change u2f to return early if button not immediately pressed

fido2/ctap.c

@@ -458,7 +458,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
 
     int but;
 
-    but = ctap_user_presence_test();
+    but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
 
     if (!but)
     {
@@ -696,7 +696,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
     }
     if (MC.pinAuthEmpty)
     {
-        if (!ctap_user_presence_test())
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
         {
                 return CTAP2_ERR_OPERATION_DENIED;
         }
@@ -1132,7 +1132,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
 
     if (GA.pinAuthEmpty)
     {
-        if (!ctap_user_presence_test())
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
         {
                 return CTAP2_ERR_OPERATION_DENIED;
         }
@@ -1641,7 +1641,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
             break;
         case CTAP_RESET:
             printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
             {
                 ctap_reset();
             }

fido2/ctap.h

@@ -131,6 +131,8 @@
 #define PIN_LOCKOUT_ATTEMPTS        8       // Number of attempts total
 #define PIN_BOOT_ATTEMPTS           3       // number of attempts per boot
 
+#define CTAP2_UP_DELAY_MS           5000
+
 typedef struct
 {
     uint8_t id[USER_ID_MAX_SIZE];

fido2/device.h

@@ -53,11 +53,11 @@ int device_is_button_pressed();
 
 // Test for user presence
 // Return 1 for user is present, 0 user not present, -1 if cancel is requested.
-extern int ctap_user_presence_test();
+int ctap_user_presence_test(uint32_t delay);
 
 // Generate @num bytes of random numbers to @dest
 // return 1 if success, error otherwise
-extern int ctap_generate_rng(uint8_t * dst, size_t num);
+int ctap_generate_rng(uint8_t * dst, size_t num);
 
 // Increment atomic counter and return it.
 // Must support two counters, @sel selects counter0 or counter1.
@@ -65,11 +65,11 @@ uint32_t ctap_atomic_count(int sel);
 
 // Verify the user
 // return 1 if user is verified, 0 if not
-extern int ctap_user_verification(uint8_t arg);
+int ctap_user_verification(uint8_t arg);
 
 // Must be implemented by application
 // data is HID_MESSAGE_SIZE long in bytes
-extern void ctaphid_write_block(uint8_t * data);
+void ctaphid_write_block(uint8_t * data);
 
 
 // Resident key

fido2/extensions/wallet.c

@@ -85,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -111,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -133,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -359,7 +359,7 @@ int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
                 }
             }
 
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(5000))
             {
                 printf1(TAG_WALLET,"Reseting device!\n");
                 ctap_reset();

fido2/u2f.c

@@ -205,7 +205,6 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
 }
 
 
-
 static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
 {
 
@@ -243,8 +242,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
 
 	if(up)
 	{
-        device_set_status(CTAPHID_STATUS_UPNEEDED);
-		if (ctap_user_presence_test() == 0)
+		if (ctap_user_presence_test(750) == 0)
 		{
 			return U2F_SW_CONDITIONS_NOT_SATISFIED;
 		}
@@ -290,8 +288,7 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     const uint16_t attest_size = attestation_cert_der_size;
 
-    device_set_status(CTAPHID_STATUS_UPNEEDED);
-	if ( ! ctap_user_presence_test())
+	if ( ! ctap_user_presence_test(750))
 	{
 		return U2F_SW_CONDITIONS_NOT_SATISFIED;
 	}

targets/stm32l432/src/device.c

@@ -63,7 +63,7 @@ void TIM6_DAC_IRQHandler()
     // timer is only 16 bits, so roll it over here
     TIM6->SR = 0;
     __90_ms += 1;
-    if ((millis() - __last_update) > 8)
+    if ((millis() - __last_update) > 90)
     {
         if (__device_status != CTAPHID_STATUS_IDLE)
         {
@@ -488,7 +488,7 @@ static int handle_packets()
     return 0;
 }
 
-int ctap_user_presence_test()
+int ctap_user_presence_test(uint32_t up_delay)
 {
     int ret;
     if (device_is_nfc() == NFC_IS_ACTIVE)
@@ -513,22 +513,26 @@ int ctap_user_presence_test()
     uint32_t t1 = millis();
     led_rgb(0xff3520);
 
-while (IS_BUTTON_PRESSED())
+if (IS_BUTTON_PRESSED == is_touch_button_pressed)
 {
-    if (t1 + 5000 < millis())
+    // Wait for user to release touch button if it's already pressed
+    while (IS_BUTTON_PRESSED())
     {
-        printf1(TAG_GEN,"Button not pressed\n");
-        goto fail;
+        if (t1 + up_delay < millis())
+        {
+            printf1(TAG_GEN,"Button not pressed\n");
+            goto fail;
+        }
+        ret = handle_packets();
+        if (ret) return ret;
     }
-    ret = handle_packets();
-    if (ret) return ret;
 }
 
 t1 = millis();
 
 do
 {
-    if (t1 + 5000 < millis())
+    if (t1 + up_delay < millis())
     {
         goto fail;
     }