Disallow credentials overwriting during registration

Requires explicit removal with Delete() command from now on.
Nitrokey · Aug 9, 2023 · 1cde77f · 1cde77f
1 parent d186f6e
commit 1cde77f
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/src/authenticator.rs b/src/authenticator.rs
@@ -638,14 +638,8 @@ where
 
         // info_now!("recv {:?}", &register);
 
-        // Allow to overwrite existing credentials by default
-        // 0. ykman does not call delete before register, so we need to speculatively
-        // delete the credential (the credential file would be replaced, but we need
-        // to delete the secret key).
-        self.delete(command::Delete {
-            label: register.credential.label,
-        })
-        .ok();
+        // Explicitly disallow to overwrite existing credentials by default
+        self.err_if_credential_with_label_exists(register.credential.label)?;
 
         // 1. Replace secret in credential with handle
         let credential =
@@ -678,6 +672,18 @@ where
         Ok(())
     }
 
+    fn credential_with_label_exists(&mut self, label: &[u8]) -> bool {
+        let filename = self.filename_for_label(label);
+        self.state.file_exists(&mut self.trussed, filename)
+    }
+
+    fn err_if_credential_with_label_exists(&mut self, label: &[u8]) -> Result {
+        match self.credential_with_label_exists(label) {
+            false => Ok(()),
+            true => Err(Status::OperationBlocked),
+        }
+    }
+
     fn filename_for_label(&mut self, label: &[u8]) -> trussed::types::PathBuf {
         let label_hash = syscall!(self.trussed.hash_sha256(label)).hash;
 

diff --git a/src/state.rs b/src/state.rs
@@ -13,6 +13,7 @@ use serde::Serialize;
 use crate::command::EncryptionKeyType;
 use cbor_smol::cbor_deserialize;
 use encrypted_container::EncryptedDataContainer;
+use trussed::client::FilesystemClient;
 use trussed::types::Message;
 use trussed::{
     syscall, try_syscall,
@@ -179,6 +180,10 @@ impl State {
         (Err(encrypted_container::Error::FailedDecryption), None)
     }
 
+    pub fn file_exists<T: FilesystemClient>(&mut self, trussed: &mut T, filename: PathBuf) -> bool {
+        try_syscall!(trussed.read_file(self.location, filename)).is_ok()
+    }
+
     pub fn try_read_file<T, O>(
         &mut self,
         trussed: &mut T,