coelner/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido.git synced 2024-09-20 03:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: coelner:d1c6838a65efece284dc90185054f6db37c30d88
Branches Tags
coelner:main
coelner:development
coelner:eddsa
coelner:ctap1
coelner:v5.12-eddsa1
coelner:v5.12
coelner:v5.10
coelner:v5.8-eddsa1
coelner:v5.8
coelner:v5.6-eddsa1
coelner:v5.6
coelner:v5.4
coelner:v3.0
coelner:v2.10
coelner:v2.8
coelner:v2.6
coelner:v2.4
coelner:v2.2
coelner:v2.0
coelner:v1.2
coelner:v1.0
...
compare: coelner:27f1cb85f4ee7dd1158320bdd7cef8d9370efb42
Branches Tags
coelner:development
coelner:eddsa
coelner:main
coelner:ctap1
coelner:v5.12-eddsa1
coelner:v5.12
coelner:v5.10
coelner:v5.8-eddsa1
coelner:v5.8
coelner:v5.6-eddsa1
coelner:v5.6
coelner:v5.4
coelner:v3.0
coelner:v2.10
coelner:v2.8
coelner:v2.6
coelner:v2.4
coelner:v2.2
coelner:v2.0
coelner:v1.2
coelner:v1.0

7 Commits
d1c6838a65 ... 27f1cb85f4

Author SHA1 Message Date
zxkmm
27f1cb85f4
Merge 69e250921f into 902a988350 2024-08-24 14:56:22 -04:00
Pol Henarejos
902a988350
Fix memory cleanups. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-24 02:34:15 +02:00
Pol Henarejos
6256a9547d
Fix build emulation 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-24 00:11:40 +02:00
zxkmm
69e250921f gitignore 2024-03-27 11:16:56 +08:00
zxkmm
037dee3891 build script 2024-03-27 11:16:02 +08:00
zxkmm
0701c0841e gitkeep 2024-03-27 11:13:15 +08:00
zxkmm
c6c4b24910 submodule 2024-03-27 11:12:02 +08:00
14 changed files with 46 additions and 37 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
release
build_release

3
.gitmodules vendored
View File

@ -1,3 +1,6 @@
[submodule "pico-keys-sdk"]
path = pico-keys-sdk
url = https://github.com/polhenarejos/pico-keys-sdk
[submodule "pico-sdk"]
path = pico-sdk
url = https://github.com/raspberrypi/pico-sdk.git

1
CMakeLists.txt
View File

@ -157,6 +157,7 @@ if(ENABLE_EMULATION)
-Wl,--gc-sections
)
endif (APPLE)
target_link_libraries(pico_fido PRIVATE pthread m)
else()
pico_add_extra_outputs(pico_fido)
target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)

4
build_pico_fido.sh
View File

@ -50,7 +50,9 @@ for board in adafruit_feather_rp2040 \
wiznet_w5100s_evb_pico
do
rm -rf *
PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
# PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
PICO_SDK_PATH=../pico-sdk cmake .. -DPICO_BOARD=$board
make -kj20
mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2

0
build_release/.gitkeep Normal file
View File

1
pico-sdk Submodule

@ -0,0 +1 @@
Subproject commit 6a7db34ff63345a7badec79ebea3aaef1712f374

0
release/.gitkeep Normal file
View File

1
src/fido/cbor_config.c
View File

@ -205,6 +205,7 @@ int cbor_config(const uint8_t *data, size_t len) {
}
file_put_data(ef_minpin, dataf, (uint16_t)(2 + minPinLengthRPIDs_len * 32));
low_flash_available();
free(dataf);
goto err; //No return
}
else if (subcommand == 0x01) {

1
src/fido/cbor_cred_mgmt.c
View File

@ -435,6 +435,7 @@ err:
CBOR_FREE_BYTE_STRING(user.displayName);
CBOR_FREE_BYTE_STRING(user.parent.name);
CBOR_FREE_BYTE_STRING(credentialId.type);
CBOR_FREE_BYTE_STRING(credentialId.id);
for (size_t n = 0; n < credentialId.transports_len; n++) {
CBOR_FREE_BYTE_STRING(credentialId.transports[n]);
}

27
src/fido/cbor_get_assertion.c
View File

@ -397,16 +397,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
flags = flagsx;
selcred = &credsx[credentialCounter];
}
mbedtls_ecdsa_context ekey;
mbedtls_ecdsa_init(&ekey);
int ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey);
if (ret != 0) {
if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) {
mbedtls_ecdsa_free(&ekey);
CBOR_ERROR(CTAP1_ERR_OTHER);
}
}
int ret = 0;
uint8_t largeBlobKey[32];
if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey);
@ -529,6 +521,15 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
memcpy(pa, clientDataHash.data, clientDataHash.len);
uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
mbedtls_ecdsa_context ekey;
mbedtls_ecdsa_init(&ekey);
ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey);
if (ret != 0) {
if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) {
mbedtls_ecdsa_free(&ekey);
CBOR_ERROR(CTAP1_ERR_OTHER);
}
}
if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
}
@ -611,16 +612,20 @@ err:
CBOR_FREE_BYTE_STRING(clientDataHash);
CBOR_FREE_BYTE_STRING(pinUvAuthParam);
CBOR_FREE_BYTE_STRING(rpId);
CBOR_FREE_BYTE_STRING(kax);
CBOR_FREE_BYTE_STRING(kay);
CBOR_FREE_BYTE_STRING(salt_enc);
CBOR_FREE_BYTE_STRING(salt_auth);
if (asserted == false) {
for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
credential_free(&creds[i]);
}
}
for (size_t m = 0; m < allowList_len; m++) {
for (size_t m = 0; m < MAX_CREDENTIAL_COUNT_IN_LIST; m++) {
CBOR_FREE_BYTE_STRING(allowList[m].type);
CBOR_FREE_BYTE_STRING(allowList[m].id);
for (size_t n = 0; n < allowList[m].transports_len; n++) {
for (size_t n = 0; n < 8; n++) {
CBOR_FREE_BYTE_STRING(allowList[m].transports[n]);
}
}

9
src/fido/cbor_make_credential.c
View File

@ -291,8 +291,10 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
&ecred) == 0 &&
(ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED ||
(flags & FIDO2_AUT_FLAG_UV))) {
credential_free(&ecred);
CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
}
credential_free(&ecred);
}
if (extensions.largeBlobKey == pfalse ||
@ -510,11 +512,14 @@ err:
CBOR_FREE_BYTE_STRING(user.id);
CBOR_FREE_BYTE_STRING(user.displayName);
CBOR_FREE_BYTE_STRING(user.parent.name);
for (size_t n = 0; n < pubKeyCredParams_len; n++) {
if (extensions.present == true) {
CBOR_FREE_BYTE_STRING(extensions.credBlob);
}
for (size_t n = 0; n < MAX_CREDENTIAL_COUNT_IN_LIST; n++) {
CBOR_FREE_BYTE_STRING(pubKeyCredParams[n].type);
}
for (size_t m = 0; m < excludeList_len; m++) {
for (size_t m = 0; m < MAX_CREDENTIAL_COUNT_IN_LIST; m++) {
CBOR_FREE_BYTE_STRING(excludeList[m].type);
CBOR_FREE_BYTE_STRING(excludeList[m].id);
for (size_t n = 0; n < excludeList[m].transports_len; n++) {

1
src/fido/cmd_authenticate.c
View File

@ -50,6 +50,7 @@ int cmd_authenticate() {
ret = derive_key(req->appId, false, req->keyHandle, MBEDTLS_ECP_DP_SECP256R1, &key);
if (verify_key(req->appId, req->keyHandle, &key) != 0) {
mbedtls_ecdsa_free(&key);
free(tmp_kh);
return SW_INCORRECT_PARAMS();
}
}

30
src/fido/credential.c
View File

@ -41,14 +41,7 @@ int credential_verify(uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id
mbedtls_chachapoly_context chatx;
mbedtls_chachapoly_init(&chatx);
mbedtls_chachapoly_setkey(&chatx, key);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx,
cred_id_len - (4 + 12 + 16),
iv,
rp_id_hash,
32,
tag,
cipher,
cipher);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher);
mbedtls_chachapoly_free(&chatx);
return ret;
}
@ -83,8 +76,7 @@ int credential_create(CborCharString *rpId,
if (extensions->credBlob.present == true &&
extensions->credBlob.len < MAX_CREDBLOB_LENGTH) {
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credBlob"));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, extensions->credBlob.data,
extensions->credBlob.len));
CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, extensions->credBlob.data, extensions->credBlob.len));
}
if (extensions->credProtect != 0) {
CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credProtect"));
@ -130,11 +122,7 @@ int credential_create(CborCharString *rpId,
mbedtls_chachapoly_context chatx;
mbedtls_chachapoly_init(&chatx);
mbedtls_chachapoly_setkey(&chatx, key);
int ret = mbedtls_chachapoly_encrypt_and_tag(&chatx,
rs,
iv,
rp_id_hash,
32,
int ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, rs, iv, rp_id_hash, 32,
cred_id + 4 + 12,
cred_id + 4 + 12,
cred_id + 4 + 12 + rs);
@ -155,10 +143,7 @@ err:
return 0;
}
int credential_load(const uint8_t *cred_id,
size_t cred_id_len,
const uint8_t *rp_id_hash,
Credential *cred) {
int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred) {
int ret = 0;
CborError error = CborNoError;
uint8_t *copy_cred_id = (uint8_t *) calloc(1, cred_id_len);
@ -205,9 +190,7 @@ int credential_load(const uint8_t *cred_id,
CBOR_FIELD_KEY_TEXT_VAL_UINT(2, "credProtect", cred->extensions.credProtect);
CBOR_FIELD_KEY_TEXT_VAL_BYTES(2, "credBlob", cred->extensions.credBlob);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", cred->extensions.largeBlobKey);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2,
"thirdPartyPayment",
cred->extensions.thirdPartyPayment);
CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "thirdPartyPayment", cred->extensions.thirdPartyPayment);
CBOR_ADVANCE(2);
}
CBOR_PARSE_MAP_END(_f1, 2);
@ -258,6 +241,9 @@ void credential_free(Credential *cred) {
CBOR_FREE_BYTE_STRING(cred->userName);
CBOR_FREE_BYTE_STRING(cred->userDisplayName);
CBOR_FREE_BYTE_STRING(cred->id);
if (cred->extensions.present) {
CBOR_FREE_BYTE_STRING(cred->extensions.credBlob);
}
cred->present = false;
cred->extensions.present = false;
cred->opts.present = false;

3
src/fido/fido.c
View File

@ -168,6 +168,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe
MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
MBEDTLS_X509_KU_KEY_CERT_SIGN);
int ret = mbedtls_x509write_crt_der(&ctx, buffer, buffer_size, random_gen, NULL);
mbedtls_x509write_crt_free(&ctx);
/* pk cannot be freed, as it is freed later */
//mbedtls_pk_free(&key);
return ret;
@ -206,7 +207,7 @@ int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_con
uint8_t hmac[32], d[32];
size_t olen = 0;
int ret = mbedtls_ecp_write_key_ext(key, &olen, d, sizeof(d));
if (key == NULL) {
if (key == &ctx) {
mbedtls_ecdsa_free(&ctx);
}
if (ret != 0) {