From 375db69e3a2e6d836e4ccce118ecd95a2b70d875 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 6 Feb 2019 19:06:49 +0200 Subject: [PATCH] fido2 works --- fido2/ctap.c | 25 +++++++++++++++---------- fido2/ctap.h | 2 +- targets/stm32l432/src/nfc.c | 4 ++-- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index 6b644f3..b84f9b7 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -324,7 +324,7 @@ static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2) } -static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store) +static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store, bool fromNFC) { CborEncoder cose_key; int auth_data_sz, ret; @@ -350,8 +350,13 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au count = auth_data_update_count(&authData->head); device_set_status(CTAPHID_STATUS_UPNEEDED); - int but = ctap_user_presence_test(); - + // if NFC - not need to click a button + int but = 1; + if(!fromNFC) + { + but = ctap_user_presence_test(); + } + if (!but) { return CTAP2_ERR_OPERATION_DENIED; @@ -551,7 +556,7 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d -uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length) +uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC) { CTAP_makeCredential MC; int ret, i; @@ -621,7 +626,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt int32_t auth_data_sz; ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, sizeof(auth_data_buf), - &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk); + &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk, fromNFC); check_retr(ret); @@ -940,7 +945,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder) return 0; } -uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) +uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length, bool fromNFC) { CTAP_getAssertion GA; uint8_t auth_data_buf[sizeof(CTAP_authDataHeader)]; @@ -992,7 +997,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) ret = cbor_encoder_create_map(encoder, &map, map_size); check_ret(ret); - ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0); + ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0, fromNFC); check_retr(ret); /*for (int j = 0; j < GA.credLen; j++)*/ @@ -1358,7 +1363,7 @@ void ctap_response_init(CTAP_RESPONSE * resp) } -uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) +uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC) { CborEncoder encoder; uint8_t status = 0; @@ -1398,7 +1403,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) device_set_status(CTAPHID_STATUS_PROCESSING); printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n"); t1 = millis(); - status = ctap_make_credential(&encoder, pkt_raw, length); + status = ctap_make_credential(&encoder, pkt_raw, length, fromNFC); t2 = millis(); printf1(TAG_TIME,"make_credential time: %d ms\n", t2-t1); @@ -1410,7 +1415,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) device_set_status(CTAPHID_STATUS_PROCESSING); printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n"); t1 = millis(); - status = ctap_get_assertion(&encoder, pkt_raw, length); + status = ctap_get_assertion(&encoder, pkt_raw, length, fromNFC); t2 = millis(); printf1(TAG_TIME,"get_assertion time: %d ms\n", t2-t1); diff --git a/fido2/ctap.h b/fido2/ctap.h index 7448b44..2df795b 100644 --- a/fido2/ctap.h +++ b/fido2/ctap.h @@ -275,7 +275,7 @@ typedef struct void ctap_response_init(CTAP_RESPONSE * resp); -uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp); +uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp, bool fromNFC); // Encodes R,S signature to 2 der sequence of two integers. Sigder must be at least 72 bytes. // @return length of der signature diff --git a/targets/stm32l432/src/nfc.c b/targets/stm32l432/src/nfc.c index 9369487..892a853 100644 --- a/targets/stm32l432/src/nfc.c +++ b/targets/stm32l432/src/nfc.c @@ -513,12 +513,12 @@ printf1(TAG_NFC, "WRX-off err\n"); WTX_on(WTX_TIME_DEFAULT); ctap_response_init(&ctap_resp); - status = ctap_request(payload, plen, &ctap_resp); + status = ctap_request(payload, plen, &ctap_resp, true); if (!WTX_off()){ printf1(TAG_NFC, "WTX-off err\n"); return; } - printf1(TAG_NFC, "CTAP resp: %d len: %d\r\n", status, ctap_resp.length); + printf1(TAG_NFC, "CTAP resp: 0x%02õ len: %d\r\n", status, ctap_resp.length); if (status == CTAP1_ERR_SUCCESS) {