From 2049020b927b2770a4624cd1372d778a04ebb34e Mon Sep 17 00:00:00 2001 From: merlokk Date: Sun, 27 Jan 2019 11:44:33 +0200 Subject: [PATCH] refactoring --- fido2/apdu.h | 30 ++++++++++++++++++++++++++++++ fido2/ctaphid.c | 2 +- fido2/main.c | 2 +- fido2/u2f.c | 25 +++++++++++++++++++++---- fido2/u2f.h | 9 +++++++-- targets/stm32l432/Makefile | 2 +- targets/stm32l432/src/nfc.c | 11 +++-------- targets/stm32l432/src/nfc.h | 25 +------------------------ 8 files changed, 65 insertions(+), 41 deletions(-) create mode 100644 fido2/apdu.h diff --git a/fido2/apdu.h b/fido2/apdu.h new file mode 100644 index 0000000..d9687c7 --- /dev/null +++ b/fido2/apdu.h @@ -0,0 +1,30 @@ +#ifndef _APDU_H_ +#define _APDU_H_ + +#include + +typedef struct +{ + uint8_t cla; + uint8_t ins; + uint8_t p1; + uint8_t p2; + uint8_t lc; +} __attribute__((packed)) APDU_HEADER; + +#define APDU_FIDO_U2F_REGISTER 0x01 +#define APDU_FIDO_U2F_AUTHENTICATE 0x02 +#define APDU_FIDO_U2F_VERSION 0x03 +#define APDU_FIDO_NFCCTAP_MSG 0x10 +#define APDU_INS_SELECT 0xA4 +#define APDU_INS_READ_BINARY 0xB0 + +#define SW_SUCCESS 0x9000 +#define SW_GET_RESPONSE 0x6100 // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE. +#define SW_WRONG_LENGTH 0x6700 +#define SW_COND_USE_NOT_SATISFIED 0x6985 +#define SW_FILE_NOT_FOUND 0x6a82 +#define SW_INS_INVALID 0x6d00 // Instruction code not supported or invalid +#define SW_INTERNAL_EXCEPTION 0x6f00 + +#endif //_APDU_H_ diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index f46b1be..3e6d5f1 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -670,7 +670,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) } is_busy = 1; ctap_response_init(&ctap_resp); - u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp, false); + u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp); ctaphid_write_buffer_init(&wb); wb.cid = cid; diff --git a/fido2/main.c b/fido2/main.c index 51e15ec..35c4c6f 100644 --- a/fido2/main.c +++ b/fido2/main.c @@ -50,7 +50,7 @@ int main(int argc, char * argv[]) // TAG_CP | // TAG_CTAP| // TAG_HID| - /*TAG_U2F|*/ + //TAG_U2F| // TAG_PARSE | // TAG_TIME| // TAG_DUMP| diff --git a/fido2/u2f.c b/fido2/u2f.c index 99c9abb..eb24ae5 100644 --- a/fido2/u2f.c +++ b/fido2/u2f.c @@ -26,6 +26,7 @@ #include "log.h" #include "device.h" #include "wallet.h" +#include "apdu.h" #include APP_CONFIG // void u2f_response_writeback(uint8_t * buf, uint8_t len); @@ -37,13 +38,13 @@ void u2f_reset_response(); static CTAP_RESPONSE * _u2f_resp = NULL; -void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNFC) +void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp, bool fromNFC) { uint16_t rcode = 0; uint64_t t1,t2; - uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16)); uint8_t byte; + ctap_response_init(resp); u2f_set_writeback_buffer(resp); if (req->cla != 0) @@ -69,7 +70,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNF else { t1 = millis(); - rcode = u2f_register((struct u2f_register_request*)req->payload, fromNFC); + rcode = u2f_register((struct u2f_register_request*)payload, fromNFC); t2 = millis(); printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1); } @@ -77,7 +78,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNF case U2F_AUTHENTICATE: printf1(TAG_U2F, "U2F_AUTHENTICATE\n"); t1 = millis(); - rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1); + rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1); t2 = millis(); printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1); break; @@ -120,6 +121,22 @@ end: printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length); } +void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp) +{ + if (len < 5 || !req) + return; + + uint32_t alen = req[4]; + + u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp, true); +} + +void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp) +{ + uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16)); + + u2f_request_ex((APDU_HEADER *)req, &req[7], len, resp, false); +} int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len) { diff --git a/fido2/u2f.h b/fido2/u2f.h index 76c0ad0..3f4f689 100644 --- a/fido2/u2f.h +++ b/fido2/u2f.h @@ -110,8 +110,13 @@ struct u2f_authenticate_request }; // u2f_request send a U2F message to U2F protocol -// @req U2F message -void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNFC); +// @req U2F message +void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp); + +// u2f_request send a U2F message to NFC protocol +// @req data with iso7816 apdu message +// @len data length +void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp); int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len); diff --git a/targets/stm32l432/Makefile b/targets/stm32l432/Makefile index 017998f..9df352c 100644 --- a/targets/stm32l432/Makefile +++ b/targets/stm32l432/Makefile @@ -8,7 +8,7 @@ all: $(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DFLASH_ROP=1' all-hacker: - $(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0' + $(MAKE) -f application.mk solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0' all-locked: $(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DFLASH_ROP=2' diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 5139218..1e2bfbf 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -336,12 +336,7 @@ void nfc_process_iblock(uint8_t * buf, int len) } t1 = millis(); - uint8_t u2fbuffer[7 + 64 + 1] = {0}; - memcpy(u2fbuffer, &buf[1], 4); - memcpy(&u2fbuffer[6], &buf[5], plen + 1); - - ctap_response_init(&ctap_resp); - u2f_request((struct u2f_request_apdu *)u2fbuffer, &ctap_resp, true); + u2f_request_nfc(&buf[1], len, &ctap_resp); printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); printf1(TAG_NFC,"U2F Register processing %d (took %d)\r\n", millis(), millis() - t1); @@ -356,10 +351,10 @@ void nfc_process_iblock(uint8_t * buf, int len) { printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", plen, buf[65]); nfc_write_response(buf[0], SW_WRONG_LENGTH); - return; + //return; } - nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED); + u2f_request_nfc(&buf[1], len, &ctap_resp); break; case APDU_FIDO_NFCCTAP_MSG: diff --git a/targets/stm32l432/src/nfc.h b/targets/stm32l432/src/nfc.h index 195804f..0079ea4 100644 --- a/targets/stm32l432/src/nfc.h +++ b/targets/stm32l432/src/nfc.h @@ -2,6 +2,7 @@ #define _NFC_H_ #include +#include "apdu.h" void nfc_loop(); void nfc_init(); @@ -18,15 +19,6 @@ typedef struct uint8_t tlv[8]; } __attribute__((packed)) CAPABILITY_CONTAINER; -typedef struct -{ - uint8_t cla; - uint8_t ins; - uint8_t p1; - uint8_t p2; - uint8_t lc; -} __attribute__((packed)) APDU_HEADER; - #define NFC_CMD_REQA 0x26 #define NFC_CMD_WUPA 0x52 #define NFC_CMD_HLTA 0x50 @@ -45,13 +37,6 @@ typedef struct #define NFC_SBLOCK_DESELECT 0x32 #define NFC_SBLOCK_WTX 0xf2 -#define APDU_FIDO_U2F_REGISTER 0x01 -#define APDU_FIDO_U2F_AUTHENTICATE 0x02 -#define APDU_FIDO_U2F_VERSION 0x03 -#define APDU_FIDO_NFCCTAP_MSG 0x10 -#define APDU_INS_SELECT 0xA4 -#define APDU_INS_READ_BINARY 0xB0 - #define AID_NDEF_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x01" #define AID_NDEF_MIFARE_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x00" #define AID_CAPABILITY_CONTAINER "\xE1\x03" @@ -67,12 +52,4 @@ typedef enum APP_FIDO, } APPLETS; -#define SW_SUCCESS 0x9000 -#define SW_GET_RESPONSE 0x6100 // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE. -#define SW_WRONG_LENGTH 0x6700 -#define SW_COND_USE_NOT_SATISFIED 0x6985 -#define SW_FILE_NOT_FOUND 0x6a82 -#define SW_INS_INVALID 0x6d00 // Instruction code not supported or invalid -#define SW_INTERNAL_EXCEPTION 0x6f00 - #endif