diff --git a/ctap.c b/ctap.c index 3f980c1..a0ebaea 100644 --- a/ctap.c +++ b/ctap.c @@ -1,4 +1,3 @@ -#include #include #include #include @@ -217,6 +216,7 @@ static int ctap_add_cose_key(CborEncoder * cose_key, uint8_t * x, uint8_t * y, u ret = cbor_encoder_close_container(cose_key, &map); check_ret(ret); + return 0; } static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input, int len, uint8_t credtype, int32_t algtype) { @@ -237,6 +237,7 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input, return -1; } ctap_add_cose_key(cose_key, x, y, credtype, algtype); + return 0; } void make_auth_tag(struct rpId * rp, CTAP_userEntity * user, uint32_t count, uint8_t * tag) @@ -245,7 +246,7 @@ void make_auth_tag(struct rpId * rp, CTAP_userEntity * user, uint32_t count, uin crypto_sha256_hmac_init(NULL, 0, hashbuf); crypto_sha256_update(rp->id, rp->size); crypto_sha256_update(user->id, user->id_size); - crypto_sha256_update(user->name, strnlen(user->name, USER_NAME_LIMIT)); + crypto_sha256_update(user->name, strnlen((const char*)user->name, USER_NAME_LIMIT)); crypto_sha256_update((uint8_t*)&count, 4); crypto_sha256_hmac_final(NULL,0,hashbuf); @@ -259,7 +260,16 @@ static uint32_t auth_data_update_count(CTAP_authDataHeader * authData) { count = ctap_atomic_count( 0 ); } - authData->signCount = ntohl(count); + uint8_t * byte = (uint8_t*) &authData->signCount; + + *byte++ = count & 0xff; + count = count >> 8; + *byte++ = count & 0xff; + count = count >> 8; + *byte++ = count & 0xff; + count = count >> 8; + *byte++ = count & 0xff; + return count; } @@ -430,6 +440,7 @@ uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len) ret = cbor_encoder_close_container(map, &stmtmap); check_ret(ret); + return 0; } // Return 1 if credential belongs to this token @@ -455,7 +466,6 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt int ret, i; uint8_t auth_data_buf[300]; CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf; - uint8_t * hashbuf = auth_data_buf + 0; uint8_t * sigbuf = auth_data_buf + 32; uint8_t * sigder = auth_data_buf + 32 + 64; @@ -530,18 +540,18 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt return CTAP1_ERR_SUCCESS; } -static int pick_first_authentic_credential(CTAP_getAssertion * GA) -{ - int i; - for (i = 0; i < GA->credLen; i++) - { - if (GA->creds[i].credential.enc.count != 0) - { - return i; - } - } - return -1; -} +/*static int pick_first_authentic_credential(CTAP_getAssertion * GA)*/ +/*{*/ + /*int i;*/ + /*for (i = 0; i < GA->credLen; i++)*/ + /*{*/ + /*if (GA->creds[i].credential.enc.count != 0)*/ + /*{*/ + /*return i;*/ + /*}*/ + /*}*/ + /*return -1;*/ +/*}*/ static uint8_t ctap_add_credential_descriptor(CborEncoder * map, CTAP_credentialDescriptor * cred) { @@ -595,7 +605,7 @@ uint8_t ctap_add_user_entity(CborEncoder * map, CTAP_userEntity * user) ret = cbor_encode_text_string(&entity, "displayName", 11); check_ret(ret); - ret = cbor_encode_text_stringz(&entity, user->name); + ret = cbor_encode_text_stringz(&entity, (const char *)user->name); check_ret(ret); } @@ -824,6 +834,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length) ret = cbor_encoder_close_container(encoder, &map); check_ret(ret); + return 0; } uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platform_pubkey, uint8_t * pinAuth, uint8_t * pinHashEnc) @@ -870,7 +881,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor printf("new pin: %s\n", pinEnc); - ret = strnlen(pinEnc, NEW_PIN_ENC_MAX_SIZE); + ret = strnlen((const char *)pinEnc, NEW_PIN_ENC_MAX_SIZE); if (ret == NEW_PIN_ENC_MAX_SIZE) { printf2(TAG_ERR,"No NULL terminator in new pin string\n"); diff --git a/ctap_parse.c b/ctap_parse.c index 86c6239..0e5daf3 100644 --- a/ctap_parse.c +++ b/ctap_parse.c @@ -62,8 +62,9 @@ const char * cbor_value_get_type_string(const CborValue *value) case CborDoubleType: return "CborDoubleType"; break; + default: + return "Invalid type"; } - return "Invalid type"; } @@ -97,7 +98,7 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val) } sz = sizeof(key); - ret = cbor_value_copy_text_string(&map, key, &sz, NULL); + ret = cbor_value_copy_text_string(&map, (char *)key, &sz, NULL); if (ret == CborErrorOutOfMemory) { @@ -110,7 +111,7 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val) ret = cbor_value_advance(&map); check_ret(ret); - if (strcmp(key, "id") == 0) + if (strcmp((const char*)key, "id") == 0) { if (cbor_value_get_type(&map) != CborByteStringType) @@ -129,10 +130,10 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val) MC->user.id_size = sz; check_ret(ret); } - else if (strcmp(key, "name") == 0) + else if (strcmp((const char *)key, "name") == 0) { sz = USER_NAME_LIMIT; - ret = cbor_value_copy_text_string(&map, MC->user.name, &sz, NULL); + ret = cbor_value_copy_text_string(&map, (char *)MC->user.name, &sz, NULL); if (ret != CborErrorOutOfMemory) { // Just truncate the name it's okay check_ret(ret); @@ -157,7 +158,6 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val) uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * alg_type) { - CborValue map; CborValue cred; CborValue alg; int ret; @@ -186,12 +186,12 @@ uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * return CTAP2_ERR_MISSING_PARAMETER; } - ret = cbor_value_copy_text_string(&cred, type_str, &sz, NULL); + ret = cbor_value_copy_text_string(&cred, (char*)type_str, &sz, NULL); check_ret(ret); type_str[sizeof(type_str) - 1] = 0; - if (strcmp(type_str, "public-key") == 0) + if (strcmp((const char*)type_str, "public-key") == 0) { *cred_type = PUB_KEY_CRED_PUB_KEY; } @@ -200,7 +200,7 @@ uint8_t parse_pub_key_cred_param(CborValue * val, uint8_t * cred_type, int32_t * *cred_type = PUB_KEY_CRED_UNKNOWN; } - ret = cbor_value_get_int_checked(&alg, alg_type); + ret = cbor_value_get_int_checked(&alg, (int*)alg_type); check_ret(ret); return 0; @@ -222,10 +222,9 @@ static int pub_key_cred_param_supported(uint8_t cred, int32_t alg) uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val) { - size_t sz, arr_length; + size_t arr_length; uint8_t cred_type; int32_t alg_type; - uint8_t key[8]; int ret; int i; CborValue arr; @@ -293,7 +292,7 @@ uint8_t parse_fixed_byte_string(CborValue * map, uint8_t * dst, int len) uint8_t parse_rp_id(struct rpId * rp, CborValue * val) { size_t sz = DOMAIN_NAME_MAX_SIZE; - int ret = cbor_value_copy_text_string(val, rp->id, &sz, NULL); + int ret = cbor_value_copy_text_string(val, (char*)rp->id, &sz, NULL); if (ret == CborErrorOutOfMemory) { printf2(TAG_ERR,"Error, RP_ID is too large\n"); @@ -308,7 +307,7 @@ uint8_t parse_rp_id(struct rpId * rp, CborValue * val) uint8_t parse_rp(struct rpId * rp, CborValue * val) { size_t sz, map_length; - uint8_t key[8]; + char key[8]; int ret; int i; CborValue map; @@ -367,7 +366,7 @@ uint8_t parse_rp(struct rpId * rp, CborValue * val) else if (strcmp(key, "name") == 0) { sz = RP_NAME_LIMIT; - ret = cbor_value_copy_text_string(&map, rp->name, &sz, NULL); + ret = cbor_value_copy_text_string(&map, (char*)rp->name, &sz, NULL); if (ret != CborErrorOutOfMemory) { // Just truncate the name it's okay check_ret(ret); @@ -396,7 +395,7 @@ uint8_t parse_rp(struct rpId * rp, CborValue * val) uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv) { size_t sz, map_length; - uint8_t key[8]; + char key[8]; int ret; int i; _Bool b; @@ -463,6 +462,7 @@ uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv) } + return 0; } uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length) @@ -471,9 +471,8 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod int i; int key; size_t map_length; - size_t sz; CborParser parser; - CborValue it,map,val; + CborValue it,map; memset(MC, 0, sizeof(CTAP_makeCredential)); ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it); @@ -620,7 +619,7 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor * { int ret; size_t buflen; - uint8_t type[12]; + char type[12]; CborValue val; if (cbor_value_get_type(arr) != CborMapType) { @@ -715,10 +714,9 @@ uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it) uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length) { int ret; - int i,j; + int i; int key; size_t map_length; - size_t sz; CborParser parser; CborValue it,map; @@ -832,7 +830,6 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int { CborValue map; size_t map_length; - size_t ptsz; int i,ret,key; int xkey = 0,ykey = 0; *kty = 0; @@ -928,7 +925,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length) { int ret; - int i,j; + int i; int key; size_t map_length; size_t sz; diff --git a/main.c b/main.c index a767e03..3144682 100644 --- a/main.c +++ b/main.c @@ -14,7 +14,7 @@ int main(int argc, char * argv[]) { - int count = 0, beat = 0; + int count = 0; uint64_t t1 = 0; uint8_t hidmsg[64]; diff --git a/nrf52840/Makefile b/nrf52840/Makefile index 28b09f6..97b49c2 100644 --- a/nrf52840/Makefile +++ b/nrf52840/Makefile @@ -19,6 +19,15 @@ SRC_FILES += \ $(PROJ_DIR)/../log.c \ $(PROJ_DIR)/../stubs.c \ $(PROJ_DIR)/../ctaphid.c \ + $(PROJ_DIR)/../ctap.c \ + $(PROJ_DIR)/../ctap_parse.c \ + $(PROJ_DIR)/../u2f.c \ + \ + $(PROJ_DIR)/../crypto.c \ + $(PROJ_DIR)/../crypto/sha256.c \ + $(PROJ_DIR)/../crypto/tiny-AES-c/aes.c \ + $(PROJ_DIR)/../crypto/micro-ecc/uECC.c \ + \ $(SDK_ROOT)/components/boards/boards.c \ $(SDK_ROOT)/components/libraries/util/app_error.c \ $(SDK_ROOT)/components/libraries/util/app_error_handler_gcc.c \ @@ -90,10 +99,14 @@ INC_FOLDERS += \ $(PROJ_DIR) \ $(PROJ_DIR)/.. \ $(PROJ_DIR)/../tinycbor/src \ + \ + $(PROJ_DIR)/../crypto/ \ + $(PROJ_DIR)/../crypto/micro-ecc \ + $(PROJ_DIR)/../crypto/tiny-AES-c \ + \ $(SDK_ROOT)/components/libraries/util \ $(SDK_ROOT)/integration/nrfx/legacy \ $(SDK_ROOT)/modules/nrfx/drivers/include \ - \ $(SDK_ROOT)/components/libraries/cli \ $(SDK_ROOT)/components/libraries/scheduler \ $(SDK_ROOT)/components/libraries/experimental_log \ @@ -152,7 +165,9 @@ CFLAGS += -DCONFIG_GPIO_AS_PINRESET CFLAGS += -DFLOAT_ABI_HARD CFLAGS += -DNRF52840_XXAA #CFLAGS += -DSTUB_CTAPHID -CFLAGS += -DSTUB_CTAP +#CFLAGS += -DSTUB_CTAP +CFLAGS += -DuECC_PLATFORM=5 +CFLAGS += -std=gnu11 CFLAGS += -mcpu=cortex-m4 CFLAGS += -mthumb -mabi=aapcs CFLAGS += -Wall -Wno-format @@ -192,7 +207,7 @@ nrf52840_xxaa: ASMFLAGS += -D__STACK_SIZE=8192 # Add standard libraries at the very end of the linker input, after all objects # that may need symbols provided by these libraries. -LIB_FILES += -lc -lnosys -lm +LIB_FILES += -lc -lnosys -lm $(PROJ_DIR)/../tinycbor/lib/libtinycbor.a .PHONY: default help @@ -210,12 +225,22 @@ help: TEMPLATE_PATH := $(SDK_ROOT)/components/toolchain/gcc + include $(TEMPLATE_PATH)/Makefile.common +#include $(PROJ_DIR)/../tinycbor/Makefile + +#$(shell echo ) +#$(shell ) + $(foreach target, $(TARGETS), $(call define_target, $(target))) .PHONY: flash erase +cbor: + cd $(PROJ_DIR)/../tinycbor/ && make clean + cd $(PROJ_DIR)/../tinycbor/ && make CC="$(CC)" LDFLAGS="--specs=nosys.specs -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 -mthumb -mabi=aapcs " CFLAGS="-mfloat-abi=hard -mfpu=fpv4-sp-d16 -mthumb -mabi=aapcs -DFLOAT_ABI_HARD -marm" + # Flash the program flash: $(OUTPUT_DIRECTORY)/nrf52840_xxaa.hex @echo Flashing: $< diff --git a/u2f.c b/u2f.c index 68973e5..fdd7be6 100644 --- a/u2f.c +++ b/u2f.c @@ -97,11 +97,6 @@ static int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len) -static uint8_t get_signature_length(uint8_t * sig) -{ - return 0x46 + ((sig[32] & 0x80) == 0x80) + ((sig[0] & 0x80) == 0x80); -} - static void dump_signature_der(uint8_t * sig) { uint8_t sigder[72]; @@ -273,6 +268,6 @@ static int16_t u2f_register(struct u2f_register_request * req) static int16_t u2f_version() { const char version[] = "U2F_V2"; - u2f_response_writeback(version, sizeof(version)-1); + u2f_response_writeback((uint8_t*)version, sizeof(version)-1); return U2F_SW_NO_ERROR; }