From 1d59bbfdd4cdcc681fad9bf28b914bf37116bd49 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sun, 1 Dec 2019 16:38:37 -0500 Subject: [PATCH] support different aaguid's in cert for different solo models --- fido2/ctap.c | 6 ++++-- fido2/ctap.h | 3 --- fido2/device.h | 5 +++++ targets/stm32l432/src/attestation.c | 5 +++-- targets/stm32l432/src/device.c | 11 +++++++++++ 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 8923736..358d294 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -69,6 +69,8 @@ uint8_t ctap_get_info(CborEncoder * encoder) CborEncoder map; CborEncoder options; CborEncoder pins; + uint8_t aaguid[16]; + device_read_aaguid(aaguid); ret = cbor_encoder_create_map(encoder, &map, 6); check_ret(ret); @@ -105,7 +107,7 @@ uint8_t ctap_get_info(CborEncoder * encoder) ret = cbor_encode_uint(&map, RESP_aaguid); check_ret(ret); { - ret = cbor_encode_byte_string(&map, CTAP_AAGUID, 16); + ret = cbor_encode_byte_string(&map, aaguid, 16); check_ret(ret); } @@ -505,7 +507,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au cbor_encoder_init(&cose_key, cose_key_buf, *len - sizeof(CTAP_authData), 0); - memmove(authData->attest.aaguid, CTAP_AAGUID, 16); + device_read_aaguid(authData->attest.aaguid); authData->attest.credLenL = sizeof(CredentialId) & 0x00FF; authData->attest.credLenH = (sizeof(CredentialId) & 0xFF00) >> 8; diff --git a/fido2/ctap.h b/fido2/ctap.h index c12c5b9..1872df4 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -19,9 +19,6 @@ #define CTAP_VENDOR_FIRST 0x40 #define CTAP_VENDOR_LAST 0xBF -// AAGUID For Solo -#define CTAP_AAGUID ((uint8_t*)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79") - #define MC_clientDataHash 0x01 #define MC_rp 0x02 #define MC_user 0x03 diff --git a/fido2/device.h b/fido2/device.h index ae9ac6a..20029dd 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -211,4 +211,9 @@ void device_attestation_read_cert_der(uint8_t * dst); */ uint16_t device_attestation_cert_der_get_size(); +/** Read the device's 16 byte AAGUID into a buffer. + * @param dst buffer to write 16 byte AAGUID into. + * */ +void device_read_aaguid(uint8_t * dst); + #endif diff --git a/targets/stm32l432/src/attestation.c b/targets/stm32l432/src/attestation.c index 0e5ab53..90a0a1c 100644 --- a/targets/stm32l432/src/attestation.c +++ b/targets/stm32l432/src/attestation.c @@ -10,6 +10,7 @@ #include "memory_layout.h" #include "device.h" #include "sense.h" +#include "log.h" const uint8_t attestation_solo_cert_der[] = @@ -118,11 +119,11 @@ void device_attestation_read_cert_der(uint8_t * dst){ // Overwrite respective x509 fields if Tap or Somu. if (memcmp(dst + 0x2c6, "\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d", 10) == 0){ if (device_is_nfc()){ - dst[0x2a3] = 0x89;//tap aaguid byte + dst[0x2a2] = 0x89;//tap aaguid byte memmove(dst + 0xac, "\x34\x33\x38\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x34\x33\x38", 20);//tap-id memmove(dst + 0x2c5, "\x6d\x7b\x41\x2b\xff\x57\xf0\x03\xbd\x5b\x39\x4a\xf7\xa9\x2d\x6d\xcb\x9e\x2d\x88\xbf\xb3\x93\xc5\x66\x3b\xd1\xbc\x34\xfa\x5c\x4c\x02\x20\x59\x01\x49\x39\x1b\xb7\xa9\x1c\xed\x49\x78\x4f\x92\xa9\x61\x14\xa5\x6e\x96\x3f\x29\x02\x93\xe0\x5d\xe2\x75\xd0\x60\xd9\x74\xc2", 66);//tap-sig } else if (tsc_sensor_exists()) { - dst[0x2a3] = 0x98;//somu aaguid byte + dst[0x2a2] = 0x98;//somu aaguid byte memmove(dst + 0xac, "\x35\x30\x32\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x35\x30\x32", 20);//somu-id memmove(dst + 0x2c5, "\x4d\x08\xc8\x9d\xc4\x50\x49\x70\x48\x4d\xd0\x12\xd9\x7c\x62\x5e\x6b\xd3\x84\xd5\x36\x42\xfe\x86\x8e\x7a\x23\x59\xa0\x20\xf0\xc5\x02\x20\x5f\x70\x93\x61\x5a\xe4\x20\xcf\xb9\x8a\xf5\xdd\x87\xd0\x48\x6d\x7d\x59\xef\x9e\x0e\x11\xa3\x8e\xf7\xe3\xe2\xf5\x35\x37\x99\x1a", 66);//somu-sig } diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 8335d4e..1a83ebc 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -859,6 +859,17 @@ void boot_solo_bootloader(void) } +void device_read_aaguid(uint8_t * dst){ + uint8_t * aaguid = (uint8_t *)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79"; + memmove(dst, aaguid, 16); + if (device_is_nfc()){ + dst[0] = 0x89; + } + else if (tsc_sensor_exists()){ + dst[0] = 0x98; + } + dump_hex1(TAG_GREEN,dst, 16); +} void _Error_Handler(char *file, int line)