diff --git a/src/fido/cbor.c b/src/fido/cbor.c
index 9483d44..3dd7fc1 100644
--- a/src/fido/cbor.c
+++ b/src/fido/cbor.c
@@ -15,7 +15,7 @@
* along with this program. If not, see .
*/
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "hid/ctap_hid.h"
@@ -130,6 +130,9 @@ void cbor_thread() {
uint32_t flag = EV_EXEC_FINISHED;
queue_add_blocking(&card_to_usb_q, &flag);
}
+#ifdef ESP_PLATFORM
+ vTaskDelete(NULL);
+#endif
}
#endif
@@ -139,7 +142,7 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) {
cmd = last_cmd;
res_APDU = ctap_resp->init.data + 1;
res_APDU_size = 0;
- return 1;
+ return 2; // CBOR processing
}
CborError COSE_key_params(int crv,
diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c
index 0e3d6e9..2d324da 100644
--- a/src/fido/cbor_client_pin.c
+++ b/src/fido/cbor_client_pin.c
@@ -15,7 +15,11 @@
* along with this program. If not, see .
*/
+#ifndef ESP_PLATFORM
#include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
#include "mbedtls/ecp.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/sha256.h"
@@ -23,7 +27,7 @@
#include "cbor.h"
#include "ctap.h"
#include "ctap2_cbor.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"
diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c
index 87c6363..aa22e3b 100644
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -17,7 +17,7 @@
#include "cbor.h"
#include "ctap.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"
diff --git a/src/fido/cbor_reset.c b/src/fido/cbor_reset.c
index 62b17a9..b3a07d5 100644
--- a/src/fido/cbor_reset.c
+++ b/src/fido/cbor_reset.c
@@ -18,9 +18,12 @@
#include "file.h"
#include "fido.h"
#include "ctap.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
+#ifdef ESP_PLATFORM
+#include "esp_compat.h"
+#endif
extern void scan_all();
diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c
index d1b6f54..3b78c01 100644
--- a/src/fido/cbor_vendor.c
+++ b/src/fido/cbor_vendor.c
@@ -256,27 +256,11 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
mbedtls_ecdsa_free(&ekey);
CBOR_ERROR(CTAP2_ERR_PROCESSING);
}
-#ifndef ENABLE_EMULATION
- pico_unique_board_id_t rpiid;
- pico_get_unique_board_id(&rpiid);
-#else
- struct {
- uint8_t id[8];
- } rpiid = { 0 };
-#endif
mbedtls_x509write_csr ctx;
mbedtls_x509write_csr_init(&ctx);
snprintf((char *) buffer,
sizeof(buffer),
- "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %02x%02x%02x%02x%02x%02x%02x%02x",
- rpiid.id[0],
- rpiid.id[1],
- rpiid.id[2],
- rpiid.id[3],
- rpiid.id[4],
- rpiid.id[5],
- rpiid.id[6],
- rpiid.id[7]);
+ "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str);
mbedtls_x509write_csr_set_subject_name(&ctx, (char *) buffer);
mbedtls_pk_context key;
mbedtls_pk_init(&key);
diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c
index 7962719..237f70f 100644
--- a/src/fido/cmd_register.c
+++ b/src/fido/cmd_register.c
@@ -41,7 +41,7 @@ int u2f_select(app_t *a) {
return CCID_ERR_FILE_NOT_FOUND;
}
-void __attribute__((constructor)) u2f_ctor() {
+INITIALIZER ( u2f_ctor ) {
register_app(u2f_select, u2f_aid);
}
diff --git a/src/fido/credential.c b/src/fido/credential.c
index ea44ebb..f1f1994 100644
--- a/src/fido/credential.c
+++ b/src/fido/credential.c
@@ -18,7 +18,7 @@
#include "mbedtls/chachapoly.h"
#include "mbedtls/sha256.h"
#include "credential.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "hid/ctap_hid.h"
diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h
index 9a8c8d1..84723da 100644
--- a/src/fido/ctap2_cbor.h
+++ b/src/fido/ctap2_cbor.h
@@ -19,7 +19,11 @@
#define _CTAP2_CBOR_H_
#include "cbor.h"
+#ifndef ESP_PLATFORM
#include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
#include "mbedtls/ecp.h"
#include "mbedtls/ecdh.h"
diff --git a/src/fido/fido.c b/src/fido/fido.c
index 1adf712..3f772cf 100644
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@@ -27,12 +27,12 @@
#if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION)
#include "ccid/ccid.h"
#endif
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include
#include "management.h"
-#include "ctap_hid.h"
+#include "hid/ctap_hid.h"
#include "version.h"
int fido_process_apdu();
@@ -79,7 +79,7 @@ extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t);
extern void cbor_thread();
extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len);
-void __attribute__((constructor)) fido_ctor() {
+INITIALIZER ( fido_ctor ) {
#if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION)
ccid_atr = atr_fido;
#endif
@@ -315,9 +315,12 @@ int scan_files() {
mbedtls_ecdsa_free(&ecdsa);
return ret;
}
- uint8_t kdata[32];
- int key_size = mbedtls_mpi_size(&ecdsa.d);
- mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size);
+ uint8_t kdata[64];
+ size_t key_size = 0;
+ ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata));
+ if (ret != CCID_OK) {
+ return ret;
+ }
ret = file_put_data(ef_keydev, kdata, key_size);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(&ecdsa);
@@ -333,7 +336,7 @@ int scan_files() {
ef_certdev = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF);
if (ef_certdev) {
if (!file_has_data(ef_certdev)) {
- uint8_t cert[4096];
+ uint8_t cert[2048];
mbedtls_ecdsa_context key;
mbedtls_ecdsa_init(&key);
int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1,
diff --git a/src/fido/fido.h b/src/fido/fido.h
index f12dc5d..aab14e8 100644
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@@ -18,13 +18,18 @@
#ifndef _FIDO_H_
#define _FIDO_H_
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
+#ifndef ESP_PLATFORM
#include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
+
#include "mbedtls/ecdsa.h"
#ifndef ENABLE_EMULATION
-#include "ctap_hid.h"
+#include "hid/ctap_hid.h"
#else
#include
#endif
diff --git a/src/fido/management.c b/src/fido/management.c
index f7590d0..26ae35e 100644
--- a/src/fido/management.c
+++ b/src/fido/management.c
@@ -43,7 +43,7 @@ int man_select(app_t *a) {
return CCID_OK;
}
-void __attribute__((constructor)) man_ctor() {
+INITIALIZER ( man_ctor ) {
register_app(man_select, man_aid);
}
@@ -82,9 +82,7 @@ int man_get_config() {
res_APDU[res_APDU_size++] = CAP_OTP | CAP_U2F | CAP_OATH;
res_APDU[res_APDU_size++] = TAG_SERIAL;
res_APDU[res_APDU_size++] = 4;
-#ifndef ENABLE_EMULATION
- pico_get_unique_board_id_string((char *) res_APDU + res_APDU_size, 4);
-#endif
+ memcpy(res_APDU + res_APDU_size, pico_serial.id, 4);
res_APDU_size += 4;
res_APDU[res_APDU_size++] = TAG_FORM_FACTOR;
res_APDU[res_APDU_size++] = 1;
diff --git a/src/fido/management.h b/src/fido/management.h
index 6a5ff0d..a8a6331 100644
--- a/src/fido/management.h
+++ b/src/fido/management.h
@@ -19,7 +19,7 @@
#define _MANAGEMENT_H_
#include
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
diff --git a/src/fido/oath.c b/src/fido/oath.c
index 03ee790..3bf212f 100644
--- a/src/fido/oath.c
+++ b/src/fido/oath.c
@@ -80,12 +80,7 @@ int oath_select(app_t *a) {
res_APDU[res_APDU_size++] = 0;
res_APDU[res_APDU_size++] = TAG_NAME;
res_APDU[res_APDU_size++] = 8;
-#ifndef ENABLE_EMULATION
- pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size));
- res_APDU_size += 8;
-#else
- memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8;
-#endif
+ memcpy(res_APDU + res_APDU_size, pico_serial_str, 8);
if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) {
random_gen(NULL, challenge, sizeof(challenge));
res_APDU[res_APDU_size++] = TAG_CHALLENGE;
@@ -109,7 +104,7 @@ int oath_select(app_t *a) {
return CCID_ERR_FILE_NOT_FOUND;
}
-void __attribute__((constructor)) oath_ctor() {
+INITIALIZER ( oath_ctor ) {
register_app(oath_select, oath_aid);
}
diff --git a/src/fido/otp.c b/src/fido/otp.c
index daee316..4198ac4 100644
--- a/src/fido/otp.c
+++ b/src/fido/otp.c
@@ -24,11 +24,12 @@
#include "asn1.h"
#include "hid/ctap_hid.h"
#include "usb.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "bsp/board.h"
#endif
#include "mbedtls/aes.h"
#include "management.h"
+#include "tusb.h"
#define FIXED_SIZE 16
#define KEY_SIZE 16
@@ -331,7 +332,7 @@ int otp_button_pressed(uint8_t slot) {
return 0;
}
-void __attribute__((constructor)) otp_ctor() {
+INITIALIZER( otp_ctor ) {
register_app(otp_select, otp_aid);
button_pressed_cb = otp_button_pressed;
#ifndef ENABLE_EMULATION
@@ -449,9 +450,7 @@ int cmd_otp() {
low_flash_available();
}
else if (p1 == 0x10) {
-#ifndef ENABLE_EMULATION
- pico_get_unique_board_id_string((char *) res_APDU, 4);
-#endif
+ memcpy(res_APDU, pico_serial.id, 4);
res_APDU_size = 4;
}
else if (p1 == 0x13) {
@@ -479,9 +478,7 @@ int cmd_otp() {
else if (p1 == 0x20 || p1 == 0x28) {
uint8_t challenge[16];
memcpy(challenge, apdu.data, 6);
-#ifndef ENABLE_EMULATION
- pico_get_unique_board_id_string((char *) challenge + 6, 10);
-#endif
+ memcpy(challenge + 6, pico_serial_str, 10);
mbedtls_aes_context ctx;
mbedtls_aes_init(&ctx);
mbedtls_aes_setkey_enc(&ctx, otp_config->aes_key, 128);
@@ -547,39 +544,41 @@ int otp_hid_set_report_cb(uint8_t itf,
uint8_t const *buffer,
uint16_t bufsize)
{
- if (report_type == 3) {
- DEBUG_PAYLOAD(buffer, bufsize);
- if (itf == ITF_KEYBOARD && buffer[7] == 0xFF) { // reset
- *get_send_buffer_size(ITF_KEYBOARD) = 0;
- otp_curr_seq = otp_exp_seq = 0;
- memset(otp_frame_tx, 0, sizeof(otp_frame_tx));
- }
- else if (buffer[7] & 0x80) { // a frame
- uint8_t rseq = buffer[7] & 0x1F;
- if (rseq < 10) {
- if (rseq == 0) {
- memset(otp_frame_rx, 0, sizeof(otp_frame_rx));
- }
- memcpy(otp_frame_rx + rseq * 7, buffer, 7);
- if (rseq == 9) {
- DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx));
- uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]);
- uint8_t slot_id = otp_frame_rx[64];
- if (residual_crc == rcrc) {
- apdu.data = otp_frame_rx;
- apdu.nc = 64;
- apdu.rdata = otp_frame_tx;
- apdu.header[0] = 0;
- apdu.header[1] = 0x01;
- apdu.header[2] = slot_id;
- apdu.header[3] = 0;
- int ret = otp_process_apdu();
- if (ret == 0x9000 && res_APDU_size > 0) {
- otp_send_frame(apdu.rdata, apdu.rlen);
- }
+ if (itf == ITF_KEYBOARD) {
+ if (report_type == 3) {
+ DEBUG_PAYLOAD(buffer, bufsize);
+ if (buffer[7] == 0xFF) { // reset
+ *get_send_buffer_size(ITF_KEYBOARD) = 0;
+ otp_curr_seq = otp_exp_seq = 0;
+ memset(otp_frame_tx, 0, sizeof(otp_frame_tx));
+ }
+ else if (buffer[7] & 0x80) { // a frame
+ uint8_t rseq = buffer[7] & 0x1F;
+ if (rseq < 10) {
+ if (rseq == 0) {
+ memset(otp_frame_rx, 0, sizeof(otp_frame_rx));
}
- else {
- printf("[OTP] Bad CRC!\n");
+ memcpy(otp_frame_rx + rseq * 7, buffer, 7);
+ if (rseq == 9) {
+ DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx));
+ uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]);
+ uint8_t slot_id = otp_frame_rx[64];
+ if (residual_crc == rcrc) {
+ apdu.data = otp_frame_rx;
+ apdu.nc = 64;
+ apdu.rdata = otp_frame_tx;
+ apdu.header[0] = 0;
+ apdu.header[1] = 0x01;
+ apdu.header[2] = slot_id;
+ apdu.header[3] = 0;
+ int ret = otp_process_apdu();
+ if (ret == 0x9000 && res_APDU_size > 0) {
+ otp_send_frame(apdu.rdata, apdu.rlen);
+ }
+ }
+ else {
+ printf("[OTP] Bad CRC!\n");
+ }
}
}
}