11-23)

Expand Down
12 changes: 7 additions & 5 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,30 +13,30 @@ version = "1.6.0"
[patch.crates-io]
# forked
admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.7" }
ctap-types = { git = "https://github.com/Nitrokey/ctap-types", tag = "v0.1.2-nitrokey.4" }
fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.8" }
fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.9" }
flexiber = { git = "https://github.com/Nitrokey/flexiber", tag = "0.1.1.nitrokey" }
lpc55-hal = { git = "https://github.com/Nitrokey/lpc55-hal", tag = "v0.3.0-nitrokey.2" }
serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "v0.1.0-nitrokey.2" }

# unreleased upstream changes
apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch.git", tag = "v0.1.2-nitrokey.2" }
ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "7d4ad69e64ad308944c012aef5b9cfd7654d9be8" }
ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" }
iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.2"}
trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "d97c64d0bc5f83ce22b0e0ed034a2b451616b3f9" }
trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "b1781805a2e33615d2d00b8bec80c0b1f5870ca1" }
usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid.git", tag = "v0.1.0-nitrokey.2" }
usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
littlefs2 = { git = "https://github.com/trussed-dev/littlefs2", rev = "e6c46e7ba5ae19129e457a2182e40a439c0322fe" }

# unreleased crates
secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "v0.13.0-rc2" }
webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc4"}
webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc5" }
opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "a824c6473ce1b88b45b32de21089401fc9f7f683" }
piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator", tag = "v0.3.3" }
se05x = { git = "https://github.com/Nitrokey/se05x.git", tag = "v0.1.0"}
trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "62235294bd63977bbb88eb01e7ac44b8010eb450" }
trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "2f51478f0861ff8db19fdd5290f023ab6f4c2fb9" }
trussed-staging = { git = "https://github.com/nitrokey/trussed-staging.git", tag = "v0.1.0-nitrokey-hmac256p256.1" }
trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging.git", tag = "v0.1.0-nitrokey-hmac256p256.2" }
trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.1.0-test-driver" }

Expand Down
2 changes: 1 addition & 1 deletion components/apps/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked"

# apps
admin-app = "0.1.0"
fido-authenticator = { version = "0.1.1", features = ["dispatch"], optional = true }
fido-authenticator = { version = "0.1.1", features = ["chunked", "dispatch"], optional = true }
ndef-app = { path = "../ndef-app", optional = true }
webcrypt = { version = "0.8.0", optional = true }
secrets-app = { version = "0.13.0", features = ["apdu-dispatch", "ctaphid"], optional = true }
Expand Down
16 changes: 15 additions & 1 deletion components/apps/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ pub trait Runner {
type Se050Timer: 'static;

fn uuid(&self) -> [u8; 16];
fn is_efs_available(&self) -> bool;
}

pub struct Data<R: Runner> {
Expand Down Expand Up @@ -451,26 +452,39 @@ impl<R: Runner> App<R> for FidoApp<R> {
type Data = ();
type Config = FidoConfig;

fn with_client(_runner: &R, trussed: Client<R>, _: (), config: &Self::Config) -> Self {
fn with_client(runner: &R, trussed: Client<R>, _: (), config: &Self::Config) -> Self {
let skip_up_timeout = if config.disable_skip_up_timeout {
None
} else {
Some(core::time::Duration::from_secs(2))
};
let large_blobs = if cfg!(feature = "test") && runner.is_efs_available() {
Some(fido_authenticator::LargeBlobsConfig {
location: Location::External,
max_size: 4096,
})
} else {
None
};
fido_authenticator::Authenticator::new(
trussed,
fido_authenticator::Conforming {},
fido_authenticator::Config {
max_msg_size: usbd_ctaphid::constants::MESSAGE_SIZE,
skip_up_timeout,
max_resident_credential_count: Some(10),
large_blobs,
},
)
}
fn interrupt() -> Option<&'static InterruptFlag> {
static INTERRUPT: InterruptFlag = InterruptFlag::new();
Some(&INTERRUPT)
}

fn backends(_runner: &R, _config: &Self::Config) -> &'static [BackendId<Backend>] {
&[BackendId::Custom(Backend::Staging), BackendId::Core]
}
}

#[cfg(feature = "webcrypt")]
Expand Down
5 changes: 4 additions & 1 deletion runners/embedded/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -275,13 +275,16 @@ pub fn init_apps(
}
};

let runner = types::Runner {
is_efs_available: !nfc_powered,
};
let data = apps::Data {
admin,
#[cfg(feature = "provisioner")]
provisioner,
_marker: Default::default(),
};
types::Apps::with_service(&types::Runner, trussed, data)
types::Apps::with_service(&runner, trussed, data)
}

#[cfg(feature = "se050")]
Expand Down
8 changes: 7 additions & 1 deletion runners/embedded/src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@ pub trait Soc {
fn device_uuid() -> &'static Self::UUID;
}

pub struct Runner;
pub struct Runner {
pub is_efs_available: bool,
}

impl apps::Runner for Runner {
type Syscall = RunnerSyscall;
Expand All @@ -83,6 +85,10 @@ impl apps::Runner for Runner {
fn uuid(&self) -> [u8; 16] {
*<SocT as Soc>::device_uuid()
}

fn is_efs_available(&self) -> bool {
self.is_efs_available
}
}

// 8KB of RAM
Expand Down
4 changes: 4 additions & 0 deletions runners/usbip/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,10 @@ impl apps::Runner for Runner {
fn uuid(&self) -> [u8; 16] {
self.serial
}

fn is_efs_available(&self) -> bool {
true
}
}

fn main() {
Expand Down

0 comments on commit 9aa1d68

Please sign in to comment.