diff options
author | Louis Collard <louiscollard@chromium.org> | 2019-03-07 18:20:10 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-11 23:52:18 -0700 |
commit | d97034c715fd536e2f4ab64f7c54aba53d4afa50 (patch) | |
tree | e20a9a34b50b6c47081d103735572958a60d4a8c /OWNERS | |
parent | 8b0974714e4de0ef3be0435804f91e157c348dcb (diff) | |
download | chrome-ec-d97034c715fd536e2f4ab64f7c54aba53d4afa50.tar.gz |
ec: U2F: Verify key handles before user presence
The 'check-only' variant of the U2F_AUTHENTICATE
command requires us to check the validity of the
key handle before asserting user presence, this
change does that.
This 'check-only' variant of the command does not
need to actually sign anything, so whilst not
necessary for a functioning U2F implementation in
u2fd, this change also adds functionality to return
early without signing, to simplify usage in u2fd.
Note that this change also changes the error code
returned when a normal 'enforce-presence-and-sign'
command is issued with an invalid key handle, and
there is no user presence. This change will be
passed back up the stack to the U2F client; this
is ok as the U2F spec does not specify which error
should take precedence in this situation.
BUG=b:123161715
TEST=test_that .. firmware_Cr50U2fCommands, manual tests with g2ftool
BRANCH=none
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I7146f4687d0f6e6f69d266b9ca337ad37c00fc2c
Reviewed-on: https://chromium-review.googlesource.com/1508132
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'OWNERS')
0 files changed, 0 insertions, 0 deletions