shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

refactoring

Browse Source
This commit is contained in:
merlokk 2019-01-27 11:44:33 +02:00
parent 1857482617
commit 2049020b92
8 changed files with 65 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
fido2/apdu.h Normal file
View File

@ -0,0 +1,30 @@
#ifndef _APDU_H_
#define _APDU_H_
#include <stdint.h>
typedef struct
{
uint8_t cla;
uint8_t ins;
uint8_t p1;
uint8_t p2;
uint8_t lc;
} __attribute__((packed)) APDU_HEADER;
#define APDU_FIDO_U2F_REGISTER 0x01
#define APDU_FIDO_U2F_AUTHENTICATE 0x02
#define APDU_FIDO_U2F_VERSION 0x03
#define APDU_FIDO_NFCCTAP_MSG 0x10
#define APDU_INS_SELECT 0xA4
#define APDU_INS_READ_BINARY 0xB0
#define SW_SUCCESS 0x9000
#define SW_GET_RESPONSE 0x6100 // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE.
#define SW_WRONG_LENGTH 0x6700
#define SW_COND_USE_NOT_SATISFIED 0x6985
#define SW_FILE_NOT_FOUND 0x6a82
#define SW_INS_INVALID 0x6d00 // Instruction code not supported or invalid
#define SW_INTERNAL_EXCEPTION 0x6f00
#endif //_APDU_H_

2
fido2/ctaphid.c
View File

@ -670,7 +670,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
} }
is_busy = 1; is_busy = 1;
ctap_response_init(&ctap_resp); ctap_response_init(&ctap_resp);
u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp, false); u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp);
ctaphid_write_buffer_init(&wb); ctaphid_write_buffer_init(&wb);
wb.cid = cid; wb.cid = cid;

2
fido2/main.c
View File

@ -50,7 +50,7 @@ int main(int argc, char * argv[])
// TAG_CP | // TAG_CP |
// TAG_CTAP| // TAG_CTAP|
// TAG_HID| // TAG_HID|
/*TAG_U2F|*/ //TAG_U2F|
// TAG_PARSE | // TAG_PARSE |
// TAG_TIME| // TAG_TIME|
// TAG_DUMP| // TAG_DUMP|

25
fido2/u2f.c
View File

@ -26,6 +26,7 @@
#include "log.h" #include "log.h"
#include "device.h" #include "device.h"
#include "wallet.h" #include "wallet.h"
#include "apdu.h"
#include APP_CONFIG #include APP_CONFIG
// void u2f_response_writeback(uint8_t * buf, uint8_t len); // void u2f_response_writeback(uint8_t * buf, uint8_t len);
@ -37,13 +38,13 @@ void u2f_reset_response();
static CTAP_RESPONSE * _u2f_resp = NULL; static CTAP_RESPONSE * _u2f_resp = NULL;
void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNFC) void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp, bool fromNFC)
{ {
uint16_t rcode = 0; uint16_t rcode = 0;
uint64_t t1,t2; uint64_t t1,t2;
uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
uint8_t byte; uint8_t byte;
ctap_response_init(resp);
u2f_set_writeback_buffer(resp); u2f_set_writeback_buffer(resp);
if (req->cla != 0) if (req->cla != 0)
@ -69,7 +70,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNF
else else
{ {
t1 = millis(); t1 = millis();
rcode = u2f_register((struct u2f_register_request*)req->payload, fromNFC); rcode = u2f_register((struct u2f_register_request*)payload, fromNFC);
t2 = millis(); t2 = millis();
printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1); printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);
} }
@ -77,7 +78,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNF
case U2F_AUTHENTICATE: case U2F_AUTHENTICATE:
printf1(TAG_U2F, "U2F_AUTHENTICATE\n"); printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
t1 = millis(); t1 = millis();
rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1); rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1);
t2 = millis(); t2 = millis();
printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1); printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);
break; break;
@ -120,6 +121,22 @@ end:
printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length); printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length);
} }
void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp)
{
if (len < 5 || !req)
return;
uint32_t alen = req[4];
u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp, true);
}
void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
{
uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
u2f_request_ex((APDU_HEADER *)req, &req[7], len, resp, false);
}
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len) int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)
{ {

7
fido2/u2f.h
View File

@ -111,7 +111,12 @@ struct u2f_authenticate_request
// u2f_request send a U2F message to U2F protocol // u2f_request send a U2F message to U2F protocol
// @req U2F message // @req U2F message
void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp, bool fromNFC); void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
// u2f_request send a U2F message to NFC protocol
// @req data with iso7816 apdu message
// @len data length
void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp);
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len); int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);

2
targets/stm32l432/Makefile
View File

@ -8,7 +8,7 @@ all:
$(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DFLASH_ROP=1' $(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DFLASH_ROP=1'
all-hacker: all-hacker:
$(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0' $(MAKE) -f application.mk solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
all-locked: all-locked:
$(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DFLASH_ROP=2' $(MAKE) -f application.mk -j8 solo.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DFLASH_ROP=2'

11
targets/stm32l432/src/nfc.c
View File

@ -336,12 +336,7 @@ void nfc_process_iblock(uint8_t * buf, int len)
} }
t1 = millis(); t1 = millis();
uint8_t u2fbuffer[7 + 64 + 1] = {0}; u2f_request_nfc(&buf[1], len, &ctap_resp);
memcpy(u2fbuffer, &buf[1], 4);
memcpy(&u2fbuffer[6], &buf[5], plen + 1);
ctap_response_init(&ctap_resp);
u2f_request((struct u2f_request_apdu *)u2fbuffer, &ctap_resp, true);
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Register processing %d (took %d)\r\n", millis(), millis() - t1); printf1(TAG_NFC,"U2F Register processing %d (took %d)\r\n", millis(), millis() - t1);
@ -356,10 +351,10 @@ void nfc_process_iblock(uint8_t * buf, int len)
{ {
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", plen, buf[65]); printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", plen, buf[65]);
nfc_write_response(buf[0], SW_WRONG_LENGTH); nfc_write_response(buf[0], SW_WRONG_LENGTH);
return; //return;
} }
nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED); u2f_request_nfc(&buf[1], len, &ctap_resp);
break; break;
case APDU_FIDO_NFCCTAP_MSG: case APDU_FIDO_NFCCTAP_MSG:

25
targets/stm32l432/src/nfc.h
View File

@ -2,6 +2,7 @@
#define _NFC_H_ #define _NFC_H_
#include <stdint.h> #include <stdint.h>
#include "apdu.h"
void nfc_loop(); void nfc_loop();
void nfc_init(); void nfc_init();
@ -18,15 +19,6 @@ typedef struct
uint8_t tlv[8]; uint8_t tlv[8];
} __attribute__((packed)) CAPABILITY_CONTAINER; } __attribute__((packed)) CAPABILITY_CONTAINER;
typedef struct
{
uint8_t cla;
uint8_t ins;
uint8_t p1;
uint8_t p2;
uint8_t lc;
} __attribute__((packed)) APDU_HEADER;
#define NFC_CMD_REQA 0x26 #define NFC_CMD_REQA 0x26
#define NFC_CMD_WUPA 0x52 #define NFC_CMD_WUPA 0x52
#define NFC_CMD_HLTA 0x50 #define NFC_CMD_HLTA 0x50
@ -45,13 +37,6 @@ typedef struct
#define NFC_SBLOCK_DESELECT 0x32 #define NFC_SBLOCK_DESELECT 0x32
#define NFC_SBLOCK_WTX 0xf2 #define NFC_SBLOCK_WTX 0xf2
#define APDU_FIDO_U2F_REGISTER 0x01
#define APDU_FIDO_U2F_AUTHENTICATE 0x02
#define APDU_FIDO_U2F_VERSION 0x03
#define APDU_FIDO_NFCCTAP_MSG 0x10
#define APDU_INS_SELECT 0xA4
#define APDU_INS_READ_BINARY 0xB0
#define AID_NDEF_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x01" #define AID_NDEF_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x01"
#define AID_NDEF_MIFARE_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x00" #define AID_NDEF_MIFARE_TYPE_4 "\xD2\x76\x00\x00\x85\x01\x00"
#define AID_CAPABILITY_CONTAINER "\xE1\x03" #define AID_CAPABILITY_CONTAINER "\xE1\x03"
@ -67,12 +52,4 @@ typedef enum
APP_FIDO, APP_FIDO,
} APPLETS; } APPLETS;
#define SW_SUCCESS 0x9000
#define SW_GET_RESPONSE 0x6100 // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE.
#define SW_WRONG_LENGTH 0x6700
#define SW_COND_USE_NOT_SATISFIED 0x6985
#define SW_FILE_NOT_FOUND 0x6a82
#define SW_INS_INVALID 0x6d00 // Instruction code not supported or invalid
#define SW_INTERNAL_EXCEPTION 0x6f00
#endif #endif