shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

overwrite x509 fields for tap or somu

Browse Source
This commit is contained in:
Conor Patrick 2019-12-01 15:17:33 -05:00
parent 6217fc34b9
commit 54c66d80b6
4 changed files with 44 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fido2/ctap.c
View File

@ -630,11 +630,17 @@ int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHa
uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len) uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len)
{ {
int ret; int ret;
uint8_t cert[1024];
uint16_t cert_size = device_attestation_cert_der_get_size();
if (cert_size > sizeof(cert)){
printf2(TAG_ERR,"Certificate is too large for CTAP2 buffer\r\n");
return CTAP2_ERR_PROCESSING;
}
device_attestation_read_cert_der(cert);
CborEncoder stmtmap; CborEncoder stmtmap;
CborEncoder x5carr; CborEncoder x5carr;
ret = cbor_encode_int(map,RESP_attStmt); ret = cbor_encode_int(map,RESP_attStmt);
check_ret(ret); check_ret(ret);
ret = cbor_encoder_create_map(map, &stmtmap, 3); ret = cbor_encoder_create_map(map, &stmtmap, 3);
@ -657,7 +663,7 @@ uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len)
ret = cbor_encoder_create_array(&stmtmap, &x5carr, 1); ret = cbor_encoder_create_array(&stmtmap, &x5carr, 1);
check_ret(ret); check_ret(ret);
{ {
ret = cbor_encode_byte_string(&x5carr, attestation_cert_der, device_attestation_cert_der_get_size()); ret = cbor_encode_byte_string(&x5carr, cert, device_attestation_cert_der_get_size());
check_ret(ret); check_ret(ret);
ret = cbor_encoder_close_container(&stmtmap, &x5carr); ret = cbor_encoder_close_container(&stmtmap, &x5carr);
check_ret(ret); check_ret(ret);

7
fido2/device.h
View File

@ -199,9 +199,12 @@ int device_is_nfc();
*/ */
uint8_t * device_get_attestation_key(); uint8_t * device_get_attestation_key();
/** Pointer to a ASN.1/DER encoded byte array of the attestation certificate. /** Read the device's attestation certificate into buffer @dst.
* @param dst the destination to write the certificate.
*
* The size of the certificate can be retrieved using `device_attestation_cert_der_get_size()`.
*/ */
extern const uint8_t * attestation_cert_der; void device_attestation_read_cert_der(uint8_t * dst);
/** Returns the size in bytes of attestation_cert_der. /** Returns the size in bytes of attestation_cert_der.
* @return number of bytes in attestation_cert_der, not including any C string null byte. * @return number of bytes in attestation_cert_der, not including any C string null byte.

10
fido2/u2f.c
View File

@ -299,7 +299,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
static int16_t u2f_register(struct u2f_register_request * req) static int16_t u2f_register(struct u2f_register_request * req)
{ {
uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED}; uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};
uint8_t cert[1024];
struct u2f_key_handle key_handle; struct u2f_key_handle key_handle;
uint8_t pubkey[64]; uint8_t pubkey[64];
uint8_t hash[32]; uint8_t hash[32];
@ -308,6 +308,11 @@ static int16_t u2f_register(struct u2f_register_request * req)
const uint16_t attest_size = device_attestation_cert_der_get_size(); const uint16_t attest_size = device_attestation_cert_der_get_size();
if (attest_size > sizeof(cert)){
printf2(TAG_ERR,"Certificate is too large for buffer\r\n");
return U2F_SW_INSUFFICIENT_MEMORY;
}
if ( ! ctap_user_presence_test(750)) if ( ! ctap_user_presence_test(750))
{ {
return U2F_SW_CONDITIONS_NOT_SATISFIED; return U2F_SW_CONDITIONS_NOT_SATISFIED;
@ -341,7 +346,8 @@ static int16_t u2f_register(struct u2f_register_request * req)
u2f_response_writeback(i,1); u2f_response_writeback(i,1);
u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE); u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);
u2f_response_writeback(attestation_cert_der,attest_size); device_attestation_read_cert_der(cert);
u2f_response_writeback(cert,attest_size);
dump_signature_der(sig); dump_signature_der(sig);

23
targets/stm32l432/src/attestation.c
View File

@ -5,8 +5,11 @@
// http://opensource.org/licenses/MIT>, at your option. This file may not be // http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms. // copied, modified, or distributed except according to those terms.
#include <stdint.h> #include <stdint.h>
#include <string.h>
#include "crypto.h" #include "crypto.h"
#include "memory_layout.h" #include "memory_layout.h"
#include "device.h"
#include "sense.h"
const uint8_t attestation_solo_cert_der[] = const uint8_t attestation_solo_cert_der[] =
@ -96,7 +99,6 @@ const uint8_t attestation_hacker_cert_der[] =
const uint16_t attestation_solo_cert_der_size = sizeof(attestation_solo_cert_der)-1; const uint16_t attestation_solo_cert_der_size = sizeof(attestation_solo_cert_der)-1;
const uint16_t attestation_hacker_cert_der_size = sizeof(attestation_hacker_cert_der)-1; const uint16_t attestation_hacker_cert_der_size = sizeof(attestation_hacker_cert_der)-1;
const uint8_t * attestation_cert_der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
uint8_t * device_get_attestation_key(){ uint8_t * device_get_attestation_key(){
flash_attestation_page * page =(flash_attestation_page *)ATTESTATION_PAGE_ADDR; flash_attestation_page * page =(flash_attestation_page *)ATTESTATION_PAGE_ADDR;
@ -107,3 +109,22 @@ uint16_t device_attestation_cert_der_get_size(){
uint16_t sz = (uint16_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size; uint16_t sz = (uint16_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size;
return sz; return sz;
} }
void device_attestation_read_cert_der(uint8_t * dst){
const uint8_t * der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
uint16_t sz = device_attestation_cert_der_get_size();
memmove(dst, der, sz);
// Overwrite respective x509 fields if Tap or Somu.
if (memcmp(dst + 0x2c6, "\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d", 10) == 0){
if (device_is_nfc()){
dst[0x2a3] = 0x89;//tap aaguid byte
memmove(dst + 0xac, "\x34\x33\x38\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x34\x33\x38", 20);//tap-id
memmove(dst + 0x2c5, "\x6d\x7b\x41\x2b\xff\x57\xf0\x03\xbd\x5b\x39\x4a\xf7\xa9\x2d\x6d\xcb\x9e\x2d\x88\xbf\xb3\x93\xc5\x66\x3b\xd1\xbc\x34\xfa\x5c\x4c\x02\x20\x59\x01\x49\x39\x1b\xb7\xa9\x1c\xed\x49\x78\x4f\x92\xa9\x61\x14\xa5\x6e\x96\x3f\x29\x02\x93\xe0\x5d\xe2\x75\xd0\x60\xd9\x74\xc2", 66);//tap-sig
} else if (tsc_sensor_exists()) {
dst[0x2a3] = 0x98;//somu aaguid byte
memmove(dst + 0xac, "\x35\x30\x32\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x35\x30\x32", 20);//somu-id
memmove(dst + 0x2c5, "\x4d\x08\xc8\x9d\xc4\x50\x49\x70\x48\x4d\xd0\x12\xd9\x7c\x62\x5e\x6b\xd3\x84\xd5\x36\x42\xfe\x86\x8e\x7a\x23\x59\xa0\x20\xf0\xc5\x02\x20\x5f\x70\x93\x61\x5a\xe4\x20\xcf\xb9\x8a\xf5\xdd\x87\xd0\x48\x6d\x7d\x59\xef\x9e\x0e\x11\xa3\x8e\xf7\xe3\xe2\xf5\x35\x37\x99\x1a", 66);//somu-sig
}
}
}