1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-13 01:48:21 +00:00
Commit Graph

100 Commits

Author SHA1 Message Date
Andrew Kozlik
7d07161efe common/fido: Unify application labeling between U2F and FIDO2. 2020-07-30 15:29:54 +02:00
Tomas Susanka
a6acefbdf5 core: wipe before reset and recovery; introduce 'intialized' field 2020-06-16 11:31:29 +02:00
Tomas Susanka
b67be7dd9e core: forbid all settings if not initialized 2020-06-11 18:47:01 +02:00
Pavol Rusnak
5262ef84cf common/defs/fido: add aws and tutanota 2020-06-05 14:53:13 +02:00
matejcik
872e0fb0e0 core: lower scheduler resolution to milliseconds
This avoids problems with large timeouts causing the scheduler queue to
think the time counter has overflown, and ordering the autolock task before
immediate tasks.

The maximum reasonable time difference is 0x20000000, which in
microseconds is ~8 minutes, but in milliseconds a more reasonable ~6
days.
2020-06-04 16:18:46 +02:00
matejcik
2d0206c043 core: replace workflow.on_start/on_close with workflow.spawn 2020-06-04 16:18:46 +02:00
Andrew Kozlik
5469acfabf core/webauthn: Cache user verification for 3 minutes. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01 core/webauthn: Implement FIDO2 unlocking from softlock. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e core/webauthn: Implement U2F unlocking from softlock. 2020-06-04 16:18:46 +02:00
matejcik
8ca7ffc3b8 core: use wire.PinCancelled/PinInvalid instead of custom versions
also refactor show_pin_invalid and its usages so that it raises directly

note that we are now using PinCancelled instead of ActionCancelled where
appropriate
2020-06-04 16:18:46 +02:00
matejcik
eabfcab9b9 core: add default messages to some error codes 2020-06-04 16:18:46 +02:00
Andrew Kozlik
9e4a8ca785 core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators. 2020-04-14 12:24:17 +02:00
Andrew Kozlik
bc4e8eaa16 core/webauth: Update readme with Ed25519 algorithm and certificates. 2020-04-09 21:05:28 +02:00
Andrew Kozlik
fca92d7344 core/webauthn: Update attestation certificate to comply with WebAuthn requirements. 2020-04-06 18:29:05 +02:00
Andrew Kozlik
25a39ea729 core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification. 2020-04-06 09:53:42 +02:00
Andrew Kozlik
b3cd760df0 core/webauthn: Disable CTAPHID_WINK function. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332 core/webauthn: Remove indistinguishable credentials from the allow list. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1 core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b core/webauthn: Truncate names in credential data to at most 100 bytes. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
matejcik
a79279115e core: move confirm_signal evaluation into concrete Layout implementations
Apart from making the code more correct for its users in
apps.common.confirm and elsewhere, this fixes a problem where the
confirm_signal would be scheduled before the dialog is rendered.
By making sure that handle_rendering is scheduled (i.e., listed in
create_tasks) before confirm_signal, we can be sure to render at least
once and thus appear in the UI test results.
2020-01-23 15:45:10 +01:00
Pavol Rusnak
8a36ead915
common/defs: add Faceboook to recognized apps 2020-01-16 15:35:45 +00:00
Andrew Kozlik
289d8276eb core/fido2: check for HID timeout in send_cmd() (#791) 2020-01-11 14:33:24 +01:00
Andrew Kozlik
0432f5e801 webauthn: Add use_self_attestation flag to FIDO apps. 2019-12-11 15:29:52 +01:00
Andrew Kozlik
2e9db44434 core/webauthn: Add AAGUID to README.md. 2019-12-10 15:56:41 +01:00
matejcik
ac6e23fb87 mako: improve local variable name 2019-12-09 16:31:46 +01:00
matejcik
558020be01 common: drop lastpass from FIDO apps
as it doesn't actually support FIDO/U2F
2019-12-09 16:31:46 +01:00
matejcik
67b2ba558b core: auto-generate list of FIDO known apps
and improve code for loading icons
2019-12-09 16:31:46 +01:00
matejcik
a46fd6f508 core: auto-generate FIDO icons 2019-12-09 16:31:46 +01:00
Andrew Kozlik
420a4b8ba7 core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
0b851d6959 core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
4d3c634732 core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to cf6949332f. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a63ff8f9b4 core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel. 2019-12-03 14:48:59 +01:00
Andrew Kozlik
a704bfe184 core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
3a4e9bd25c core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping. 2019-12-03 14:18:43 +01:00
Andrew Kozlik
7c39e2f142 core/webauthn: Specify the exception raised by res.load(). 2019-11-26 15:44:05 +01:00
Andrew Kozlik
790178a442 fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
c463069895 core/webauthn: Don't log an exception when a relying party is not listed in knownapps. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
203853faed core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing. 2019-11-26 15:18:14 +01:00
Andrew Kozlik
2ae1d9a935 webauthn: Disable signature counter in FIDO2 for dropbox.com, gandi.net, secure.login.gov. 2019-11-21 13:59:45 +01:00
matejcik
1f6cc77dec upgrade black to 19.10b0 2019-11-20 16:02:47 +01:00
Pavol Rusnak
d029920540
core/webauthn: update metadata 2019-11-16 10:53:10 +00:00
Pavol Rusnak
e1e081fb7a
core/webauthn: fix metadata 2019-11-13 17:16:23 +01:00
Pavol Rusnak
df273bf836
core/usb: reorder endpoints 2019-11-13 13:21:39 +01:00
matejcik
18ab677124 core/webauthn: rename storage.webauthn to storage.resident_credentials 2019-11-08 12:47:54 +01:00
matejcik
33bd4d3ba9 Merge branch 'master' into matejcik/storage-relocation 2019-11-07 12:51:02 +01:00
matejcik
28d30ffd2f core/webauthn: unify signatures of Credential.from_bytes and friends 2019-11-06 13:56:52 +01:00