ctap/u2f works on nrf52

ctap_test.py

@@ -3,7 +3,7 @@
 from __future__ import print_function, absolute_import, unicode_literals
 
 from fido2.hid import CtapHidDevice, CTAPHID
-from fido2.client import Fido2Client
+from fido2.client import Fido2Client, ClientError
 from fido2.ctap import CtapError
 from fido2.ctap1 import CTAP1
 from fido2.ctap2 import *
@@ -355,6 +355,33 @@ class Tester():
     def test_u2f(self,):
         pass
 
+    def test_fido2_simple(self):
+        creds = []
+        exclude_list = []
+        rp = {'id': 'examplo.org', 'name': 'ExaRP'}
+        user = {'id': b'usee_od', 'name': 'AB User'}
+        challenge = 'Y2hhbGxlbmdl'
+        PIN = None
+
+        fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring()
+        fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring()
+
+        exclude_list.append({'id': fake_id1, 'type': 'public-key'})
+        exclude_list.append({'id': fake_id2, 'type': 'public-key'})
+
+        attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
+        attest.verify(data.hash)
+
+        cred = attest.auth_data.credential_data
+        creds.append(cred)
+
+        allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}]
+        assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN)
+        assertions[0].verify(client_data.hash, creds[0].public_key)
+
+        print('PASS')
+
+
     def test_fido2(self):
         def test(self,pincode=None):
             creds = []
@@ -414,6 +441,8 @@ class Tester():
                     assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN + ' ')
                 except CtapError as e:
                     assert(e.code == CtapError.ERR.PIN_INVALID)
+                except ClientError as e:
+                    assert(e.cause.code == CtapError.ERR.PIN_INVALID)
                 print('PASS')
 
             print('get multiple assertions')
@@ -474,7 +503,8 @@ if __name__ == '__main__':
     t = Tester()
     t.find_device()
     #t.test_hid()
-    t.test_fido2()
+    #t.test_fido2()
+    t.test_fido2_simple()
 
 
 

log.c

@@ -27,6 +27,7 @@ struct logtag tagtable[] = {
     {TAG_DUMP,"DUMP"},
     {TAG_GREEN,"\x1b[32mDEBUG\x1b[0m"},
     {TAG_RED,"\x1b[31mDEBUG\x1b[0m"},
+    {TAG_TIME,"\x1b[33mTIME\x1b[0m"},
 };
 
 

log.h

@@ -21,6 +21,7 @@ typedef enum
     TAG_DUMP = (1 << 7),
     TAG_GREEN = (1 << 8),
     TAG_RED= (1 << 9),
+    TAG_TIME= (1 << 10),
 
     TAG_FILENO = (1<<31)
 } LOG_TAG;

main.c

@@ -19,16 +19,17 @@ int main(int argc, char * argv[])
     uint8_t hidmsg[64];
 
     set_logging_mask(
-            TAG_MC |
+            /*TAG_MC |*/
-            TAG_GA |
+            /*TAG_GA |*/
-            TAG_CP |
+            /*TAG_CP |*/
             TAG_CTAP|
-            TAG_U2F|
+            /*TAG_U2F|*/
-            TAG_PARSE |
+            /*TAG_PARSE |*/
-            TAG_DUMP|
+            TAG_TIME
-            TAG_GREEN|
+            /*TAG_DUMP|*/
-            TAG_RED|
+            /*TAG_GREEN|*/
-            TAG_ERR
+            /*TAG_RED|*/
+            /*TAG_ERR*/
             );
 
     printf("init device\n");
@@ -55,7 +56,7 @@ int main(int argc, char * argv[])
 
         if (usbhid_recv(hidmsg) > 0)
         {
-            printf("%d>> ",count++); dump_hex(hidmsg,sizeof(hidmsg));
+            printf1(TAG_DUMP,"%d>> ",count++); dump_hex1(TAG_DUMP, hidmsg,sizeof(hidmsg));
 
             ctaphid_handle_packet(hidmsg);
             memset(hidmsg, 0, sizeof(hidmsg));

nrf52840/device.c

@@ -187,7 +187,8 @@ void usbhid_send(uint8_t * msg)
     static nrf_drv_usbd_transfer_t transfer;
     transfer.p_data.tx = msg;
     transfer.size = 64;
-
+    while (nrf_drv_usbd_ep_is_busy(NRF_DRV_USBD_EPIN1))
+        ;
     nrf_drv_usbd_ep_transfer(
             NRF_DRV_USBD_EPIN1,
             &transfer);
@@ -214,7 +215,7 @@ void heartbeat()
 
 void ctaphid_write_block(uint8_t * data)
 {
-    printf("<< "); dump_hex(data, 64);
+    printf1(TAG_DUMP,"<< "); dump_hex1(TAG_DUMP,data, 64);
     usbhid_send(data);
 }
 

nrf52840/usb.c

@@ -933,7 +933,7 @@ static void usbd_event_handler(nrf_drv_usbd_evt_t const * const p_event)
         }
         else
         {
-            printf("EP other: %d\n", p_event->data.eptransfer.ep);
+            /*printf("EP other: %d\n", p_event->data.eptransfer.ep);*/
             /* Nothing to do */
         }
         break;

u2f.c

@@ -3,6 +3,7 @@
 #include "ctap.h"
 #include "crypto.h"
 #include "log.h"
+#include "device.h"
 
 // void u2f_response_writeback(uint8_t * buf, uint8_t len);
 static int16_t u2f_register(struct u2f_register_request * req);
@@ -15,6 +16,7 @@ static CTAP_RESPONSE * _u2f_resp = NULL;
 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
 {
     uint16_t rcode;
+    uint64_t t1,t2;
     uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
     uint8_t byte;
 
@@ -37,12 +39,18 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
             }
             else
             {
+                t1 = millis();
                 rcode = u2f_register((struct u2f_register_request*)req->payload);
+                t2 = millis();
+                printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);
             }
             break;
         case U2F_AUTHENTICATE:
             printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
+            t1 = millis();
             rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
+            t2 = millis();
+            printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);
             break;
         case U2F_VERSION:
             printf1(TAG_U2F, "U2F_VERSION\n");