coelner/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido.git synced 2024-09-19 19:00:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix ESP32 build.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2024-08-18 23:53:18 +02:00
parent 5b95e35ca9
commit 1b4dd9bed0
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
14 changed files with 83 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/fido/cbor.c
View File

@ -15,7 +15,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "hid/ctap_hid.h"
@ -130,6 +130,9 @@ void cbor_thread() {
uint32_t flag = EV_EXEC_FINISHED;
queue_add_blocking(&card_to_usb_q, &flag);
}
#ifdef ESP_PLATFORM
vTaskDelete(NULL);
#endif
}
#endif
@ -139,7 +142,7 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) {
cmd = last_cmd;
res_APDU = ctap_resp->init.data + 1;
res_APDU_size = 0;
return 1;
return 2; // CBOR processing
}
CborError COSE_key_params(int crv,

6
src/fido/cbor_client_pin.c
View File

@ -15,7 +15,11 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef ESP_PLATFORM
#include "common.h"
#else
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif
#include "mbedtls/ecp.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/sha256.h"
@ -23,7 +27,7 @@
#include "cbor.h"
#include "ctap.h"
#include "ctap2_cbor.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"

2
src/fido/cbor_get_assertion.c
View File

@ -17,7 +17,7 @@
#include "cbor.h"
#include "ctap.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"

5
src/fido/cbor_reset.c
View File

@ -18,9 +18,12 @@
#include "file.h"
#include "fido.h"
#include "ctap.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#ifdef ESP_PLATFORM
#include "esp_compat.h"
#endif
extern void scan_all();

18
src/fido/cbor_vendor.c
View File

@ -256,27 +256,11 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
mbedtls_ecdsa_free(&ekey);
CBOR_ERROR(CTAP2_ERR_PROCESSING);
}
#ifndef ENABLE_EMULATION
pico_unique_board_id_t rpiid;
pico_get_unique_board_id(&rpiid);
#else
struct {
uint8_t id[8];
} rpiid = { 0 };
#endif
mbedtls_x509write_csr ctx;
mbedtls_x509write_csr_init(&ctx);
snprintf((char *) buffer,
sizeof(buffer),
"C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %02x%02x%02x%02x%02x%02x%02x%02x",
rpiid.id[0],
rpiid.id[1],
rpiid.id[2],
rpiid.id[3],
rpiid.id[4],
rpiid.id[5],
rpiid.id[6],
rpiid.id[7]);
"C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str);
mbedtls_x509write_csr_set_subject_name(&ctx, (char *) buffer);
mbedtls_pk_context key;
mbedtls_pk_init(&key);

2
src/fido/cmd_register.c
View File

@ -41,7 +41,7 @@ int u2f_select(app_t *a) {
return CCID_ERR_FILE_NOT_FOUND;
}
void __attribute__((constructor)) u2f_ctor() {
INITIALIZER ( u2f_ctor ) {
register_app(u2f_select, u2f_aid);
}

2
src/fido/credential.c
View File

@ -18,7 +18,7 @@
#include "mbedtls/chachapoly.h"
#include "mbedtls/sha256.h"
#include "credential.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"

4
src/fido/ctap2_cbor.h
View File

@ -19,7 +19,11 @@
#define _CTAP2_CBOR_H_
#include "cbor.h"
#ifndef ESP_PLATFORM
#include "common.h"
#else
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif
#include "mbedtls/ecp.h"
#include "mbedtls/ecdh.h"

17
src/fido/fido.c
View File

@ -27,12 +27,12 @@
#if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION)
#include "ccid/ccid.h"
#endif
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include <math.h>
#include "management.h"
#include "ctap_hid.h"
#include "hid/ctap_hid.h"
#include "version.h"
int fido_process_apdu();
@ -79,7 +79,7 @@ extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t);
extern void cbor_thread();
extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len);
void __attribute__((constructor)) fido_ctor() {
INITIALIZER ( fido_ctor ) {
#if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION)
ccid_atr = atr_fido;
#endif
@ -315,9 +315,12 @@ int scan_files() {
mbedtls_ecdsa_free(&ecdsa);
return ret;
}
uint8_t kdata[32];
int key_size = mbedtls_mpi_size(&ecdsa.d);
mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size);
uint8_t kdata[64];
size_t key_size = 0;
ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata));
if (ret != CCID_OK) {
return ret;
}
ret = file_put_data(ef_keydev, kdata, key_size);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(&ecdsa);
@ -333,7 +336,7 @@ int scan_files() {
ef_certdev = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF);
if (ef_certdev) {
if (!file_has_data(ef_certdev)) {
uint8_t cert[4096];
uint8_t cert[2048];
mbedtls_ecdsa_context key;
mbedtls_ecdsa_init(&key);
int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1,

9
src/fido/fido.h
View File

@ -18,13 +18,18 @@
#ifndef _FIDO_H_
#define _FIDO_H_
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#ifndef ESP_PLATFORM
#include "common.h"
#else
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif
#include "mbedtls/ecdsa.h"
#ifndef ENABLE_EMULATION
#include "ctap_hid.h"
#include "hid/ctap_hid.h"
#else
#include <stdbool.h>
#endif

6
src/fido/management.c
View File

@ -43,7 +43,7 @@ int man_select(app_t *a) {
return CCID_OK;
}
void __attribute__((constructor)) man_ctor() {
INITIALIZER ( man_ctor ) {
register_app(man_select, man_aid);
}
@ -82,9 +82,7 @@ int man_get_config() {
res_APDU[res_APDU_size++] = CAP_OTP | CAP_U2F | CAP_OATH;
res_APDU[res_APDU_size++] = TAG_SERIAL;
res_APDU[res_APDU_size++] = 4;
#ifndef ENABLE_EMULATION
pico_get_unique_board_id_string((char *) res_APDU + res_APDU_size, 4);
#endif
memcpy(res_APDU + res_APDU_size, pico_serial.id, 4);
res_APDU_size += 4;
res_APDU[res_APDU_size++] = TAG_FORM_FACTOR;
res_APDU[res_APDU_size++] = 1;

2
src/fido/management.h
View File

@ -19,7 +19,7 @@
#define _MANAGEMENT_H_
#include <stdlib.h>
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif

9
src/fido/oath.c
View File

@ -80,12 +80,7 @@ int oath_select(app_t *a) {
res_APDU[res_APDU_size++] = 0;
res_APDU[res_APDU_size++] = TAG_NAME;
res_APDU[res_APDU_size++] = 8;
#ifndef ENABLE_EMULATION
pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size));
res_APDU_size += 8;
#else
memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8;
#endif
memcpy(res_APDU + res_APDU_size, pico_serial_str, 8);
if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) {
random_gen(NULL, challenge, sizeof(challenge));
res_APDU[res_APDU_size++] = TAG_CHALLENGE;
@ -109,7 +104,7 @@ int oath_select(app_t *a) {
return CCID_ERR_FILE_NOT_FOUND;
}
void __attribute__((constructor)) oath_ctor() {
INITIALIZER ( oath_ctor ) {
register_app(oath_select, oath_aid);
}

79
src/fido/otp.c
View File

@ -24,11 +24,12 @@
#include "asn1.h"
#include "hid/ctap_hid.h"
#include "usb.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "mbedtls/aes.h"
#include "management.h"
#include "tusb.h"
#define FIXED_SIZE 16
#define KEY_SIZE 16
@ -331,7 +332,7 @@ int otp_button_pressed(uint8_t slot) {
return 0;
}
void __attribute__((constructor)) otp_ctor() {
INITIALIZER( otp_ctor ) {
register_app(otp_select, otp_aid);
button_pressed_cb = otp_button_pressed;
#ifndef ENABLE_EMULATION
@ -449,9 +450,7 @@ int cmd_otp() {
low_flash_available();
}
else if (p1 == 0x10) {
#ifndef ENABLE_EMULATION
pico_get_unique_board_id_string((char *) res_APDU, 4);
#endif
memcpy(res_APDU, pico_serial.id, 4);
res_APDU_size = 4;
}
else if (p1 == 0x13) {
@ -479,9 +478,7 @@ int cmd_otp() {
else if (p1 == 0x20 || p1 == 0x28) {
uint8_t challenge[16];
memcpy(challenge, apdu.data, 6);
#ifndef ENABLE_EMULATION
pico_get_unique_board_id_string((char *) challenge + 6, 10);
#endif
memcpy(challenge + 6, pico_serial_str, 10);
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_enc(&ctx, otp_config->aes_key, 128);
@ -547,39 +544,41 @@ int otp_hid_set_report_cb(uint8_t itf,
uint8_t const *buffer,
uint16_t bufsize)
{
if (report_type == 3) {
DEBUG_PAYLOAD(buffer, bufsize);
if (itf == ITF_KEYBOARD && buffer[7] == 0xFF) { // reset
*get_send_buffer_size(ITF_KEYBOARD) = 0;
otp_curr_seq = otp_exp_seq = 0;
memset(otp_frame_tx, 0, sizeof(otp_frame_tx));
}
else if (buffer[7] & 0x80) { // a frame
uint8_t rseq = buffer[7] & 0x1F;
if (rseq < 10) {
if (rseq == 0) {
memset(otp_frame_rx, 0, sizeof(otp_frame_rx));
}
memcpy(otp_frame_rx + rseq * 7, buffer, 7);
if (rseq == 9) {
DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx));
uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]);
uint8_t slot_id = otp_frame_rx[64];
if (residual_crc == rcrc) {
apdu.data = otp_frame_rx;
apdu.nc = 64;
apdu.rdata = otp_frame_tx;
apdu.header[0] = 0;
apdu.header[1] = 0x01;
apdu.header[2] = slot_id;
apdu.header[3] = 0;
int ret = otp_process_apdu();
if (ret == 0x9000 && res_APDU_size > 0) {
otp_send_frame(apdu.rdata, apdu.rlen);
}
if (itf == ITF_KEYBOARD) {
if (report_type == 3) {
DEBUG_PAYLOAD(buffer, bufsize);
if (buffer[7] == 0xFF) { // reset
*get_send_buffer_size(ITF_KEYBOARD) = 0;
otp_curr_seq = otp_exp_seq = 0;
memset(otp_frame_tx, 0, sizeof(otp_frame_tx));
}
else if (buffer[7] & 0x80) { // a frame
uint8_t rseq = buffer[7] & 0x1F;
if (rseq < 10) {
if (rseq == 0) {
memset(otp_frame_rx, 0, sizeof(otp_frame_rx));
}
else {
printf("[OTP] Bad CRC!\n");
memcpy(otp_frame_rx + rseq * 7, buffer, 7);
if (rseq == 9) {
DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx));
uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]);
uint8_t slot_id = otp_frame_rx[64];
if (residual_crc == rcrc) {
apdu.data = otp_frame_rx;
apdu.nc = 64;
apdu.rdata = otp_frame_tx;
apdu.header[0] = 0;
apdu.header[1] = 0x01;
apdu.header[2] = slot_id;
apdu.header[3] = 0;
int ret = otp_process_apdu();
if (ret == 0x9000 && res_APDU_size > 0) {
otp_send_frame(apdu.rdata, apdu.rlen);
}
}
else {
printf("[OTP] Bad CRC!\n");
}
}
}
}