mirror of
https://github.com/polhenarejos/pico-fido.git
synced 2024-09-20 11:20:10 +00:00
Reorganizing core0/core1 split.
Now CBOR and APDU (i.e., intensive processing) areas are executed on core1, while core0 is dedicated for hardware tasks (usb, button, led, etc.).
This commit is contained in:
parent
8feac76a73
commit
a3c60f762d
@ -22,14 +22,17 @@
|
|||||||
#include "ctap_hid.h"
|
#include "ctap_hid.h"
|
||||||
#include "fido.h"
|
#include "fido.h"
|
||||||
#include "hsm.h"
|
#include "hsm.h"
|
||||||
|
#include "usb.h"
|
||||||
|
#include "apdu.h"
|
||||||
|
|
||||||
const bool _btrue = true, _bfalse = false;
|
const bool _btrue = true, _bfalse = false;
|
||||||
|
|
||||||
const uint8_t aaguid[16] = {0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45}; // First 16 bytes of SHA256("Pico FIDO2")
|
const uint8_t aaguid[16] = {0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45}; // First 16 bytes of SHA256("Pico FIDO2")
|
||||||
|
|
||||||
int cbor_process(const uint8_t *data, size_t len) {
|
const uint8_t *cbor_data = NULL;
|
||||||
if (scan_files() != CCID_OK)
|
size_t cbor_len = 0;
|
||||||
return -CTAP1_ERR_OTHER;
|
|
||||||
|
int cbor_parse(const uint8_t *data, size_t len) {
|
||||||
if (len == 0)
|
if (len == 0)
|
||||||
return -CTAP1_ERR_INVALID_LEN;
|
return -CTAP1_ERR_INVALID_LEN;
|
||||||
driver_prepare_response();
|
driver_prepare_response();
|
||||||
@ -43,3 +46,30 @@ int cbor_process(const uint8_t *data, size_t len) {
|
|||||||
return cbor_client_pin(data + 1, len - 1);
|
return cbor_client_pin(data + 1, len - 1);
|
||||||
return -CTAP2_ERR_INVALID_CBOR;
|
return -CTAP2_ERR_INVALID_CBOR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void cbor_thread() {
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
uint32_t m;
|
||||||
|
queue_remove_blocking(&usb_to_card_q, &m);
|
||||||
|
|
||||||
|
if (m == EV_EXIT) {
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
apdu.sw = cbor_parse(cbor_data, cbor_len);
|
||||||
|
|
||||||
|
finished_data_size = res_APDU_size+1;
|
||||||
|
uint32_t flag = EV_EXEC_FINISHED;
|
||||||
|
queue_add_blocking(&card_to_usb_q, &flag);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int cbor_process(const uint8_t *data, size_t len) {
|
||||||
|
cbor_data = data;
|
||||||
|
cbor_len = len;
|
||||||
|
res_APDU = ctap_resp->init.data + 1;
|
||||||
|
res_APDU_size = 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
@ -92,7 +92,7 @@ int regenerate() {
|
|||||||
mbedtls_ecdh_init(&hkey);
|
mbedtls_ecdh_init(&hkey);
|
||||||
hkey_init = true;
|
hkey_init = true;
|
||||||
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
||||||
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen_core0, NULL);
|
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
|
||||||
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
@ -121,7 +121,7 @@ int kdf(uint8_t protocol, const mbedtls_mpi *z, uint8_t *sharedSecret) {
|
|||||||
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
||||||
mbedtls_mpi z;
|
mbedtls_mpi z;
|
||||||
mbedtls_mpi_init(&z);
|
mbedtls_mpi_init(&z);
|
||||||
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, Q, &hkey.ctx.mbed_ecdh.d, random_gen_core0, NULL);
|
int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, Q, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
|
||||||
ret = kdf(protocol, &z, sharedSecret);
|
ret = kdf(protocol, &z, sharedSecret);
|
||||||
mbedtls_mpi_free(&z);
|
mbedtls_mpi_free(&z);
|
||||||
return ret;
|
return ret;
|
||||||
@ -129,7 +129,7 @@ int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
|
|||||||
|
|
||||||
int resetPinUvAuthToken() {
|
int resetPinUvAuthToken() {
|
||||||
uint8_t t[32];
|
uint8_t t[32];
|
||||||
random_gen_core0(NULL, t, sizeof(t));
|
random_gen(NULL, t, sizeof(t));
|
||||||
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
|
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
|
||||||
paut.permissions = 0;
|
paut.permissions = 0;
|
||||||
paut.data = file_get_data(ef_authtoken);
|
paut.data = file_get_data(ef_authtoken);
|
||||||
@ -145,7 +145,7 @@ int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_l
|
|||||||
return aes_encrypt(key, NULL, 32*8, HSM_AES_MODE_CBC, out, in_len);
|
return aes_encrypt(key, NULL, 32*8, HSM_AES_MODE_CBC, out, in_len);
|
||||||
}
|
}
|
||||||
else if (protocol == 2) {
|
else if (protocol == 2) {
|
||||||
random_gen_core0(NULL, out, IV_SIZE);
|
random_gen(NULL, out, IV_SIZE);
|
||||||
memcpy(out + IV_SIZE, in, in_len);
|
memcpy(out + IV_SIZE, in, in_len);
|
||||||
return aes_encrypt(key+32, out, 32*8, HSM_AES_MODE_CBC, out+IV_SIZE, in_len);
|
return aes_encrypt(key+32, out, 32*8, HSM_AES_MODE_CBC, out+IV_SIZE, in_len);
|
||||||
}
|
}
|
||||||
@ -315,7 +315,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3));
|
||||||
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256));
|
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ECDH_ES_HKDF_256));
|
||||||
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1));
|
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1));
|
||||||
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256));
|
CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256));
|
||||||
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2));
|
CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2));
|
||||||
@ -338,7 +338,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2)
|
if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2)
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
if (file_has_data(ef_pin))
|
if (file_has_data(ef_pin))
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
|
||||||
if (newPinEnc.len != 64)
|
if (newPinEnc.len != 64)
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) {
|
if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) {
|
||||||
@ -438,7 +438,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
|
|||||||
if (paddedNewPin[63] != 0)
|
if (paddedNewPin[63] != 0)
|
||||||
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
|
||||||
uint8_t pin_len = 0;
|
uint8_t pin_len = 0;
|
||||||
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(pin_len))
|
while (paddedNewPin[pin_len] != 0 && pin_len < sizeof(paddedNewPin))
|
||||||
pin_len++;
|
pin_len++;
|
||||||
if (pin_len < 4)
|
if (pin_len < 4)
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
|
||||||
@ -520,9 +520,9 @@ err:
|
|||||||
CBOR_FREE_BYTE_STRING(rpId);
|
CBOR_FREE_BYTE_STRING(rpId);
|
||||||
if (error != CborNoError) {
|
if (error != CborNoError) {
|
||||||
if (error == CborErrorImproperValue)
|
if (error == CborErrorImproperValue)
|
||||||
return -CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
||||||
return -error;
|
return error;
|
||||||
}
|
}
|
||||||
driver_exec_finished(1+resp_size);
|
res_APDU_size = resp_size;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -19,6 +19,7 @@
|
|||||||
#include "fido.h"
|
#include "fido.h"
|
||||||
#include "ctap.h"
|
#include "ctap.h"
|
||||||
#include "files.h"
|
#include "files.h"
|
||||||
|
#include "apdu.h"
|
||||||
|
|
||||||
int cbor_get_info() {
|
int cbor_get_info() {
|
||||||
CborEncoder encoder, mapEncoder, arrayEncoder;
|
CborEncoder encoder, mapEncoder, arrayEncoder;
|
||||||
@ -78,7 +79,6 @@ int cbor_get_info() {
|
|||||||
err:
|
err:
|
||||||
if (error != CborNoError)
|
if (error != CborNoError)
|
||||||
return -CTAP2_ERR_INVALID_CBOR;
|
return -CTAP2_ERR_INVALID_CBOR;
|
||||||
size_t rs = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
|
res_APDU_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1);
|
||||||
driver_exec_finished(rs + 1);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -161,7 +161,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
|
|
||||||
uint8_t rp_id_hash[32];
|
uint8_t rp_id_hash[32];
|
||||||
mbedtls_sha256((uint8_t *)rp.id.data, rp.id.len, rp_id_hash, 0);
|
mbedtls_sha256((uint8_t *)rp.id.data, rp.id.len, rp_id_hash, 0);
|
||||||
|
printf("IEEEEEE 1\n");
|
||||||
int curve = -1, alg = 0;
|
int curve = -1, alg = 0;
|
||||||
if (pubKeyCredParams_len == 0)
|
if (pubKeyCredParams_len == 0)
|
||||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||||
@ -191,7 +191,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
|
|
||||||
if (pinUvAuthParam.present == true) {
|
if (pinUvAuthParam.present == true) {
|
||||||
if (pinUvAuthParam.len == 0 || pinUvAuthParam.data == NULL) {
|
if (pinUvAuthParam.len == 0 || pinUvAuthParam.data == NULL) {
|
||||||
if (wait_button() == true)
|
if (check_user_presence() == false)
|
||||||
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
|
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
|
||||||
if (!file_has_data(ef_pin))
|
if (!file_has_data(ef_pin))
|
||||||
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
CBOR_ERROR(CTAP2_ERR_PIN_NOT_SET);
|
||||||
@ -230,7 +230,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
|
||||||
//Check pinUvAuthToken permissions. See 6.1.2.11
|
//Check pinUvAuthToken permissions. See 6.1.2.11
|
||||||
}
|
}
|
||||||
|
printf("IEEEEEE 2\n");
|
||||||
for (int e = 0; e < excludeList_len; e++) { //12.1
|
for (int e = 0; e < excludeList_len; e++) { //12.1
|
||||||
if (excludeList[e].type.present == false || excludeList[e].id.present == false)
|
if (excludeList[e].type.present == false || excludeList[e].id.present == false)
|
||||||
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
|
||||||
@ -241,7 +241,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (pinUvAuthParam.present && options.up == ptrue) { //14.1
|
if (pinUvAuthParam.present && options.up == ptrue) { //14.1
|
||||||
if (wait_button_pressed() == true)
|
if (check_user_presence() == false)
|
||||||
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
|
CBOR_ERROR(CTAP2_ERR_OPERATION_DENIED);
|
||||||
//rup = ptrue;
|
//rup = ptrue;
|
||||||
}
|
}
|
||||||
@ -272,7 +272,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
uint8_t key[32];
|
uint8_t key[32];
|
||||||
memset(key, 0, sizeof(key));
|
memset(key, 0, sizeof(key));
|
||||||
uint8_t iv[12];
|
uint8_t iv[12];
|
||||||
random_gen_core0(NULL, iv, sizeof(12));
|
random_gen(NULL, iv, sizeof(12));
|
||||||
mbedtls_chachapoly_context chatx;
|
mbedtls_chachapoly_context chatx;
|
||||||
mbedtls_chachapoly_init(&chatx);
|
mbedtls_chachapoly_init(&chatx);
|
||||||
mbedtls_chachapoly_setkey(&chatx, key);
|
mbedtls_chachapoly_setkey(&chatx, key);
|
||||||
@ -298,7 +298,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
mbedtls_curve = MBEDTLS_ECP_DP_CURVE448;
|
mbedtls_curve = MBEDTLS_ECP_DP_CURVE448;
|
||||||
else
|
else
|
||||||
CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_ALGORITHM);
|
CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_ALGORITHM);
|
||||||
|
printf("IEEEEEE 3\n");
|
||||||
mbedtls_ecdsa_context ekey;
|
mbedtls_ecdsa_context ekey;
|
||||||
mbedtls_ecdsa_init(&ekey);
|
mbedtls_ecdsa_init(&ekey);
|
||||||
uint8_t key_path[KEY_PATH_LEN];
|
uint8_t key_path[KEY_PATH_LEN];
|
||||||
@ -362,7 +362,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
|
|
||||||
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
||||||
rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf);
|
rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf);
|
||||||
|
printf("IEEEEEE 4\n");
|
||||||
size_t aut_data_len = 32 + 1 + 4 + (16 + 2 + cred_id_len + rs) + ext_len;
|
size_t aut_data_len = 32 + 1 + 4 + (16 + 2 + cred_id_len + rs) + ext_len;
|
||||||
aut_data = (uint8_t *)calloc(1, aut_data_len + clientDataHash.len);
|
aut_data = (uint8_t *)calloc(1, aut_data_len + clientDataHash.len);
|
||||||
uint8_t *pa = aut_data;
|
uint8_t *pa = aut_data;
|
||||||
@ -393,9 +393,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32);
|
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32);
|
||||||
self_attestation = false;
|
self_attestation = false;
|
||||||
}
|
}
|
||||||
ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen_core0, NULL);
|
ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen, NULL);
|
||||||
mbedtls_ecdsa_free(&ekey);
|
mbedtls_ecdsa_free(&ekey);
|
||||||
|
printf("IEEEEEE 5\n");
|
||||||
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
|
cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
|
||||||
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 3));
|
CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 3));
|
||||||
|
|
||||||
@ -421,7 +421,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
|
|
||||||
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
|
||||||
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
|
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
|
||||||
|
printf("IEEEEEE 6\n");
|
||||||
err:
|
err:
|
||||||
CBOR_FREE_BYTE_STRING(clientDataHash);
|
CBOR_FREE_BYTE_STRING(clientDataHash);
|
||||||
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
|
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
|
||||||
@ -447,10 +447,10 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
|
|||||||
free(cred_id);
|
free(cred_id);
|
||||||
if (error != CborNoError) {
|
if (error != CborNoError) {
|
||||||
if (error == CborErrorImproperValue)
|
if (error == CborErrorImproperValue)
|
||||||
return -CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
|
||||||
return -error;
|
return error;
|
||||||
}
|
}
|
||||||
driver_exec_finished(1+resp_size);
|
res_APDU_size = resp_size;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,12 +19,12 @@
|
|||||||
#include "ctap2_cbor.h"
|
#include "ctap2_cbor.h"
|
||||||
#include "file.h"
|
#include "file.h"
|
||||||
#include "fido.h"
|
#include "fido.h"
|
||||||
|
#include "apdu.h"
|
||||||
|
|
||||||
extern void scan_all();
|
extern void scan_all();
|
||||||
|
|
||||||
int cbor_reset() {
|
int cbor_reset() {
|
||||||
initialize_flash(true);
|
initialize_flash(true);
|
||||||
scan_all();
|
scan_all();
|
||||||
driver_exec_finished(1);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -221,6 +221,7 @@ int scan_files() {
|
|||||||
|
|
||||||
void scan_all() {
|
void scan_all() {
|
||||||
scan_flash();
|
scan_flash();
|
||||||
|
scan_files();
|
||||||
}
|
}
|
||||||
|
|
||||||
void init_fido() {
|
void init_fido() {
|
||||||
@ -240,7 +241,7 @@ uint32_t user_present_time_limit = 0;
|
|||||||
|
|
||||||
bool check_user_presence() {
|
bool check_user_presence() {
|
||||||
if (user_present_time_limit == 0 || user_present_time_limit+TRANSPORT_TIME_LIMIT < board_millis()) {
|
if (user_present_time_limit == 0 || user_present_time_limit+TRANSPORT_TIME_LIMIT < board_millis()) {
|
||||||
if (wait_button() == true) //timeout
|
if (wait_button_pressed() == true) //timeout
|
||||||
return false;
|
return false;
|
||||||
user_present_time_limit = board_millis();
|
user_present_time_limit = board_millis();
|
||||||
}
|
}
|
||||||
|
@ -34,11 +34,13 @@ extern int scan_files();
|
|||||||
extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, mbedtls_ecdsa_context *key);
|
extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, mbedtls_ecdsa_context *key);
|
||||||
extern bool wait_button_pressed();
|
extern bool wait_button_pressed();
|
||||||
extern CTAPHID_FRAME *ctap_req, *ctap_resp;
|
extern CTAPHID_FRAME *ctap_req, *ctap_resp;
|
||||||
|
extern void init_fido();
|
||||||
|
|
||||||
#define FIDO2_ALG_ES256 -7 //ECDSA-SHA256 P256
|
#define FIDO2_ALG_ES256 -7 //ECDSA-SHA256 P256
|
||||||
#define FIDO2_ALG_EDDSA -8 //EdDSA
|
#define FIDO2_ALG_EDDSA -8 //EdDSA
|
||||||
#define FIDO2_ALG_ES384 -35 //ECDSA-SHA384 P384
|
#define FIDO2_ALG_ES384 -35 //ECDSA-SHA384 P384
|
||||||
#define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 P521
|
#define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 P521
|
||||||
|
#define FIDO2_ALG_ECDH_ES_HKDF_256 -25 //ECDH-ES + HKDF-256
|
||||||
|
|
||||||
#define FIDO2_CURVE_P256 1
|
#define FIDO2_CURVE_P256 1
|
||||||
#define FIDO2_CURVE_P384 2
|
#define FIDO2_CURVE_P384 2
|
||||||
|
Loading…
Reference in New Issue
Block a user