mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-08 22:40:59 +00:00
core/webauthn: rename storage.webauthn to storage.resident_credentials
This commit is contained in:
matejcik
parent
f03562cca0
commit
18ab677124
@ -4,7 +4,7 @@ import utime
|
|||||||
from micropython import const
|
from micropython import const
|
||||||
|
|
||||||
import storage
|
import storage
|
||||||
import storage.webauthn
|
import storage.resident_credentials
|
||||||
from trezor import config, io, log, loop, ui, utils, workflow
|
from trezor import config, io, log, loop, ui, utils, workflow
|
||||||
from trezor.crypto import aes, der, hashlib, hmac, random
|
from trezor.crypto import aes, der, hashlib, hmac, random
|
||||||
from trezor.crypto.curve import nist256p1
|
from trezor.crypto.curve import nist256p1
|
||||||
@ -864,7 +864,7 @@ class Fido2ConfirmReset(Fido2State):
|
|||||||
return await confirm(text)
|
return await confirm(text)
|
||||||
|
|
||||||
async def on_confirm(self) -> None:
|
async def on_confirm(self) -> None:
|
||||||
storage.webauthn.delete_all_resident_credentials()
|
storage.resident_credentials.delete_all()
|
||||||
cmd = Cmd(self.cid, _CMD_CBOR, bytes([_ERR_NONE]))
|
cmd = Cmd(self.cid, _CMD_CBOR, bytes([_ERR_NONE]))
|
||||||
await send_cmd(cmd, self.iface)
|
await send_cmd(cmd, self.iface)
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
import storage.webauthn
|
import storage.resident_credentials
|
||||||
from trezor import wire
|
from trezor import wire
|
||||||
from trezor.messages.Success import Success
|
from trezor.messages.Success import Success
|
||||||
from trezor.messages.WebAuthnRemoveResidentCredential import (
|
from trezor.messages.WebAuthnRemoveResidentCredential import (
|
||||||
@ -43,5 +43,5 @@ async def remove_resident_credential(
|
|||||||
await require_confirm(ctx, content)
|
await require_confirm(ctx, content)
|
||||||
|
|
||||||
assert cred.index is not None
|
assert cred.index is not None
|
||||||
storage.webauthn.delete_resident_credential(cred.index)
|
storage.resident_credentials.delete(cred.index)
|
||||||
return Success(message="Credential removed")
|
return Success(message="Credential removed")
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
from micropython import const
|
from micropython import const
|
||||||
|
|
||||||
import storage.webauthn
|
import storage.resident_credentials
|
||||||
from storage.webauthn import MAX_RESIDENT_CREDENTIALS
|
from storage.resident_credentials import MAX_RESIDENT_CREDENTIALS
|
||||||
|
|
||||||
from apps.webauthn.credential import Fido2Credential
|
from apps.webauthn.credential import Fido2Credential
|
||||||
|
|
||||||
@ -22,14 +22,14 @@ def _credential_from_data(index: int, data: bytes) -> Fido2Credential:
|
|||||||
|
|
||||||
def find_all() -> Iterator[Fido2Credential]:
|
def find_all() -> Iterator[Fido2Credential]:
|
||||||
for index in range(MAX_RESIDENT_CREDENTIALS):
|
for index in range(MAX_RESIDENT_CREDENTIALS):
|
||||||
data = storage.webauthn.get_resident_credential(index)
|
data = storage.resident_credentials.get(index)
|
||||||
if data is not None:
|
if data is not None:
|
||||||
yield _credential_from_data(index, data)
|
yield _credential_from_data(index, data)
|
||||||
|
|
||||||
|
|
||||||
def find_by_rp_id_hash(rp_id_hash: bytes) -> Iterator[Fido2Credential]:
|
def find_by_rp_id_hash(rp_id_hash: bytes) -> Iterator[Fido2Credential]:
|
||||||
for index in range(MAX_RESIDENT_CREDENTIALS):
|
for index in range(MAX_RESIDENT_CREDENTIALS):
|
||||||
data = storage.webauthn.get_resident_credential(index)
|
data = storage.resident_credentials.get(index)
|
||||||
|
|
||||||
if data is None:
|
if data is None:
|
||||||
# empty slot
|
# empty slot
|
||||||
@ -46,7 +46,7 @@ def get_resident_credential(index: int) -> Optional[Fido2Credential]:
|
|||||||
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
data = storage.webauthn.get_resident_credential(index)
|
data = storage.resident_credentials.get(index)
|
||||||
if data is None:
|
if data is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@ -56,18 +56,18 @@ def get_resident_credential(index: int) -> Optional[Fido2Credential]:
|
|||||||
def store_resident_credential(cred: Fido2Credential) -> bool:
|
def store_resident_credential(cred: Fido2Credential) -> bool:
|
||||||
slot = None
|
slot = None
|
||||||
for index in range(MAX_RESIDENT_CREDENTIALS):
|
for index in range(MAX_RESIDENT_CREDENTIALS):
|
||||||
data = storage.webauthn.get_resident_credential(index)
|
stored_data = storage.resident_credentials.get(index)
|
||||||
if data is None:
|
if stored_data is None:
|
||||||
# found candidate empty slot
|
# found candidate empty slot
|
||||||
if slot is None:
|
if slot is None:
|
||||||
slot = index
|
slot = index
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if cred.rp_id_hash != data[:RP_ID_HASH_LENGTH]:
|
if cred.rp_id_hash != stored_data[:RP_ID_HASH_LENGTH]:
|
||||||
# slot is occupied by a different rp_id_hash
|
# slot is occupied by a different rp_id_hash
|
||||||
continue
|
continue
|
||||||
|
|
||||||
stored_cred = _credential_from_data(index, data)
|
stored_cred = _credential_from_data(index, stored_data)
|
||||||
# If a credential for the same RP ID and user ID already exists, then overwrite it.
|
# If a credential for the same RP ID and user ID already exists, then overwrite it.
|
||||||
if stored_cred.user_id == cred.user_id:
|
if stored_cred.user_id == cred.user_id:
|
||||||
slot = index
|
slot = index
|
||||||
@ -77,5 +77,5 @@ def store_resident_credential(cred: Fido2Credential) -> bool:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
cred_data = cred.rp_id_hash + cred.id
|
cred_data = cred.rp_id_hash + cred.id
|
||||||
storage.webauthn.set_resident_credential(slot, cred_data)
|
storage.resident_credentials.set(slot, cred_data)
|
||||||
return True
|
return True
|
||||||
|
|||||||
@ -11,27 +11,27 @@ _RESIDENT_CREDENTIAL_START_KEY = const(1)
|
|||||||
MAX_RESIDENT_CREDENTIALS = const(100)
|
MAX_RESIDENT_CREDENTIALS = const(100)
|
||||||
|
|
||||||
|
|
||||||
def get_resident_credential(index: int) -> Optional[bytes]:
|
def get(index: int) -> Optional[bytes]:
|
||||||
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
||||||
raise ValueError # invalid credential index
|
raise ValueError # invalid credential index
|
||||||
|
|
||||||
return common.get(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY)
|
return common.get(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY)
|
||||||
|
|
||||||
|
|
||||||
def set_resident_credential(index: int, data: bytes) -> None:
|
def set(index: int, data: bytes) -> None:
|
||||||
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
||||||
raise ValueError # invalid credential index
|
raise ValueError # invalid credential index
|
||||||
|
|
||||||
common.set(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY, data)
|
common.set(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY, data)
|
||||||
|
|
||||||
|
|
||||||
def delete_resident_credential(index: int) -> None:
|
def delete(index: int) -> None:
|
||||||
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
if not (0 <= index < MAX_RESIDENT_CREDENTIALS):
|
||||||
raise ValueError # invalid credential index
|
raise ValueError # invalid credential index
|
||||||
|
|
||||||
common.delete(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY)
|
common.delete(common.APP_WEBAUTHN, index + _RESIDENT_CREDENTIAL_START_KEY)
|
||||||
|
|
||||||
|
|
||||||
def delete_all_resident_credentials() -> None:
|
def delete_all() -> None:
|
||||||
for i in range(MAX_RESIDENT_CREDENTIALS):
|
for i in range(MAX_RESIDENT_CREDENTIALS):
|
||||||
common.delete(common.APP_WEBAUTHN, i + _RESIDENT_CREDENTIAL_START_KEY)
|
common.delete(common.APP_WEBAUTHN, i + _RESIDENT_CREDENTIAL_START_KEY)
|
||||||
Loading…
Reference in New Issue
Block a user