trezor-firmware

Commit Graph

Author	SHA1	Message	Date
Andrew Kozlik	e378820f7f	core/webauthn: Implement support for Ed25519 signatures in FIDO2.	5 years ago
matejcik	a79279115e	core: move confirm_signal evaluation into concrete Layout implementations Apart from making the code more correct for its users in apps.common.confirm and elsewhere, this fixes a problem where the confirm_signal would be scheduled before the dialog is rendered. By making sure that handle_rendering is scheduled (i.e., listed in create_tasks) before confirm_signal, we can be sure to render at least once and thus appear in the UI test results.	5 years ago
Pavol Rusnak	8a36ead915	common/defs: add Faceboook to recognized apps	5 years ago
Andrew Kozlik	289d8276eb	core/fido2: check for HID timeout in send_cmd() (#791 )	5 years ago
Andrew Kozlik	0432f5e801	webauthn: Add use_self_attestation flag to FIDO apps.	5 years ago
Andrew Kozlik	2e9db44434	core/webauthn: Add AAGUID to README.md.	5 years ago
matejcik	ac6e23fb87	mako: improve local variable name	5 years ago
matejcik	558020be01	common: drop lastpass from FIDO apps as it doesn't actually support FIDO/U2F	5 years ago
matejcik	67b2ba558b	core: auto-generate list of FIDO known apps and improve code for loading icons	5 years ago
matejcik	a46fd6f508	core: auto-generate FIDO icons	5 years ago
Andrew Kozlik	420a4b8ba7	core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds.	5 years ago
Andrew Kozlik	0b851d6959	core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling.	5 years ago
Andrew Kozlik	4d3c634732	core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to `cf6949332f`.	5 years ago
Andrew Kozlik	a63ff8f9b4	core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel.	5 years ago
Andrew Kozlik	a704bfe184	core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android.	5 years ago
Andrew Kozlik	3a4e9bd25c	core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping.	5 years ago
Andrew Kozlik	7c39e2f142	core/webauthn: Specify the exception raised by res.load().	5 years ago
Andrew Kozlik	790178a442	fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.	5 years ago
Andrew Kozlik	c463069895	core/webauthn: Don't log an exception when a relying party is not listed in knownapps.	5 years ago
Andrew Kozlik	203853faed	core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.	5 years ago
Andrew Kozlik	2ae1d9a935	webauthn: Disable signature counter in FIDO2 for dropbox.com, gandi.net, secure.login.gov.	5 years ago
matejcik	1f6cc77dec	upgrade black to 19.10b0	5 years ago
Pavol Rusnak	d029920540	core/webauthn: update metadata	5 years ago
Pavol Rusnak	e1e081fb7a	core/webauthn: fix metadata	5 years ago
Pavol Rusnak	df273bf836	core/usb: reorder endpoints	5 years ago
matejcik	18ab677124	core/webauthn: rename storage.webauthn to storage.resident_credentials	5 years ago
matejcik	33bd4d3ba9	Merge branch 'master' into matejcik/storage-relocation	5 years ago
matejcik	28d30ffd2f	core/webauthn: unify signatures of Credential.from_bytes and friends	5 years ago
Pavol Rusnak	2d8f70d49a	common/defs: add mojeid.cz definition to webauthn	5 years ago
matejcik	5c93ecd53a	core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect.	5 years ago
Pavol Rusnak	4979e17e86	core/webauthn: improve metadata	5 years ago
Tomas Susanka	809b30ddcf	core/webauthn: set webauthn interface in its app not in main.py This way the other messages (WebAuthnListResidentCredentials etc.) get registered in device debug build and can be tested. Updates #591	5 years ago
Pavol Rusnak	727b7f8cd3	core/webauthn: add u2f/ctap2 metadata	5 years ago
Tomas Susanka	0511cc8b8c	core: add final mypy fixes!	5 years ago
Andrew Kozlik	710866074b	core/webauthn: Fix mypy warnings.	5 years ago
Andrew Kozlik	5401f88d52	core/webauthn: Fix user input timeout bug.	5 years ago
Andrew Kozlik	e385eae433	core/webauthn: Use popups for webauthn error messages instead of confirmation dialogs to simplify device testing.	5 years ago
Andrew Kozlik	8ce8916beb	core/webauthn: Remove AUTOCONFIRM option.	5 years ago
Pavol Rusnak	2e877b5762	core: refactor fido2 stuff into webauthn/fido2	5 years ago
Andrew Kozlik	18998ff42f	core/webauth: Remove "alg" parameter validation for key-agreement public keys to avoid compatibility issues.	5 years ago
Andrew Kozlik	4a81101c84	core/webauthn: Modify error handling to match fido2-tests.	5 years ago
Andrew Kozlik	9537bc40a5	core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys. ECDH_ES_HKDF_256 is the wrong type to use, since the key-agreement does not use HKDF, but ES256 is even more wrong, because it is an ECDSA type rather than an ECDH type. Currently there is no correct algorithm type defined. ES256 is used by libfido2, whereas ECDH_ES_HKDF_256 is used by Chrome, YubiKey and SoloKey, so it has the majority.	5 years ago
Andrew Kozlik	500401d81f	core/webauthn: Place a 500 ms timeout on CTAP HID continuation packets.	5 years ago
Andrew Kozlik	0495d18b1e	core/webauthn: Fix CTAP HID protocol to correctly handle invalid channel IDs and interleaving packets from different channels.	5 years ago
Andrew Kozlik	9ea8136545	u2f: Add keepersecurity.eu to knownapps.	5 years ago
Andrew Kozlik	e4c13b6357	u2f: Store hashes of U2F application parameters instead of pre-images.	5 years ago
Andrew Kozlik	6a33889706	common/webauthn: Add new URLs for gandi.net and Slush Pool.	5 years ago
Andrew Kozlik	528ee9ccf1	core/webauthn: Ensure user-presence option is not present in MakeCredential requests.	5 years ago
Andrew Kozlik	e341f133a3	core/webauthn: Add length checks in CTAPHID protocol.	5 years ago
Andrew Kozlik	ae70741e48	core/webauthn: Add more type checking for CBOR command parameters and return CTAP2_ERR_CBOR_UNEXPECTED_TYPE.	5 years ago

1 2

78 Commits (e378820f7f6973812dd7b76abc581114e2d2a699)