shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

add wallet api in as compile option

Browse Source
This commit is contained in:
Conor Patrick 2019-04-23 21:57:50 -04:00
parent ce96fffddd
commit 1fab0b8f1f
7 changed files with 53 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fido2/device.h
View File

@ -9,7 +9,7 @@
#include "storage.h" #include "storage.h"
void device_init(); void device_init(int argc, char *argv[]);
uint32_t millis(); uint32_t millis();

25
fido2/extensions/extensions.c
View File

@ -35,6 +35,28 @@ int extension_needs_atomic_count(uint8_t klen, uint8_t * keyh)
|| ((wallet_request *) keyh)->operation == WalletSign; || ((wallet_request *) keyh)->operation == WalletSign;
} }
static uint8_t * output_buffer_ptr;
uint8_t output_buffer_offset;
uint8_t output_buffer_size;
void extension_writeback_init(uint8_t * buffer, uint8_t size)
{
output_buffer_ptr = buffer;
output_buffer_offset = 0;
output_buffer_size = size;
}
void extension_writeback(uint8_t * buf, uint8_t size)
{
if ((output_buffer_offset + size) > output_buffer_size)
{
return;
}
memmove(output_buffer_ptr + output_buffer_offset, buf, size);
output_buffer_offset += size;
}
int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh) int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
{ {
int8_t ret = 0; int8_t ret = 0;
@ -55,8 +77,6 @@ int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen
u2f_response_writeback((uint8_t *)&ret,1); u2f_response_writeback((uint8_t *)&ret,1);
#ifdef IS_BOOTLOADER #ifdef IS_BOOTLOADER
ret = bootloader_bridge(klen, keyh); ret = bootloader_bridge(klen, keyh);
#elif defined(WALLET_EXTENSION)
ret = bridge_u2f_to_wallet(_chal, _appid, klen, keyh);
#else #else
ret = bridge_u2f_to_solo(sig, keyh, klen); ret = bridge_u2f_to_solo(sig, keyh, klen);
u2f_response_writeback(sig,72); u2f_response_writeback(sig,72);
@ -82,6 +102,7 @@ int16_t extend_fido2(CredentialId * credid, uint8_t * output)
{ {
if (is_extension_request((uint8_t*)credid, sizeof(CredentialId))) if (is_extension_request((uint8_t*)credid, sizeof(CredentialId)))
{ {
printf1(TAG_EXT,"IS EXT REQ\r\n");
output[0] = bridge_u2f_to_solo(output+1, (uint8_t*)credid, sizeof(CredentialId)); output[0] = bridge_u2f_to_solo(output+1, (uint8_t*)credid, sizeof(CredentialId));
return 1; return 1;
} }

9
fido2/extensions/extensions.h
View File

@ -9,6 +9,11 @@
#include "u2f.h" #include "u2f.h"
#include "apdu.h" #include "apdu.h"
int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
// return 1 if request is a wallet request
int is_extension_request(uint8_t * req, int len);
int16_t extend_u2f(APDU_HEADER * req, uint8_t * payload, uint32_t len); int16_t extend_u2f(APDU_HEADER * req, uint8_t * payload, uint32_t len);
int16_t extend_fido2(CredentialId * credid, uint8_t * output); int16_t extend_fido2(CredentialId * credid, uint8_t * output);
@ -17,4 +22,8 @@ int bootloader_bridge(int klen, uint8_t * keyh);
int is_extension_request(uint8_t * kh, int len); int is_extension_request(uint8_t * kh, int len);
void extension_writeback_init(uint8_t * buffer, uint8_t size);
void extension_writeback(uint8_t * buf, uint8_t size);
#endif /* EXTENSIONS_H_ */ #endif /* EXTENSIONS_H_ */

11
fido2/extensions/solo.c
View File

@ -31,12 +31,15 @@
#include "log.h" #include "log.h"
#include APP_CONFIG #include APP_CONFIG
// output must be at least 71 bytes // output must be at least 71 bytes
int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen) int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
{ {
int8_t ret = 0; int8_t ret = 0;
wallet_request * req = (wallet_request *) keyh; wallet_request * req = (wallet_request *) keyh;
extension_writeback_init(output, 71);
printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen); printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen);
@ -61,6 +64,14 @@ int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
break; break;
#ifdef ENABLE_WALLET
case WalletSign:
case WalletRegister:
case WalletPin:
case WalletReset:
return bridge_to_wallet(keyh, keylen);
#endif
default: default:
printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation); printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);
ret = CTAP1_ERR_INVALID_COMMAND; ret = CTAP1_ERR_INVALID_COMMAND;

48
fido2/extensions/wallet.c
View File

@ -14,8 +14,8 @@
#include "util.h" #include "util.h"
#include "storage.h" #include "storage.h"
#include "device.h" #include "device.h"
#include "extensions.h"
#if defined(USING_PC) || defined(IS_BOOTLOADER)
typedef enum typedef enum
{ {
MBEDTLS_ECP_DP_NONE = 0, MBEDTLS_ECP_DP_NONE = 0,
@ -32,9 +32,7 @@ typedef enum
MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
} mbedtls_ecp_group_id; } mbedtls_ecp_group_id;
#else
#include "ecp.h"
#endif
// return 1 if hash is valid, 0 otherwise // return 1 if hash is valid, 0 otherwise
@ -70,14 +68,14 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return CTAP2_ERR_NOT_ALLOWED; return CTAP2_ERR_NOT_ALLOWED;
} }
u2f_response_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB)); extension_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB));
printf1(TAG_WALLET,"pubkey: "); dump_hex1(TAG_WALLET,KEY_AGREEMENT_PUB,64); printf1(TAG_WALLET,"pubkey: "); dump_hex1(TAG_WALLET,KEY_AGREEMENT_PUB,64);
break; break;
case CP_cmdGetRetries: case CP_cmdGetRetries:
printf1(TAG_WALLET,"cmdGetRetries\n"); printf1(TAG_WALLET,"cmdGetRetries\n");
pinTokenEnc[0] = ctap_leftover_pin_attempts(); pinTokenEnc[0] = ctap_leftover_pin_attempts();
u2f_response_writeback(pinTokenEnc,1); extension_writeback(pinTokenEnc,1);
break; break;
case CP_cmdSetPin: case CP_cmdSetPin:
@ -145,7 +143,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return ret; return ret;
printf1(TAG_WALLET,"pinToken: "); dump_hex1(TAG_WALLET, PIN_TOKEN, 16); printf1(TAG_WALLET,"pinToken: "); dump_hex1(TAG_WALLET, PIN_TOKEN, 16);
u2f_response_writeback(pinTokenEnc, PIN_TOKEN_SIZE); extension_writeback(pinTokenEnc, PIN_TOKEN_SIZE);
break; break;
@ -159,7 +157,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
return 0; return 0;
} }
int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh) int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
{ {
static uint8_t msg_buf[WALLET_MAX_BUFFER]; static uint8_t msg_buf[WALLET_MAX_BUFFER];
int reqlen = klen; int reqlen = klen;
@ -259,7 +257,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
crypto_load_external_key(key, keysize); crypto_load_external_key(key, keysize);
crypto_ecdsa_sign(args[0], lens[0], sig, MBEDTLS_ECP_DP_SECP256K1); crypto_ecdsa_sign(args[0], lens[0], sig, MBEDTLS_ECP_DP_SECP256K1);
u2f_response_writeback(sig,64); extension_writeback(sig,64);
break; break;
case WalletRegister: case WalletRegister:
@ -374,39 +372,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
break; break;
case WalletVersion:
u2f_response_writeback((uint8_t*)WALLET_VERSION, sizeof(WALLET_VERSION)-1);
break;
case WalletRng:
printf1(TAG_WALLET,"WalletRng\n");
if ( ctap_device_locked() )
{
printf1(TAG_ERR,"device locked\n");
ret = CTAP2_ERR_NOT_ALLOWED;
goto cleanup;
}
if ( ctap_is_pin_set() )
{
if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen))
{
printf2(TAG_ERR,"pinAuth is NOT valid\n");
dump_hex1(TAG_ERR,msg_buf,reqlen);
ret = CTAP2_ERR_PIN_AUTH_INVALID;
goto cleanup;
}
}
ret = ctap_generate_rng(sig, 72);
if (ret != 1)
{
printf1(TAG_WALLET,"Rng failed\n");
ret = CTAP2_ERR_PROCESSING;
goto cleanup;
}
ret = 0;
u2f_response_writeback((uint8_t *)sig,72);
break;
default: default:
printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation); printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);

5
fido2/extensions/wallet.h
View File

@ -87,10 +87,7 @@ typedef enum
} WalletOperation; } WalletOperation;
int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh); int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen);
// return 1 if request is a wallet request
int is_extension_request(uint8_t * req, int len);
void wallet_init(); void wallet_init();

1
targets/stm32l432/src/app.h
View File

@ -23,6 +23,7 @@
//#define USING_DEV_BOARD //#define USING_DEV_BOARD
#define ENABLE_U2F_EXTENSIONS #define ENABLE_U2F_EXTENSIONS
#define ENABLE_WALLET
#define ENABLE_U2F #define ENABLE_U2F