arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-14 18:48:10 +00:00
Code Issues Releases Wiki Activity

core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling.

Browse Source
This commit is contained in:
Andrew Kozlik 2019-12-03 10:06:39 +01:00
parent 4d3c634732
commit 0b851d6959
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
core/src/apps/webauthn/fido2.py
View File

@ -1140,11 +1140,18 @@ def msg_register(req: Msg, dialog_mgr: DialogManager) -> Cmd:
dialog_mgr.reset_timeout() dialog_mgr.reset_timeout()
# wait for a button or continue # wait for a button or continue
if dialog_mgr.result != _RESULT_CONFIRM: if dialog_mgr.result == _RESULT_NONE:
if __debug__: if __debug__:
log.info(__name__, "waiting for button") log.info(__name__, "waiting for button")
return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED) return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED)
if dialog_mgr.result != _RESULT_CONFIRM:
if __debug__:
log.info(__name__, "request declined")
# There is no standard way to decline a U2F request, but responding with ERR_CHANNEL_BUSY
# doesn't seem to violate the protocol and at least stops Chrome from polling.
return cmd_error(req.cid, _ERR_CHANNEL_BUSY)
# sign the registration challenge and return # sign the registration challenge and return
if __debug__: if __debug__:
log.info(__name__, "signing register") log.info(__name__, "signing register")
@ -1229,11 +1236,18 @@ def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
dialog_mgr.reset_timeout() dialog_mgr.reset_timeout()
# wait for a button or continue # wait for a button or continue
if dialog_mgr.result != _RESULT_CONFIRM: if dialog_mgr.result == _RESULT_NONE:
if __debug__: if __debug__:
log.info(__name__, "waiting for button") log.info(__name__, "waiting for button")
return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED) return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED)
if dialog_mgr.result != _RESULT_CONFIRM:
if __debug__:
log.info(__name__, "request declined")
# There is no standard way to decline a U2F request, but responding with ERR_CHANNEL_BUSY
# doesn't seem to violate the protocol and at least stops Chrome from polling.
return cmd_error(req.cid, _ERR_CHANNEL_BUSY)
# sign the authentication challenge and return # sign the authentication challenge and return
if __debug__: if __debug__:
log.info(__name__, "signing authentication") log.info(__name__, "signing authentication")