add wallet channel

fido2/log.c

@@ -31,6 +31,7 @@ struct logtag tagtable[] = {
     {TAG_GREEN,"DEBUG"},
     {TAG_RED,"DEBUG"},
     {TAG_TIME,"TIME"},
+    {TAG_WALLET,"WALLET"},
 };
 
 

fido2/log.h

@@ -25,6 +25,7 @@ typedef enum
     TAG_TIME= (1 << 11),
     TAG_HID = (1 << 12),
     TAG_USB = (1 << 13),
+    TAG_WALLET = (1 << 14),
 
     TAG_FILENO = (1<<31)
 } LOG_TAG;

fido2/main.c

@@ -27,6 +27,7 @@ int main(int argc, char * argv[])
 //            TAG_GEN|
             /*TAG_MC |*/
             /*TAG_GA |*/
+            TAG_WALLET |
             /*TAG_CP |*/
 //            TAG_CTAP|
 //            TAG_HID|

fido2/u2f.c

@@ -4,12 +4,13 @@
 #include "crypto.h"
 #include "log.h"
 #include "device.h"
+#include "app.h"
 
 // void u2f_response_writeback(uint8_t * buf, uint8_t len);
 static int16_t u2f_register(struct u2f_register_request * req);
 static int16_t u2f_version();
 static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control);
-static int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
+int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
 
 static CTAP_RESPONSE * _u2f_resp = NULL;
 
@@ -28,7 +29,43 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
         rcode = U2F_SW_CLASS_NOT_SUPPORTED;
         goto end;
     }
-
+#ifdef BRIDGE_TO_WALLET
+    struct u2f_authenticate_request * auth = (struct u2f_register_request *) req->payload;
+    if (req->ins == U2F_AUTHENTICATE)
+    {
+        if (req->p1 == U2F_AUTHENTICATE_CHECK)
+        {
+//            if (u2f_appid_eq(&req->kh, req->app) == 0)
+//            {
+//            	rcode =  U2F_SW_CONDITIONS_NOT_SATISFIED;
+//            }
+//            else
+//            {
+            	rcode =  U2F_SW_WRONG_DATA;
+//            }
+        }
+        else
+        {
+        	rcode = bridge_u2f_to_wallet(auth->chal, auth->app, auth->khl, &auth->kh);
+        }
+    }
+    else if (req->ins == U2F_VERSION)
+    {
+        printf1(TAG_U2F, "U2F_VERSION\n");
+        if (len)
+        {
+            rcode = U2F_SW_WRONG_LENGTH;
+        }
+        else
+        {
+            rcode = u2f_version();
+        }
+    }
+    else
+    {
+    	rcode = U2F_SW_INS_NOT_SUPPORTED;
+    }
+#else
     switch(req->ins)
     {
         case U2F_REGISTER:
@@ -73,7 +110,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
             rcode = U2F_SW_INS_NOT_SUPPORTED;
             break;
     }
-
+#endif
 
 end:
     if (rcode != U2F_SW_NO_ERROR)
@@ -91,7 +128,7 @@ end:
 }
 
 
-static int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)
+int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)
 {
     if ((_u2f_resp->length + len) > _u2f_resp->data_size)
     {

fido2/u2f.h

@@ -93,6 +93,9 @@ struct u2f_authenticate_request
 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
 
 
+int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
+
+
 //////////////////////////////////////////////////////////////////
 /* Platform specific functions that must be implemented by user */
 //////////////////////////////////////////////////////////////////

fido2/wallet.c

@@ -0,0 +1,63 @@
+/*
+ * wallet.c
+ *
+ *  Created on: Jul 7, 2018
+ *      Author: conor
+ */
+#include "wallet.h"
+#include "ctap.h"
+#include "u2f.h"
+#include "log.h"
+
+typedef enum
+{
+	WalletSign = 0x10,
+	WalletRegister = 0x11,
+	WalletPin = 0x12,
+} WalletOperation;
+
+
+int16_t bridge_u2f_to_wallet(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh)
+{
+	static uint8_t msg_buf[WALLET_MAX_BUFFER];
+	int reqlen = klen;
+
+	uint32_t count;
+	uint8_t up = 1;
+	uint8_t sig[72];
+
+
+
+	wallet_request * req = (wallet_request *) msg_buf;
+
+//	memmove(msg_buf, chal, 32);
+	memmove(msg_buf, keyh, klen);
+
+	count = ctap_atomic_count(0);
+
+	switch(req->operation)
+	{
+	case WalletSign:
+		printf1(TAG_WALLET,"WalletSign\n");
+		break;
+	case WalletRegister:
+		printf1(TAG_WALLET,"WalletRegister\n");
+		break;
+	case WalletPin:
+		printf1(TAG_WALLET,"WalletPin\n");
+		break;
+	default:
+		printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);
+		break;
+	}
+//	printf1(TAG_WALLET, "chal: "); dump_hex1(TAG_WALLET, chal,32);
+//	printf1(TAG_WALLET, "appid: "); dump_hex1(TAG_WALLET, appid,32);
+//	printf1(TAG_WALLET, "keyh: "); dump_hex1(TAG_WALLET, keyh,klen);
+//	printf1(TAG_WALLET, "u2f2wallet: "); dump_hex1(TAG_WALLET, msg_buf,reqlen);
+
+    u2f_response_writeback(&up,1);
+    u2f_response_writeback((uint8_t *)&count,4);
+    u2f_response_writeback(sig,72);
+
+	return U2F_SW_NO_ERROR;
+}

fido2/wallet.h

@@ -0,0 +1,65 @@
+/*
+ * wallet.h
+ *
+ *  Created on: Jul 7, 2018
+ *      Author: conor
+ */
+
+#ifndef WALLET_H_
+#define WALLET_H_
+
+#include <stdint.h>
+
+#define WALLET_MAX_BUFFER	(32 + 255)
+
+// Sign request
+// op: 					0x10
+// authType:			0x00 //sign?
+// reserved:			0x00 // mbedtls signature alg identifier
+// challenge-length:    1-255
+// challenge:			data[1-255]
+// keyID-length:		1-255
+// keyID:				data[1-255]
+
+// Resp: normal U2F auth response
+
+// Register request
+// op: 					0x11
+// formatType:			0x00 //sign?	[0x00: WIF, 0x01: raw]
+// keyType:				0x03 // mbedtls signature alg identifier
+// key-length:    		1-255
+// key:					data[1-255]
+
+
+// Resp: modded U2F auth response
+
+// PIN request
+// op: 					0x12
+// subcmd:				0x00	// Same as CTAP pin subcommands
+// reserved:			0x03 	// mbedtls signature alg identifier
+// publickey:    		data[64]
+// OR
+// pinAuth				data[64]
+// OR
+// pinHashEnc			data[64]
+// OR
+// newPinEnc			data[64]
+
+// key:					data[1-255]
+// keyID-length:		1-255
+// keyID:				data[1-255]
+
+// Resp: modded U2F auth response
+// Returns public key OR pinAuth
+
+
+typedef struct
+{
+	uint8_t operation;
+	uint8_t authType;
+	uint8_t keyType;
+} wallet_request;
+
+int16_t bridge_u2f_to_wallet(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
+
+#endif /* WALLET_H_ */