diff options
author | Rob Austein <sra@hactrn.net> | 2016-06-26 10:31:46 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-06-26 10:31:46 -0400 |
commit | 709a71c0030225ba08cddf5227a1c67c2dbb4176 (patch) | |
tree | 43a94adf66f8e35c06d7dc30578138f5287c1749 /rpc_misc.c | |
parent | 64e5fe8edec2c4ba461e712d6fbd05d47d5a9192 (diff) | |
parent | a16159562d5e7a2998654c3f88ba0f88a3aaa42e (diff) |
Merge branch 'master' of https://git.cryptech.is/sw/libhal.git.
Diffstat (limited to 'rpc_misc.c')
-rw-r--r-- | rpc_misc.c | 22 |
1 files changed, 16 insertions, 6 deletions
@@ -85,6 +85,8 @@ typedef struct { #define HAL_PIN_DEFAULT_ITERATIONS 20000 #endif +static uint32_t hal_pin_default_iterations = HAL_PIN_DEFAULT_ITERATIONS; + #ifndef HAL_STATIC_CLIENT_STATE_BLOCKS #define HAL_STATIC_CLIENT_STATE_BLOCKS 10 #endif @@ -135,7 +137,7 @@ static hal_error_t login(const hal_client_handle_t client, return err; uint8_t buf[sizeof(p->pin)]; - const uint32_t iterations = p->iterations == 0 ? HAL_PIN_DEFAULT_ITERATIONS : p->iterations; + const uint32_t iterations = p->iterations == 0 ? hal_pin_default_iterations : p->iterations; if ((err = hal_pbkdf2(NULL, hal_hash_sha256, (const uint8_t *) pin, pin_len, p->salt, sizeof(p->salt), buf, sizeof(buf), iterations)) != HAL_OK) @@ -210,11 +212,7 @@ static hal_error_t set_pin(const hal_client_handle_t client, hal_ks_pin_t p = *pp; - /* - * Another all-zeros vs all-ones disagreement between drivers. - */ - if (p.iterations == 0x00000000 || p.iterations == 0xffffffff) - p.iterations = HAL_PIN_DEFAULT_ITERATIONS; + p.iterations = hal_pin_default_iterations; if ((err = hal_get_random(NULL, p.salt, sizeof(p.salt))) != HAL_OK || (err = hal_pbkdf2(NULL, hal_hash_sha256, @@ -227,6 +225,18 @@ static hal_error_t set_pin(const hal_client_handle_t client, return HAL_OK; } +hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client, + const uint32_t iterations) +{ + if ((is_logged_in(client, HAL_USER_WHEEL) != HAL_OK) && + (is_logged_in(client, HAL_USER_SO) != HAL_OK)) + return HAL_ERROR_FORBIDDEN; + + /* should probably store this in flash somewhere */ + hal_pin_default_iterations = (iterations == 0) ? HAL_PIN_DEFAULT_ITERATIONS : iterations; + return HAL_OK; +} + const hal_rpc_misc_dispatch_t hal_rpc_local_misc_dispatch = { set_pin, login, |