Moving up and uv flags to paut.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-09-20 03:10:10 +00:00 · 2022-09-21 00:00:25 +02:00 · 2022-09-21 00:00:25 +02:00 · 08c3c3344c
commit 08c3c3344c
parent 804970e77a
2 changed files with 20 additions and 11 deletions
--- a/src/fido/cbor_client_pin.c
+++ b/src/fido/cbor_client_pin.c
@ -34,13 +34,13 @@
 uint8_t permissions_rp_id = 0, permission_set = 0;
 uint32_t usage_timer = 0, initial_usage_time_limit = 0;
 uint32_t max_usage_time_period  = 600*1000;
-bool user_verified = false, user_present = false, needs_power_cycle = false;
+bool needs_power_cycle = false;
 mbedtls_ecdh_context hkey;
 bool hkey_init = false;

 int beginUsingPinUvAuthToken(bool userIsPresent) {
-    user_present = userIsPresent;
-    user_verified = true;
+    paut.user_present = userIsPresent;
+    paut.user_verified = true;
    initial_usage_time_limit = board_millis();
    usage_timer = board_millis();
    paut.in_use = true;
@ -49,12 +49,12 @@ int beginUsingPinUvAuthToken(bool userIsPresent) {

 void clearUserPresentFlag() {
    if (paut.in_use == true)
-        user_present = false;
+        paut.user_present = false;
 }

 void clearUserVerifiedFlag() {
    if (paut.in_use == true)
-        user_verified = false;
+        paut.user_verified = false;
 }

 void clearPinUvAuthTokenPermissionsExceptLbw() {
@ -69,20 +69,20 @@ void stopUsingPinUvAuthToken() {
    paut.in_use = false;
    memset(paut.rp_id_hash, 0, sizeof(paut.rp_id_hash));
    initial_usage_time_limit = 0;
-    user_present = user_verified = false;
+    paut.user_present = paut.user_verified = false;
    user_present_time_limit = 0;
 }

 bool getUserPresentFlagValue() {
    if (paut.in_use != true)
-        user_present = false;
-    return user_present;
+        paut.user_present = false;
+    return paut.user_present;
 }

 bool getUserVerifiedFlagValue() {
    if (paut.in_use != true)
-        user_verified = false;
-    return user_verified;
+        paut.user_verified = false;
+    return paut.user_verified;
 }

 int regenerate() {
@ -184,6 +184,8 @@ int authenticate(uint8_t protocol, const uint8_t *key, const uint8_t *data, size

 int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) {
    uint8_t hmac[32];
+    if (paut.in_use == false)
+        return -2;
    int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac);
    if (ret != 0)
        return ret;
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@ -64,8 +64,12 @@ extern void init_fido();
 #define FIDO2_PERMISSION_ACFG   0x20

 #define MAX_PIN_RETRIES 8
+extern bool getUserPresentFlagValue();
 extern bool getUserVerifiedFlagValue();
-#define MAX_CREDENTIAL_COUNT_IN_LIST    16
+extern void clearUserPresentFlag();
+extern void clearUserVerifiedFlag();
+extern void clearPinUvAuthTokenPermissionsExceptLbw();
+#define MAX_CREDENTIAL_COUNT_IN_LIST 16
 #define MAX_CRED_ID_LENGTH        1024
 #define MAX_RESIDENT_CREDENTIALS  256

@ -88,10 +92,13 @@ typedef struct pinUvAuthToken {
    bool in_use;
    uint8_t permissions;
    uint8_t rp_id_hash[32];
+    bool user_present;
+    bool user_verified;
 } pinUvAuthToken_t;

 extern uint32_t user_present_time_limit;

 extern pinUvAuthToken_t paut;
+extern int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign);

 #endif //_FIDO_H