shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

fix compile warnings, add flash locking

Browse Source
This commit is contained in:
Conor Patrick 2018-10-28 20:09:12 -04:00
parent 707a930d33
commit 5993aa792a
14 changed files with 107 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fido2/crypto.h
View File

@ -49,8 +49,8 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey); void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret); void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret);
#define CRYPTO_TRANSPORT_KEY NULL #define CRYPTO_TRANSPORT_KEY ((uint8_t*)1)
#define CRYPTO_MASTER_KEY NULL #define CRYPTO_MASTER_KEY ((uint8_t*)0)
void crypto_aes256_init(uint8_t * key, uint8_t * nonce); void crypto_aes256_init(uint8_t * key, uint8_t * nonce);
void crypto_aes256_reset_iv(uint8_t * nonce); void crypto_aes256_reset_iv(uint8_t * nonce);
@ -66,6 +66,7 @@ void crypto_load_master_secret(uint8_t * key);
extern const uint8_t attestation_cert_der[]; extern const uint8_t attestation_cert_der[];
extern const uint16_t attestation_cert_der_size; extern const uint16_t attestation_cert_der_size;
extern const uint8_t attestation_key[];
extern const uint16_t attestation_key_size;
#endif #endif

4
fido2/ctap.c
View File

@ -269,12 +269,12 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
void make_auth_tag(uint8_t * nonce, CTAP_userEntity * user, uint32_t count, uint8_t * tag) void make_auth_tag(uint8_t * nonce, CTAP_userEntity * user, uint32_t count, uint8_t * tag)
{ {
uint8_t hashbuf[32]; uint8_t hashbuf[32];
crypto_sha256_hmac_init(NULL, 0, hashbuf); crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, hashbuf);
crypto_sha256_update(nonce, CREDENTIAL_NONCE_SIZE); crypto_sha256_update(nonce, CREDENTIAL_NONCE_SIZE);
crypto_sha256_update(user->id, user->id_size); crypto_sha256_update(user->id, user->id_size);
crypto_sha256_update(user->name, strnlen((const char*)user->name, USER_NAME_LIMIT)); crypto_sha256_update(user->name, strnlen((const char*)user->name, USER_NAME_LIMIT));
crypto_sha256_update((uint8_t*)&count, 4); crypto_sha256_update((uint8_t*)&count, 4);
crypto_sha256_hmac_final(NULL,0,hashbuf); crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0,hashbuf);
memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE); memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
} }

2
fido2/device.h
View File

@ -28,6 +28,8 @@ void device_init();
uint32_t millis(); uint32_t millis();
void delay(uint32_t ms);
// HID message size in bytes // HID message size in bytes
#define HID_MESSAGE_SIZE 64 #define HID_MESSAGE_SIZE 64

18
fido2/main.c
View File

@ -36,12 +36,8 @@
int main(int argc, char * argv[]) int main(int argc, char * argv[])
{ {
int count = 0;
uint32_t t1 = 0;
uint32_t t2 = 0;
uint32_t accum = 0;
uint32_t dt = 0;
uint8_t hidmsg[64]; uint8_t hidmsg[64];
uint32_t t1 = 0;
set_logging_mask( set_logging_mask(
/*0*/ /*0*/
@ -51,11 +47,11 @@ int main(int argc, char * argv[])
// TAG_WALLET | // TAG_WALLET |
TAG_STOR | TAG_STOR |
// TAG_CP | // TAG_CP |
TAG_CTAP| // TAG_CTAP|
// TAG_HID| // TAG_HID|
/*TAG_U2F|*/ /*TAG_U2F|*/
// TAG_PARSE | // TAG_PARSE |
//TAG_TIME| // TAG_TIME|
// TAG_DUMP| // TAG_DUMP|
TAG_GREEN| TAG_GREEN|
TAG_RED| TAG_RED|
@ -89,24 +85,18 @@ int main(int argc, char * argv[])
if (usbhid_recv(hidmsg) > 0) if (usbhid_recv(hidmsg) > 0)
{ {
t2 = millis();
ctaphid_handle_packet(hidmsg); ctaphid_handle_packet(hidmsg);
accum += millis() - t2;
// printf1(TAG_TIME,"accum: %d\n", (uint32_t)accum);
// printf1(TAG_TIME,"dt: %d\n", t2 - dt);
dt = t2;
memset(hidmsg, 0, sizeof(hidmsg)); memset(hidmsg, 0, sizeof(hidmsg));
} }
else else
{ {
/*main_loop_delay();*/
} }
ctaphid_check_timeouts(); ctaphid_check_timeouts();
} }
// Should never get here // Should never get here
usbhid_close(); usbhid_close();
printf("done\n"); printf1(TAG_GREEN, "done\n");
return 0; return 0;
} }

2
fido2/test_power.c
View File

@ -124,7 +124,7 @@ int main(int argc, char * argv[])
// Should never get here // Should never get here
usbhid_close(); usbhid_close();
printf("done\n"); printf1(TAG_GREEN, "done\n");
return 0; return 0;
} }

11
targets/stm32l442/Makefile
View File

@ -42,7 +42,7 @@ CHIP=STM32L442xx
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER
# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1 # DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
CFLAGS=$(INC) -c $(DEFINES) -Os -Wall -fdata-sections -ffunction-sections $(HW) CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW)
LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -u _printf_float -lnosys LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -u _printf_float -lnosys
LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -ltinycbor LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -ltinycbor
@ -53,11 +53,13 @@ all: $(TARGET).elf
$(SZ) $^ $(SZ) $^
%.o: %.c %.o: %.c
$(CC) $^ $(HW) $(CFLAGS) -o $@ $(CC) $^ $(HW) -Os $(CFLAGS) -o $@
../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
$(CC) $^ $(HW) -O3 $(CFLAGS) -o $@
%.o: %.s %.o: %.s
$(CC) $^ $(HW) $(CFLAGS) -o $@ $(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.elf: $(OBJ) %.elf: $(OBJ)
$(CC) $^ $(HW) $(LDFLAGS) -o $@ $(CC) $^ $(HW) $(LDFLAGS) -o $@
@ -69,8 +71,9 @@ clean:
rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ) rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)
flash: $(TARGET).hex flash: $(TARGET).hex
STM32_Programmer_CLI -c port=SWD -halt -e all STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst
STM32_Programmer_CLI -c port=SWD -rst
sleep 0.5 sleep 0.5
python dfuse-tool/dfuse-tool.py --leave python dfuse-tool/dfuse-tool.py --leave

10
targets/stm32l442/src/app.h
View File

@ -4,15 +4,10 @@
#define DEBUG_UART USART1 #define DEBUG_UART USART1
#define DEBUG_LEVEL 1
#define DEBUG_LEVEL 1
#define NON_BLOCK_PRINTING 0 #define NON_BLOCK_PRINTING 0
//#define PRINTING_USE_VCOM
//#define USING_DEV_BOARD //#define USING_DEV_BOARD
//#define ENABLE_U2F_EXTENSIONS //#define ENABLE_U2F_EXTENSIONS
@ -35,6 +30,7 @@ void hw_init(void);
#define SOLO_BUTTON_PORT GPIOA #define SOLO_BUTTON_PORT GPIOA
#define SOLO_BUTTON_PIN LL_GPIO_PIN_0 #define SOLO_BUTTON_PIN LL_GPIO_PIN_0
#define SKIP_BUTTON_CHECK 1 #define SKIP_BUTTON_CHECK_WITH_DELAY 1
#define SKIP_BUTTON_CHECK_FAST 0
#endif #endif

30
targets/stm32l442/src/crypto.c
View File

@ -19,6 +19,7 @@
#include "ctap.h" #include "ctap.h"
#include "device.h" #include "device.h"
#include "app.h" #include "app.h"
#include "log.h"
typedef enum typedef enum
@ -39,14 +40,6 @@ typedef enum
} mbedtls_ecp_group_id; } mbedtls_ecp_group_id;
const uint8_t attestation_cert_der[];
const uint16_t attestation_cert_der_size;
const uint8_t attestation_key[];
const uint16_t attestation_key_size;
static SHA256_CTX sha256_ctx; static SHA256_CTX sha256_ctx;
static const struct uECC_Curve_t * _es256_curve = NULL; static const struct uECC_Curve_t * _es256_curve = NULL;
static const uint8_t * _signing_key = NULL; static const uint8_t * _signing_key = NULL;
@ -105,10 +98,15 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
key = master_secret; key = master_secret;
klen = sizeof(master_secret)/2; klen = sizeof(master_secret)/2;
} }
else if (key == CRYPTO_TRANSPORT_KEY)
{
key = transport_secret;
klen = 32;
}
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR, "Error, key size must be <= 64\n");
exit(1); exit(1);
} }
@ -138,7 +136,7 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR, "Error, key size must be <= 64\n");
exit(1); exit(1);
} }
memmove(buf, key, klen); memmove(buf, key, klen);
@ -172,7 +170,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
{ {
if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0) if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0)
{ {
printf("error, uECC failed\n"); printf2(TAG_ERR, "error, uECC failed\n");
exit(1); exit(1);
} }
} }
@ -209,19 +207,19 @@ void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_I
if (_key_len != 32) goto fail; if (_key_len != 32) goto fail;
break; break;
default: default:
printf("error, invalid ECDSA alg specifier\n"); printf2(TAG_ERR, "error, invalid ECDSA alg specifier\n");
exit(1); exit(1);
} }
if ( uECC_sign(_signing_key, data, len, sig, curve) == 0) if ( uECC_sign(_signing_key, data, len, sig, curve) == 0)
{ {
printf("error, uECC failed\n"); printf2(TAG_ERR, "error, uECC failed\n");
exit(1); exit(1);
} }
return; return;
fail: fail:
printf("error, invalid key length\n"); printf2(TAG_ERR, "error, invalid key length\n");
exit(1); exit(1);
} }
@ -261,7 +259,7 @@ void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{ {
if (uECC_make_key(pubkey, privkey, _es256_curve) != 1) if (uECC_make_key(pubkey, privkey, _es256_curve) != 1)
{ {
printf("Error, uECC_make_key failed\n"); printf2(TAG_ERR, "Error, uECC_make_key failed\n");
exit(1); exit(1);
} }
} }
@ -270,7 +268,7 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey
{ {
if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1) if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1)
{ {
printf("Error, uECC_shared_secret failed\n"); printf2(TAG_ERR, "Error, uECC_shared_secret failed\n");
exit(1); exit(1);
} }

16
targets/stm32l442/src/device.c
View File

@ -95,6 +95,7 @@ void device_init()
hw_init(); hw_init();
LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT); LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT);
LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP); LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP);
flash_option_bytes_init(0);
printf1(TAG_GEN,"hello solo\r\n"); printf1(TAG_GEN,"hello solo\r\n");
} }
@ -337,9 +338,8 @@ static int handle_packets()
int ctap_user_presence_test() int ctap_user_presence_test()
{ {
int oldstatus = __device_status;
int ret; int ret;
#if SKIP_BUTTON_CHECK #if SKIP_BUTTON_CHECK_WITH_DELAY
int i=500; int i=500;
while(i--) while(i--)
{ {
@ -348,17 +348,15 @@ int ctap_user_presence_test()
if (ret) return ret; if (ret) return ret;
} }
goto done; goto done;
#elif SKIP_BUTTON_CHECK_FAST
delay(2);
ret = handle_packets();
if (ret) return ret;
goto done;
#endif #endif
uint32_t t1 = millis(); uint32_t t1 = millis();
led_rgb(0xff3520); led_rgb(0xff3520);
#if USE_BUTTON_DELAY
delay(3000);
led_rgb(0x001040);
delay(50);
goto done;
#endif
while (IS_BUTTON_PRESSED()) while (IS_BUTTON_PRESSED())
{ {
if (t1 + 5000 < millis()) if (t1 + 5000 < millis())

2
targets/stm32l442/src/fifo.c
View File

@ -4,7 +4,7 @@
#include "fifo.h" #include "fifo.h"
FIFO_CREATE(debug,1024,1) FIFO_CREATE(debug,4096,1)
FIFO_CREATE(hidmsg,100,64) FIFO_CREATE(hidmsg,100,64)

49
targets/stm32l442/src/flash.c
View File

@ -6,6 +6,7 @@
#include "app.h" #include "app.h"
#include "flash.h" #include "flash.h"
#include "log.h" #include "log.h"
#include "device.h"
static void flash_unlock() static void flash_unlock()
{ {
@ -15,13 +16,57 @@ static void flash_unlock()
FLASH->KEYR = 0xCDEF89AB; FLASH->KEYR = 0xCDEF89AB;
} }
} }
// Locks flash and turns off DFU
void flash_option_bytes_init(int boot_from_dfu)
{
#if DEBUG_LEVEL
uint32_t val = 0xfffff8aa;
#else
uint32_t val = 0xfffff8b9;
#endif
if (!boot_from_dfu)
{
val &= ~(1<<26); // nSWBOOT0 = 0 (boot from nBoot0)
}
val &= ~(1<<25); // SRAM2_RST = 1 (erase sram on reset)
val &= ~(1<<24); // SRAM2_PE = 1 (parity check en)
if (FLASH->OPTR == val)
{
return;
}
__disable_irq();
while (FLASH->SR & (1<<16))
;
flash_unlock();
if (FLASH->CR & (1<<30))
{
FLASH->OPTKEYR = 0x08192A3B;
FLASH->OPTKEYR = 0x4C5D6E7F;
}
FLASH->OPTR =val;
FLASH->CR |= (1<<17);
while (FLASH->SR & (1<<16))
;
flash_lock();
__enable_irq();
}
void flash_erase_page(uint8_t page) void flash_erase_page(uint8_t page)
{ {
__disable_irq(); __disable_irq();
flash_unlock();
// Wait if flash is busy // Wait if flash is busy
while (FLASH->SR & (1<<16)) while (FLASH->SR & (1<<16))
; ;
flash_unlock();
FLASH->SR = FLASH->SR; FLASH->SR = FLASH->SR;
// enable flash erase and select page // enable flash erase and select page
@ -72,6 +117,8 @@ void flash_write(uint32_t addr, uint8_t * data, size_t sz)
{ {
int i; int i;
uint8_t buf[8]; uint8_t buf[8];
while (FLASH->SR & (1<<16))
;
flash_unlock(); flash_unlock();
// dword align // dword align

1
targets/stm32l442/src/flash.h
View File

@ -4,6 +4,7 @@
void flash_erase_page(uint8_t page); void flash_erase_page(uint8_t page);
void flash_write_dword(uint32_t addr, uint64_t data); void flash_write_dword(uint32_t addr, uint64_t data);
void flash_write(uint32_t addr, uint8_t * data, size_t sz); void flash_write(uint32_t addr, uint8_t * data, size_t sz);
void flash_option_bytes_init(int boot_from_dfu);
#define FLASH_PAGE_SIZE 2048 #define FLASH_PAGE_SIZE 2048

19
targets/stm32l442/src/led.c
View File

@ -6,6 +6,7 @@
#include "led.h" #include "led.h"
#include "device.h" #include "device.h"
#include "log.h"
void led_rgb(uint32_t hex) void led_rgb(uint32_t hex)
{ {
@ -46,9 +47,9 @@ void led_test_colors()
while(1) while(1)
{ {
printf("%d: %lu\r\n", j++, millis()); printf1(TAG_GREEN, "%d: %lu\r\n", j++, millis());
printf("white pulse\r\n"); printf1(TAG_GREEN,"white pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -56,7 +57,7 @@ void led_test_colors()
led_rgb(i | (i << 8) | (i << 16)); led_rgb(i | (i << 8) | (i << 16));
} }
printf("blue pulse\r\n"); printf1(TAG_GREEN,"blue pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -64,7 +65,7 @@ void led_test_colors()
led_rgb(i); led_rgb(i);
} }
printf("green pulse\r\n"); printf1(TAG_GREEN,"green pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -72,7 +73,7 @@ void led_test_colors()
led_rgb(i<<8); led_rgb(i<<8);
} }
printf("red pulse\r\n"); printf1(TAG_GREEN,"red pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -80,7 +81,7 @@ void led_test_colors()
led_rgb(i<<16); led_rgb(i<<16);
} }
printf("purple pulse\r\n"); printf1(TAG_GREEN,"purple pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -88,7 +89,7 @@ void led_test_colors()
led_rgb((i<<16) | i); led_rgb((i<<16) | i);
} }
printf("orange pulse\r\n"); printf1(TAG_GREEN,"orange pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -96,7 +97,7 @@ void led_test_colors()
led_rgb((i<<16) | (i<<8)); led_rgb((i<<16) | (i<<8));
} }
printf("yellow pulse\r\n"); printf1(TAG_GREEN,"yellow pulse\r\n");
time = millis(); time = millis();
while((millis() - time) < 5000) while((millis() - time) < 5000)
{ {
@ -105,5 +106,3 @@ void led_test_colors()
} }
} }
} }

5
targets/stm32l442/src/redirect.c
View File

@ -3,7 +3,7 @@
#include "app.h" #include "app.h"
#include "fifo.h" #include "fifo.h"
#if DEBUG_LEVEL>0
void _putchar(char c) void _putchar(char c)
{ {
@ -16,6 +16,8 @@ void _putchar(char c)
#endif #endif
} }
int _write (int fd, const void *buf, long int len) int _write (int fd, const void *buf, long int len)
{ {
uint8_t * data = (uint8_t *) buf; uint8_t * data = (uint8_t *) buf;
@ -26,3 +28,4 @@ int _write (int fd, const void *buf, long int len)
return 0; return 0;
} }
#endif