Andrew Kozlik
7d07161efe
common/fido: Unify application labeling between U2F and FIDO2.
2020-07-30 15:29:54 +02:00
Tomas Susanka
a6acefbdf5
core: wipe before reset and recovery; introduce 'intialized' field
2020-06-16 11:31:29 +02:00
Tomas Susanka
b67be7dd9e
core: forbid all settings if not initialized
2020-06-11 18:47:01 +02:00
Pavol Rusnak
5262ef84cf
common/defs/fido: add aws and tutanota
2020-06-05 14:53:13 +02:00
matejcik
872e0fb0e0
core: lower scheduler resolution to milliseconds
...
This avoids problems with large timeouts causing the scheduler queue to
think the time counter has overflown, and ordering the autolock task before
immediate tasks.
The maximum reasonable time difference is 0x20000000, which in
microseconds is ~8 minutes, but in milliseconds a more reasonable ~6
days.
2020-06-04 16:18:46 +02:00
matejcik
2d0206c043
core: replace workflow.on_start/on_close with workflow.spawn
2020-06-04 16:18:46 +02:00
Andrew Kozlik
5469acfabf
core/webauthn: Cache user verification for 3 minutes.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01
core/webauthn: Implement FIDO2 unlocking from softlock.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f
core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e
core/webauthn: Implement U2F unlocking from softlock.
2020-06-04 16:18:46 +02:00
matejcik
8ca7ffc3b8
core: use wire.PinCancelled/PinInvalid instead of custom versions
...
also refactor show_pin_invalid and its usages so that it raises directly
note that we are now using PinCancelled instead of ActionCancelled where
appropriate
2020-06-04 16:18:46 +02:00
matejcik
eabfcab9b9
core: add default messages to some error codes
2020-06-04 16:18:46 +02:00
Andrew Kozlik
9e4a8ca785
core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators.
2020-04-14 12:24:17 +02:00
Andrew Kozlik
bc4e8eaa16
core/webauth: Update readme with Ed25519 algorithm and certificates.
2020-04-09 21:05:28 +02:00
Andrew Kozlik
fca92d7344
core/webauthn: Update attestation certificate to comply with WebAuthn requirements.
2020-04-06 18:29:05 +02:00
Andrew Kozlik
25a39ea729
core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification.
2020-04-06 09:53:42 +02:00
Andrew Kozlik
b3cd760df0
core/webauthn: Disable CTAPHID_WINK function.
2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332
core/webauthn: Remove indistinguishable credentials from the allow list.
2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1
core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response.
2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b
core/webauthn: Truncate names in credential data to at most 100 bytes.
2020-03-20 15:07:06 +01:00
Andrew Kozlik
2f905a1157
core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response.
2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d
core/webauthn: Clean up bytes/bytearray typing around uctypes.
2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f
core/webauthn: Implement support for Ed25519 signatures in FIDO2.
2020-03-12 15:45:26 +01:00
matejcik
a79279115e
core: move confirm_signal evaluation into concrete Layout implementations
...
Apart from making the code more correct for its users in
apps.common.confirm and elsewhere, this fixes a problem where the
confirm_signal would be scheduled before the dialog is rendered.
By making sure that handle_rendering is scheduled (i.e., listed in
create_tasks) before confirm_signal, we can be sure to render at least
once and thus appear in the UI test results.
2020-01-23 15:45:10 +01:00
Pavol Rusnak
8a36ead915
common/defs: add Faceboook to recognized apps
2020-01-16 15:35:45 +00:00
Andrew Kozlik
289d8276eb
core/fido2: check for HID timeout in send_cmd() ( #791 )
2020-01-11 14:33:24 +01:00
Andrew Kozlik
0432f5e801
webauthn: Add use_self_attestation flag to FIDO apps.
2019-12-11 15:29:52 +01:00
Andrew Kozlik
2e9db44434
core/webauthn: Add AAGUID to README.md.
2019-12-10 15:56:41 +01:00
matejcik
ac6e23fb87
mako: improve local variable name
2019-12-09 16:31:46 +01:00
matejcik
558020be01
common: drop lastpass from FIDO apps
...
as it doesn't actually support FIDO/U2F
2019-12-09 16:31:46 +01:00
matejcik
67b2ba558b
core: auto-generate list of FIDO known apps
...
and improve code for loading icons
2019-12-09 16:31:46 +01:00
matejcik
a46fd6f508
core: auto-generate FIDO icons
2019-12-09 16:31:46 +01:00
Andrew Kozlik
420a4b8ba7
core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds.
2019-12-03 14:48:59 +01:00
Andrew Kozlik
0b851d6959
core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling.
2019-12-03 14:48:59 +01:00
Andrew Kozlik
4d3c634732
core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to cf6949332f
.
2019-12-03 14:48:59 +01:00
Andrew Kozlik
a63ff8f9b4
core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel.
2019-12-03 14:48:59 +01:00
Andrew Kozlik
a704bfe184
core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android.
2019-12-03 14:18:43 +01:00
Andrew Kozlik
3a4e9bd25c
core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping.
2019-12-03 14:18:43 +01:00
Andrew Kozlik
7c39e2f142
core/webauthn: Specify the exception raised by res.load().
2019-11-26 15:44:05 +01:00
Andrew Kozlik
790178a442
fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.
2019-11-26 15:18:14 +01:00
Andrew Kozlik
c463069895
core/webauthn: Don't log an exception when a relying party is not listed in knownapps.
2019-11-26 15:18:14 +01:00
Andrew Kozlik
203853faed
core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.
2019-11-26 15:18:14 +01:00
Andrew Kozlik
2ae1d9a935
webauthn: Disable signature counter in FIDO2 for dropbox.com, gandi.net, secure.login.gov.
2019-11-21 13:59:45 +01:00
matejcik
1f6cc77dec
upgrade black to 19.10b0
2019-11-20 16:02:47 +01:00
Pavol Rusnak
d029920540
core/webauthn: update metadata
2019-11-16 10:53:10 +00:00
Pavol Rusnak
e1e081fb7a
core/webauthn: fix metadata
2019-11-13 17:16:23 +01:00
Pavol Rusnak
df273bf836
core/usb: reorder endpoints
2019-11-13 13:21:39 +01:00
matejcik
18ab677124
core/webauthn: rename storage.webauthn to storage.resident_credentials
2019-11-08 12:47:54 +01:00
matejcik
33bd4d3ba9
Merge branch 'master' into matejcik/storage-relocation
2019-11-07 12:51:02 +01:00
matejcik
28d30ffd2f
core/webauthn: unify signatures of Credential.from_bytes and friends
2019-11-06 13:56:52 +01:00