merge
This commit is contained in:
Conor Patrick
74
fido2/u2f.c
74
fido2/u2f.c
@@ -1,24 +1,9 @@
|
||||
/*
|
||||
* Copyright (C) 2018 SoloKeys, Inc. <https://solokeys.com/>
|
||||
*
|
||||
* This file is part of Solo.
|
||||
*
|
||||
* Solo is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Solo is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with Solo. If not, see <https://www.gnu.org/licenses/>
|
||||
*
|
||||
* This code is available under licenses for commercial use.
|
||||
* Please contact SoloKeys for more information.
|
||||
*/
|
||||
// Copyright 2019 SoloKeys Developers
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
|
||||
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
|
||||
// http://opensource.org/licenses/MIT>, at your option. This file may not be
|
||||
// copied, modified, or distributed except according to those terms.
|
||||
#include <stdlib.h>
|
||||
#include "u2f.h"
|
||||
#include "ctap.h"
|
||||
@@ -26,12 +11,16 @@
|
||||
#include "log.h"
|
||||
#include "device.h"
|
||||
#include "wallet.h"
|
||||
#include "apdu.h"
|
||||
#ifdef ENABLE_U2F_EXTENSIONS
|
||||
#include "extensions.h"
|
||||
#endif
|
||||
#include APP_CONFIG
|
||||
|
||||
// void u2f_response_writeback(uint8_t * buf, uint8_t len);
|
||||
#ifdef ENABLE_U2F
|
||||
static int16_t u2f_register(struct u2f_register_request * req, bool fromNFC);
|
||||
static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control, bool fromNFC);
|
||||
#endif
|
||||
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
|
||||
void u2f_reset_response();
|
||||
|
||||
@@ -41,7 +30,6 @@ static CTAP_RESPONSE * _u2f_resp = NULL;
|
||||
void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp, bool fromNFC)
|
||||
{
|
||||
uint16_t rcode = 0;
|
||||
uint64_t t1,t2;
|
||||
uint8_t byte;
|
||||
|
||||
ctap_response_init(resp);
|
||||
@@ -56,7 +44,7 @@ void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPO
|
||||
#ifdef ENABLE_U2F_EXTENSIONS
|
||||
rcode = extend_u2f(req, len);
|
||||
#endif
|
||||
if (rcode != U2F_SW_NO_ERROR) // If the extension didn't do anything...
|
||||
if (rcode != U2F_SW_NO_ERROR && rcode != U2F_SW_CONDITIONS_NOT_SATISFIED) // If the extension didn't do anything...
|
||||
{
|
||||
#ifdef ENABLE_U2F
|
||||
switch(req->ins)
|
||||
@@ -69,18 +57,18 @@ void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPO
|
||||
}
|
||||
else
|
||||
{
|
||||
t1 = millis();
|
||||
rcode = u2f_register((struct u2f_register_request*)payload, fromNFC);
|
||||
t2 = millis();
|
||||
printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);
|
||||
|
||||
timestamp();
|
||||
rcode = u2f_register((struct u2f_register_request*)req->payload, fromNFC);
|
||||
printf1(TAG_TIME,"u2f_register time: %d ms\n", timestamp());
|
||||
|
||||
}
|
||||
break;
|
||||
case U2F_AUTHENTICATE:
|
||||
printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
|
||||
t1 = millis();
|
||||
rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1, fromNFC);
|
||||
t2 = millis();
|
||||
printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);
|
||||
timestamp();
|
||||
rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1, fromNFC);
|
||||
printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", timestamp());
|
||||
break;
|
||||
case U2F_VERSION:
|
||||
printf1(TAG_U2F, "U2F_VERSION\n");
|
||||
@@ -160,7 +148,8 @@ void u2f_set_writeback_buffer(CTAP_RESPONSE * resp)
|
||||
_u2f_resp = resp;
|
||||
}
|
||||
|
||||
void dump_signature_der(uint8_t * sig)
|
||||
#ifdef ENABLE_U2F
|
||||
static void dump_signature_der(uint8_t * sig)
|
||||
{
|
||||
uint8_t sigder[72];
|
||||
int len;
|
||||
@@ -256,12 +245,10 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
|
||||
}
|
||||
|
||||
count = ctap_atomic_count(0);
|
||||
uint8_t vcount[4];
|
||||
vcount[3] = (count) & 0xff;
|
||||
vcount[2] = (count >> 8) & 0xff;
|
||||
vcount[1] = (count >> 16) & 0xff;
|
||||
vcount[0] = (count >> 24) & 0xff;
|
||||
|
||||
hash[0] = 0xff;
|
||||
hash[1] = (count >> 16) & 0xff;
|
||||
hash[2] = (count >> 8) & 0xff;
|
||||
hash[3] = (count >> 0) & 0xff;
|
||||
crypto_sha256_init();
|
||||
|
||||
crypto_sha256_update(req->app, 32);
|
||||
@@ -274,8 +261,12 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
|
||||
printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F, hash, 32);
|
||||
crypto_ecc256_sign(hash, 32, sig);
|
||||
|
||||
u2f_response_writeback(&up, 1);
|
||||
u2f_response_writeback(vcount, 4);
|
||||
u2f_response_writeback(&up,1);
|
||||
hash[0] = 0xff;
|
||||
hash[1] = (count >> 16) & 0xff;
|
||||
hash[2] = (count >> 8) & 0xff;
|
||||
hash[3] = (count >> 0) & 0xff;
|
||||
u2f_response_writeback(hash,4);
|
||||
dump_signature_der(sig);
|
||||
|
||||
return U2F_SW_NO_ERROR;
|
||||
@@ -340,6 +331,7 @@ static int16_t u2f_register(struct u2f_register_request * req, bool fromNFC)
|
||||
|
||||
return U2F_SW_NO_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
int16_t u2f_version()
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user