arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-12 01:18:14 +00:00
Code Issues Releases Wiki Activity
8,827 Commits 364 Branches 206 Tags 248 MiB
3789a3372b
Commit Graph

80 Commits

Author SHA1 Message Date
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
matejcik
a79279115e core: move confirm_signal evaluation into concrete Layout implementations 
Apart from making the code more correct for its users in
apps.common.confirm and elsewhere, this fixes a problem where the
confirm_signal would be scheduled before the dialog is rendered.
By making sure that handle_rendering is scheduled (i.e., listed in
create_tasks) before confirm_signal, we can be sure to render at least
once and thus appear in the UI test results.
 2020-01-23 15:45:10 +01:00
Pavol Rusnak
8a36ead915
common/defs: add Faceboook to recognized apps 2020-01-16 15:35:45 +00:00
Andrew Kozlik
289d8276eb core/fido2: check for HID timeout in send_cmd() (#791) 2020-01-11 14:33:24 +01:00
Andrew Kozlik
0432f5e801 webauthn: Add use_self_attestation flag to FIDO apps. 2019-12-11 15:29:52 +01:00
Andrew Kozlik
2e9db44434 core/webauthn: Add AAGUID to README.md. 2019-12-10 15:56:41 +01:00
matejcik
ac6e23fb87 mako: improve local variable name 2019-12-09 16:31:46 +01:00
matejcik
558020be01 common: drop lastpass from FIDO apps 
as it doesn't actually support FIDO/U2F
 2019-12-09 16:31:46 +01:00
matejcik
67b2ba558b core: auto-generate list of FIDO known apps 
and improve code for loading icons
 2019-12-09 16:31:46 +01:00
matejcik
a46fd6f508 core: auto-generate FIDO icons 2019-12-09 16:31:46 +01:00
Andrew Kozlik
420a4b8ba7 core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
0b851d6959 core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
4d3c634732 core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to cf6949332f. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a63ff8f9b4 core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a704bfe184 core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
3a4e9bd25c core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
7c39e2f142 core/webauthn: Specify the exception raised by res.load(). 2019-11-26 15:44:05 +01:00
Andrew Kozlik
790178a442 fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
c463069895 core/webauthn: Don't log an exception when a relying party is not listed in knownapps. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
203853faed core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
2ae1d9a935 webauthn: Disable signature counter in FIDO2 for dropbox.com, gandi.net, secure.login.gov. 2019-11-21 13:59:45 +01:00
matejcik
1f6cc77dec upgrade black to 19.10b0 2019-11-20 16:02:47 +01:00
Pavol Rusnak
d029920540
core/webauthn: update metadata 2019-11-16 10:53:10 +00:00
Pavol Rusnak
e1e081fb7a
core/webauthn: fix metadata 2019-11-13 17:16:23 +01:00
Pavol Rusnak
df273bf836
core/usb: reorder endpoints 2019-11-13 13:21:39 +01:00
matejcik
18ab677124 core/webauthn: rename storage.webauthn to storage.resident_credentials 2019-11-08 12:47:54 +01:00
matejcik
33bd4d3ba9 Merge branch 'master' into matejcik/storage-relocation 2019-11-07 12:51:02 +01:00
matejcik
28d30ffd2f core/webauthn: unify signatures of Credential.from_bytes and friends 2019-11-06 13:56:52 +01:00
Pavol Rusnak
2d8f70d49a
common/defs: add mojeid.cz definition to webauthn 2019-11-01 12:54:28 +00:00
matejcik
5c93ecd53a core: create top-level storage module 
This is to avoid including app-specific functionality in storage and
avoid circular imports. The following policy is now in effect: modules
from `storage` namespace must not import from `apps` namespace.

In most files, the change only involves changing import paths.

A minor refactor was needed in case of webauthn: basic get/set/delete
functionality was left in storage.webauthn, and more advanced logic on
top of it was moved to apps.webauthn.resident_credentials.

A significant refactor was needed for sd_salt, where application (and
UI) logic was tightly coupled with the IO code. This is now separated,
and storage.sd_salt deals exclusively with the IO side, while the app/UI
logic is implemented on top of it in apps.common.sd_salt and
apps.management.sd_protect.
 2019-10-31 16:21:56 +01:00
Pavol Rusnak
4979e17e86
core/webauthn: improve metadata 2019-10-30 17:53:09 +01:00
Tomas Susanka
809b30ddcf core/webauthn: set webauthn interface in its app not in main.py 
This way the other messages (WebAuthnListResidentCredentials etc.) get
registered in device debug build and can be tested.

Updates #591
 2019-10-30 14:38:04 +01:00
Pavol Rusnak
727b7f8cd3
core/webauthn: add u2f/ctap2 metadata 2019-10-28 21:33:15 +01:00
Tomas Susanka
0511cc8b8c core: add final mypy fixes! 2019-10-22 14:36:25 +00:00
Andrew Kozlik
710866074b core/webauthn: Fix mypy warnings. 2019-10-09 18:13:48 +02:00
Andrew Kozlik
5401f88d52 core/webauthn: Fix user input timeout bug. 2019-10-09 15:18:25 +02:00
Andrew Kozlik
e385eae433 core/webauthn: Use popups for webauthn error messages instead of confirmation dialogs to simplify device testing. 2019-10-08 13:29:15 +02:00
Andrew Kozlik
8ce8916beb core/webauthn: Remove AUTOCONFIRM option. 2019-10-08 13:29:04 +02:00
Pavol Rusnak
2e877b5762
core: refactor fido2 stuff into webauthn/fido2 2019-10-01 14:02:28 +00:00
Andrew Kozlik
18998ff42f core/webauth: Remove "alg" parameter validation for key-agreement public keys to avoid compatibility issues. 2019-10-01 12:05:14 +02:00
Andrew Kozlik
4a81101c84 core/webauthn: Modify error handling to match fido2-tests. 2019-10-01 11:55:36 +02:00
Andrew Kozlik
9537bc40a5 core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys. 
ECDH_ES_HKDF_256 is the wrong type to use, since the key-agreement does not use HKDF, but ES256 is even more wrong, because it is an ECDSA type rather than an ECDH type. Currently there is no correct algorithm type defined. ES256 is used by libfido2, whereas ECDH_ES_HKDF_256 is used by Chrome, YubiKey and SoloKey, so it has the majority.
 2019-09-30 19:37:46 +02:00
Andrew Kozlik
500401d81f core/webauthn: Place a 500 ms timeout on CTAP HID continuation packets. 2019-09-26 19:02:29 +02:00
Andrew Kozlik
0495d18b1e core/webauthn: Fix CTAP HID protocol to correctly handle invalid channel IDs and interleaving packets from different channels. 2019-09-26 19:02:29 +02:00
Andrew Kozlik
9ea8136545 u2f: Add keepersecurity.eu to knownapps. 2019-09-26 19:02:29 +02:00
Andrew Kozlik
e4c13b6357 u2f: Store hashes of U2F application parameters instead of pre-images. 2019-09-26 19:02:29 +02:00
Andrew Kozlik
6a33889706 common/webauthn: Add new URLs for gandi.net and Slush Pool. 2019-09-26 19:02:29 +02:00
Andrew Kozlik
528ee9ccf1 core/webauthn: Ensure user-presence option is not present in MakeCredential requests. 2019-09-26 19:02:29 +02:00