diff --git a/fido2/crypto.h b/fido2/crypto.h index 497ebf5..685908e 100644 --- a/fido2/crypto.h +++ b/fido2/crypto.h @@ -49,8 +49,8 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey); void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret); -#define CRYPTO_TRANSPORT_KEY NULL -#define CRYPTO_MASTER_KEY NULL +#define CRYPTO_TRANSPORT_KEY ((uint8_t*)1) +#define CRYPTO_MASTER_KEY ((uint8_t*)0) void crypto_aes256_init(uint8_t * key, uint8_t * nonce); void crypto_aes256_reset_iv(uint8_t * nonce); @@ -66,6 +66,7 @@ void crypto_load_master_secret(uint8_t * key); extern const uint8_t attestation_cert_der[]; extern const uint16_t attestation_cert_der_size; - +extern const uint8_t attestation_key[]; +extern const uint16_t attestation_key_size; #endif diff --git a/fido2/ctap.c b/fido2/ctap.c index c3b4a4c..ba641e5 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -269,12 +269,12 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input, void make_auth_tag(uint8_t * nonce, CTAP_userEntity * user, uint32_t count, uint8_t * tag) { uint8_t hashbuf[32]; - crypto_sha256_hmac_init(NULL, 0, hashbuf); + crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, hashbuf); crypto_sha256_update(nonce, CREDENTIAL_NONCE_SIZE); crypto_sha256_update(user->id, user->id_size); crypto_sha256_update(user->name, strnlen((const char*)user->name, USER_NAME_LIMIT)); crypto_sha256_update((uint8_t*)&count, 4); - crypto_sha256_hmac_final(NULL,0,hashbuf); + crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0,hashbuf); memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE); } diff --git a/fido2/device.h b/fido2/device.h index adbc842..e750568 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -28,6 +28,8 @@ void device_init(); uint32_t millis(); +void delay(uint32_t ms); + // HID message size in bytes #define HID_MESSAGE_SIZE 64 diff --git a/fido2/main.c b/fido2/main.c index 797c856..8c2cdb3 100644 --- a/fido2/main.c +++ b/fido2/main.c @@ -36,12 +36,8 @@ int main(int argc, char * argv[]) { - int count = 0; - uint32_t t1 = 0; - uint32_t t2 = 0; - uint32_t accum = 0; - uint32_t dt = 0; uint8_t hidmsg[64]; + uint32_t t1 = 0; set_logging_mask( /*0*/ @@ -51,11 +47,11 @@ int main(int argc, char * argv[]) // TAG_WALLET | TAG_STOR | // TAG_CP | - TAG_CTAP| + // TAG_CTAP| // TAG_HID| /*TAG_U2F|*/ // TAG_PARSE | - //TAG_TIME| + // TAG_TIME| // TAG_DUMP| TAG_GREEN| TAG_RED| @@ -89,24 +85,18 @@ int main(int argc, char * argv[]) if (usbhid_recv(hidmsg) > 0) { - t2 = millis(); ctaphid_handle_packet(hidmsg); - accum += millis() - t2; - // printf1(TAG_TIME,"accum: %d\n", (uint32_t)accum); - // printf1(TAG_TIME,"dt: %d\n", t2 - dt); - dt = t2; memset(hidmsg, 0, sizeof(hidmsg)); } else { - /*main_loop_delay();*/ } ctaphid_check_timeouts(); } // Should never get here usbhid_close(); - printf("done\n"); + printf1(TAG_GREEN, "done\n"); return 0; } diff --git a/fido2/test_power.c b/fido2/test_power.c index 607e732..38e2b4f 100644 --- a/fido2/test_power.c +++ b/fido2/test_power.c @@ -124,7 +124,7 @@ int main(int argc, char * argv[]) // Should never get here usbhid_close(); - printf("done\n"); + printf1(TAG_GREEN, "done\n"); return 0; } diff --git a/targets/stm32l442/Makefile b/targets/stm32l442/Makefile index 7dd2ea3..e8f209c 100644 --- a/targets/stm32l442/Makefile +++ b/targets/stm32l442/Makefile @@ -42,7 +42,7 @@ CHIP=STM32L442xx DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER # DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1 -CFLAGS=$(INC) -c $(DEFINES) -Os -Wall -fdata-sections -ffunction-sections $(HW) +CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW) LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -u _printf_float -lnosys LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -ltinycbor @@ -53,11 +53,13 @@ all: $(TARGET).elf $(SZ) $^ %.o: %.c - $(CC) $^ $(HW) $(CFLAGS) -o $@ + $(CC) $^ $(HW) -Os $(CFLAGS) -o $@ +../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c + $(CC) $^ $(HW) -O3 $(CFLAGS) -o $@ %.o: %.s - $(CC) $^ $(HW) $(CFLAGS) -o $@ + $(CC) $^ $(HW) -Os $(CFLAGS) -o $@ %.elf: $(OBJ) $(CC) $^ $(HW) $(LDFLAGS) -o $@ @@ -69,8 +71,9 @@ clean: rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ) flash: $(TARGET).hex - STM32_Programmer_CLI -c port=SWD -halt -e all + STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst + STM32_Programmer_CLI -c port=SWD -rst sleep 0.5 python dfuse-tool/dfuse-tool.py --leave diff --git a/targets/stm32l442/src/app.h b/targets/stm32l442/src/app.h index 0db87d3..6a31791 100644 --- a/targets/stm32l442/src/app.h +++ b/targets/stm32l442/src/app.h @@ -4,15 +4,10 @@ #define DEBUG_UART USART1 - - - -#define DEBUG_LEVEL 1 +#define DEBUG_LEVEL 1 #define NON_BLOCK_PRINTING 0 -//#define PRINTING_USE_VCOM - //#define USING_DEV_BOARD //#define ENABLE_U2F_EXTENSIONS @@ -35,6 +30,7 @@ void hw_init(void); #define SOLO_BUTTON_PORT GPIOA #define SOLO_BUTTON_PIN LL_GPIO_PIN_0 -#define SKIP_BUTTON_CHECK 1 +#define SKIP_BUTTON_CHECK_WITH_DELAY 1 +#define SKIP_BUTTON_CHECK_FAST 0 #endif diff --git a/targets/stm32l442/src/crypto.c b/targets/stm32l442/src/crypto.c index c22067b..70cd626 100644 --- a/targets/stm32l442/src/crypto.c +++ b/targets/stm32l442/src/crypto.c @@ -19,6 +19,7 @@ #include "ctap.h" #include "device.h" #include "app.h" +#include "log.h" typedef enum @@ -39,14 +40,6 @@ typedef enum } mbedtls_ecp_group_id; - -const uint8_t attestation_cert_der[]; -const uint16_t attestation_cert_der_size; -const uint8_t attestation_key[]; -const uint16_t attestation_key_size; - - - static SHA256_CTX sha256_ctx; static const struct uECC_Curve_t * _es256_curve = NULL; static const uint8_t * _signing_key = NULL; @@ -105,10 +98,15 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac) key = master_secret; klen = sizeof(master_secret)/2; } + else if (key == CRYPTO_TRANSPORT_KEY) + { + key = transport_secret; + klen = 32; + } if(klen > 64) { - printf("Error, key size must be <= 64\n"); + printf2(TAG_ERR, "Error, key size must be <= 64\n"); exit(1); } @@ -138,7 +136,7 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac) if(klen > 64) { - printf("Error, key size must be <= 64\n"); + printf2(TAG_ERR, "Error, key size must be <= 64\n"); exit(1); } memmove(buf, key, klen); @@ -172,7 +170,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig) { if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0) { - printf("error, uECC failed\n"); + printf2(TAG_ERR, "error, uECC failed\n"); exit(1); } } @@ -209,19 +207,19 @@ void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_I if (_key_len != 32) goto fail; break; default: - printf("error, invalid ECDSA alg specifier\n"); + printf2(TAG_ERR, "error, invalid ECDSA alg specifier\n"); exit(1); } if ( uECC_sign(_signing_key, data, len, sig, curve) == 0) { - printf("error, uECC failed\n"); + printf2(TAG_ERR, "error, uECC failed\n"); exit(1); } return; fail: - printf("error, invalid key length\n"); + printf2(TAG_ERR, "error, invalid key length\n"); exit(1); } @@ -261,7 +259,7 @@ void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey) { if (uECC_make_key(pubkey, privkey, _es256_curve) != 1) { - printf("Error, uECC_make_key failed\n"); + printf2(TAG_ERR, "Error, uECC_make_key failed\n"); exit(1); } } @@ -270,7 +268,7 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey { if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1) { - printf("Error, uECC_shared_secret failed\n"); + printf2(TAG_ERR, "Error, uECC_shared_secret failed\n"); exit(1); } diff --git a/targets/stm32l442/src/device.c b/targets/stm32l442/src/device.c index f4ecb7f..2033b47 100644 --- a/targets/stm32l442/src/device.c +++ b/targets/stm32l442/src/device.c @@ -95,6 +95,7 @@ void device_init() hw_init(); LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT); LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP); + flash_option_bytes_init(0); printf1(TAG_GEN,"hello solo\r\n"); } @@ -337,9 +338,8 @@ static int handle_packets() int ctap_user_presence_test() { - int oldstatus = __device_status; int ret; -#if SKIP_BUTTON_CHECK +#if SKIP_BUTTON_CHECK_WITH_DELAY int i=500; while(i--) { @@ -348,17 +348,15 @@ int ctap_user_presence_test() if (ret) return ret; } goto done; +#elif SKIP_BUTTON_CHECK_FAST + delay(2); + ret = handle_packets(); + if (ret) return ret; + goto done; #endif - uint32_t t1 = millis(); led_rgb(0xff3520); -#if USE_BUTTON_DELAY - delay(3000); - led_rgb(0x001040); - delay(50); - goto done; -#endif while (IS_BUTTON_PRESSED()) { if (t1 + 5000 < millis()) diff --git a/targets/stm32l442/src/fifo.c b/targets/stm32l442/src/fifo.c index cd13348..645c28b 100644 --- a/targets/stm32l442/src/fifo.c +++ b/targets/stm32l442/src/fifo.c @@ -4,7 +4,7 @@ #include "fifo.h" -FIFO_CREATE(debug,1024,1) +FIFO_CREATE(debug,4096,1) FIFO_CREATE(hidmsg,100,64) diff --git a/targets/stm32l442/src/flash.c b/targets/stm32l442/src/flash.c index d87a002..1b09d66 100644 --- a/targets/stm32l442/src/flash.c +++ b/targets/stm32l442/src/flash.c @@ -6,6 +6,7 @@ #include "app.h" #include "flash.h" #include "log.h" +#include "device.h" static void flash_unlock() { @@ -15,13 +16,57 @@ static void flash_unlock() FLASH->KEYR = 0xCDEF89AB; } } + +// Locks flash and turns off DFU +void flash_option_bytes_init(int boot_from_dfu) +{ +#if DEBUG_LEVEL + uint32_t val = 0xfffff8aa; +#else + uint32_t val = 0xfffff8b9; +#endif + if (!boot_from_dfu) + { + val &= ~(1<<26); // nSWBOOT0 = 0 (boot from nBoot0) + } + val &= ~(1<<25); // SRAM2_RST = 1 (erase sram on reset) + val &= ~(1<<24); // SRAM2_PE = 1 (parity check en) + + if (FLASH->OPTR == val) + { + return; + } + + __disable_irq(); + while (FLASH->SR & (1<<16)) + ; + flash_unlock(); + if (FLASH->CR & (1<<30)) + { + FLASH->OPTKEYR = 0x08192A3B; + FLASH->OPTKEYR = 0x4C5D6E7F; + } + + FLASH->OPTR =val; + FLASH->CR |= (1<<17); + + while (FLASH->SR & (1<<16)) + ; + + flash_lock(); + + __enable_irq(); +} + void flash_erase_page(uint8_t page) { __disable_irq(); - flash_unlock(); + // Wait if flash is busy while (FLASH->SR & (1<<16)) ; + flash_unlock(); + FLASH->SR = FLASH->SR; // enable flash erase and select page @@ -72,6 +117,8 @@ void flash_write(uint32_t addr, uint8_t * data, size_t sz) { int i; uint8_t buf[8]; + while (FLASH->SR & (1<<16)) + ; flash_unlock(); // dword align diff --git a/targets/stm32l442/src/flash.h b/targets/stm32l442/src/flash.h index e4841df..f099700 100644 --- a/targets/stm32l442/src/flash.h +++ b/targets/stm32l442/src/flash.h @@ -4,6 +4,7 @@ void flash_erase_page(uint8_t page); void flash_write_dword(uint32_t addr, uint64_t data); void flash_write(uint32_t addr, uint8_t * data, size_t sz); +void flash_option_bytes_init(int boot_from_dfu); #define FLASH_PAGE_SIZE 2048 diff --git a/targets/stm32l442/src/led.c b/targets/stm32l442/src/led.c index f8373aa..2393d7b 100644 --- a/targets/stm32l442/src/led.c +++ b/targets/stm32l442/src/led.c @@ -6,6 +6,7 @@ #include "led.h" #include "device.h" +#include "log.h" void led_rgb(uint32_t hex) { @@ -46,9 +47,9 @@ void led_test_colors() while(1) { - printf("%d: %lu\r\n", j++, millis()); + printf1(TAG_GREEN, "%d: %lu\r\n", j++, millis()); - printf("white pulse\r\n"); + printf1(TAG_GREEN,"white pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -56,7 +57,7 @@ void led_test_colors() led_rgb(i | (i << 8) | (i << 16)); } - printf("blue pulse\r\n"); + printf1(TAG_GREEN,"blue pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -64,7 +65,7 @@ void led_test_colors() led_rgb(i); } - printf("green pulse\r\n"); + printf1(TAG_GREEN,"green pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -72,7 +73,7 @@ void led_test_colors() led_rgb(i<<8); } - printf("red pulse\r\n"); + printf1(TAG_GREEN,"red pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -80,7 +81,7 @@ void led_test_colors() led_rgb(i<<16); } - printf("purple pulse\r\n"); + printf1(TAG_GREEN,"purple pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -88,7 +89,7 @@ void led_test_colors() led_rgb((i<<16) | i); } - printf("orange pulse\r\n"); + printf1(TAG_GREEN,"orange pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -96,7 +97,7 @@ void led_test_colors() led_rgb((i<<16) | (i<<8)); } - printf("yellow pulse\r\n"); + printf1(TAG_GREEN,"yellow pulse\r\n"); time = millis(); while((millis() - time) < 5000) { @@ -105,5 +106,3 @@ void led_test_colors() } } } - - diff --git a/targets/stm32l442/src/redirect.c b/targets/stm32l442/src/redirect.c index 0f997d6..5c8dbf4 100644 --- a/targets/stm32l442/src/redirect.c +++ b/targets/stm32l442/src/redirect.c @@ -3,7 +3,7 @@ #include "app.h" #include "fifo.h" - +#if DEBUG_LEVEL>0 void _putchar(char c) { @@ -16,6 +16,8 @@ void _putchar(char c) #endif } + + int _write (int fd, const void *buf, long int len) { uint8_t * data = (uint8_t *) buf; @@ -26,3 +28,4 @@ int _write (int fd, const void *buf, long int len) return 0; } +#endif