arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-07 13:12:41 +00:00
Code Issues Releases Wiki Activity
8,987 Commits 394 Branches 206 Tags 236 MiB
79c60615de
Commit Graph

88 Commits

Author SHA1 Message Date
Andrew Kozlik
9e4a8ca785 core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators. 2020-04-14 12:24:17 +02:00
Andrew Kozlik
bc4e8eaa16 core/webauth: Update readme with Ed25519 algorithm and certificates. 2020-04-09 21:05:28 +02:00
Andrew Kozlik
fca92d7344 core/webauthn: Update attestation certificate to comply with WebAuthn requirements. 2020-04-06 18:29:05 +02:00
Andrew Kozlik
25a39ea729 core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification. 2020-04-06 09:53:42 +02:00
Andrew Kozlik
b3cd760df0 core/webauthn: Disable CTAPHID_WINK function. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332 core/webauthn: Remove indistinguishable credentials from the allow list. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1 core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b core/webauthn: Truncate names in credential data to at most 100 bytes. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
matejcik
a79279115e core: move confirm_signal evaluation into concrete Layout implementations 
Apart from making the code more correct for its users in
apps.common.confirm and elsewhere, this fixes a problem where the
confirm_signal would be scheduled before the dialog is rendered.
By making sure that handle_rendering is scheduled (i.e., listed in
create_tasks) before confirm_signal, we can be sure to render at least
once and thus appear in the UI test results.
 2020-01-23 15:45:10 +01:00
Pavol Rusnak
8a36ead915
common/defs: add Faceboook to recognized apps 2020-01-16 15:35:45 +00:00
Andrew Kozlik
289d8276eb core/fido2: check for HID timeout in send_cmd() (#791) 2020-01-11 14:33:24 +01:00
Andrew Kozlik
0432f5e801 webauthn: Add use_self_attestation flag to FIDO apps. 2019-12-11 15:29:52 +01:00
Andrew Kozlik
2e9db44434 core/webauthn: Add AAGUID to README.md. 2019-12-10 15:56:41 +01:00
matejcik
ac6e23fb87 mako: improve local variable name 2019-12-09 16:31:46 +01:00
matejcik
558020be01 common: drop lastpass from FIDO apps 
as it doesn't actually support FIDO/U2F
 2019-12-09 16:31:46 +01:00
matejcik
67b2ba558b core: auto-generate list of FIDO known apps 
and improve code for loading icons
 2019-12-09 16:31:46 +01:00
matejcik
a46fd6f508 core: auto-generate FIDO icons 2019-12-09 16:31:46 +01:00
Andrew Kozlik
420a4b8ba7 core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
0b851d6959 core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
4d3c634732 core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to cf6949332f. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a63ff8f9b4 core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a704bfe184 core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
3a4e9bd25c core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
7c39e2f142 core/webauthn: Specify the exception raised by res.load(). 2019-11-26 15:44:05 +01:00
Andrew Kozlik
790178a442 fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
c463069895 core/webauthn: Don't log an exception when a relying party is not listed in knownapps. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
203853faed core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
2ae1d9a935 webauthn: Disable signature counter in FIDO2 for dropbox.com, gandi.net, secure.login.gov. 2019-11-21 13:59:45 +01:00
matejcik
1f6cc77dec upgrade black to 19.10b0 2019-11-20 16:02:47 +01:00
Pavol Rusnak
d029920540
core/webauthn: update metadata 2019-11-16 10:53:10 +00:00
Pavol Rusnak
e1e081fb7a
core/webauthn: fix metadata 2019-11-13 17:16:23 +01:00
Pavol Rusnak
df273bf836
core/usb: reorder endpoints 2019-11-13 13:21:39 +01:00
matejcik
18ab677124 core/webauthn: rename storage.webauthn to storage.resident_credentials 2019-11-08 12:47:54 +01:00
matejcik
33bd4d3ba9 Merge branch 'master' into matejcik/storage-relocation 2019-11-07 12:51:02 +01:00
matejcik
28d30ffd2f core/webauthn: unify signatures of Credential.from_bytes and friends 2019-11-06 13:56:52 +01:00
Pavol Rusnak
2d8f70d49a
common/defs: add mojeid.cz definition to webauthn 2019-11-01 12:54:28 +00:00
matejcik
5c93ecd53a core: create top-level storage module 
This is to avoid including app-specific functionality in storage and
avoid circular imports. The following policy is now in effect: modules
from `storage` namespace must not import from `apps` namespace.

In most files, the change only involves changing import paths.

A minor refactor was needed in case of webauthn: basic get/set/delete
functionality was left in storage.webauthn, and more advanced logic on
top of it was moved to apps.webauthn.resident_credentials.

A significant refactor was needed for sd_salt, where application (and
UI) logic was tightly coupled with the IO code. This is now separated,
and storage.sd_salt deals exclusively with the IO side, while the app/UI
logic is implemented on top of it in apps.common.sd_salt and
apps.management.sd_protect.
 2019-10-31 16:21:56 +01:00
Pavol Rusnak
4979e17e86
core/webauthn: improve metadata 2019-10-30 17:53:09 +01:00
Tomas Susanka
809b30ddcf core/webauthn: set webauthn interface in its app not in main.py 
This way the other messages (WebAuthnListResidentCredentials etc.) get
registered in device debug build and can be tested.

Updates #591
 2019-10-30 14:38:04 +01:00
Pavol Rusnak
727b7f8cd3
core/webauthn: add u2f/ctap2 metadata 2019-10-28 21:33:15 +01:00
Tomas Susanka
0511cc8b8c core: add final mypy fixes! 2019-10-22 14:36:25 +00:00
Andrew Kozlik
710866074b core/webauthn: Fix mypy warnings. 2019-10-09 18:13:48 +02:00
Andrew Kozlik
5401f88d52 core/webauthn: Fix user input timeout bug. 2019-10-09 15:18:25 +02:00
Andrew Kozlik
e385eae433 core/webauthn: Use popups for webauthn error messages instead of confirmation dialogs to simplify device testing. 2019-10-08 13:29:15 +02:00
Andrew Kozlik
8ce8916beb core/webauthn: Remove AUTOCONFIRM option. 2019-10-08 13:29:04 +02:00
Pavol Rusnak
2e877b5762
core: refactor fido2 stuff into webauthn/fido2 2019-10-01 14:02:28 +00:00
Andrew Kozlik
18998ff42f core/webauth: Remove "alg" parameter validation for key-agreement public keys to avoid compatibility issues. 2019-10-01 12:05:14 +02:00