apps.fido_u2f: unify reg/auth state

2024-11-22 07:28:10 +00:00 · 2017-06-06 13:14:58 +02:00 · 2017-06-06 13:14:58 +02:00 · ed8cfe0399
commit ed8cfe0399
parent c4c27de0d5
1 changed files with 32 additions and 24 deletions
--- a/src/apps/fido_u2f/init.py
+++ b/src/apps/fido_u2f/init.py
@ -447,11 +447,13 @@ class ConfirmState:
        self.confirmed = await dialog


-_reg_state = None
+_state = None  # state for msg_register and msg_authenticate, None or ConfirmState
+_lastreq = None  # last received register/authenticate request, None or Req


 async def msg_register(req: Msg) -> Cmd:
-    global _reg_state
+    global _state
+    global _lastreq

    from apps.common import storage

@ -459,21 +461,30 @@ async def msg_register(req: Msg) -> Cmd:
        log.warning(__name__, 'not initialized')
        return msg_error(req, _SW_CONDITIONS_NOT_SATISFIED)

-    # check input data
+    # check length of input data
    if len(req.data) != 64:
        log.warning(__name__, '_SW_WRONG_LENGTH req.data')
        return msg_error(req, _SW_WRONG_LENGTH)

+    # parse challenge and app_id
    chal = req.data[:32]
    app_id = req.data[32:]

-    if _reg_state is None:
-        _reg_state = ConfirmState(_CONFIRM_REGISTER, app_id)
-        _reg_state.fork()
-    if _reg_state.confirmed is None:
+    # check equality with last request
+    if _lastreq is None or _lastreq.__dict__ != req.__dict__:
+        if _state is not None:
+            _state.kill()
+        _state = None
+        _lastreq = req
+
+    # wait for a button or continue
+    if _state is None:
+        _state = ConfirmState(_CONFIRM_REGISTER, app_id)
+        _state.fork()
+    if _state.confirmed is None:
        log.info(__name__, 'waiting for button')
        return msg_error(req, _SW_CONDITIONS_NOT_SATISFIED)
-    _reg_state = None
+    _state = None

    buf = msg_register_sign(chal, app_id)

@ -530,14 +541,10 @@ def msg_register_sign(challenge: bytes, app_id: bytes) -> bytes:
    return buf


-_auth_state = None
-_auth_lastreq = None
-
-
 async def msg_authenticate(req: Msg) -> Cmd:

-    global _auth_state
-    global _auth_lastreq
+    global _state
+    global _lastreq

    from apps.common import storage

@ -575,19 +582,20 @@ async def msg_authenticate(req: Msg) -> Cmd:
        return msg_error(req, _SW_WRONG_DATA)

    # check equality with last request
-    if _auth_lastreq is None or _auth_lastreq.__dict__ != req.__dict__:
-        if _auth_state is not None:
-            _auth_state.kill()
-        _auth_state = None
-        _auth_lastreq = req
+    if _lastreq is None or _lastreq.__dict__ != req.__dict__:
+        if _state is not None:
+            _state.kill()
+        _state = None
+        _lastreq = req

-    if _auth_state is None:
-        _auth_state = ConfirmState(_CONFIRM_AUTHENTICATE, auth.appId)
-        _auth_state.fork()
-    if _auth_state.confirmed is None:
+    # wait for a button or continue
+    if _state is None:
+        _state = ConfirmState(_CONFIRM_AUTHENTICATE, auth.appId)
+        _state.fork()
+    if _state.confirmed is None:
        log.info(__name__, 'waiting for button')
        return msg_error(req, _SW_CONDITIONS_NOT_SATISFIED)
-    _auth_state = None
+    _state = None

    buf = msg_authenticate_sign(auth.chal, auth.appId, node.private_key())