From 0ff987061297d497de156680502bf3b91f17ca2e Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 18 May 2019 21:26:18 -0400 Subject: [PATCH 01/79] add interface descriptor --- targets/stm32l432/lib/usbd/usbd_composite.c | 79 ++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) diff --git a/targets/stm32l432/lib/usbd/usbd_composite.c b/targets/stm32l432/lib/usbd/usbd_composite.c index a1a868c..ed41812 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.c +++ b/targets/stm32l432/lib/usbd/usbd_composite.c @@ -26,8 +26,10 @@ static uint8_t *USBD_Composite_GetOtherSpeedCfgDesc (uint16_t *length); static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length); -#define NUM_INTERFACES 2 +#define NUM_INTERFACES 3 +#if NUM_INTERFACES>2 +#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90) #if NUM_INTERFACES>1 #define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90) #else @@ -168,6 +170,81 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ 0x00, /* bInterval: ignore for Bulk transfer */ #endif +#if NUM_INTERFACES>2 + +/* CCID Interface Descriptor */ +9, /* bLength: Interface Descriptor size */ +USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ +0, /* bInterfaceNumber: CCID Interface */ +0, /* Alternate setting for this interface */ +3, /* bNumEndpoints: Bulk-IN, Bulk-OUT, Intr-IN */ +0x0B, /* CCID class */ +0x00, /* CCID subclass */ +0x00, /* CCID protocol */ +0, /* string index for interface */ + +/* ICC Descriptor */ +54, /* bLength: */ +0x21, /* bDescriptorType: USBDESCR_ICC */ +0x10, 0x01, /* bcdCCID: revision 1.1 (of CCID) */ +0, /* bMaxSlotIndex: */ +1, /* bVoltageSupport: 5V-only */ +0x02, 0, 0, 0, /* dwProtocols: T=1 */ +0xa0, 0x0f, 0, 0, /* dwDefaultClock: 4000 */ +0xa0, 0x0f, 0, 0, /* dwMaximumClock: 4000 */ +0, /* bNumClockSupported: 0x00 */ +0x80, 0x25, 0, 0, /* dwDataRate: 9600 */ +0x80, 0x25, 0, 0, /* dwMaxDataRate: 9600 */ +0, /* bNumDataRateSupported: 0x00 */ +0xfe, 0, 0, 0, /* dwMaxIFSD: 254 */ +0, 0, 0, 0, /* dwSynchProtocols: 0 */ +0, 0, 0, 0, /* dwMechanical: 0 */ +0x7a, 0x04, 0x02, 0x00, /* dwFeatures: + * Short and extended APDU level: 0x40000 ---- + * Short APDU level : 0x20000 * + * (ICCD?) : 0x00800 ---- + * Automatic IFSD : 0x00400 * + * NAD value other than 0x00 : 0x00200 + * Can set ICC in clock stop : 0x00100 + * Automatic PPS CUR : 0x00080 + * Automatic PPS PROP : 0x00040 * + * Auto baud rate change : 0x00020 * + * Auto clock change : 0x00010 * + * Auto voltage selection : 0x00008 * + * Auto activaction of ICC : 0x00004 + * Automatic conf. based on ATR : 0x00002 * + */ +0x0f, 0x01, 0, 0, /* dwMaxCCIDMessageLength: 271 */ +0xff, /* bClassGetResponse: 0xff */ +0x00, /* bClassEnvelope: 0 */ +0, 0, /* wLCDLayout: 0 */ +0, /* bPinSupport: No PIN pad */ + +1, /* bMaxCCIDBusySlots: 1 */ +/*Endpoint IN1 Descriptor*/ +7, /* bLength: Endpoint Descriptor size */ +USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ +0x81, /* bEndpointAddress: (IN1) */ +0x02, /* bmAttributes: Bulk */ +HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ +0x00, /* bInterval */ +/*Endpoint OUT1 Descriptor*/ +7, /* bLength: Endpoint Descriptor size */ +USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ +0x01, /* bEndpointAddress: (OUT1) */ +0x02, /* bmAttributes: Bulk */ +HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ +0x00, /* bInterval */ +/*Endpoint IN2 Descriptor*/ +7, /* bLength: Endpoint Descriptor size */ +USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ +0x82, /* bEndpointAddress: (IN2) */ +0x03, /* bmAttributes: Interrupt */ +0x04, 0x00, /* wMaxPacketSize: 4 */ +0xFF, /* bInterval (255ms) */ + +#endif + }; From 4fad28ea470aff8656a5665c41138e67890e7a26 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 18 May 2019 21:47:51 -0400 Subject: [PATCH 02/79] compile new class --- targets/stm32l432/lib/usbd/usbd_ccid.h | 8 ++++++++ targets/stm32l432/lib/usbd/usbd_composite.c | 11 ++++++----- targets/stm32l432/lib/usbd/usbd_conf.c | 16 +++++++++++----- 3 files changed, 25 insertions(+), 10 deletions(-) create mode 100644 targets/stm32l432/lib/usbd/usbd_ccid.h diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.h b/targets/stm32l432/lib/usbd/usbd_ccid.h new file mode 100644 index 0000000..ce38be1 --- /dev/null +++ b/targets/stm32l432/lib/usbd/usbd_ccid.h @@ -0,0 +1,8 @@ +#ifndef _USBD_H_ +#define _USBD_H_ + +#define CCID_IN_EP 0x84U /* EP1 for data IN */ +#define CCID_OUT_EP 0x04U /* EP1 for data OUT */ +#define CCID_CMD_EP 0x85U /* EP2 for CDC commands */ + +#endif diff --git a/targets/stm32l432/lib/usbd/usbd_composite.c b/targets/stm32l432/lib/usbd/usbd_composite.c index ed41812..cf820d2 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.c +++ b/targets/stm32l432/lib/usbd/usbd_composite.c @@ -2,6 +2,7 @@ #include "usbd_desc.h" #include "usbd_hid.h" #include "usbd_cdc.h" +#include "usbd_ccid.h" #include "usbd_ctlreq.h" static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx); @@ -29,8 +30,8 @@ static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length); #define NUM_INTERFACES 3 #if NUM_INTERFACES>2 -#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90) -#if NUM_INTERFACES>1 +#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 84) +#elif NUM_INTERFACES>1 #define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90) #else #define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (41) @@ -224,21 +225,21 @@ USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ /*Endpoint IN1 Descriptor*/ 7, /* bLength: Endpoint Descriptor size */ USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ -0x81, /* bEndpointAddress: (IN1) */ +CCID_IN_EP, /* bEndpointAddress: (IN1) */ 0x02, /* bmAttributes: Bulk */ HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ 0x00, /* bInterval */ /*Endpoint OUT1 Descriptor*/ 7, /* bLength: Endpoint Descriptor size */ USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ -0x01, /* bEndpointAddress: (OUT1) */ +CCID_OUT_EP, /* bEndpointAddress: (OUT1) */ 0x02, /* bmAttributes: Bulk */ HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ 0x00, /* bInterval */ /*Endpoint IN2 Descriptor*/ 7, /* bLength: Endpoint Descriptor size */ USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ -0x82, /* bEndpointAddress: (IN2) */ +CCID_CMD_EP, /* bEndpointAddress: (IN2) */ 0x03, /* bmAttributes: Interrupt */ 0x04, 0x00, /* wMaxPacketSize: 4 */ 0xFF, /* bInterval (255ms) */ diff --git a/targets/stm32l432/lib/usbd/usbd_conf.c b/targets/stm32l432/lib/usbd/usbd_conf.c index 1d46743..793a0a2 100644 --- a/targets/stm32l432/lib/usbd/usbd_conf.c +++ b/targets/stm32l432/lib/usbd/usbd_conf.c @@ -50,6 +50,8 @@ #include "stm32l4xx_hal.h" #include "usbd_core.h" #include "usbd_hid.h" +#include "usbd_cdc.h" +#include "usbd_ccid.h" void SystemClock_Config(void); @@ -252,14 +254,18 @@ USBD_StatusTypeDef USBD_LL_Init(USBD_HandleTypeDef *pdev) HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x80 , PCD_SNG_BUF, 0x58); // HID - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x01 , PCD_SNG_BUF, 0x98); - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x81 , PCD_SNG_BUF, 0xd8); + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPOUT_ADDR , PCD_SNG_BUF, 0x98); + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPIN_ADDR , PCD_SNG_BUF, 0xd8); // CDC / uart - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x02 , PCD_SNG_BUF, 0xd8 + 64); // data OUT - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x82 , PCD_SNG_BUF, 0xd8 + 64*2); // data IN - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x83 , PCD_SNG_BUF, 0xd8 + 64*3); // commands + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_OUT_EP , PCD_SNG_BUF, 0xd8 + 64); // data OUT + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_IN_EP , PCD_SNG_BUF, 0xd8 + 64*2); // data IN + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*3); // commands + // CCID + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_OUT_EP , PCD_SNG_BUF, 0xd8 + 64*4); // data OUT + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_IN_EP , PCD_SNG_BUF, 0xd8 + 64*5); // data IN + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*6); // commands return USBD_OK; } From 3a5cd786dc0b4dbb8505e2cbc0e81863014af51e Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 21 May 2019 20:17:37 -0400 Subject: [PATCH 03/79] enumerates correctly --- targets/stm32l432/build/common.mk | 3 +- targets/stm32l432/lib/usbd/usbd_ccid.c | 334 ++++++++++++++++++++ targets/stm32l432/lib/usbd/usbd_ccid.h | 33 ++ targets/stm32l432/lib/usbd/usbd_composite.c | 23 +- targets/stm32l432/lib/usbd/usbd_composite.h | 2 +- targets/stm32l432/src/init.c | 6 +- 6 files changed, 392 insertions(+), 9 deletions(-) create mode 100644 targets/stm32l432/lib/usbd/usbd_ccid.c diff --git a/targets/stm32l432/build/common.mk b/targets/stm32l432/build/common.mk index 7c0ae32..f018bce 100644 --- a/targets/stm32l432/build/common.mk +++ b/targets/stm32l432/build/common.mk @@ -10,7 +10,8 @@ DRIVER_LIBS := lib/stm32l4xx_hal_pcd.c lib/stm32l4xx_hal_pcd_ex.c lib/stm32l4xx_ USB_LIB := lib/usbd/usbd_cdc.c lib/usbd/usbd_cdc_if.c lib/usbd/usbd_composite.c \ lib/usbd/usbd_conf.c lib/usbd/usbd_core.c lib/usbd/usbd_ioreq.c \ - lib/usbd/usbd_ctlreq.c lib/usbd/usbd_desc.c lib/usbd/usbd_hid.c + lib/usbd/usbd_ctlreq.c lib/usbd/usbd_desc.c lib/usbd/usbd_hid.c \ + lib/usbd/usbd_ccid.c VERSION:=$(shell git describe --abbrev=0 ) VERSION_FULL:=$(shell git describe) diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.c b/targets/stm32l432/lib/usbd/usbd_ccid.c new file mode 100644 index 0000000..e202ffe --- /dev/null +++ b/targets/stm32l432/lib/usbd/usbd_ccid.c @@ -0,0 +1,334 @@ +#include +#include "usbd_ccid.h" +#include "usbd_ctlreq.h" +#include "usbd_conf.h" +#include "usbd_core.h" + +#include "log.h" + +static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev, + uint8_t cfgidx); + +static uint8_t USBD_CCID_DeInit (USBD_HandleTypeDef *pdev, + uint8_t cfgidx); + +static uint8_t USBD_CCID_Setup (USBD_HandleTypeDef *pdev, + USBD_SetupReqTypedef *req); + +static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev, + uint8_t epnum); + +static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, + uint8_t epnum); + +static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev); + + +USBD_ClassTypeDef USBD_CCID = +{ + USBD_CCID_Init, + USBD_CCID_DeInit, + USBD_CCID_Setup, + NULL, /* EP0_TxSent, */ + USBD_CCID_EP0_RxReady, + USBD_CCID_DataIn, + USBD_CCID_DataOut, + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + NULL, +}; + +static uint8_t ccidmsg_buf[CCID_DATA_PACKET_SIZE]; + +static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) +{ + uint8_t ret = 0U; + USBD_CCID_HandleTypeDef *hcdc; + + //Y + USBD_LL_OpenEP(pdev, CCID_IN_EP, USBD_EP_TYPE_BULK, + CCID_DATA_PACKET_SIZE); + + pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 1U; + + USBD_LL_OpenEP(pdev, CCID_OUT_EP, USBD_EP_TYPE_BULK, + CCID_DATA_PACKET_SIZE); + + pdev->ep_out[CCID_OUT_EP & 0xFU].is_used = 1U; + + + USBD_LL_OpenEP(pdev, CCID_CMD_EP, USBD_EP_TYPE_INTR, CCID_DATA_PACKET_SIZE); + pdev->ep_in[CCID_CMD_EP & 0xFU].is_used = 1U; + + static USBD_CCID_HandleTypeDef mem; + pdev->pClassData = &mem; + + hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; + + // init transfer states + hcdc->TxState = 0U; + hcdc->RxState = 0U; + + USBD_LL_PrepareReceive(&Solo_USBD_Device, CCID_OUT_EP, ccidmsg_buf, + CCID_DATA_PACKET_SIZE); + + return ret; +} + +static uint8_t USBD_CCID_DeInit (USBD_HandleTypeDef *pdev, uint8_t cfgidx) +{ + uint8_t ret = 0U; + //N + + USBD_LL_CloseEP(pdev, CCID_IN_EP); + pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 0U; + + USBD_LL_CloseEP(pdev, CCID_OUT_EP); + pdev->ep_out[CCID_OUT_EP & 0xFU].is_used = 0U; + + USBD_LL_CloseEP(pdev, CCID_CMD_EP); + pdev->ep_in[CCID_CMD_EP & 0xFU].is_used = 0U; + + /* DeInit physical Interface components */ + if(pdev->pClassData != NULL) + { + pdev->pClassData = NULL; + } + + return ret; +} + +/** + * @brief USBD_CDC_Setup + * Handle the CDC specific requests + * @param pdev: instance + * @param req: usb requests + * @retval status + */ +static uint8_t USBD_CCID_Setup (USBD_HandleTypeDef *pdev, + USBD_SetupReqTypedef *req) +{ + USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; + uint8_t ifalt = 0U; + uint16_t status_info = 0U; + uint8_t ret = USBD_OK; + //N + + switch (req->bmRequest & USB_REQ_TYPE_MASK) + { + case USB_REQ_TYPE_CLASS : + if (req->wLength) + { + if (req->bmRequest & 0x80U) + { + USBD_CtlSendData (pdev, (uint8_t *)(void *)hcdc->data, req->wLength); + } + else + { + hcdc->CmdOpCode = req->bRequest; + hcdc->CmdLength = (uint8_t)req->wLength; + + USBD_CtlPrepareRx (pdev, (uint8_t *)(void *)hcdc->data, req->wLength); + } + } + else + { + + } + break; + + case USB_REQ_TYPE_STANDARD: + switch (req->bRequest) + { + case USB_REQ_GET_STATUS: + if (pdev->dev_state == USBD_STATE_CONFIGURED) + { + USBD_CtlSendData (pdev, (uint8_t *)(void *)&status_info, 2U); + } + else + { + USBD_CtlError (pdev, req); + ret = USBD_FAIL; + } + break; + + case USB_REQ_GET_INTERFACE: + if (pdev->dev_state == USBD_STATE_CONFIGURED) + { + USBD_CtlSendData (pdev, &ifalt, 1U); + } + else + { + USBD_CtlError (pdev, req); + ret = USBD_FAIL; + } + break; + + case USB_REQ_SET_INTERFACE: + if (pdev->dev_state != USBD_STATE_CONFIGURED) + { + USBD_CtlError (pdev, req); + ret = USBD_FAIL; + } + break; + case USB_REQ_GET_DESCRIPTOR: + break; + default: + USBD_CtlError (pdev, req); + ret = USBD_FAIL; + break; + } + break; + + default: + USBD_CtlError (pdev, req); + ret = USBD_FAIL; + break; + } + + return ret; +} + + +/** + * @brief USBD_CDC_DataIn + * Data sent on non-control IN endpoint + * @param pdev: device instance + * @param epnum: endpoint number + * @retval status + */ +static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum) +{ + //N + USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*)pdev->pClassData; + PCD_HandleTypeDef *hpcd = pdev->pData; + + if(pdev->pClassData != NULL) + { + if((pdev->ep_in[epnum].total_length > 0U) && ((pdev->ep_in[epnum].total_length % hpcd->IN_ep[epnum].maxpacket) == 0U)) + { + /* Update the packet total length */ + pdev->ep_in[epnum].total_length = 0U; + + /* Send ZLP */ + USBD_LL_Transmit (pdev, epnum, NULL, 0U); + } + else + { + hcdc->TxState = 0U; + } + return USBD_OK; + } + else + { + return USBD_FAIL; + } +} + +uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len) +{ + /* Update the packet total length */ + Solo_USBD_Device.ep_in[CCID_IN_EP & 0xFU].total_length = len; + + /* Transmit next packet */ + USBD_LL_Transmit(&Solo_USBD_Device, CCID_IN_EP, msg, + len); + + return USBD_OK; +} + +#define CCID_HEADER_SIZE 10 +typedef struct +{ + uint8_t type; + uint32_t len; + uint8_t slot; + uint8_t seq; + uint8_t rsvd; + uint16_t param; +} __attribute__((packed)) CCID_HEADER; + +void ccid_send_status(CCID_HEADER * c) +{ + uint8_t msg[CCID_HEADER_SIZE]; + memset(msg,0,sizeof(msg)); + + msg[0] = CCID_SLOT_STATUS_RES; + msg[6] = c->seq; + + USBD_CCID_TransmitPacket(msg, sizeof(msg)); + +} + + + + +void handle_ccid(uint8_t * msg, int len) +{ + CCID_HEADER * h = (CCID_HEADER *) msg; + switch(h->type) + { + case CCID_SLOT_STATUS: + ccid_send_status(h); + break; + default: + break; + } +} + +/** + * @brief USBD_CDC_DataOut + * Data received on non-control Out endpoint + * @param pdev: device instance + * @param epnum: endpoint number + * @retval status + */ +static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) +{ + while(1) + { + led_rgb(0xff3520); + } + USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; + + /* Get the received data length */ + hcdc->RxLength = USBD_LL_GetRxDataSize (pdev, epnum); + + /* USB data will be immediately processed, this allow next USB traffic being + NAKed till the end of the application Xfer */ + if(pdev->pClassData != NULL) + { + // printf1(TAG_GREEN,"ccid>> "); + // dump_hex1(TAG_GREEN, hcdc->RxBuffer, hcdc->RxLength); + + handle_ccid(hcdc->RxBuffer, hcdc->RxLength); + + return USBD_OK; + } + else + { + return USBD_FAIL; + } +} + +/** + * @brief USBD_CDC_EP0_RxReady + * Handle EP0 Rx Ready event + * @param pdev: device instance + * @retval status + */ +static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev) +{ + USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; + + if((pdev->pUserData != NULL) && (hcdc->CmdOpCode != 0xFFU)) + { + hcdc->CmdOpCode = 0xFFU; + } + return USBD_OK; +} diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.h b/targets/stm32l432/lib/usbd/usbd_ccid.h index ce38be1..cecf170 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.h +++ b/targets/stm32l432/lib/usbd/usbd_ccid.h @@ -1,8 +1,41 @@ #ifndef _USBD_H_ #define _USBD_H_ +#include "usbd_ioreq.h" + #define CCID_IN_EP 0x84U /* EP1 for data IN */ #define CCID_OUT_EP 0x04U /* EP1 for data OUT */ #define CCID_CMD_EP 0x85U /* EP2 for CDC commands */ +#define CCID_DATA_PACKET_SIZE 64 + +#define CCID_SET_PARAMS 0x61 +#define CCID_POWER_ON 0x62 +#define CCID_POWER_OFF 0x63 +#define CCID_SLOT_STATUS 0x65 +#define CCID_SECURE 0x69 +#define CCID_GET_PARAMS 0x6C +#define CCID_RESET_PARAMS 0x6D +#define CCID_XFR_BLOCK 0x6F +#define CCID_DATA_BLOCK_RES 0x80 +#define CCID_SLOT_STATUS_RES 0x81 +#define CCID_PARAMS_RES 0x82 + +extern USBD_ClassTypeDef USBD_CCID; + +typedef struct +{ + uint32_t data[CCID_DATA_PACKET_SIZE / 4U]; + uint8_t CmdOpCode; + uint8_t CmdLength; + uint8_t *RxBuffer; + uint8_t *TxBuffer; + uint32_t RxLength; + uint32_t TxLength; + + __IO uint32_t TxState; + __IO uint32_t RxState; +} +USBD_CCID_HandleTypeDef; + #endif diff --git a/targets/stm32l432/lib/usbd/usbd_composite.c b/targets/stm32l432/lib/usbd/usbd_composite.c index cf820d2..a70db6a 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.c +++ b/targets/stm32l432/lib/usbd/usbd_composite.c @@ -39,6 +39,7 @@ static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length); #define HID_INTF_NUM 0 #define CDC_INTF_NUM 1 +#define CCID_INTF_NUM 2 __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_SIZE] __ALIGN_END = { /*Configuration Descriptor*/ @@ -176,7 +177,7 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ /* CCID Interface Descriptor */ 9, /* bLength: Interface Descriptor size */ USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ -0, /* bInterfaceNumber: CCID Interface */ +CCID_INTF_NUM, /* bInterfaceNumber: CCID Interface */ 0, /* Alternate setting for this interface */ 3, /* bNumEndpoints: Bulk-IN, Bulk-OUT, Intr-IN */ 0x0B, /* CCID class */ @@ -273,19 +274,26 @@ int in_endpoint_to_class[MAX_ENDPOINTS]; int out_endpoint_to_class[MAX_ENDPOINTS]; -void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1) { +void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1, USBD_ClassTypeDef *class2) +{ + //Y USBD_Classes[0] = class0; USBD_Classes[1] = class1; + USBD_Classes[2] = class2; + //Y } static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) { int i; + + //N + for(i = 0; i < NUM_INTERFACES; i++) { if (USBD_Classes[i]->Init(pdev, cfgidx) != USBD_OK) { return USBD_FAIL; } } - + //N return USBD_OK; } @@ -302,6 +310,7 @@ static uint8_t USBD_Composite_DeInit (USBD_HandleTypeDef *pdev, uint8_t cfgidx) static uint8_t USBD_Composite_Setup (USBD_HandleTypeDef *pdev, USBD_SetupReqTypedef *req) { int i; + //N switch (req->bmRequest & USB_REQ_TYPE_MASK) { case USB_REQ_TYPE_CLASS : if (req->wIndex < NUM_INTERFACES) @@ -363,16 +372,19 @@ static uint8_t USBD_Composite_EP0_RxReady (USBD_HandleTypeDef *pdev) { } static uint8_t *USBD_Composite_GetFSCfgDesc (uint16_t *length) { + //Y *length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE; return COMPOSITE_CDC_HID_DESCRIPTOR; } static uint8_t *USBD_Composite_GetHSCfgDesc (uint16_t *length) { + //N *length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE; return COMPOSITE_CDC_HID_DESCRIPTOR; } static uint8_t *USBD_Composite_GetOtherSpeedCfgDesc (uint16_t *length) { + *length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE; return COMPOSITE_CDC_HID_DESCRIPTOR; } @@ -393,6 +405,7 @@ __ALIGN_BEGIN static uint8_t USBD_Composite_DeviceQualifierDesc[USB_LEN_DEV_QUAL }; uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length) { - *length = sizeof (USBD_Composite_DeviceQualifierDesc); - return USBD_Composite_DeviceQualifierDesc; + //N + *length = sizeof (USBD_Composite_DeviceQualifierDesc); + return USBD_Composite_DeviceQualifierDesc; } diff --git a/targets/stm32l432/lib/usbd/usbd_composite.h b/targets/stm32l432/lib/usbd/usbd_composite.h index 7599b39..0fdc513 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.h +++ b/targets/stm32l432/lib/usbd/usbd_composite.h @@ -17,7 +17,7 @@ extern int in_endpoint_to_class[MAX_ENDPOINTS]; extern int out_endpoint_to_class[MAX_ENDPOINTS]; -void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1); +void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1, USBD_ClassTypeDef *class2); #ifdef __cplusplus } diff --git a/targets/stm32l432/src/init.c b/targets/stm32l432/src/init.c index e7fa953..93ca071 100644 --- a/targets/stm32l432/src/init.c +++ b/targets/stm32l432/src/init.c @@ -27,6 +27,7 @@ #include "usbd_desc.h" #include "usbd_hid.h" #include "usbd_cdc.h" +#include "usbd_ccid.h" #include "usbd_composite.h" #include "usbd_cdc_if.h" #include "device.h" @@ -706,7 +707,7 @@ void init_usb() SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_USBFSEN); #if DEBUG_LEVEL > 0 - USBD_Composite_Set_Classes(&USBD_HID, &USBD_CDC); + USBD_Composite_Set_Classes(&USBD_HID, &USBD_CDC, &USBD_CCID); in_endpoint_to_class[HID_EPIN_ADDR & 0x7F] = 0; out_endpoint_to_class[HID_EPOUT_ADDR & 0x7F] = 0; @@ -723,8 +724,9 @@ void init_usb() USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0); USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID); #endif - + //Y USBD_Start(&Solo_USBD_Device); + //Y } void init_pwm(void) From ba581db49c27d0a16c24e358c1bed88d6ee2f170 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 21 May 2019 20:17:44 -0400 Subject: [PATCH 04/79] delete excess --- targets/stm32l432/lib/usbd/usbd_cdc.c | 345 +------------------------- 1 file changed, 1 insertion(+), 344 deletions(-) diff --git a/targets/stm32l432/lib/usbd/usbd_cdc.c b/targets/stm32l432/lib/usbd/usbd_cdc.c index 58d1301..0d8eb36 100644 --- a/targets/stm32l432/lib/usbd/usbd_cdc.c +++ b/targets/stm32l432/lib/usbd/usbd_cdc.c @@ -195,302 +195,9 @@ USBD_ClassTypeDef USBD_CDC = NULL, NULL, NULL, - // USBD_CDC_GetHSCfgDesc, - // USBD_CDC_GetFSCfgDesc, - // USBD_CDC_GetOtherSpeedCfgDesc, - // USBD_CDC_GetDeviceQualifierDescriptor, }; -/* USB CDC device Configuration Descriptor */ -__ALIGN_BEGIN uint8_t USBD_CDC_CfgHSDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END = -{ - /*Configuration Descriptor*/ - 0x09, /* bLength: Configuration Descriptor size */ - USB_DESC_TYPE_CONFIGURATION, /* bDescriptorType: Configuration */ - USB_CDC_CONFIG_DESC_SIZ, /* wTotalLength:no of returned bytes */ - 0x00, - 0x02, /* bNumInterfaces: 2 interface */ - 0x01, /* bConfigurationValue: Configuration value */ - 0x00, /* iConfiguration: Index of string descriptor describing the configuration */ - 0xC0, /* bmAttributes: self powered */ - 0x32, /* MaxPower 0 mA */ - /*---------------------------------------------------------------------------*/ - - /*Interface Descriptor */ - 0x09, /* bLength: Interface Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ - /* Interface descriptor type */ - 0x00, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x01, /* bNumEndpoints: One endpoints used */ - 0x02, /* bInterfaceClass: Communication Interface Class */ - 0x02, /* bInterfaceSubClass: Abstract Control Model */ - 0x01, /* bInterfaceProtocol: Common AT commands */ - 0x00, /* iInterface: */ - - /*Header Functional Descriptor*/ - 0x05, /* bLength: Endpoint Descriptor size */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x00, /* bDescriptorSubtype: Header Func Desc */ - 0x10, /* bcdCDC: spec release number */ - 0x01, - - /*Call Management Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x01, /* bDescriptorSubtype: Call Management Func Desc */ - 0x00, /* bmCapabilities: D0+D1 */ - 0x01, /* bDataInterface: 1 */ - - /*ACM Functional Descriptor*/ - 0x04, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x02, /* bDescriptorSubtype: Abstract Control Management desc */ - 0x02, /* bmCapabilities */ - - /*Union Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x06, /* bDescriptorSubtype: Union func desc */ - 0x00, /* bMasterInterface: Communication class interface */ - 0x01, /* bSlaveInterface0: Data Class Interface */ - - /*Endpoint 2 Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_CMD_EP, /* bEndpointAddress */ - 0x03, /* bmAttributes: Interrupt */ - LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_CMD_PACKET_SIZE), - CDC_HS_BINTERVAL, /* bInterval: */ - /*---------------------------------------------------------------------------*/ - - /*Data class interface descriptor*/ - 0x09, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */ - 0x01, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x02, /* bNumEndpoints: Two endpoints used */ - 0x0A, /* bInterfaceClass: CDC */ - 0x00, /* bInterfaceSubClass: */ - 0x00, /* bInterfaceProtocol: */ - 0x00, /* iInterface: */ - - /*Endpoint OUT Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_OUT_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - LOBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), - 0x00, /* bInterval: ignore for Bulk transfer */ - - /*Endpoint IN Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_IN_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - LOBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), - 0x00 /* bInterval: ignore for Bulk transfer */ -} ; - - -/* USB CDC device Configuration Descriptor */ -__ALIGN_BEGIN uint8_t USBD_CDC_CfgFSDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END = -{ - /*Configuration Descriptor*/ - 0x09, /* bLength: Configuration Descriptor size */ - USB_DESC_TYPE_CONFIGURATION, /* bDescriptorType: Configuration */ - USB_CDC_CONFIG_DESC_SIZ, /* wTotalLength:no of returned bytes */ - 0x00, - 0x02, /* bNumInterfaces: 2 interface */ - 0x01, /* bConfigurationValue: Configuration value */ - 0x00, /* iConfiguration: Index of string descriptor describing the configuration */ - 0xC0, /* bmAttributes: self powered */ - 0x32, /* MaxPower 0 mA */ - - /*---------------------------------------------------------------------------*/ - - /*Interface Descriptor */ - 0x09, /* bLength: Interface Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ - /* Interface descriptor type */ - 0x00, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x01, /* bNumEndpoints: One endpoints used */ - 0x02, /* bInterfaceClass: Communication Interface Class */ - 0x02, /* bInterfaceSubClass: Abstract Control Model */ - 0x01, /* bInterfaceProtocol: Common AT commands */ - 0x00, /* iInterface: */ - - /*Header Functional Descriptor*/ - 0x05, /* bLength: Endpoint Descriptor size */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x00, /* bDescriptorSubtype: Header Func Desc */ - 0x10, /* bcdCDC: spec release number */ - 0x01, - - /*Call Management Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x01, /* bDescriptorSubtype: Call Management Func Desc */ - 0x00, /* bmCapabilities: D0+D1 */ - 0x01, /* bDataInterface: 1 */ - - /*ACM Functional Descriptor*/ - 0x04, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x02, /* bDescriptorSubtype: Abstract Control Management desc */ - 0x02, /* bmCapabilities */ - - /*Union Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x06, /* bDescriptorSubtype: Union func desc */ - 0x00, /* bMasterInterface: Communication class interface */ - 0x01, /* bSlaveInterface0: Data Class Interface */ - - /*Endpoint 2 Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_CMD_EP, /* bEndpointAddress */ - 0x03, /* bmAttributes: Interrupt */ - LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_CMD_PACKET_SIZE), - CDC_FS_BINTERVAL, /* bInterval: */ - /*---------------------------------------------------------------------------*/ - - /*Data class interface descriptor*/ - 0x09, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */ - 0x01, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x02, /* bNumEndpoints: Two endpoints used */ - 0x0A, /* bInterfaceClass: CDC */ - 0x00, /* bInterfaceSubClass: */ - 0x00, /* bInterfaceProtocol: */ - 0x00, /* iInterface: */ - - /*Endpoint OUT Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_OUT_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - LOBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), - 0x00, /* bInterval: ignore for Bulk transfer */ - - /*Endpoint IN Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_IN_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - LOBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), - 0x00 /* bInterval: ignore for Bulk transfer */ -} ; - -__ALIGN_BEGIN uint8_t USBD_CDC_OtherSpeedCfgDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END = -{ - 0x09, /* bLength: Configuation Descriptor size */ - USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION, - USB_CDC_CONFIG_DESC_SIZ, - 0x00, - 0x02, /* bNumInterfaces: 2 interfaces */ - 0x01, /* bConfigurationValue: */ - 0x04, /* iConfiguration: */ - 0xC0, /* bmAttributes: */ - 0x32, /* MaxPower 100 mA */ - - /*Interface Descriptor */ - 0x09, /* bLength: Interface Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ - /* Interface descriptor type */ - 0x00, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x01, /* bNumEndpoints: One endpoints used */ - 0x02, /* bInterfaceClass: Communication Interface Class */ - 0x02, /* bInterfaceSubClass: Abstract Control Model */ - 0x01, /* bInterfaceProtocol: Common AT commands */ - 0x00, /* iInterface: */ - - /*Header Functional Descriptor*/ - 0x05, /* bLength: Endpoint Descriptor size */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x00, /* bDescriptorSubtype: Header Func Desc */ - 0x10, /* bcdCDC: spec release number */ - 0x01, - - /*Call Management Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x01, /* bDescriptorSubtype: Call Management Func Desc */ - 0x00, /* bmCapabilities: D0+D1 */ - 0x01, /* bDataInterface: 1 */ - - /*ACM Functional Descriptor*/ - 0x04, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x02, /* bDescriptorSubtype: Abstract Control Management desc */ - 0x02, /* bmCapabilities */ - - /*Union Functional Descriptor*/ - 0x05, /* bFunctionLength */ - 0x24, /* bDescriptorType: CS_INTERFACE */ - 0x06, /* bDescriptorSubtype: Union func desc */ - 0x00, /* bMasterInterface: Communication class interface */ - 0x01, /* bSlaveInterface0: Data Class Interface */ - - /*Endpoint 2 Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT , /* bDescriptorType: Endpoint */ - CDC_CMD_EP, /* bEndpointAddress */ - 0x03, /* bmAttributes: Interrupt */ - LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */ - HIBYTE(CDC_CMD_PACKET_SIZE), - CDC_FS_BINTERVAL, /* bInterval: */ - - /*---------------------------------------------------------------------------*/ - - /*Data class interface descriptor*/ - 0x09, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */ - 0x01, /* bInterfaceNumber: Number of Interface */ - 0x00, /* bAlternateSetting: Alternate setting */ - 0x02, /* bNumEndpoints: Two endpoints used */ - 0x0A, /* bInterfaceClass: CDC */ - 0x00, /* bInterfaceSubClass: */ - 0x00, /* bInterfaceProtocol: */ - 0x00, /* iInterface: */ - - /*Endpoint OUT Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_OUT_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - 0x40, /* wMaxPacketSize: */ - 0x00, - 0x00, /* bInterval: ignore for Bulk transfer */ - - /*Endpoint IN Descriptor*/ - 0x07, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CDC_IN_EP, /* bEndpointAddress */ - 0x02, /* bmAttributes: Bulk */ - 0x40, /* wMaxPacketSize: */ - 0x00, - 0x00 /* bInterval */ -}; - -/** - * @} - */ - -/** @defgroup USBD_CDC_Private_Functions - * @{ - */ /** * @brief USBD_CDC_Init @@ -782,45 +489,7 @@ static uint8_t USBD_CDC_EP0_RxReady (USBD_HandleTypeDef *pdev) return USBD_OK; } -/** - * @brief USBD_CDC_GetFSCfgDesc - * Return configuration descriptor - * @param speed : current device speed - * @param length : pointer data length - * @retval pointer to descriptor buffer - */ -/*static uint8_t *USBD_CDC_GetFSCfgDesc (uint16_t *length) -{ - *length = sizeof (USBD_CDC_CfgFSDesc); - return USBD_CDC_CfgFSDesc; -} -*/ -/** - * @brief USBD_CDC_GetHSCfgDesc - * Return configuration descriptor - * @param speed : current device speed - * @param length : pointer data length - * @retval pointer to descriptor buffer - */ -/*static uint8_t *USBD_CDC_GetHSCfgDesc (uint16_t *length) -{ - *length = sizeof (USBD_CDC_CfgHSDesc); - return USBD_CDC_CfgHSDesc; -} -*/ -/** - * @brief USBD_CDC_GetCfgDesc - * Return configuration descriptor - * @param speed : current device speed - * @param length : pointer data length - * @retval pointer to descriptor buffer - */ -/*static uint8_t *USBD_CDC_GetOtherSpeedCfgDesc (uint16_t *length) -{ - *length = sizeof (USBD_CDC_OtherSpeedCfgDesc); - return USBD_CDC_OtherSpeedCfgDesc; -} -*/ + /** * @brief DeviceQualifierDescriptor * return Device Qualifier descriptor @@ -939,22 +608,10 @@ uint8_t USBD_CDC_ReceivePacket(USBD_HandleTypeDef *pdev) /* Suspend or Resume USB Out process */ if(pdev->pClassData != NULL) { - if(pdev->dev_speed == USBD_SPEED_HIGH ) - { - /* Prepare Out endpoint to receive next packet */ - USBD_LL_PrepareReceive(pdev, - CDC_OUT_EP, - hcdc->RxBuffer, - CDC_DATA_HS_OUT_PACKET_SIZE); - } - else - { - /* Prepare Out endpoint to receive next packet */ USBD_LL_PrepareReceive(pdev, CDC_OUT_EP, hcdc->RxBuffer, CDC_DATA_FS_OUT_PACKET_SIZE); - } return USBD_OK; } else From a51417bf61da53c19c61333ded2f565b40a0118c Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 31 May 2019 15:58:13 -0400 Subject: [PATCH 05/79] fix epout connection --- targets/stm32l432/lib/usbd/usbd_ccid.c | 33 +++++++++++++++++--------- targets/stm32l432/lib/usbd/usbd_ccid.h | 2 ++ targets/stm32l432/lib/usbd/usbd_conf.c | 5 +++- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.c b/targets/stm32l432/lib/usbd/usbd_ccid.c index e202ffe..c452aa3 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.c +++ b/targets/stm32l432/lib/usbd/usbd_ccid.c @@ -32,7 +32,7 @@ USBD_ClassTypeDef USBD_CCID = NULL, /* EP0_TxSent, */ USBD_CCID_EP0_RxReady, USBD_CCID_DataIn, - USBD_CCID_DataOut, + usb_ccid_recieve_callback, NULL, NULL, NULL, @@ -259,7 +259,7 @@ void ccid_send_status(CCID_HEADER * c) memset(msg,0,sizeof(msg)); msg[0] = CCID_SLOT_STATUS_RES; - msg[6] = c->seq; + msg[6] = 1; USBD_CCID_TransmitPacket(msg, sizeof(msg)); @@ -277,6 +277,12 @@ void handle_ccid(uint8_t * msg, int len) ccid_send_status(h); break; default: + // while(1) + // { + // led_rgb(0xff3520); + // } + //Y + ccid_send_status(h); break; } } @@ -288,12 +294,9 @@ void handle_ccid(uint8_t * msg, int len) * @param epnum: endpoint number * @retval status */ -static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) +uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum) { - while(1) - { - led_rgb(0xff3520); - } + USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; /* Get the received data length */ @@ -312,10 +315,18 @@ static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) } else { + + + while(1) + { + led_rgb(0xff3520); + } + return USBD_FAIL; } } + /** * @brief USBD_CDC_EP0_RxReady * Handle EP0 Rx Ready event @@ -326,9 +337,9 @@ static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev) { USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; - if((pdev->pUserData != NULL) && (hcdc->CmdOpCode != 0xFFU)) - { - hcdc->CmdOpCode = 0xFFU; - } + // if((pdev->pUserData != NULL) && (hcdc->CmdOpCode != 0xFFU)) + // { + // hcdc->CmdOpCode = 0xFFU; + // } return USBD_OK; } diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.h b/targets/stm32l432/lib/usbd/usbd_ccid.h index cecf170..6535987 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.h +++ b/targets/stm32l432/lib/usbd/usbd_ccid.h @@ -38,4 +38,6 @@ typedef struct } USBD_CCID_HandleTypeDef; +uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum); + #endif diff --git a/targets/stm32l432/lib/usbd/usbd_conf.c b/targets/stm32l432/lib/usbd/usbd_conf.c index 793a0a2..61bcecd 100644 --- a/targets/stm32l432/lib/usbd/usbd_conf.c +++ b/targets/stm32l432/lib/usbd/usbd_conf.c @@ -119,9 +119,12 @@ void HAL_PCD_DataOutStageCallback(PCD_HandleTypeDef *hpcd, uint8_t epnum) USBD_LL_DataOutStage((USBD_HandleTypeDef*)hpcd->pData, epnum, hpcd->OUT_ep[epnum].xfer_buff); switch(epnum) { - case HID_ENDPOINT: + case HID_EPOUT_ADDR: usb_hid_recieve_callback(epnum); break; + case CCID_OUT_EP: + usb_ccid_recieve_callback((USBD_HandleTypeDef*)hpcd->pData, epnum); + break; } } From 7be055337717f9a758dcf117deb86acfd35e226c Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 16:46:21 +0200 Subject: [PATCH 06/79] Replace FIDO2 PIN storage with its hash --- fido2/ctap.c | 78 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 27 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index dea0f3f..f68e474 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -29,7 +29,6 @@ uint8_t PIN_TOKEN[PIN_TOKEN_SIZE]; uint8_t KEY_AGREEMENT_PUB[64]; static uint8_t KEY_AGREEMENT_PRIV[32]; -static uint8_t PIN_CODE_HASH[32]; static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS; AuthenticatorState STATE; @@ -1362,7 +1361,13 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor } crypto_aes256_reset_iv(NULL); crypto_aes256_decrypt(pinHashEnc, 16); - if (memcmp(pinHashEnc, PIN_CODE_HASH, 16) != 0) + + crypto_sha256_init(); + crypto_sha256_update(pinHashEnc, 16); + crypto_sha256_update(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)); + crypto_sha256_final(pinHashEnc); + + if (memcmp(pinHashEnc, STATE.PIN_CODE_HASH, 16) != 0) { ctap_reset_key_agreement(); ctap_decrement_pin_attempts(); @@ -1397,12 +1402,15 @@ uint8_t ctap_add_pin_if_verified(uint8_t * pinTokenEnc, uint8_t * platform_pubke crypto_aes256_decrypt(pinHashEnc, 16); - - if (memcmp(pinHashEnc, PIN_CODE_HASH, 16) != 0) + crypto_sha256_init(); + crypto_sha256_update(pinHashEnc, 16); + crypto_sha256_update(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)); + crypto_sha256_final(pinHashEnc); + if (memcmp(pinHashEnc, STATE.PIN_CODE_HASH, 16) != 0) { printf2(TAG_ERR,"Pin does not match!\n"); printf2(TAG_ERR,"platform-pin-hash: "); dump_hex1(TAG_ERR, pinHashEnc, 16); - printf2(TAG_ERR,"authentic-pin-hash: "); dump_hex1(TAG_ERR, PIN_CODE_HASH, 16); + printf2(TAG_ERR,"authentic-pin-hash: "); dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, 16); printf2(TAG_ERR,"shared-secret: "); dump_hex1(TAG_ERR, shared_secret, 32); printf2(TAG_ERR,"platform-pubkey: "); dump_hex1(TAG_ERR, platform_pubkey, 64); printf2(TAG_ERR,"device-pubkey: "); dump_hex1(TAG_ERR, KEY_AGREEMENT_PUB, 64); @@ -1710,6 +1718,15 @@ static void ctap_state_init() STATE.rk_stored = 0; ctap_reset_rk(); + + if (ctap_generate_rng(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)) != 1) { + printf2(TAG_ERR, "Error, rng failed\n"); + exit(1); + } + + printf1(TAG_STOR, "Generated PIN SALT: "); + dump_hex1(TAG_STOR, STATE.PIN_SALT, sizeof STATE.PIN_SALT); + } void ctap_init() @@ -1746,10 +1763,6 @@ void ctap_init() if (ctap_is_pin_set()) { - printf1(TAG_STOR,"pin code: \"%s\"\n", STATE.pin_code); - crypto_sha256_init(); - crypto_sha256_update(STATE.pin_code, STATE.pin_code_length); - crypto_sha256_final(PIN_CODE_HASH); printf1(TAG_STOR, "attempts_left: %d\n", STATE.remaining_tries); } else @@ -1784,34 +1797,38 @@ uint8_t ctap_is_pin_set() return STATE.is_pin_set == 1; } -uint8_t ctap_pin_matches(uint8_t * pin, int len) -{ - return memcmp(pin, STATE.pin_code, len) == 0; -} - - +/** + * Set new PIN, by updating PIN hash. Save state. + * Globals: PIN_CODE_HASH STATE + * @param pin new PIN (raw) + * @param len pin array length + */ void ctap_update_pin(uint8_t * pin, int len) { - if (len > NEW_PIN_ENC_MIN_SIZE || len < 4) + if (len >= NEW_PIN_ENC_MIN_SIZE || len < 4) { printf2(TAG_ERR, "Update pin fail length\n"); exit(1); } - memset(STATE.pin_code, 0, NEW_PIN_ENC_MIN_SIZE); - memmove(STATE.pin_code, pin, len); - STATE.pin_code_length = len; - STATE.pin_code[NEW_PIN_ENC_MIN_SIZE - 1] = 0; crypto_sha256_init(); - crypto_sha256_update(STATE.pin_code, len); - crypto_sha256_final(PIN_CODE_HASH); + crypto_sha256_update(pin, len); + uint8_t intermediateHash[32]; + crypto_sha256_final(intermediateHash); + + crypto_sha256_init(); + crypto_sha256_update(intermediateHash, 16); + memset(intermediateHash, 0, sizeof(intermediateHash)); + crypto_sha256_update(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)); + crypto_sha256_final(STATE.PIN_CODE_HASH); STATE.is_pin_set = 1; authenticator_write_state(&STATE, 1); authenticator_write_state(&STATE, 0); - printf1(TAG_CTAP, "New pin set: %s\n", STATE.pin_code); + printf1(TAG_CTAP, "New pin set: %s [%d]\n", pin, len); + dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, sizeof(STATE.PIN_CODE_HASH)); } uint8_t ctap_decrement_pin_attempts() @@ -1828,9 +1845,7 @@ uint8_t ctap_decrement_pin_attempts() if (ctap_device_locked()) { - memset(PIN_TOKEN,0,sizeof(PIN_TOKEN)); - memset(PIN_CODE_HASH,0,sizeof(PIN_CODE_HASH)); - printf1(TAG_CP, "Device locked!\n"); + lock_device_permanently(); } } else @@ -1986,8 +2001,17 @@ void ctap_reset() } ctap_reset_state(); - memset(PIN_CODE_HASH,0,sizeof(PIN_CODE_HASH)); ctap_reset_key_agreement(); crypto_load_master_secret(STATE.key_space); } + +void lock_device_permanently() { + memset(PIN_TOKEN, 0, sizeof(PIN_TOKEN)); + memset(STATE.PIN_CODE_HASH, 0, sizeof(STATE.PIN_CODE_HASH)); + + printf1(TAG_CP, "Device locked!\n"); + + authenticator_write_state(&STATE, 0); + authenticator_write_state(&STATE, 1); +} From 5a448d636cb1bccf020af02b7e5557a5ea9987ce Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 17:17:20 +0200 Subject: [PATCH 07/79] Add comments --- fido2/ctap.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index f68e474..6e3f652 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1285,11 +1285,13 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor uint8_t hmac[32]; int ret; +// Validate incoming data packet len if (len < 64) { return CTAP1_ERR_OTHER; } +// Validate device's state if (ctap_is_pin_set()) // Check first, prevent SCA { if (ctap_device_locked()) @@ -1302,6 +1304,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor } } +// calculate shared_secret crypto_ecc256_shared_secret(platform_pubkey, KEY_AGREEMENT_PRIV, shared_secret); crypto_sha256_init(); @@ -1324,6 +1327,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor return CTAP2_ERR_PIN_AUTH_INVALID; } +// decrypt new PIN with shared secret crypto_aes256_init(shared_secret, NULL); while((len & 0xf) != 0) // round up to nearest AES block size multiple @@ -1333,7 +1337,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor crypto_aes256_decrypt(pinEnc, len); - +// validate new PIN (length) ret = trailing_zeros(pinEnc, NEW_PIN_ENC_MIN_SIZE - 1); ret = NEW_PIN_ENC_MIN_SIZE - ret; @@ -1349,6 +1353,8 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor dump_hex1(TAG_CP, pinEnc, ret); } +// validate device's state, decrypt and compare pinHashEnc (user provided current PIN hash) with stored PIN_CODE_HASH + if (ctap_is_pin_set()) { if (ctap_device_locked()) @@ -1383,6 +1389,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor } } +// set new PIN (update and store PIN_CODE_HASH) ctap_update_pin(pinEnc, ret); return 0; From 43b3e93854d336a1e9b38675a6541ae5961cac87 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 17:18:56 +0200 Subject: [PATCH 08/79] Modify state struct --- fido2/storage.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fido2/storage.h b/fido2/storage.h index 6d49d21..6f62dd0 100644 --- a/fido2/storage.h +++ b/fido2/storage.h @@ -11,6 +11,8 @@ #define KEY_SPACE_BYTES 128 #define MAX_KEYS (1) +#define PIN_SALT_LEN (32) + #define BACKUP_MARKER 0x5A #define INITIALIZED_MARKER 0xA5 @@ -24,8 +26,8 @@ typedef struct // Pin information uint8_t is_initialized; uint8_t is_pin_set; - uint8_t pin_code[NEW_PIN_ENC_MIN_SIZE]; - int pin_code_length; + uint8_t PIN_CODE_HASH[32]; + uint8_t PIN_SALT[PIN_SALT_LEN]; int8_t remaining_tries; uint16_t rk_stored; From 6e637299e5c3efc4feb5c509c7f8e1e6667570d5 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 17:21:07 +0200 Subject: [PATCH 09/79] Add missing declaration, and comment out wallet message --- fido2/ctap.h | 1 + fido2/extensions/wallet.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fido2/ctap.h b/fido2/ctap.h index 51a5c11..92d6b4e 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -359,5 +359,6 @@ uint16_t ctap_key_len(uint8_t index); extern uint8_t PIN_TOKEN[PIN_TOKEN_SIZE]; extern uint8_t KEY_AGREEMENT_PUB[64]; +void lock_device_permanently(); #endif diff --git a/fido2/extensions/wallet.c b/fido2/extensions/wallet.c index 537b359..e375773 100644 --- a/fido2/extensions/wallet.c +++ b/fido2/extensions/wallet.c @@ -95,7 +95,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a if (ret != 0) return ret; - printf1(TAG_WALLET,"Success. Pin = %s\n", STATE.pin_code); +// printf1(TAG_WALLET,"Success. Pin = %s\n", STATE.pin_code); break; case CP_cmdChangePin: From bac576f3a0a761caf41f066a421a6944023d205c Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 09:36:39 +0200 Subject: [PATCH 10/79] Make the state structure backward-compatible. Add version. --- fido2/storage.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fido2/storage.h b/fido2/storage.h index 6f62dd0..6432229 100644 --- a/fido2/storage.h +++ b/fido2/storage.h @@ -28,12 +28,14 @@ typedef struct uint8_t is_pin_set; uint8_t PIN_CODE_HASH[32]; uint8_t PIN_SALT[PIN_SALT_LEN]; + int _reserved_pin_code_length; int8_t remaining_tries; uint16_t rk_stored; uint16_t key_lens[MAX_KEYS]; uint8_t key_space[KEY_SPACE_BYTES]; + uint8_t data_version; } AuthenticatorState; From ee351421cb9a1e768c7de458edf0f8174b5ad236 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 09:37:05 +0200 Subject: [PATCH 11/79] Add missing definition for the simulation to run --- pc/device.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pc/device.c b/pc/device.c index 2a0e166..e159e36 100644 --- a/pc/device.c +++ b/pc/device.c @@ -628,3 +628,6 @@ int device_is_nfc() { return 0; } + +void request_from_nfc(bool request_active) { +} From 6c60a37e8acec9bc72f15e33943cbfa4deed7bf2 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:19:22 +0200 Subject: [PATCH 12/79] Add initial STATE migration code --- fido2/data_migration.c | 87 ++++++++++++++++++++++++++++++++++++++++++ fido2/data_migration.h | 15 ++++++++ 2 files changed, 102 insertions(+) create mode 100644 fido2/data_migration.c create mode 100644 fido2/data_migration.h diff --git a/fido2/data_migration.c b/fido2/data_migration.c new file mode 100644 index 0000000..e4cbcf1 --- /dev/null +++ b/fido2/data_migration.c @@ -0,0 +1,87 @@ +// Copyright 2019 SoloKeys Developers +// +// Licensed under the Apache License, Version 2.0, or the MIT license , at your option. This file may not be +// copied, modified, or distributed except according to those terms. + +#include "data_migration.h" +#include "log.h" +#include "device.h" +#include "crypto.h" + +// TODO move from macro to function/assert for better readability? +#define check(x) assert(state_prev_0xff->x == state_tmp_ptr->x); +#define check_buf(x) assert(memcmp(state_prev_0xff->x, state_tmp_ptr->x, sizeof(state_tmp_ptr->x)) == 0); + +bool migrate_from_FF_to_01(AuthenticatorState* state_previous_ptr, AuthenticatorState* state_tmp_ptr){ + // Calculate PIN hash, and replace PIN raw storage with it; add version to structure + // other ingredients do not change + if (state_tmp_ptr->data_version != 0xFF) + return false; + + static_assert(sizeof(AuthenticatorState_0xFF) <= sizeof(AuthenticatorState), "New state structure is smaller, than current one, which is not handled"); + + AuthenticatorState_0xFF* state_prev_0xff = (AuthenticatorState_0xFF *) state_previous_ptr; + + if (ctap_generate_rng(state_tmp_ptr->PIN_SALT, sizeof(state_tmp_ptr->PIN_SALT)) != 1) { + printf2(TAG_ERR, "Error, rng failed\n"); + return false; + } + if (state_prev_0xff->is_pin_set){ + crypto_sha256_init(); + crypto_sha256_update(state_prev_0xff->pin_code, state_prev_0xff->pin_code_length); + uint8_t intermediateHash[32]; + crypto_sha256_final(intermediateHash); + + crypto_sha256_init(); + crypto_sha256_update(intermediateHash, 16); + memset(intermediateHash, 0, sizeof(intermediateHash)); + crypto_sha256_update(state_tmp_ptr->PIN_SALT, sizeof(state_tmp_ptr->PIN_SALT)); + crypto_sha256_final(state_tmp_ptr->PIN_CODE_HASH); + } + + state_tmp_ptr->_reserved = 0xFF; + state_tmp_ptr->data_version = 1; + + check(is_pin_set); + check(rk_stored); + check(remaining_tries); + check_buf(key_lens); + check_buf(key_space); + + return true; +} + +void save_migrated_state(AuthenticatorState *state_tmp_ptr) { + memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState)); + authenticator_write_state(state_tmp_ptr, 0); + authenticator_write_state(state_tmp_ptr, 1); +} + +void do_migration_if_required(AuthenticatorState* state_current){ + // Currently handles only state structures with the same size, or bigger + // FIXME rework to raw buffers with fixed size to allow state structure size decrease + if(!state_current->is_initialized) + return; + + AuthenticatorState state_tmp; + AuthenticatorState state_previous; + authenticator_read_state(&state_previous); + authenticator_read_state(&state_tmp); + if(state_current->data_version == 0xFF){ + printf2(TAG_ERR, "Running migration\n"); + bool success = migrate_from_FF_to_01(&state_previous, &state_tmp); + if (!success){ + printf2(TAG_ERR, "Failed migration from 0xFF to 1\n"); + // FIXME discuss migration failure behavior + goto return_cleanup; + } + dump_hex1(TAG_ERR, (void*)&state_tmp, sizeof(state_tmp)); + dump_hex1(TAG_ERR, (void*)&state_previous, sizeof(state_previous)); + save_migrated_state(&state_tmp); + } + return_cleanup: + memset(&state_tmp, 0, sizeof(AuthenticatorState)); + memset(&state_previous, 0, sizeof(AuthenticatorState)); +} diff --git a/fido2/data_migration.h b/fido2/data_migration.h new file mode 100644 index 0000000..ffdd9b7 --- /dev/null +++ b/fido2/data_migration.h @@ -0,0 +1,15 @@ +// Copyright 2019 SoloKeys Developers +// +// Licensed under the Apache License, Version 2.0, or the MIT license , at your option. This file may not be +// copied, modified, or distributed except according to those terms. + +#ifndef FIDO2_PR_DATA_MIGRATION_H +#define FIDO2_PR_DATA_MIGRATION_H + +#include "storage.h" + +void do_migration_if_required(AuthenticatorState* state_current); + +#endif //FIDO2_PR_DATA_MIGRATION_H From 816ca21f0881914a2d0ccc9bfa3cbfafd5fbd602 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:20:56 +0200 Subject: [PATCH 13/79] Correct writing salted hash pinHashEnc is 16 bytes, which is too small to store sha256 result. --- fido2/ctap.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 6e3f652..9081149 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1368,12 +1368,13 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor crypto_aes256_reset_iv(NULL); crypto_aes256_decrypt(pinHashEnc, 16); + uint8_t pinHashEncSalted[32]; crypto_sha256_init(); crypto_sha256_update(pinHashEnc, 16); crypto_sha256_update(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)); - crypto_sha256_final(pinHashEnc); + crypto_sha256_final(pinHashEncSalted); - if (memcmp(pinHashEnc, STATE.PIN_CODE_HASH, 16) != 0) + if (memcmp(pinHashEncSalted, STATE.PIN_CODE_HASH, 16) != 0) { ctap_reset_key_agreement(); ctap_decrement_pin_attempts(); @@ -1409,11 +1410,12 @@ uint8_t ctap_add_pin_if_verified(uint8_t * pinTokenEnc, uint8_t * platform_pubke crypto_aes256_decrypt(pinHashEnc, 16); + uint8_t pinHashEncSalted[32]; crypto_sha256_init(); crypto_sha256_update(pinHashEnc, 16); crypto_sha256_update(STATE.PIN_SALT, sizeof(STATE.PIN_SALT)); - crypto_sha256_final(pinHashEnc); - if (memcmp(pinHashEnc, STATE.PIN_CODE_HASH, 16) != 0) + crypto_sha256_final(pinHashEncSalted); + if (memcmp(pinHashEncSalted, STATE.PIN_CODE_HASH, 16) != 0) { printf2(TAG_ERR,"Pin does not match!\n"); printf2(TAG_ERR,"platform-pin-hash: "); dump_hex1(TAG_ERR, pinHashEnc, 16); From 8e3753e71116b331084af142010bc5f45dbcab17 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:31:09 +0200 Subject: [PATCH 14/79] Add initial STATE migration code (2) --- fido2/ctap.c | 4 ++++ fido2/data_migration.c | 3 +++ fido2/storage.h | 19 ++++++++++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 9081149..29d1006 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -25,6 +25,7 @@ #include "extensions.h" #include "device.h" +#include "data_migration.h" uint8_t PIN_TOKEN[PIN_TOKEN_SIZE]; uint8_t KEY_AGREEMENT_PUB[64]; @@ -1725,6 +1726,7 @@ static void ctap_state_init() STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS; STATE.is_pin_set = 0; STATE.rk_stored = 0; + STATE.data_version = STATE_VERSION; ctap_reset_rk(); @@ -1768,6 +1770,8 @@ void ctap_init() } } + do_migration_if_required(&STATE); + crypto_load_master_secret(STATE.key_space); if (ctap_is_pin_set()) diff --git a/fido2/data_migration.c b/fido2/data_migration.c index e4cbcf1..1228bb1 100644 --- a/fido2/data_migration.c +++ b/fido2/data_migration.c @@ -81,6 +81,9 @@ void do_migration_if_required(AuthenticatorState* state_current){ dump_hex1(TAG_ERR, (void*)&state_previous, sizeof(state_previous)); save_migrated_state(&state_tmp); } + + assert(state_current->data_version == STATE_VERSION); + return_cleanup: memset(&state_tmp, 0, sizeof(AuthenticatorState)); memset(&state_previous, 0, sizeof(AuthenticatorState)); diff --git a/fido2/storage.h b/fido2/storage.h index 6432229..a014e0e 100644 --- a/fido2/storage.h +++ b/fido2/storage.h @@ -12,6 +12,7 @@ #define KEY_SPACE_BYTES 128 #define MAX_KEYS (1) #define PIN_SALT_LEN (32) +#define STATE_VERSION (1) #define BACKUP_MARKER 0x5A @@ -21,6 +22,22 @@ #define ERR_KEY_SPACE_TAKEN (-2) #define ERR_KEY_SPACE_EMPTY (-2) +typedef struct +{ + // Pin information + uint8_t is_initialized; + uint8_t is_pin_set; + uint8_t pin_code[NEW_PIN_ENC_MIN_SIZE]; + int pin_code_length; + int8_t remaining_tries; + + uint16_t rk_stored; + + uint16_t key_lens[MAX_KEYS]; + uint8_t key_space[KEY_SPACE_BYTES]; +} AuthenticatorState_0xFF; + + typedef struct { // Pin information @@ -28,7 +45,7 @@ typedef struct uint8_t is_pin_set; uint8_t PIN_CODE_HASH[32]; uint8_t PIN_SALT[PIN_SALT_LEN]; - int _reserved_pin_code_length; + int _reserved; int8_t remaining_tries; uint16_t rk_stored; From 7f82233d17dcb97110d9da4b0062c60f02d60b3d Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:38:29 +0200 Subject: [PATCH 15/79] Add missing unit for firmware compilation --- targets/stm32l432/build/application.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/targets/stm32l432/build/application.mk b/targets/stm32l432/build/application.mk index 848887f..cda3519 100644 --- a/targets/stm32l432/build/application.mk +++ b/targets/stm32l432/build/application.mk @@ -10,6 +10,7 @@ SRC += $(DRIVER_LIBS) $(USB_LIB) SRC += ../../fido2/apdu.c ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c SRC += ../../fido2/ctap_parse.c ../../fido2/main.c +SRC += ../../fido2/data_migration.c SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c SRC += ../../fido2/extensions/wallet.c From b452e3dfe4e92b11c5bf9b0a09960c8d47766b24 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:47:14 +0200 Subject: [PATCH 16/79] Correct doc --- fido2/ctap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 29d1006..1c1f1c7 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1812,7 +1812,7 @@ uint8_t ctap_is_pin_set() /** * Set new PIN, by updating PIN hash. Save state. - * Globals: PIN_CODE_HASH STATE + * Globals: STATE * @param pin new PIN (raw) * @param len pin array length */ From 5a0cc0d02c81b8797360078985ad9cc6eafa7928 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 11:57:32 +0200 Subject: [PATCH 17/79] Version used STATE data structures --- fido2/data_migration.c | 8 +++----- fido2/storage.h | 4 +++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fido2/data_migration.c b/fido2/data_migration.c index 1228bb1..d525b8c 100644 --- a/fido2/data_migration.c +++ b/fido2/data_migration.c @@ -14,15 +14,13 @@ #define check(x) assert(state_prev_0xff->x == state_tmp_ptr->x); #define check_buf(x) assert(memcmp(state_prev_0xff->x, state_tmp_ptr->x, sizeof(state_tmp_ptr->x)) == 0); -bool migrate_from_FF_to_01(AuthenticatorState* state_previous_ptr, AuthenticatorState* state_tmp_ptr){ +bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, AuthenticatorState_0x01* state_tmp_ptr){ // Calculate PIN hash, and replace PIN raw storage with it; add version to structure // other ingredients do not change if (state_tmp_ptr->data_version != 0xFF) return false; - static_assert(sizeof(AuthenticatorState_0xFF) <= sizeof(AuthenticatorState), "New state structure is smaller, than current one, which is not handled"); - - AuthenticatorState_0xFF* state_prev_0xff = (AuthenticatorState_0xFF *) state_previous_ptr; + static_assert(sizeof(AuthenticatorState_0xFF) <= sizeof(AuthenticatorState_0x01), "New state structure is smaller, than current one, which is not handled"); if (ctap_generate_rng(state_tmp_ptr->PIN_SALT, sizeof(state_tmp_ptr->PIN_SALT)) != 1) { printf2(TAG_ERR, "Error, rng failed\n"); @@ -71,7 +69,7 @@ void do_migration_if_required(AuthenticatorState* state_current){ authenticator_read_state(&state_tmp); if(state_current->data_version == 0xFF){ printf2(TAG_ERR, "Running migration\n"); - bool success = migrate_from_FF_to_01(&state_previous, &state_tmp); + bool success = migrate_from_FF_to_01((AuthenticatorState_0xFF *) &state_previous, &state_tmp); if (!success){ printf2(TAG_ERR, "Failed migration from 0xFF to 1\n"); // FIXME discuss migration failure behavior diff --git a/fido2/storage.h b/fido2/storage.h index a014e0e..271e234 100644 --- a/fido2/storage.h +++ b/fido2/storage.h @@ -53,7 +53,9 @@ typedef struct uint16_t key_lens[MAX_KEYS]; uint8_t key_space[KEY_SPACE_BYTES]; uint8_t data_version; -} AuthenticatorState; +} AuthenticatorState_0x01; + +typedef AuthenticatorState_0x01 AuthenticatorState; typedef struct From a5877f518f759d7d33466816dec41d51744de69d Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 20 Aug 2019 12:42:46 +0200 Subject: [PATCH 18/79] Additional assertions and reordering --- fido2/data_migration.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fido2/data_migration.c b/fido2/data_migration.c index d525b8c..cb21e14 100644 --- a/fido2/data_migration.c +++ b/fido2/data_migration.c @@ -39,14 +39,17 @@ bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, Authenticat crypto_sha256_final(state_tmp_ptr->PIN_CODE_HASH); } + assert(state_tmp_ptr->_reserved == state_prev_0xff->pin_code_length); state_tmp_ptr->_reserved = 0xFF; state_tmp_ptr->data_version = 1; + check(is_initialized); check(is_pin_set); - check(rk_stored); check(remaining_tries); + check(rk_stored); check_buf(key_lens); check_buf(key_space); + assert(state_tmp_ptr->data_version != 0xFF); return true; } From 4b6619b705e04e904c2b500c111f3457f289a40a Mon Sep 17 00:00:00 2001 From: Nicolas Stalder Date: Wed, 21 Aug 2019 02:31:20 +0200 Subject: [PATCH 19/79] Update udev docs --- docs/solo/udev.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/docs/solo/udev.md b/docs/solo/udev.md index 6866f99..7dae7e4 100644 --- a/docs/solo/udev.md +++ b/docs/solo/udev.md @@ -1,20 +1,20 @@ # Summary -On Linux, by default USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed. (Under Fedora, your key may work without such a rule.) +On Linux, by default USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed. -Create a file like [`70-solokeys-access.rules`](https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules) in your `/etc/udev/rules.d` directory, for instance the following rule should cover normal access (it has to be on one line): +For some users, things will work automatically: + - Fedora seems to use a ["universal" udev rule for FIDO devices](https://github.com/amluto/u2f-hidraw-policy) + - Our udev rule made it into [libu2f-host](https://github.com/Yubico/libu2f-host/) v1.1.10 + - Arch Linux [has this package](https://www.archlinux.org/packages/community/x86_64/libu2f-host/) + - [Debian sid](https://packages.debian.org/sid/libu2f-udev) and [Ubuntu Eon](https://packages.ubuntu.com/eoan/libu2f-udev) can use the `libu2f-udev` package + - Debian Buster and Ubuntu Disco still distribute v1.1.10, so need the manual rule + - FreeBSD has support in [u2f-devd](https://github.com/solokeys/solo/issues/144#issuecomment-500216020) -``` -SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", MODE="0660", GROUP="plugdev" -``` +There is hope that `udev` itself will adopt the Fedora approach (which is to check for HID usage page `F1D0`, and avoids manually whitelisting each U2F/FIDO2 key): . -Additionally, run the following command after you create this file (it is not necessary to do this again in the future): +Further progress is tracked in: . -``` -sudo udevadm control --reload-rules && sudo udevadm trigger -``` - -A simple way to setup both the udev rule and the udevadm reload is: +If you still need to setup a rule, a simple way to do it is: ``` git clone git@github.com:solokeys/solo.git @@ -22,9 +22,11 @@ cd solo/udev make setup ``` -We are working on getting user access to Solo keys enabled automatically in common Linux distributions: . - - +Or, manually, create a file like [`70-solokeys-access.rules`](https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules) in your `/etc/udev/rules.d` directory. +Additionally, run the following command after you create this file (it is not necessary to do this again in the future): +``` +sudo udevadm control --reload-rules && sudo udevadm trigger +``` # How do udev rules work and why are they needed From b706cc30b02e21e45d5d5075a3acf63f444d0d8d Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 20 Aug 2019 20:23:18 +0800 Subject: [PATCH 20/79] for now, always gen key agreement --- fido2/ctap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index dea0f3f..c364005 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1678,7 +1678,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) break; default: status = CTAP1_ERR_INVALID_COMMAND; - printf2(TAG_ERR,"error, invalid cmd\n"); + printf2(TAG_ERR,"error, invalid cmd: %x\n", cmd); } done: @@ -1767,7 +1767,7 @@ void ctap_init() exit(1); } - if (device_is_nfc() != NFC_IS_ACTIVE) + // if (device_is_nfc() != NFC_IS_ACTIVE) { ctap_reset_key_agreement(); } From d931954a1395904e796109f7c30901bdf4a40de7 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 20 Aug 2019 20:28:38 +0800 Subject: [PATCH 21/79] remove WTX, move debug log --- targets/stm32l432/src/nfc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index f35f42b..3b42d79 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -489,9 +489,6 @@ void nfc_process_iblock(uint8_t * buf, int len) CTAP_RESPONSE ctap_resp; int status; uint16_t reslen; - - printf1(TAG_NFC,"Iblock: "); - dump_hex1(TAG_NFC, buf, len); uint8_t block_offset = p14443_block_offset(buf[0]); @@ -630,13 +627,15 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp()); - WTX_on(WTX_TIME_DEFAULT); + // WTX_on(WTX_TIME_DEFAULT); request_from_nfc(true); + // if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); ctap_response_init(&ctap_resp); status = ctap_request(apdu.data, apdu.lc, &ctap_resp); + // if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); request_from_nfc(false); - if (!WTX_off()) - return; + // if (!WTX_off()) + // return; printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length); @@ -688,6 +687,9 @@ void nfc_process_iblock(uint8_t * buf, int len) nfc_write_response(buf[0], SW_INS_INVALID); break; } + + printf1(TAG_NFC,"prev.Iblock: "); + dump_hex1(TAG_NFC, buf, len); } static uint8_t ibuf[1024]; From adcbd3aeb8f6a6f851238ab6d98c7df92e55d3be Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 20 Aug 2019 21:06:37 +0800 Subject: [PATCH 22/79] speed up public key derivation slightly for nfc --- fido2/ctap.c | 4 ++++ targets/stm32l432/src/nfc.c | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index c364005..9302e1d 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -256,7 +256,9 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input, switch(algtype) { case COSE_ALG_ES256: + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); crypto_ecc256_derive_public_key(hmac_input, len, x, y); + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); break; default: printf2(TAG_ERR,"Error, COSE alg %d not supported\n", algtype); @@ -1969,7 +1971,9 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key) static void ctap_reset_key_agreement() { + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV); + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); } void ctap_reset() diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 3b42d79..726c47e 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -629,10 +629,8 @@ void nfc_process_iblock(uint8_t * buf, int len) // WTX_on(WTX_TIME_DEFAULT); request_from_nfc(true); - // if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); ctap_response_init(&ctap_resp); status = ctap_request(apdu.data, apdu.lc, &ctap_resp); - // if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); request_from_nfc(false); // if (!WTX_off()) // return; From a72f0ede05ceb04d722156c23bf34dfa5e96869d Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 20 Aug 2019 21:27:52 +0800 Subject: [PATCH 23/79] take a lazy approach to key agreement generation to not hold up boot time for nfc --- fido2/crypto.c | 5 +++++ fido2/crypto.h | 1 + fido2/ctap.c | 14 +++++++------- targets/stm32l432/src/crypto.c | 5 +++++ 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/fido2/crypto.c b/fido2/crypto.c index 63520c1..6aea29f 100644 --- a/fido2/crypto.c +++ b/fido2/crypto.c @@ -262,6 +262,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8 memmove(y,pubkey+32,32); } +void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey) +{ + uECC_compute_public_key(privkey, pubkey, _es256_curve); +} + void crypto_load_external_key(uint8_t * key, int len) { _signing_key = key; diff --git a/fido2/crypto.h b/fido2/crypto.h index e9e4433..6b67b02 100644 --- a/fido2/crypto.h +++ b/fido2/crypto.h @@ -26,6 +26,7 @@ void crypto_sha512_final(uint8_t * hash); void crypto_ecc256_init(); void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y); +void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey); void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2); void crypto_ecc256_load_attestation_key(); diff --git a/fido2/ctap.c b/fido2/ctap.c index 9302e1d..8edf591 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1481,6 +1481,11 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length) ret = cbor_encode_int(&map, RESP_keyAgreement); check_ret(ret); + + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); + crypto_ecc256_compute_public_key(KEY_AGREEMENT_PRIV, KEY_AGREEMENT_PUB); + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); + ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256); check_retr(ret); @@ -1769,10 +1774,7 @@ void ctap_init() exit(1); } - // if (device_is_nfc() != NFC_IS_ACTIVE) - { - ctap_reset_key_agreement(); - } + ctap_reset_key_agreement(); #ifdef BRIDGE_TO_WALLET wallet_init(); @@ -1971,9 +1973,7 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key) static void ctap_reset_key_agreement() { - if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); - crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV); - if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); + ctap_generate_rng(KEY_AGREEMENT_PRIV, sizeof(KEY_AGREEMENT_PRIV)); } void ctap_reset() diff --git a/targets/stm32l432/src/crypto.c b/targets/stm32l432/src/crypto.c index 33fef68..1dde2f3 100644 --- a/targets/stm32l432/src/crypto.c +++ b/targets/stm32l432/src/crypto.c @@ -282,6 +282,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8 memmove(x,pubkey,32); memmove(y,pubkey+32,32); } +void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey) +{ + uECC_compute_public_key(privkey, pubkey, _es256_curve); +} + void crypto_load_external_key(uint8_t * key, int len) { From dccfb0d1b3c4d02185e9c8725772221541fc4ac7 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 20 Aug 2019 21:31:02 +0800 Subject: [PATCH 24/79] stub pc build --- pc/device.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pc/device.c b/pc/device.c index 2a0e166..0944254 100644 --- a/pc/device.c +++ b/pc/device.c @@ -628,3 +628,8 @@ int device_is_nfc() { return 0; } + +void device_set_clock_rate(DEVICE_CLOCK_RATE param) +{ + +} From b743d5fac56a1c598054890f00d4efc58ccdbda2 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Tue, 20 Aug 2019 18:42:20 +0300 Subject: [PATCH 25/79] sketch --- fido2/apdu.h | 2 + targets/stm32l432/src/nfc.c | 87 ++++++++++++++++++++++++++++++++++--- 2 files changed, 84 insertions(+), 5 deletions(-) diff --git a/fido2/apdu.h b/fido2/apdu.h index 44029b3..7ce8477 100644 --- a/fido2/apdu.h +++ b/fido2/apdu.h @@ -44,12 +44,14 @@ extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu); #define APDU_FIDO_NFCCTAP_MSG 0x10 #define APDU_INS_SELECT 0xA4 #define APDU_INS_READ_BINARY 0xB0 +#define APDU_GET_RESPONSE 0xC0 #define SW_SUCCESS 0x9000 #define SW_GET_RESPONSE 0x6100 // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE. #define SW_WRONG_LENGTH 0x6700 #define SW_COND_USE_NOT_SATISFIED 0x6985 #define SW_FILE_NOT_FOUND 0x6a82 +#define SW_INCORRECT_P1P2 0x6a86 #define SW_INS_INVALID 0x6d00 // Instruction code not supported or invalid #define SW_CLA_INVALID 0x6e00 #define SW_INTERNAL_EXCEPTION 0x6f00 diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 726c47e..bf484da 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -14,6 +14,10 @@ #define IS_IRQ_ACTIVE() (1 == (LL_GPIO_ReadInputPort(SOLO_AMS_IRQ_PORT) & SOLO_AMS_IRQ_PIN)) +// chain buffer for 61XX responses +static uint8_t resp_chain_buffer[2048] = {0}; +static size_t resp_chain_buffer_len = 0; + uint8_t p14443_block_offset(uint8_t pcb) { uint8_t offset = 1; // NAD following @@ -213,7 +217,7 @@ bool nfc_write_response(uint8_t req0, uint16_t resp) return nfc_write_response_ex(req0, NULL, 0, resp); } -void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len) +void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) { uint8_t res[32 + 2]; uint8_t iBlock = NFC_CMD_IBLOCK | (req0 & 0x0f); @@ -284,6 +288,38 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len) } } +void append_get_response(uint8_t *data, size_t rest_len) +{ + data[0] = 0x61; + data[1] = 0x00; + if (rest_len <= 0xff) + data[1] = rest_len & 0xff; +} + +void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, bool extapdu) +{ + resp_chain_buffer_len = 0; + + // if we dont need to break data to parts that need to exchange via GET RESPONSE command (ISO 7816-4 7.1.3) +printf1(TAG_NFC, "---%d.\r\n", extapdu); + if (len <= 255 || extapdu) + { + nfc_write_response_chaining_plain(req0, data, len); + } else { + size_t pcklen = MIN(253, len); + resp_chain_buffer_len = len - pcklen; + printf1(TAG_NFC, "61XX chaining %d/%d.\r\n", pcklen, resp_chain_buffer_len); + + memmove(resp_chain_buffer, data, pcklen); + append_get_response(&resp_chain_buffer[pcklen], resp_chain_buffer_len); + + nfc_write_response_chaining_plain(req0, data, pcklen + 2); // 2 for 61XX + + // put the rest data into chain buffer + memmove(resp_chain_buffer, &data[pcklen], resp_chain_buffer_len); + } +} + // WTX on/off: // sends/receives WTX frame to reader every `WTX_time` time in ms // works via timer interrupts @@ -511,6 +547,47 @@ void nfc_process_iblock(uint8_t * buf, int len) // TODO this needs to be organized better switch(apdu.ins) { + // ISO 7816. 7.1 GET RESPONSE command + case APDU_GET_RESPONSE: + if (apdu.p1 != 0x00 || apdu.p2 != 0x00) + { + nfc_write_response(buf[0], SW_INCORRECT_P1P2); + return; + } + + // too many bytes needs. 0x00 and 0x100 - any length + if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > resp_chain_buffer_len) + { + uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700 + if (resp_chain_buffer_len <= 0xff) + wlresp += resp_chain_buffer_len & 0xff; + nfc_write_response(buf[0], wlresp); + return; + } + + // create temporary packet + uint8_t pck[255] = {0}; + int pcklen = MIN(253, apdu.le); + if (pcklen > resp_chain_buffer_len) + pcklen = resp_chain_buffer_len; + + // create packet and add 61XX there if we have another portion(s) of data + memmove(pck, resp_chain_buffer, pcklen); + size_t dlen = 0; + if (resp_chain_buffer_len - pcklen) + { + append_get_response(&pck[pcklen], resp_chain_buffer_len - pcklen); + dlen = 2; + } + + // send + nfc_write_response_chaining(buf[0], pck, pcklen + dlen, apdu.extended_apdu); // dlen for 61XX + + // shift the buffer + resp_chain_buffer_len -= pcklen; + memmove(resp_chain_buffer, &resp_chain_buffer[pcklen], resp_chain_buffer_len); + break; + case APDU_INS_SELECT: // if (apdu->p1 == 0 && apdu->p2 == 0x0c) // { @@ -554,7 +631,7 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "U2F GetVersion command.\r\n"); u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); break; case APDU_FIDO_U2F_REGISTER: @@ -586,7 +663,7 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp()); break; @@ -615,7 +692,7 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp); break; @@ -649,7 +726,7 @@ void nfc_process_iblock(uint8_t * buf, int len) ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff; printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp()); break; From 8059a9765f7aa2d4a1517024ec3a17f14618026e Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Tue, 20 Aug 2019 18:53:46 +0300 Subject: [PATCH 26/79] was wrong buffer --- targets/stm32l432/src/nfc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index bf484da..85dace4 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -301,7 +301,6 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, bool ext resp_chain_buffer_len = 0; // if we dont need to break data to parts that need to exchange via GET RESPONSE command (ISO 7816-4 7.1.3) -printf1(TAG_NFC, "---%d.\r\n", extapdu); if (len <= 255 || extapdu) { nfc_write_response_chaining_plain(req0, data, len); @@ -313,7 +312,7 @@ printf1(TAG_NFC, "---%d.\r\n", extapdu); memmove(resp_chain_buffer, data, pcklen); append_get_response(&resp_chain_buffer[pcklen], resp_chain_buffer_len); - nfc_write_response_chaining_plain(req0, data, pcklen + 2); // 2 for 61XX + nfc_write_response_chaining_plain(req0, resp_chain_buffer, pcklen + 2); // 2 for 61XX // put the rest data into chain buffer memmove(resp_chain_buffer, &data[pcklen], resp_chain_buffer_len); From 62b4418dac714b79d984270d856e0bf05ad5dd03 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Tue, 20 Aug 2019 19:07:33 +0300 Subject: [PATCH 27/79] fix pck length math --- targets/stm32l432/src/nfc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 85dace4..9b75efa 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -551,6 +551,7 @@ void nfc_process_iblock(uint8_t * buf, int len) if (apdu.p1 != 0x00 || apdu.p2 != 0x00) { nfc_write_response(buf[0], SW_INCORRECT_P1P2); + printf1(TAG_NFC, "P1 or P2 error\r\n"); return; } @@ -561,15 +562,20 @@ void nfc_process_iblock(uint8_t * buf, int len) if (resp_chain_buffer_len <= 0xff) wlresp += resp_chain_buffer_len & 0xff; nfc_write_response(buf[0], wlresp); + printf1(TAG_NFC, "buffer length less than requesteds\r\n"); return; } // create temporary packet uint8_t pck[255] = {0}; - int pcklen = MIN(253, apdu.le); + size_t pcklen = 253; + if (apdu.le) + pcklen = apdu.le; if (pcklen > resp_chain_buffer_len) pcklen = resp_chain_buffer_len; + printf1(TAG_NFC, "--- %d/%d\r\n", pcklen, resp_chain_buffer_len); + // create packet and add 61XX there if we have another portion(s) of data memmove(pck, resp_chain_buffer, pcklen); size_t dlen = 0; From 728acc1671292f655022f5511af3a00058337511 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Tue, 20 Aug 2019 19:29:25 +0300 Subject: [PATCH 28/79] chaining not needs to go to the start --- targets/stm32l432/src/nfc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 9b75efa..1d935b0 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -574,8 +574,8 @@ void nfc_process_iblock(uint8_t * buf, int len) if (pcklen > resp_chain_buffer_len) pcklen = resp_chain_buffer_len; - printf1(TAG_NFC, "--- %d/%d\r\n", pcklen, resp_chain_buffer_len); - + printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, resp_chain_buffer_len); + // create packet and add 61XX there if we have another portion(s) of data memmove(pck, resp_chain_buffer, pcklen); size_t dlen = 0; @@ -586,7 +586,7 @@ void nfc_process_iblock(uint8_t * buf, int len) } // send - nfc_write_response_chaining(buf[0], pck, pcklen + dlen, apdu.extended_apdu); // dlen for 61XX + nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX // shift the buffer resp_chain_buffer_len -= pcklen; From 32f920e372b6d6c924f48512a714a9628ef5fea3 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Thu, 22 Aug 2019 19:52:21 +0800 Subject: [PATCH 29/79] compile/crash fixes --- targets/stm32l432/lib/usbd/usbd_ccid.c | 68 ++++---- targets/stm32l432/lib/usbd/usbd_composite.c | 166 ++++++++++---------- targets/stm32l432/src/init.c | 9 +- 3 files changed, 128 insertions(+), 115 deletions(-) diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.c b/targets/stm32l432/lib/usbd/usbd_ccid.c index c452aa3..2a81ef7 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.c +++ b/targets/stm32l432/lib/usbd/usbd_ccid.c @@ -32,7 +32,7 @@ USBD_ClassTypeDef USBD_CCID = NULL, /* EP0_TxSent, */ USBD_CCID_EP0_RxReady, USBD_CCID_DataIn, - usb_ccid_recieve_callback, + USBD_CCID_DataOut, NULL, NULL, NULL, @@ -54,11 +54,10 @@ static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) USBD_LL_OpenEP(pdev, CCID_IN_EP, USBD_EP_TYPE_BULK, CCID_DATA_PACKET_SIZE); - pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 1U; - USBD_LL_OpenEP(pdev, CCID_OUT_EP, USBD_EP_TYPE_BULK, CCID_DATA_PACKET_SIZE); + pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 1U; pdev->ep_out[CCID_OUT_EP & 0xFU].is_used = 1U; @@ -202,32 +201,38 @@ static uint8_t USBD_CCID_Setup (USBD_HandleTypeDef *pdev, * @param epnum: endpoint number * @retval status */ +static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) +{ + return USBD_OK; +} static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum) { //N USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*)pdev->pClassData; PCD_HandleTypeDef *hpcd = pdev->pData; - if(pdev->pClassData != NULL) - { - if((pdev->ep_in[epnum].total_length > 0U) && ((pdev->ep_in[epnum].total_length % hpcd->IN_ep[epnum].maxpacket) == 0U)) - { - /* Update the packet total length */ - pdev->ep_in[epnum].total_length = 0U; + // if(pdev->pClassData != NULL) + // { + // if((pdev->ep_in[epnum].total_length > 0U) && ((pdev->ep_in[epnum].total_length % hpcd->IN_ep[epnum].maxpacket) == 0U)) + // { + // /* Update the packet total length */ + // pdev->ep_in[epnum].total_length = 0U; - /* Send ZLP */ - USBD_LL_Transmit (pdev, epnum, NULL, 0U); - } - else - { - hcdc->TxState = 0U; - } - return USBD_OK; - } - else - { - return USBD_FAIL; - } + // /* Send ZLP */ + // USBD_LL_Transmit (pdev, epnum, NULL, 0U); + // } + // else + // { + // hcdc->TxState = 0U; + // } + // return USBD_OK; + // } + // else + // { + // return USBD_FAIL; + // } + hcdc->TxState = 0U; + return USBD_OK; } uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len) @@ -235,10 +240,21 @@ uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len) /* Update the packet total length */ Solo_USBD_Device.ep_in[CCID_IN_EP & 0xFU].total_length = len; + while (PCD_GET_EP_TX_STATUS(USB, CCID_IN_EP & 0x0f) == USB_EP_TX_VALID) + ; /* Transmit next packet */ USBD_LL_Transmit(&Solo_USBD_Device, CCID_IN_EP, msg, len); + + // /* Update the packet total length */ + // Solo_USBD_Device.ep_in[CCID_CMD_EP & 0xFU].total_length = len; + + // /* Transmit next packet */ + // USBD_LL_Transmit(&Solo_USBD_Device, CCID_CMD_EP, msg, + // len); + + return USBD_OK; } @@ -266,8 +282,6 @@ void ccid_send_status(CCID_HEADER * c) } - - void handle_ccid(uint8_t * msg, int len) { CCID_HEADER * h = (CCID_HEADER *) msg; @@ -316,11 +330,7 @@ uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum) else { - - while(1) - { - led_rgb(0xff3520); - } + while(1){ led_rgb(0xff3520); } return USBD_FAIL; } diff --git a/targets/stm32l432/lib/usbd/usbd_composite.c b/targets/stm32l432/lib/usbd/usbd_composite.c index 1aa641d..7d5fdb4 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.c +++ b/targets/stm32l432/lib/usbd/usbd_composite.c @@ -34,17 +34,17 @@ static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length); #define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 8+9 + 4 + 84) #define NUM_INTERFACES 4 #elif NUM_CLASSES>1 -#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 84) -#define NUM_INTERFACES 2 +#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 8+9 + 4) +#define NUM_INTERFACES 3 #else #define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (41) #define NUM_INTERFACES 1 #endif #define HID_INTF_NUM 0 -#define CCID_INTF_NUM 1 -#define CDC_MASTER_INTF_NUM 2 -#define CDC_SLAVE_INTF_NUM 3 +#define CDC_MASTER_INTF_NUM 1 +#define CDC_SLAVE_INTF_NUM 2 +#define CCID_INTF_NUM 3 __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_SIZE] __ALIGN_END = { /*Configuration Descriptor*/ @@ -101,81 +101,6 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ 0x00, HID_BINTERVAL, /*bInterval: Polling Interval */ -#if NUM_INTERFACES>1 - - /* CCID Interface Descriptor */ - 9, /* bLength: Interface Descriptor size */ - USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ - CCID_INTF_NUM, /* bInterfaceNumber: CCID Interface */ - 0, /* Alternate setting for this interface */ - 3, /* bNumEndpoints: Bulk-IN, Bulk-OUT, Intr-IN */ - 0x0B, /* CCID class */ - 0x00, /* CCID subclass */ - 0x00, /* CCID protocol */ - 0, /* string index for interface */ - - /* ICC Descriptor */ - 54, /* bLength: */ - 0x21, /* bDescriptorType: USBDESCR_ICC */ - 0x10, 0x01, /* bcdCCID: revision 1.1 (of CCID) */ - 0, /* bMaxSlotIndex: */ - 1, /* bVoltageSupport: 5V-only */ - 0x02, 0, 0, 0, /* dwProtocols: T=1 */ - 0xa0, 0x0f, 0, 0, /* dwDefaultClock: 4000 */ - 0xa0, 0x0f, 0, 0, /* dwMaximumClock: 4000 */ - 0, /* bNumClockSupported: 0x00 */ - 0x80, 0x25, 0, 0, /* dwDataRate: 9600 */ - 0x80, 0x25, 0, 0, /* dwMaxDataRate: 9600 */ - 0, /* bNumDataRateSupported: 0x00 */ - 0xfe, 0, 0, 0, /* dwMaxIFSD: 254 */ - 0, 0, 0, 0, /* dwSynchProtocols: 0 */ - 0, 0, 0, 0, /* dwMechanical: 0 */ - 0x7a, 0x04, 0x02, 0x00, /* dwFeatures: - * Short and extended APDU level: 0x40000 ---- - * Short APDU level : 0x20000 * - * (ICCD?) : 0x00800 ---- - * Automatic IFSD : 0x00400 * - * NAD value other than 0x00 : 0x00200 - * Can set ICC in clock stop : 0x00100 - * Automatic PPS CUR : 0x00080 - * Automatic PPS PROP : 0x00040 * - * Auto baud rate change : 0x00020 * - * Auto clock change : 0x00010 * - * Auto voltage selection : 0x00008 * - * Auto activaction of ICC : 0x00004 - * Automatic conf. based on ATR : 0x00002 * - */ - 0x0f, 0x01, 0, 0, /* dwMaxCCIDMessageLength: 271 */ - 0xff, /* bClassGetResponse: 0xff */ - 0x00, /* bClassEnvelope: 0 */ - 0, 0, /* wLCDLayout: 0 */ - 0, /* bPinSupport: No PIN pad */ - - 1, /* bMaxCCIDBusySlots: 1 */ - /*Endpoint IN1 Descriptor*/ - 7, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CCID_IN_EP, /* bEndpointAddress: (IN1) */ - 0x02, /* bmAttributes: Bulk */ - HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ - 0x00, /* bInterval */ - /*Endpoint OUT1 Descriptor*/ - 7, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CCID_OUT_EP, /* bEndpointAddress: (OUT1) */ - 0x02, /* bmAttributes: Bulk */ - HID_FIDO_REPORT_DESC_SIZE, 0x00, /* wMaxPacketSize: */ - 0x00, /* bInterval */ - /*Endpoint IN2 Descriptor*/ - 7, /* bLength: Endpoint Descriptor size */ - USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ - CCID_CMD_EP, /* bEndpointAddress: (IN2) */ - 0x03, /* bmAttributes: Interrupt */ - 0x04, 0x00, /* wMaxPacketSize: 4 */ - 0xFF, /* bInterval (255ms) */ - -#endif - #if NUM_INTERFACES > 2 /* */ @@ -274,6 +199,81 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ 0x04, #endif +#if NUM_INTERFACES>3 + + /* CCID Interface Descriptor */ + 9, /* bLength: Interface Descriptor size */ + USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */ + CCID_INTF_NUM, /* bInterfaceNumber: CCID Interface */ + 0, /* Alternate setting for this interface */ + 3, /* bNumEndpoints: Bulk-IN, Bulk-OUT, Intr-IN */ + 0x0B, /* CCID class */ + 0x00, /* CCID subclass */ + 0x00, /* CCID protocol */ + 0, /* string index for interface */ + + /* ICC Descriptor */ + 54, /* bLength: */ + 0x21, /* bDescriptorType: USBDESCR_ICC */ + 0x10, 0x01, /* bcdCCID: revision 1.1 (of CCID) */ + 0, /* bMaxSlotIndex: */ + 1, /* bVoltageSupport: 5V-only */ + 0x02, 0, 0, 0, /* dwProtocols: T=1 */ + 0xa0, 0x0f, 0, 0, /* dwDefaultClock: 4000 */ + 0xa0, 0x0f, 0, 0, /* dwMaximumClock: 4000 */ + 0, /* bNumClockSupported: 0x00 */ + 0x80, 0x25, 0, 0, /* dwDataRate: 9600 */ + 0x80, 0x25, 0, 0, /* dwMaxDataRate: 9600 */ + 0, /* bNumDataRateSupported: 0x00 */ + 0xfe, 0, 0, 0, /* dwMaxIFSD: 254 */ + 0, 0, 0, 0, /* dwSynchProtocols: 0 */ + 0, 0, 0, 0, /* dwMechanical: 0 */ + 0x7a, 0x04, 0x02, 0x00, /* dwFeatures: + * Short and extended APDU level: 0x40000 ---- + * Short APDU level : 0x20000 * + * (ICCD?) : 0x00800 ---- + * Automatic IFSD : 0x00400 * + * NAD value other than 0x00 : 0x00200 + * Can set ICC in clock stop : 0x00100 + * Automatic PPS CUR : 0x00080 + * Automatic PPS PROP : 0x00040 * + * Auto baud rate change : 0x00020 * + * Auto clock change : 0x00010 * + * Auto voltage selection : 0x00008 * + * Auto activaction of ICC : 0x00004 + * Automatic conf. based on ATR : 0x00002 * + */ + 0x0f, 0x01, 0, 0, /* dwMaxCCIDMessageLength: 271 */ + 0xff, /* bClassGetResponse: 0xff */ + 0x00, /* bClassEnvelope: 0 */ + 0, 0, /* wLCDLayout: 0 */ + 0, /* bPinSupport: No PIN pad */ + + 1, /* bMaxCCIDBusySlots: 1 */ + /*Endpoint IN1 Descriptor*/ + 7, /* bLength: Endpoint Descriptor size */ + USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ + CCID_IN_EP, /* bEndpointAddress: (IN1) */ + 0x02, /* bmAttributes: Bulk */ + CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: */ + 0x00, /* bInterval */ + /*Endpoint OUT1 Descriptor*/ + 7, /* bLength: Endpoint Descriptor size */ + USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ + CCID_OUT_EP, /* bEndpointAddress: (OUT1) */ + 0x02, /* bmAttributes: Bulk */ + CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: */ + 0x00, /* bInterval */ + /*Endpoint IN2 Descriptor*/ + 7, /* bLength: Endpoint Descriptor size */ + USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */ + CCID_CMD_EP, /* bEndpointAddress: (IN2) */ + 0x03, /* bmAttributes: Interrupt */ + CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: 4 */ + 0xFF, /* bInterval (255ms) */ + +#endif + }; @@ -301,7 +301,7 @@ int in_endpoint_to_class[MAX_ENDPOINTS]; int out_endpoint_to_class[MAX_ENDPOINTS]; -void USBD_Composite_Set_Classes(USBD_ClassTypeDef *hid_class, USBD_ClassTypeDef *ccid_class, USBD_ClassTypeDef *cdc_class)) { +void USBD_Composite_Set_Classes(USBD_ClassTypeDef *hid_class, USBD_ClassTypeDef *ccid_class, USBD_ClassTypeDef *cdc_class) { USBD_Classes[0] = hid_class; USBD_Classes[1] = ccid_class; USBD_Classes[2] = cdc_class; @@ -314,10 +314,10 @@ static USBD_ClassTypeDef * getClass(uint8_t index) case HID_INTF_NUM: return USBD_Classes[0]; case CCID_INTF_NUM: - return USBD_Classes[2]; + return USBD_Classes[1]; case CDC_MASTER_INTF_NUM: case CDC_SLAVE_INTF_NUM: - return USBD_Classes[3]; + return USBD_Classes[2]; } return NULL; diff --git a/targets/stm32l432/src/init.c b/targets/stm32l432/src/init.c index 2475bdf..c57392c 100644 --- a/targets/stm32l432/src/init.c +++ b/targets/stm32l432/src/init.c @@ -708,12 +708,15 @@ void init_usb() SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_USBFSEN); #if DEBUG_LEVEL > 0 - USBD_Composite_Set_Classes(&USBD_HID, &USBD_CDC, &USBD_CCID); + USBD_Composite_Set_Classes(&USBD_HID, &USBD_CCID, &USBD_CDC); in_endpoint_to_class[HID_EPIN_ADDR & 0x7F] = 0; out_endpoint_to_class[HID_EPOUT_ADDR & 0x7F] = 0; - in_endpoint_to_class[CDC_IN_EP & 0x7F] = 1; - out_endpoint_to_class[CDC_OUT_EP & 0x7F] = 1; + in_endpoint_to_class[CCID_IN_EP & 0x7F] = 1; + out_endpoint_to_class[CCID_OUT_EP & 0x7F] = 1; + + in_endpoint_to_class[CDC_IN_EP & 0x7F] = 2; + out_endpoint_to_class[CDC_OUT_EP & 0x7F] = 2; USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0); USBD_RegisterClass(&Solo_USBD_Device, &USBD_Composite); From 0d621d13f9e855748b4469adc72703c67294c584 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 21 Aug 2019 17:30:37 +0300 Subject: [PATCH 30/79] fix decoding apdu --- fido2/apdu.c | 2 +- fido2/ctap.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fido2/apdu.c b/fido2/apdu.c index df89099..3d5bf49 100644 --- a/fido2/apdu.c +++ b/fido2/apdu.c @@ -13,7 +13,7 @@ int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) { EXT_APDU_HEADER *hapdu = (EXT_APDU_HEADER *)data; - apdu->cla = hapdu->cla; + apdu->cla = hapdu->cla & 0xef; // mask chaining bit if any apdu->ins = hapdu->ins; apdu->p1 = hapdu->p1; apdu->p2 = hapdu->p2; diff --git a/fido2/ctap.c b/fido2/ctap.c index 8edf591..2536c9e 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1685,7 +1685,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) break; default: status = CTAP1_ERR_INVALID_COMMAND; - printf2(TAG_ERR,"error, invalid cmd: %x\n", cmd); + printf2(TAG_ERR,"error, invalid cmd: 0x%02x\n", cmd); } done: From 972760eb78d596352b162475d28b0e661176f1ed Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 21 Aug 2019 20:55:57 +0300 Subject: [PATCH 31/79] added APDU input chaining --- targets/stm32l432/src/nfc.c | 85 ++++++++++++++++++++++++++----------- 1 file changed, 61 insertions(+), 24 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 1d935b0..803f09d 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -15,8 +15,9 @@ #define IS_IRQ_ACTIVE() (1 == (LL_GPIO_ReadInputPort(SOLO_AMS_IRQ_PORT) & SOLO_AMS_IRQ_PIN)) // chain buffer for 61XX responses -static uint8_t resp_chain_buffer[2048] = {0}; -static size_t resp_chain_buffer_len = 0; +static uint8_t chain_buffer[2048] = {0}; +static size_t chain_buffer_len = 0; +static bool chain_buffer_tx = false; uint8_t p14443_block_offset(uint8_t pcb) { uint8_t offset = 1; @@ -298,7 +299,8 @@ void append_get_response(uint8_t *data, size_t rest_len) void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, bool extapdu) { - resp_chain_buffer_len = 0; + chain_buffer_len = 0; + chain_buffer_tx = true; // if we dont need to break data to parts that need to exchange via GET RESPONSE command (ISO 7816-4 7.1.3) if (len <= 255 || extapdu) @@ -306,16 +308,16 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, bool ext nfc_write_response_chaining_plain(req0, data, len); } else { size_t pcklen = MIN(253, len); - resp_chain_buffer_len = len - pcklen; - printf1(TAG_NFC, "61XX chaining %d/%d.\r\n", pcklen, resp_chain_buffer_len); + chain_buffer_len = len - pcklen; + printf1(TAG_NFC, "61XX chaining %d/%d.\r\n", pcklen, chain_buffer_len); - memmove(resp_chain_buffer, data, pcklen); - append_get_response(&resp_chain_buffer[pcklen], resp_chain_buffer_len); + memmove(chain_buffer, data, pcklen); + append_get_response(&chain_buffer[pcklen], chain_buffer_len); - nfc_write_response_chaining_plain(req0, resp_chain_buffer, pcklen + 2); // 2 for 61XX + nfc_write_response_chaining_plain(req0, chain_buffer, pcklen + 2); // 2 for 61XX // put the rest data into chain buffer - memmove(resp_chain_buffer, &data[pcklen], resp_chain_buffer_len); + memmove(chain_buffer, &data[pcklen], chain_buffer_len); } } @@ -526,7 +528,13 @@ void nfc_process_iblock(uint8_t * buf, int len) uint16_t reslen; uint8_t block_offset = p14443_block_offset(buf[0]); - + + // clear tx chain buffer if we have some other command than GET RESPONSE + if (chain_buffer_tx && buf[block_offset + 1] != APDU_GET_RESPONSE) { + chain_buffer_len = 0; + chain_buffer_tx = false; + } + APDU_STRUCT apdu; if (apdu_decode(buf + block_offset, len - block_offset, &apdu)) { printf1(TAG_NFC,"apdu decode error\r\n"); @@ -536,6 +544,31 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n", apdu.extended_apdu ? "[e]":"", apdu.case_type, apdu.cla, apdu.ins, apdu.p1, apdu.p2, apdu.lc, apdu.le); + // APDU level chaining. ISO7816-4, 5.1.1. class byte + if (!chain_buffer_tx && buf[block_offset] & 0x10) { + + if (chain_buffer_len + len > sizeof(chain_buffer)) { + nfc_write_response(buf[0], SW_WRONG_LENGTH); + return; + } + + memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc); + chain_buffer_len += apdu.lc; + delay(1); + nfc_write_response(buf[0], SW_SUCCESS); + printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len); + return; + } + + // if we have ISO 7816 APDU chain - move there all the data + if (!chain_buffer_tx && chain_buffer_len > 0) { + delay(1); + memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc); + memmove(apdu.data, chain_buffer, chain_buffer_len); + apdu.lc += chain_buffer_len; // here apdu struct does not match with memory! + printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc); + } + // check CLA if (apdu.cla != 0x00 && apdu.cla != 0x80) { printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla); @@ -556,11 +589,11 @@ void nfc_process_iblock(uint8_t * buf, int len) } // too many bytes needs. 0x00 and 0x100 - any length - if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > resp_chain_buffer_len) + if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > chain_buffer_len) { uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700 - if (resp_chain_buffer_len <= 0xff) - wlresp += resp_chain_buffer_len & 0xff; + if (chain_buffer_len <= 0xff) + wlresp += chain_buffer_len & 0xff; nfc_write_response(buf[0], wlresp); printf1(TAG_NFC, "buffer length less than requesteds\r\n"); return; @@ -571,17 +604,17 @@ void nfc_process_iblock(uint8_t * buf, int len) size_t pcklen = 253; if (apdu.le) pcklen = apdu.le; - if (pcklen > resp_chain_buffer_len) - pcklen = resp_chain_buffer_len; + if (pcklen > chain_buffer_len) + pcklen = chain_buffer_len; - printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, resp_chain_buffer_len); + printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len); // create packet and add 61XX there if we have another portion(s) of data - memmove(pck, resp_chain_buffer, pcklen); + memmove(pck, chain_buffer, pcklen); size_t dlen = 0; - if (resp_chain_buffer_len - pcklen) + if (chain_buffer_len - pcklen) { - append_get_response(&pck[pcklen], resp_chain_buffer_len - pcklen); + append_get_response(&pck[pcklen], chain_buffer_len - pcklen); dlen = 2; } @@ -589,8 +622,8 @@ void nfc_process_iblock(uint8_t * buf, int len) nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX // shift the buffer - resp_chain_buffer_len -= pcklen; - memmove(resp_chain_buffer, &resp_chain_buffer[pcklen], resp_chain_buffer_len); + chain_buffer_len -= pcklen; + memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len); break; case APDU_INS_SELECT: @@ -712,6 +745,9 @@ void nfc_process_iblock(uint8_t * buf, int len) // WTX_on(WTX_TIME_DEFAULT); request_from_nfc(true); ctap_response_init(&ctap_resp); + delay(1); + printf1(TAG_NFC,"[%d] ", apdu.lc); + dump_hex1(TAG_NFC,apdu.data, apdu.lc); status = ctap_request(apdu.data, apdu.lc, &ctap_resp); request_from_nfc(false); // if (!WTX_off()) @@ -803,7 +839,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len) uint8_t block_offset = p14443_block_offset(buf[0]); if (buf[0] & 0x10) { - printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d\r\n", ibuflen, len); + printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d offs=%d\r\n", ibuflen, len, block_offset); if (ibuflen + len > sizeof(ibuf)) { printf1(TAG_NFC, "I block memory error! must have %d but have only %d\r\n", ibuflen + len, sizeof(ibuf)); @@ -836,14 +872,15 @@ void nfc_process_block(uint8_t * buf, unsigned int len) memmove(ibuf, buf, block_offset); ibuflen += block_offset; - printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining last block. blen=%d len=%d\r\n", ibuflen, len); + printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining last block. blen=%d len=%d offset=%d\r\n", ibuflen, len, block_offset); printf1(TAG_NFC_APDU,"i> "); dump_hex1(TAG_NFC_APDU, buf, len); nfc_process_iblock(ibuf, ibuflen); } else { - nfc_process_iblock(buf, len); + memcpy(ibuf, buf, len); // because buf only 32b + nfc_process_iblock(ibuf, len); } clear_ibuf(); } From dfb124dc8bdd3b3234072660a84952c901c73f32 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 15:04:19 +0300 Subject: [PATCH 32/79] refactoring --- targets/stm32l432/src/nfc.c | 474 ++++++++++++++++++------------------ 1 file changed, 240 insertions(+), 234 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 803f09d..00a2d63 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -520,13 +520,251 @@ int select_applet(uint8_t * aid, int len) return APP_NOTHING; } -void nfc_process_iblock(uint8_t * buf, int len) +void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) { int selected; CTAP_RESPONSE ctap_resp; int status; uint16_t reslen; + // check CLA + if (apdu->cla != 0x00 && apdu->cla != 0x80) { + printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu->cla); + nfc_write_response(buf0, SW_CLA_INVALID); + return; + } + + // TODO this needs to be organized better + switch(apdu->ins) + { + // ISO 7816. 7.1 GET RESPONSE command + case APDU_GET_RESPONSE: + if (apdu->p1 != 0x00 || apdu->p2 != 0x00) + { + nfc_write_response(buf0, SW_INCORRECT_P1P2); + printf1(TAG_NFC, "P1 or P2 error\r\n"); + return; + } + + // too many bytes needs. 0x00 and 0x100 - any length + if (apdu->le != 0 && apdu->le != 0x100 && apdu->le > chain_buffer_len) + { + uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700 + if (chain_buffer_len <= 0xff) + wlresp += chain_buffer_len & 0xff; + nfc_write_response(buf0, wlresp); + printf1(TAG_NFC, "buffer length less than requesteds\r\n"); + return; + } + + // create temporary packet + uint8_t pck[255] = {0}; + size_t pcklen = 253; + if (apdu->le) + pcklen = apdu->le; + if (pcklen > chain_buffer_len) + pcklen = chain_buffer_len; + + printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len); + + // create packet and add 61XX there if we have another portion(s) of data + memmove(pck, chain_buffer, pcklen); + size_t dlen = 0; + if (chain_buffer_len - pcklen) + { + append_get_response(&pck[pcklen], chain_buffer_len - pcklen); + dlen = 2; + } + + // send + nfc_write_response_chaining_plain(buf0, pck, pcklen + dlen); // dlen for 61XX + + // shift the buffer + chain_buffer_len -= pcklen; + memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len); + break; + + case APDU_INS_SELECT: + // if (apdu->p1 == 0 && apdu->p2 == 0x0c) + // { + // printf1(TAG_NFC,"Select NDEF\r\n"); + // + // NFC_STATE.selected_applet = APP_NDEF_TAG; + // // Select NDEF file! + // res[0] = NFC_CMD_IBLOCK | (buf[0] & 1); + // res[1] = SW_SUCCESS>>8; + // res[2] = SW_SUCCESS & 0xff; + // nfc_write_frame(res, 3); + // printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3); + // } + // else + { + selected = select_applet(apdu->data, apdu->lc); + if (selected == APP_FIDO) + { + nfc_write_response_ex(buf0, (uint8_t *)"U2F_V2", 6, SW_SUCCESS); + printf1(TAG_NFC, "FIDO applet selected.\r\n"); + } + else if (selected != APP_NOTHING) + { + nfc_write_response(buf0, SW_SUCCESS); + printf1(TAG_NFC, "SELECTED %d\r\n", selected); + } + else + { + nfc_write_response(buf0, SW_FILE_NOT_FOUND); + printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu->data, apdu->lc); + } + } + break; + + case APDU_FIDO_U2F_VERSION: + if (NFC_STATE.selected_applet != APP_FIDO) { + nfc_write_response(buf0, SW_INS_INVALID); + break; + } + + printf1(TAG_NFC, "U2F GetVersion command.\r\n"); + + u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp); + nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu); + break; + + case APDU_FIDO_U2F_REGISTER: + if (NFC_STATE.selected_applet != APP_FIDO) { + nfc_write_response(buf0, SW_INS_INVALID); + break; + } + + printf1(TAG_NFC, "U2F Register command.\r\n"); + + if (apdu->lc != 64) + { + printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu->lc); + nfc_write_response(buf0, SW_WRONG_LENGTH); + return; + } + + timestamp(); + + + // WTX_on(WTX_TIME_DEFAULT); + // SystemClock_Config_LF32(); + // delay(300); + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); + u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp); + if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); + // if (!WTX_off()) + // return; + + printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); + printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp()); + nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu); + + printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp()); + break; + + case APDU_FIDO_U2F_AUTHENTICATE: + if (NFC_STATE.selected_applet != APP_FIDO) { + nfc_write_response(buf0, SW_INS_INVALID); + break; + } + + printf1(TAG_NFC, "U2F Authenticate command.\r\n"); + + if (apdu->lc != 64 + 1 + apdu->data[64]) + { + delay(5); + printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu->lc, apdu->data[64]); + nfc_write_response(buf0, SW_WRONG_LENGTH); + return; + } + + timestamp(); + // WTX_on(WTX_TIME_DEFAULT); + u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp); + // if (!WTX_off()) + // return; + + printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); + printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp()); + nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu); + printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp); + break; + + case APDU_FIDO_NFCCTAP_MSG: + if (NFC_STATE.selected_applet != APP_FIDO) { + nfc_write_response(buf0, SW_INS_INVALID); + return; + } + + printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp()); + + // WTX_on(WTX_TIME_DEFAULT); + request_from_nfc(true); + ctap_response_init(&ctap_resp); + delay(1); + printf1(TAG_NFC,"[%d] ", apdu->lc); + dump_hex1(TAG_NFC, apdu->data, apdu->lc); + status = ctap_request(apdu->data, apdu->lc, &ctap_resp); + request_from_nfc(false); + // if (!WTX_off()) + // return; + + printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length); + + if (status == CTAP1_ERR_SUCCESS) + { + memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length); + ctap_resp.length += 3; + } else { + ctap_resp.length = 3; + } + ctap_resp.data[0] = status; + ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8; + ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff; + + printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp()); + nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu); + printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp()); + break; + + case APDU_INS_READ_BINARY: + // response length + reslen = apdu->le & 0xffff; + switch(NFC_STATE.selected_applet) + { + case APP_CAPABILITY_CONTAINER: + printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n"); + if (reslen == 0 || reslen > sizeof(NFC_CC)) + reslen = sizeof(NFC_CC); + nfc_write_response_ex(buf0, (uint8_t *)&NFC_CC, reslen, SW_SUCCESS); + ams_wait_for_tx(10); + break; + case APP_NDEF_TAG: + printf1(TAG_NFC,"APP_NDEF_TAG\r\n"); + if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1) + reslen = sizeof(NDEF_SAMPLE) - 1; + nfc_write_response_ex(buf0, NDEF_SAMPLE, reslen, SW_SUCCESS); + ams_wait_for_tx(10); + break; + default: + nfc_write_response(buf0, SW_FILE_NOT_FOUND); + printf1(TAG_ERR, "No binary applet selected!\r\n"); + return; + break; + } + break; + + default: + printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins); + nfc_write_response(buf0, SW_INS_INVALID); + break; + } +} + +void nfc_process_iblock(uint8_t * buf, int len) +{ uint8_t block_offset = p14443_block_offset(buf[0]); // clear tx chain buffer if we have some other command than GET RESPONSE @@ -569,240 +807,8 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc); } - // check CLA - if (apdu.cla != 0x00 && apdu.cla != 0x80) { - printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla); - nfc_write_response(buf[0], SW_CLA_INVALID); - return; - } - // TODO this needs to be organized better - switch(apdu.ins) - { - // ISO 7816. 7.1 GET RESPONSE command - case APDU_GET_RESPONSE: - if (apdu.p1 != 0x00 || apdu.p2 != 0x00) - { - nfc_write_response(buf[0], SW_INCORRECT_P1P2); - printf1(TAG_NFC, "P1 or P2 error\r\n"); - return; - } - - // too many bytes needs. 0x00 and 0x100 - any length - if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > chain_buffer_len) - { - uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700 - if (chain_buffer_len <= 0xff) - wlresp += chain_buffer_len & 0xff; - nfc_write_response(buf[0], wlresp); - printf1(TAG_NFC, "buffer length less than requesteds\r\n"); - return; - } - - // create temporary packet - uint8_t pck[255] = {0}; - size_t pcklen = 253; - if (apdu.le) - pcklen = apdu.le; - if (pcklen > chain_buffer_len) - pcklen = chain_buffer_len; - - printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len); - - // create packet and add 61XX there if we have another portion(s) of data - memmove(pck, chain_buffer, pcklen); - size_t dlen = 0; - if (chain_buffer_len - pcklen) - { - append_get_response(&pck[pcklen], chain_buffer_len - pcklen); - dlen = 2; - } - - // send - nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX - - // shift the buffer - chain_buffer_len -= pcklen; - memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len); - break; - - case APDU_INS_SELECT: - // if (apdu->p1 == 0 && apdu->p2 == 0x0c) - // { - // printf1(TAG_NFC,"Select NDEF\r\n"); - // - // NFC_STATE.selected_applet = APP_NDEF_TAG; - // // Select NDEF file! - // res[0] = NFC_CMD_IBLOCK | (buf[0] & 1); - // res[1] = SW_SUCCESS>>8; - // res[2] = SW_SUCCESS & 0xff; - // nfc_write_frame(res, 3); - // printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3); - // } - // else - { - selected = select_applet(apdu.data, apdu.lc); - if (selected == APP_FIDO) - { - nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS); - printf1(TAG_NFC, "FIDO applet selected.\r\n"); - } - else if (selected != APP_NOTHING) - { - nfc_write_response(buf[0], SW_SUCCESS); - printf1(TAG_NFC, "SELECTED %d\r\n", selected); - } - else - { - nfc_write_response(buf[0], SW_FILE_NOT_FOUND); - printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu.data, apdu.lc); - } - } - break; - - case APDU_FIDO_U2F_VERSION: - if (NFC_STATE.selected_applet != APP_FIDO) { - nfc_write_response(buf[0], SW_INS_INVALID); - break; - } - - printf1(TAG_NFC, "U2F GetVersion command.\r\n"); - - u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); - break; - - case APDU_FIDO_U2F_REGISTER: - if (NFC_STATE.selected_applet != APP_FIDO) { - nfc_write_response(buf[0], SW_INS_INVALID); - break; - } - - printf1(TAG_NFC, "U2F Register command.\r\n"); - - if (apdu.lc != 64) - { - printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu.lc); - nfc_write_response(buf[0], SW_WRONG_LENGTH); - return; - } - - timestamp(); - - - // WTX_on(WTX_TIME_DEFAULT); - // SystemClock_Config_LF32(); - // delay(300); - if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST); - u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp); - if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE); - // if (!WTX_off()) - // return; - - printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); - printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); - - printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp()); - break; - - case APDU_FIDO_U2F_AUTHENTICATE: - if (NFC_STATE.selected_applet != APP_FIDO) { - nfc_write_response(buf[0], SW_INS_INVALID); - break; - } - - printf1(TAG_NFC, "U2F Authenticate command.\r\n"); - - if (apdu.lc != 64 + 1 + apdu.data[64]) - { - delay(5); - printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu.lc, apdu.data[64]); - nfc_write_response(buf[0], SW_WRONG_LENGTH); - return; - } - - timestamp(); - // WTX_on(WTX_TIME_DEFAULT); - u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp); - // if (!WTX_off()) - // return; - - printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); - printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); - printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp); - break; - - case APDU_FIDO_NFCCTAP_MSG: - if (NFC_STATE.selected_applet != APP_FIDO) { - nfc_write_response(buf[0], SW_INS_INVALID); - return; - } - - printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp()); - - // WTX_on(WTX_TIME_DEFAULT); - request_from_nfc(true); - ctap_response_init(&ctap_resp); - delay(1); - printf1(TAG_NFC,"[%d] ", apdu.lc); - dump_hex1(TAG_NFC,apdu.data, apdu.lc); - status = ctap_request(apdu.data, apdu.lc, &ctap_resp); - request_from_nfc(false); - // if (!WTX_off()) - // return; - - printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length); - - if (status == CTAP1_ERR_SUCCESS) - { - memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length); - ctap_resp.length += 3; - } else { - ctap_resp.length = 3; - } - ctap_resp.data[0] = status; - ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8; - ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff; - - printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu); - printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp()); - break; - - case APDU_INS_READ_BINARY: - // response length - reslen = apdu.le & 0xffff; - switch(NFC_STATE.selected_applet) - { - case APP_CAPABILITY_CONTAINER: - printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n"); - if (reslen == 0 || reslen > sizeof(NFC_CC)) - reslen = sizeof(NFC_CC); - nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, reslen, SW_SUCCESS); - ams_wait_for_tx(10); - break; - case APP_NDEF_TAG: - printf1(TAG_NFC,"APP_NDEF_TAG\r\n"); - if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1) - reslen = sizeof(NDEF_SAMPLE) - 1; - nfc_write_response_ex(buf[0], NDEF_SAMPLE, reslen, SW_SUCCESS); - ams_wait_for_tx(10); - break; - default: - nfc_write_response(buf[0], SW_FILE_NOT_FOUND); - printf1(TAG_ERR, "No binary applet selected!\r\n"); - return; - break; - } - break; - - default: - printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu.ins); - nfc_write_response(buf[0], SW_INS_INVALID); - break; - } + apdu_process(buf[0], &buf[block_offset], &apdu); printf1(TAG_NFC,"prev.Iblock: "); dump_hex1(TAG_NFC, buf, len); From c79b7abfb6a86822c88ed21bc6132f1d638f7eca Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 15:12:59 +0300 Subject: [PATCH 33/79] add reset placeholder --- fido2/apdu.h | 4 ++++ targets/stm32l432/src/nfc.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/fido2/apdu.h b/fido2/apdu.h index 7ce8477..420fea6 100644 --- a/fido2/apdu.h +++ b/fido2/apdu.h @@ -42,6 +42,10 @@ extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu); #define APDU_FIDO_U2F_AUTHENTICATE 0x02 #define APDU_FIDO_U2F_VERSION 0x03 #define APDU_FIDO_NFCCTAP_MSG 0x10 +#define APDU_FIDO_U2F_VENDOR_FIRST 0xc0 // First vendor defined command +#define APDU_FIDO_U2F_VENDOR_LAST 0xff // Last vendor defined command +#define APDU_SOLO_RESET 0xee + #define APDU_INS_SELECT 0xA4 #define APDU_INS_READ_BINARY 0xB0 #define APDU_GET_RESPONSE 0xC0 diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 00a2d63..b2aded8 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -756,6 +756,12 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) } break; + case APDU_SOLO_RESET: + printf1(TAG_NFC, "Reset...\r\n"); + delay(10); + nfc_write_response(buf0, SW_INS_INVALID); + break; + default: printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins); nfc_write_response(buf0, SW_INS_INVALID); From a95e62e2ea80eeee08ecd936837af8bd50ba5217 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 15:33:28 +0300 Subject: [PATCH 34/79] reset --- targets/stm32l432/src/nfc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index b2aded8..d49782d 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -757,9 +757,15 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) break; case APDU_SOLO_RESET: - printf1(TAG_NFC, "Reset...\r\n"); - delay(10); - nfc_write_response(buf0, SW_INS_INVALID); + if (apdu.lc == 18 && !memcmp(apdu.data, "Reset solo please>", 18)) { + printf1(TAG_NFC, "Reset...\r\n"); + delay(10); + NVIC_SystemReset(); + while(1); + } else { + printf1(TAG_NFC, "Reset FAIL\r\n"); + nfc_write_response(buf[0], SW_INS_INVALID); + } break; default: From c972a130345fed901408228ebcbe15c153ecedaa Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 15:49:33 +0300 Subject: [PATCH 35/79] fix reboot --- fido2/device.h | 1 + pc/device.c | 6 +++++- targets/stm32l432/src/nfc.c | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fido2/device.h b/fido2/device.h index 0c11fe8..d440ca6 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -30,6 +30,7 @@ void main_loop_delay(); void heartbeat(); +void device_reboot(); void authenticator_read_state(AuthenticatorState * ); diff --git a/pc/device.c b/pc/device.c index 0944254..cf91610 100644 --- a/pc/device.c +++ b/pc/device.c @@ -43,7 +43,11 @@ void device_set_status(uint32_t status) __device_status = status; } - +void device_reboot() +{ + printf1(TAG_RED, "REBOOT command recieved!\r\n"); + exit(100); +} int udp_server() { diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index d49782d..ed01e9a 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -757,10 +757,10 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) break; case APDU_SOLO_RESET: - if (apdu.lc == 18 && !memcmp(apdu.data, "Reset solo please>", 18)) { + if (apdu.lc == 4 && !memcmp(apdu.data, "\x12\x56\xab\xf0", 4)) { printf1(TAG_NFC, "Reset...\r\n"); delay(10); - NVIC_SystemReset(); + device_reboot(); while(1); } else { printf1(TAG_NFC, "Reset FAIL\r\n"); From d39d7978fdf4aa3e76af17e9409ad6fc62639201 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 15:58:53 +0300 Subject: [PATCH 36/79] small fix --- targets/stm32l432/src/nfc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index ed01e9a..3dd8725 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -757,14 +757,14 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) break; case APDU_SOLO_RESET: - if (apdu.lc == 4 && !memcmp(apdu.data, "\x12\x56\xab\xf0", 4)) { + if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) { printf1(TAG_NFC, "Reset...\r\n"); delay(10); device_reboot(); while(1); } else { printf1(TAG_NFC, "Reset FAIL\r\n"); - nfc_write_response(buf[0], SW_INS_INVALID); + nfc_write_response(buf0, SW_INS_INVALID); } break; From 8af6505f6d7e672a652fad2146874d1322710344 Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2019 19:40:02 +0000 Subject: [PATCH 37/79] docs: update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ba13ea7..a86fb7b 100644 --- a/README.md +++ b/README.md @@ -134,6 +134,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d Piotr Esden-Tempski
Piotr Esden-Tempski
💼 f.m3hm00d
f.m3hm00d
📖 Richard Hughes
Richard Hughes
🤔 💻 🚇 🔧 + Kim Schulz
Kim Schulz
💼 🤔 @@ -167,7 +168,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE) -[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors) +[![All Contributors](https://img.shields.io/badge/all_contributors-18-orange.svg?style=flat-square)](#contributors) [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo) [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com) [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public) From 8973608f59d461eacfda4f1423531b4d311f3b97 Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2019 19:40:03 +0000 Subject: [PATCH 38/79] docs: update .all-contributorsrc --- .all-contributorsrc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.all-contributorsrc b/.all-contributorsrc index aed6148..253fb36 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -168,6 +168,16 @@ "infra", "tool" ] + }, + { + "login": "kimusan", + "name": "Kim Schulz", + "avatar_url": "https://avatars1.githubusercontent.com/u/1150049?v=4", + "profile": "http://www.schulz.dk", + "contributions": [ + "business", + "ideas" + ] } ], "contributorsPerLine": 7, From 3fad9a7a7db234ba3709222d001b207dc1843b99 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 22 Aug 2019 17:43:11 +0300 Subject: [PATCH 39/79] add response to reset command and delete debug --- targets/stm32l432/src/nfc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 3dd8725..73f1d3a 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -703,9 +703,6 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) // WTX_on(WTX_TIME_DEFAULT); request_from_nfc(true); ctap_response_init(&ctap_resp); - delay(1); - printf1(TAG_NFC,"[%d] ", apdu->lc); - dump_hex1(TAG_NFC, apdu->data, apdu->lc); status = ctap_request(apdu->data, apdu->lc, &ctap_resp); request_from_nfc(false); // if (!WTX_off()) @@ -759,7 +756,8 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) case APDU_SOLO_RESET: if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) { printf1(TAG_NFC, "Reset...\r\n"); - delay(10); + nfc_write_response(buf0, SW_SUCCESS); + delay(20); device_reboot(); while(1); } else { From 3b53537077184090170ec65b4db9ef23f7a66853 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Aug 2019 13:09:23 +0800 Subject: [PATCH 40/79] refactor fido2 user presence handling & increase timeout to 29s --- fido2/ctap.c | 41 ++++++++++++++++++----------------------- fido2/ctap.h | 2 +- fido2/ctap_errors.h | 1 + 3 files changed, 20 insertions(+), 24 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 2536c9e..8f49102 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -437,7 +437,19 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred) static int ctap2_user_presence_test() { device_set_status(CTAPHID_STATUS_UPNEEDED); - return ctap_user_presence_test(CTAP2_UP_DELAY_MS); + int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS); + if ( ret > 0 ) + { + return CTAP1_ERR_SUCCESS; + } + else if (ret < 0) + { + return CTAP2_ERR_KEEPALIVE_CANCEL; + } + else + { + return CTAP2_ERR_ACTION_TIMEOUT; + } } static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo) @@ -470,15 +482,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au int but; but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS); - - if (!but) - { - return CTAP2_ERR_OPERATION_DENIED; - } - else if (but < 0) // Cancel - { - return CTAP2_ERR_KEEPALIVE_CANCEL; - } + check_retr(but); device_set_status(CTAPHID_STATUS_PROCESSING); @@ -707,10 +711,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt } if (MC.pinAuthEmpty) { - if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS)) - { - return CTAP2_ERR_OPERATION_DENIED; - } + check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) ); return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET; } if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask) @@ -1143,10 +1144,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) if (GA.pinAuthEmpty) { - if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS)) - { - return CTAP2_ERR_OPERATION_DENIED; - } + check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) ); return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET; } if (GA.pinAuthPresent) @@ -1656,14 +1654,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) break; case CTAP_RESET: printf1(TAG_CTAP,"CTAP_RESET\n"); - if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS)) + status = ctap2_user_presence_test(CTAP2_UP_DELAY_MS); + if (status == CTAP1_ERR_SUCCESS) { ctap_reset(); } - else - { - status = CTAP2_ERR_OPERATION_DENIED; - } break; case GET_NEXT_ASSERTION: printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n"); diff --git a/fido2/ctap.h b/fido2/ctap.h index 51a5c11..6bfdf57 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -131,7 +131,7 @@ #define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total #define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot -#define CTAP2_UP_DELAY_MS 5000 +#define CTAP2_UP_DELAY_MS 29000 typedef struct { diff --git a/fido2/ctap_errors.h b/fido2/ctap_errors.h index a749651..fc2f257 100644 --- a/fido2/ctap_errors.h +++ b/fido2/ctap_errors.h @@ -49,6 +49,7 @@ #define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37 #define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38 #define CTAP2_ERR_REQUEST_TOO_LARGE 0x39 +#define CTAP2_ERR_ACTION_TIMEOUT 0x3A #define CTAP1_ERR_OTHER 0x7F #define CTAP2_ERR_SPEC_LAST 0xDF #define CTAP2_ERR_EXTENSION_FIRST 0xE0 From b3ac739a359afc1617ca64a71b9253f85a1242b6 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Aug 2019 13:33:34 +0800 Subject: [PATCH 41/79] make touch sensor edge based to avoid approving >1 transaction --- targets/stm32l432/src/device.c | 37 ++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 49bbfe7..8c5f679 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -60,6 +60,29 @@ static int is_touch_button_pressed() int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed; +static void edge_detect_touch_button() +{ + static uint8_t last_touch = 0; + uint8_t current_touch = 0; + if (is_touch_button_pressed == IS_BUTTON_PRESSED) + { + current_touch = IS_BUTTON_PRESSED(); + + // 1 sample per 25 ms + if ((millis() - __last_button_bounce_time) > 25) + { + // Detect "touch / rising edge" + if (!last_touch && current_touch) + { + __last_button_press_time = millis(); + } + __last_button_bounce_time = millis(); + last_touch = current_touch; + } + } + +} + void request_from_nfc(bool request_active) { _RequestComeFromNFC = request_active; } @@ -78,19 +101,7 @@ void TIM6_DAC_IRQHandler() } } - - if (is_touch_button_pressed == IS_BUTTON_PRESSED) - { - if (IS_BUTTON_PRESSED()) - { - // Only allow 1 press per 25 ms. - if ((millis() - __last_button_bounce_time) > 25) - { - __last_button_press_time = millis(); - } - __last_button_bounce_time = millis(); - } - } + edge_detect_touch_button(); #ifndef IS_BOOTLOADER // NFC sending WTX if needs From affc256ca21657b4b809624a34285f372404eb54 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Aug 2019 14:28:25 +0800 Subject: [PATCH 42/79] add delay to cap button improve reliability --- targets/stm32l432/src/device.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 8c5f679..65bfdb4 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -55,7 +55,14 @@ static int is_physical_button_pressed() static int is_touch_button_pressed() { - return tsc_read_button(0) || tsc_read_button(1); + int is_pressed = (tsc_read_button(0) || tsc_read_button(1)); + if (is_pressed) + { + // delay for debounce, and longer than polling timer period. + delay(95); + return (tsc_read_button(0) || tsc_read_button(1)); + } + return is_pressed; } int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed; @@ -66,7 +73,7 @@ static void edge_detect_touch_button() uint8_t current_touch = 0; if (is_touch_button_pressed == IS_BUTTON_PRESSED) { - current_touch = IS_BUTTON_PRESSED(); + current_touch = (tsc_read_button(0) || tsc_read_button(1)); // 1 sample per 25 ms if ((millis() - __last_button_bounce_time) > 25) @@ -153,7 +160,6 @@ void device_set_status(uint32_t status) int device_is_button_pressed() { - return IS_BUTTON_PRESSED(); } From 8e192f236310330ed5b0d0278652cc03452491e2 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Aug 2019 14:31:03 +0800 Subject: [PATCH 43/79] do not delay bootloader --- targets/stm32l432/src/device.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 65bfdb4..e6f14e3 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -56,12 +56,14 @@ static int is_physical_button_pressed() static int is_touch_button_pressed() { int is_pressed = (tsc_read_button(0) || tsc_read_button(1)); +#ifndef IS_BOOTLOADER if (is_pressed) { // delay for debounce, and longer than polling timer period. delay(95); return (tsc_read_button(0) || tsc_read_button(1)); } +#endif return is_pressed; } From 41ceb78f6ca7aa13157d9e32f3602c075b3e97fe Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Aug 2019 14:48:21 +0800 Subject: [PATCH 44/79] add user presence to flags --- fido2/ctap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 8f49102..f721990 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -486,7 +486,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au device_set_status(CTAPHID_STATUS_PROCESSING); - authData->head.flags = (but << 0); + authData->head.flags = (1 << 0); // User presence authData->head.flags |= (ctap_is_pin_set() << 2); From 5d3914bc5e8c7326d7f0cdd2afd1c042a6f821d9 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Fri, 23 Aug 2019 14:36:15 +0300 Subject: [PATCH 45/79] remove delays --- targets/stm32l432/src/nfc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 73f1d3a..6a3cab3 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -802,7 +802,6 @@ void nfc_process_iblock(uint8_t * buf, int len) memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc); chain_buffer_len += apdu.lc; - delay(1); nfc_write_response(buf[0], SW_SUCCESS); printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len); return; @@ -810,7 +809,6 @@ void nfc_process_iblock(uint8_t * buf, int len) // if we have ISO 7816 APDU chain - move there all the data if (!chain_buffer_tx && chain_buffer_len > 0) { - delay(1); memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc); memmove(apdu.data, chain_buffer, chain_buffer_len); apdu.lc += chain_buffer_len; // here apdu struct does not match with memory! From bde4c09c21ad943bf20634455b90f6a29ab5e527 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 24 Aug 2019 15:06:16 +0800 Subject: [PATCH 46/79] CCID basics working --- targets/stm32l432/lib/usbd/usbd_ccid.c | 104 ++++++++----------------- targets/stm32l432/lib/usbd/usbd_ccid.h | 17 +++- targets/stm32l432/lib/usbd/usbd_conf.c | 21 ++--- 3 files changed, 62 insertions(+), 80 deletions(-) diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.c b/targets/stm32l432/lib/usbd/usbd_ccid.c index 2a81ef7..76b8b8e 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.c +++ b/targets/stm32l432/lib/usbd/usbd_ccid.c @@ -64,6 +64,8 @@ static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) USBD_LL_OpenEP(pdev, CCID_CMD_EP, USBD_EP_TYPE_INTR, CCID_DATA_PACKET_SIZE); pdev->ep_in[CCID_CMD_EP & 0xFU].is_used = 1U; + // dump_pma_header("ccid.c"); + static USBD_CCID_HandleTypeDef mem; pdev->pClassData = &mem; @@ -207,30 +209,8 @@ static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) } static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum) { - //N USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*)pdev->pClassData; - PCD_HandleTypeDef *hpcd = pdev->pData; - // if(pdev->pClassData != NULL) - // { - // if((pdev->ep_in[epnum].total_length > 0U) && ((pdev->ep_in[epnum].total_length % hpcd->IN_ep[epnum].maxpacket) == 0U)) - // { - // /* Update the packet total length */ - // pdev->ep_in[epnum].total_length = 0U; - - // /* Send ZLP */ - // USBD_LL_Transmit (pdev, epnum, NULL, 0U); - // } - // else - // { - // hcdc->TxState = 0U; - // } - // return USBD_OK; - // } - // else - // { - // return USBD_FAIL; - // } hcdc->TxState = 0U; return USBD_OK; } @@ -246,41 +226,39 @@ uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len) USBD_LL_Transmit(&Solo_USBD_Device, CCID_IN_EP, msg, len); - - // /* Update the packet total length */ - // Solo_USBD_Device.ep_in[CCID_CMD_EP & 0xFU].total_length = len; - - // /* Transmit next packet */ - // USBD_LL_Transmit(&Solo_USBD_Device, CCID_CMD_EP, msg, - // len); - + printf1(TAG_GREEN,"ccid<< "); + dump_hex1(TAG_GREEN, msg, len); return USBD_OK; } -#define CCID_HEADER_SIZE 10 -typedef struct -{ - uint8_t type; - uint32_t len; - uint8_t slot; - uint8_t seq; - uint8_t rsvd; - uint16_t param; -} __attribute__((packed)) CCID_HEADER; -void ccid_send_status(CCID_HEADER * c) + +void ccid_send_status(CCID_HEADER * c, uint8_t status) { uint8_t msg[CCID_HEADER_SIZE]; memset(msg,0,sizeof(msg)); msg[0] = CCID_SLOT_STATUS_RES; - msg[6] = 1; + msg[6] = c->seq; + msg[7] = status; USBD_CCID_TransmitPacket(msg, sizeof(msg)); } +void ccid_send_data_block(CCID_HEADER * c, uint8_t status) +{ + uint8_t msg[CCID_HEADER_SIZE]; + memset(msg,0,sizeof(msg)); + + msg[0] = CCID_DATA_BLOCK_RES; + msg[6] = c->seq; + msg[7] = status; + + USBD_CCID_TransmitPacket(msg, sizeof(msg)); + +} void handle_ccid(uint8_t * msg, int len) { @@ -288,15 +266,16 @@ void handle_ccid(uint8_t * msg, int len) switch(h->type) { case CCID_SLOT_STATUS: - ccid_send_status(h); + ccid_send_status(h, CCID_STATUS_ON); + break; + case CCID_POWER_ON: + ccid_send_data_block(h, CCID_STATUS_ON); + break; + case CCID_POWER_OFF: + ccid_send_status(h, CCID_STATUS_OFF); break; default: - // while(1) - // { - // led_rgb(0xff3520); - // } - //Y - ccid_send_status(h); + ccid_send_status(h, CCID_STATUS_ON); break; } } @@ -316,24 +295,15 @@ uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum) /* Get the received data length */ hcdc->RxLength = USBD_LL_GetRxDataSize (pdev, epnum); - /* USB data will be immediately processed, this allow next USB traffic being - NAKed till the end of the application Xfer */ - if(pdev->pClassData != NULL) - { - // printf1(TAG_GREEN,"ccid>> "); - // dump_hex1(TAG_GREEN, hcdc->RxBuffer, hcdc->RxLength); + printf1(TAG_GREEN, "ccid>> "); + dump_hex1(TAG_GREEN, ccidmsg_buf, hcdc->RxLength); - handle_ccid(hcdc->RxBuffer, hcdc->RxLength); + handle_ccid(ccidmsg_buf, hcdc->RxLength); - return USBD_OK; - } - else - { + USBD_LL_PrepareReceive(&Solo_USBD_Device, CCID_OUT_EP, ccidmsg_buf, + CCID_DATA_PACKET_SIZE); - while(1){ led_rgb(0xff3520); } - - return USBD_FAIL; - } + return USBD_OK; } @@ -345,11 +315,5 @@ uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum) */ static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev) { - USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData; - - // if((pdev->pUserData != NULL) && (hcdc->CmdOpCode != 0xFFU)) - // { - // hcdc->CmdOpCode = 0xFFU; - // } return USBD_OK; } diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.h b/targets/stm32l432/lib/usbd/usbd_ccid.h index 6535987..513c796 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.h +++ b/targets/stm32l432/lib/usbd/usbd_ccid.h @@ -3,7 +3,18 @@ #include "usbd_ioreq.h" -#define CCID_IN_EP 0x84U /* EP1 for data IN */ +#define CCID_HEADER_SIZE 10 +typedef struct +{ + uint8_t type; + uint32_t len; + uint8_t slot; + uint8_t seq; + uint8_t rsvd; + uint16_t param; +} __attribute__((packed)) CCID_HEADER; + +#define CCID_IN_EP 0x86U /* EP1 for data IN */ #define CCID_OUT_EP 0x04U /* EP1 for data OUT */ #define CCID_CMD_EP 0x85U /* EP2 for CDC commands */ @@ -17,6 +28,10 @@ #define CCID_GET_PARAMS 0x6C #define CCID_RESET_PARAMS 0x6D #define CCID_XFR_BLOCK 0x6F + +#define CCID_STATUS_ON 0x00 +#define CCID_STATUS_OFF 0x02 + #define CCID_DATA_BLOCK_RES 0x80 #define CCID_SLOT_STATUS_RES 0x81 #define CCID_PARAMS_RES 0x82 diff --git a/targets/stm32l432/lib/usbd/usbd_conf.c b/targets/stm32l432/lib/usbd/usbd_conf.c index 61bcecd..ad5b211 100644 --- a/targets/stm32l432/lib/usbd/usbd_conf.c +++ b/targets/stm32l432/lib/usbd/usbd_conf.c @@ -52,6 +52,7 @@ #include "usbd_hid.h" #include "usbd_cdc.h" #include "usbd_ccid.h" +#include "log.h" void SystemClock_Config(void); @@ -223,7 +224,6 @@ void HAL_PCD_DisconnectCallback(PCD_HandleTypeDef *hpcd) { USBD_LL_DevDisconnected((USBD_HandleTypeDef*)hpcd->pData); } - /** * @brief Initializes the low level portion of the device driver. * @param pdev: Device handle @@ -260,15 +260,17 @@ USBD_StatusTypeDef USBD_LL_Init(USBD_HandleTypeDef *pdev) HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPOUT_ADDR , PCD_SNG_BUF, 0x98); HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPIN_ADDR , PCD_SNG_BUF, 0xd8); - // CDC / uart - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_OUT_EP , PCD_SNG_BUF, 0xd8 + 64); // data OUT - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_IN_EP , PCD_SNG_BUF, 0xd8 + 64*2); // data IN - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*3); // commands - // CCID - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_OUT_EP , PCD_SNG_BUF, 0xd8 + 64*4); // data OUT - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_IN_EP , PCD_SNG_BUF, 0xd8 + 64*5); // data IN - HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*6); // commands + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_OUT_EP , PCD_SNG_BUF, 0xd8 + 64); // data OUT + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_IN_EP , PCD_SNG_BUF, 0xd8 + 64*2); // data IN + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*3); // commands + + // CDC / uart + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*4); // commands + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_OUT_EP , PCD_SNG_BUF, 0xd8 + 64*5); // data OUT + HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_IN_EP , PCD_SNG_BUF, 0xd8 + 64*6); // data IN + + // dump_pma_header("usbd_conf"); return USBD_OK; } @@ -319,6 +321,7 @@ USBD_StatusTypeDef USBD_LL_OpenEP(USBD_HandleTypeDef *pdev, uint8_t ep_type, uint16_t ep_mps) { + // printf1(TAG_RED,"LL_Open. ep: %x, %x\r\n", ep_addr, ep_type); HAL_PCD_EP_Open((PCD_HandleTypeDef*) pdev->pData, ep_addr, ep_mps, From ccd9a04146c5ebdc241e9ee3077597d62e07092b Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 24 Aug 2019 15:08:14 +0800 Subject: [PATCH 47/79] add ccid log tag --- fido2/log.c | 1 + fido2/log.h | 1 + fido2/main.c | 1 + targets/stm32l432/lib/usbd/usbd_ccid.c | 8 ++++---- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/fido2/log.c b/fido2/log.c index c4d874e..af2cd55 100644 --- a/fido2/log.c +++ b/fido2/log.c @@ -50,6 +50,7 @@ struct logtag tagtable[] = { {TAG_EXT,"EXT"}, {TAG_NFC,"NFC"}, {TAG_NFC_APDU, "NAPDU"}, + {TAG_CCID, "CCID"}, }; diff --git a/fido2/log.h b/fido2/log.h index d7190cf..17a2d6b 100644 --- a/fido2/log.h +++ b/fido2/log.h @@ -44,6 +44,7 @@ typedef enum TAG_EXT = (1 << 18), TAG_NFC = (1 << 19), TAG_NFC_APDU = (1 << 20), + TAG_CCID = (1 << 21), TAG_NO_TAG = (1UL << 30), TAG_FILENO = (1UL << 31) diff --git a/fido2/main.c b/fido2/main.c index f794375..a22d48c 100644 --- a/fido2/main.c +++ b/fido2/main.c @@ -46,6 +46,7 @@ int main(int argc, char *argv[]) TAG_GREEN| TAG_RED| TAG_EXT| + TAG_CCID| TAG_ERR ); diff --git a/targets/stm32l432/lib/usbd/usbd_ccid.c b/targets/stm32l432/lib/usbd/usbd_ccid.c index 76b8b8e..0a0a797 100644 --- a/targets/stm32l432/lib/usbd/usbd_ccid.c +++ b/targets/stm32l432/lib/usbd/usbd_ccid.c @@ -226,8 +226,8 @@ uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len) USBD_LL_Transmit(&Solo_USBD_Device, CCID_IN_EP, msg, len); - printf1(TAG_GREEN,"ccid<< "); - dump_hex1(TAG_GREEN, msg, len); + printf1(TAG_CCID,"<< "); + dump_hex1(TAG_CCID, msg, len); return USBD_OK; } @@ -295,8 +295,8 @@ uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum) /* Get the received data length */ hcdc->RxLength = USBD_LL_GetRxDataSize (pdev, epnum); - printf1(TAG_GREEN, "ccid>> "); - dump_hex1(TAG_GREEN, ccidmsg_buf, hcdc->RxLength); + printf1(TAG_CCID, ">> "); + dump_hex1(TAG_CCID, ccidmsg_buf, hcdc->RxLength); handle_ccid(ccidmsg_buf, hcdc->RxLength); From 3b4c154fd17607fc14ddb5ce7eb29773055a0379 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 24 Aug 2019 15:49:02 +0800 Subject: [PATCH 48/79] add enable macro for CCID interface --- targets/stm32l432/lib/usbd/usbd_composite.c | 60 ++++++++++++++------- targets/stm32l432/src/app.h | 4 ++ targets/stm32l432/src/init.c | 10 +--- 3 files changed, 46 insertions(+), 28 deletions(-) diff --git a/targets/stm32l432/lib/usbd/usbd_composite.c b/targets/stm32l432/lib/usbd/usbd_composite.c index 7d5fdb4..b1de7d2 100644 --- a/targets/stm32l432/lib/usbd/usbd_composite.c +++ b/targets/stm32l432/lib/usbd/usbd_composite.c @@ -4,6 +4,7 @@ #include "usbd_cdc.h" #include "usbd_ccid.h" #include "usbd_ctlreq.h" +#include "app.h" static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx); @@ -27,20 +28,29 @@ static uint8_t *USBD_Composite_GetOtherSpeedCfgDesc (uint16_t *length); static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length); +#ifdef ENABLE_CCID +#define CCID_SIZE 84 +#define CCID_NUM_INTERFACE 1 +#else +#define CCID_NUM_INTERFACE 0 +#define CCID_SIZE 0 +#endif + +#if DEBUG_LEVEL > 0 +#define CDC_SIZE (49 + 8 + 9 + 4) +#define CDC_NUM_INTERFACE 2 +#else +#define CDC_SIZE 0 +#define CDC_NUM_INTERFACE 0 +#endif + +#define HID_SIZE 41 + +#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (HID_SIZE + CDC_SIZE + CCID_SIZE) +#define NUM_INTERFACES (1 + CDC_NUM_INTERFACE + CCID_NUM_INTERFACE) #define NUM_CLASSES 3 -#if NUM_CLASSES>2 -#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 8+9 + 4 + 84) -#define NUM_INTERFACES 4 -#elif NUM_CLASSES>1 -#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 8+9 + 4) -#define NUM_INTERFACES 3 -#else -#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (41) -#define NUM_INTERFACES 1 -#endif - #define HID_INTF_NUM 0 #define CDC_MASTER_INTF_NUM 1 #define CDC_SLAVE_INTF_NUM 2 @@ -101,7 +111,7 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ 0x00, HID_BINTERVAL, /*bInterval: Polling Interval */ -#if NUM_INTERFACES > 2 +#if DEBUG_LEVEL > 0 /* */ /* CDC */ @@ -199,7 +209,7 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_ 0x04, #endif -#if NUM_INTERFACES>3 +#ifdef ENABLE_CCID /* CCID Interface Descriptor */ 9, /* bLength: Interface Descriptor size */ @@ -295,16 +305,21 @@ USBD_ClassTypeDef USBD_Composite = USBD_Composite_GetDeviceQualifierDescriptor, }; -static USBD_ClassTypeDef *USBD_Classes[MAX_CLASSES]; +static USBD_ClassTypeDef * USBD_Classes[MAX_CLASSES]; int in_endpoint_to_class[MAX_ENDPOINTS]; int out_endpoint_to_class[MAX_ENDPOINTS]; void USBD_Composite_Set_Classes(USBD_ClassTypeDef *hid_class, USBD_ClassTypeDef *ccid_class, USBD_ClassTypeDef *cdc_class) { + memset(USBD_Classes, 0 , sizeof(USBD_Classes)); USBD_Classes[0] = hid_class; +#ifdef ENABLE_CCID USBD_Classes[1] = ccid_class; +#endif +#if DEBUG_LEVEL > 0 USBD_Classes[2] = cdc_class; +#endif } static USBD_ClassTypeDef * getClass(uint8_t index) @@ -313,12 +328,15 @@ static USBD_ClassTypeDef * getClass(uint8_t index) { case HID_INTF_NUM: return USBD_Classes[0]; +#ifdef ENABLE_CCID case CCID_INTF_NUM: return USBD_Classes[1]; +#endif +#if DEBUG_LEVEL > 0 case CDC_MASTER_INTF_NUM: case CDC_SLAVE_INTF_NUM: return USBD_Classes[2]; - +#endif } return NULL; } @@ -326,7 +344,7 @@ static USBD_ClassTypeDef * getClass(uint8_t index) static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) { int i; for(i = 0; i < NUM_CLASSES; i++) { - if (USBD_Classes[i]->Init(pdev, cfgidx) != USBD_OK) { + if (USBD_Classes[i] != NULL && USBD_Classes[i]->Init(pdev, cfgidx) != USBD_OK) { return USBD_FAIL; } } @@ -337,7 +355,7 @@ static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) { static uint8_t USBD_Composite_DeInit (USBD_HandleTypeDef *pdev, uint8_t cfgidx) { int i; for(i = 0; i < NUM_CLASSES; i++) { - if (USBD_Classes[i]->DeInit(pdev, cfgidx) != USBD_OK) { + if (USBD_Classes[i] != NULL && USBD_Classes[i]->DeInit(pdev, cfgidx) != USBD_OK) { return USBD_FAIL; } } @@ -363,7 +381,7 @@ static uint8_t USBD_Composite_Setup (USBD_HandleTypeDef *pdev, USBD_SetupReqType case USB_REQ_GET_DESCRIPTOR : for(i = 0; i < NUM_CLASSES; i++) { - if (USBD_Classes[i]->Setup(pdev, req) != USBD_OK) { + if (USBD_Classes[i] != NULL && USBD_Classes[i]->Setup(pdev, req) != USBD_OK) { return USBD_FAIL; } } @@ -386,6 +404,8 @@ static uint8_t USBD_Composite_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum) { i = in_endpoint_to_class[epnum]; + if (USBD_Classes[i] == NULL) return USBD_FAIL; + return USBD_Classes[i]->DataIn(pdev, epnum); } @@ -394,6 +414,8 @@ static uint8_t USBD_Composite_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) i = out_endpoint_to_class[epnum]; + if (USBD_Classes[i] == NULL) return USBD_FAIL; + return USBD_Classes[i]->DataOut(pdev, epnum); } @@ -401,7 +423,7 @@ static uint8_t USBD_Composite_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum) static uint8_t USBD_Composite_EP0_RxReady (USBD_HandleTypeDef *pdev) { int i; for(i = 0; i < NUM_CLASSES; i++) { - if (USBD_Classes[i]->EP0_RxReady != NULL) { + if (USBD_Classes[i] != NULL && USBD_Classes[i]->EP0_RxReady != NULL) { if (USBD_Classes[i]->EP0_RxReady(pdev) != USBD_OK) { return USBD_FAIL; } diff --git a/targets/stm32l432/src/app.h b/targets/stm32l432/src/app.h index 308e5f6..fcd5629 100644 --- a/targets/stm32l432/src/app.h +++ b/targets/stm32l432/src/app.h @@ -12,9 +12,13 @@ #define DEBUG_UART USART1 #ifndef DEBUG_LEVEL +// Enable the CDC ACM USB interface & debug logs (DEBUG_LEVEL > 0) #define DEBUG_LEVEL 0 #endif +// Enable the CCID USB interface +// #define ENABLE_CCID + #define NON_BLOCK_PRINTING 0 diff --git a/targets/stm32l432/src/init.c b/targets/stm32l432/src/init.c index c57392c..a51e8b8 100644 --- a/targets/stm32l432/src/init.c +++ b/targets/stm32l432/src/init.c @@ -707,7 +707,6 @@ void init_usb() // Enable USB Clock SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_USBFSEN); -#if DEBUG_LEVEL > 0 USBD_Composite_Set_Classes(&USBD_HID, &USBD_CCID, &USBD_CDC); in_endpoint_to_class[HID_EPIN_ADDR & 0x7F] = 0; out_endpoint_to_class[HID_EPOUT_ADDR & 0x7F] = 0; @@ -720,17 +719,10 @@ void init_usb() USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0); USBD_RegisterClass(&Solo_USBD_Device, &USBD_Composite); - // USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID); - // - // USBD_RegisterClass(&Solo_USBD_Device, &USBD_CDC); +#if DEBUG_LEVEL > 0 USBD_CDC_RegisterInterface(&Solo_USBD_Device, &USBD_Interface_fops_FS); -#else - USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0); - USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID); #endif - //Y USBD_Start(&Solo_USBD_Device); - //Y } void init_pwm(void) From 3ba9b671fc1eec23547d5a4314513c7dc6886cd9 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 24 Aug 2019 16:01:44 +0800 Subject: [PATCH 49/79] dont use composit for bootloader --- targets/stm32l432/src/init.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/targets/stm32l432/src/init.c b/targets/stm32l432/src/init.c index a51e8b8..bdf42fa 100644 --- a/targets/stm32l432/src/init.c +++ b/targets/stm32l432/src/init.c @@ -706,7 +706,7 @@ void init_usb() // Enable USB Clock SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_USBFSEN); - +#ifndef IS_BOOTLOADER USBD_Composite_Set_Classes(&USBD_HID, &USBD_CCID, &USBD_CDC); in_endpoint_to_class[HID_EPIN_ADDR & 0x7F] = 0; out_endpoint_to_class[HID_EPOUT_ADDR & 0x7F] = 0; @@ -721,6 +721,10 @@ void init_usb() USBD_RegisterClass(&Solo_USBD_Device, &USBD_Composite); #if DEBUG_LEVEL > 0 USBD_CDC_RegisterInterface(&Solo_USBD_Device, &USBD_Interface_fops_FS); +#endif +#else + USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0); + USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID); #endif USBD_Start(&Solo_USBD_Device); } From 8bf1921263fedb173e333b8d41fee5fc484cf7bc Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 24 Aug 2019 16:20:52 +0800 Subject: [PATCH 50/79] dont reference not-enabled ccid --- targets/stm32l432/lib/usbd/usbd_conf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/targets/stm32l432/lib/usbd/usbd_conf.c b/targets/stm32l432/lib/usbd/usbd_conf.c index ad5b211..bd3c442 100644 --- a/targets/stm32l432/lib/usbd/usbd_conf.c +++ b/targets/stm32l432/lib/usbd/usbd_conf.c @@ -123,9 +123,11 @@ void HAL_PCD_DataOutStageCallback(PCD_HandleTypeDef *hpcd, uint8_t epnum) case HID_EPOUT_ADDR: usb_hid_recieve_callback(epnum); break; +#ifdef ENABLE_CCID case CCID_OUT_EP: usb_ccid_recieve_callback((USBD_HandleTypeDef*)hpcd->pData, epnum); break; +#endif } } From 83dd92d9ba46502e429c3ac031f829fcd329d5ab Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Thu, 29 Aug 2019 21:45:21 +0800 Subject: [PATCH 51/79] Update STABLE_VERSION --- STABLE_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/STABLE_VERSION b/STABLE_VERSION index 35cee72..73462a5 100644 --- a/STABLE_VERSION +++ b/STABLE_VERSION @@ -1 +1 @@ -2.4.3 +2.5.1 From 8b9e44c3ed791adea443d548ea915183e6c3f72a Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2019 20:44:39 +0000 Subject: [PATCH 52/79] docs: update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a86fb7b..a15a24c 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d f.m3hm00d
f.m3hm00d
📖 Richard Hughes
Richard Hughes
🤔 💻 🚇 🔧 Kim Schulz
Kim Schulz
💼 🤔 + Jakub
Jakub
🐛 @@ -168,7 +169,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE) -[![All Contributors](https://img.shields.io/badge/all_contributors-18-orange.svg?style=flat-square)](#contributors) +[![All Contributors](https://img.shields.io/badge/all_contributors-19-orange.svg?style=flat-square)](#contributors) [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo) [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com) [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public) From 689d4716888c4c9f65e562e2b7f7dc0edc986463 Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2019 20:44:40 +0000 Subject: [PATCH 53/79] docs: update .all-contributorsrc --- .all-contributorsrc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.all-contributorsrc b/.all-contributorsrc index 253fb36..16a5a37 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -178,6 +178,15 @@ "business", "ideas" ] + }, + { + "login": "oplik0", + "name": "Jakub", + "avatar_url": "https://avatars2.githubusercontent.com/u/25460763?v=4", + "profile": "https://github.com/oplik0", + "contributions": [ + "bug" + ] } ], "contributorsPerLine": 7, From 9041e5903c3b7a1c998b78dfa58ea9d09d137761 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 30 Aug 2019 14:34:57 +0800 Subject: [PATCH 54/79] return SW_WRONG_LENGTH for incorrect lc --- fido2/apdu.c | 18 ++++++++++++++++-- fido2/apdu.h | 2 +- targets/stm32l432/src/nfc.c | 5 +++-- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/fido2/apdu.c b/fido2/apdu.c index 3d5bf49..ef24a25 100644 --- a/fido2/apdu.c +++ b/fido2/apdu.c @@ -9,7 +9,7 @@ #include "apdu.h" -int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) +uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) { EXT_APDU_HEADER *hapdu = (EXT_APDU_HEADER *)data; @@ -62,6 +62,11 @@ int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) if (len >= 7 && b0 == 0) { uint16_t extlen = (hapdu->lc[1] << 8) + hapdu->lc[2]; + + if (len - 7 < extlen) + { + return SW_WRONG_LENGTH; + } // case 2E (Le) - extended if (len == 7) @@ -103,9 +108,18 @@ int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) apdu->le = 0x10000; } } + else + { + if ((len > 5) && (len - 5 < hapdu->lc[0])) + { + return SW_WRONG_LENGTH; + } + } if (!apdu->case_type) - return 1; + { + return SW_COND_USE_NOT_SATISFIED; + } if (apdu->lc) { diff --git a/fido2/apdu.h b/fido2/apdu.h index 420fea6..d361c94 100644 --- a/fido2/apdu.h +++ b/fido2/apdu.h @@ -36,7 +36,7 @@ typedef struct uint8_t case_type; } __attribute__((packed)) APDU_STRUCT; -extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu); +extern uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu); #define APDU_FIDO_U2F_REGISTER 0x01 #define APDU_FIDO_U2F_AUTHENTICATE 0x02 diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 6a3cab3..3a513e9 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -784,9 +784,10 @@ void nfc_process_iblock(uint8_t * buf, int len) } APDU_STRUCT apdu; - if (apdu_decode(buf + block_offset, len - block_offset, &apdu)) { + uint16_t ret = apdu_decode(buf + block_offset, len - block_offset, &apdu); + if (ret != 0) { printf1(TAG_NFC,"apdu decode error\r\n"); - nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED); + nfc_write_response(buf[0], ret); return; } printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n", From 1ce191343fe271180a4d3ea68ed5d4613eb147a8 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Fri, 30 Aug 2019 16:47:20 +0300 Subject: [PATCH 55/79] add checking some rare case in iso14443-4 chaining. add NAK checking and aborting the data sending. --- targets/stm32l432/src/nfc.c | 18 +++++++++++++++++- targets/stm32l432/src/nfc.h | 6 +++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 3a513e9..2250cff 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -228,6 +228,8 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) { uint8_t res[32] = {0}; res[0] = iBlock; + res[1] = 0; + res[2] = 0; if (len && data) memcpy(&res[block_offset], data, len); nfc_write_frame(res, len + block_offset); @@ -268,6 +270,19 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) printf1(TAG_NFC, "R block RX timeout %d/%d.\r\n",sendlen,len); break; } + + if (!IS_RBLOCK(recbuf[0])) + { + printf1(TAG_NFC, "R block RX error. Not a R block(0x%02x) %d/%d.\r\n", recbuf[0], sendlen, len); + break; + } + + // NAK check + if (recbuf[0] & NFC_CMD_RBLOCK_ACK) + { + printf1(TAG_NFC, "R block RX error. NAK received. %d/%d.\r\n", recbuf[0], sendlen, len); + break; + } uint8_t rblock_offset = p14443_block_offset(recbuf[0]); if (reclen != rblock_offset) @@ -466,7 +481,8 @@ void rblock_acknowledge(uint8_t req0, bool ack) NFC_STATE.block_num = !NFC_STATE.block_num; buf[0] = NFC_CMD_RBLOCK | (req0 & 0x0f); - if (ack) + // iso14443-4:2001 page 16. ACK, if bit is set to 0, NAK, if bit is set to 1 + if (!ack) buf[0] |= NFC_CMD_RBLOCK_ACK; nfc_write_frame(buf, block_offset); diff --git a/targets/stm32l432/src/nfc.h b/targets/stm32l432/src/nfc.h index f284a8e..96f7cab 100644 --- a/targets/stm32l432/src/nfc.h +++ b/targets/stm32l432/src/nfc.h @@ -34,9 +34,9 @@ typedef struct #define IS_PPSS_CMD(x) (((x) & 0xf0) == NFC_CMD_PPSS) #define NFC_CMD_IBLOCK 0x00 #define IS_IBLOCK(x) ( (((x) & 0xc0) == NFC_CMD_IBLOCK) && (((x) & 0x02) == 0x02) ) -#define NFC_CMD_RBLOCK 0x80 -#define NFC_CMD_RBLOCK_ACK 0x20 -#define IS_RBLOCK(x) ( (((x) & 0xc0) == NFC_CMD_RBLOCK) && (((x) & 0x02) == 0x02) ) +#define NFC_CMD_RBLOCK 0xa0 +#define NFC_CMD_RBLOCK_ACK 0x10 +#define IS_RBLOCK(x) ( (((x) & 0xe0) == NFC_CMD_RBLOCK) && (((x) & 0x02) == 0x02) ) #define NFC_CMD_SBLOCK 0xc0 #define IS_SBLOCK(x) ( (((x) & 0xc0) == NFC_CMD_SBLOCK) && (((x) & 0x02) == 0x02) ) From b871e10d083cb88d10db7b346c472e2d0ab35629 Mon Sep 17 00:00:00 2001 From: StoyanDimitrov Date: Mon, 2 Sep 2019 20:34:20 +0000 Subject: [PATCH 56/79] Highlight command and few file names --- docs/solo/customization.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/solo/customization.md b/docs/solo/customization.md index 601a576..4826c74 100644 --- a/docs/solo/customization.md +++ b/docs/solo/customization.md @@ -115,7 +115,7 @@ If the checks succeed, you are ready to program the device attestation key and c ### Programming an attestation key and certificate Convert the DER format of the device attestation certificate to "C" bytes using our utility script. You may first need to -first install prerequisite python modules (pip install -r tools/requirements.txt). +first install prerequisite python modules (`pip install -r tools/requirements.txt`). ``` python tools/gencert/cbytes.py device_cert.der @@ -123,7 +123,7 @@ python tools/gencert/cbytes.py device_cert.der Copy the byte string portion into the [`attestation.c` source file of Solo](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/attestation.c). Overwrite the development or "default" certificate that is already there. -Now [build the Solo firmware](/solo/building), either a secure or hacker build. You will need to produce a bootloader.hex file and a solo.hex file. +Now [build the Solo firmware](/solo/building), either a secure or hacker build. You will need to produce a `bootloader.hex` file and a `solo.hex` file. Print your attestation key in a hex string format. @@ -131,11 +131,11 @@ Print your attestation key in a hex string format. python tools/print_x_y.py device_key.pem ``` -Merge the bootloader.hex, solo.hex, and attestion key into one firmware file. +Merge the `bootloader.hex`, `solo.hex`, and attestion key into one firmware file. ``` solo mergehex --attestation-key bootloader.hex solo.hex all.hex ``` -Now you have a newly create `all.hex` file with a custom attestation key. You can [program this all.hex file -with Solo in DFU mode](/solo/programming#procedure). \ No newline at end of file +Now you have a newly create `all.hex` file with a custom attestation key. You can [program this `all.hex` file +with Solo in DFU mode](/solo/programming#procedure). From 2969d09ffa65e2d6a40583344d62f479605a6872 Mon Sep 17 00:00:00 2001 From: StoyanDimitrov Date: Mon, 2 Sep 2019 20:36:02 +0000 Subject: [PATCH 57/79] Typo --- docs/solo/solo-extras.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/solo/solo-extras.md b/docs/solo/solo-extras.md index 9a72a3f..a588384 100644 --- a/docs/solo/solo-extras.md +++ b/docs/solo/solo-extras.md @@ -3,10 +3,10 @@ ## Random number generation Solo contains a True Random Number Generator (TRNG). A TRNG is a hardware based mechanism -that leverages natural phenomenon to generate random numbers, which is can be better than a traditional +that leverages natural phenomenon to generate random numbers, which can be better than a traditional RNG that has state and updates deterministically using cryptographic methods. -You can easily access the TRNG stream on Solo using our python tool [solo-python](https://github.com/solokeys/solo-python). +You can easily access the TRNG stream on Solo using our python tool [`solo-python`](https://github.com/solokeys/solo-python). ``` solo key rng raw > random.bin From 75c75fa897c815e4ed63b8a8c42a404fcecb20bc Mon Sep 17 00:00:00 2001 From: StoyanDimitrov Date: Mon, 2 Sep 2019 20:41:42 +0000 Subject: [PATCH 58/79] Hilight file name --- docs/solo/solo-extras.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/solo/solo-extras.md b/docs/solo/solo-extras.md index a588384..43ba33c 100644 --- a/docs/solo/solo-extras.md +++ b/docs/solo/solo-extras.md @@ -12,7 +12,7 @@ You can easily access the TRNG stream on Solo using our python tool [`solo-pytho solo key rng raw > random.bin ``` -Or you can seed the state of the RNG on your kernel (/dev/random). +Or you can seed the state of the RNG on your kernel (`/dev/random`). ``` solo key rng feedkernel From 006117bb6b28cfe7bf0cd9cdf9a4c11804fa3832 Mon Sep 17 00:00:00 2001 From: StoyanDimitrov Date: Mon, 2 Sep 2019 20:56:55 +0000 Subject: [PATCH 59/79] Fix broken formating --- docs/solo/nucleo32-board.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/solo/nucleo32-board.md b/docs/solo/nucleo32-board.md index ac579d2..6872702 100644 --- a/docs/solo/nucleo32-board.md +++ b/docs/solo/nucleo32-board.md @@ -85,14 +85,13 @@ brew install arm-none-eabi-gcc ### Install flashing software ST provides a CLI flashing tool - `STM32_Programmer_CLI`. It can be downloaded directly from the vendor's site: -1\. Go to [download site URL](https://www.st.com/content/st_com/en/products/development-tools/software-development-tools/stm32-software-development-tools/stm32-programmers/stm32cubeprog.html), -go to bottom page and from STM32CubeProg row select Download button. -2\. Unzip contents of the archive. -3\. Run \*Linux setup -4\. In installation directory go to ./bin - there the ./STM32_Programmer_CLI is located -5\. Add symlink to the STM32 CLI binary to .local/bin. Make sure the latter it is in $PATH. +1. Go to [download site URL](https://www.st.com/content/st_com/en/products/development-tools/software-development-tools/stm32-software-development-tools/stm32-programmers/stm32cubeprog.html), go to bottom page and from STM32CubeProg row select Download button. +2. Unzip contents of the archive. +3. Run \*Linux setup +4. In installation directory go to `./bin` - there the `./STM32_Programmer_CLI` is located +5. Add symlink to the STM32 CLI binary to `.local/bin`. Make sure the latter it is in `$PATH`. -If you're on OsX and installed the STM32CubeProg, you need to add the following to your path: +If you're on MacOS X and installed the STM32CubeProg, you need to add the following to your path: ```bash # ~/.bash_profile From fc7ea68d4af1b078ee4e5fbde11de78c0b119773 Mon Sep 17 00:00:00 2001 From: Nicolas Stalder Date: Thu, 5 Sep 2019 00:30:59 +0200 Subject: [PATCH 60/79] Bump STABLE_VERSION to 2.5.2 --- STABLE_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/STABLE_VERSION b/STABLE_VERSION index 73462a5..f225a78 100644 --- a/STABLE_VERSION +++ b/STABLE_VERSION @@ -1 +1 @@ -2.5.1 +2.5.2 From 6652feb4a2eb9892c18a5eb61850d334c332a67f Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 2 Sep 2019 17:30:09 +0300 Subject: [PATCH 61/79] added CID transfer and NAK-ACK sequence --- targets/stm32l432/src/nfc.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 2250cff..90f00d7 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -18,6 +18,18 @@ static uint8_t chain_buffer[2048] = {0}; static size_t chain_buffer_len = 0; static bool chain_buffer_tx = false; +static uint8_t current_cid = 0; + +// forward declarations +void rblock_acknowledge(uint8_t req0, bool ack); + +uint8_t p14443_have_cid(uint8_t pcb) { + // CID + if (pcb & 0x08) + return true; + else + return false; +} uint8_t p14443_block_offset(uint8_t pcb) { uint8_t offset = 1; @@ -191,7 +203,7 @@ bool nfc_write_response_ex(uint8_t req0, uint8_t * data, uint8_t len, uint16_t r return false; res[0] = NFC_CMD_IBLOCK | (req0 & 0x0f); - res[1] = 0; + res[1] = current_cid; res[2] = 0; uint8_t block_offset = p14443_block_offset(req0); @@ -228,7 +240,7 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) { uint8_t res[32] = {0}; res[0] = iBlock; - res[1] = 0; + res[1] = current_cid; res[2] = 0; if (len && data) memcpy(&res[block_offset], data, len); @@ -239,7 +251,7 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) // transmit I block int vlen = MIN(32 - block_offset, len - sendlen); res[0] = iBlock; - res[1] = 0; + res[1] = current_cid; res[2] = 0; memcpy(&res[block_offset], &data[sendlen], vlen); @@ -280,6 +292,7 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len) // NAK check if (recbuf[0] & NFC_CMD_RBLOCK_ACK) { + rblock_acknowledge(recbuf[0], true); printf1(TAG_NFC, "R block RX error. NAK received. %d/%d.\r\n", recbuf[0], sendlen, len); break; } @@ -481,6 +494,7 @@ void rblock_acknowledge(uint8_t req0, bool ack) NFC_STATE.block_num = !NFC_STATE.block_num; buf[0] = NFC_CMD_RBLOCK | (req0 & 0x0f); + buf[1] = current_cid; // iso14443-4:2001 page 16. ACK, if bit is set to 0, NAK, if bit is set to 1 if (!ack) buf[0] |= NFC_CMD_RBLOCK_ACK; @@ -868,6 +882,8 @@ void nfc_process_block(uint8_t * buf, unsigned int len) else if (IS_IBLOCK(buf[0])) { uint8_t block_offset = p14443_block_offset(buf[0]); + if (p14443_have_cid(buf[0])) + current_cid = buf[1]; if (buf[0] & 0x10) { printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d offs=%d\r\n", ibuflen, len, block_offset); @@ -918,7 +934,9 @@ void nfc_process_block(uint8_t * buf, unsigned int len) } else if (IS_RBLOCK(buf[0])) { - rblock_acknowledge(buf[0], false); + if (p14443_have_cid(buf[0])) + current_cid = buf[1]; + rblock_acknowledge(buf[0], true); printf1(TAG_NFC, "NFC_CMD_RBLOCK\r\n"); } else if (IS_SBLOCK(buf[0])) @@ -927,7 +945,10 @@ void nfc_process_block(uint8_t * buf, unsigned int len) if ((buf[0] & NFC_SBLOCK_DESELECT) == 0) { printf1(TAG_NFC, "NFC_CMD_SBLOCK, DESELECTED\r\n"); - nfc_write_frame(buf, 1); + uint8_t block_offset = p14443_block_offset(buf[0]); + if (p14443_have_cid(buf[0])) + current_cid = buf[1]; + nfc_write_frame(buf, block_offset); ams_wait_for_tx(2); ams_write_command(AMS_CMD_SLEEP); nfc_state_init(); From f072561899c953d6515cf6880388ba70830e7a78 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Mon, 16 Sep 2019 15:33:38 +0800 Subject: [PATCH 62/79] properly check the rpId in request --- fido2/ctap.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index d19738e..2aa0ff0 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -670,7 +670,16 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d switch(desc->type) { case PUB_KEY_CRED_PUB_KEY: - make_auth_tag(desc->credential.id.rpIdHash, desc->credential.id.nonce, desc->credential.id.count, tag); + crypto_sha256_init(); + crypto_sha256_update(rp->id, rp->size); + crypto_sha256_final(rpIdHash); + + printf1(TAG_RED,"rpId: %s\r\n", rp->id); dump_hex1(TAG_RED,rp->id, rp->size); + if (memcmp(desc->credential.id.rpIdHash, rpIdHash, 32) != 0) + { + return 0; + } + make_auth_tag(rpIdHash, desc->credential.id.nonce, desc->credential.id.count, tag); return (memcmp(desc->credential.id.tag, tag, CREDENTIAL_TAG_SIZE) == 0); break; case PUB_KEY_CRED_CTAP1: From c61f15a0908326de35e4f4077ca5bb9e053165a5 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Mon, 16 Sep 2019 16:25:58 +0800 Subject: [PATCH 63/79] allow get_assertion with disabled UP --- fido2/ctap.c | 21 +++++++++++++++++---- fido2/device.h | 4 ++-- fido2/u2f.c | 4 ++-- pc/device.c | 10 +++++++--- targets/stm32l432/src/device.c | 14 ++++++++++---- targets/stm32l432/src/nfc.c | 4 ++-- 6 files changed, 40 insertions(+), 17 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 2aa0ff0..3a46a65 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -438,7 +438,11 @@ static int ctap2_user_presence_test() { device_set_status(CTAPHID_STATUS_UPNEEDED); int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS); - if ( ret > 0 ) + if ( ret > 1 ) + { + return CTAP2_ERR_PROCESSING; + } + else if ( ret > 0 ) { return CTAP1_ERR_SUCCESS; } @@ -482,11 +486,19 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au int but; but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS); - check_retr(but); + if (CTAP2_ERR_PROCESSING == but) + { + authData->head.flags = (0 << 0); // User presence disabled + } + else + { + check_retr(but); + authData->head.flags = (1 << 0); // User presence + } + device_set_status(CTAPHID_STATUS_PROCESSING); - authData->head.flags = (1 << 0); // User presence authData->head.flags |= (ctap_is_pin_set() << 2); @@ -1236,8 +1248,9 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) else #endif { - + device_disable_up(!GA.up); ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL); + device_disable_up(false); check_retr(ret); ((CTAP_authDataHeader *)auth_data_buf)->flags &= ~(1 << 2); diff --git a/fido2/device.h b/fido2/device.h index d440ca6..ea46123 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -53,7 +53,7 @@ void device_set_status(uint32_t status); int device_is_button_pressed(); // Test for user presence -// Return 1 for user is present, 0 user not present, -1 if cancel is requested. +// Return 2 for disabled, 1 for user is present, 0 user not present, -1 if cancel is requested. int ctap_user_presence_test(uint32_t delay); // Generate @num bytes of random numbers to @dest @@ -106,7 +106,7 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param); #define NFC_IS_AVAILABLE 2 int device_is_nfc(); -void request_from_nfc(bool request_active); +void device_disable_up(bool request_active); void device_init_button(); diff --git a/fido2/u2f.c b/fido2/u2f.c index 7999ab2..7d6384c 100644 --- a/fido2/u2f.c +++ b/fido2/u2f.c @@ -118,9 +118,9 @@ void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONS if (!header) return; - request_from_nfc(true); // disable presence test + device_disable_up(true); // disable presence test u2f_request_ex((APDU_HEADER *)header, data, datalen, resp); - request_from_nfc(false); // enable presence test + device_disable_up(false); // enable presence test } void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp) diff --git a/pc/device.c b/pc/device.c index e45adb3..ee6bae7 100644 --- a/pc/device.c +++ b/pc/device.c @@ -26,6 +26,7 @@ #define RK_NUM 50 bool use_udp = true; +static bool _up_disabled = false; struct ResidentKeyStore { CTAP_residentKey rks[RK_NUM]; @@ -299,6 +300,10 @@ void ctaphid_write_block(uint8_t * data) int ctap_user_presence_test(uint32_t d) { + if (_up_disabled) + { + return 2; + } return 1; } @@ -633,10 +638,9 @@ int device_is_nfc() return 0; } - -void request_from_nfc(bool request_active) +void device_disable_up(bool disable) { - + _up_disabled = disable; } void device_set_clock_rate(DEVICE_CLOCK_RATE param) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index e6f14e3..532c407 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -45,7 +45,7 @@ uint32_t __last_update = 0; extern PCD_HandleTypeDef hpcd; static int _NFC_status = 0; static bool isLowFreq = 0; -static bool _RequestComeFromNFC = false; +static bool _up_disabled = false; // #define IS_BUTTON_PRESSED() (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN)) static int is_physical_button_pressed() @@ -92,8 +92,8 @@ static void edge_detect_touch_button() } -void request_from_nfc(bool request_active) { - _RequestComeFromNFC = request_active; +void device_disable_up(bool disable) { + _up_disabled = disable; } // Timer6 overflow handler. happens every ~90ms. @@ -582,11 +582,17 @@ static int wait_for_button_release(uint32_t wait) int ctap_user_presence_test(uint32_t up_delay) { int ret; - if (device_is_nfc() == NFC_IS_ACTIVE || _RequestComeFromNFC) + + if (device_is_nfc() == NFC_IS_ACTIVE) { return 1; } + if (_up_disabled) + { + return 2; + } + #if SKIP_BUTTON_CHECK_WITH_DELAY int i=500; while(i--) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 90f00d7..9a69880 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -731,10 +731,10 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp()); // WTX_on(WTX_TIME_DEFAULT); - request_from_nfc(true); + device_disable_up(true); ctap_response_init(&ctap_resp); status = ctap_request(apdu->data, apdu->lc, &ctap_resp); - request_from_nfc(false); + device_disable_up(false); // if (!WTX_off()) // return; From 7a75fba6d3605ed59a038e8740dc9fe80e8577a5 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Mon, 16 Sep 2019 17:00:13 +0800 Subject: [PATCH 64/79] delete old code --- fido2/ctaphid.c | 149 +----------------------------------------------- 1 file changed, 1 insertion(+), 148 deletions(-) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index 6d247c7..4ba3f09 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -16,6 +16,7 @@ #include "util.h" #include "log.h" #include "extensions.h" +#include "version.h" // move custom SHA512 command out, // and the following headers too @@ -729,155 +730,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) is_busy = 0; break; #endif -#if defined(SOLO_HACKER) && (DEBUG_LEVEL > 0) && (!IS_BOOTLOADER == 1) - case CTAPHID_PROBE: - /* - * Expects CBOR-serialized data of the form - * {"subcommand": "hash_type", "data": b"the_data"} - * with hash_type in SHA256, SHA512 - */ - - // some random logging - printf1(TAG_HID,"CTAPHID_PROBE\n"); - // initialise CTAP response object - ctap_response_init(&ctap_resp); - // initialise write buffer - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_PROBE; - - // prepare parsing (or halt) - int ret; - CborParser parser; - CborValue it, map; - ret = cbor_parser_init( - ctap_buffer, (size_t) buffer_len(), - // strictly speaking, CTAP is not RFC canonical... - CborValidateCanonicalFormat, - &parser, &it); - check_hardcore(ret); - - CborType type = cbor_value_get_type(&it); - if (type != CborMapType) exit(1); - - ret = cbor_value_enter_container(&it,&map); - check_hardcore(ret); - - size_t map_length = 0; - ret = cbor_value_get_map_length(&it, &map_length); - if (map_length != 2) exit(1); - - // parse subcommand (or halt) - CborValue val; - ret = cbor_value_map_find_value(&it, "subcommand", &val); - check_hardcore(ret); - if (!cbor_value_is_text_string(&val)) - exit(1); - - int sha_version = 0; - bool found = false; - if (!found) { - ret = cbor_value_text_string_equals( - &val, "SHA256", &found); - check_hardcore(ret); - if (found) - sha_version = 256; - } - if (!found) { - ret = cbor_value_text_string_equals( - &val, "SHA512", &found); - check_hardcore(ret); - if (found) - sha_version = 512; - } - if (sha_version == 0) - exit(1); - - // parse data (or halt) - ret = cbor_value_map_find_value(&it, "data", &val); - check_hardcore(ret); - if (!cbor_value_is_byte_string(&val)) - exit(1); - - size_t data_length = 0; - ret = cbor_value_calculate_string_length(&val, &data_length); - check_hardcore(ret); - if (data_length > 6*1024) - exit(1); - - unsigned char data[6*1024]; - ret = cbor_value_copy_byte_string ( - &val, &data[0], &data_length, &val); - check_hardcore(ret); - - // execute subcommand - if (sha_version == 256) { - // calculate hash - crypto_sha256_init(); - crypto_sha256_update(data, data_length); - crypto_sha256_final(ctap_buffer); - // write output - wb.bcnt = CF_SHA256_HASHSZ; // 32 bytes - ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ); - } - - if (sha_version == 512) { - // calculate hash - crypto_sha512_init(); - crypto_sha512_update(data, data_length); - crypto_sha512_final(ctap_buffer); - // write output - wb.bcnt = CF_SHA512_HASHSZ; // 64 bytes - ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ); - } - - // finalize - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; - - /* - case CTAPHID_SHA256: - // some random logging - printf1(TAG_HID,"CTAPHID_SHA256\n"); - // initialise CTAP response object - ctap_response_init(&ctap_resp); - // initialise write buffer - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_SHA256; - wb.bcnt = CF_SHA256_HASHSZ; // 32 bytes - // calculate hash - crypto_sha256_init(); - crypto_sha256_update(ctap_buffer, buffer_len()); - crypto_sha256_final(ctap_buffer); - // copy to output - ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ); - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; - case CTAPHID_SHA512: - // some random logging - printf1(TAG_HID,"CTAPHID_SHA512\n"); - // initialise CTAP response object - ctap_response_init(&ctap_resp); - // initialise write buffer - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_SHA512; - wb.bcnt = CF_SHA512_HASHSZ; // 64 bytes - // calculate hash - crypto_sha512_init(); - crypto_sha512_update(ctap_buffer, buffer_len()); - crypto_sha512_final(ctap_buffer); - // copy to output - ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ); - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; - */ -#endif default: printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND); From 018a4d394cd84c65b0a70e615ff53bfedff2c644 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Mon, 16 Sep 2019 17:00:30 +0800 Subject: [PATCH 65/79] add get_version command to hid --- fido2/ctaphid.c | 15 +++++++++++++++ fido2/ctaphid.h | 1 + 2 files changed, 16 insertions(+) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index 4ba3f09..3e34516 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -729,6 +729,21 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctaphid_write(&wb, NULL, 0); is_busy = 0; break; + + case CTAPHID_GETVERSION: + printf1(TAG_HID,"CTAPHID_GETVERSION\n"); + ctap_response_init(&ctap_resp); + ctaphid_write_buffer_init(&wb); + wb.cid = cid; + wb.cmd = CTAPHID_GETVERSION; + wb.bcnt = 3; + ctap_buffer[0] = SOLO_VERSION_MAJ; + ctap_buffer[1] = SOLO_VERSION_MIN; + ctap_buffer[2] = SOLO_VERSION_PATCH; + ctaphid_write(&wb, &ctap_buffer, 3); + ctaphid_write(&wb, NULL, 0); + is_busy = 0; + break; #endif default: diff --git a/fido2/ctaphid.h b/fido2/ctaphid.h index 135260b..dbde70d 100644 --- a/fido2/ctaphid.h +++ b/fido2/ctaphid.h @@ -28,6 +28,7 @@ #define CTAPHID_ENTERBOOT (TYPE_INIT | 0x51) #define CTAPHID_ENTERSTBOOT (TYPE_INIT | 0x52) #define CTAPHID_GETRNG (TYPE_INIT | 0x60) +#define CTAPHID_GETVERSION (TYPE_INIT | 0x61) // reserved for debug, not implemented except for HACKER and DEBUG_LEVEl > 0 #define CTAPHID_PROBE (TYPE_INIT | 0x70) From 01b928c0ec891909a05cdf7d86262a90a6b4e72a Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Mon, 16 Sep 2019 17:12:09 +0800 Subject: [PATCH 66/79] allow in bootloader as well --- fido2/ctaphid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index 3e34516..de96cab 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -729,6 +729,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctaphid_write(&wb, NULL, 0); is_busy = 0; break; +#endif case CTAPHID_GETVERSION: printf1(TAG_HID,"CTAPHID_GETVERSION\n"); @@ -744,7 +745,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctaphid_write(&wb, NULL, 0); is_busy = 0; break; -#endif default: printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); From 8c256298ae90848d565e4b6b9d441a2b63d6927a Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 17 Sep 2019 00:06:45 +0800 Subject: [PATCH 67/79] default up to enabled --- fido2/ctap.c | 4 ++-- fido2/ctap_parse.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 3a46a65..05770c3 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -755,7 +755,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt } } - if (MC.up) + if (MC.up == 1 || MC.up == 0) { return CTAP2_ERR_INVALID_OPTION; } @@ -1248,7 +1248,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) else #endif { - device_disable_up(!GA.up); + device_disable_up(GA.up == 0); ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL); device_disable_up(false); check_retr(ret); diff --git a/fido2/ctap_parse.c b/fido2/ctap_parse.c index 0825bba..9c155d2 100644 --- a/fido2/ctap_parse.c +++ b/fido2/ctap_parse.c @@ -715,6 +715,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod CborValue it,map; memset(MC, 0, sizeof(CTAP_makeCredential)); + MC->up = 0xff; ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it); check_retr(ret); @@ -1010,6 +1011,7 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int memset(GA, 0, sizeof(CTAP_getAssertion)); GA->creds = getAssertionState.creds; // Save stack memory + GA->up = 0xff; ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it); check_ret(ret); From a1a42fec5ca3ac8e59c6bcfebd69e2b056c726c7 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 17 Sep 2019 17:22:15 +0800 Subject: [PATCH 68/79] Bump stable version to 2.5.3 --- STABLE_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/STABLE_VERSION b/STABLE_VERSION index f225a78..aedc15b 100644 --- a/STABLE_VERSION +++ b/STABLE_VERSION @@ -1 +1 @@ -2.5.2 +2.5.3 From 45293fe998ed51d64b6567dd118153bd85851110 Mon Sep 17 00:00:00 2001 From: My1 Date: Thu, 26 Sep 2019 16:11:40 +0200 Subject: [PATCH 69/79] clone using https instead not everyone has a github account, wants one or wants to setup ssh keys. --- docs/solo/udev.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/solo/udev.md b/docs/solo/udev.md index 8a8b205..dcada7a 100644 --- a/docs/solo/udev.md +++ b/docs/solo/udev.md @@ -18,7 +18,7 @@ Further progress is tracked in: . If you still need to setup a rule, a simple way to do it is: ``` -git clone git@github.com:solokeys/solo.git +git clone https://github.com/solokeys/solo.git cd solo/udev make setup ``` From 5168afa16e12050808260eb8e60452281235f5db Mon Sep 17 00:00:00 2001 From: Jan A Date: Mon, 30 Sep 2019 19:01:10 +0200 Subject: [PATCH 70/79] Code cosmetics, added missing void statement to empty parameter of functions --- targets/stm32l432/src/ams.c | 14 +++++---- targets/stm32l432/src/ams.h | 4 +-- targets/stm32l432/src/crypto.c | 14 +++++---- targets/stm32l432/src/device.c | 52 ++++++++++++++++++---------------- targets/stm32l432/src/flash.c | 4 +-- targets/stm32l432/src/init.c | 2 +- targets/stm32l432/src/init.h | 2 +- targets/stm32l432/src/main.c | 3 +- targets/stm32l432/src/nfc.c | 10 +++---- targets/stm32l432/src/nfc.h | 6 ++-- targets/stm32l432/src/sense.c | 8 +++--- targets/stm32l432/src/sense.h | 4 +-- 12 files changed, 67 insertions(+), 56 deletions(-) diff --git a/targets/stm32l432/src/ams.c b/targets/stm32l432/src/ams.c index 9212d53..5b2b7f7 100644 --- a/targets/stm32l432/src/ams.c +++ b/targets/stm32l432/src/ams.c @@ -8,21 +8,25 @@ #include "device.h" #include "nfc.h" -static void flush_rx() +static void flush_rx(void) { while(LL_SPI_IsActiveFlag_RXNE(SPI1) != 0) { LL_SPI_ReceiveData8(SPI1); } } -static void wait_for_tx() + + +static void wait_for_tx(void) { // while (LL_SPI_IsActiveFlag_BSY(SPI1) == 1) // ; while(LL_SPI_GetTxFIFOLevel(SPI1) != LL_SPI_TX_FIFO_EMPTY) ; } -static void wait_for_rx() + + +static void wait_for_rx(void) { while(LL_SPI_IsActiveFlag_RXNE(SPI1) == 0) ; @@ -270,7 +274,7 @@ void ams_print_int1(uint8_t int0) #endif } -int ams_init() +int ams_init(void) { LL_GPIO_SetPinMode(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN,LL_GPIO_MODE_OUTPUT); LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN); @@ -292,7 +296,7 @@ int ams_init() return 0; } -void ams_configure() +void ams_configure(void) { // Should not be used during passive operation. uint8_t block[4]; diff --git a/targets/stm32l432/src/ams.h b/targets/stm32l432/src/ams.h index 8828eaa..e818877 100644 --- a/targets/stm32l432/src/ams.h +++ b/targets/stm32l432/src/ams.h @@ -39,8 +39,8 @@ typedef union #define SELECT() LL_GPIO_ResetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN) #define UNSELECT() LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN) -int ams_init(); -void ams_configure(); +int ams_init(void); +void ams_configure(void); void ams_read_buffer(uint8_t * data, int len); void ams_write_buffer(uint8_t * data, int len); diff --git a/targets/stm32l432/src/crypto.c b/targets/stm32l432/src/crypto.c index 1dde2f3..69ab4ec 100644 --- a/targets/stm32l432/src/crypto.c +++ b/targets/stm32l432/src/crypto.c @@ -61,12 +61,13 @@ static uint8_t master_secret[64]; static uint8_t transport_secret[32]; -void crypto_sha256_init() +void crypto_sha256_init(void) { sha256_init(&sha256_ctx); } -void crypto_sha512_init() { +void crypto_sha512_init(void) +{ cf_sha512_init(&sha512_ctx); } @@ -79,7 +80,7 @@ void crypto_load_master_secret(uint8_t * key) memmove(transport_secret, key+64, 32); } -void crypto_reset_master_secret() +void crypto_reset_master_secret(void) { memset(master_secret, 0, 64); memset(transport_secret, 0, 32); @@ -107,7 +108,8 @@ void crypto_sha256_final(uint8_t * hash) sha256_final(&sha256_ctx, hash); } -void crypto_sha512_final(uint8_t * hash) { +void crypto_sha512_final(uint8_t * hash) +{ // NB: there is also cf_sha512_digest cf_sha512_digest_final(&sha512_ctx, hash); } @@ -183,14 +185,14 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac) } -void crypto_ecc256_init() +void crypto_ecc256_init(void) { uECC_set_rng((uECC_RNG_Function)ctap_generate_rng); _es256_curve = uECC_secp256r1(); } -void crypto_ecc256_load_attestation_key() +void crypto_ecc256_load_attestation_key(void) { static uint8_t _key [32]; memmove(_key, (uint8_t*)ATTESTATION_KEY_ADDR, 32); diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 532c407..b761801 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -34,7 +34,7 @@ #define LOW_FREQUENCY 1 #define HIGH_FREQUENCY 0 -void wait_for_usb_tether(); +void wait_for_usb_tether(void); uint32_t __90_ms = 0; @@ -48,12 +48,12 @@ static bool isLowFreq = 0; static bool _up_disabled = false; // #define IS_BUTTON_PRESSED() (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN)) -static int is_physical_button_pressed() +static int is_physical_button_pressed(void) { return (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN)); } -static int is_touch_button_pressed() +static int is_touch_button_pressed(void) { int is_pressed = (tsc_read_button(0) || tsc_read_button(1)); #ifndef IS_BOOTLOADER @@ -69,7 +69,7 @@ static int is_touch_button_pressed() int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed; -static void edge_detect_touch_button() +static void edge_detect_touch_button(void) { static uint8_t last_touch = 0; uint8_t current_touch = 0; @@ -92,12 +92,13 @@ static void edge_detect_touch_button() } -void device_disable_up(bool disable) { +void device_disable_up(bool disable) +{ _up_disabled = disable; } // Timer6 overflow handler. happens every ~90ms. -void TIM6_DAC_IRQHandler() +void TIM6_DAC_IRQHandler(void) { // timer is only 16 bits, so roll it over here TIM6->SR = 0; @@ -142,7 +143,7 @@ void USB_IRQHandler(void) HAL_PCD_IRQHandler(&hpcd); } -uint32_t millis() +uint32_t millis(void) { return (((uint32_t)TIM6->CNT) + (__90_ms * 90)); } @@ -160,7 +161,7 @@ void device_set_status(uint32_t status) __device_status = status; } -int device_is_button_pressed() +int device_is_button_pressed(void) { return IS_BUTTON_PRESSED(); } @@ -171,12 +172,13 @@ void delay(uint32_t ms) while ((millis() - time) < ms) ; } -void device_reboot() + +void device_reboot(void) { NVIC_SystemReset(); } -void device_init_button() +void device_init_button(void) { if (tsc_sensor_exists()) { @@ -226,12 +228,12 @@ void device_init(int argc, char *argv[]) } -int device_is_nfc() +int device_is_nfc(void) { return _NFC_status; } -void wait_for_usb_tether() +void wait_for_usb_tether(void) { while (USBD_OK != CDC_Transmit_FS((uint8_t*)"tethered\r\n", 10) ) ; @@ -242,7 +244,7 @@ void wait_for_usb_tether() ; } -void usbhid_init() +void usbhid_init(void) { if (!isLowFreq) { @@ -292,12 +294,12 @@ void ctaphid_write_block(uint8_t * data) } -void usbhid_close() +void usbhid_close(void) { } -void main_loop_delay() +void main_loop_delay(void) { } @@ -307,13 +309,14 @@ static uint32_t winkt1 = 0; #ifdef LED_WINK_VALUE static uint32_t winkt2 = 0; #endif -void device_wink() + +void device_wink(void) { wink_time = 10; winkt1 = 0; } -void heartbeat() +void heartbeat(void) { static int state = 0; static uint32_t val = (LED_MAX_SCALER - LED_MIN_SCALER)/2; @@ -382,7 +385,7 @@ void authenticator_read_backup_state(AuthenticatorState * a) } // Return 1 yes backup is init'd, else 0 -int authenticator_is_backup_initialized() +int authenticator_is_backup_initialized(void) { uint8_t header[16]; uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE); @@ -499,7 +502,7 @@ uint32_t ctap_atomic_count(int sel) -void device_manage() +void device_manage(void) { #if NON_BLOCK_PRINTING int i = 10; @@ -525,7 +528,7 @@ void device_manage() #endif } -static int handle_packets() +static int handle_packets(void) { static uint8_t hidmsg[HID_PACKET_SIZE]; memset(hidmsg,0, sizeof(hidmsg)); @@ -561,6 +564,7 @@ static int wait_for_button_activate(uint32_t wait) } while (!IS_BUTTON_PRESSED()); return 0; } + static int wait_for_button_release(uint32_t wait) { int ret; @@ -654,7 +658,7 @@ int ctap_user_verification(uint8_t arg) return 1; } -void ctap_reset_rk() +void ctap_reset_rk(void) { int i; printf1(TAG_GREEN, "resetting RK \r\n"); @@ -664,7 +668,7 @@ void ctap_reset_rk() } } -uint32_t ctap_rk_size() +uint32_t ctap_rk_size(void) { return RK_NUM_PAGES * (PAGE_SIZE / sizeof(CTAP_residentKey)); } @@ -726,7 +730,7 @@ void ctap_overwrite_rk(int index,CTAP_residentKey * rk) } } -void boot_st_bootloader() +void boot_st_bootloader(void) { __disable_irq(); @@ -738,7 +742,7 @@ void boot_st_bootloader() ; } -void boot_solo_bootloader() +void boot_solo_bootloader(void) { LL_IWDG_Enable(IWDG); diff --git a/targets/stm32l432/src/flash.c b/targets/stm32l432/src/flash.c index c37439d..0dec23d 100644 --- a/targets/stm32l432/src/flash.c +++ b/targets/stm32l432/src/flash.c @@ -14,12 +14,12 @@ #include "log.h" #include "device.h" -static void flash_lock() +static void flash_lock(void) { FLASH->CR |= (1U<<31); } -static void flash_unlock() +static void flash_unlock(void) { if (FLASH->CR & FLASH_CR_LOCK) { diff --git a/targets/stm32l432/src/init.c b/targets/stm32l432/src/init.c index bdf42fa..2f90f72 100644 --- a/targets/stm32l432/src/init.c +++ b/targets/stm32l432/src/init.c @@ -699,7 +699,7 @@ void SystemClock_Config_LF20(void) SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN); } -void init_usb() +void init_usb(void) { // enable USB power SET_BIT(PWR->CR2, PWR_CR2_USV); diff --git a/targets/stm32l432/src/init.h b/targets/stm32l432/src/init.h index 729e898..6c11633 100644 --- a/targets/stm32l432/src/init.h +++ b/targets/stm32l432/src/init.h @@ -22,7 +22,7 @@ #ifndef _INIT_H_ #define _INIT_H_ -void init_usb(); +void init_usb(void); void init_gpio(void); void init_debug_uart(void); void init_pwm(void); diff --git a/targets/stm32l432/src/main.c b/targets/stm32l432/src/main.c index 76b5632..43c9b8d 100644 --- a/targets/stm32l432/src/main.c +++ b/targets/stm32l432/src/main.c @@ -57,10 +57,11 @@ void TIM6_DAC_IRQHandler() __90_ms += 1; } -uint32_t millis() +uint32_t millis(void) { return (((uint32_t)TIM6->CNT) + (__90_ms * 90)); } + void _Error_Handler(char *file, int line) { while(1) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 9a69880..acec3d3 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -359,7 +359,7 @@ static uint32_t WTX_timer; bool WTX_process(int read_timeout); -void WTX_clear() +void WTX_clear(void) { WTX_sent = false; WTX_fail = false; @@ -374,7 +374,7 @@ bool WTX_on(int WTX_time) return true; } -bool WTX_off() +bool WTX_off(void) { WTX_timer = 0; @@ -398,7 +398,7 @@ bool WTX_off() return true; } -void WTX_timer_exec() +void WTX_timer_exec(void) { // condition: (timer on) or (not expired[300ms]) if ((WTX_timer == 0) || WTX_timer + 300 > millis()) @@ -856,7 +856,7 @@ void nfc_process_iblock(uint8_t * buf, int len) static uint8_t ibuf[1024]; static int ibuflen = 0; -void clear_ibuf() +void clear_ibuf(void) { ibuflen = 0; memset(ibuf, 0, sizeof(ibuf)); @@ -969,7 +969,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len) } } -int nfc_loop() +int nfc_loop(void) { uint8_t buf[32]; AMS_DEVICE ams; diff --git a/targets/stm32l432/src/nfc.h b/targets/stm32l432/src/nfc.h index 96f7cab..bdfe9e7 100644 --- a/targets/stm32l432/src/nfc.h +++ b/targets/stm32l432/src/nfc.h @@ -6,9 +6,9 @@ #include "apdu.h" // Return number of bytes read if any. -int nfc_loop(); +int nfc_loop(void); -int nfc_init(); +int nfc_init(void); typedef struct { @@ -61,6 +61,6 @@ typedef enum APP_FIDO, } APPLETS; -void WTX_timer_exec(); +void WTX_timer_exec(void); #endif diff --git a/targets/stm32l432/src/sense.c b/targets/stm32l432/src/sense.c index 7e898ae..37a1656 100644 --- a/targets/stm32l432/src/sense.c +++ b/targets/stm32l432/src/sense.c @@ -8,7 +8,7 @@ #define ELECTRODE_0 TSC_GROUP2_IO1 #define ELECTRODE_1 TSC_GROUP2_IO2 -void tsc_init() +void tsc_init(void) { LL_GPIO_InitTypeDef GPIO_InitStruct; // Enable TSC clock @@ -74,7 +74,7 @@ void tsc_set_electrode(uint32_t channel_ids) TSC->IOCCR = (channel_ids); } -void tsc_start_acq() +void tsc_start_acq(void) { TSC->CR &= ~(TSC_CR_START); @@ -86,7 +86,7 @@ void tsc_start_acq() TSC->CR |= TSC_CR_START; } -void tsc_wait_on_acq() +void tsc_wait_on_acq(void) { while ( ! (TSC->ISR & TSC_FLAG_EOA) ) ; @@ -117,7 +117,7 @@ uint32_t tsc_read_button(uint32_t index) return tsc_read(1) < 45; } -int tsc_sensor_exists() +int tsc_sensor_exists(void) { static uint8_t does = 0; if (does) return 1; diff --git a/targets/stm32l432/src/sense.h b/targets/stm32l432/src/sense.h index cbf85f3..c8f7434 100644 --- a/targets/stm32l432/src/sense.h +++ b/targets/stm32l432/src/sense.h @@ -3,9 +3,9 @@ #include -void tsc_init(); +void tsc_init(void); -int tsc_sensor_exists(); +int tsc_sensor_exists(void); // Read button0 or button1 // Returns 1 if pressed, 0 if not. From 811a57f7abb632317351ce94c8043d80f4aac850 Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2019 17:24:29 +0000 Subject: [PATCH 71/79] docs: update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a15a24c..d8c6f84 100644 --- a/README.md +++ b/README.md @@ -136,6 +136,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d Richard Hughes
Richard Hughes
🤔 💻 🚇 🔧 Kim Schulz
Kim Schulz
💼 🤔 Jakub
Jakub
🐛 + Jan A.
Jan A.
💻 📖 @@ -169,7 +170,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE) -[![All Contributors](https://img.shields.io/badge/all_contributors-19-orange.svg?style=flat-square)](#contributors) +[![All Contributors](https://img.shields.io/badge/all_contributors-20-orange.svg?style=flat-square)](#contributors) [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo) [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com) [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public) From 7bcb7ea84071747e8874d6ef80ec0eaed430218d Mon Sep 17 00:00:00 2001 From: "allcontributors[bot]" <46447321+allcontributors[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2019 17:24:30 +0000 Subject: [PATCH 72/79] docs: update .all-contributorsrc --- .all-contributorsrc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.all-contributorsrc b/.all-contributorsrc index 16a5a37..446bca1 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -187,6 +187,16 @@ "contributions": [ "bug" ] + }, + { + "login": "jolo1581", + "name": "Jan A.", + "avatar_url": "https://avatars1.githubusercontent.com/u/53423977?v=4", + "profile": "https://github.com/jolo1581", + "contributions": [ + "code", + "doc" + ] } ], "contributorsPerLine": 7, From 0ebe0ff5024e5fb504e7c9c5023f12c6dca0a7e9 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:34:15 -0400 Subject: [PATCH 73/79] add ctap function to overwrite key bytes --- fido2/ctap.c | 11 +++++++++++ fido2/ctap.h | 2 ++ 2 files changed, 13 insertions(+) diff --git a/fido2/ctap.c b/fido2/ctap.c index 05770c3..fa3e1e0 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1761,7 +1761,18 @@ static void ctap_state_init() printf1(TAG_STOR, "Generated PIN SALT: "); dump_hex1(TAG_STOR, STATE.PIN_SALT, sizeof STATE.PIN_SALT); +} +/** Overwrite master secret from external source. + * @param keybytes an array of KEY_SPACE_BYTES length. + * + * This function should only be called from a privilege mode. +*/ +void ctap_load_external_keys(uint8_t * keybytes){ + memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES); + authenticator_write_state(&STATE, 0); + authenticator_write_state(&STATE, 1); + crypto_load_master_secret(STATE.key_space); } void ctap_init() diff --git a/fido2/ctap.h b/fido2/ctap.h index 015b6be..c12c5b9 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -361,4 +361,6 @@ extern uint8_t KEY_AGREEMENT_PUB[64]; void lock_device_permanently(); +void ctap_load_external_keys(uint8_t * keybytes); + #endif From 8e0eda8ed4de4c4ea5fa096144f5a18dd413f545 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:34:58 -0400 Subject: [PATCH 74/79] refactor custom commands and add LOADKEY --- fido2/ctaphid.c | 200 ++++++++++++++++++++++++++++++++---------------- fido2/ctaphid.h | 1 + 2 files changed, 133 insertions(+), 68 deletions(-) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index de96cab..68e6f1d 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -539,6 +539,9 @@ extern void _check_ret(CborError ret, int line, const char * filename); #define check_hardcore(r) _check_ret(r,__LINE__, __FILE__);\ if ((r) != CborNoError) exit(1); + +uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb); + uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) { uint8_t cmd; @@ -680,76 +683,14 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) printf1(TAG_HID,"CTAPHID_CANCEL\n"); is_busy = 0; break; -#if defined(IS_BOOTLOADER) - case CTAPHID_BOOT: - printf1(TAG_HID,"CTAPHID_BOOT\n"); - ctap_response_init(&ctap_resp); - u2f_set_writeback_buffer(&ctap_resp); - is_busy = bootloader_bridge(len, ctap_buffer); - - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_BOOT; - wb.bcnt = (ctap_resp.length + 1); - ctaphid_write(&wb, &is_busy, 1); - ctaphid_write(&wb, ctap_resp.data, ctap_resp.length); - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; -#endif -#if defined(SOLO_HACKER) - case CTAPHID_ENTERBOOT: - printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); - boot_solo_bootloader(); - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_ENTERBOOT; - wb.bcnt = 0; - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; - case CTAPHID_ENTERSTBOOT: - printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); - boot_st_bootloader(); - break; -#endif -#if !defined(IS_BOOTLOADER) - case CTAPHID_GETRNG: - printf1(TAG_HID,"CTAPHID_GETRNG\n"); - ctap_response_init(&ctap_resp); - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_GETRNG; - wb.bcnt = ctap_buffer[0]; - if (!wb.bcnt) - wb.bcnt = 57; - memset(ctap_buffer,0,wb.bcnt); - ctap_generate_rng(ctap_buffer, wb.bcnt); - ctaphid_write(&wb, &ctap_buffer, wb.bcnt); - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; -#endif - - case CTAPHID_GETVERSION: - printf1(TAG_HID,"CTAPHID_GETVERSION\n"); - ctap_response_init(&ctap_resp); - ctaphid_write_buffer_init(&wb); - wb.cid = cid; - wb.cmd = CTAPHID_GETVERSION; - wb.bcnt = 3; - ctap_buffer[0] = SOLO_VERSION_MAJ; - ctap_buffer[1] = SOLO_VERSION_MIN; - ctap_buffer[2] = SOLO_VERSION_PATCH; - ctaphid_write(&wb, &ctap_buffer, 3); - ctaphid_write(&wb, NULL, 0); - is_busy = 0; - break; default: - printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); - ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND); - break; + if (ctaphid_custom_command(cmd, cid, len, &ctap_resp, &wb) != 0){ + is_busy = 0; + }else{ + printf2(TAG_ERR, "error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); + ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND); + } } cid_del(cid); buffer_reset(); @@ -759,3 +700,126 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) else return 0; } + +uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb) +{ + uint8_t is_busy; + uint32_t param; + + switch(cmd) + { +#if defined(IS_BOOTLOADER) + case CTAPHID_BOOT: + printf1(TAG_HID,"CTAPHID_BOOT\n"); + ctap_response_init(ctap_resp); + u2f_set_writeback_buffer(ctap_resp); + is_busy = bootloader_bridge(len, ctap_buffer); + + ctaphid_write_buffer_init(wb); + wb->cid = cid; + wb->cmd = CTAPHID_BOOT; + wb->bcnt = (ctap_resp.length + 1); + ctaphid_write(wb, &is_busy, 1); + ctaphid_write(wb, ctap_resp.data, ctap_resp.length); + ctaphid_write(wb, NULL, 0); + return 1; +#endif +#if defined(SOLO_HACKER) + case CTAPHID_ENTERBOOT: + printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); + boot_solo_bootloader(); + ctaphid_write_buffer_init(wb); + wb->cid = cid; + wb->cmd = CTAPHID_ENTERBOOT; + wb->bcnt = 0; + ctaphid_write(wb, NULL, 0); + return 1; + case CTAPHID_ENTERSTBOOT: + printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); + boot_st_bootloader(); + return 1; +#endif + +#if !defined(IS_BOOTLOADER) + case CTAPHID_GETRNG: + printf1(TAG_HID,"CTAPHID_GETRNG\n"); + ctap_response_init(ctap_resp); + ctaphid_write_buffer_init(wb); + wb->cid = cid; + wb->cmd = CTAPHID_GETRNG; + wb->bcnt = ctap_buffer[0]; + if (!wb->bcnt) + wb->bcnt = 57; + memset(ctap_buffer,0,wb->bcnt); + ctap_generate_rng(ctap_buffer, wb->bcnt); + ctaphid_write(wb, ctap_buffer, wb->bcnt); + ctaphid_write(wb, NULL, 0); + return 1; + break; +#endif + + case CTAPHID_GETVERSION: + printf1(TAG_HID,"CTAPHID_GETVERSION\n"); + ctap_response_init(ctap_resp); + ctaphid_write_buffer_init(wb); + wb->cid = cid; + wb->cmd = CTAPHID_GETVERSION; + wb->bcnt = 3; + ctap_buffer[0] = SOLO_VERSION_MAJ; + ctap_buffer[1] = SOLO_VERSION_MIN; + ctap_buffer[2] = SOLO_VERSION_PATCH; + ctaphid_write(wb, ctap_buffer, 3); + ctaphid_write(wb, NULL, 0); + return 1; + break; + +#if !defined(IS_BOOTLOADER) && (defined(SOLO_HACKER) || defined(SOLO_EXPERIMENTAL)) + case CTAPHID_LOADKEY: + /** + * Load external key. Useful for enabling backups. + * bytes: 4 96 + * payload: | counter_increase (BE) | master_key | + * + * Counter should be increased by a large amount, e.g. (0x10000000) + * to outdo any previously lost/broken keys. + */ + printf1(TAG_HID,"CTAPHID_LOADKEY\n"); + if (len != 100) + { + printf2(TAG_ERR,"Error, invalid length.\n"); + ctaphid_send_error(cid, CTAP1_ERR_INVALID_LENGTH); + return 1; + } + + // Ask for THREE button presses + if (ctap_user_presence_test(8000) > 0) + if (ctap_user_presence_test(8000) > 0) + if (ctap_user_presence_test(8000) > 0) + { + ctap_load_external_keys(ctap_buffer + 4); + param = ctap_buffer[3]; + param |= ctap_buffer[2] << 8; + param |= ctap_buffer[1] << 16; + param |= ctap_buffer[0] << 24; + ctap_atomic_count(param); + + ctap_response_init(ctap_resp); + ctaphid_write_buffer_init(wb); + wb->cid = cid; + wb->cmd = CTAPHID_LOADKEY; + wb->bcnt = 0; + + ctaphid_write(wb, NULL, 0); + return 1; + } + + printf2(TAG_ERR, "Error, invalid length.\n"); + ctaphid_send_error(cid, CTAP2_ERR_OPERATION_DENIED); + return 1; +#endif + + + } + + return 0; +} \ No newline at end of file diff --git a/fido2/ctaphid.h b/fido2/ctaphid.h index dbde70d..0b5715d 100644 --- a/fido2/ctaphid.h +++ b/fido2/ctaphid.h @@ -29,6 +29,7 @@ #define CTAPHID_ENTERSTBOOT (TYPE_INIT | 0x52) #define CTAPHID_GETRNG (TYPE_INIT | 0x60) #define CTAPHID_GETVERSION (TYPE_INIT | 0x61) +#define CTAPHID_LOADKEY (TYPE_INIT | 0x62) // reserved for debug, not implemented except for HACKER and DEBUG_LEVEl > 0 #define CTAPHID_PROBE (TYPE_INIT | 0x70) From bb2929b28fe4a147b54bfc17c55b2a85b64dc575 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:35:35 -0400 Subject: [PATCH 75/79] change ctap_atomic_count to increase by user-specified amount --- fido2/device.h | 4 ++-- pc/device.c | 15 +++------------ targets/stm32l432/src/device.c | 12 +++++++----- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/fido2/device.h b/fido2/device.h index ea46123..4692323 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -61,8 +61,8 @@ int ctap_user_presence_test(uint32_t delay); int ctap_generate_rng(uint8_t * dst, size_t num); // Increment atomic counter and return it. -// Must support two counters, @sel selects counter0 or counter1. -uint32_t ctap_atomic_count(int sel); +// @param amount the amount to increase the counter by. +uint32_t ctap_atomic_count(uint32_t amount); // Verify the user // return 1 if user is verified, 0 if not diff --git a/pc/device.c b/pc/device.c index ee6bae7..791f8c9 100644 --- a/pc/device.c +++ b/pc/device.c @@ -313,20 +313,11 @@ int ctap_user_verification(uint8_t arg) } -uint32_t ctap_atomic_count(int sel) +uint32_t ctap_atomic_count(uint32_t amount) { static uint32_t counter1 = 25; - /*return 713;*/ - if (sel == 0) - { - printf1(TAG_RED,"counter1: %d\n", counter1); - return counter1++; - } - else - { - printf2(TAG_ERR,"counter2 not imple\n"); - exit(1); - } + counter1 += amount; + return counter1; } int ctap_generate_rng(uint8_t * dst, size_t num) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index b761801..0cb91b2 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -410,7 +410,7 @@ void authenticator_write_state(AuthenticatorState * a, int backup) } } -uint32_t ctap_atomic_count(int sel) +uint32_t ctap_atomic_count(uint32_t amount) { int offset = 0; uint32_t * ptr = (uint32_t *)flash_addr(COUNTER1_PAGE); @@ -425,10 +425,12 @@ uint32_t ctap_atomic_count(int sel) uint32_t lastc = 0; - if (sel != 0) + if (amount == 0) { - printf2(TAG_ERR,"counter2 not imple\n"); - exit(1); + // Use a random count [1-16]. + uint8_t rng[1]; + ctap_generate_rng(rng, 1); + amount = (rng[1] & 0x0f) + 1; } for (offset = 0; offset < PAGE_SIZE/4; offset += 2) // wear-level the flash @@ -461,7 +463,7 @@ uint32_t ctap_atomic_count(int sel) return lastc; } - lastc++; + lastc += amount; if (lastc/256 > erases) { From a58658e35d006f33de1e0f8e14be455336c324f0 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:42:17 -0400 Subject: [PATCH 76/79] fix pointer --- fido2/ctaphid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index 68e6f1d..0b934e9 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -718,9 +718,9 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_BOOT; - wb->bcnt = (ctap_resp.length + 1); + wb->bcnt = (ctap_resp->length + 1); ctaphid_write(wb, &is_busy, 1); - ctaphid_write(wb, ctap_resp.data, ctap_resp.length); + ctaphid_write(wb, ctap_resp->data, ctap_resp->length); ctaphid_write(wb, NULL, 0); return 1; #endif From a2fd507f45612e120e2e9ae5982050aed1f3b48d Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:52:55 -0400 Subject: [PATCH 77/79] typo --- targets/stm32l432/src/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 0cb91b2..54a51b4 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -430,7 +430,7 @@ uint32_t ctap_atomic_count(uint32_t amount) // Use a random count [1-16]. uint8_t rng[1]; ctap_generate_rng(rng, 1); - amount = (rng[1] & 0x0f) + 1; + amount = (rng[0] & 0x0f) + 1; } for (offset = 0; offset < PAGE_SIZE/4; offset += 2) // wear-level the flash From 69a7191860f2057d18cbd8b1b195af89c34376b3 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 11:58:23 -0400 Subject: [PATCH 78/79] fix warnings --- Makefile | 2 +- fido2/ctaphid.c | 27 +++++++++++---------------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index 61a3923..6aae180 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ INCLUDES += -I./crypto/cifra/src CFLAGS += $(INCLUDES) # for crypto/tiny-AES-c -CFLAGS += -DAES256=1 -DAPP_CONFIG=\"app.h\" +CFLAGS += -DAES256=1 -DAPP_CONFIG=\"app.h\" -DSOLO_EXPERIMENTAL=1 name = main diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index 0b934e9..b243af8 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -544,9 +544,9 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) { - uint8_t cmd; + uint8_t cmd = 0; uint32_t cid; - int len; + int len = 0; #ifndef DISABLE_CTAPHID_CBOR int status; #endif @@ -556,6 +556,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) CTAP_RESPONSE ctap_resp; int bufstatus = ctaphid_buffer_packet(pkt_raw, &cmd, &cid, &len); + ctaphid_write_buffer_init(&wb); if (bufstatus == HID_IGNORE) { @@ -591,7 +592,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) case CTAPHID_PING: printf1(TAG_HID,"CTAPHID_PING\n"); - ctaphid_write_buffer_init(&wb); wb.cid = cid; wb.cmd = CTAPHID_PING; wb.bcnt = len; @@ -606,7 +606,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) case CTAPHID_WINK: printf1(TAG_HID,"CTAPHID_WINK\n"); - ctaphid_write_buffer_init(&wb); device_wink(); @@ -637,7 +636,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctap_response_init(&ctap_resp); status = ctap_request(ctap_buffer, len, &ctap_resp); - ctaphid_write_buffer_init(&wb); wb.cid = cid; wb.cmd = CTAPHID_CBOR; wb.bcnt = (ctap_resp.length+1); @@ -670,7 +668,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctap_response_init(&ctap_resp); u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp); - ctaphid_write_buffer_init(&wb); wb.cid = cid; wb.cmd = CTAPHID_MSG; wb.bcnt = (ctap_resp.length); @@ -703,19 +700,24 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb) { - uint8_t is_busy; + ctap_response_init(ctap_resp); + ctaphid_write_buffer_init(wb); + +#if !defined(IS_BOOTLOADER) && (defined(SOLO_HACKER) || defined(SOLO_EXPERIMENTAL)) uint32_t param; +#endif +#if defined(IS_BOOTLOADER) + uint8_t is_busy; +#endif switch(cmd) { #if defined(IS_BOOTLOADER) case CTAPHID_BOOT: printf1(TAG_HID,"CTAPHID_BOOT\n"); - ctap_response_init(ctap_resp); u2f_set_writeback_buffer(ctap_resp); is_busy = bootloader_bridge(len, ctap_buffer); - ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_BOOT; wb->bcnt = (ctap_resp->length + 1); @@ -728,7 +730,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE case CTAPHID_ENTERBOOT: printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); boot_solo_bootloader(); - ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_ENTERBOOT; wb->bcnt = 0; @@ -743,8 +744,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE #if !defined(IS_BOOTLOADER) case CTAPHID_GETRNG: printf1(TAG_HID,"CTAPHID_GETRNG\n"); - ctap_response_init(ctap_resp); - ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_GETRNG; wb->bcnt = ctap_buffer[0]; @@ -760,8 +759,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE case CTAPHID_GETVERSION: printf1(TAG_HID,"CTAPHID_GETVERSION\n"); - ctap_response_init(ctap_resp); - ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_GETVERSION; wb->bcnt = 3; @@ -803,8 +800,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE param |= ctap_buffer[0] << 24; ctap_atomic_count(param); - ctap_response_init(ctap_resp); - ctaphid_write_buffer_init(wb); wb->cid = cid; wb->cmd = CTAPHID_LOADKEY; wb->bcnt = 0; From 49d79fa5da440f0a80ad645ad3ed04bc7d9dc455 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 8 Oct 2019 12:09:20 -0400 Subject: [PATCH 79/79] reduce lines/size --- fido2/ctaphid.c | 36 +++++++++--------------------------- 1 file changed, 9 insertions(+), 27 deletions(-) diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index b243af8..7899b65 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -540,7 +540,7 @@ extern void _check_ret(CborError ret, int line, const char * filename); if ((r) != CborNoError) exit(1); -uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb); +uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb); uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) { @@ -558,6 +558,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) int bufstatus = ctaphid_buffer_packet(pkt_raw, &cmd, &cid, &len); ctaphid_write_buffer_init(&wb); + wb.cid = cid; + wb.cmd = cmd; + if (bufstatus == HID_IGNORE) { return 0; @@ -592,8 +595,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) case CTAPHID_PING: printf1(TAG_HID,"CTAPHID_PING\n"); - wb.cid = cid; - wb.cmd = CTAPHID_PING; wb.bcnt = len; timestamp(); ctaphid_write(&wb, ctap_buffer, len); @@ -609,9 +610,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) device_wink(); - wb.cid = cid; - wb.cmd = CTAPHID_WINK; - ctaphid_write(&wb,NULL,0); break; @@ -636,8 +634,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctap_response_init(&ctap_resp); status = ctap_request(ctap_buffer, len, &ctap_resp); - wb.cid = cid; - wb.cmd = CTAPHID_CBOR; wb.bcnt = (ctap_resp.length+1); @@ -668,8 +664,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) ctap_response_init(&ctap_resp); u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp); - wb.cid = cid; - wb.cmd = CTAPHID_MSG; wb.bcnt = (ctap_resp.length); ctaphid_write(&wb, ctap_resp.data, ctap_resp.length); @@ -682,7 +676,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) break; default: - if (ctaphid_custom_command(cmd, cid, len, &ctap_resp, &wb) != 0){ + if (ctaphid_custom_command(len, &ctap_resp, &wb) != 0){ is_busy = 0; }else{ printf2(TAG_ERR, "error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); @@ -698,10 +692,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) } -uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb) +uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb) { ctap_response_init(ctap_resp); - ctaphid_write_buffer_init(wb); #if !defined(IS_BOOTLOADER) && (defined(SOLO_HACKER) || defined(SOLO_EXPERIMENTAL)) uint32_t param; @@ -710,7 +703,7 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE uint8_t is_busy; #endif - switch(cmd) + switch(wb->cmd) { #if defined(IS_BOOTLOADER) case CTAPHID_BOOT: @@ -718,9 +711,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE u2f_set_writeback_buffer(ctap_resp); is_busy = bootloader_bridge(len, ctap_buffer); - wb->cid = cid; - wb->cmd = CTAPHID_BOOT; - wb->bcnt = (ctap_resp->length + 1); ctaphid_write(wb, &is_busy, 1); ctaphid_write(wb, ctap_resp->data, ctap_resp->length); ctaphid_write(wb, NULL, 0); @@ -730,8 +720,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE case CTAPHID_ENTERBOOT: printf1(TAG_HID,"CTAPHID_ENTERBOOT\n"); boot_solo_bootloader(); - wb->cid = cid; - wb->cmd = CTAPHID_ENTERBOOT; wb->bcnt = 0; ctaphid_write(wb, NULL, 0); return 1; @@ -744,8 +732,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE #if !defined(IS_BOOTLOADER) case CTAPHID_GETRNG: printf1(TAG_HID,"CTAPHID_GETRNG\n"); - wb->cid = cid; - wb->cmd = CTAPHID_GETRNG; wb->bcnt = ctap_buffer[0]; if (!wb->bcnt) wb->bcnt = 57; @@ -759,8 +745,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE case CTAPHID_GETVERSION: printf1(TAG_HID,"CTAPHID_GETVERSION\n"); - wb->cid = cid; - wb->cmd = CTAPHID_GETVERSION; wb->bcnt = 3; ctap_buffer[0] = SOLO_VERSION_MAJ; ctap_buffer[1] = SOLO_VERSION_MIN; @@ -784,7 +768,7 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE if (len != 100) { printf2(TAG_ERR,"Error, invalid length.\n"); - ctaphid_send_error(cid, CTAP1_ERR_INVALID_LENGTH); + ctaphid_send_error(wb->cid, CTAP1_ERR_INVALID_LENGTH); return 1; } @@ -800,8 +784,6 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE param |= ctap_buffer[0] << 24; ctap_atomic_count(param); - wb->cid = cid; - wb->cmd = CTAPHID_LOADKEY; wb->bcnt = 0; ctaphid_write(wb, NULL, 0); @@ -809,7 +791,7 @@ uint8_t ctaphid_custom_command(uint8_t cmd, uint32_t cid, int len, CTAP_RESPONSE } printf2(TAG_ERR, "Error, invalid length.\n"); - ctaphid_send_error(cid, CTAP2_ERR_OPERATION_DENIED); + ctaphid_send_error(wb->cid, CTAP2_ERR_OPERATION_DENIED); return 1; #endif