arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-23 07:58:09 +00:00
Code Issues Releases Wiki Activity

Remove Cancel Option

Browse Source 
U2F doesn't allow cancellation on device.

Also fix button state in protect.  This fixes the following bug:
1. wipe device
2. press and hold right button, click left button to cancel.
3. release all buttons.
4. wipe device again, now automatic.
This commit is contained in:
Jochen Hoenicke 2016-05-24 01:54:08 +02:00
parent 68b34af19e
commit 053fe7cb66
3 changed files with 16 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
firmware/layout2.c
View File

@ -337,5 +337,5 @@ void layoutSignIdentity(const IdentityType *identity, const char *challenge)
} }
void layoutU2FDialog(const char *verb, const char *appid) { void layoutU2FDialog(const char *verb, const char *appid) {
layoutDialog(DIALOG_ICON_QUESTION, "Cancel", verb, NULL, verb, "U2F security key?", "", appid, "", NULL); layoutDialog(DIALOG_ICON_QUESTION, NULL, verb, NULL, verb, "U2F security key?", "", appid, "", NULL);
} }

1
firmware/protect.c
View File

@ -44,6 +44,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only)
resp.has_code = true; resp.has_code = true;
resp.code = type; resp.code = type;
usbTiny(1); usbTiny(1);
buttonUpdate(); // Clear button state
msg_write(MessageType_MessageType_ButtonRequest, &resp); msg_write(MessageType_MessageType_ButtonRequest, &resp);
for (;;) { for (;;) {

55
firmware/u2f.c
View File

@ -65,14 +65,10 @@ static uint8_t u2f_out_packets[U2F_OUT_PKT_BUFFER_LEN][HID_RPT_SIZE];
// Auth/Register request state machine // Auth/Register request state machine
typedef enum { typedef enum {
INIT = 0, INIT = 0,
BTN_NO = 1,
BTN_YES = 2,
AUTH = 10, AUTH = 10,
AUTH_FAIL = 11, AUTH_PASS = 11,
AUTH_PASS = 12,
REG = 20, REG = 20,
REG_FAIL = 21, REG_PASS = 21
REG_PASS = 22
} U2F_STATE; } U2F_STATE;
static U2F_STATE last_req_state = INIT; static U2F_STATE last_req_state = INIT;
@ -92,16 +88,6 @@ typedef struct {
uint8_t chal[U2F_CHAL_SIZE]; uint8_t chal[U2F_CHAL_SIZE];
} U2F_AUTHENTICATE_SIG_STR; } U2F_AUTHENTICATE_SIG_STR;
uint8_t buttonState(void)
{
buttonUpdate();
if ((button.NoDown > 10) || button.NoUp)
return BTN_NO;
if ((button.YesDown > 10) || button.YesUp)
return BTN_YES;
return 0;
}
#if DEBUG_LOG #if DEBUG_LOG
char *debugInt(const uint32_t i) char *debugInt(const uint32_t i)
@ -259,18 +245,19 @@ void u2fhid_read_start(const U2FHID_FRAME *f) {
reader->cmd = 0; reader->cmd = 0;
reader->seq = 255; reader->seq = 255;
uint8_t bs = 0; uint8_t bs = 0;
while (dialog_timeout-- && bs == 0 && reader->cmd == 0) { while (dialog_timeout && bs == 0 && reader->cmd == 0) {
dialog_timeout--;
usbPoll(); // may trigger new request usbPoll(); // may trigger new request
bs = buttonState(); buttonUpdate();
if (button.YesUp &&
(last_req_state == AUTH || last_req_state == REG)) {
last_req_state++;
}
} }
if (reader->cmd == 0) { if (reader->cmd == 0) {
if (dialog_timeout == 0) { if (dialog_timeout == 0) {
last_req_state += BTN_NO; // Timeout is like button no last_req_state = INIT;
}
else {
last_req_state += bs;
dialog_timeout = 0;
} }
cid = 0; cid = 0;
reader = 0; reader = 0;
@ -296,7 +283,7 @@ void u2fhid_wink(const uint8_t *buf, uint32_t len)
return send_u2fhid_error(cid, ERR_INVALID_LEN); return send_u2fhid_error(cid, ERR_INVALID_LEN);
if (dialog_timeout > 0) if (dialog_timeout > 0)
dialog_timeout = U2F_TIMEOUT; dialog_timeout = 10*U2F_TIMEOUT;
U2FHID_FRAME f; U2FHID_FRAME f;
MEMSET_BZERO(&f, sizeof(f)); MEMSET_BZERO(&f, sizeof(f));
@ -563,16 +550,13 @@ void u2f_register(const APDU *a)
} }
// First Time request, return not present and display request dialog // First Time request, return not present and display request dialog
if (last_req_state == 0) { if (last_req_state == INIT) {
// wake up crypto system to be ready for signing // wake up crypto system to be ready for signing
getDerivedNode(NULL, 0); getDerivedNode(NULL, 0);
// error: testof-user-presence is required // error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
buttonUpdate(); // Clear button state buttonUpdate(); // Clear button state
layoutU2FDialog("Register", getReadableAppId(req->appId)); layoutU2FDialog("Register", getReadableAppId(req->appId));
dialog_timeout = 10*U2F_TIMEOUT;
last_req_state = REG; last_req_state = REG;
return;
} }
// Still awaiting Keypress // Still awaiting Keypress
@ -583,12 +567,6 @@ void u2f_register(const APDU *a)
return; return;
} }
// Buttons said no!
if (last_req_state == REG_FAIL) {
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
// Buttons said yes // Buttons said yes
if (last_req_state == REG_PASS) { if (last_req_state == REG_PASS) {
uint8_t data[sizeof(U2F_REGISTER_RESP) + 2]; uint8_t data[sizeof(U2F_REGISTER_RESP) + 2];
@ -640,6 +618,7 @@ void u2f_register(const APDU *a)
sizeof(U2F_ATT_CERT) + sig_len + 2; sizeof(U2F_ATT_CERT) + sig_len + 2;
last_req_state = INIT; last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(data, l); send_u2f_msg(data, l);
return; return;
} }
@ -712,13 +691,6 @@ void u2f_authenticate(const APDU *a)
return; return;
} }
// Buttons said no!
if (last_req_state == AUTH_FAIL) {
send_u2f_error(
U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
// Buttons said yes // Buttons said yes
if (last_req_state == AUTH_PASS) { if (last_req_state == AUTH_PASS) {
uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2]; uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2];
@ -751,6 +723,7 @@ void u2f_authenticate(const APDU *a)
U2F_MAX_EC_SIG_SIZE + sig_len, U2F_MAX_EC_SIG_SIZE + sig_len,
"\x90\x00", 2); "\x90\x00", 2);
last_req_state = INIT; last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) - send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len + U2F_MAX_EC_SIG_SIZE + sig_len +
2); 2);