ctap/u2f works on nrf52

2018-06-02 18:30:59 -04:00 · 2018-06-02 18:30:59 -04:00 · 28b6305b4c
commit 28b6305b4c
parent a71c9ef30a
7 changed files with 58 additions and 16 deletions
--- a/ctap_test.py
+++ b/ctap_test.py
@ -3,7 +3,7 @@
 from __future__ import print_function, absolute_import, unicode_literals

 from fido2.hid import CtapHidDevice, CTAPHID
-from fido2.client import Fido2Client
+from fido2.client import Fido2Client, ClientError
 from fido2.ctap import CtapError
 from fido2.ctap1 import CTAP1
 from fido2.ctap2 import *
@ -355,6 +355,33 @@ class Tester():
    def test_u2f(self,):
        pass

+    def test_fido2_simple(self):
+        creds = []
+        exclude_list = []
+        rp = {'id': 'examplo.org', 'name': 'ExaRP'}
+        user = {'id': b'usee_od', 'name': 'AB User'}
+        challenge = 'Y2hhbGxlbmdl'
+        PIN = None
+
+        fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring()
+        fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring()
+
+        exclude_list.append({'id': fake_id1, 'type': 'public-key'})
+        exclude_list.append({'id': fake_id2, 'type': 'public-key'})
+
+        attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
+        attest.verify(data.hash)
+
+        cred = attest.auth_data.credential_data
+        creds.append(cred)
+
+        allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}]
+        assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN)
+        assertions[0].verify(client_data.hash, creds[0].public_key)
+
+        print('PASS')
+
+
    def test_fido2(self):
        def test(self,pincode=None):
            creds = []
@ -414,6 +441,8 @@ class Tester():
                    assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN + ' ')
                except CtapError as e:
                    assert(e.code == CtapError.ERR.PIN_INVALID)
+                except ClientError as e:
+                    assert(e.cause.code == CtapError.ERR.PIN_INVALID)
                print('PASS')

            print('get multiple assertions')
@ -474,7 +503,8 @@ if __name__ == '__main__':
    t = Tester()
    t.find_device()
    #t.test_hid()
-    t.test_fido2()
+    #t.test_fido2()
+    t.test_fido2_simple()



--- a/log.c
+++ b/log.c
@ -27,6 +27,7 @@ struct logtag tagtable[] = {
    {TAG_DUMP,"DUMP"},
    {TAG_GREEN,"\x1b[32mDEBUG\x1b[0m"},
    {TAG_RED,"\x1b[31mDEBUG\x1b[0m"},
+    {TAG_TIME,"\x1b[33mTIME\x1b[0m"},
 };


--- a/log.h
+++ b/log.h
@ -21,6 +21,7 @@ typedef enum
    TAG_DUMP = (1 << 7),
    TAG_GREEN = (1 << 8),
    TAG_RED= (1 << 9),
+    TAG_TIME= (1 << 10),

    TAG_FILENO = (1<<31)
 } LOG_TAG;
--- a/main.c
+++ b/main.c
@ -19,16 +19,17 @@ int main(int argc, char * argv[])
    uint8_t hidmsg[64];

    set_logging_mask(
-            TAG_MC |
-            TAG_GA |
-            TAG_CP |
+            /*TAG_MC |*/
+            /*TAG_GA |*/
+            /*TAG_CP |*/
            TAG_CTAP|
-            TAG_U2F|
-            TAG_PARSE |
-            TAG_DUMP|
-            TAG_GREEN|
-            TAG_RED|
-            TAG_ERR
+            /*TAG_U2F|*/
+            /*TAG_PARSE |*/
+            TAG_TIME
+            /*TAG_DUMP|*/
+            /*TAG_GREEN|*/
+            /*TAG_RED|*/
+            /*TAG_ERR*/
            );

    printf("init device\n");
@ -55,7 +56,7 @@ int main(int argc, char * argv[])

        if (usbhid_recv(hidmsg) > 0)
        {
-            printf("%d>> ",count++); dump_hex(hidmsg,sizeof(hidmsg));
+            printf1(TAG_DUMP,"%d>> ",count++); dump_hex1(TAG_DUMP, hidmsg,sizeof(hidmsg));

            ctaphid_handle_packet(hidmsg);
            memset(hidmsg, 0, sizeof(hidmsg));
--- a/nrf52840/device.c
+++ b/nrf52840/device.c
@ -187,7 +187,8 @@ void usbhid_send(uint8_t * msg)
    static nrf_drv_usbd_transfer_t transfer;
    transfer.p_data.tx = msg;
    transfer.size = 64;
-
+    while (nrf_drv_usbd_ep_is_busy(NRF_DRV_USBD_EPIN1))
+        ;
    nrf_drv_usbd_ep_transfer(
            NRF_DRV_USBD_EPIN1,
            &transfer);
@ -214,7 +215,7 @@ void heartbeat()

 void ctaphid_write_block(uint8_t * data)
 {
-    printf("<< "); dump_hex(data, 64);
+    printf1(TAG_DUMP,"<< "); dump_hex1(TAG_DUMP,data, 64);
    usbhid_send(data);
 }

--- a/nrf52840/usb.c
+++ b/nrf52840/usb.c
@ -933,7 +933,7 @@ static void usbd_event_handler(nrf_drv_usbd_evt_t const * const p_event)
        }
        else
        {
-            printf("EP other: %d\n", p_event->data.eptransfer.ep);
+            /*printf("EP other: %d\n", p_event->data.eptransfer.ep);*/
            /* Nothing to do */
        }
        break;
--- a/u2f.c
+++ b/u2f.c
@ -3,6 +3,7 @@
 #include "ctap.h"
 #include "crypto.h"
 #include "log.h"
+#include "device.h"

 // void u2f_response_writeback(uint8_t * buf, uint8_t len);
 static int16_t u2f_register(struct u2f_register_request * req);
@ -15,6 +16,7 @@ static CTAP_RESPONSE * _u2f_resp = NULL;
 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
 {
    uint16_t rcode;
+    uint64_t t1,t2;
    uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
    uint8_t byte;

@ -37,12 +39,18 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
            }
            else
            {
+                t1 = millis();
                rcode = u2f_register((struct u2f_register_request*)req->payload);
+                t2 = millis();
+                printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);
            }
            break;
        case U2F_AUTHENTICATE:
            printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
+            t1 = millis();
            rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
+            t2 = millis();
+            printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);
            break;
        case U2F_VERSION:
            printf1(TAG_U2F, "U2F_VERSION\n");