[Cryptech-Commits] [sw/libhal] 02/02: Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with control over iterations.

git at cryptech.is git at cryptech.is
Sun Jun 26 05:14:15 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/libhal] 01/02: Dial back the last-gasp iterations to something sane.
Next message (by thread): [Cryptech-Commits] [sw/stm32] branch master updated (e3db117 -> 0d25f92)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/libhal.

commit a16159562d5e7a2998654c3f88ba0f88a3aaa42e
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Sun Jun 26 01:02:44 2016 -0400

    Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with control over iterations.
---
 hal_internal.h |  3 +++
 rpc_misc.c     | 22 ++++++++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/hal_internal.h b/hal_internal.h
index 0c38c00..bd8e97d 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -316,6 +316,9 @@ typedef struct {
 
 } hal_ks_keydb_t;
 
+extern hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client,
+                                                  const uint32_t iterations);
+
 /*
  * Internal functions within the keystore implementation.  Think of
  * these as concrete methods for the keystore API subclassed onto
diff --git a/rpc_misc.c b/rpc_misc.c
index 8176c6f..1902b71 100644
--- a/rpc_misc.c
+++ b/rpc_misc.c
@@ -85,6 +85,8 @@ typedef struct {
 #define HAL_PIN_DEFAULT_ITERATIONS 20000
 #endif
 
+static uint32_t hal_pin_default_iterations = HAL_PIN_DEFAULT_ITERATIONS;
+
 #ifndef HAL_STATIC_CLIENT_STATE_BLOCKS
 #define HAL_STATIC_CLIENT_STATE_BLOCKS	10
 #endif
@@ -135,7 +137,7 @@ static hal_error_t login(const hal_client_handle_t client,
     return err;
 
   uint8_t buf[sizeof(p->pin)];
-  const uint32_t iterations = p->iterations == 0 ? HAL_PIN_DEFAULT_ITERATIONS : p->iterations;
+  const uint32_t iterations = p->iterations == 0 ? hal_pin_default_iterations : p->iterations;
 
   if ((err = hal_pbkdf2(NULL, hal_hash_sha256, (const uint8_t *) pin, pin_len,
                         p->salt, sizeof(p->salt), buf, sizeof(buf), iterations)) != HAL_OK)
@@ -210,11 +212,7 @@ static hal_error_t set_pin(const hal_client_handle_t client,
 
   hal_ks_pin_t p = *pp;
 
-  /*
-   * Another all-zeros vs all-ones disagreement between drivers.
-   */
-  if (p.iterations == 0x00000000 || p.iterations == 0xffffffff)
-    p.iterations = HAL_PIN_DEFAULT_ITERATIONS;
+  p.iterations = hal_pin_default_iterations;
 
   if ((err = hal_get_random(NULL, p.salt, sizeof(p.salt)))      != HAL_OK ||
       (err = hal_pbkdf2(NULL, hal_hash_sha256,
@@ -227,6 +225,18 @@ static hal_error_t set_pin(const hal_client_handle_t client,
   return HAL_OK;
 }
 
+hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client,
+                                           const uint32_t iterations)
+{
+  if ((is_logged_in(client, HAL_USER_WHEEL) != HAL_OK) &&
+      (is_logged_in(client, HAL_USER_SO) != HAL_OK))
+    return HAL_ERROR_FORBIDDEN;
+
+  /* should probably store this in flash somewhere */
+  hal_pin_default_iterations = (iterations == 0) ? HAL_PIN_DEFAULT_ITERATIONS : iterations;
+  return HAL_OK;
+}
+
 const hal_rpc_misc_dispatch_t hal_rpc_local_misc_dispatch = {
   set_pin,
   login,

Previous message (by thread): [Cryptech-Commits] [sw/libhal] 01/02: Dial back the last-gasp iterations to something sane.
Next message (by thread): [Cryptech-Commits] [sw/stm32] branch master updated (e3db117 -> 0d25f92)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list