diff --git a/fido2/crypto.c b/fido2/crypto.c index 35cf333..9c12921 100644 --- a/fido2/crypto.c +++ b/fido2/crypto.c @@ -18,7 +18,7 @@ #include "aes.h" #include "ctap.h" #include "device.h" -#include "app.h" +#include APP_CONFIG #ifdef USING_PC typedef enum diff --git a/fido2/ctap.c b/fido2/ctap.c index 8ac0a7a..43793e5 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -34,7 +34,7 @@ #include "util.h" #include "log.h" #include "device.h" -#include "app.h" +#include APP_CONFIG #include "wallet.h" #include "device.h" diff --git a/fido2/ctaphid.c b/fido2/ctaphid.c index e573405..2a30b28 100644 --- a/fido2/ctaphid.c +++ b/fido2/ctaphid.c @@ -30,7 +30,7 @@ #include "time.h" #include "util.h" #include "log.h" -#include "app.h" +#include APP_CONFIG typedef enum { @@ -616,6 +616,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw) break; #endif #ifndef DISABLE_CTAPHID_CBOR +#error rere case CTAPHID_CBOR: printf1(TAG_HID,"CTAPHID_CBOR\n"); diff --git a/fido2/device.h b/fido2/device.h index e07cc1e..027e7de 100644 --- a/fido2/device.h +++ b/fido2/device.h @@ -90,4 +90,7 @@ void ctap_store_rk(int index,CTAP_residentKey * rk); void ctap_load_rk(int index,CTAP_residentKey * rk); void ctap_overwrite_rk(int index,CTAP_residentKey * rk); +// Boot laoder application +int bootloader_bridge(uint8_t klen, uint8_t * keyh); + #endif diff --git a/fido2/extensions/extensions.c b/fido2/extensions/extensions.c index cfa0012..dd535be 100644 --- a/fido2/extensions/extensions.c +++ b/fido2/extensions/extensions.c @@ -23,9 +23,66 @@ #include "extensions.h" #include "u2f.h" #include "wallet.h" +#include "device.h" #include "log.h" + +int is_extension_request(uint8_t * kh, int len) +{ + wallet_request * req = (wallet_request *) kh; + + if (len < WALLET_MIN_LENGTH) + return 0; + + return memcmp(req->tag, WALLET_TAG, sizeof(WALLET_TAG)-1) == 0; +} + + +int extension_needs_atomic_count(uint8_t klen, uint8_t * keyh) +{ + return ((wallet_request *) keyh)->operation == WalletRegister + || ((wallet_request *) keyh)->operation == WalletSign; +} + +int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh) +{ + int8_t ret = 0; + uint32_t count; + uint8_t up = 1; + uint8_t sig[72]; + if (extension_needs_atomic_count(klen, keyh)) + { + count = ctap_atomic_count(0); + } + else + { + count = 10; + } + + u2f_response_writeback(&up,1); + u2f_response_writeback((uint8_t *)&count,4); + u2f_response_writeback((uint8_t *)&ret,1); +#ifdef IS_BOOTLOADER + ret = bootloader_bridge(klen, keyh); +#else + ret = bridge_u2f_to_wallet(_chal, _appid, klen, keyh); +#endif + + if (ret != 0) + { + u2f_reset_response(); + u2f_response_writeback(&up,1); + u2f_response_writeback((uint8_t *)&count,4); + + memset(sig,0,sizeof(sig)); + sig[0] = ret; + u2f_response_writeback(sig,72); + } + + return U2F_SW_NO_ERROR; +} + int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len) { @@ -37,7 +94,7 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len) if (req->p1 == U2F_AUTHENTICATE_CHECK) { - if (is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests + if (is_extension_request((uint8_t *) &auth->kh, auth->khl)) // Pin requests { rcode = U2F_SW_CONDITIONS_NOT_SATISFIED; } @@ -50,13 +107,13 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len) } else { - if ( ! is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests + if ( ! is_extension_request((uint8_t *) &auth->kh, auth->khl)) // Pin requests { rcode = U2F_SW_WRONG_PAYLOAD; printf1(TAG_WALLET,"Ignoring U2F request\n"); goto end; } - rcode = bridge_u2f_to_wallet(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh); + rcode = bridge_u2f_to_extensions(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh); } } else if (req->ins == U2F_VERSION) diff --git a/fido2/extensions/wallet.c b/fido2/extensions/wallet.c index c93bb1a..9241a9b 100644 --- a/fido2/extensions/wallet.c +++ b/fido2/extensions/wallet.c @@ -20,7 +20,7 @@ SOFTWARE. */ #include "wallet.h" -#include "app.h" +#include APP_CONFIG #include "ctap.h" #include "ctap_errors.h" #include "crypto.h" @@ -52,26 +52,6 @@ typedef enum #endif -typedef enum -{ - WalletSign = 0x10, - WalletRegister = 0x11, - WalletPin = 0x12, - WalletReset= 0x13, - WalletVersion= 0x14, - WalletRng = 0x15, -} WalletOperation; - -int is_wallet_device(uint8_t * kh, int len) -{ - wallet_request * req = (wallet_request *) kh; - - if (len < WALLET_MIN_LENGTH) - return 0; - - return memcmp(req->tag, WALLET_TAG, sizeof(WALLET_TAG)-1) == 0; -} - // return 1 if hash is valid, 0 otherwise int check_pinhash(uint8_t * pinAuth, uint8_t * msg, uint8_t len) { @@ -200,8 +180,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui int reqlen = klen; int i; int8_t ret = 0; - uint32_t count; - uint8_t up = 1; + uint8_t sig[200]; uint8_t * args[5] = {NULL,NULL,NULL,NULL,NULL}; @@ -222,21 +201,6 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui printf1(TAG_WALLET, "u2f2wallet [%d]: ",reqlen); dump_hex1(TAG_WALLET, msg_buf,reqlen); - if (req->operation == WalletRegister || req->operation == WalletSign) - { - count = ctap_atomic_count(0); - } - else - { - count = 10; - } - - u2f_response_writeback(&up,1); - u2f_response_writeback((uint8_t *)&count,4); - u2f_response_writeback((uint8_t *)&ret,1); - -#ifndef IS_BOOTLOADER - int offset = 0; for (i = 0; i < MIN(5,req->numArgs); i++) { @@ -466,24 +430,8 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui ret = CTAP1_ERR_INVALID_COMMAND; break; } -#else - ret = bootloader_bridge(klen, keyh); -#endif cleanup: - if (ret != 0) - { - u2f_reset_response(); - u2f_response_writeback(&up,1); - u2f_response_writeback((uint8_t *)&count,4); - memset(sig,0,sizeof(sig)); - sig[0] = ret; - u2f_response_writeback(sig,72); - } - else - { - /*u2f_response_writeback(sig,sizeof(sig));*/ - } - return U2F_SW_NO_ERROR; + return ret; } diff --git a/fido2/extensions/wallet.h b/fido2/extensions/wallet.h index 349467c..a6e9676 100644 --- a/fido2/extensions/wallet.h +++ b/fido2/extensions/wallet.h @@ -92,10 +92,21 @@ typedef struct }__attribute__((packed)) wallet_request; -int16_t bridge_u2f_to_wallet(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh); +typedef enum +{ + WalletSign = 0x10, + WalletRegister = 0x11, + WalletPin = 0x12, + WalletReset= 0x13, + WalletVersion= 0x14, + WalletRng = 0x15, +} WalletOperation; + + +int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh); // return 1 if request is a wallet request -int is_wallet_device(uint8_t * req, int len); +int is_extension_request(uint8_t * req, int len); void wallet_init(); diff --git a/fido2/log.h b/fido2/log.h index 3f0ba33..12a9a09 100644 --- a/fido2/log.h +++ b/fido2/log.h @@ -22,7 +22,7 @@ #ifndef _LOG_H #define _LOG_H -#include "app.h" +#include APP_CONFIG #include #ifndef DEBUG_LEVEL diff --git a/fido2/main.c b/fido2/main.c index 8c2cdb3..bb09ac0 100644 --- a/fido2/main.c +++ b/fido2/main.c @@ -30,7 +30,7 @@ #include "util.h" #include "log.h" #include "ctap.h" -#include "app.h" +#include APP_CONFIG #if !defined(TEST) diff --git a/fido2/test_power.c b/fido2/test_power.c index 38e2b4f..ef62b00 100644 --- a/fido2/test_power.c +++ b/fido2/test_power.c @@ -19,7 +19,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#include "app.h" +#include APP_CONFIG #ifdef TEST_POWER /* diff --git a/fido2/u2f.c b/fido2/u2f.c index 22b98ff..3a4f690 100644 --- a/fido2/u2f.c +++ b/fido2/u2f.c @@ -26,7 +26,7 @@ #include "log.h" #include "device.h" #include "wallet.h" -#include "app.h" +#include APP_CONFIG // void u2f_response_writeback(uint8_t * buf, uint8_t len); static int16_t u2f_register(struct u2f_register_request * req); @@ -284,8 +284,6 @@ static int16_t u2f_register(struct u2f_register_request * req) crypto_ecc256_load_attestation_key(); - /*printf("check key handle size: %d vs %d\n", U2F_KEY_HANDLE_SIZE, sizeof(struct u2f_key_handle));*/ - printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32); crypto_ecc256_sign(hash, 32, sig); diff --git a/targets/stm32l442/Makefile b/targets/stm32l442/Makefile index 54209d2..5c13eac 100644 --- a/targets/stm32l442/Makefile +++ b/targets/stm32l442/Makefile @@ -10,7 +10,7 @@ SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c) # FIDO2 lib -SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c ../../fido2/test_power.c +SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c SRC += ../../fido2/ctap_parse.c ../../fido2/main.c @@ -39,7 +39,7 @@ HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb # Solo CHIP=STM32L442xx -DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER +DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"app.h\" # DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1 CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW) @@ -67,6 +67,9 @@ all: $(TARGET).elf %.hex: %.elf $(CP) -O ihex $^ $(TARGET).hex +bootloader: + make -f bootloader.mk + clean: rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ) diff --git a/targets/stm32l442/bootloader.mk b/targets/stm32l442/bootloader.mk new file mode 100644 index 0000000..409f58f --- /dev/null +++ b/targets/stm32l442/bootloader.mk @@ -0,0 +1,81 @@ +CC=arm-none-eabi-gcc +CP=arm-none-eabi-objcopy +SZ=arm-none-eabi-size +AR=arm-none-eabi-ar + +# ST related +SRC = bootloader/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c +SRC += src/fifo.c src/crypto.c src/attestation.c +SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c +SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c) + +# FIDO2 lib +SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/extensions/extensions.c +SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c + +# Crypto libs +SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c + + +OBJ1=$(SRC:.c=.o) +OBJ=$(OBJ1:.s=.o) + +INC = -Ibootloader/ -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions +INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc +INC += -I../../crypto/tiny-AES-c + +LDSCRIPT=stm32l432xx.ld + +CFLAGS= $(INC) + +TARGET=solo +HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb + +# Nucleo board +#CHIP=STM32L432xx +# Solo +CHIP=STM32L442xx + +DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"bootloader.h\" +# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1 + +CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW) +LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -lnosys +LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref + + +.PRECIOUS: %.o + +all: $(TARGET).elf + $(SZ) $^ + +%.o: %.c + $(CC) $^ $(HW) -Os $(CFLAGS) -o $@ + +../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c + $(CC) $^ $(HW) -Os $(CFLAGS) -o $@ + +%.o: %.s + $(CC) $^ $(HW) -Os $(CFLAGS) -o $@ + +%.elf: $(OBJ) + $(CC) $^ $(HW) $(LDFLAGS) -o $@ + +%.hex: %.elf + $(CP) -O ihex $^ $(TARGET).hex + +clean: + rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ) + +flash: $(TARGET).hex + STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect + STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst + +detach: + STM32_Programmer_CLI -c port=usb1 -ob nBOOT0=1 + +cbor: + cd ../../tinycbor/ && make clean + cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \ +LDFLAGS="$(LDFLAGS_LIB)" \ +CFLAGS="$(CFLAGS)" diff --git a/targets/stm32l442/bootloader/bootloader.h b/targets/stm32l442/bootloader/bootloader.h new file mode 100644 index 0000000..98d5fb0 --- /dev/null +++ b/targets/stm32l442/bootloader/bootloader.h @@ -0,0 +1,38 @@ +#ifndef _APP_H_ +#define _APP_H_ +#include + +#define DEBUG_UART USART1 + +#define DEBUG_LEVEL 0 + +#define NON_BLOCK_PRINTING 0 + + +#define BOOT_TO_DFU 0 + + +#define IS_BOOTLOADER 1 +#define ENABLE_U2F_EXTENSIONS +// #define ENABLE_U2F + +#define DISABLE_CTAPHID_PING +#define DISABLE_CTAPHID_WINK +#define DISABLE_CTAPHID_CBOR + +void printing_init(); +void hw_init(void); + +//#define TEST +//#define TEST_POWER + +#define LED_INIT_VALUE 0x001000 + +// Button +#define SOLO_BUTTON_PORT GPIOA +#define SOLO_BUTTON_PIN LL_GPIO_PIN_0 + +#define SKIP_BUTTON_CHECK_WITH_DELAY 0 +#define SKIP_BUTTON_CHECK_FAST 1 + +#endif diff --git a/targets/stm32l442/bootloader/main.c b/targets/stm32l442/bootloader/main.c new file mode 100644 index 0000000..9139f14 --- /dev/null +++ b/targets/stm32l442/bootloader/main.c @@ -0,0 +1,105 @@ +/* + Copyright 2018 Conor Patrick + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +*/ +#include +#include +#include + +#include "cbor.h" +#include "device.h" +#include "ctaphid.h" +//#include "bsp.h" +#include "util.h" +#include "log.h" +#include "ctap.h" +#include "app.h" + +uint8_t REBOOT_FLAG = 0; + +#if !defined(TEST) + +int main(int argc, char * argv[]) +{ + uint8_t hidmsg[64]; + uint32_t t1 = 0; + + set_logging_mask( + /*0*/ + // TAG_GEN| + // TAG_MC | + // TAG_GA | + // TAG_WALLET | + TAG_STOR | + // TAG_CP | + // TAG_CTAP| + // TAG_HID| + /*TAG_U2F|*/ + // TAG_PARSE | + // TAG_TIME| + // TAG_DUMP| + TAG_GREEN| + TAG_RED| + TAG_ERR + ); + + device_init(); + printf1(TAG_GEN,"init device\n"); + + printf1(TAG_GEN,"init ctaphid\n"); + ctaphid_init(); + + printf1(TAG_GEN,"init ctap\n"); + ctap_init(); + + memset(hidmsg,0,sizeof(hidmsg)); + + printf1(TAG_GEN,"recv'ing hid msg \n"); + + + while(1) + { + if (millis() - t1 > 100) + { + /*printf("heartbeat %ld\n", beat++);*/ + heartbeat(); + t1 = millis(); + } + + device_manage(); + + if (usbhid_recv(hidmsg) > 0) + { + ctaphid_handle_packet(hidmsg); + memset(hidmsg, 0, sizeof(hidmsg)); + } + else + { + } + ctaphid_check_timeouts(); + } + + // Should never get here + usbhid_close(); + printf1(TAG_GREEN, "done\n"); + return 0; +} + +#endif diff --git a/targets/stm32l442/src/app.h b/targets/stm32l442/src/app.h index a05b461..f506427 100644 --- a/targets/stm32l442/src/app.h +++ b/targets/stm32l442/src/app.h @@ -4,7 +4,7 @@ #define DEBUG_UART USART1 -#define DEBUG_LEVEL 0 +#define DEBUG_LEVEL 1 #define NON_BLOCK_PRINTING 0 diff --git a/targets/stm32l442/src/crypto.c b/targets/stm32l442/src/crypto.c index be437b8..9bab3d4 100644 --- a/targets/stm32l442/src/crypto.c +++ b/targets/stm32l442/src/crypto.c @@ -18,7 +18,7 @@ #include "aes.h" #include "ctap.h" #include "device.h" -#include "app.h" +#include APP_CONFIG #include "log.h" diff --git a/targets/stm32l442/src/device.c b/targets/stm32l442/src/device.c index 7979173..30bd620 100644 --- a/targets/stm32l442/src/device.c +++ b/targets/stm32l442/src/device.c @@ -7,7 +7,7 @@ #include "stm32l4xx_ll_usart.h" #include "usbd_hid.h" -#include "app.h" +#include APP_CONFIG #include "flash.h" #include "rng.h" #include "led.h" @@ -17,6 +17,8 @@ #include "log.h" #include "ctaphid.h" #include "ctap.h" +#include "crypto.h" +#include "uECC.h" #define PAGE_SIZE 2048 @@ -36,9 +38,9 @@ #define APPLICATION_START_ADDR flash_addr(APPLICATION_START_PAGE) #define APPLICATION_END_PAGE ((PAGES - 19)) // 119 is NOT included in application -#define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-4) // NOT included in application +#define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-8) // NOT included in application -#define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-4) +#define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-8) uint32_t __90_ms = 0; uint32_t __device_status = 0; @@ -497,3 +499,134 @@ void _Error_Handler(char *file, int line) { } } + + +#ifdef IS_BOOTLOADER + +extern uint8_t REBOOT_FLAG; + +typedef enum +{ + BootWrite = 0x40, + BootDone = 0x41, + BootCheck = 0x42, + BootErase = 0x43, +} WalletOperation; + + +typedef struct { + uint8_t op; + uint8_t addr[3]; + uint8_t tag[4]; + uint8_t len; + uint8_t payload[255 - 9]; +} __attribute__((packed)) BootloaderReq; + +//#define APPLICATION_START_ADDR 0x8000 +//#define APPLICATION_START_PAGE (0x8000/PAGE_SIZE) + +//#define APPLICATION_END_ADDR (PAGE_SIZE*125-4) // NOT included in application + +static void erase_application() +{ + int page; + for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++) + { + flash_erase_page(page); + } +} + +static void authorize_application() +{ + uint32_t zero = 0; + uint32_t * ptr; + ptr = (uint32_t *)AUTH_WORD_ADDR; + flash_write((uint32_t)ptr, (uint8_t *)&zero, 4); +} +static int is_authorized_to_boot() +{ + uint32_t * auth = (uint32_t *)AUTH_WORD_ADDR; + return *auth == 0; +} + +int bootloader_bridge(uint8_t klen, uint8_t * keyh) +{ + static int has_erased = 0; + BootloaderReq * req = (BootloaderReq * )keyh; + uint8_t payload[256]; + uint8_t hash[32]; + uint8_t * pubkey = (uint8_t*)"\x57\xe6\x80\x39\x56\x46\x2f\x0c\x95\xac\x72\x71\xf0\xbc\xe8\x2d\x67\xd0\x59\x29\x2e\x15\x22\x89\x6a\xbd\x3f\x7f\x27\xf3\xc0\xc6\xe2\xd7\x7d\x8a\x9f\xcc\x53\xc5\x91\xb2\x0c\x9c\x3b\x4e\xa4\x87\x31\x67\xb4\xa9\x4b\x0e\x8d\x06\x67\xd8\xc5\xef\x2c\x50\x4a\x55"; + const struct uECC_Curve_t * curve = NULL; + + /*printf("bootloader_bridge\n");*/ + if (req->len > 255-9) + { + return CTAP1_ERR_INVALID_LENGTH; + } + + memset(payload, 0xff, sizeof(payload)); + memmove(payload, req->payload, req->len); + + uint32_t addr = (*((uint32_t*)req->addr)) & 0xffffff; + + uint32_t * ptr = (uint32_t *)addr; + + switch(req->op){ + case BootWrite: + /*printf("BootWrite 0x%08x\n", addr);*/ + if ((uint32_t)ptr < APPLICATION_START_ADDR || (uint32_t)ptr >= APPLICATION_END_ADDR) + { + return CTAP2_ERR_NOT_ALLOWED; + } + + if (!has_erased) + { + erase_application(); + has_erased = 1; + } + if (is_authorized_to_boot()) + { + printf2(TAG_ERR, "Error, boot check bypassed\n"); + exit(1); + } + flash_write((uint32_t)ptr,payload, req->len + (req->len%4)); + break; + case BootDone: + // printf("BootDone\n"); + ptr = (uint32_t *)APPLICATION_START_ADDR; + crypto_sha256_init(); + crypto_sha256_update(ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR); + crypto_sha256_final(hash); + // printf("hash: "); dump_hex(hash, 32); + // printf("sig: "); dump_hex(payload, 64); + curve = uECC_secp256r1(); + + if (! uECC_verify(pubkey, + hash, + 32, + payload, + curve)) + { + return CTAP2_ERR_OPERATION_DENIED; + } + authorize_application(); + REBOOT_FLAG = 1; + break; + case BootCheck: + /*printf("BootCheck\n");*/ + return 0; + break; + case BootErase: + /*printf("BootErase\n");*/ + erase_application(); + return 0; + break; + default: + return CTAP1_ERR_INVALID_COMMAND; + } + return 0; +} + + + +#endif diff --git a/targets/stm32l442/src/fifo.h b/targets/stm32l442/src/fifo.h index 115e04f..2b6b868 100644 --- a/targets/stm32l442/src/fifo.h +++ b/targets/stm32l442/src/fifo.h @@ -1,7 +1,7 @@ #ifndef _FIFO_H_ #define _FIFO_H_ -#include "app.h" +#include APP_CONFIG #ifndef TEST_FIFO #define TEST_FIFO 0 diff --git a/targets/stm32l442/src/flash.c b/targets/stm32l442/src/flash.c index f6254a8..63f6f7a 100644 --- a/targets/stm32l442/src/flash.c +++ b/targets/stm32l442/src/flash.c @@ -3,7 +3,7 @@ #include #include "stm32l4xx.h" -#include "app.h" +#include APP_CONFIG #include "flash.h" #include "log.h" #include "device.h" diff --git a/targets/stm32l442/src/main.c b/targets/stm32l442/src/main.c index 25e9a5c..e1a4ac0 100644 --- a/targets/stm32l442/src/main.c +++ b/targets/stm32l442/src/main.c @@ -20,7 +20,7 @@ #include "usbd_hid.h" /*#include "usbd_hid.h"*/ -#include "app.h" +#include APP_CONFIG #include "flash.h" #include "rng.h" #include "led.h" diff --git a/targets/stm32l442/src/redirect.c b/targets/stm32l442/src/redirect.c index 5c8dbf4..e75b183 100644 --- a/targets/stm32l442/src/redirect.c +++ b/targets/stm32l442/src/redirect.c @@ -1,6 +1,6 @@ #include "stm32l4xx_ll_usart.h" -#include "app.h" +#include APP_CONFIG #include "fifo.h" #if DEBUG_LEVEL>0