add wallet api in as compile option
This commit is contained in:
Conor Patrick
parent
ce96fffddd
commit
1fab0b8f1f
@ -9,7 +9,7 @@
|
||||
|
||||
#include "storage.h"
|
||||
|
||||
void device_init();
|
||||
void device_init(int argc, char *argv[]);
|
||||
|
||||
uint32_t millis();
|
||||
|
||||
|
||||
@ -35,6 +35,28 @@ int extension_needs_atomic_count(uint8_t klen, uint8_t * keyh)
|
||||
|| ((wallet_request *) keyh)->operation == WalletSign;
|
||||
}
|
||||
|
||||
static uint8_t * output_buffer_ptr;
|
||||
uint8_t output_buffer_offset;
|
||||
uint8_t output_buffer_size;
|
||||
|
||||
void extension_writeback_init(uint8_t * buffer, uint8_t size)
|
||||
{
|
||||
output_buffer_ptr = buffer;
|
||||
output_buffer_offset = 0;
|
||||
output_buffer_size = size;
|
||||
}
|
||||
|
||||
void extension_writeback(uint8_t * buf, uint8_t size)
|
||||
{
|
||||
if ((output_buffer_offset + size) > output_buffer_size)
|
||||
{
|
||||
return;
|
||||
}
|
||||
memmove(output_buffer_ptr + output_buffer_offset, buf, size);
|
||||
output_buffer_offset += size;
|
||||
}
|
||||
|
||||
|
||||
int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
|
||||
{
|
||||
int8_t ret = 0;
|
||||
@ -55,8 +77,6 @@ int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen
|
||||
u2f_response_writeback((uint8_t *)&ret,1);
|
||||
#ifdef IS_BOOTLOADER
|
||||
ret = bootloader_bridge(klen, keyh);
|
||||
#elif defined(WALLET_EXTENSION)
|
||||
ret = bridge_u2f_to_wallet(_chal, _appid, klen, keyh);
|
||||
#else
|
||||
ret = bridge_u2f_to_solo(sig, keyh, klen);
|
||||
u2f_response_writeback(sig,72);
|
||||
@ -82,6 +102,7 @@ int16_t extend_fido2(CredentialId * credid, uint8_t * output)
|
||||
{
|
||||
if (is_extension_request((uint8_t*)credid, sizeof(CredentialId)))
|
||||
{
|
||||
printf1(TAG_EXT,"IS EXT REQ\r\n");
|
||||
output[0] = bridge_u2f_to_solo(output+1, (uint8_t*)credid, sizeof(CredentialId));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -9,6 +9,11 @@
|
||||
#include "u2f.h"
|
||||
#include "apdu.h"
|
||||
|
||||
int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
|
||||
|
||||
// return 1 if request is a wallet request
|
||||
int is_extension_request(uint8_t * req, int len);
|
||||
|
||||
int16_t extend_u2f(APDU_HEADER * req, uint8_t * payload, uint32_t len);
|
||||
|
||||
int16_t extend_fido2(CredentialId * credid, uint8_t * output);
|
||||
@ -17,4 +22,8 @@ int bootloader_bridge(int klen, uint8_t * keyh);
|
||||
|
||||
int is_extension_request(uint8_t * kh, int len);
|
||||
|
||||
|
||||
void extension_writeback_init(uint8_t * buffer, uint8_t size);
|
||||
void extension_writeback(uint8_t * buf, uint8_t size);
|
||||
|
||||
#endif /* EXTENSIONS_H_ */
|
||||
|
||||
@ -31,12 +31,15 @@
|
||||
#include "log.h"
|
||||
#include APP_CONFIG
|
||||
|
||||
|
||||
|
||||
// output must be at least 71 bytes
|
||||
int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
|
||||
{
|
||||
int8_t ret = 0;
|
||||
|
||||
wallet_request * req = (wallet_request *) keyh;
|
||||
extension_writeback_init(output, 71);
|
||||
|
||||
printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen);
|
||||
|
||||
@ -61,6 +64,14 @@ int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
|
||||
|
||||
break;
|
||||
|
||||
#ifdef ENABLE_WALLET
|
||||
case WalletSign:
|
||||
case WalletRegister:
|
||||
case WalletPin:
|
||||
case WalletReset:
|
||||
return bridge_to_wallet(keyh, keylen);
|
||||
#endif
|
||||
|
||||
default:
|
||||
printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);
|
||||
ret = CTAP1_ERR_INVALID_COMMAND;
|
||||
|
||||
@ -14,8 +14,8 @@
|
||||
#include "util.h"
|
||||
#include "storage.h"
|
||||
#include "device.h"
|
||||
#include "extensions.h"
|
||||
|
||||
#if defined(USING_PC) || defined(IS_BOOTLOADER)
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECP_DP_NONE = 0,
|
||||
@ -32,9 +32,7 @@ typedef enum
|
||||
MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
|
||||
MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
|
||||
} mbedtls_ecp_group_id;
|
||||
#else
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
// return 1 if hash is valid, 0 otherwise
|
||||
@ -70,14 +68,14 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
|
||||
return CTAP2_ERR_NOT_ALLOWED;
|
||||
}
|
||||
|
||||
u2f_response_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB));
|
||||
extension_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB));
|
||||
printf1(TAG_WALLET,"pubkey: "); dump_hex1(TAG_WALLET,KEY_AGREEMENT_PUB,64);
|
||||
|
||||
break;
|
||||
case CP_cmdGetRetries:
|
||||
printf1(TAG_WALLET,"cmdGetRetries\n");
|
||||
pinTokenEnc[0] = ctap_leftover_pin_attempts();
|
||||
u2f_response_writeback(pinTokenEnc,1);
|
||||
extension_writeback(pinTokenEnc,1);
|
||||
|
||||
break;
|
||||
case CP_cmdSetPin:
|
||||
@ -145,7 +143,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
|
||||
return ret;
|
||||
|
||||
printf1(TAG_WALLET,"pinToken: "); dump_hex1(TAG_WALLET, PIN_TOKEN, 16);
|
||||
u2f_response_writeback(pinTokenEnc, PIN_TOKEN_SIZE);
|
||||
extension_writeback(pinTokenEnc, PIN_TOKEN_SIZE);
|
||||
|
||||
break;
|
||||
|
||||
@ -159,7 +157,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
|
||||
return 0;
|
||||
}
|
||||
|
||||
int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
|
||||
int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
|
||||
{
|
||||
static uint8_t msg_buf[WALLET_MAX_BUFFER];
|
||||
int reqlen = klen;
|
||||
@ -259,7 +257,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
|
||||
crypto_load_external_key(key, keysize);
|
||||
crypto_ecdsa_sign(args[0], lens[0], sig, MBEDTLS_ECP_DP_SECP256K1);
|
||||
|
||||
u2f_response_writeback(sig,64);
|
||||
extension_writeback(sig,64);
|
||||
|
||||
break;
|
||||
case WalletRegister:
|
||||
@ -374,39 +372,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
|
||||
|
||||
|
||||
break;
|
||||
case WalletVersion:
|
||||
u2f_response_writeback((uint8_t*)WALLET_VERSION, sizeof(WALLET_VERSION)-1);
|
||||
break;
|
||||
case WalletRng:
|
||||
printf1(TAG_WALLET,"WalletRng\n");
|
||||
if ( ctap_device_locked() )
|
||||
{
|
||||
printf1(TAG_ERR,"device locked\n");
|
||||
ret = CTAP2_ERR_NOT_ALLOWED;
|
||||
goto cleanup;
|
||||
}
|
||||
if ( ctap_is_pin_set() )
|
||||
{
|
||||
if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen))
|
||||
{
|
||||
printf2(TAG_ERR,"pinAuth is NOT valid\n");
|
||||
dump_hex1(TAG_ERR,msg_buf,reqlen);
|
||||
ret = CTAP2_ERR_PIN_AUTH_INVALID;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
ret = ctap_generate_rng(sig, 72);
|
||||
if (ret != 1)
|
||||
{
|
||||
printf1(TAG_WALLET,"Rng failed\n");
|
||||
ret = CTAP2_ERR_PROCESSING;
|
||||
goto cleanup;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
u2f_response_writeback((uint8_t *)sig,72);
|
||||
break;
|
||||
|
||||
default:
|
||||
printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);
|
||||
|
||||
@ -87,10 +87,7 @@ typedef enum
|
||||
} WalletOperation;
|
||||
|
||||
|
||||
int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
|
||||
|
||||
// return 1 if request is a wallet request
|
||||
int is_extension_request(uint8_t * req, int len);
|
||||
int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen);
|
||||
|
||||
void wallet_init();
|
||||
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
//#define USING_DEV_BOARD
|
||||
|
||||
#define ENABLE_U2F_EXTENSIONS
|
||||
#define ENABLE_WALLET
|
||||
|
||||
#define ENABLE_U2F
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user