From 28b6305b4c0d4cd1c9cefe61a2fc9bc0b40985f8 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 2 Jun 2018 18:30:59 -0400 Subject: [PATCH] ctap/u2f works on nrf52 --- ctap_test.py | 34 ++++++++++++++++++++++++++++++++-- log.c | 1 + log.h | 1 + main.c | 23 ++++++++++++----------- nrf52840/device.c | 5 +++-- nrf52840/usb.c | 2 +- u2f.c | 8 ++++++++ 7 files changed, 58 insertions(+), 16 deletions(-) diff --git a/ctap_test.py b/ctap_test.py index 7f30511..58022e0 100644 --- a/ctap_test.py +++ b/ctap_test.py @@ -3,7 +3,7 @@ from __future__ import print_function, absolute_import, unicode_literals from fido2.hid import CtapHidDevice, CTAPHID -from fido2.client import Fido2Client +from fido2.client import Fido2Client, ClientError from fido2.ctap import CtapError from fido2.ctap1 import CTAP1 from fido2.ctap2 import * @@ -355,6 +355,33 @@ class Tester(): def test_u2f(self,): pass + def test_fido2_simple(self): + creds = [] + exclude_list = [] + rp = {'id': 'examplo.org', 'name': 'ExaRP'} + user = {'id': b'usee_od', 'name': 'AB User'} + challenge = 'Y2hhbGxlbmdl' + PIN = None + + fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring() + fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring() + + exclude_list.append({'id': fake_id1, 'type': 'public-key'}) + exclude_list.append({'id': fake_id2, 'type': 'public-key'}) + + attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = []) + attest.verify(data.hash) + + cred = attest.auth_data.credential_data + creds.append(cred) + + allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}] + assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN) + assertions[0].verify(client_data.hash, creds[0].public_key) + + print('PASS') + + def test_fido2(self): def test(self,pincode=None): creds = [] @@ -414,6 +441,8 @@ class Tester(): assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN + ' ') except CtapError as e: assert(e.code == CtapError.ERR.PIN_INVALID) + except ClientError as e: + assert(e.cause.code == CtapError.ERR.PIN_INVALID) print('PASS') print('get multiple assertions') @@ -474,7 +503,8 @@ if __name__ == '__main__': t = Tester() t.find_device() #t.test_hid() - t.test_fido2() + #t.test_fido2() + t.test_fido2_simple() diff --git a/log.c b/log.c index cf4c485..8e05519 100644 --- a/log.c +++ b/log.c @@ -27,6 +27,7 @@ struct logtag tagtable[] = { {TAG_DUMP,"DUMP"}, {TAG_GREEN,"\x1b[32mDEBUG\x1b[0m"}, {TAG_RED,"\x1b[31mDEBUG\x1b[0m"}, + {TAG_TIME,"\x1b[33mTIME\x1b[0m"}, }; diff --git a/log.h b/log.h index 8435ebf..b2110f7 100644 --- a/log.h +++ b/log.h @@ -21,6 +21,7 @@ typedef enum TAG_DUMP = (1 << 7), TAG_GREEN = (1 << 8), TAG_RED= (1 << 9), + TAG_TIME= (1 << 10), TAG_FILENO = (1<<31) } LOG_TAG; diff --git a/main.c b/main.c index 3144682..8e26788 100644 --- a/main.c +++ b/main.c @@ -19,16 +19,17 @@ int main(int argc, char * argv[]) uint8_t hidmsg[64]; set_logging_mask( - TAG_MC | - TAG_GA | - TAG_CP | - TAG_CTAP | - TAG_U2F| - TAG_PARSE | - TAG_DUMP| - TAG_GREEN| - TAG_RED| - TAG_ERR + /*TAG_MC |*/ + /*TAG_GA |*/ + /*TAG_CP |*/ + TAG_CTAP| + /*TAG_U2F|*/ + /*TAG_PARSE |*/ + TAG_TIME + /*TAG_DUMP|*/ + /*TAG_GREEN|*/ + /*TAG_RED|*/ + /*TAG_ERR*/ ); printf("init device\n"); @@ -55,7 +56,7 @@ int main(int argc, char * argv[]) if (usbhid_recv(hidmsg) > 0) { - printf("%d>> ",count++); dump_hex(hidmsg,sizeof(hidmsg)); + printf1(TAG_DUMP,"%d>> ",count++); dump_hex1(TAG_DUMP, hidmsg,sizeof(hidmsg)); ctaphid_handle_packet(hidmsg); memset(hidmsg, 0, sizeof(hidmsg)); diff --git a/nrf52840/device.c b/nrf52840/device.c index 4d92af4..930a075 100644 --- a/nrf52840/device.c +++ b/nrf52840/device.c @@ -187,7 +187,8 @@ void usbhid_send(uint8_t * msg) static nrf_drv_usbd_transfer_t transfer; transfer.p_data.tx = msg; transfer.size = 64; - + while (nrf_drv_usbd_ep_is_busy(NRF_DRV_USBD_EPIN1)) + ; nrf_drv_usbd_ep_transfer( NRF_DRV_USBD_EPIN1, &transfer); @@ -214,7 +215,7 @@ void heartbeat() void ctaphid_write_block(uint8_t * data) { - printf("<< "); dump_hex(data, 64); + printf1(TAG_DUMP,"<< "); dump_hex1(TAG_DUMP,data, 64); usbhid_send(data); } diff --git a/nrf52840/usb.c b/nrf52840/usb.c index 9dc4a9b..52f2779 100644 --- a/nrf52840/usb.c +++ b/nrf52840/usb.c @@ -933,7 +933,7 @@ static void usbd_event_handler(nrf_drv_usbd_evt_t const * const p_event) } else { - printf("EP other: %d\n", p_event->data.eptransfer.ep); + /*printf("EP other: %d\n", p_event->data.eptransfer.ep);*/ /* Nothing to do */ } break; diff --git a/u2f.c b/u2f.c index fdd7be6..d9807c0 100644 --- a/u2f.c +++ b/u2f.c @@ -3,6 +3,7 @@ #include "ctap.h" #include "crypto.h" #include "log.h" +#include "device.h" // void u2f_response_writeback(uint8_t * buf, uint8_t len); static int16_t u2f_register(struct u2f_register_request * req); @@ -15,6 +16,7 @@ static CTAP_RESPONSE * _u2f_resp = NULL; void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp) { uint16_t rcode; + uint64_t t1,t2; uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16)); uint8_t byte; @@ -37,12 +39,18 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp) } else { + t1 = millis(); rcode = u2f_register((struct u2f_register_request*)req->payload); + t2 = millis(); + printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1); } break; case U2F_AUTHENTICATE: printf1(TAG_U2F, "U2F_AUTHENTICATE\n"); + t1 = millis(); rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1); + t2 = millis(); + printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1); break; case U2F_VERSION: printf1(TAG_U2F, "U2F_VERSION\n");