fix upper byte U2F for backwards compatibility

fido2/u2f.c

@@ -224,7 +224,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
     }
 
     count = ctap_atomic_count(0);
-    hash[0] = (count >> 24) & 0xff;
+    hash[0] = 0xff;
     hash[1] = (count >> 16) & 0xff;
     hash[2] = (count >> 8) & 0xff;
     hash[3] = (count >> 0) & 0xff;
@@ -241,7 +241,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
     crypto_ecc256_sign(hash, 32, sig);
 
     u2f_response_writeback(&up,1);
-    hash[0] = (count >> 24) & 0xff;
+    hash[0] = 0xff;
     hash[1] = (count >> 16) & 0xff;
     hash[2] = (count >> 8) & 0xff;
     hash[3] = (count >> 0) & 0xff;

tools/ctap_test.py

@@ -383,12 +383,16 @@ class Tester:
     def test_u2f(self,):
         chal = sha256(b"AAA")
         appid = sha256(b"BBB")
+        lastc = 0
         for i in range(0, 5):
             reg = self.ctap1.register(chal, appid)
             reg.verify(appid, chal)
             auth = self.ctap1.authenticate(chal, appid, reg.key_handle)
             # check endianness
-            assert auth.counter < 0x10000
+            if lastc:
+                assert (auth.counter - lastc) < 10
+            lastc = auth.counter
+            print(hex(lastc))
             print("U2F reg + auth pass %d/5" % (i + 1))
 
     def test_fido2_simple(self, pin_token=None):