1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-27 01:48:17 +00:00

Remove Cancel Option

U2F doesn't allow cancellation on device.

Also fix button state in protect.  This fixes the following bug:
1. wipe device
2. press and hold right button, click left button to cancel.
3. release all buttons.
4. wipe device again, now automatic.
This commit is contained in:
Jochen Hoenicke 2016-05-24 01:54:08 +02:00
parent 68b34af19e
commit 053fe7cb66
3 changed files with 16 additions and 42 deletions

View File

@ -337,5 +337,5 @@ void layoutSignIdentity(const IdentityType *identity, const char *challenge)
}
void layoutU2FDialog(const char *verb, const char *appid) {
layoutDialog(DIALOG_ICON_QUESTION, "Cancel", verb, NULL, verb, "U2F security key?", "", appid, "", NULL);
layoutDialog(DIALOG_ICON_QUESTION, NULL, verb, NULL, verb, "U2F security key?", "", appid, "", NULL);
}

View File

@ -44,6 +44,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only)
resp.has_code = true;
resp.code = type;
usbTiny(1);
buttonUpdate(); // Clear button state
msg_write(MessageType_MessageType_ButtonRequest, &resp);
for (;;) {

View File

@ -65,14 +65,10 @@ static uint8_t u2f_out_packets[U2F_OUT_PKT_BUFFER_LEN][HID_RPT_SIZE];
// Auth/Register request state machine
typedef enum {
INIT = 0,
BTN_NO = 1,
BTN_YES = 2,
AUTH = 10,
AUTH_FAIL = 11,
AUTH_PASS = 12,
AUTH_PASS = 11,
REG = 20,
REG_FAIL = 21,
REG_PASS = 22
REG_PASS = 21
} U2F_STATE;
static U2F_STATE last_req_state = INIT;
@ -92,16 +88,6 @@ typedef struct {
uint8_t chal[U2F_CHAL_SIZE];
} U2F_AUTHENTICATE_SIG_STR;
uint8_t buttonState(void)
{
buttonUpdate();
if ((button.NoDown > 10) || button.NoUp)
return BTN_NO;
if ((button.YesDown > 10) || button.YesUp)
return BTN_YES;
return 0;
}
#if DEBUG_LOG
char *debugInt(const uint32_t i)
@ -259,18 +245,19 @@ void u2fhid_read_start(const U2FHID_FRAME *f) {
reader->cmd = 0;
reader->seq = 255;
uint8_t bs = 0;
while (dialog_timeout-- && bs == 0 && reader->cmd == 0) {
while (dialog_timeout && bs == 0 && reader->cmd == 0) {
dialog_timeout--;
usbPoll(); // may trigger new request
bs = buttonState();
buttonUpdate();
if (button.YesUp &&
(last_req_state == AUTH || last_req_state == REG)) {
last_req_state++;
}
}
if (reader->cmd == 0) {
if (dialog_timeout == 0) {
last_req_state += BTN_NO; // Timeout is like button no
}
else {
last_req_state += bs;
dialog_timeout = 0;
last_req_state = INIT;
}
cid = 0;
reader = 0;
@ -296,7 +283,7 @@ void u2fhid_wink(const uint8_t *buf, uint32_t len)
return send_u2fhid_error(cid, ERR_INVALID_LEN);
if (dialog_timeout > 0)
dialog_timeout = U2F_TIMEOUT;
dialog_timeout = 10*U2F_TIMEOUT;
U2FHID_FRAME f;
MEMSET_BZERO(&f, sizeof(f));
@ -563,16 +550,13 @@ void u2f_register(const APDU *a)
}
// First Time request, return not present and display request dialog
if (last_req_state == 0) {
if (last_req_state == INIT) {
// wake up crypto system to be ready for signing
getDerivedNode(NULL, 0);
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
buttonUpdate(); // Clear button state
layoutU2FDialog("Register", getReadableAppId(req->appId));
dialog_timeout = 10*U2F_TIMEOUT;
last_req_state = REG;
return;
}
// Still awaiting Keypress
@ -583,12 +567,6 @@ void u2f_register(const APDU *a)
return;
}
// Buttons said no!
if (last_req_state == REG_FAIL) {
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
// Buttons said yes
if (last_req_state == REG_PASS) {
uint8_t data[sizeof(U2F_REGISTER_RESP) + 2];
@ -640,6 +618,7 @@ void u2f_register(const APDU *a)
sizeof(U2F_ATT_CERT) + sig_len + 2;
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(data, l);
return;
}
@ -712,13 +691,6 @@ void u2f_authenticate(const APDU *a)
return;
}
// Buttons said no!
if (last_req_state == AUTH_FAIL) {
send_u2f_error(
U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
// Buttons said yes
if (last_req_state == AUTH_PASS) {
uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2];
@ -751,6 +723,7 @@ void u2f_authenticate(const APDU *a)
U2F_MAX_EC_SIG_SIZE + sig_len,
"\x90\x00", 2);
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len +
2);