From 1b4dd9bed09452cc5fc201a5e4c879a01f943504 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 18 Aug 2024 23:53:18 +0200 Subject: [PATCH] Fix ESP32 build. Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 7 +++- src/fido/cbor_client_pin.c | 6 ++- src/fido/cbor_get_assertion.c | 2 +- src/fido/cbor_reset.c | 5 ++- src/fido/cbor_vendor.c | 18 +------- src/fido/cmd_register.c | 2 +- src/fido/credential.c | 2 +- src/fido/ctap2_cbor.h | 4 ++ src/fido/fido.c | 17 ++++---- src/fido/fido.h | 9 +++- src/fido/management.c | 6 +-- src/fido/management.h | 2 +- src/fido/oath.c | 9 +--- src/fido/otp.c | 79 +++++++++++++++++------------------ 14 files changed, 83 insertions(+), 85 deletions(-) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 9483d44..3dd7fc1 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -15,7 +15,7 @@ * along with this program. If not, see . */ -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif #include "hid/ctap_hid.h" @@ -130,6 +130,9 @@ void cbor_thread() { uint32_t flag = EV_EXEC_FINISHED; queue_add_blocking(&card_to_usb_q, &flag); } +#ifdef ESP_PLATFORM + vTaskDelete(NULL); +#endif } #endif @@ -139,7 +142,7 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { cmd = last_cmd; res_APDU = ctap_resp->init.data + 1; res_APDU_size = 0; - return 1; + return 2; // CBOR processing } CborError COSE_key_params(int crv, diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 0e3d6e9..2d324da 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -15,7 +15,11 @@ * along with this program. If not, see . */ +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif #include "mbedtls/ecp.h" #include "mbedtls/ecdh.h" #include "mbedtls/sha256.h" @@ -23,7 +27,7 @@ #include "cbor.h" #include "ctap.h" #include "ctap2_cbor.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 87c6363..aa22e3b 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -17,7 +17,7 @@ #include "cbor.h" #include "ctap.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/cbor_reset.c b/src/fido/cbor_reset.c index 62b17a9..b3a07d5 100644 --- a/src/fido/cbor_reset.c +++ b/src/fido/cbor_reset.c @@ -18,9 +18,12 @@ #include "file.h" #include "fido.h" #include "ctap.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif +#ifdef ESP_PLATFORM +#include "esp_compat.h" +#endif extern void scan_all(); diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index d1b6f54..3b78c01 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -256,27 +256,11 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { mbedtls_ecdsa_free(&ekey); CBOR_ERROR(CTAP2_ERR_PROCESSING); } -#ifndef ENABLE_EMULATION - pico_unique_board_id_t rpiid; - pico_get_unique_board_id(&rpiid); -#else - struct { - uint8_t id[8]; - } rpiid = { 0 }; -#endif mbedtls_x509write_csr ctx; mbedtls_x509write_csr_init(&ctx); snprintf((char *) buffer, sizeof(buffer), - "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %02x%02x%02x%02x%02x%02x%02x%02x", - rpiid.id[0], - rpiid.id[1], - rpiid.id[2], - rpiid.id[3], - rpiid.id[4], - rpiid.id[5], - rpiid.id[6], - rpiid.id[7]); + "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str); mbedtls_x509write_csr_set_subject_name(&ctx, (char *) buffer); mbedtls_pk_context key; mbedtls_pk_init(&key); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 7962719..237f70f 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -41,7 +41,7 @@ int u2f_select(app_t *a) { return CCID_ERR_FILE_NOT_FOUND; } -void __attribute__((constructor)) u2f_ctor() { +INITIALIZER ( u2f_ctor ) { register_app(u2f_select, u2f_aid); } diff --git a/src/fido/credential.c b/src/fido/credential.c index ea44ebb..f1f1994 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -18,7 +18,7 @@ #include "mbedtls/chachapoly.h" #include "mbedtls/sha256.h" #include "credential.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h index 9a8c8d1..84723da 100644 --- a/src/fido/ctap2_cbor.h +++ b/src/fido/ctap2_cbor.h @@ -19,7 +19,11 @@ #define _CTAP2_CBOR_H_ #include "cbor.h" +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif #include "mbedtls/ecp.h" #include "mbedtls/ecdh.h" diff --git a/src/fido/fido.c b/src/fido/fido.c index 1adf712..3f772cf 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -27,12 +27,12 @@ #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) #include "ccid/ccid.h" #endif -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include #include "management.h" -#include "ctap_hid.h" +#include "hid/ctap_hid.h" #include "version.h" int fido_process_apdu(); @@ -79,7 +79,7 @@ extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t); extern void cbor_thread(); extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len); -void __attribute__((constructor)) fido_ctor() { +INITIALIZER ( fido_ctor ) { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) ccid_atr = atr_fido; #endif @@ -315,9 +315,12 @@ int scan_files() { mbedtls_ecdsa_free(&ecdsa); return ret; } - uint8_t kdata[32]; - int key_size = mbedtls_mpi_size(&ecdsa.d); - mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size); + uint8_t kdata[64]; + size_t key_size = 0; + ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata)); + if (ret != CCID_OK) { + return ret; + } ret = file_put_data(ef_keydev, kdata, key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); @@ -333,7 +336,7 @@ int scan_files() { ef_certdev = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF); if (ef_certdev) { if (!file_has_data(ef_certdev)) { - uint8_t cert[4096]; + uint8_t cert[2048]; mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, diff --git a/src/fido/fido.h b/src/fido/fido.h index f12dc5d..aab14e8 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -18,13 +18,18 @@ #ifndef _FIDO_H_ #define _FIDO_H_ -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif + #include "mbedtls/ecdsa.h" #ifndef ENABLE_EMULATION -#include "ctap_hid.h" +#include "hid/ctap_hid.h" #else #include #endif diff --git a/src/fido/management.c b/src/fido/management.c index f7590d0..26ae35e 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -43,7 +43,7 @@ int man_select(app_t *a) { return CCID_OK; } -void __attribute__((constructor)) man_ctor() { +INITIALIZER ( man_ctor ) { register_app(man_select, man_aid); } @@ -82,9 +82,7 @@ int man_get_config() { res_APDU[res_APDU_size++] = CAP_OTP | CAP_U2F | CAP_OATH; res_APDU[res_APDU_size++] = TAG_SERIAL; res_APDU[res_APDU_size++] = 4; -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) res_APDU + res_APDU_size, 4); -#endif + memcpy(res_APDU + res_APDU_size, pico_serial.id, 4); res_APDU_size += 4; res_APDU[res_APDU_size++] = TAG_FORM_FACTOR; res_APDU[res_APDU_size++] = 1; diff --git a/src/fido/management.h b/src/fido/management.h index 6a5ff0d..a8a6331 100644 --- a/src/fido/management.h +++ b/src/fido/management.h @@ -19,7 +19,7 @@ #define _MANAGEMENT_H_ #include -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif diff --git a/src/fido/oath.c b/src/fido/oath.c index 03ee790..3bf212f 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -80,12 +80,7 @@ int oath_select(app_t *a) { res_APDU[res_APDU_size++] = 0; res_APDU[res_APDU_size++] = TAG_NAME; res_APDU[res_APDU_size++] = 8; -#ifndef ENABLE_EMULATION - pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); - res_APDU_size += 8; -#else - memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; -#endif + memcpy(res_APDU + res_APDU_size, pico_serial_str, 8); if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { random_gen(NULL, challenge, sizeof(challenge)); res_APDU[res_APDU_size++] = TAG_CHALLENGE; @@ -109,7 +104,7 @@ int oath_select(app_t *a) { return CCID_ERR_FILE_NOT_FOUND; } -void __attribute__((constructor)) oath_ctor() { +INITIALIZER ( oath_ctor ) { register_app(oath_select, oath_aid); } diff --git a/src/fido/otp.c b/src/fido/otp.c index daee316..4198ac4 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -24,11 +24,12 @@ #include "asn1.h" #include "hid/ctap_hid.h" #include "usb.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "mbedtls/aes.h" #include "management.h" +#include "tusb.h" #define FIXED_SIZE 16 #define KEY_SIZE 16 @@ -331,7 +332,7 @@ int otp_button_pressed(uint8_t slot) { return 0; } -void __attribute__((constructor)) otp_ctor() { +INITIALIZER( otp_ctor ) { register_app(otp_select, otp_aid); button_pressed_cb = otp_button_pressed; #ifndef ENABLE_EMULATION @@ -449,9 +450,7 @@ int cmd_otp() { low_flash_available(); } else if (p1 == 0x10) { -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) res_APDU, 4); -#endif + memcpy(res_APDU, pico_serial.id, 4); res_APDU_size = 4; } else if (p1 == 0x13) { @@ -479,9 +478,7 @@ int cmd_otp() { else if (p1 == 0x20 || p1 == 0x28) { uint8_t challenge[16]; memcpy(challenge, apdu.data, 6); -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) challenge + 6, 10); -#endif + memcpy(challenge + 6, pico_serial_str, 10); mbedtls_aes_context ctx; mbedtls_aes_init(&ctx); mbedtls_aes_setkey_enc(&ctx, otp_config->aes_key, 128); @@ -547,39 +544,41 @@ int otp_hid_set_report_cb(uint8_t itf, uint8_t const *buffer, uint16_t bufsize) { - if (report_type == 3) { - DEBUG_PAYLOAD(buffer, bufsize); - if (itf == ITF_KEYBOARD && buffer[7] == 0xFF) { // reset - *get_send_buffer_size(ITF_KEYBOARD) = 0; - otp_curr_seq = otp_exp_seq = 0; - memset(otp_frame_tx, 0, sizeof(otp_frame_tx)); - } - else if (buffer[7] & 0x80) { // a frame - uint8_t rseq = buffer[7] & 0x1F; - if (rseq < 10) { - if (rseq == 0) { - memset(otp_frame_rx, 0, sizeof(otp_frame_rx)); - } - memcpy(otp_frame_rx + rseq * 7, buffer, 7); - if (rseq == 9) { - DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx)); - uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); - uint8_t slot_id = otp_frame_rx[64]; - if (residual_crc == rcrc) { - apdu.data = otp_frame_rx; - apdu.nc = 64; - apdu.rdata = otp_frame_tx; - apdu.header[0] = 0; - apdu.header[1] = 0x01; - apdu.header[2] = slot_id; - apdu.header[3] = 0; - int ret = otp_process_apdu(); - if (ret == 0x9000 && res_APDU_size > 0) { - otp_send_frame(apdu.rdata, apdu.rlen); - } + if (itf == ITF_KEYBOARD) { + if (report_type == 3) { + DEBUG_PAYLOAD(buffer, bufsize); + if (buffer[7] == 0xFF) { // reset + *get_send_buffer_size(ITF_KEYBOARD) = 0; + otp_curr_seq = otp_exp_seq = 0; + memset(otp_frame_tx, 0, sizeof(otp_frame_tx)); + } + else if (buffer[7] & 0x80) { // a frame + uint8_t rseq = buffer[7] & 0x1F; + if (rseq < 10) { + if (rseq == 0) { + memset(otp_frame_rx, 0, sizeof(otp_frame_rx)); } - else { - printf("[OTP] Bad CRC!\n"); + memcpy(otp_frame_rx + rseq * 7, buffer, 7); + if (rseq == 9) { + DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx)); + uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); + uint8_t slot_id = otp_frame_rx[64]; + if (residual_crc == rcrc) { + apdu.data = otp_frame_rx; + apdu.nc = 64; + apdu.rdata = otp_frame_tx; + apdu.header[0] = 0; + apdu.header[1] = 0x01; + apdu.header[2] = slot_id; + apdu.header[3] = 0; + int ret = otp_process_apdu(); + if (ret == 0x9000 && res_APDU_size > 0) { + otp_send_frame(apdu.rdata, apdu.rlen); + } + } + else { + printf("[OTP] Bad CRC!\n"); + } } } }