add u2f shell

u2f.c

@@ -0,0 +1,251 @@
+#include "u2f.h"
+#include "ctap.h"
+#include "crypto.h"
+#if 0
+
+// void u2f_response_writeback(uint8_t * buf, uint8_t len);
+static int16_t u2f_register(struct u2f_register_request * req);
+static int16_t u2f_version();
+static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control);
+
+void u2f_request(struct u2f_request_apdu * req)
+{
+    uint16_t * rcode = (uint16_t *)req;
+    uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
+
+    u2f_response_start();
+
+    if (req->cla != 0)
+    {
+        u2f_hid_set_len(2);
+        *rcode = U2F_SW_CLASS_NOT_SUPPORTED;
+        goto end;
+    }
+
+    switch(req->ins)
+    {
+        case U2F_REGISTER:
+            if (len != 64)
+            {
+                u2f_hid_set_len(2);
+                *rcode = U2F_SW_WRONG_LENGTH;
+            }
+            else
+            {
+                *rcode = u2f_register((struct u2f_register_request*)req->payload);
+            }
+            break;
+        case U2F_AUTHENTICATE:
+            *rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
+            break;
+        case U2F_VERSION:
+            if (len)
+            {
+                u2f_hid_set_len(2);
+                *rcode = U2F_SW_WRONG_LENGTH;
+            }
+            else
+            {
+                *rcode = u2f_version();
+            }
+            break;
+        case U2F_VENDOR_FIRST:
+        case U2F_VENDOR_LAST:
+            *rcode = U2F_SW_NO_ERROR;
+            break;
+        default:
+            u2f_hid_set_len(2);
+            *rcode = U2F_SW_INS_NOT_SUPPORTED;
+            break;
+    }
+
+end:
+    u2f_response_writeback((uint8_t*)rcode,2);
+    u2f_response_flush();
+}
+
+static uint8_t get_signature_length(uint8_t * sig)
+{
+    return 0x46 + ((sig[32] & 0x80) == 0x80) + ((sig[0] & 0x80) == 0x80);
+}
+
+static void dump_signature_der(uint8_t * sig)
+{
+    uint8_t pad_s = (sig[32] & 0x80) == 0x80;
+    uint8_t pad_r = (sig[0] & 0x80) == 0x80;
+    uint8_t i[] = {0x30, 0x44};
+    i[1] += (pad_s + pad_r);
+
+
+    // DER encoded signature
+    // write der sequence
+    // has to be minimum distance and padded with 0x00 if MSB is a 1.
+    u2f_response_writeback(i,2);
+    i[1] = 0;
+
+    // length of R value plus 0x00 pad if necessary
+    u2f_response_writeback("\x02",1);
+    i[0] = 0x20 + pad_r;
+    u2f_response_writeback(i,1 + pad_r);
+
+    // R value
+    u2f_response_writeback(sig, 32);
+
+    // length of S value plus 0x00 pad if necessary
+    u2f_response_writeback("\x02",1);
+    i[0] = 0x20 + pad_s;
+    u2f_response_writeback(i,1 + pad_s);
+
+    // S value
+    u2f_response_writeback(sig+32, 32);
+}
+
+int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid)
+{
+
+    return 0;
+}
+
+int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)
+{
+    crypto_ecc256_load_key(kh->key, U2F_KEY_HANDLE_KEY_SIZE, appid, U2F_APPLICATION_SIZE);
+    return 0;
+}
+
+void u2f_make_auth_tag(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * tag)
+{
+    uint8_t hashbuf[32];
+    crypto_sha256_hmac_init(NULL, 0, hashbuf);
+    crypto_sha256_update(kh->key, U2F_KEY_HANDLE_KEY_SIZE);
+    crypto_sha256_update(appid, );
+    crypto_sha256_hmac_final(hashbuf);
+
+    memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
+}
+
+
+
+static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
+{
+
+    uint8_t up = 1;
+    uint32_t count;
+
+    if (control == U2F_AUTHENTICATE_CHECK)
+    {
+        u2f_hid_set_len(2);
+        if (u2f_appid_eq(&req->kh, req->app) == 0)
+        {
+            return U2F_SW_CONDITIONS_NOT_SATISFIED;
+        }
+        else
+        {
+            return U2F_SW_WRONG_DATA;
+        }
+    }
+    if (
+            control != U2F_AUTHENTICATE_SIGN ||
+            req->khl != U2F_KEY_HANDLE_SIZE  ||
+            u2f_appid_eq(&req->kh, req->app) != 0 ||     // Order of checks is important
+            u2f_load_key(&req->kh, req->app) != 0
+
+        )
+    {
+        u2f_hid_set_len(2);
+        return U2F_SW_WRONG_PAYLOAD;
+    }
+
+
+
+    if (u2f_get_user_feedback())
+    {
+        u2f_hid_set_len(2);
+        return U2F_SW_CONDITIONS_NOT_SATISFIED;
+    }
+
+    count = u2f_count();
+
+    u2f_sha256_start();
+    u2f_sha256_update(req->app,32);
+    u2f_sha256_update(&up,1);
+    u2f_sha256_update((uint8_t *)&count,4);
+    u2f_sha256_update(req->chal,32);
+
+    u2f_sha256_finish();
+
+    if (u2f_ecdsa_sign((uint8_t*)req, req->kh, req->app) == -1)
+    {
+        return U2F_SW_WRONG_DATA+0x20;
+    }
+
+    u2f_hid_set_len(7 + get_signature_length((uint8_t*)req));
+
+    u2f_response_writeback(&up,1);
+    u2f_response_writeback((uint8_t *)&count,4);
+    dump_signature_der((uint8_t*)req);
+
+    return U2F_SW_NO_ERROR;
+}
+
+static int16_t u2f_register(struct u2f_register_request * req)
+{
+    uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};
+
+    uint8_t key_handle[U2F_KEY_HANDLE_SIZE];
+    uint8_t pubkey[64];
+
+
+    const uint16_t attest_size = u2f_attestation_cert_size();
+
+    if (u2f_get_user_feedback())
+    {
+        u2f_hid_set_len(2);
+        return U2F_SW_CONDITIONS_NOT_SATISFIED;
+    }
+
+    if ( u2f_new_keypair(key_handle, req->app, pubkey) == -1)
+    {
+        u2f_hid_set_len(2);
+        return U2F_SW_INSUFFICIENT_MEMORY;
+    }
+
+    u2f_sha256_start();
+    u2f_sha256_update(i,1);
+    u2f_sha256_update(req->app,32);
+
+    u2f_sha256_update(req->chal,32);
+
+    u2f_sha256_update(key_handle,U2F_KEY_HANDLE_SIZE);
+    u2f_sha256_update(i+1,1);
+    u2f_sha256_update(pubkey,64);
+    u2f_sha256_finish();
+
+    if (u2f_ecdsa_sign((uint8_t*)req, U2F_ATTESTATION_HANDLE, req->app) == -1)
+    {
+        return U2F_SW_WRONG_DATA;
+    }
+
+    u2f_hid_set_len(69 + get_signature_length((uint8_t*)req) + U2F_KEY_HANDLE_SIZE + u2f_attestation_cert_size());
+    i[0] = 0x5;
+    u2f_response_writeback(i,2);
+    u2f_response_writeback(pubkey,64);
+    i[0] = U2F_KEY_HANDLE_SIZE;
+    u2f_response_writeback(i,1);
+    u2f_response_writeback(key_handle,U2F_KEY_HANDLE_SIZE);
+
+    u2f_response_writeback(u2f_get_attestation_cert(),u2f_attestation_cert_size());
+
+    dump_signature_der((uint8_t*)req);
+
+
+    return U2F_SW_NO_ERROR;
+}
+
+static int16_t u2f_version()
+{
+    code const char version[] = "U2F_V2";
+    u2f_hid_set_len(2 + sizeof(version)-1);
+    u2f_response_writeback(version, sizeof(version)-1);
+    return U2F_SW_NO_ERROR;
+}
+#endif

u2f.h

@@ -0,0 +1,112 @@
+#ifndef _U2F_H_
+#define _U2F_H_
+
+#include <stdint.h>
+
+#define U2F_EC_FMT_UNCOMPRESSED             0x04
+
+#define U2F_EC_POINT_SIZE                   32
+#define U2F_EC_PUBKEY_SIZE                  65
+#define U2F_APDU_SIZE                       7
+#define U2F_CHALLENGE_SIZE                  32
+#define U2F_APPLICATION_SIZE                32
+#define U2F_KEY_HANDLE_TAG_SIZE             16
+#define U2F_KEY_HANDLE_KEY_SIZE             36
+#define U2F_KEY_HANDLE_SIZE                 (U2F_KEY_HANDLE_KEY_SIZE+U2F_KEY_HANDLE_TAG_SIZE)
+#define U2F_REGISTER_REQUEST_SIZE           (U2F_CHALLENGE_SIZE+U2F_APPLICATION_SIZE)
+#define U2F_MAX_REQUEST_PAYLOAD             (1 + U2F_CHALLENGE_SIZE+U2F_APPLICATION_SIZE + 1 + U2F_KEY_HANDLE_SIZE)
+
+
+// U2F native commands
+#define U2F_REGISTER                        0x01
+#define U2F_AUTHENTICATE                    0x02
+#define U2F_VERSION                         0x03
+#define U2F_VENDOR_FIRST                    0xc0
+#define U2F_VENDOR_LAST                     0xff
+
+// U2F_CMD_REGISTER command defines
+#define U2F_REGISTER_ID                     0x05
+#define U2F_REGISTER_HASH_ID                0x00
+
+// U2F Authenticate
+#define U2F_AUTHENTICATE_CHECK              0x7
+#define U2F_AUTHENTICATE_SIGN               0x3
+
+
+// Command status responses
+#define U2F_SW_NO_ERROR                     0x9000
+#define U2F_SW_WRONG_DATA                   0x6984
+#define U2F_SW_CONDITIONS_NOT_SATISFIED     0x6985
+#define U2F_SW_INS_NOT_SUPPORTED            0x6d00
+#define U2F_SW_WRONG_LENGTH                 0x6700
+#define U2F_SW_CLASS_NOT_SUPPORTED          0x6E00
+#define U2F_SW_WRONG_PAYLOAD                0x6a80
+#define U2F_SW_INSUFFICIENT_MEMORY          0x9210
+
+// Delay in milliseconds to wait for user input
+#define U2F_MS_USER_INPUT_WAIT              3000
+
+struct u2f_request_apdu
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint8_t LC1;
+    uint8_t LC2;
+    uint8_t LC3;
+    uint8_t payload[U2F_MAX_REQUEST_PAYLOAD];
+};
+
+struct u2f_ec_point
+{
+    uint8_t fmt;
+    uint8_t x[U2F_EC_POINT_SIZE];
+    uint8_t y[U2F_EC_POINT_SIZE];
+};
+
+struct u2f_register_request
+{
+    uint8_t chal[U2F_CHALLENGE_SIZE];
+    uint8_t app[U2F_APPLICATION_SIZE];
+};
+
+
+struct u2f_key_handle
+{
+    uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
+    uint8_t key[U2F_KEY_HANDLE_KEY_SIZE];
+};
+
+
+struct u2f_authenticate_request
+{
+    uint8_t chal[U2F_CHALLENGE_SIZE];
+    uint8_t app[U2F_APPLICATION_SIZE];
+    uint8_t khl;
+    struct u2f_key_handle kh;
+};
+
+// u2f_request send a U2F message to U2F protocol
+//  @req U2F message
+void u2f_request(struct u2f_request_apdu* req);
+
+
+//////////////////////////////////////////////////////////////////
+/* Platform specific functions that must be implemented by user */
+//////////////////////////////////////////////////////////////////
+
+// u2f_response_writeback callback for u2f to send back response data
+//  @buf data to write back
+//  @len length of buf in bytes
+extern void u2f_response_writeback(uint8_t * buf, uint16_t len);
+
+// u2f_response_flush callback when u2f finishes and will
+// indicate when all buffer data, if any, should be written
+extern void u2f_response_flush();
+
+// set_response_length method to set the total length of the response for use by underlying layer
+//  @len the length of U2F response in bytes
+extern void set_response_length(uint16_t len);
+
+#endif /* U2F_H_ */