diff --git a/fido2/ctap.c b/fido2/ctap.c index 02d1d5c..553b20e 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -310,7 +310,7 @@ static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2) } -static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, unsigned int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store, bool fromNFC) +static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, unsigned int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store) { CborEncoder cose_key; int auth_data_sz, ret; @@ -338,7 +338,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au device_set_status(CTAPHID_STATUS_UPNEEDED); // if NFC - not need to click a button int but = 1; - if(!fromNFC) + if(!device_is_nfc()) { but = ctap_user_presence_test(); } @@ -552,7 +552,7 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d -uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC) +uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length) { CTAP_makeCredential MC; int ret; @@ -623,7 +623,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt int32_t auth_data_sz; ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, sizeof(auth_data_buf), - &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk, fromNFC); + &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk); check_retr(ret); @@ -963,7 +963,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder) return 0; } -uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC) +uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) { CTAP_getAssertion GA; uint8_t auth_data_buf[sizeof(CTAP_authDataHeader)]; @@ -1027,7 +1027,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length, else #endif { - ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0, fromNFC); + ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0); check_retr(ret); } @@ -1394,7 +1394,7 @@ void ctap_response_init(CTAP_RESPONSE * resp) } -uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC) +uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) { CborEncoder encoder; uint8_t status = 0; @@ -1432,7 +1432,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool f device_set_status(CTAPHID_STATUS_PROCESSING); printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n"); timestamp(); - status = ctap_make_credential(&encoder, pkt_raw, length, fromNFC); + status = ctap_make_credential(&encoder, pkt_raw, length); printf1(TAG_TIME,"make_credential time: %d ms\n", timestamp()); resp->length = cbor_encoder_get_buffer_size(&encoder, buf); @@ -1443,7 +1443,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool f device_set_status(CTAPHID_STATUS_PROCESSING); printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n"); timestamp(); - status = ctap_get_assertion(&encoder, pkt_raw, length, fromNFC); + status = ctap_get_assertion(&encoder, pkt_raw, length); printf1(TAG_TIME,"get_assertion time: %d ms\n", timestamp()); resp->length = cbor_encoder_get_buffer_size(&encoder, buf); diff --git a/fido2/ctap.h b/fido2/ctap.h index 1996468..a6db27d 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -260,7 +260,7 @@ typedef struct void ctap_response_init(CTAP_RESPONSE * resp); -uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC); +uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp); // Encodes R,S signature to 2 der sequence of two integers. Sigder must be at least 72 bytes. // @return length of der signature diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index d6d3a54..5ddc260 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -621,7 +621,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) } is_busy = 1; ctap_response_init(&ctap_resp); - status = ctap_request(ctap_buffer, len, &ctap_resp, 0); + status = ctap_request(ctap_buffer, len, &ctap_resp); ctaphid_write_buffer_init(&wb); wb.cid = cid; diff --git a/fido2/device.h b/fido2/device.h index a9ee118..109d25a 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -99,4 +99,9 @@ typedef enum { // 2: fastest clock rate. Generally for USB interface. void device_set_clock_rate(DEVICE_CLOCK_RATE param); +// Returns 1 if operating in NFC mode. +// 0 otherwise. +bool device_is_nfc(); + + #endif diff --git a/fido2/u2f.c b/fido2/u2f.c index 9731572..9b2d766 100644 --- a/fido2/u2f.c +++ b/fido2/u2f.c @@ -19,8 +19,8 @@ // void u2f_response_writeback(uint8_t * buf, uint8_t len); #ifdef ENABLE_U2F -static int16_t u2f_register(struct u2f_register_request * req, bool fromNFC); -static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control, bool fromNFC); +static int16_t u2f_register(struct u2f_register_request * req); +static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control); #endif int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len); void u2f_reset_response(); @@ -28,7 +28,7 @@ void u2f_reset_response(); static CTAP_RESPONSE * _u2f_resp = NULL; -void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp, bool fromNFC) +void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp) { uint16_t rcode = 0; uint8_t byte; @@ -60,7 +60,7 @@ void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPO { timestamp(); - rcode = u2f_register((struct u2f_register_request*)payload, fromNFC); + rcode = u2f_register((struct u2f_register_request*)payload); printf1(TAG_TIME,"u2f_register time: %d ms\n", timestamp()); } @@ -68,7 +68,7 @@ void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPO case U2F_AUTHENTICATE: printf1(TAG_U2F, "U2F_AUTHENTICATE\n"); timestamp(); - rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1, fromNFC); + rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1); printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", timestamp()); break; case U2F_VERSION: @@ -117,14 +117,14 @@ void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp) uint32_t alen = req[4]; - u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp, true); + u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp); } void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp) { uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16)); - u2f_request_ex((APDU_HEADER *)req, req->payload, len, resp, false); + u2f_request_ex((APDU_HEADER *)req, req->payload, len, resp); } int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len) @@ -203,7 +203,7 @@ static int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid) -static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control, bool fromNFC) +static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control) { uint8_t up = 1; @@ -237,7 +237,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c if (control == U2F_AUTHENTICATE_SIGN_NO_USER) up = 0; - if(!fromNFC && up) + if(!device_is_nfc() && up) { if (ctap_user_presence_test() == 0) { @@ -273,7 +273,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c return U2F_SW_NO_ERROR; } -static int16_t u2f_register(struct u2f_register_request * req, bool fromNFC) +static int16_t u2f_register(struct u2f_register_request * req) { uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED}; @@ -285,7 +285,7 @@ static int16_t u2f_register(struct u2f_register_request * req, bool fromNFC) const uint16_t attest_size = attestation_cert_der_size; - if(!fromNFC) + if(!device_is_nfc()) { if ( ! ctap_user_presence_test()) { diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index c389b65..7562c75 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -40,8 +40,8 @@ uint32_t __90_ms = 0; uint32_t __device_status = 0; uint32_t __last_update = 0; extern PCD_HandleTypeDef hpcd; -bool haveNFC = false; -bool isLowFreq = 0; +static bool haveNFC = 0; +static bool isLowFreq = 0; #define IS_BUTTON_PRESSED() (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN)) @@ -136,6 +136,11 @@ void device_init() } +bool device_is_nfc() +{ + return haveNFC; +} + void wait_for_usb_tether() { while (USBD_OK != CDC_Transmit_FS((uint8_t*)"tethered\r\n", 10) ) diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index cf526df..85da81a 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -157,7 +157,7 @@ bool nfc_write_response(uint8_t req0, uint16_t resp) return nfc_write_response_ex(req0, NULL, 0, resp); } -void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, int keepgoing) +void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len) { uint8_t res[32 + 2]; int sendlen = 0; @@ -178,7 +178,7 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len, int keep memcpy(&res[1], &data[sendlen], vlen); // if not a last block - if ((vlen + sendlen < len) || keepgoing) + if (vlen + sendlen < len) { res[0] |= 0x10; } @@ -488,7 +488,7 @@ void nfc_process_iblock(uint8_t * buf, int len) // return; printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, 0 ); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); // printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); @@ -522,7 +522,7 @@ void nfc_process_iblock(uint8_t * buf, int len) printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length); printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, 0); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp); break; @@ -537,7 +537,7 @@ void nfc_process_iblock(uint8_t * buf, int len) WTX_on(WTX_TIME_DEFAULT); ctap_response_init(&ctap_resp); - status = ctap_request(payload, plen, &ctap_resp, true); + status = ctap_request(payload, plen, &ctap_resp); if (!WTX_off()) return; @@ -555,7 +555,7 @@ void nfc_process_iblock(uint8_t * buf, int len) ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff; printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp()); - nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, 0); + nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length); printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp()); break;