|
|
|
@ -122,6 +122,9 @@ be added to the storage u2f_counter to get the real counter value.
|
|
|
|
|
static secbool sessionSeedCached, sessionSeedUsesPassphrase;
|
|
|
|
|
static uint8_t CONFIDENTIAL sessionSeed[64];
|
|
|
|
|
|
|
|
|
|
static secbool sessionIdCached;
|
|
|
|
|
static uint8_t sessionId[32];
|
|
|
|
|
|
|
|
|
|
static secbool sessionPassphraseCached = secfalse;
|
|
|
|
|
static char CONFIDENTIAL sessionPassphrase[51];
|
|
|
|
|
|
|
|
|
@ -409,6 +412,8 @@ void session_clear(bool lock) {
|
|
|
|
|
memzero(&sessionSeed, sizeof(sessionSeed));
|
|
|
|
|
sessionPassphraseCached = secfalse;
|
|
|
|
|
memzero(&sessionPassphrase, sizeof(sessionPassphrase));
|
|
|
|
|
sessionIdCached = secfalse;
|
|
|
|
|
memzero(&sessionId, sizeof(sessionId));
|
|
|
|
|
if (lock) {
|
|
|
|
|
storage_lock();
|
|
|
|
|
}
|
|
|
|
@ -527,8 +532,6 @@ void config_setLanguage(const char *lang) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void config_setPassphraseProtection(bool passphrase_protection) {
|
|
|
|
|
sessionSeedCached = secfalse;
|
|
|
|
|
sessionPassphraseCached = secfalse;
|
|
|
|
|
config_set_bool(KEY_PASSPHRASE_PROTECTION, passphrase_protection);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -552,6 +555,7 @@ static void get_root_node_callback(uint32_t iter, uint32_t total) {
|
|
|
|
|
|
|
|
|
|
const uint8_t *config_getSeed(bool usePassphrase) {
|
|
|
|
|
// root node is properly cached
|
|
|
|
|
// TODO: investigate
|
|
|
|
|
if (usePassphrase == (sectrue == sessionSeedUsesPassphrase) &&
|
|
|
|
|
sectrue == sessionSeedCached) {
|
|
|
|
|
return sessionSeed;
|
|
|
|
@ -820,31 +824,12 @@ bool session_isPassphraseCached(void) {
|
|
|
|
|
return sectrue == sessionPassphraseCached;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool session_getState(const uint8_t *salt, uint8_t *state,
|
|
|
|
|
const char *passphrase) {
|
|
|
|
|
if (!passphrase && sectrue != sessionPassphraseCached) {
|
|
|
|
|
return false;
|
|
|
|
|
} else {
|
|
|
|
|
passphrase = sessionPassphrase;
|
|
|
|
|
const uint8_t *session_getSessionId(void) {
|
|
|
|
|
if (!sessionIdCached) {
|
|
|
|
|
random_buffer(sessionId, 32);
|
|
|
|
|
}
|
|
|
|
|
if (!salt) {
|
|
|
|
|
// if salt is not provided fill the first half of the state with random data
|
|
|
|
|
random_buffer(state, 32);
|
|
|
|
|
} else {
|
|
|
|
|
// if salt is provided fill the first half of the state with salt
|
|
|
|
|
memcpy(state, salt, 32);
|
|
|
|
|
}
|
|
|
|
|
// state[0:32] = salt
|
|
|
|
|
// state[32:64] = HMAC(passphrase, salt || device_id)
|
|
|
|
|
HMAC_SHA256_CTX ctx = {0};
|
|
|
|
|
hmac_sha256_Init(&ctx, (const uint8_t *)passphrase, strlen(passphrase));
|
|
|
|
|
hmac_sha256_Update(&ctx, state, 32);
|
|
|
|
|
hmac_sha256_Update(&ctx, (const uint8_t *)config_uuid, sizeof(config_uuid));
|
|
|
|
|
hmac_sha256_Final(&ctx, state + 32);
|
|
|
|
|
|
|
|
|
|
memzero(&ctx, sizeof(ctx));
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
sessionIdCached = sectrue;
|
|
|
|
|
return sessionId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool session_isUnlocked(void) { return sectrue == storage_is_unlocked(); }
|
|
|
|
|