diff --git a/fido2/ctap.c b/fido2/ctap.c index ccdc0cb..3dcb98b 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -458,7 +458,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au int but; - but = ctap_user_presence_test(); + but = ctap_user_presence_test(CTAP2_UP_DELAY_MS); if (!but) { @@ -696,7 +696,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt } if (MC.pinAuthEmpty) { - if (!ctap_user_presence_test()) + if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS)) { return CTAP2_ERR_OPERATION_DENIED; } @@ -1132,7 +1132,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) if (GA.pinAuthEmpty) { - if (!ctap_user_presence_test()) + if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS)) { return CTAP2_ERR_OPERATION_DENIED; } @@ -1641,7 +1641,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) break; case CTAP_RESET: printf1(TAG_CTAP,"CTAP_RESET\n"); - if (ctap_user_presence_test()) + if (ctap_user_presence_test(CTAP2_UP_DELAY_MS)) { ctap_reset(); } diff --git a/fido2/ctap.h b/fido2/ctap.h index 9677d87..51a5c11 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -131,6 +131,8 @@ #define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total #define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot +#define CTAP2_UP_DELAY_MS 5000 + typedef struct { uint8_t id[USER_ID_MAX_SIZE]; diff --git a/fido2/device.h b/fido2/device.h index 75af9de..dfb95ec 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -53,11 +53,11 @@ int device_is_button_pressed(); // Test for user presence // Return 1 for user is present, 0 user not present, -1 if cancel is requested. -extern int ctap_user_presence_test(); +int ctap_user_presence_test(uint32_t delay); // Generate @num bytes of random numbers to @dest // return 1 if success, error otherwise -extern int ctap_generate_rng(uint8_t * dst, size_t num); +int ctap_generate_rng(uint8_t * dst, size_t num); // Increment atomic counter and return it. // Must support two counters, @sel selects counter0 or counter1. @@ -65,11 +65,11 @@ uint32_t ctap_atomic_count(int sel); // Verify the user // return 1 if user is verified, 0 if not -extern int ctap_user_verification(uint8_t arg); +int ctap_user_verification(uint8_t arg); // Must be implemented by application // data is HID_MESSAGE_SIZE long in bytes -extern void ctaphid_write_block(uint8_t * data); +void ctaphid_write_block(uint8_t * data); // Resident key diff --git a/fido2/extensions/wallet.c b/fido2/extensions/wallet.c index a03d74e..537b359 100644 --- a/fido2/extensions/wallet.c +++ b/fido2/extensions/wallet.c @@ -85,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a return CTAP2_ERR_NOT_ALLOWED; } - if (!ctap_user_presence_test()) + if (!ctap_user_presence_test(5000)) { return CTAP2_ERR_OPERATION_DENIED; } @@ -111,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a return CTAP2_ERR_NOT_ALLOWED; } - if (!ctap_user_presence_test()) + if (!ctap_user_presence_test(5000)) { return CTAP2_ERR_OPERATION_DENIED; } @@ -133,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a return CTAP2_ERR_NOT_ALLOWED; } - if (!ctap_user_presence_test()) + if (!ctap_user_presence_test(5000)) { return CTAP2_ERR_OPERATION_DENIED; } @@ -359,7 +359,7 @@ int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen) } } - if (ctap_user_presence_test()) + if (ctap_user_presence_test(5000)) { printf1(TAG_WALLET,"Reseting device!\n"); ctap_reset(); diff --git a/fido2/u2f.c b/fido2/u2f.c index 67945cb..14cb848 100644 --- a/fido2/u2f.c +++ b/fido2/u2f.c @@ -205,7 +205,6 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid) } - static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control) { @@ -243,13 +242,12 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c if(up) { - device_set_status(CTAPHID_STATUS_UPNEEDED); - if (ctap_user_presence_test() == 0) + if (ctap_user_presence_test(750) == 0) { return U2F_SW_CONDITIONS_NOT_SATISFIED; } } - + count = ctap_atomic_count(0); hash[0] = (count >> 24) & 0xff; hash[1] = (count >> 16) & 0xff; @@ -290,8 +288,7 @@ static int16_t u2f_register(struct u2f_register_request * req) const uint16_t attest_size = attestation_cert_der_size; - device_set_status(CTAPHID_STATUS_UPNEEDED); - if ( ! ctap_user_presence_test()) + if ( ! ctap_user_presence_test(750)) { return U2F_SW_CONDITIONS_NOT_SATISFIED; } diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 978dd3c..ae441fc 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -63,7 +63,7 @@ void TIM6_DAC_IRQHandler() // timer is only 16 bits, so roll it over here TIM6->SR = 0; __90_ms += 1; - if ((millis() - __last_update) > 8) + if ((millis() - __last_update) > 90) { if (__device_status != CTAPHID_STATUS_IDLE) { @@ -488,7 +488,7 @@ static int handle_packets() return 0; } -int ctap_user_presence_test() +int ctap_user_presence_test(uint32_t up_delay) { int ret; if (device_is_nfc() == NFC_IS_ACTIVE) @@ -513,22 +513,26 @@ int ctap_user_presence_test() uint32_t t1 = millis(); led_rgb(0xff3520); -while (IS_BUTTON_PRESSED()) +if (IS_BUTTON_PRESSED == is_touch_button_pressed) { - if (t1 + 5000 < millis()) + // Wait for user to release touch button if it's already pressed + while (IS_BUTTON_PRESSED()) { - printf1(TAG_GEN,"Button not pressed\n"); - goto fail; + if (t1 + up_delay < millis()) + { + printf1(TAG_GEN,"Button not pressed\n"); + goto fail; + } + ret = handle_packets(); + if (ret) return ret; } - ret = handle_packets(); - if (ret) return ret; } t1 = millis(); do { - if (t1 + 5000 < millis()) + if (t1 + up_delay < millis()) { goto fail; }