use persisted key info

Fido2 conformance

.gitignore

@@ -81,15 +81,5 @@ env3/
 .tags*
 targets/*/docs/
 main
-targets/efm32/.project
-targets/efm32/.settings/com.silabs.ss.framework.ide.project.sls.core.prefs
-targets/efm32/.settings/org.eclipse.cdt.codan.core.prefs
-targets/efm32/CMSIS/EFM32PG1B/startup_gcc_efm32pg1b.s
-targets/efm32/CMSIS/EFM32PG1B/system_efm32pg1b.c
-targets/efm32/EFM32.hwconf
-targets/efm32/EFM32_EFM32JG1B200F128GM32.hwconf
-targets/efm32/emlib/em_adc.c
-targets/efm32/emlib/em_assert.c
-targets/efm32/emlib/em_cmu.c
 
 builds/*

.gitmodules

@@ -1,9 +1,6 @@
 [submodule "tinycbor"]
 	path = tinycbor
 	url = https://github.com/intel/tinycbor
-[submodule "python-fido2"]
-	path = python-fido2
-	url = https://github.com/solokeys/python-fido2
 [submodule "crypto/micro-ecc"]
 	path = crypto/micro-ecc
 	url = https://github.com/kmackay/micro-ecc.git
@@ -13,3 +10,6 @@
 [submodule "targets/stm32l442/dfuse-tool"]
 	path = targets/stm32l442/dfuse-tool
     url = https://github.com/solokeys/dfuse-tool
+[submodule "crypto/cifra"]
+	path = crypto/cifra
+	url = https://github.com/solokeys/cifra.git

99-solo.rules

@@ -1,28 +0,0 @@
-# Notify ModemManager this device should be ignored
-ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
-SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
-ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
-
-ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
-
-LABEL="mm_usb_device_blacklist_end"
-
-
-# Solo
-
-## bootloader + firmware access
-ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", GROUP="plugdev"
-
-## DFU access
-ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess", GROUP="plugdev"
-
-## Solo Secure symlink
-SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo [1-9]*", SYMLINK+="solokey"
-## Solo Hacker symlink
-SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo Hacker [1-9]*", SYMLINK+="solohacker"
-## Solo Serial access + symlink
-SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", GROUP="plugdev", SYMLINK+="soloserial"
-
-
-# U2F Zero
-SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", SYMLINK+="u2fzero"

99-solo.rules

@@ -0,0 +1 @@
+udev/70-solokeys-access.rules

ALPHA_VERSION

@@ -0,0 +1 @@
+2.0.0

CHANGELOG.md

@@ -1,17 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [Unreleased]
-
-## [1.1.0] - 2019-02-17
-### Added
-- Code cleanup
-- Buffer over-read bug fix
-- U2F counter endianness bug fix
-- More testing
-- Extension interface to U2F and FIDO2
-    - Read firmware version
-    - Read RNG bytes

Dockerfile

@@ -14,7 +14,7 @@ RUN echo "fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52  gcc.
 RUN sha256sum -c gcc.sha256
 RUN tar -C /opt -xf gcc.tar.bz2
 
-# 2. Python3.7: for solotool (merging etc.)
+# 2. Python3.7: for solo-python (merging etc.)
 RUN wget -q -O miniconda.sh https://repo.anaconda.com/miniconda/Miniconda3-4.5.12-Linux-x86_64.sh
 #   from website
 RUN echo "866ae9dff53ad0874e1d1a60b1ad1ef8  miniconda.sh" > miniconda.md5
@@ -24,8 +24,10 @@ RUN echo "e5e5b4cd2a918e0e96b395534222773f7241dc59d776db1b9f7fedfcb489157a  mini
 RUN sha256sum -c miniconda.sha256
 
 RUN bash ./miniconda.sh -b -p /opt/conda
-RUN ln -s /opt/conda/bin/python3 /usr/local/bin/python3
-RUN ln -s /opt/conda/bin/python3 /usr/local/bin/python
+RUN ln -s /opt/conda/bin/python /usr/local/bin/python3
+RUN ln -s /opt/conda/bin/python /usr/local/bin/python
+RUN ln -s /opt/conda/bin/pip /usr/local/bin/pip3
+RUN ln -s /opt/conda/bin/pip /usr/local/bin/pip
 
 # 3. Source code
 RUN git clone --recurse-submodules https://github.com/solokeys/solo /solo --config core.autocrlf=input

LICENSE

@@ -0,0 +1 @@
+Apache-2.0 OR MIT

Makefile

@@ -9,7 +9,9 @@
 
 ecc_platform=2
 
-src = $(wildcard pc/*.c) $(wildcard fido2/*.c) $(wildcard crypto/sha256/*.c) crypto/tiny-AES-c/aes.c
+src = $(wildcard pc/*.c) $(wildcard fido2/*.c) $(wildcard fido2/extensions/*.c) \
+	$(wildcard crypto/sha256/*.c) crypto/tiny-AES-c/aes.c
+
 obj = $(src:.c=.o) crypto/micro-ecc/uECC.o
 
 LIBCBOR = tinycbor/lib/libtinycbor.a
@@ -20,9 +22,20 @@ else
   export LDFLAGS = -Wl,--gc-sections
 endif
 LDFLAGS += $(LIBCBOR)
-CFLAGS = -O2 -fdata-sections -ffunction-sections
+
+VERSION:=$(shell git describe --abbrev=0 )
+VERSION_FULL:=$(shell git describe)
+VERSION_MAJ:=$(shell python -c 'print("$(VERSION)".split(".")[0])')
+VERSION_MIN:=$(shell python -c 'print("$(VERSION)".split(".")[1])')
+VERSION_PAT:=$(shell python -c 'print("$(VERSION)".split(".")[2])')
+
+VERSION_FLAGS= -DSOLO_VERSION_MAJ=$(VERSION_MAJ) -DSOLO_VERSION_MIN=$(VERSION_MIN) \
+	-DSOLO_VERSION_PATCH=$(VERSION_PAT) -DSOLO_VERSION=\"$(VERSION_FULL)\"
+
+CFLAGS = -O2 -fdata-sections -ffunction-sections $(VERSION_FLAGS) -g
 
 INCLUDES = -I./tinycbor/src -I./crypto/sha256 -I./crypto/micro-ecc/ -Icrypto/tiny-AES-c/ -I./fido2/ -I./pc -I./fido2/extensions
+INCLUDES += -I./crypto/cifra/src
 
 CFLAGS += $(INCLUDES)
 # for crypto/tiny-AES-c
@@ -40,7 +53,7 @@ tinycbor/Makefile crypto/tiny-AES-c/aes.c:
 cbor: $(LIBCBOR)
 
 $(LIBCBOR):
-	cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8
+	cd tinycbor/ && $(MAKE) clean && $(MAKE)  LDFLAGS='' -j8
 
 version:
 	@git describe
@@ -61,6 +74,7 @@ crypto/micro-ecc/uECC.o: ./crypto/micro-ecc/uECC.c
 
 venv:
 	python3 -m venv venv
+	venv/bin/pip -q install --upgrade pip
 	venv/bin/pip -q install --upgrade -r tools/requirements.txt
 	venv/bin/pip -q install --upgrade black
 
@@ -69,7 +83,7 @@ black: venv
 	venv/bin/black --skip-string-normalization --check tools/
 
 wink: venv
-	venv/bin/python tools/solotool.py solo --wink
+	venv/bin/solo key wink
 
 fido2-test: venv
 	venv/bin/python tools/ctap_test.py
@@ -80,7 +94,12 @@ docker-build:
 	docker build -t $(DOCKER_IMAGE) .
 	docker run --rm -v "$(CURDIR)/builds:/builds" \
 				    -v "$(CURDIR)/in-docker-build.sh:/in-docker-build.sh" \
-				    $(DOCKER_IMAGE) /in-docker-build.sh $(SOLO_VERSIONISH)
+				    $(DOCKER_IMAGE) "./in-docker-build.sh" $(SOLO_VERSIONISH)
+uncached-docker-build:
+	docker build --no-cache -t $(DOCKER_IMAGE) .
+	docker run --rm -v "$(CURDIR)/builds:/builds" \
+				    -v "$(CURDIR)/in-docker-build.sh:/in-docker-build.sh" \
+				    $(DOCKER_IMAGE) "./in-docker-build.sh" $(SOLO_VERSIONISH)
 
 CPPCHECK_FLAGS=--quiet --error-exitcode=2
 

README.md

@@ -4,6 +4,12 @@
 [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo?ref=badge_shield)
 
+[![latest release](https://img.shields.io/github/release/solokeys/solo.svg)](https://github.com/solokeys/solo/releases)
+[![commits since last release](https://img.shields.io/github/commits-since/solokeys/solo/latest.svg)](https://github.com/solokeys/solo/commits/master)
+[![last commit](https://img.shields.io/github/last-commit/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
+[![commit activity](https://img.shields.io/github/commit-activity/m/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
+[![contributors](https://img.shields.io/github/contributors/solokeys/solo.svg)](https://github.com/solokeys/solo/graphs/contributors)
+
 
 # Solo
 
@@ -11,9 +17,9 @@ Solo is an open source security key, and you can get one at [solokeys.com](https
 
 Solo supports FIDO2 and U2F standards for strong two-factor authentication and password-less login, and it will protect you against phishing and other online attacks. With colored cases and multilingual guides we want to make secure login more personable and accessible to everyone around the globe.
 
-<img src="https://solokeys.com/images/photos/hero-on-white-cropped.png" width="600">
+<img src="https://static.solokeys.com/images/photos/hero-on-white-cropped.png" width="600">
 
-This repo contains the Solo firmware, including implementations of FIDO2 and U2F (CTAP2 and CTAP) over USB and NFC. The main implementation is for STM32L432, and it's ported to NRF52840 and EFM32J.
+This repo contains the Solo firmware, including implementations of FIDO2 and U2F (CTAP2 and CTAP) over USB and NFC. The main implementation is for STM32L432, but it is easily portable.
 
 For development no hardware is needed, Solo also runs as a standalone application for Windows, Linux, and Mac OSX. If you like (or want to learn) hardware instead, you can run Solo on the NUCLEO-L432KC development board, or we make Solo for Hacker, an unlocked version of Solo that lets you customize its firmware.
 
@@ -33,7 +39,7 @@ Solo is based on the STM32L432 microcontroller. It offers the following security
 
 Solo for Hacker is a special version of Solo that let you customize its firmware, for example you can change the LED color, and even build advanced applications.
 
-You can only buy Solo for Hacker at [solokeys.com](https://solokeys.com), as we don't sell it on Amazon and other places to avoid confusing customers. If you buy a Hacker, you can permanently lock it into a regular Solo, but viceversa you can NOT take a regular Solo and turn it a Hacker.
+Check out [solokeys.com](https://solokeys.com), for options on where to buy Solo.  Solo Hacker can be converted to a secure version, but normal Solo cannot be converted to a Hacker version.
 
 If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.io/solo/building/). We only support Python3.
 
@@ -48,24 +54,22 @@ cd ../..
 
 make venv
 source venv/bin/activate
-python tools/solotool.py program targets/stm32l432/solo.hex
+solo program aux enter-bootloader
+solo program bootloader targets/stm32l432/solo.hex
 ```
 
 Alternatively, run `make docker-build` and use the firmware generated in `/tmp`.
 
 If you forgot the `--recurse-submodules` when cloning, simply `git submodule update --init --recursive`.
 
-For example, if you want to turn off any blue light emission, you can edit [`led_rgb()`](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/led.c#L15) and force:
-```
-uint32_t b = 0;
-```
+For example, if you want to turn off any blue light emission, you can edit [`led_rgb()`](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h#L48) and change `LED_INIT_VALUE`
+to be a different hex color.
 
-Then recompile, load your new firmware, and enjoy a blue-light-free version of Solo.
+Then recompile, load your new firmware, and enjoy a different LED color Solo.
 
-In the Hacker version, hardware is the same and firmware is unlocked, in the sense that you can 1) load an unsigned application, or 2) entirely reflash the key. By contrast, in a regular Solo you can only upgrade to a firmware signed by SoloKeys, and flash is locked and debug disabled permanently.
-
-A frequently asked question is whether Solo for Hacker is less secure than regular Solo. The answer is certainly yes, and therefore we only recommend to use Solo for Hacker for development, experimentation, and fun. An attacker with physical access to a Solo for Hacker can reflash it following the steps above, and even a malware on your computer could possibly reflash it.
+In the Hacker version, hardware is the same but the firmware is unlocked, so you can 1) load an unsigned application, or 2) entirely reflash the key. By contrast, in a regular Solo you can only upgrade to a firmware signed by SoloKeys, and flash is locked and debug disabled permanently.
 
+Hacker Solo isn't really secure so you should only use it for development. An attacker with physical access to a Solo for Hacker can reflash it following the steps above, and even a malware on your computer could possibly reflash it.
 
 # Developing Solo (No Hardware Needed)
 
@@ -82,7 +86,7 @@ This builds Solo as a standalone application. Solo application is set up to send
 Testing can be done using our fork of Yubico's client software, python-fido2. Our fork of python-fido2 has small changes to make it send USB HID over UDP to the authenticator application. You can install our fork by running the following:
 
 ```bash
-cd python-fido2 && python setup.py install
+pip install -r tools/requirements.txt
 ```
 
 Run the Solo application:
@@ -92,12 +96,7 @@ Run the Solo application:
 
 In another shell, you can run client software, for example our tests:
 ```bash
-python tools/ctap_test.py
-```
-
-Or any client example such as:
-```bash
-python python-fido2/examples/credential.py
+python tools/ctap_test.py sim fido2
 ```
 
 You can find more details in our [documentation](https://docs.solokeys.io/solo/), including how to build on the the NUCLEO-L432KC development board.
@@ -120,8 +119,15 @@ Look at the issues to see what is currently being worked on. Feel free to add is
 # License
 
 Solo is fully open source.
+
 All software, unless otherwise noted, is dual licensed under Apache 2.0 and MIT.
-You may use Solo under the terms of either the Apache 2.0 license or MIT license.
+You may use Solo software under the terms of either the Apache 2.0 license or MIT license.
+
+All hardware, unless otherwise noted, is dual licensed under CERN and CC-BY-SA.
+You may use Solo hardware under the terms of either the CERN 2.1 license or CC-BY-SA 4.0 license.
+
+All documentation, unless otherwise noted, is licensed under CC-BY-SA.
+You may use Solo documentation under the terms of the CC-BY-SA 4.0 license
 
 
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo?ref=badge_large)

STABLE_VERSION

@@ -0,0 +1 @@
+2.3.0

docs/solo/building.md

@@ -1,5 +1,5 @@
 To build, develop and debug the firmware for the STM32L432.  This will work
-for Solo Hacker, the Nucleo development board, or you own homemade Solo.
+for Solo Hacker, the Nucleo development board, or your own homemade Solo.
 
 There exists a development board [NUCLEO-L432KC](https://www.st.com/en/evaluation-tools/nucleo-l432kc.html) you can use;  The board does contain a debugger, so all you need is a USB cable (and some [udev](/udev) [rules](https://rust-embedded.github.io/book/intro/install/linux.html#udev-rules)).
 
@@ -7,7 +7,7 @@ There exists a development board [NUCLEO-L432KC](https://www.st.com/en/evaluatio
 
 Install the [latest ARM compiler toolchain](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads) for your system.  We recommend getting the latest compilers from ARM.
 
-You can also install the ARM toolchain  using a package manage like `apt-get` or `pacman`,
+You can also install the ARM toolchain  using a package manager like `apt-get` or `pacman`,
 but be warned they might be out of date.  Typically it will be called `gcc-arm-none-eabi binutils-arm-none-eabi`.
 
 To program your build, you'll need one of the following programs.
@@ -52,14 +52,14 @@ make build-hacker DEBUG=1
 ```
 
 If you use `DEBUG=2`, that means Solo will not boot until something starts reading
-it's debug messages.  So it basically it waits to tether to a serial terminal so that you don't
+its debug messages.  So it basically waits to tether to a serial terminal so that you don't
 miss any debug messages.
 
-We recommend using our `solotool.py` as a serial emulator since it will automatically
+We recommend using our `solo` tool as a serial emulator since it will automatically
 reconnect each time you program Solo.
 
 ```
-python tools/solotool.py monitor <serial-port>
+solo monitor <serial-port>
 ```
 
 #### Linux Users:
@@ -86,7 +86,7 @@ Programming `all.hex` will cause the device to permanently lock itself.
 It's recommended to test a debug/hacker build first to make sure Solo is working as expected.
 Then you can switch to a locked down build, which cannot be reprogrammed as easily (or not at all!).
 
-We recommend using our `solotool.py` to manage programming.  It is cross platform.  First you must
+We recommend using our `solo` tool to manage programming.  It is cross platform.  First you must
 install the prerequisites:
 
 ```
@@ -101,7 +101,8 @@ If your Solo device is already programmed (it flashes green when powered), we re
 programming it using the Solo bootloader.
 
 ```
-python tools/solotool.py program solo.hex
+solo program aux enter-bootloader
+solo program bootloader solo.hex
 ```
 
 Make sure to program `solo.hex` and not `all.hex`.  Nothing bad would happen, but you'd
@@ -125,7 +126,10 @@ off and it enumerates as "STM BOOTLOADER".
 You can program it by running the following.
 
 ```
-python tools/solotool.py program all.hex --use-dfu --detach
+solo program aux enter-bootloader
+solo program aux enter-dfu
+# powercycle key
+solo program dfu all.hex
 ```
 
 Make sure to program `all.hex`, as this contains both the bootloader and the Solo application.
@@ -145,14 +149,14 @@ A locked Solo will only accept signed updates.
 If this is not a device with a hacker build, you can only program signed updates.
 
 ```
-python tools/solotool.py program /path/to/firmware.json
+solo program bootloader /path/to/firmware.json
 ```
 
 If you've provisioned the Solo bootloader with your own secp256r1 public key, you can sign your
 firmware by running the following command.
 
 ```
-python tools/solotool.py sign /path/to/signing-key.pem /path/to/solo.hex /output-path/to/firmware.json
+solo sign /path/to/signing-key.pem /path/to/solo.hex /output-path/to/firmware.json
 ```
 
 If your Solo isn't locked, you can always reprogram it using a debugger connected directly
@@ -175,5 +179,5 @@ If you'd like to also permanently disable signed updates, plug in your programme
 
 ```
 # WARNING: No more signed updates.
-python tools/programmer.py --disable
+solo program disable-bootloader
 ```

docs/solo/code-overview.md

@@ -5,22 +5,22 @@ and easy to understand, especially when paired with a high level overview.
 
 ## FIDO2 codebase
 
-* main.c - calls high level functions and implements event loop.
+* `main.c` - calls high level functions and implements event loop.
 
-* ctaphid.c - implements [USBHID protocol](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb) for FIDO.
+* `ctaphid.c` - implements [USBHID protocol](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#usb) for FIDO.
 
-* u2f.c - implements [U2F protocol](https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html).
+* `u2f.c` - implements [U2F protocol](https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html).
 
-* ctap.c - implements [CTAP2 protocol](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html).
+* `ctap.c` - implements [CTAP2 protocol](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html).
 
-* ctap_parse.c - implements parsing for CTAP protocol.
+* `ctap_parse.c` - implements parsing for CTAP protocol.
     * this could use some work minimizing.
 
-* log.c - embedded friendly debug logging.
+* `log.c` - embedded friendly debug logging.
 
-* crypto.c - software implementation of the crypto needs of the application.   Generally this will be copied and edited for different platforms.  API defined in crypto.h should be the same.
+* `crypto.c` - software implementation of the crypto needs of the application.   Generally this will be copied and edited for different platforms.  API defined in `crypto.h` should be the same.
 
-* device.h - definitions of functions that are platform specific and should be implemented separately.  See device.c in any of the implementations to see examples.
+* `device.h` - definitions of functions that are platform specific and should be implemented separately.  See `device.c` in any of the implementations to see examples.
 
 ## Data flow
 

docs/solo/documenting.md

@@ -3,7 +3,7 @@ Documentation of the `master` branch is deployed to Netlify automatically.
 To host or develop locally:
 
 ```
-pip install mkdocs mkdocs-material
+pip install mkdocs mkdocs-material markdown-include
 ```
 
 `mkdocs serve` and visit [localhost:8000](http://localhost:8000).

docs/solo/fido2-impl.md

@@ -22,8 +22,8 @@ for FIDO2 operation.
 When you register a service with a FIDO2 or U2F authenticator, the
 authenticator must generate a new keypair unique to that service.  This keypair
 could be stored on the authenticator to be used in subsequent authentications,
-but now a certain amount of memory needs to be allocated for this.  On embedded
-devices, there isn't much memory to spare and users will allows frustratingly
+but a certain amount of memory would need to be allocated for this.  On embedded
+devices, there isn't much memory to spare and users would frustratingly
 hit the limit of this memory.
 
 The answer to this problem is to do key wrapping.  The authenticator just
@@ -39,7 +39,7 @@ In essence, the following happens at registration.
 3. Return `P` and `R` to service.  (`R` is in `KEYID` parameter)
 4. Service stores `P` and `R`.
 
-Now on authenication.
+Now on authentication.
 
 1. Service issues authentication request with `R` in `KEYID` parameter.
 2. \* Authenticator generates `K` by calculating `HMAC(M,R)`.

docs/solo/index.md

@@ -1,4 +1,4 @@
 Welcome to the technical documentation for [solokeys/solo](https://github.com/solokeys/solo).
 
-For now, you can read the repository `README.md`, more documentation to come!
+Use the table of contents on the left to browse this documentation.
 

docs/solo/udev.md

@@ -1,21 +1,31 @@
-# tl;dr
+# Summary
 
-Create [`/etc/udev/rules.d/99-solo.rules`](https://github.com/solokeys/solo/blob/master/99-solo.rules) and add the following (which assumes your user is in group `plugdev`):
+On Linux, by default USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed. (Under Fedora, your key may work without such a rule.)
+
+Create a file like [`70-solokeys-access.rules`](https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules) in your `/etc/udev/rules.d` directory, for instance the following rule should cover normal access (it has to be on one line):
 
 ```
-# Solo
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", GROUP="plugdev", SYMLINK+="solokey"
-
-# U2F Zero
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", SYMLINK+="u2fzero"
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", MODE="0660", GROUP="plugdev"
 ```
 
-Then run
+Additionally, run the following command after you create this file (it is not necessary to do this again in the future):
 
 ```
 sudo udevadm control --reload-rules && sudo udevadm trigger
 ```
 
+A simple way to setup both the udev rule and the udevadm reload is:
+
+```
+git clone git@github.com:solokeys/solo.git
+cd solo/udev
+make setup
+```
+
+We are working on getting user access to Solo keys enabled automatically in common Linux distributions: <https://github.com/solokeys/solo/issues/144>.
+
+
+
 # How do udev rules work and why are they needed
 
 In Linux, `udev` (part of `systemd`, read `man 7 udev`) handles "hot-pluggable" devices, of which Solo and U2F Zero are examples. In particular, it creates nodes in the `/dev` filesystem (in Linux, everything is a file), which allow accessing the device.

fido2/apdu.h

@@ -0,0 +1,30 @@
+#ifndef _APDU_H_
+#define _APDU_H_
+
+#include <stdint.h>
+
+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint8_t lc;
+} __attribute__((packed)) APDU_HEADER;
+
+#define APDU_FIDO_U2F_REGISTER        0x01
+#define APDU_FIDO_U2F_AUTHENTICATE    0x02
+#define APDU_FIDO_U2F_VERSION         0x03
+#define APDU_FIDO_NFCCTAP_MSG         0x10
+#define APDU_INS_SELECT               0xA4
+#define APDU_INS_READ_BINARY          0xB0
+
+#define SW_SUCCESS                    0x9000
+#define SW_GET_RESPONSE               0x6100  // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE.
+#define SW_WRONG_LENGTH               0x6700
+#define SW_COND_USE_NOT_SATISFIED     0x6985
+#define SW_FILE_NOT_FOUND             0x6a82
+#define SW_INS_INVALID                0x6d00  // Instruction code not supported or invalid
+#define SW_INTERNAL_EXCEPTION         0x6f00
+
+#endif //_APDU_H_

fido2/cose_key.h

@@ -16,7 +16,7 @@
 #define COSE_KEY_KTY_EC2        2
 #define COSE_KEY_CRV_P256       1
 
-
 #define COSE_ALG_ES256            -7
+#define COSE_ALG_ECDH_ES_HKDF_256 -25
 
 #endif

fido2/crypto.c

@@ -60,7 +60,7 @@ static const uint8_t * _signing_key = NULL;
 static int _key_len = 0;
 
 // Secrets for testing only
-static uint8_t master_secret[32];
+static uint8_t master_secret[64];
 
 static uint8_t transport_secret[32];
 
@@ -73,13 +73,17 @@ void crypto_sha256_init()
 
 void crypto_reset_master_secret()
 {
-    ctap_generate_rng(master_secret, 32);
+    ctap_generate_rng(master_secret, 64);
+    ctap_generate_rng(transport_secret, 32);
 }
 
 void crypto_load_master_secret(uint8_t * key)
 {
-    memmove(master_secret, key, 32);
-    memmove(transport_secret, key+32, 32);
+    #if KEY_SPACE_BYTES < 96
+    #error "need more key bytes"
+    #endif
+    memmove(master_secret, key, 64);
+    memmove(transport_secret, key+64, 32);
 }
 
 void crypto_sha256_update(uint8_t * data, size_t len)
@@ -108,6 +112,11 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
         key = master_secret;
         klen = sizeof(master_secret);
     }
+    else if (key == CRYPTO_TRANSPORT_KEY)
+    {
+        key = transport_secret;
+        klen = 32;
+    }
     
     if(klen > 64)
     {

fido2/crypto.h

@@ -19,6 +19,10 @@ void crypto_sha256_final(uint8_t * hash);
 void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac);
 void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac);
 
+void crypto_sha512_init();
+void crypto_sha512_update(const uint8_t * data, size_t len);
+void crypto_sha512_final(uint8_t * hash);
+
 
 void crypto_ecc256_init();
 void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);

fido2/ctap.c

@@ -11,6 +11,7 @@
 #include "cbor.h"
 
 #include "ctap.h"
+#include "u2f.h"
 #include "ctaphid.h"
 #include "ctap_parse.h"
 #include "ctap_errors.h"
@@ -25,7 +26,6 @@
 
 #include "device.h"
 
-#define PIN_TOKEN_SIZE      16
 uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
 uint8_t KEY_AGREEMENT_PUB[64];
 static uint8_t KEY_AGREEMENT_PRIV[32];
@@ -34,16 +34,9 @@ static int8_t PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
 
 AuthenticatorState STATE;
 
-static struct {
-    CTAP_authDataHeader authData;
-    uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
-    CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE-1];
-    uint8_t lastcmd;
-    uint32_t count;
-    uint32_t index;
-    uint32_t time;
-    uint8_t user_verified;
-} getAssertionState;
+static void ctap_reset_key_agreement();
+
+struct _getAssertionState getAssertionState;
 
 uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
 {
@@ -67,6 +60,8 @@ uint8_t verify_pin_auth(uint8_t * pinAuth, uint8_t * clientDataHash)
 
 }
 
+
+
 uint8_t ctap_get_info(CborEncoder * encoder)
 {
     int ret;
@@ -75,16 +70,14 @@ uint8_t ctap_get_info(CborEncoder * encoder)
     CborEncoder options;
     CborEncoder pins;
 
-    const int number_of_versions = 2;
-
-    ret = cbor_encoder_create_map(encoder, &map, 5);
+    ret = cbor_encoder_create_map(encoder, &map, 6);
     check_ret(ret);
     {
 
         ret = cbor_encode_uint(&map, RESP_versions);     //  versions key
         check_ret(ret);
         {
-            ret = cbor_encoder_create_array(&map, &array, number_of_versions);
+            ret = cbor_encoder_create_array(&map, &array, 2);
             check_ret(ret);
             {
                 ret = cbor_encode_text_stringz(&array, "U2F_V2");
@@ -96,6 +89,19 @@ uint8_t ctap_get_info(CborEncoder * encoder)
             check_ret(ret);
         }
 
+        ret = cbor_encode_uint(&map, RESP_extensions);
+        check_ret(ret);
+        {
+            ret = cbor_encoder_create_array(&map, &array, 1);
+            check_ret(ret);
+            {
+                ret = cbor_encode_text_stringz(&array, "hmac-secret");
+                check_ret(ret);
+            }
+            ret = cbor_encoder_close_container(&map, &array);
+            check_ret(ret);
+        }
+
         ret = cbor_encode_uint(&map, RESP_aaguid);
         check_ret(ret);
         {
@@ -103,6 +109,57 @@ uint8_t ctap_get_info(CborEncoder * encoder)
             check_ret(ret);
         }
 
+        ret = cbor_encode_uint(&map, RESP_options);
+        check_ret(ret);
+        {
+            ret = cbor_encoder_create_map(&map, &options,4);
+            check_ret(ret);
+            {
+                ret = cbor_encode_text_string(&options, "rk", 2);
+                check_ret(ret);
+                {
+                    ret = cbor_encode_boolean(&options, 1);     // Capable of storing keys locally
+                    check_ret(ret);
+                }
+
+                ret = cbor_encode_text_string(&options, "up", 2);
+                check_ret(ret);
+                {
+                    ret = cbor_encode_boolean(&options, 1);     // Capable of testing user presence
+                    check_ret(ret);
+                }
+
+                // NOT [yet] capable of verifying user
+                // Do not add option if UV isn't supported.
+                //
+                // ret = cbor_encode_text_string(&options, "uv", 2);
+                // check_ret(ret);
+                // {
+                //     ret = cbor_encode_boolean(&options, 0);
+                //     check_ret(ret);
+                // }
+
+                ret = cbor_encode_text_string(&options, "plat", 4);
+                check_ret(ret);
+                {
+                    ret = cbor_encode_boolean(&options, 0);     // Not attached to platform
+                    check_ret(ret);
+                }
+
+
+                ret = cbor_encode_text_string(&options, "clientPin", 9);
+                check_ret(ret);
+                {
+                    ret = cbor_encode_boolean(&options, ctap_is_pin_set());
+                    check_ret(ret);
+                }
+
+
+            }
+            ret = cbor_encoder_close_container(&map, &options);
+            check_ret(ret);
+        }
+
         ret = cbor_encode_uint(&map, RESP_maxMsgSize);
         check_ret(ret);
         {
@@ -125,54 +182,7 @@ uint8_t ctap_get_info(CborEncoder * encoder)
 
 
 
-        ret = cbor_encode_uint(&map, RESP_options);
-        check_ret(ret);
-        {
-            ret = cbor_encoder_create_map(&map, &options,4);
-            check_ret(ret);
-            {
-                ret = cbor_encode_text_string(&options, "plat", 4);
-                check_ret(ret);
-                {
-                    ret = cbor_encode_boolean(&options, 0);     // Not attached to platform
-                    check_ret(ret);
-                }
 
-                ret = cbor_encode_text_string(&options, "rk", 2);
-                check_ret(ret);
-                {
-                    ret = cbor_encode_boolean(&options, 1);     // Capable of storing keys locally
-                    check_ret(ret);
-                }
-
-                ret = cbor_encode_text_string(&options, "up", 2);
-                check_ret(ret);
-                {
-                    ret = cbor_encode_boolean(&options, 1);     // Capable of testing user presence
-                    check_ret(ret);
-                }
-
-                // NOT [yet] capable of verifying user
-                // Do not add option if UV isn't supported.
-                //
-                // ret = cbor_encode_text_string(&options, "uv", 2);
-                // check_ret(ret);
-                // {
-                //     ret = cbor_encode_boolean(&options, 0);
-                //     check_ret(ret);
-                // }
-                ret = cbor_encode_text_string(&options, "clientPin", 9);
-                check_ret(ret);
-                {
-                    ret = cbor_encode_boolean(&options, ctap_is_pin_set());
-                    check_ret(ret);
-                }
-
-
-            }
-            ret = cbor_encoder_close_container(&map, &options);
-            check_ret(ret);
-        }
 
 
     }
@@ -260,6 +270,7 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
 void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t * tag)
 {
     uint8_t hashbuf[32];
+    memset(hashbuf,0,sizeof(hashbuf));
     crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, hashbuf);
     crypto_sha256_update(rpIdHash, 32);
     crypto_sha256_update(nonce, CREDENTIAL_NONCE_SIZE);
@@ -309,18 +320,134 @@ static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
            (rk->user.id_size == rk2->user.id_size);
 }
 
+static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf, unsigned int * ext_encoder_buf_size)
+{
+    CborEncoder extensions;
+    int ret;
+    uint8_t output[64];
+    uint8_t shared_secret[32];
+    uint8_t hmac[32];
+    uint8_t credRandom[32];
 
-static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, unsigned int len, CTAP_userEntity * user, uint8_t credtype, int32_t algtype, int32_t * sz, int store)
+    if (ext->hmac_secret_present == EXT_HMAC_SECRET_PARSED)
+    {
+        printf1(TAG_CTAP, "Processing hmac-secret..\r\n");
+
+        crypto_ecc256_shared_secret((uint8_t*) &ext->hmac_secret.keyAgreement.pubkey,
+                                    KEY_AGREEMENT_PRIV,
+                                    shared_secret);
+        crypto_sha256_init();
+        crypto_sha256_update(shared_secret, 32);
+        crypto_sha256_final(shared_secret);
+
+        crypto_sha256_hmac_init(shared_secret, 32, hmac);
+        crypto_sha256_update(ext->hmac_secret.saltEnc, ext->hmac_secret.saltLen);
+        crypto_sha256_hmac_final(shared_secret, 32, hmac);
+
+        if (memcmp(ext->hmac_secret.saltAuth, hmac, 16) == 0)
+        {
+            printf1(TAG_CTAP, "saltAuth is valid\r\n");
+        }
+        else
+        {
+            printf1(TAG_CTAP, "saltAuth is invalid\r\n");
+            return CTAP2_ERR_EXTENSION_FIRST;
+        }
+
+        // Generate credRandom
+        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, credRandom);
+        crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
+        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY, 0, credRandom);
+
+        // Decrypt saltEnc
+        crypto_aes256_init(shared_secret, NULL);
+        crypto_aes256_decrypt(ext->hmac_secret.saltEnc, ext->hmac_secret.saltLen);
+
+        // Generate outputs
+        crypto_sha256_hmac_init(credRandom, 32, output);
+        crypto_sha256_update(ext->hmac_secret.saltEnc, 32);
+        crypto_sha256_hmac_final(credRandom, 32, output);
+
+        if (ext->hmac_secret.saltLen == 64)
+        {
+            crypto_sha256_hmac_init(credRandom, 32, output + 32);
+            crypto_sha256_update(ext->hmac_secret.saltEnc + 32, 32);
+            crypto_sha256_hmac_final(credRandom, 32, output + 32);
+        }
+
+        // Encrypt for final output
+        crypto_aes256_init(shared_secret, NULL);
+        crypto_aes256_encrypt(output, ext->hmac_secret.saltLen);
+
+        // output
+        cbor_encoder_init(&extensions, ext_encoder_buf, *ext_encoder_buf_size, 0);
+        {
+            CborEncoder hmac_secret_map;
+            ret = cbor_encoder_create_map(&extensions, &hmac_secret_map, 1);
+            check_ret(ret);
+            {
+                ret = cbor_encode_text_stringz(&hmac_secret_map, "hmac-secret");
+                check_ret(ret);
+
+                ret = cbor_encode_byte_string(&hmac_secret_map, output, ext->hmac_secret.saltLen);
+                check_ret(ret);
+            }
+            ret = cbor_encoder_close_container(&extensions, &hmac_secret_map);
+            check_ret(ret);
+        }
+        *ext_encoder_buf_size = cbor_encoder_get_buffer_size(&extensions, ext_encoder_buf);
+    }
+    else if (ext->hmac_secret_present == EXT_HMAC_SECRET_REQUESTED)
+    {
+        cbor_encoder_init(&extensions, ext_encoder_buf, *ext_encoder_buf_size, 0);
+        {
+            CborEncoder hmac_secret_map;
+            ret = cbor_encoder_create_map(&extensions, &hmac_secret_map, 1);
+            check_ret(ret);
+            {
+                ret = cbor_encode_text_stringz(&hmac_secret_map, "hmac-secret");
+                check_ret(ret);
+
+                ret = cbor_encode_boolean(&hmac_secret_map, 1);
+                check_ret(ret);
+            }
+            ret = cbor_encoder_close_container(&extensions, &hmac_secret_map);
+            check_ret(ret);
+        }
+        *ext_encoder_buf_size = cbor_encoder_get_buffer_size(&extensions, ext_encoder_buf);
+    }
+    else
+    {
+        *ext_encoder_buf_size = 0;
+    }
+    return 0;
+}
+
+static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
+{
+    if (cred->type == PUB_KEY_CRED_CTAP1)
+        return U2F_KEY_HANDLE_SIZE;
+    if (cred->type == PUB_KEY_CRED_CUSTOM)
+        return getAssertionState.customCredIdSize;
+    return sizeof(CredentialId);
+}
+
+static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
 {
     CborEncoder cose_key;
-    int auth_data_sz, ret;
+
+    unsigned int auth_data_sz = sizeof(CTAP_authDataHeader);
     uint32_t count;
     CTAP_residentKey rk, rk2;
     CTAP_authData * authData = (CTAP_authData *)auth_data_buf;
 
     uint8_t * cose_key_buf = auth_data_buf + sizeof(CTAP_authData);
 
-    if((sizeof(CTAP_authDataHeader)) > len)
+    // memset(&cose_key, 0, sizeof(CTAP_residentKey));
+    memset(&rk, 0, sizeof(CTAP_residentKey));
+    memset(&rk2, 0, sizeof(CTAP_residentKey));
+
+    if((sizeof(CTAP_authDataHeader)) > *len)
     {
         printf1(TAG_ERR,"assertion fail, auth_data_buf must be at least %d bytes\n", sizeof(CTAP_authData) - sizeof(CTAP_attestHeader));
         exit(1);
@@ -330,13 +457,13 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
     crypto_sha256_update(rp->id, rp->size);
     crypto_sha256_final(authData->head.rpIdHash);
 
-    printf1(TAG_RED, "rpId: "); dump_hex1(TAG_RED, rp->id, rp->size);
-    printf1(TAG_RED, "hash: "); dump_hex1(TAG_RED, authData->head.rpIdHash, 32);
-
     count = auth_data_update_count(&authData->head);
 
     device_set_status(CTAPHID_STATUS_UPNEEDED);
-    int but = ctap_user_presence_test();
+
+    int but;
+
+    but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
 
     if (!but)
     {
@@ -352,13 +479,12 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
     authData->head.flags |= (ctap_is_pin_set() << 2);
 
 
-
-    if (credtype != 0)
+    if (credInfo != NULL)
     {
         // add attestedCredentialData
         authData->head.flags |= (1 << 6);//include attestation data
 
-        cbor_encoder_init(&cose_key, cose_key_buf, len - sizeof(CTAP_authData), 0);
+        cbor_encoder_init(&cose_key, cose_key_buf, *len - sizeof(CTAP_authData), 0);
 
         memmove(authData->attest.aaguid, CTAP_AAGUID, 16);
         authData->attest.credLenL =  sizeof(CredentialId) & 0x00FF;
@@ -376,10 +502,10 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
         make_auth_tag(authData->head.rpIdHash, authData->attest.id.nonce, count, authData->attest.id.tag);
 
         // resident key
-        if (store)
+        if (credInfo->rk)
         {
             memmove(&rk.id, &authData->attest.id, sizeof(CredentialId));
-            memmove(&rk.user, user, sizeof(CTAP_userEntity));
+            memmove(&rk.user, &credInfo->user, sizeof(CTAP_userEntity));
 
             unsigned int index = STATE.rk_stored;
             unsigned int i;
@@ -403,29 +529,19 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
         }
 done_rk:
 
-        // DELETE
-        //crypto_aes256_init(CRYPTO_TRANSPORT_KEY, NULL);
-        //crypto_aes256_encrypt((uint8_t*)&authData->attest.credential.user, CREDENTIAL_ENC_SIZE);
         printf1(TAG_GREEN, "MADE credId: "); dump_hex1(TAG_GREEN, (uint8_t*) &authData->attest.id, sizeof(CredentialId));
 
-        ctap_generate_cose_key(&cose_key, (uint8_t*)&authData->attest.id, sizeof(CredentialId), credtype, algtype);
+        ctap_generate_cose_key(&cose_key, (uint8_t*)&authData->attest.id, sizeof(CredentialId), credInfo->publicKeyCredentialType, credInfo->COSEAlgorithmIdentifier);
 
         auth_data_sz = sizeof(CTAP_authData) + cbor_encoder_get_buffer_size(&cose_key, cose_key_buf);
 
     }
-    else
-    {
-        auth_data_sz = sizeof(CTAP_authDataHeader);
-    }
 
-    {
-        ret = cbor_encode_int(map,RESP_authData);
-        check_ret(ret);
-        ret = cbor_encode_byte_string(map, auth_data_buf, auth_data_sz);
-        check_ret(ret);
-    }
 
-    if (sz) *sz = auth_data_sz;
+
+
+
+    *len = auth_data_sz;
     return 0;
 }
 
@@ -538,11 +654,30 @@ uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len)
 // Return 1 if credential belongs to this token
 int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * desc)
 {
+    uint8_t rpIdHash[32];
     uint8_t tag[16];
 
+    switch(desc->type)
+    {
+        case PUB_KEY_CRED_PUB_KEY:
             make_auth_tag(desc->credential.id.rpIdHash, desc->credential.id.nonce, desc->credential.id.count, tag);
-
             return (memcmp(desc->credential.id.tag, tag, CREDENTIAL_TAG_SIZE) == 0);
+        break;
+        case PUB_KEY_CRED_CTAP1:
+            crypto_sha256_init();
+            crypto_sha256_update(rp->id, rp->size);
+            crypto_sha256_final(rpIdHash);
+            return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash);
+        break;
+        case PUB_KEY_CRED_CUSTOM:
+            return is_extension_request(getAssertionState.customCredId, getAssertionState.customCredIdSize);
+        break;
+        default:
+        printf1(TAG_ERR, "PUB_KEY_CRED_UNKNOWN %x\r\n",desc->type);
+        break;
+    }
+
+    return 0;
 }
 
 
@@ -552,17 +687,26 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
     CTAP_makeCredential MC;
     int ret;
     unsigned int i;
-    uint8_t auth_data_buf[300];
+    uint8_t auth_data_buf[310];
     CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf;
     uint8_t * sigbuf = auth_data_buf + 32;
     uint8_t * sigder = auth_data_buf + 32 + 64;
 
     ret = ctap_parse_make_credential(&MC,encoder,request,length);
+
     if (ret != 0)
     {
         printf2(TAG_ERR,"error, parse_make_credential failed\n");
         return ret;
     }
+    if (MC.pinAuthEmpty)
+    {
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        {
+                return CTAP2_ERR_OPERATION_DENIED;
+        }
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+    }
     if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
     {
         printf2(TAG_ERR,"error, required parameter(s) for makeCredential are missing\n");
@@ -599,9 +743,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
         check_retr(ret);
 
         printf1(TAG_GREEN, "checking credId: "); dump_hex1(TAG_GREEN, (uint8_t*) &excl_cred->credential.id, sizeof(CredentialId));
-        // DELETE
-        // crypto_aes256_reset_iv(NULL);
-        // crypto_aes256_decrypt((uint8_t*)& excl_cred->credential.enc, CREDENTIAL_ENC_SIZE);
+
         if (ctap_authenticate_credential(&MC.rp, excl_cred))
         {
             printf1(TAG_MC, "Cred %d failed!\r\n",i);
@@ -612,23 +754,10 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
         check_ret(ret);
     }
 
+
     CborEncoder map;
     ret = cbor_encoder_create_map(encoder, &map, 3);
     check_ret(ret);
-    int32_t auth_data_sz;
-
-    ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, sizeof(auth_data_buf),
-            &MC.user, MC.publicKeyCredentialType, MC.COSEAlgorithmIdentifier, &auth_data_sz, MC.rk);
-
-    check_retr(ret);
-
-    crypto_ecc256_load_attestation_key();
-    int sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_sz, MC.clientDataHash, auth_data_buf, sigbuf, sigder);
-
-    printf1(TAG_MC,"der sig [%d]: ", sigder_sz); dump_hex1(TAG_MC, sigder, sigder_sz);
-
-    ret = ctap_add_attest_statement(&map, sigder, sigder_sz);
-    check_retr(ret);
 
     {
         ret = cbor_encode_int(&map,RESP_fmt);
@@ -637,6 +766,39 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
         check_ret(ret);
     }
 
+    uint32_t auth_data_sz = sizeof(auth_data_buf);
+
+    ret = ctap_make_auth_data(&MC.rp, &map, auth_data_buf, &auth_data_sz,
+            &MC.credInfo);
+    check_retr(ret);
+
+    {
+        unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - auth_data_sz;
+        uint8_t * ext_encoder_buf = auth_data_buf + auth_data_sz;
+
+        ret = ctap_make_extensions(&MC.extensions, ext_encoder_buf, &ext_encoder_buf_size);
+        check_retr(ret);
+        if (ext_encoder_buf_size)
+        {
+            ((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 7);
+            auth_data_sz += ext_encoder_buf_size;
+        }
+    }
+
+    {
+        ret = cbor_encode_int(&map,RESP_authData);
+        check_ret(ret);
+        ret = cbor_encode_byte_string(&map, auth_data_buf, auth_data_sz);
+        check_ret(ret);
+    }
+
+    crypto_ecc256_load_attestation_key();
+    int sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_sz, MC.clientDataHash, auth_data_buf, sigbuf, sigder);
+    printf1(TAG_MC,"der sig [%d]: ", sigder_sz); dump_hex1(TAG_MC, sigder, sigder_sz);
+
+    ret = ctap_add_attest_statement(&map, sigder, sigder_sz);
+    check_retr(ret);
+
     ret = cbor_encoder_close_container(encoder, &map);
     check_ret(ret);
     return CTAP1_ERR_SUCCESS;
@@ -664,6 +826,15 @@ static uint8_t ctap_add_credential_descriptor(CborEncoder * map, CTAP_credential
     ret = cbor_encoder_create_map(map, &desc, 2);
     check_ret(ret);
 
+    {
+        ret = cbor_encode_text_string(&desc, "id", 2);
+        check_ret(ret);
+
+        ret = cbor_encode_byte_string(&desc, (uint8_t*)&cred->credential.id,
+            get_credential_id_size(cred));
+        check_ret(ret);
+    }
+
     {
         ret = cbor_encode_text_string(&desc, "type", 4);
         check_ret(ret);
@@ -671,13 +842,7 @@ static uint8_t ctap_add_credential_descriptor(CborEncoder * map, CTAP_credential
         ret = cbor_encode_text_string(&desc, "public-key", 10);
         check_ret(ret);
     }
-    {
-        ret = cbor_encode_text_string(&desc, "id", 2);
-        check_ret(ret);
 
-        ret = cbor_encode_byte_string(&desc, (uint8_t*)&cred->credential.id, sizeof(CredentialId));
-        check_ret(ret);
-    }
 
     ret = cbor_encoder_close_container(map, &desc);
     check_ret(ret);
@@ -699,7 +864,6 @@ uint8_t ctap_add_user_entity(CborEncoder * map, CTAP_userEntity * user)
         ret = cbor_encoder_create_map(map, &entity, 1);
     check_ret(ret);
 
-    printf1(TAG_GREEN,"id_size: %d\r\n", user->id_size);
     {
         ret = cbor_encode_text_string(&entity, "id", 2);
         check_ret(ret);
@@ -710,6 +874,13 @@ uint8_t ctap_add_user_entity(CborEncoder * map, CTAP_userEntity * user)
 
     if (dispname)
     {
+
+        ret = cbor_encode_text_string(&entity, "icon", 4);
+        check_ret(ret);
+
+        ret = cbor_encode_text_stringz(&entity, (const char *)user->icon);
+        check_ret(ret);
+
         ret = cbor_encode_text_string(&entity, "name", 4);
         check_ret(ret);
 
@@ -722,13 +893,6 @@ uint8_t ctap_add_user_entity(CborEncoder * map, CTAP_userEntity * user)
         ret = cbor_encode_text_stringz(&entity, (const char *)user->displayName);
         check_ret(ret);
 
-        ret = cbor_encode_text_string(&entity, "icon", 4);
-        check_ret(ret);
-
-        ret = cbor_encode_text_stringz(&entity, (const char *)user->icon);
-        check_ret(ret);
-
-
     }
 
     ret = cbor_encoder_close_container(map, &entity);
@@ -815,7 +979,7 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
                 printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
                 if (count == ALLOW_LIST_MAX_SIZE-1)
                 {
-                    printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d)\r\n", count);
+                    printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d).  Skipping.\r\n", count);
                     break;
                 }
                 GA->creds[count].type = PUB_KEY_CRED_PUB_KEY;
@@ -844,6 +1008,7 @@ static void save_credential_list(CTAP_authDataHeader * head, uint8_t * clientDat
         memmove(getAssertionState.clientDataHash, clientDataHash, CLIENT_DATA_HASH_SIZE);
         memmove(&getAssertionState.authData, head, sizeof(CTAP_authDataHeader));
         memmove(getAssertionState.creds, creds, sizeof(CTAP_credentialDescriptor) * (count));
+
     }
     getAssertionState.count = count;
     printf1(TAG_GA,"saved %d credentials\n",count);
@@ -863,24 +1028,25 @@ static CTAP_credentialDescriptor * pop_credential()
 }
 
 // adds 2 to map, or 3 if add_user is true
-uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cred, uint8_t * auth_data_buf, uint8_t * clientDataHash, int add_user)
+uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cred, uint8_t * auth_data_buf, unsigned int auth_data_buf_sz, uint8_t * clientDataHash)
 {
     int ret;
     uint8_t sigbuf[64];
     uint8_t sigder[72];
     int sigder_sz;
 
-    if (add_user)
-    {
-        printf1(TAG_GREEN, "adding user details to output\r\n");
-        ret = ctap_add_user_entity(map, &cred->credential.user);
+    ret = ctap_add_credential_descriptor(map, cred);  // 1
     check_retr(ret);
+
+    {
+        ret = cbor_encode_int(map,RESP_authData);  // 2
+        check_ret(ret);
+        ret = cbor_encode_byte_string(map, auth_data_buf, auth_data_buf_sz);
+        check_ret(ret);
     }
 
-    ret = ctap_add_credential_descriptor(map, cred);
-    check_retr(ret);
-
-    crypto_ecc256_load_key((uint8_t*)&cred->credential.id, sizeof(CredentialId), NULL, 0);
+    unsigned int cred_size = get_credential_id_size(cred);
+    crypto_ecc256_load_key((uint8_t*)&cred->credential.id, cred_size, NULL, 0);
 
 #ifdef ENABLE_U2F_EXTENSIONS
     if ( extend_fido2(&cred->credential.id, sigder) )
@@ -894,11 +1060,20 @@ uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cr
     }
 
     {
-        ret = cbor_encode_int(map, RESP_signature);
+        ret = cbor_encode_int(map, RESP_signature);  // 3
         check_ret(ret);
         ret = cbor_encode_byte_string(map, sigder, sigder_sz);
         check_ret(ret);
     }
+
+    if (cred->credential.user.id_size)
+    {
+        printf1(TAG_GREEN, "adding user details to output\r\n");
+        ret = ctap_add_user_entity(map, &cred->credential.user);  // 4
+        check_retr(ret);
+    }
+
+
     return 0;
 }
 
@@ -908,7 +1083,6 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
     CborEncoder map;
     CTAP_authDataHeader authData;
     memmove(&authData, &getAssertionState.authData, sizeof(CTAP_authDataHeader));
-    // CTAP_authDataHeader * authData = &getAssertionState.authData;
 
     CTAP_credentialDescriptor * cred = pop_credential();
 
@@ -918,9 +1092,8 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
     }
 
     auth_data_update_count(&authData);
-    int add_user_info = cred->credential.user.id_size;
 
-    if (add_user_info)
+    if (cred->credential.user.id_size)
     {
         printf1(TAG_GREEN, "adding user info to assertion response\r\n");
         ret = cbor_encoder_create_map(encoder, &map, 4);
@@ -932,14 +1105,6 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
     }
 
     check_ret(ret);
-    printf1(TAG_RED, "RPID hash: "); dump_hex1(TAG_RED, authData.rpIdHash, 32);
-
-    {
-        ret = cbor_encode_int(&map,RESP_authData);
-        check_ret(ret);
-        ret = cbor_encode_byte_string(&map, (uint8_t *)&authData, sizeof(CTAP_authDataHeader));
-        check_ret(ret);
-    }
 
     // if only one account for this RP, null out the user details
     if (!getAssertionState.user_verified)
@@ -948,8 +1113,7 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
         memset(cred->credential.user.name, 0, USER_NAME_LIMIT);
     }
 
-
-    ret = ctap_end_get_assertion(&map, cred, (uint8_t *)&authData, getAssertionState.clientDataHash, add_user_info);
+    ret = ctap_end_get_assertion(&map, cred, (uint8_t *)&authData, sizeof(CTAP_authDataHeader), getAssertionState.clientDataHash);
     check_retr(ret);
 
     ret = cbor_encoder_close_container(encoder, &map);
@@ -961,7 +1125,8 @@ uint8_t ctap_get_next_assertion(CborEncoder * encoder)
 uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
 {
     CTAP_getAssertion GA;
-    uint8_t auth_data_buf[sizeof(CTAP_authDataHeader)];
+
+    uint8_t auth_data_buf[sizeof(CTAP_authDataHeader) + 80];
     int ret = ctap_parse_get_assertion(&GA,request,length);
 
     if (ret != 0)
@@ -970,19 +1135,23 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
         return ret;
     }
 
-    if (ctap_is_pin_set() && GA.pinAuthPresent == 0)
+    if (GA.pinAuthEmpty)
     {
-        printf2(TAG_ERR,"pinAuth is required\n");
-        return CTAP2_ERR_PIN_REQUIRED;
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        {
+                return CTAP2_ERR_OPERATION_DENIED;
         }
-    else
-    {
-        if (ctap_is_pin_set() || (GA.pinAuthPresent))
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+    }
+    if (GA.pinAuthPresent)
     {
         ret = verify_pin_auth(GA.pinAuth, GA.clientDataHash);
         check_retr(ret);
         getAssertionState.user_verified = 1;
     }
+    else
+    {
+        getAssertionState.user_verified = 0;
     }
 
     if (!GA.rp.size || !GA.clientDataHashPresent)
@@ -996,62 +1165,28 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
     printf1(TAG_GA, "ALLOW_LIST has %d creds\n", GA.credLen);
     int validCredCount = ctap_filter_invalid_credentials(&GA);
 
-    int add_user_info = GA.creds[validCredCount - 1].credential.user.id_size;
-    if (validCredCount > 1)
-    {
-       map_size += 1;
-    }
-
-    if (add_user_info)
-    {
-        map_size += 1;
-    }
-
-    ret = cbor_encoder_create_map(encoder, &map, map_size);
-    check_ret(ret);
-
-#ifdef ENABLE_U2F_EXTENSIONS
-    if ( is_extension_request((uint8_t*)&GA.creds[validCredCount - 1].credential.id, sizeof(CredentialId)) )
-    {
-        ret = cbor_encode_int(&map,RESP_authData);
-        check_ret(ret);
-        memset(auth_data_buf,0,sizeof(auth_data_buf));
-        ret = cbor_encode_byte_string(&map, auth_data_buf, sizeof(auth_data_buf));
-        check_ret(ret);
-    }
-    else
-#endif
-    {
-        ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, sizeof(auth_data_buf), NULL, 0,0,NULL, 0);
-        check_retr(ret);
-    }
-
-    /*for (int j = 0; j < GA.credLen; j++)*/
-    /*{*/
-        /*printf1(TAG_GA,"CRED ID (# %d): ", GA.creds[j].credential.enc.count);*/
-        /*dump_hex1(TAG_GA, (uint8_t*)&GA.creds[j].credential, sizeof(struct Credential));*/
-        /*if (ctap_authenticate_credential(&GA.rp, &GA.creds[j]))   // warning encryption will break this*/
-        /*{*/
-            /*printf1(TAG_GA,"  Authenticated.\n");*/
-        /*}*/
-        /*else*/
-        /*{*/
-            /*printf1(TAG_GA,"  NOT authentic.\n");*/
-        /*}*/
-    /*}*/
-
-    // Decrypt here
-
-    //
-    if (validCredCount > 0)
-    {
-        save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1);   // skip last one
-    }
-    else
+    if (validCredCount == 0)
     {
         printf2(TAG_ERR,"Error, no authentic credential\n");
         return CTAP2_ERR_NO_CREDENTIALS;
     }
+    else if (validCredCount > 1)
+    {
+       map_size += 1;
+    }
+
+
+    if (GA.creds[validCredCount - 1].credential.user.id_size)
+    {
+        map_size += 1;
+    }
+    if (GA.extensions.hmac_secret_present == EXT_HMAC_SECRET_PARSED)
+    {
+        printf1(TAG_GA, "hmac-secret is present\r\n");
+    }
+
+    ret = cbor_encoder_create_map(encoder, &map, map_size);
+    check_ret(ret);
 
     // if only one account for this RP, null out the user details
     if (validCredCount < 2 || !getAssertionState.user_verified)
@@ -1067,19 +1202,62 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
         printf1(TAG_GA,"CRED ID (# %d)\n", GA.creds[j].credential.id.count);
     }
 
+    CTAP_credentialDescriptor * cred = &GA.creds[validCredCount - 1];
+
+    GA.extensions.hmac_secret.credential = &cred->credential;
+
+    uint32_t auth_data_buf_sz = sizeof(auth_data_buf);
+
+#ifdef ENABLE_U2F_EXTENSIONS
+    if ( is_extension_request((uint8_t*)&GA.creds[validCredCount - 1].credential.id, sizeof(CredentialId)) )
+    {
+        auth_data_buf_sz = sizeof(CTAP_authDataHeader);
+
+        crypto_sha256_init();
+        crypto_sha256_update(GA.rp.id, GA.rp.size);
+        crypto_sha256_final(((CTAP_authDataHeader *)auth_data_buf)->rpIdHash);
+
+        ((CTAP_authDataHeader *)auth_data_buf)->flags = (1 << 0);
+        ((CTAP_authDataHeader *)auth_data_buf)->flags |= (1 << 2);
+    }
+    else
+#endif
+    {
+
+        ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL);
+        check_retr(ret);
+
+        ((CTAP_authDataHeader *)auth_data_buf)->flags &= ~(1 << 2);
+        ((CTAP_authDataHeader *)auth_data_buf)->flags |= (getAssertionState.user_verified << 2);
+
+        {
+            unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - auth_data_buf_sz;
+            uint8_t * ext_encoder_buf = auth_data_buf + auth_data_buf_sz;
+
+            ret = ctap_make_extensions(&GA.extensions, ext_encoder_buf, &ext_encoder_buf_size);
+            check_retr(ret);
+            if (ext_encoder_buf_size)
+            {
+                ((CTAP_authDataHeader *)auth_data_buf)->flags |= (1 << 7);
+                auth_data_buf_sz += ext_encoder_buf_size;
+            }
+        }
+
+    }
+
+    save_credential_list((CTAP_authDataHeader*)auth_data_buf, GA.clientDataHash, GA.creds, validCredCount-1);   // skip last one
+
+    ret = ctap_end_get_assertion(&map, cred, auth_data_buf, auth_data_buf_sz, GA.clientDataHash);  // 1,2,3,4
+    check_retr(ret);
+
     if (validCredCount > 1)
     {
-        ret = cbor_encode_int(&map, RESP_numberOfCredentials);
+        ret = cbor_encode_int(&map, RESP_numberOfCredentials);  // 5
         check_ret(ret);
         ret = cbor_encode_int(&map, validCredCount);
         check_ret(ret);
     }
 
-    CTAP_credentialDescriptor * cred = &GA.creds[validCredCount - 1];
-
-    ret = ctap_end_get_assertion(&map, cred, auth_data_buf, GA.clientDataHash, add_user_info);
-    check_retr(ret);
-
     ret = cbor_encoder_close_container(encoder, &map);
     check_ret(ret);
 
@@ -1182,7 +1360,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor
         crypto_aes256_decrypt(pinHashEnc, 16);
         if (memcmp(pinHashEnc, PIN_CODE_HASH, 16) != 0)
         {
-            crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+            ctap_reset_key_agreement();
             ctap_decrement_pin_attempts();
             if (ctap_device_boot_locked())
             {
@@ -1225,7 +1403,7 @@ uint8_t ctap_add_pin_if_verified(uint8_t * pinTokenEnc, uint8_t * platform_pubke
         printf2(TAG_ERR,"platform-pubkey: "); dump_hex1(TAG_ERR, platform_pubkey, 64);
         printf2(TAG_ERR,"device-pubkey: "); dump_hex1(TAG_ERR, KEY_AGREEMENT_PUB, 64);
         // Generate new keyAgreement pair
-        crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+        ctap_reset_key_agreement();
         ctap_decrement_pin_attempts();
         if (ctap_device_boot_locked())
         {
@@ -1250,6 +1428,7 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
     uint8_t pinTokenEnc[PIN_TOKEN_SIZE];
     int ret = ctap_parse_client_pin(&CP,request,length);
 
+
     switch(CP.subCommand)
     {
         case CP_cmdSetPin:
@@ -1296,7 +1475,7 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
 
             ret = cbor_encode_int(&map, RESP_keyAgreement);
             check_ret(ret);
-            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ES256);
+            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256);
             check_retr(ret);
 
             break;
@@ -1392,6 +1571,7 @@ void ctap_response_init(CTAP_RESPONSE * resp)
 uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
 {
     CborEncoder encoder;
+    memset(&encoder,0,sizeof(CborEncoder));
     uint8_t status = 0;
     uint8_t cmd = *pkt_raw;
     pkt_raw++;
@@ -1467,7 +1647,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
             break;
         case CTAP_RESET:
             printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
             {
                 ctap_reset();
             }
@@ -1491,7 +1671,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
             else
             {
                 printf2(TAG_ERR, "unwanted GET_NEXT_ASSERTION.  lastcmd == 0x%02x\n", getAssertionState.lastcmd);
-                dump_hex1(TAG_GREEN, (uint8_t*)&getAssertionState, sizeof(getAssertionState));
                 status = CTAP2_ERR_NOT_ALLOWED;
             }
             break;
@@ -1586,12 +1765,16 @@ void ctap_init()
         exit(1);
     }
 
-    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+    if (device_is_nfc() != NFC_IS_ACTIVE)
+    {
+        ctap_reset_key_agreement();
+    }
 
 #ifdef BRIDGE_TO_WALLET
     wallet_init();
 #endif
 
+
 }
 
 uint8_t ctap_is_pin_set()
@@ -1782,7 +1965,10 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key)
     return 0;
 }
 
-
+static void ctap_reset_key_agreement()
+{
+    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+}
 
 void ctap_reset()
 {
@@ -1799,7 +1985,7 @@ void ctap_reset()
 
     ctap_reset_state();
     memset(PIN_CODE_HASH,0,sizeof(PIN_CODE_HASH));
-    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+    ctap_reset_key_agreement();
 
-    crypto_reset_master_secret();
+    crypto_load_master_secret(STATE.key_space);
 }

fido2/ctap.h

@@ -54,6 +54,13 @@
 #define CP_getKeyAgreement        0x07
 #define CP_getRetries             0x08
 
+#define EXT_HMAC_SECRET_COSE_KEY    0x01
+#define EXT_HMAC_SECRET_SALT_ENC    0x02
+#define EXT_HMAC_SECRET_SALT_AUTH   0x03
+
+#define EXT_HMAC_SECRET_REQUESTED   0x01
+#define EXT_HMAC_SECRET_PARSED      0x02
+
 #define RESP_versions               0x1
 #define RESP_extensions             0x2
 #define RESP_aaguid                 0x3
@@ -105,6 +112,8 @@
 #define CREDENTIAL_ENC_SIZE         176  // pad to multiple of 16 bytes
 
 #define PUB_KEY_CRED_PUB_KEY        0x01
+#define PUB_KEY_CRED_CTAP1          0x41
+#define PUB_KEY_CRED_CUSTOM         0x42
 #define PUB_KEY_CRED_UNKNOWN        0x3F
 
 #define CREDENTIAL_IS_SUPPORTED     1
@@ -122,6 +131,8 @@
 #define PIN_LOCKOUT_ATTEMPTS        8       // Number of attempts total
 #define PIN_BOOT_ATTEMPTS           3       // number of attempts per boot
 
+#define CTAP2_UP_DELAY_MS           5000
+
 typedef struct
 {
     uint8_t id[USER_ID_MAX_SIZE];
@@ -142,9 +153,13 @@ struct Credential {
     CredentialId id;
     CTAP_userEntity user;
 };
-
 typedef struct Credential CTAP_residentKey;
 
+typedef struct
+{
+    uint8_t type;
+    struct Credential credential;
+} CTAP_credentialDescriptor;
 
 typedef struct
 {
@@ -181,34 +196,67 @@ struct rpId
     uint8_t name[RP_NAME_LIMIT];
 };
 
+typedef struct
+{
+    struct{
+        uint8_t x[32];
+        uint8_t y[32];
+    } pubkey;
+
+    int kty;
+    int crv;
+} COSE_key;
+
+typedef struct
+{
+    uint8_t saltLen;
+    uint8_t saltEnc[64];
+    uint8_t saltAuth[32];
+    COSE_key keyAgreement;
+    struct Credential * credential;
+} CTAP_hmac_secret;
+
+typedef struct
+{
+    uint8_t hmac_secret_present;
+    CTAP_hmac_secret hmac_secret;
+} CTAP_extensions;
+
+typedef struct
+{
+    CTAP_userEntity user;
+    uint8_t publicKeyCredentialType;
+    int32_t COSEAlgorithmIdentifier;
+    uint8_t rk;
+} CTAP_credInfo;
+
 typedef struct
 {
     uint32_t paramsParsed;
     uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
     struct rpId rp;
-    CTAP_userEntity user;
 
-    uint8_t publicKeyCredentialType;
-    int32_t COSEAlgorithmIdentifier;
+    CTAP_credInfo credInfo;
 
     CborValue excludeList;
     size_t excludeListSize;
 
-    uint8_t rk;
     uint8_t uv;
     uint8_t up;
 
     uint8_t pinAuth[16];
     uint8_t pinAuthPresent;
+    // pinAuthEmpty is true iff an empty bytestring was provided as pinAuth.
+    // This is exclusive with |pinAuthPresent|. It exists because an empty
+    // pinAuth is a special signal to block for touch. See
+    // https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential
+    uint8_t pinAuthEmpty;
     int pinProtocol;
+    CTAP_extensions extensions;
 
 } CTAP_makeCredential;
 
-typedef struct
-{
-    uint8_t type;
-    struct Credential credential;
-} CTAP_credentialDescriptor;
+
 
 typedef struct
 {
@@ -226,26 +274,25 @@ typedef struct
 
     uint8_t pinAuth[16];
     uint8_t pinAuthPresent;
+    // pinAuthEmpty is true iff an empty bytestring was provided as pinAuth.
+    // This is exclusive with |pinAuthPresent|. It exists because an empty
+    // pinAuth is a special signal to block for touch. See
+    // https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorGetAssertion
+    uint8_t pinAuthEmpty;
     int pinProtocol;
 
-    CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
+    CTAP_credentialDescriptor * creds;
     uint8_t allowListPresent;
+
+    CTAP_extensions extensions;
+
 } CTAP_getAssertion;
 
 typedef struct
 {
     int pinProtocol;
     int subCommand;
-    struct
-    {
-        struct{
-            uint8_t x[32];
-            uint8_t y[32];
-        } pubkey;
-
-        int kty;
-        int crv;
-    } keyAgreement;
+    COSE_key keyAgreement;
     uint8_t keyAgreementPresent;
     uint8_t pinAuth[16];
     uint8_t pinAuthPresent;
@@ -258,6 +305,19 @@ typedef struct
 } CTAP_clientPin;
 
 
+struct _getAssertionState {
+    CTAP_authDataHeader authData;
+    uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
+    CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
+    uint8_t lastcmd;
+    uint32_t count;
+    uint32_t index;
+    uint32_t time;
+    uint8_t user_verified;
+    uint8_t customCredId[256];
+    uint8_t customCredIdSize;
+};
+
 void ctap_response_init(CTAP_RESPONSE * resp);
 
 uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp);

fido2/ctap_parse.c

@@ -9,12 +9,14 @@
 #include "cbor.h"
 
 #include "ctap.h"
+#include "u2f.h"
 #include "ctap_parse.h"
 #include "ctap_errors.h"
 #include "cose_key.h"
 #include "util.h"
 #include "log.h"
 
+extern struct _getAssertionState getAssertionState;
 
 void _check_ret(CborError ret, int line, const char * filename)
 {
@@ -128,14 +130,13 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
             }
 
             sz = USER_ID_MAX_SIZE;
-            ret = cbor_value_copy_byte_string(&map, MC->user.id, &sz, NULL);
+            ret = cbor_value_copy_byte_string(&map, MC->credInfo.user.id, &sz, NULL);
             if (ret == CborErrorOutOfMemory)
             {
                 printf2(TAG_ERR,"Error, USER_ID is too large\n");
                 return CTAP2_ERR_LIMIT_EXCEEDED;
             }
-            MC->user.id_size = sz;
-            printf1(TAG_GREEN,"parsed id_size: %d\r\n", MC->user.id_size);
+            MC->credInfo.user.id_size = sz;
             check_ret(ret);
         }
         else if (strcmp((const char *)key, "name") == 0)
@@ -146,12 +147,12 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
                 return CTAP2_ERR_INVALID_CBOR_TYPE;
             }
             sz = USER_NAME_LIMIT;
-            ret = cbor_value_copy_text_string(&map, (char *)MC->user.name, &sz, NULL);
+            ret = cbor_value_copy_text_string(&map, (char *)MC->credInfo.user.name, &sz, NULL);
             if (ret != CborErrorOutOfMemory)
             {   // Just truncate the name it's okay
                 check_ret(ret);
             }
-            MC->user.name[USER_NAME_LIMIT - 1] = 0;
+            MC->credInfo.user.name[USER_NAME_LIMIT - 1] = 0;
         }
         else if (strcmp((const char *)key, "displayName") == 0)
         {
@@ -161,12 +162,12 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
                 return CTAP2_ERR_INVALID_CBOR_TYPE;
             }
             sz = DISPLAY_NAME_LIMIT;
-            ret = cbor_value_copy_text_string(&map, (char *)MC->user.displayName, &sz, NULL);
+            ret = cbor_value_copy_text_string(&map, (char *)MC->credInfo.user.displayName, &sz, NULL);
             if (ret != CborErrorOutOfMemory)
             {   // Just truncate the name it's okay
                 check_ret(ret);
             }
-            MC->user.displayName[DISPLAY_NAME_LIMIT - 1] = 0;
+            MC->credInfo.user.displayName[DISPLAY_NAME_LIMIT - 1] = 0;
         }
         else if (strcmp((const char *)key, "icon") == 0)
         {
@@ -176,12 +177,12 @@ uint8_t parse_user(CTAP_makeCredential * MC, CborValue * val)
                 return CTAP2_ERR_INVALID_CBOR_TYPE;
             }
             sz = ICON_LIMIT;
-            ret = cbor_value_copy_text_string(&map, (char *)MC->user.icon, &sz, NULL);
+            ret = cbor_value_copy_text_string(&map, (char *)MC->credInfo.user.icon, &sz, NULL);
             if (ret != CborErrorOutOfMemory)
             {   // Just truncate the name it's okay
                 check_ret(ret);
             }
-            MC->user.icon[ICON_LIMIT - 1] = 0;
+            MC->credInfo.user.icon[ICON_LIMIT - 1] = 0;
 
         }
         else
@@ -305,8 +306,8 @@ uint8_t parse_pub_key_cred_params(CTAP_makeCredential * MC, CborValue * val)
         {
             if (pub_key_cred_param_supported(cred_type, alg_type) == CREDENTIAL_IS_SUPPORTED)
             {
-                MC->publicKeyCredentialType = cred_type;
-                MC->COSEAlgorithmIdentifier = alg_type;
+                MC->credInfo.publicKeyCredentialType = cred_type;
+                MC->credInfo.COSEAlgorithmIdentifier = alg_type;
                 MC->paramsParsed |= PARAM_pubKeyCredParams;
                 return 0;
             }
@@ -521,7 +522,7 @@ uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv, uint8_t * up)
 
         if (cbor_value_get_type(&map) != CborBooleanType)
         {
-            printf2(TAG_ERR,"Error, expecting text string type for rp map value\n");
+            printf2(TAG_ERR,"Error, expecting bool type for option map value\n");
             return CTAP2_ERR_INVALID_CBOR_TYPE;
         }
 
@@ -556,6 +557,154 @@ uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv, uint8_t * up)
     return 0;
 }
 
+uint8_t ctap_parse_hmac_secret(CborValue * val, CTAP_hmac_secret * hs)
+{
+    size_t map_length;
+    size_t salt_len;
+    uint8_t parsed_count = 0;
+    int key;
+    int ret;
+    unsigned int i;
+    CborValue map;
+
+    if (cbor_value_get_type(val) != CborMapType)
+    {
+        printf2(TAG_ERR,"error, wrong type\n");
+        return CTAP2_ERR_INVALID_CBOR_TYPE;
+    }
+
+    ret = cbor_value_enter_container(val,&map);
+    check_ret(ret);
+
+    ret = cbor_value_get_map_length(val, &map_length);
+    check_ret(ret);
+
+    for (i = 0; i < map_length; i++)
+    {
+        if (cbor_value_get_type(&map) != CborIntegerType)
+        {
+            printf2(TAG_ERR,"Error, expecting CborIntegerTypefor hmac-secret map key, got %s\n", cbor_value_get_type_string(&map));
+            return CTAP2_ERR_INVALID_CBOR_TYPE;
+        }
+        ret = cbor_value_get_int(&map, &key);
+        check_ret(ret);
+
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+
+        switch(key)
+        {
+            case EXT_HMAC_SECRET_COSE_KEY:
+                ret = parse_cose_key(&map, &hs->keyAgreement);
+                check_retr(ret);
+                parsed_count++;
+            break;
+            case EXT_HMAC_SECRET_SALT_ENC:
+                salt_len = 64;
+                ret = cbor_value_copy_byte_string(&map, hs->saltEnc, &salt_len, NULL);
+                if ((salt_len != 32 && salt_len != 64) || ret == CborErrorOutOfMemory)
+                {
+                    return CTAP1_ERR_INVALID_LENGTH;
+                }
+                check_ret(ret);
+                hs->saltLen = salt_len;
+                parsed_count++;
+            break;
+            case EXT_HMAC_SECRET_SALT_AUTH:
+                salt_len = 32;
+                ret = cbor_value_copy_byte_string(&map, hs->saltAuth, &salt_len, NULL);
+                check_ret(ret);
+                parsed_count++;
+            break;
+        }
+
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+    }
+
+    if (parsed_count != 3)
+    {
+        printf2(TAG_ERR, "ctap_parse_hmac_secret missing parameter.  Got %d.\r\n", parsed_count);
+        return CTAP2_ERR_MISSING_PARAMETER;
+    }
+
+    return 0;
+}
+
+
+uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
+{
+    CborValue map;
+    size_t sz, map_length;
+    char key[16];
+    int ret;
+    unsigned int i;
+    bool b;
+
+    if (cbor_value_get_type(val) != CborMapType)
+    {
+        printf2(TAG_ERR,"error, wrong type\n");
+        return CTAP2_ERR_INVALID_CBOR_TYPE;
+    }
+
+    ret = cbor_value_enter_container(val, &map);
+    check_ret(ret);
+
+    ret = cbor_value_get_map_length(val, &map_length);
+    check_ret(ret);
+
+    for (i = 0; i < map_length; i++)
+    {
+        if (cbor_value_get_type(&map) != CborTextStringType)
+        {
+            printf2(TAG_ERR,"Error, expecting text string type for options map key, got %s\n", cbor_value_get_type_string(&map));
+            return CTAP2_ERR_INVALID_CBOR_TYPE;
+        }
+        sz = sizeof(key);
+        ret = cbor_value_copy_text_string(&map, key, &sz, NULL);
+
+        if (ret == CborErrorOutOfMemory)
+        {
+            printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n");
+            cbor_value_advance(&map);
+            cbor_value_advance(&map);
+            continue;
+        }
+        check_ret(ret);
+        key[sizeof(key) - 1] = 0;
+
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+
+
+        if (strncmp(key, "hmac-secret",11) == 0)
+        {
+            if (cbor_value_get_type(&map) == CborBooleanType)
+            {
+                ret = cbor_value_get_boolean(&map, &b);
+                check_ret(ret);
+                if (b) ext->hmac_secret_present = EXT_HMAC_SECRET_REQUESTED;
+                printf1(TAG_CTAP, "set hmac_secret_present to %d\r\n", b);
+            }
+            else if (cbor_value_get_type(&map) == CborMapType)
+            {
+                ret = ctap_parse_hmac_secret(&map, &ext->hmac_secret);
+                check_retr(ret);
+                ext->hmac_secret_present = EXT_HMAC_SECRET_PARSED;
+                printf1(TAG_CTAP, "parsed hmac_secret request\r\n");
+            }
+            else
+            {
+                printf1(TAG_RED, "warning: hmac_secret request ignored for being wrong type\r\n");
+            }
+        }
+
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+    }
+    return 0;
+}
+
 uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length)
 {
     int ret;
@@ -631,8 +780,8 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
 
                 ret = parse_user(MC, &map);
 
-                printf1(TAG_MC,"  ID: "); dump_hex1(TAG_MC, MC->user.id, MC->user.id_size);
-                printf1(TAG_MC,"  name: %s\n", MC->user.name);
+                printf1(TAG_MC,"  ID: "); dump_hex1(TAG_MC, MC->credInfo.user.id, MC->credInfo.user.id_size);
+                printf1(TAG_MC,"  name: %s\n", MC->credInfo.user.name);
 
                 break;
             case MC_pubKeyCredParams:
@@ -640,8 +789,8 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
 
                 ret = parse_pub_key_cred_params(MC, &map);
 
-                printf1(TAG_MC,"  cred_type: 0x%02x\n", MC->publicKeyCredentialType);
-                printf1(TAG_MC,"  alg_type: %d\n", MC->COSEAlgorithmIdentifier);
+                printf1(TAG_MC,"  cred_type: 0x%02x\n", MC->credInfo.publicKeyCredentialType);
+                printf1(TAG_MC,"  alg_type: %d\n", MC->credInfo.COSEAlgorithmIdentifier);
 
                 break;
             case MC_excludeList:
@@ -665,21 +814,31 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
                 {
                     return CTAP2_ERR_INVALID_CBOR_TYPE;
                 }
+                ret = ctap_parse_extensions(&map, &MC->extensions);
+                check_retr(ret);
                 break;
 
             case MC_options:
                 printf1(TAG_MC,"CTAP_options\n");
-                ret = parse_options(&map, &MC->rk, &MC->uv, &MC->up);
+                ret = parse_options(&map, &MC->credInfo.rk, &MC->uv, &MC->up);
                 check_retr(ret);
                 break;
-            case MC_pinAuth:
+            case MC_pinAuth: {
                 printf1(TAG_MC,"CTAP_pinAuth\n");
 
+                size_t pinSize;
+                if (cbor_value_get_type(&map) == CborByteStringType &&
+                    cbor_value_get_string_length(&map, &pinSize) == CborNoError &&
+                    pinSize == 0)
+                {
+                    MC->pinAuthEmpty = 1;
+                    break;
+                }
+
                 ret = parse_fixed_byte_string(&map, MC->pinAuth, 16);
                 if (CTAP1_ERR_INVALID_LENGTH != ret)    // damn microsoft
                 {
                     check_retr(ret);
-
                 }
                 else
                 {
@@ -687,6 +846,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
                 }
                 MC->pinAuthPresent = 1;
                 break;
+            }
             case MC_pinProtocol:
                 printf1(TAG_MC,"CTAP_pinProtocol\n");
                 if (cbor_value_get_type(&map) == CborIntegerType)
@@ -723,6 +883,8 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     size_t buflen;
     char type[12];
     CborValue val;
+    cred->type = 0;
+
     if (cbor_value_get_type(arr) != CborMapType)
     {
         printf2(TAG_ERR,"Error, CborMapType expected in credential\n");
@@ -739,12 +901,22 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     }
 
     buflen = sizeof(CredentialId);
-    cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL);
-    if (buflen != sizeof(CredentialId))
+    ret = cbor_value_copy_byte_string(&val, (uint8_t*)&cred->credential.id, &buflen, NULL);
+
+    if (buflen == U2F_KEY_HANDLE_SIZE)
     {
-        printf2(TAG_ERR,"Ignoring credential is incorrect length\n");
-        //return CTAP2_ERR_CBOR_UNEXPECTED_TYPE; // maybe just skip it instead of fail?
+        printf2(TAG_PARSE,"CTAP1 credential\n");
+        cred->type = PUB_KEY_CRED_CTAP1;
     }
+    else if (buflen != sizeof(CredentialId))
+    {
+        printf2(TAG_ERR,"Ignoring credential is incorrect length, treating as custom\n");
+        cred->type = PUB_KEY_CRED_CUSTOM;
+        buflen = 256;
+        ret = cbor_value_copy_byte_string(&val, getAssertionState.customCredId, &buflen, NULL);
+        getAssertionState.customCredIdSize = buflen;
+    }
+    check_ret(ret);
 
     ret = cbor_value_map_find_value(arr, "type", &val);
     check_ret(ret);
@@ -756,12 +928,24 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     }
 
     buflen = sizeof(type);
-    cbor_value_copy_text_string(&val, type, &buflen, NULL);
+    ret = cbor_value_copy_text_string(&val, type, &buflen, NULL);
+    if (ret == CborErrorOutOfMemory)
+    {
+        cred->type = PUB_KEY_CRED_UNKNOWN;
+    }
+    else
+    {
+        check_ret(ret);
+    }
+
 
     if (strncmp(type, "public-key",11) == 0)
+    {
+        if (0 == cred->type)
         {
             cred->type = PUB_KEY_CRED_PUB_KEY;
         }
+    }
     else
     {
         cred->type = PUB_KEY_CRED_UNKNOWN;
@@ -825,6 +1009,8 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
     CborValue it,map;
 
     memset(GA, 0, sizeof(CTAP_getAssertion));
+    GA->creds = getAssertionState.creds;     // Save stack memory
+
     ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
     check_ret(ret);
 
@@ -886,6 +1072,8 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
                 break;
             case GA_extensions:
                 printf1(TAG_GA,"GA_extensions\n");
+                ret = ctap_parse_extensions(&map, &GA->extensions);
+                check_retr(ret);
                 break;
 
             case GA_options:
@@ -893,9 +1081,18 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
                 ret = parse_options(&map, &GA->rk, &GA->uv, &GA->up);
                 check_retr(ret);
                 break;
-            case GA_pinAuth:
+            case GA_pinAuth: {
                 printf1(TAG_GA,"CTAP_pinAuth\n");
 
+                size_t pinSize;
+                if (cbor_value_get_type(&map) == CborByteStringType &&
+                    cbor_value_get_string_length(&map, &pinSize) == CborNoError &&
+                    pinSize == 0)
+                {
+                    GA->pinAuthEmpty = 1;
+                    break;
+                }
+
                 ret = parse_fixed_byte_string(&map, GA->pinAuth, 16);
                 if (CTAP1_ERR_INVALID_LENGTH != ret)    // damn microsoft
                 {
@@ -911,6 +1108,7 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
                 GA->pinAuthPresent = 1;
 
                 break;
+            }
             case GA_pinProtocol:
                 printf1(TAG_GA,"CTAP_pinProtocol\n");
                 if (cbor_value_get_type(&map) == CborIntegerType)
@@ -940,15 +1138,15 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
     return 0;
 }
 
-uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv)
+uint8_t parse_cose_key(CborValue * it, COSE_key * cose)
 {
     CborValue map;
     size_t map_length;
     int ret,key;
     unsigned int i;
     int xkey = 0,ykey = 0;
-    *kty = 0;
-    *crv = 0;
+    cose->kty = 0;
+    cose->crv = 0;
 
 
     CborType type = cbor_value_get_type(it);
@@ -986,7 +1184,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
                 printf1(TAG_PARSE,"COSE_KEY_LABEL_KTY\n");
                 if (cbor_value_get_type(&map) == CborIntegerType)
                 {
-                    ret = cbor_value_get_int_checked(&map, kty);
+                    ret = cbor_value_get_int_checked(&map, &cose->kty);
                     check_ret(ret);
                 }
                 else
@@ -1001,7 +1199,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
                 printf1(TAG_PARSE,"COSE_KEY_LABEL_CRV\n");
                 if (cbor_value_get_type(&map) == CborIntegerType)
                 {
-                    ret = cbor_value_get_int_checked(&map, crv);
+                    ret = cbor_value_get_int_checked(&map, &cose->crv);
                     check_ret(ret);
                 }
                 else
@@ -1011,14 +1209,14 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
                 break;
             case COSE_KEY_LABEL_X:
                 printf1(TAG_PARSE,"COSE_KEY_LABEL_X\n");
-                ret = parse_fixed_byte_string(&map, x, 32);
+                ret = parse_fixed_byte_string(&map, cose->pubkey.x, 32);
                 check_retr(ret);
                 xkey = 1;
 
                 break;
             case COSE_KEY_LABEL_Y:
                 printf1(TAG_PARSE,"COSE_KEY_LABEL_Y\n");
-                ret = parse_fixed_byte_string(&map, y, 32);
+                ret = parse_fixed_byte_string(&map, cose->pubkey.y, 32);
                 check_retr(ret);
                 ykey = 1;
 
@@ -1030,7 +1228,7 @@ uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int
         ret = cbor_value_advance(&map);
         check_ret(ret);
     }
-    if (xkey == 0 || ykey == 0 || *kty == 0 || *crv == 0)
+    if (xkey == 0 || ykey == 0 || cose->kty == 0 || cose->crv == 0)
     {
         return CTAP2_ERR_MISSING_PARAMETER;
     }
@@ -1110,7 +1308,7 @@ uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length
                 break;
             case CP_keyAgreement:
                 printf1(TAG_CP,"CP_keyAgreement\n");
-                ret = parse_cose_key(&map, CP->keyAgreement.pubkey.x, CP->keyAgreement.pubkey.y, &CP->keyAgreement.kty, &CP->keyAgreement.crv);
+                ret = parse_cose_key(&map, &CP->keyAgreement);
                 check_retr(ret);
                 CP->keyAgreementPresent = 1;
                 break;

fido2/ctap_parse.h

@@ -30,7 +30,7 @@ uint8_t parse_rp(struct rpId * rp, CborValue * val);
 uint8_t parse_options(CborValue * val, uint8_t * rk, uint8_t * uv, uint8_t * up);
 
 uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it);
-uint8_t parse_cose_key(CborValue * it, uint8_t * x, uint8_t * y, int * kty, int * crv);
+uint8_t parse_cose_key(CborValue * it, COSE_key * cose);
 
 
 uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);

fido2/ctaphid.c

@@ -16,6 +16,12 @@
 #include "util.h"
 #include "log.h"
 #include "extensions.h"
+
+// move custom SHA512 command out,
+// and the following headers too
+#include "sha2.h"
+#include "crypto.h"
+
 #include APP_CONFIG
 
 typedef enum
@@ -528,6 +534,10 @@ static int ctaphid_buffer_packet(uint8_t * pkt_raw, uint8_t * cmd, uint32_t * ci
     return buffer_status();
 }
 
+extern void _check_ret(CborError ret, int line, const char * filename);
+#define check_hardcore(r)   _check_ret(r,__LINE__, __FILE__);\
+                            if ((r) != CborNoError) exit(1);
+
 uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
 {
     uint8_t cmd;
@@ -718,6 +728,155 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
             ctaphid_write(&wb, NULL, 0);
             is_busy = 0;
         break;
+#endif
+#if defined(SOLO_HACKER) && (DEBUG_LEVEL > 0) && (!IS_BOOTLOADER == 1)
+        case CTAPHID_PROBE:
+
+            /*
+             * Expects CBOR-serialized data of the form
+             * {"subcommand": "hash_type", "data": b"the_data"}
+             * with hash_type in SHA256, SHA512
+             */
+
+            // some random logging
+            printf1(TAG_HID,"CTAPHID_PROBE\n");
+            // initialise CTAP response object
+            ctap_response_init(&ctap_resp);
+            // initialise write buffer
+            ctaphid_write_buffer_init(&wb);
+            wb.cid = cid;
+            wb.cmd = CTAPHID_PROBE;
+
+            // prepare parsing (or halt)
+            int ret;
+            CborParser parser;
+            CborValue it, map;
+            ret = cbor_parser_init(
+                ctap_buffer, (size_t) buffer_len(),
+                // strictly speaking, CTAP is not RFC canonical...
+                CborValidateCanonicalFormat,
+                &parser, &it);
+            check_hardcore(ret);
+
+            CborType type = cbor_value_get_type(&it);
+            if (type != CborMapType) exit(1);
+
+            ret = cbor_value_enter_container(&it,&map);
+            check_hardcore(ret);
+
+            size_t map_length = 0;
+            ret = cbor_value_get_map_length(&it, &map_length);
+            if (map_length != 2) exit(1);
+
+            // parse subcommand (or halt)
+            CborValue val;
+            ret = cbor_value_map_find_value(&it, "subcommand", &val);
+            check_hardcore(ret);
+            if (!cbor_value_is_text_string(&val))
+                exit(1);
+
+            int sha_version = 0;
+            bool found = false;
+            if (!found) {
+                ret = cbor_value_text_string_equals(
+                        &val, "SHA256", &found);
+                check_hardcore(ret);
+                if (found)
+                    sha_version = 256;
+            }
+            if (!found) {
+                ret = cbor_value_text_string_equals(
+                        &val, "SHA512", &found);
+                check_hardcore(ret);
+                if (found)
+                    sha_version = 512;
+            }
+            if (sha_version == 0)
+                exit(1);
+
+            // parse data (or halt)
+            ret = cbor_value_map_find_value(&it, "data", &val);
+            check_hardcore(ret);
+            if (!cbor_value_is_byte_string(&val))
+                exit(1);
+
+            size_t data_length = 0;
+            ret = cbor_value_calculate_string_length(&val, &data_length);
+            check_hardcore(ret);
+            if (data_length > 6*1024)
+                exit(1);
+
+            unsigned char data[6*1024];
+            ret = cbor_value_copy_byte_string (
+                    &val, &data[0], &data_length, &val);
+            check_hardcore(ret);
+
+            // execute subcommand
+            if (sha_version == 256) {
+                // calculate hash
+                crypto_sha256_init();
+                crypto_sha256_update(data, data_length);
+                crypto_sha256_final(ctap_buffer);
+                // write output
+                wb.bcnt = CF_SHA256_HASHSZ;  // 32 bytes
+                ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ);
+            }
+
+            if (sha_version == 512) {
+                // calculate hash
+                crypto_sha512_init();
+                crypto_sha512_update(data, data_length);
+                crypto_sha512_final(ctap_buffer);
+                // write output
+                wb.bcnt = CF_SHA512_HASHSZ;  // 64 bytes
+                ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ);
+            }
+
+            // finalize
+            ctaphid_write(&wb, NULL, 0);
+            is_busy = 0;
+        break;
+
+        /*
+        case CTAPHID_SHA256:
+            // some random logging
+            printf1(TAG_HID,"CTAPHID_SHA256\n");
+            // initialise CTAP response object
+            ctap_response_init(&ctap_resp);
+            // initialise write buffer
+            ctaphid_write_buffer_init(&wb);
+            wb.cid = cid;
+            wb.cmd = CTAPHID_SHA256;
+            wb.bcnt = CF_SHA256_HASHSZ;  // 32 bytes
+            // calculate hash
+            crypto_sha256_init();
+            crypto_sha256_update(ctap_buffer, buffer_len());
+            crypto_sha256_final(ctap_buffer);
+            // copy to output
+            ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ);
+            ctaphid_write(&wb, NULL, 0);
+            is_busy = 0;
+        break;
+        case CTAPHID_SHA512:
+            // some random logging
+            printf1(TAG_HID,"CTAPHID_SHA512\n");
+            // initialise CTAP response object
+            ctap_response_init(&ctap_resp);
+            // initialise write buffer
+            ctaphid_write_buffer_init(&wb);
+            wb.cid = cid;
+            wb.cmd = CTAPHID_SHA512;
+            wb.bcnt = CF_SHA512_HASHSZ;  // 64 bytes
+            // calculate hash
+            crypto_sha512_init();
+            crypto_sha512_update(ctap_buffer, buffer_len());
+            crypto_sha512_final(ctap_buffer);
+            // copy to output
+            ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ);
+            ctaphid_write(&wb, NULL, 0);
+            is_busy = 0;
+        break;
+        */
 #endif
         default:
             printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd());

fido2/ctaphid.h

@@ -28,6 +28,8 @@
 #define CTAPHID_ENTERBOOT       (TYPE_INIT | 0x51)
 #define CTAPHID_ENTERSTBOOT     (TYPE_INIT | 0x52)
 #define CTAPHID_GETRNG          (TYPE_INIT | 0x60)
+// reserved for debug, not implemented except for HACKER and DEBUG_LEVEl > 0
+#define CTAPHID_PROBE           (TYPE_INIT | 0x70)
 
     #define ERR_INVALID_CMD         0x01
     #define ERR_INVALID_PAR         0x02

fido2/device.h

@@ -9,7 +9,7 @@
 
 #include "storage.h"
 
-void device_init();
+void device_init(int argc, char *argv[]);
 
 uint32_t millis();
 
@@ -53,11 +53,11 @@ int device_is_button_pressed();
 
 // Test for user presence
 // Return 1 for user is present, 0 user not present, -1 if cancel is requested.
-extern int ctap_user_presence_test();
+int ctap_user_presence_test(uint32_t delay);
 
 // Generate @num bytes of random numbers to @dest
 // return 1 if success, error otherwise
-extern int ctap_generate_rng(uint8_t * dst, size_t num);
+int ctap_generate_rng(uint8_t * dst, size_t num);
 
 // Increment atomic counter and return it.
 // Must support two counters, @sel selects counter0 or counter1.
@@ -65,11 +65,11 @@ uint32_t ctap_atomic_count(int sel);
 
 // Verify the user
 // return 1 if user is verified, 0 if not
-extern int ctap_user_verification(uint8_t arg);
+int ctap_user_verification(uint8_t arg);
 
 // Must be implemented by application
 // data is HID_MESSAGE_SIZE long in bytes
-extern void ctaphid_write_block(uint8_t * data);
+void ctaphid_write_block(uint8_t * data);
 
 
 // Resident key
@@ -86,5 +86,25 @@ void boot_st_bootloader();
 // HID wink command
 void device_wink();
 
+typedef enum {
+    DEVICE_LOW_POWER_IDLE = 0,
+    DEVICE_LOW_POWER_FAST = 1,
+    DEVICE_FAST = 2,
+} DEVICE_CLOCK_RATE;
+
+// Set the clock rate for the device.
+// Three modes are targetted for Solo.
+// 0: Lowest clock rate for NFC.
+// 1: fastest clock rate supported at a low power setting for NFC FIDO.
+// 2: fastest clock rate.  Generally for USB interface.
+void device_set_clock_rate(DEVICE_CLOCK_RATE param);
+
+// Returns NFC_IS_NA, NFC_IS_ACTIVE, or NFC_IS_AVAILABLE
+#define NFC_IS_NA        0
+#define NFC_IS_ACTIVE    1
+#define NFC_IS_AVAILABLE 2
+int device_is_nfc();
+
+void device_init_button();
 
 #endif

fido2/extensions/extensions.c

@@ -35,6 +35,28 @@ int extension_needs_atomic_count(uint8_t klen, uint8_t * keyh)
             || ((wallet_request *) keyh)->operation == WalletSign;
 }
 
+static uint8_t * output_buffer_ptr;
+uint8_t output_buffer_offset;
+uint8_t output_buffer_size;
+
+void extension_writeback_init(uint8_t * buffer, uint8_t size)
+{
+    output_buffer_ptr = buffer;
+    output_buffer_offset = 0;
+    output_buffer_size = size;
+}
+
+void extension_writeback(uint8_t * buf, uint8_t size)
+{
+    if ((output_buffer_offset + size) > output_buffer_size)
+    {
+        return;
+    }
+    memmove(output_buffer_ptr + output_buffer_offset, buf, size);
+    output_buffer_offset += size;
+}
+
+
 int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
 {
     int8_t ret = 0;
@@ -55,8 +77,6 @@ int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen
     u2f_response_writeback((uint8_t *)&ret,1);
 #ifdef IS_BOOTLOADER
     ret = bootloader_bridge(klen, keyh);
-#elif  defined(WALLET_EXTENSION)
-    ret = bridge_u2f_to_wallet(_chal, _appid, klen, keyh);
 #else
     ret = bridge_u2f_to_solo(sig, keyh, klen);
     u2f_response_writeback(sig,72);
@@ -82,6 +102,7 @@ int16_t extend_fido2(CredentialId * credid, uint8_t * output)
 {
     if (is_extension_request((uint8_t*)credid, sizeof(CredentialId)))
     {
+        printf1(TAG_EXT,"IS EXT REQ\r\n");
         output[0] = bridge_u2f_to_solo(output+1, (uint8_t*)credid, sizeof(CredentialId));
         return 1;
     }
@@ -91,10 +112,10 @@ int16_t extend_fido2(CredentialId * credid, uint8_t * output)
     }
 }
 
-int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
+int16_t extend_u2f(APDU_HEADER * req, uint8_t * payload, uint32_t len)
 {
 
-    struct u2f_authenticate_request * auth = (struct u2f_authenticate_request *) req->payload;
+    struct u2f_authenticate_request * auth = (struct u2f_authenticate_request *) payload;
     uint16_t rcode;
 
     if (req->ins == U2F_AUTHENTICATE)
@@ -118,7 +139,7 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
         {
             if ( ! is_extension_request((uint8_t *) &auth->kh, auth->khl))     // Pin requests
             {
-                rcode = U2F_SW_WRONG_PAYLOAD;
+                rcode = U2F_SW_WRONG_DATA;
                 printf1(TAG_EXT, "Ignoring U2F auth request\n");
                 dump_hex1(TAG_EXT, (uint8_t *) &auth->kh, auth->khl);
                 goto end;

fido2/extensions/extensions.h

@@ -7,8 +7,14 @@
 #ifndef EXTENSIONS_H_
 #define EXTENSIONS_H_
 #include "u2f.h"
+#include "apdu.h"
 
-int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len);
+int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
+
+// return 1 if request is a wallet request
+int is_extension_request(uint8_t * req, int len);
+
+int16_t extend_u2f(APDU_HEADER * req, uint8_t * payload, uint32_t len);
 
 int16_t extend_fido2(CredentialId * credid, uint8_t * output);
 
@@ -16,4 +22,8 @@ int bootloader_bridge(int klen, uint8_t * keyh);
 
 int is_extension_request(uint8_t * kh, int len);
 
+
+void extension_writeback_init(uint8_t * buffer, uint8_t size);
+void extension_writeback(uint8_t * buf, uint8_t size);
+
 #endif /* EXTENSIONS_H_ */

fido2/extensions/solo.c

@@ -31,12 +31,15 @@
 #include "log.h"
 #include APP_CONFIG
 
+
+
 // output must be at least 71 bytes
 int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
 {
     int8_t ret = 0;
 
     wallet_request * req = (wallet_request *) keyh;
+    extension_writeback_init(output, 71);
 
     printf1(TAG_WALLET, "u2f-solo [%d]: ", keylen); dump_hex1(TAG_WALLET, keyh, keylen);
 
@@ -61,6 +64,14 @@ int16_t bridge_u2f_to_solo(uint8_t * output, uint8_t * keyh, int keylen)
 
             break;
 
+#ifdef ENABLE_WALLET
+        case WalletSign:
+        case WalletRegister:
+        case WalletPin:
+        case WalletReset:
+            return bridge_to_wallet(keyh, keylen);
+#endif
+
         default:
             printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);
             ret = CTAP1_ERR_INVALID_COMMAND;

fido2/extensions/wallet.c

@@ -14,8 +14,8 @@
 #include "util.h"
 #include "storage.h"
 #include "device.h"
+#include "extensions.h"
 
-#if defined(USING_PC) || defined(IS_BOOTLOADER)
 typedef enum
 {
     MBEDTLS_ECP_DP_NONE = 0,
@@ -32,9 +32,7 @@ typedef enum
     MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
     MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
 } mbedtls_ecp_group_id;
-#else
-#include "ecp.h"
-#endif
+
 
 
 // return 1 if hash is valid, 0 otherwise
@@ -70,14 +68,14 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            u2f_response_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB));
+            extension_writeback(KEY_AGREEMENT_PUB,sizeof(KEY_AGREEMENT_PUB));
             printf1(TAG_WALLET,"pubkey: "); dump_hex1(TAG_WALLET,KEY_AGREEMENT_PUB,64);
 
             break;
         case CP_cmdGetRetries:
             printf1(TAG_WALLET,"cmdGetRetries\n");
             pinTokenEnc[0] = ctap_leftover_pin_attempts();
-            u2f_response_writeback(pinTokenEnc,1);
+            extension_writeback(pinTokenEnc,1);
 
             break;
         case CP_cmdSetPin:
@@ -87,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -113,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -135,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -145,7 +143,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return ret;
 
             printf1(TAG_WALLET,"pinToken: "); dump_hex1(TAG_WALLET, PIN_TOKEN, 16);
-            u2f_response_writeback(pinTokenEnc, PIN_TOKEN_SIZE);
+            extension_writeback(pinTokenEnc, PIN_TOKEN_SIZE);
 
             break;
 
@@ -159,7 +157,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
     return 0;
 }
 
-int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
+int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
 {
     static uint8_t msg_buf[WALLET_MAX_BUFFER];
     int reqlen = klen;
@@ -259,7 +257,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
             crypto_load_external_key(key, keysize);
             crypto_ecdsa_sign(args[0], lens[0], sig, MBEDTLS_ECP_DP_SECP256K1);
 
-            u2f_response_writeback(sig,64);
+            extension_writeback(sig,64);
 
             break;
         case WalletRegister:
@@ -361,7 +359,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
                 }
             }
 
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(5000))
             {
                 printf1(TAG_WALLET,"Reseting device!\n");
                 ctap_reset();
@@ -374,39 +372,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
 
 
             break;
-        case WalletVersion:
-            u2f_response_writeback((uint8_t*)WALLET_VERSION, sizeof(WALLET_VERSION)-1);
-            break;
-        case WalletRng:
-            printf1(TAG_WALLET,"WalletRng\n");
-            if ( ctap_device_locked() )
-            {
-                printf1(TAG_ERR,"device locked\n");
-                ret = CTAP2_ERR_NOT_ALLOWED;
-                goto cleanup;
-            }
-            if ( ctap_is_pin_set() )
-            {
-                if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen))
-                {
-                    printf2(TAG_ERR,"pinAuth is NOT valid\n");
-                    dump_hex1(TAG_ERR,msg_buf,reqlen);
-                    ret = CTAP2_ERR_PIN_AUTH_INVALID;
-                    goto cleanup;
-                }
-            }
 
-            ret = ctap_generate_rng(sig, 72);
-            if (ret != 1)
-            {
-                printf1(TAG_WALLET,"Rng failed\n");
-                ret = CTAP2_ERR_PROCESSING;
-                goto cleanup;
-            }
-            ret = 0;
-
-            u2f_response_writeback((uint8_t *)sig,72);
-            break;
 
         default:
             printf2(TAG_ERR,"Invalid wallet command: %x\n",req->operation);

fido2/extensions/wallet.h

@@ -87,10 +87,7 @@ typedef enum
 } WalletOperation;
 
 
-int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
-
-// return 1 if request is a wallet request
-int is_extension_request(uint8_t * req, int len);
+int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen);
 
 void wallet_init();
 

fido2/log.c

@@ -48,6 +48,8 @@ struct logtag tagtable[] = {
     {TAG_STOR,"STOR"},
     {TAG_BOOT,"BOOT"},
     {TAG_EXT,"EXT"},
+    {TAG_NFC,"NFC"},
+    {TAG_NFC_APDU, "NAPDU"},
 };
 
 
@@ -68,7 +70,7 @@ void LOG(uint32_t tag, const char * filename, int num, const char * fmt, ...)
     {
         if (tag & tagtable[i].tagn)
         {
-            if (tagtable[i].tag[0]) printf("[%s] ", tagtable[i].tag);
+            if (tagtable[i].tag[0] && !(tag & TAG_NO_TAG)) printf("[%s] ", tagtable[i].tag);
             i = 0;
             break;
         }

fido2/log.h

@@ -42,8 +42,11 @@ typedef enum
     TAG_DUMP2    = (1 << 16),
     TAG_BOOT     = (1 << 17),
     TAG_EXT      = (1 << 18),
+    TAG_NFC      = (1 << 19),
+    TAG_NFC_APDU = (1 << 20),
 
-    TAG_FILENO = (1u << 31)
+    TAG_NO_TAG   = (1UL << 30),
+    TAG_FILENO   = (1UL << 31)
 } LOG_TAG;
 
 #if DEBUG_LEVEL > 0

fido2/main.c

@@ -7,6 +7,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
+#include <stdbool.h>
+#include <unistd.h>
 
 #include "cbor.h"
 #include "device.h"
@@ -19,7 +21,8 @@
 
 #if !defined(TEST)
 
-int main()
+
+int main(int argc, char *argv[])
 {
     uint8_t hidmsg[64];
     uint32_t t1 = 0;
@@ -31,35 +34,25 @@ int main()
 		// TAG_GA |
 		TAG_WALLET |
 		TAG_STOR |
+		//TAG_NFC_APDU |
+		TAG_NFC |
 		//TAG_CP |
 		// TAG_CTAP|
 		//TAG_HID|
-            /*TAG_U2F|*/
+		TAG_U2F|
 		//TAG_PARSE |
 		//TAG_TIME|
 		// TAG_DUMP|
 		TAG_GREEN|
 		TAG_RED|
+        TAG_EXT|
 		TAG_ERR
 	);
 
-    device_init();
-    printf1(TAG_GEN,"init device\n");
-
-    usbhid_init();
-    printf1(TAG_GEN,"init usb\n");
-
-
-    ctaphid_init();
-    printf1(TAG_GEN,"init ctaphid\n");
-
-    ctap_init();
-    printf1(TAG_GEN,"init ctap\n");
+    device_init(argc, argv);
 
     memset(hidmsg,0,sizeof(hidmsg));
 
-    printf1(TAG_GEN,"recv'ing hid msg \n");
-
 
     while(1)
     {
@@ -80,6 +73,7 @@ int main()
         {
         }
         ctaphid_check_timeouts();
+
     }
 
     // Should never get here

fido2/u2f.c

@@ -7,9 +7,11 @@
 #include <stdlib.h>
 #include "u2f.h"
 #include "ctap.h"
+#include "ctaphid.h"
 #include "crypto.h"
 #include "log.h"
 #include "device.h"
+#include "apdu.h"
 #include "wallet.h"
 #ifdef ENABLE_U2F_EXTENSIONS
 #include "extensions.h"
@@ -27,12 +29,12 @@ void u2f_reset_response();
 
 static CTAP_RESPONSE * _u2f_resp = NULL;
 
-void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
+void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPONSE * resp)
 {
     uint16_t rcode = 0;
-    uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
     uint8_t byte;
 
+    ctap_response_init(resp);
     u2f_set_writeback_buffer(resp);
 
     if (req->cla != 0)
@@ -42,7 +44,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
         goto end;
     }
 #ifdef ENABLE_U2F_EXTENSIONS
-    rcode = extend_u2f(req, len);
+    rcode = extend_u2f(req, payload, len);
 #endif
     if (rcode != U2F_SW_NO_ERROR && rcode != U2F_SW_CONDITIONS_NOT_SATISFIED)       // If the extension didn't do anything...
     {
@@ -59,7 +61,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
                 {
 
                     timestamp();
-                    rcode = u2f_register((struct u2f_register_request*)req->payload);
+                    rcode = u2f_register((struct u2f_register_request*)payload);
                     printf1(TAG_TIME,"u2f_register time: %d ms\n", timestamp());
 
                 }
@@ -67,7 +69,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
             case U2F_AUTHENTICATE:
                 printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
                 timestamp();
-                rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
+                rcode = u2f_authenticate((struct u2f_authenticate_request*)payload, req->p1);
                 printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", timestamp());
                 break;
             case U2F_VERSION:
@@ -94,6 +96,8 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
 #endif
     }
 
+    device_set_status(CTAPHID_STATUS_IDLE);
+
 end:
     if (rcode != U2F_SW_NO_ERROR)
     {
@@ -109,6 +113,22 @@ end:
     printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length);
 }
 
+void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp)
+{
+	if (len < 5 || !req)
+		return;
+
+    uint32_t alen = req[4];
+
+	u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp);
+}
+
+void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
+{
+    uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
+
+	u2f_request_ex((APDU_HEADER *)req, req->payload, len, resp);
+}
 
 int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)
 {
@@ -156,7 +176,7 @@ static void u2f_make_auth_tag(struct u2f_key_handle * kh, uint8_t * appid, uint8
     memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
 }
 
-static int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pubkey)
+int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pubkey)
 {
     ctap_generate_rng(kh->key, U2F_KEY_HANDLE_KEY_SIZE);
     u2f_make_auth_tag(kh, appid, kh->tag);
@@ -166,26 +186,25 @@ static int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8
 }
 
 
-
-static int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid)
+// Return 1 if authenticate, 0 if not.
+int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
 {
     uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
     u2f_make_auth_tag(kh, appid, tag);
     if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
     {
-        return 0;
+        return 1;
     }
     else
     {
         printf1(TAG_U2F, "key handle + appid not authentic\n");
         printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
         printf1(TAG_U2F, "inp  tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
-        return -1;
+        return 0;
     }
 }
 
 
-
 static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
 {
 
@@ -196,7 +215,8 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
 
     if (control == U2F_AUTHENTICATE_CHECK)
     {
-        if (u2f_appid_eq(&req->kh, req->app) == 0)
+        printf1(TAG_U2F, "CHECK-ONLY\r\n");
+        if (u2f_authenticate_credential(&req->kh, req->app))
         {
             return U2F_SW_CONDITIONS_NOT_SATISFIED;
         }
@@ -206,25 +226,30 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
         }
     }
     if (
-            control != U2F_AUTHENTICATE_SIGN ||
+            (control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
             req->khl != U2F_KEY_HANDLE_SIZE ||
-            u2f_appid_eq(&req->kh, req->app) != 0 ||     // Order of checks is important
+            (!u2f_authenticate_credential(&req->kh, req->app)) ||     // Order of checks is important
             u2f_load_key(&req->kh, req->app) != 0
 
         )
     {
-        return U2F_SW_WRONG_PAYLOAD;
+        return U2F_SW_WRONG_DATA;
     }
 
+	// dont-enforce-user-presence-and-sign
+	if (control == U2F_AUTHENTICATE_SIGN_NO_USER)
+		up = 0;
 
-
-    if (ctap_user_presence_test() == 0)
+	if(up)
+	{
+		if (ctap_user_presence_test(750) == 0)
 		{
 			return U2F_SW_CONDITIONS_NOT_SATISFIED;
 		}
+	}
 
     count = ctap_atomic_count(0);
-    hash[0] = 0xff;
+    hash[0] = (count >> 24) & 0xff;
     hash[1] = (count >> 16) & 0xff;
     hash[2] = (count >> 8) & 0xff;
     hash[3] = (count >> 0) & 0xff;
@@ -241,7 +266,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
     crypto_ecc256_sign(hash, 32, sig);
 
     u2f_response_writeback(&up,1);
-    hash[0] = 0xff;
+    hash[0] = (count >> 24) & 0xff;
     hash[1] = (count >> 16) & 0xff;
     hash[2] = (count >> 8) & 0xff;
     hash[3] = (count >> 0) & 0xff;
@@ -263,7 +288,7 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     const uint16_t attest_size = attestation_cert_der_size;
 
-    if ( ! ctap_user_presence_test())
+	if ( ! ctap_user_presence_test(750))
 	{
 		return U2F_SW_CONDITIONS_NOT_SATISFIED;
 	}
@@ -300,8 +325,6 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     dump_signature_der(sig);
 
-    /*printf1(TAG_U2F, "dersig: "); dump_hex1(TAG_U2F,sig,74);*/
-
 
     return U2F_SW_NO_ERROR;
 }

fido2/u2f.h

@@ -38,16 +38,16 @@
 // U2F Authenticate
 #define U2F_AUTHENTICATE_CHECK              0x7
 #define U2F_AUTHENTICATE_SIGN               0x3
+#define U2F_AUTHENTICATE_SIGN_NO_USER       0x8
 
 
 // Command status responses
 #define U2F_SW_NO_ERROR                     0x9000
-#define U2F_SW_WRONG_DATA                   0x6984
 #define U2F_SW_CONDITIONS_NOT_SATISFIED     0x6985
 #define U2F_SW_INS_NOT_SUPPORTED            0x6d00
 #define U2F_SW_WRONG_LENGTH                 0x6700
 #define U2F_SW_CLASS_NOT_SUPPORTED          0x6E00
-#define U2F_SW_WRONG_PAYLOAD                0x6a80
+#define U2F_SW_WRONG_DATA                   0x6a80
 #define U2F_SW_INSUFFICIENT_MEMORY          0x9210
 
 // Delay in milliseconds to wait for user input
@@ -98,6 +98,12 @@ struct u2f_authenticate_request
 // @req U2F message
 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
 
+// u2f_request send a U2F message to NFC protocol
+// @req data with iso7816 apdu message
+// @len data length
+void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp);
+
+int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid);
 
 int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
 void u2f_reset_response();

in-docker-build.sh

@@ -5,8 +5,9 @@ version=${1:-master}
 export PREFIX=/opt/gcc-arm-none-eabi-8-2018-q4-major/bin/
 
 cd /solo/targets/stm32l432
-git fetch
+git fetch --tags
 git checkout ${version}
+git submodule update --init --recursive
 version=$(git describe)
 
 make cbor
@@ -34,4 +35,17 @@ function build() {
 build bootloader nonverifying
 build bootloader verifying
 build firmware hacker solo
+build firmware hacker-debug-1 solo
+build firmware hacker-debug-2 solo
 build firmware secure solo
+
+pip install -U pip
+pip install -U solo-python
+cd ${out_dir}
+bundle="bundle-hacker-${version}"
+/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-${version}.hex ${bundle}.hex
+sha256sum ${bundle}.hex > ${bundle}.sha2
+bundle="bundle-hacker-debug-1-${version}"
+/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-1-${version}.hex ${bundle}.hex
+bundle="bundle-hacker-debug-2-${version}"
+/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-2-${version}.hex ${bundle}.hex

metadata/Solo-FIDO2-CTAP2-Authenticator.json

@@ -20,6 +20,9 @@
     ],
     "userVerificationDetails": [
         [
+            {
+                "userVerification": 1
+            },
             {
                 "userVerification": 4
             }

pc/app.h

@@ -7,6 +7,7 @@
 
 #ifndef SRC_APP_H_
 #define SRC_APP_H_
+#include <stdbool.h>
 
 #define USING_DEV_BOARD
 
@@ -15,11 +16,13 @@
 #define DEBUG_LEVEL 1
 
 #define ENABLE_U2F
-
+#define ENABLE_U2F_EXTENSIONS
 //#define BRIDGE_TO_WALLET
 
 void printing_init();
 
+extern bool use_udp;
+
 //                              0xRRGGBB
 #define LED_INIT_VALUE			0x000800
 #define LED_WINK_VALUE			0x000008

pc/device.c

@@ -15,6 +15,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <signal.h>
+#include <fcntl.h>
 
 #include "device.h"
 #include "cbor.h"
@@ -22,6 +23,13 @@
 #include "log.h"
 #include "ctaphid.h"
 
+#define RK_NUM  50
+
+bool use_udp = true;
+
+struct ResidentKeyStore {
+    CTAP_residentKey rks[RK_NUM];
+} RK_STORE;
 
 void authenticator_initialize();
 
@@ -113,12 +121,6 @@ void udp_send(int fd, uint8_t * buf, int size)
     }
 }
 
-void udp_close(int fd)
-{
-    close(fd);
-}
-
-
 
 uint32_t millis()
 {
@@ -129,35 +131,79 @@ uint32_t millis()
 }
 
 
-static int serverfd = 0;
+static int fd = 0;
 
 void usbhid_init()
 {
-    // just bridge to UDP for now for pure software testing
-    serverfd = udp_server();
+    if (use_udp)
+    {
+        fd = udp_server();
+    }
+    else
+    {
+        fd = open("/dev/hidg0", O_RDWR);
+        if (fd < 0)
+        {
+            perror("hidg open");
+            exit(1);
+        }
+    }
 }
 
 // Receive 64 byte USB HID message, don't block, return size of packet, return 0 if nothing
 int usbhid_recv(uint8_t * msg)
 {
-    int l = udp_recv(serverfd, msg, HID_MESSAGE_SIZE);
-    /*if (l && l != HID_MESSAGE_SIZE)*/
-    /*{*/
-        /*printf("Error, recv'd message of wrong size %d", l);*/
-        /*exit(1);*/
-    /*}*/
+    int l = 0;
+    if (use_udp)
+    {
+        l = udp_recv(fd, msg, HID_MESSAGE_SIZE);
+    }
+    else
+    {
+        l = read(fd, msg, HID_MESSAGE_SIZE); /* Flawfinder: ignore */
+        if (l < 0)
+        {
+            perror("hidg read");
+            exit(1);
+        }
+    }
+    uint8_t magic_cmd[] = "\xac\x10\x52\xca\x95\xe5\x69\xde\x69\xe0\x2e\xbf"
+                          "\xf3\x33\x48\x5f\x13\xf9\xb2\xda\x34\xc5\xa8\xa3"
+                          "\x40\x52\x66\x97\xa9\xab\x2e\x0b\x39\x4d\x8d\x04"
+                          "\x97\x3c\x13\x40\x05\xbe\x1a\x01\x40\xbf\xf6\x04"
+                          "\x5b\xb2\x6e\xb7\x7a\x73\xea\xa4\x78\x13\xf6\xb4"
+                          "\x9a\x72\x50\xdc";
+    if ( memcmp(magic_cmd, msg, 64) == 0 )
+    {
+        printf1(TAG_RED, "MAGIC REBOOT command recieved!\r\n");
+        memset(msg,0,64);
+        exit(100);
+        return 0;
+    }
+
     return l;
 }
 
 // Send 64 byte USB HID message
 void usbhid_send(uint8_t * msg)
 {
-    udp_send(serverfd, msg, HID_MESSAGE_SIZE);
+    if (use_udp)
+    {
+        udp_send(fd, msg, HID_MESSAGE_SIZE);
+    }
+    else
+    {
+        if (write(fd, msg, HID_MESSAGE_SIZE) < 0)
+        {
+            perror("hidg write");
+            exit(1);
+        }
+    }
 }
 
 void usbhid_close()
 {
-    udp_close(serverfd);
+    close(fd);
 }
 
 void int_handler(int i)
@@ -167,13 +213,54 @@ void int_handler(int i)
     exit(0);
 }
 
-void device_init()
+
+
+void usage(const char * cmd)
 {
+    fprintf(stderr, "Usage: %s [-b udp|hidg]\n", cmd);
+    fprintf(stderr, "   -b      backing implementation: udp(default) or hidg\n");
+    exit(1);
+}
+
+void device_init(int argc, char *argv[])
+{
+
+    int opt;
+
+    while ((opt = getopt(argc, argv, "b:")) != -1)
+    {
+        switch (opt)
+        {
+            case 'b':
+                if (strcmp("udp", optarg) == 0)
+                {
+                    use_udp = true;
+                }
+                else if (strcmp("hidg", optarg) == 0)
+                {
+                    use_udp = false;
+                }
+                else
+                {
+                    usage(argv[0]);
+                }
+                break;
+            default:
+                usage(argv[0]);
+                break;
+        }
+    }
+
     signal(SIGINT, int_handler);
 
+    printf1(TAG_GREEN, "Using %s backing\n", use_udp ? "UDP" : "hidg");
     usbhid_init();
 
     authenticator_initialize();
+
+    ctaphid_init();
+
+    ctap_init( 1 );
 }
 
 
@@ -181,7 +268,15 @@ void main_loop_delay()
 {
     struct timespec ts;
     ts.tv_sec = 0;
-    ts.tv_nsec = 1000*1000*25;
+    ts.tv_nsec = 1000*1000*100;
+    nanosleep(&ts,NULL);
+}
+
+void delay(uint32_t ms)
+{
+    struct timespec ts;
+    ts.tv_sec = 0;
+    ts.tv_nsec = 1000*1000*ms;
     nanosleep(&ts,NULL);
 }
 
@@ -198,7 +293,7 @@ void ctaphid_write_block(uint8_t * data)
 }
 
 
-int ctap_user_presence_test()
+int ctap_user_presence_test(uint32_t d)
 {
     return 1;
 }
@@ -247,6 +342,7 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
 
 const char * state_file = "authenticator_state.bin";
 const char * backup_file = "authenticator_state2.bin";
+const char * rk_file = "resident_keys.bin";
 
 void authenticator_read_state(AuthenticatorState * state)
 {
@@ -366,6 +462,24 @@ int authenticator_is_backup_initialized()
 
 /*}*/
 
+static void sync_rk()
+{
+    FILE * f = fopen(rk_file, "wb+");
+    if (f== NULL)
+    {
+        perror("fopen");
+        exit(1);
+    }
+
+    int ret = fwrite(&RK_STORE, 1, sizeof(RK_STORE), f);
+    fclose(f);
+    if (ret != sizeof(RK_STORE))
+    {
+        perror("fwrite");
+        exit(1);
+    }
+}
+
 void authenticator_initialize()
 {
     uint8_t header[16];
@@ -389,6 +503,22 @@ void authenticator_initialize()
             perror("fwrite");
             exit(1);
         }
+
+        // resident_keys
+        f = fopen(rk_file, "rb");
+        if (f== NULL)
+        {
+            perror("fopen");
+            exit(1);
+        }
+        ret = fread(&RK_STORE, 1, sizeof(RK_STORE), f);
+        fclose(f);
+        if(ret != sizeof(RK_STORE))
+        {
+            perror("fwrite");
+            exit(1);
+        }
+
     }
     else
     {
@@ -427,6 +557,12 @@ void authenticator_initialize()
             exit(1);
         }
 
+        // resident_keys
+        memset(&RK_STORE,0xff,sizeof(RK_STORE));
+        sync_rk();
+
+
+
     }
 }
 
@@ -435,29 +571,60 @@ void device_manage()
 
 }
 
+
+
 void ctap_reset_rk()
 {
+    memset(&RK_STORE,0xff,sizeof(RK_STORE));
+    sync_rk();
+
 }
 
 uint32_t ctap_rk_size()
 {
-    printf("Warning: rk not implemented\n");
-    return 0;
+    return RK_NUM;
 }
+
+
 void ctap_store_rk(int index, CTAP_residentKey * rk)
 {
-    printf("Warning: rk not implemented\n");
+    if (index < RK_NUM)
+    {
+        memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
+        sync_rk();
     }
+    else
+    {
+        printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
+    }
+
+}
+
+
 void ctap_load_rk(int index, CTAP_residentKey * rk)
 {
-    printf("Warning: rk not implemented\n");
+    memmove(rk, RK_STORE.rks + index, sizeof(CTAP_residentKey));
 }
+
 void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
 {
-    printf("Warning: rk not implemented\n");
+    if (index < RK_NUM)
+    {
+        memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
+        sync_rk();
+    }
+    else
+    {
+        printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
+    }
 }
 
 void device_wink()
 {
     printf("*WINK*\n");
 }
+
+int device_is_nfc()
+{
+    return 0;
+}

targets/stm32l432/Makefile

@@ -5,7 +5,7 @@ endif
 APPMAKE=build/application.mk
 BOOTMAKE=build/bootloader.mk
 
-merge_hex=../../tools/solotool.py mergehex
+merge_hex=solo mergehex
 
 .PHONY: all all-hacker all-locked debugboot-app debugboot-boot boot-sig-checking boot-no-sig build-release-locked build-release build-release build-hacker build-debugboot clean clean2 flash flash_dfu flashboot detach cbor test
 
@@ -15,6 +15,12 @@ merge_hex=../../tools/solotool.py mergehex
 firmware-hacker:
 	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
 
+firmware-hacker-debug-1:
+	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=1 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
+
+firmware-hacker-debug-2:
+	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=2 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
+
 firmware-secure:
 	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DUSE_SOLOKEYS_CERT -DFLASH_ROP=2'
 
@@ -87,6 +93,11 @@ flashboot: solo.hex bootloader.hex
 	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
 	STM32_Programmer_CLI -c port=SWD -halt  -d bootloader.hex -rst
 
+flash-firmware:
+	arm-none-eabi-size -A solo.elf
+	solo program aux enter-bootloader
+	solo program bootloader solo.hex
+
 # tell ST DFU to enter application
 detach:
 	STM32_Programmer_CLI -c port=usb1 -ob nBOOT0=1

targets/stm32l432/Makefile.test.mk

@@ -1,73 +0,0 @@
-CC=arm-none-eabi-gcc
-CP=arm-none-eabi-objcopy
-SZ=arm-none-eabi-size
-AR=arm-none-eabi-ar
-
-# ST related
-SRC = src/main.c src/init.c src/flash.c src/led.c
-SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
-SRC += lib/stm32l4xx_ll_gpio.c lib/stm32l4xx_ll_pwr.c lib/stm32l4xx_ll_rcc.c lib/stm32l4xx_ll_tim.c lib/stm32l4xx_ll_utils.c
-
-OBJ1=$(SRC:.c=.o)
-OBJ=$(OBJ1:.s=.o)
-
-INC = -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
-INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
-INC += -I../../crypto/tiny-AES-c
-
-SEARCH=-L../../tinycbor/lib
-
-LDSCRIPT=stm32l432xx.ld
-
-CFLAGS= $(INC)
-
-TARGET=solo
-HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb
-
-# Solo or Nucleo board
-CHIP=STM32L432xx
-
-DEFINES = -D$(CHIP) -DAES256=1  -DUSE_FULL_LL_DRIVER
-DEFINES += -DTEST_SOLO_STM32 -DTEST
-
-CFLAGS=$(INC) -c $(DEFINES)   -Wall -fdata-sections -ffunction-sections $(HW)
-LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs  -specs=nosys.specs  -Wl,--gc-sections  -lnosys
-LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref
-
-
-.PRECIOUS: %.o
-
-all: $(TARGET).elf
-	$(SZ) $^
-
-%.o: %.c
-	$(CC) $^ $(HW)  -Os $(CFLAGS) -o $@
-
-../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
-	$(CC) $^ $(HW)  -O3 $(CFLAGS) -o $@
-
-%.o: %.s
-	$(CC) $^ $(HW)  -Os $(CFLAGS) -o $@
-
-%.elf: $(OBJ)
-	$(CC) $^ $(HW) $(LDFLAGS) -o $@
-
-%.hex: %.elf
-	$(CP) -O ihex $^ $(TARGET).hex
-	$(CP) -O binary $^ $(TARGET).bin
-
-clean:
-	rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)
-
-flash: $(TARGET).hex
-	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
-	STM32_Programmer_CLI -c port=SWD -halt  -d $(TARGET).hex -rst
-
-detach:
-	STM32_Programmer_CLI -c port=usb1 -ob nBOOT0=1
-
-cbor:
-	cd ../../tinycbor/ && make clean
-	cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
-LDFLAGS="$(LDFLAGS_LIB)" \
-CFLAGS="$(CFLAGS)"

targets/stm32l432/bootloader/bootloader.h

@@ -55,7 +55,7 @@
 #define SOLO_PRODUCT_NAME "Solo Bootloader " SOLO_VERSION
 
 void printing_init();
-void hw_init(void);
+void hw_init(int lf);
 
 // Trigger software reset
 void device_reboot();

targets/stm32l432/bootloader/main.c

@@ -8,6 +8,10 @@
 #include <stdlib.h>
 #include <stdint.h>
 
+#include "stm32l4xx_ll_rcc.h"
+#include "stm32l4xx_ll_gpio.h"
+#include "stm32l4xx.h"
+
 #include "cbor.h"
 #include "device.h"
 #include "ctaphid.h"
@@ -17,12 +21,12 @@
 #include "ctap.h"
 #include "app.h"
 #include "memory_layout.h"
-#include "stm32l4xx_ll_rcc.h"
+#include "init.h"
 
-#include "stm32l4xx.h"
 
 uint8_t REBOOT_FLAG = 0;
 
+void SystemClock_Config(void);
 
 void BOOT_boot(void)
 {
@@ -69,7 +73,18 @@ int main()
             TAG_ERR
             );
 
-    device_init();
+    // device_init();
+
+    init_gpio();
+
+    init_millisecond_timer(1);
+
+#if DEBUG_LEVEL > 0
+    init_debug_uart();
+#endif
+
+    device_init_button();
+
     printf1(TAG_GEN,"init device\n");
 
     t1 = millis();
@@ -107,7 +122,13 @@ int main()
 #ifdef SOLO_HACKER
     start_bootloader:
 #endif
+    SystemClock_Config();
+    init_gpio();
+    init_millisecond_timer(0);
+    init_pwm();
+    init_rng();
     usbhid_init();
+
     printf1(TAG_GEN,"init usb\n");
 
     ctaphid_init();

targets/stm32l432/build/application.mk

@@ -2,7 +2,7 @@ include build/common.mk
 
 # ST related
 SRC = src/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
-SRC += src/fifo.c src/crypto.c src/attestation.c
+SRC += src/fifo.c src/crypto.c src/attestation.c src/nfc.c src/ams.c src/sense.c
 SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
 SRC += $(DRIVER_LIBS) $(USB_LIB)
 
@@ -11,9 +11,11 @@ SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
 SRC += ../../fido2/stubs.c ../../fido2/log.c  ../../fido2/ctaphid.c  ../../fido2/ctap.c
 SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
 SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c
+SRC += ../../fido2/extensions/wallet.c
 
 # Crypto libs
 SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c ../../crypto/tiny-AES-c/aes.c
+SRC += ../../crypto/cifra/src/sha512.c ../../crypto/cifra/src/blockwise.c
 
 OBJ1=$(SRC:.c=.o)
 OBJ=$(OBJ1:.s=.o)
@@ -21,6 +23,7 @@ OBJ=$(OBJ1:.s=.o)
 INC = -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
 INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
 INC += -I../../crypto/tiny-AES-c
+INC += -I../../crypto/cifra/src -I../../crypto/cifra/src/ext
 
 SEARCH=-L../../tinycbor/lib
 
@@ -41,12 +44,14 @@ DEBUG=0
 endif
 
 DEFINES = -DDEBUG_LEVEL=$(DEBUG) -D$(CHIP) -DAES256=1  -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"app.h\" $(EXTRA_DEFINES)
-# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
 
-CFLAGS=$(INC) -c $(DEFINES)   -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -fdata-sections -ffunction-sections $(HW) -g $(VERSION_FLAGS)
-LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs  -specs=nosys.specs  -Wl,--gc-sections -u _printf_float -lnosys
+CFLAGS=$(INC) -c $(DEFINES)   -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -fdata-sections -ffunction-sections \
+	-fomit-frame-pointer $(HW) -g $(VERSION_FLAGS)
+LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs  -specs=nosys.specs  -Wl,--gc-sections -lnosys
 LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -Wl,-Bstatic -ltinycbor
 
+ECC_CFLAGS = $(CFLAGS) -DuECC_PLATFORM=5 -DuECC_OPTIMIZATION_LEVEL=4 -DuECC_SQUARE_FUNC=1 -DuECC_SUPPORT_COMPRESSED_POINT=0
+
 
 .PRECIOUS: %.o
 
@@ -57,7 +62,7 @@ all: $(TARGET).elf
 	$(CC) $^ $(HW)  -Os $(CFLAGS) -o $@
 
 ../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
-	$(CC) $^ $(HW)  -O3 $(CFLAGS) -o $@
+	$(CC) $^ $(HW)  -O3 $(ECC_CFLAGS) -o $@
 
 %.o: %.s
 	$(CC) $^ $(HW)  -Os $(CFLAGS) -o $@
@@ -66,6 +71,7 @@ all: $(TARGET).elf
 	$(CC) $^ $(HW) $(LDFLAGS) -o $@
 
 %.hex: %.elf
+	$(SZ) $^
 	$(CP) -O ihex $^ $(TARGET).hex
 
 clean:
@@ -76,4 +82,4 @@ cbor:
 	cd ../../tinycbor/ && make clean
 	cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
 LDFLAGS="$(LDFLAGS_LIB)" \
-CFLAGS="$(CFLAGS)"
+CFLAGS="$(CFLAGS) -Os"

targets/stm32l432/build/bootloader.mk

@@ -3,7 +3,7 @@ include build/common.mk
 # ST related
 SRC = bootloader/main.c bootloader/bootloader.c
 SRC += src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
-SRC += src/fifo.c src/crypto.c src/attestation.c
+SRC += src/fifo.c src/crypto.c src/attestation.c src/sense.c
 SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
 SRC += $(DRIVER_LIBS) $(USB_LIB)
 
@@ -13,6 +13,7 @@ SRC += ../../fido2/stubs.c ../../fido2/log.c  ../../fido2/ctaphid.c  ../../fido2
 
 # Crypto libs
 SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c
+SRC += ../../crypto/cifra/src/sha512.c ../../crypto/cifra/src/blockwise.c
 
 OBJ1=$(SRC:.c=.o)
 OBJ=$(OBJ1:.s=.o)
@@ -21,6 +22,7 @@ OBJ=$(OBJ1:.s=.o)
 INC = -Ibootloader/ -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
 INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
 INC += -I../../crypto/tiny-AES-c
+INC += -I../../crypto/cifra/src -I../../crypto/cifra/src/ext
 
 ifndef LDSCRIPT
 LDSCRIPT=linker/bootloader_stm32l4xx.ld

targets/stm32l432/build/common.mk

@@ -6,7 +6,7 @@ AR=$(PREFIX)arm-none-eabi-ar
 DRIVER_LIBS := lib/stm32l4xx_hal_pcd.c lib/stm32l4xx_hal_pcd_ex.c lib/stm32l4xx_ll_gpio.c  \
        lib/stm32l4xx_ll_rcc.c lib/stm32l4xx_ll_rng.c lib/stm32l4xx_ll_tim.c  \
 	   lib/stm32l4xx_ll_usb.c lib/stm32l4xx_ll_utils.c lib/stm32l4xx_ll_pwr.c \
-	   lib/stm32l4xx_ll_usart.c
+	   lib/stm32l4xx_ll_usart.c lib/stm32l4xx_ll_spi.c
 
 USB_LIB := lib/usbd/usbd_cdc.c lib/usbd/usbd_cdc_if.c lib/usbd/usbd_composite.c \
 	   lib/usbd/usbd_conf.c lib/usbd/usbd_core.c lib/usbd/usbd_ioreq.c \

targets/stm32l432/lib/stm32l4xx_hal_tsc.h

@@ -0,0 +1,844 @@
+/**
+  ******************************************************************************
+  * @file    stm32l4xx_hal_tsc.h
+  * @author  MCD Application Team
+  * @brief   Header file of TSC HAL module.
+  ******************************************************************************
+  * @attention
+  *
+  * <h2><center>&copy; COPYRIGHT(c) 2017 STMicroelectronics</center></h2>
+  *
+  * Redistribution and use in source and binary forms, with or without modification,
+  * are permitted provided that the following conditions are met:
+  *   1. Redistributions of source code must retain the above copyright notice,
+  *      this list of conditions and the following disclaimer.
+  *   2. Redistributions in binary form must reproduce the above copyright notice,
+  *      this list of conditions and the following disclaimer in the documentation
+  *      and/or other materials provided with the distribution.
+  *   3. Neither the name of STMicroelectronics nor the names of its contributors
+  *      may be used to endorse or promote products derived from this software
+  *      without specific prior written permission.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  *
+  ******************************************************************************
+  */
+
+/* Define to prevent recursive inclusion -------------------------------------*/
+#ifndef STM32L4xx_HAL_TSC_H
+#define STM32L4xx_HAL_TSC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Includes ------------------------------------------------------------------*/
+#include "stm32l4xx_hal_def.h"
+
+/** @addtogroup STM32L4xx_HAL_Driver
+  * @{
+  */
+
+/** @addtogroup TSC
+  * @{
+  */
+
+/* Exported types ------------------------------------------------------------*/
+/** @defgroup TSC_Exported_Types TSC Exported Types
+  * @{
+  */
+
+/**
+  * @brief TSC state structure definition
+  */
+typedef enum
+{
+  HAL_TSC_STATE_RESET  = 0x00UL, /*!< TSC registers have their reset value */
+  HAL_TSC_STATE_READY  = 0x01UL, /*!< TSC registers are initialized or acquisition is completed with success */
+  HAL_TSC_STATE_BUSY   = 0x02UL, /*!< TSC initialization or acquisition is on-going */
+  HAL_TSC_STATE_ERROR  = 0x03UL  /*!< Acquisition is completed with max count error */
+} HAL_TSC_StateTypeDef;
+
+/**
+  * @brief TSC group status structure definition
+  */
+typedef enum
+{
+  TSC_GROUP_ONGOING   = 0x00UL, /*!< Acquisition on group is on-going or not started */
+  TSC_GROUP_COMPLETED = 0x01UL /*!< Acquisition on group is completed with success (no max count error) */
+} TSC_GroupStatusTypeDef;
+
+/**
+  * @brief TSC init structure definition
+  */
+typedef struct
+{
+  uint32_t CTPulseHighLength;       /*!< Charge-transfer high pulse length
+                                         This parameter can be a value of @ref TSC_CTPulseHL_Config  */
+  uint32_t CTPulseLowLength;        /*!< Charge-transfer low pulse length
+                                         This parameter can be a value of @ref TSC_CTPulseLL_Config  */
+  uint32_t SpreadSpectrum;          /*!< Spread spectrum activation
+                                         This parameter can be a value of @ref TSC_CTPulseLL_Config  */
+  uint32_t SpreadSpectrumDeviation; /*!< Spread spectrum deviation
+                                         This parameter must be a number between Min_Data = 0 and Max_Data = 127 */
+  uint32_t SpreadSpectrumPrescaler; /*!< Spread spectrum prescaler
+                                         This parameter can be a value of @ref TSC_SpreadSpec_Prescaler */
+  uint32_t PulseGeneratorPrescaler; /*!< Pulse generator prescaler
+                                         This parameter can be a value of @ref TSC_PulseGenerator_Prescaler */
+  uint32_t MaxCountValue;           /*!< Max count value
+                                         This parameter can be a value of @ref TSC_MaxCount_Value  */
+  uint32_t IODefaultMode;           /*!< IO default mode
+                                         This parameter can be a value of @ref TSC_IO_Default_Mode  */
+  uint32_t SynchroPinPolarity;      /*!< Synchro pin polarity
+                                         This parameter can be a value of @ref TSC_Synchro_Pin_Polarity */
+  uint32_t AcquisitionMode;         /*!< Acquisition mode
+                                         This parameter can be a value of @ref TSC_Acquisition_Mode  */
+  uint32_t MaxCountInterrupt;       /*!< Max count interrupt activation
+                                         This parameter can be set to ENABLE or DISABLE. */
+  uint32_t ChannelIOs;              /*!< Channel IOs mask */
+  uint32_t ShieldIOs;               /*!< Shield IOs mask */
+  uint32_t SamplingIOs;             /*!< Sampling IOs mask */
+} TSC_InitTypeDef;
+
+/**
+  * @brief TSC IOs configuration structure definition
+  */
+typedef struct
+{
+  uint32_t ChannelIOs;  /*!< Channel IOs mask */
+  uint32_t ShieldIOs;   /*!< Shield IOs mask */
+  uint32_t SamplingIOs; /*!< Sampling IOs mask */
+} TSC_IOConfigTypeDef;
+
+/**
+  * @brief  TSC handle Structure definition
+  */
+typedef struct __TSC_HandleTypeDef
+{
+  TSC_TypeDef               *Instance;  /*!< Register base address      */
+  TSC_InitTypeDef           Init;       /*!< Initialization parameters  */
+  __IO HAL_TSC_StateTypeDef State;      /*!< Peripheral state           */
+  HAL_LockTypeDef           Lock;       /*!< Lock feature               */
+  __IO uint32_t             ErrorCode;  /*!< I2C Error code             */
+
+#if (USE_HAL_TSC_REGISTER_CALLBACKS == 1)
+  void (* ConvCpltCallback)(struct __TSC_HandleTypeDef *htsc);   /*!< TSC Conversion complete callback  */
+  void (* ErrorCallback)(struct __TSC_HandleTypeDef *htsc);      /*!< TSC Error callback                */
+
+  void (* MspInitCallback)(struct __TSC_HandleTypeDef *htsc);    /*!< TSC Msp Init callback             */
+  void (* MspDeInitCallback)(struct __TSC_HandleTypeDef *htsc);  /*!< TSC Msp DeInit callback           */
+
+#endif  /* USE_HAL_TSC_REGISTER_CALLBACKS */
+} TSC_HandleTypeDef;
+
+/**
+  * @brief  TSC Group Index Structure definition
+  */
+typedef enum
+{
+  TSC_GROUP1_IDX = 0x00UL,
+  TSC_GROUP2_IDX,
+  TSC_GROUP3_IDX,
+  TSC_GROUP4_IDX,
+#if defined(TSC_IOCCR_G5_IO1)
+  TSC_GROUP5_IDX,
+#endif
+#if defined(TSC_IOCCR_G6_IO1)
+  TSC_GROUP6_IDX,
+#endif
+#if defined(TSC_IOCCR_G7_IO1)
+  TSC_GROUP7_IDX,
+#endif
+#if defined(TSC_IOCCR_G8_IO1)
+  TSC_GROUP8_IDX,
+#endif
+  TSC_NB_OF_GROUPS
+}TSC_GroupIndexTypeDef;
+
+#if (USE_HAL_TSC_REGISTER_CALLBACKS == 1)
+/**
+  * @brief  HAL TSC Callback ID enumeration definition
+  */
+typedef enum
+{
+  HAL_TSC_CONV_COMPLETE_CB_ID           = 0x00UL,  /*!< TSC Conversion completed callback ID  */
+  HAL_TSC_ERROR_CB_ID                   = 0x01UL,  /*!< TSC Error callback ID                 */
+
+  HAL_TSC_MSPINIT_CB_ID                 = 0x02UL,  /*!< TSC Msp Init callback ID              */
+  HAL_TSC_MSPDEINIT_CB_ID               = 0x03UL   /*!< TSC Msp DeInit callback ID            */
+
+} HAL_TSC_CallbackIDTypeDef;
+
+/**
+  * @brief  HAL TSC Callback pointer definition
+  */
+typedef  void (*pTSC_CallbackTypeDef)(TSC_HandleTypeDef *htsc); /*!< pointer to an TSC callback function */
+
+#endif  /* USE_HAL_TSC_REGISTER_CALLBACKS */
+
+/**
+  * @}
+  */
+
+/* Exported constants --------------------------------------------------------*/
+/** @defgroup TSC_Exported_Constants TSC Exported Constants
+  * @{
+  */
+
+/** @defgroup TSC_Error_Code_definition TSC Error Code definition
+  * @brief  TSC Error Code definition
+  * @{
+  */
+#define HAL_TSC_ERROR_NONE      0x00000000UL    /*!< No error              */
+#if (USE_HAL_TSC_REGISTER_CALLBACKS == 1)
+#define HAL_TSC_ERROR_INVALID_CALLBACK  0x00000001UL    /*!< Invalid Callback error */
+#endif /* USE_HAL_TSC_REGISTER_CALLBACKS */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_CTPulseHL_Config CTPulse High Length
+  * @{
+  */
+#define TSC_CTPH_1CYCLE         0x00000000UL                                                    /*!< Charge transfer pulse high during 1 cycle (PGCLK)   */
+#define TSC_CTPH_2CYCLES        TSC_CR_CTPH_0                                                   /*!< Charge transfer pulse high during 2 cycles (PGCLK)  */
+#define TSC_CTPH_3CYCLES        TSC_CR_CTPH_1                                                   /*!< Charge transfer pulse high during 3 cycles (PGCLK)  */
+#define TSC_CTPH_4CYCLES        (TSC_CR_CTPH_1 | TSC_CR_CTPH_0)                                 /*!< Charge transfer pulse high during 4 cycles (PGCLK)  */
+#define TSC_CTPH_5CYCLES        TSC_CR_CTPH_2                                                   /*!< Charge transfer pulse high during 5 cycles (PGCLK)  */
+#define TSC_CTPH_6CYCLES        (TSC_CR_CTPH_2 | TSC_CR_CTPH_0)                                 /*!< Charge transfer pulse high during 6 cycles (PGCLK)  */
+#define TSC_CTPH_7CYCLES        (TSC_CR_CTPH_2 | TSC_CR_CTPH_1)                                 /*!< Charge transfer pulse high during 7 cycles (PGCLK)  */
+#define TSC_CTPH_8CYCLES        (TSC_CR_CTPH_2 | TSC_CR_CTPH_1 | TSC_CR_CTPH_0)                 /*!< Charge transfer pulse high during 8 cycles (PGCLK)  */
+#define TSC_CTPH_9CYCLES        TSC_CR_CTPH_3                                                   /*!< Charge transfer pulse high during 9 cycles (PGCLK)  */
+#define TSC_CTPH_10CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_0)                                 /*!< Charge transfer pulse high during 10 cycles (PGCLK) */
+#define TSC_CTPH_11CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_1)                                 /*!< Charge transfer pulse high during 11 cycles (PGCLK) */
+#define TSC_CTPH_12CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_1 | TSC_CR_CTPH_0)                 /*!< Charge transfer pulse high during 12 cycles (PGCLK) */
+#define TSC_CTPH_13CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_2)                                 /*!< Charge transfer pulse high during 13 cycles (PGCLK) */
+#define TSC_CTPH_14CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_2 | TSC_CR_CTPH_0)                 /*!< Charge transfer pulse high during 14 cycles (PGCLK) */
+#define TSC_CTPH_15CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_2 | TSC_CR_CTPH_1)                 /*!< Charge transfer pulse high during 15 cycles (PGCLK) */
+#define TSC_CTPH_16CYCLES       (TSC_CR_CTPH_3 | TSC_CR_CTPH_2 | TSC_CR_CTPH_1 | TSC_CR_CTPH_0) /*!< Charge transfer pulse high during 16 cycles (PGCLK) */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_CTPulseLL_Config CTPulse Low Length
+  * @{
+  */
+#define TSC_CTPL_1CYCLE         0x00000000UL                                                     /*!< Charge transfer pulse low during 1 cycle (PGCLK)   */
+#define TSC_CTPL_2CYCLES        TSC_CR_CTPL_0                                                    /*!< Charge transfer pulse low during 2 cycles (PGCLK)  */
+#define TSC_CTPL_3CYCLES        TSC_CR_CTPL_1                                                    /*!< Charge transfer pulse low during 3 cycles (PGCLK)  */
+#define TSC_CTPL_4CYCLES        (TSC_CR_CTPL_1 | TSC_CR_CTPL_0)                                  /*!< Charge transfer pulse low during 4 cycles (PGCLK)  */
+#define TSC_CTPL_5CYCLES        TSC_CR_CTPL_2                                                    /*!< Charge transfer pulse low during 5 cycles (PGCLK)  */
+#define TSC_CTPL_6CYCLES        (TSC_CR_CTPL_2 | TSC_CR_CTPL_0)                                  /*!< Charge transfer pulse low during 6 cycles (PGCLK)  */
+#define TSC_CTPL_7CYCLES        (TSC_CR_CTPL_2 | TSC_CR_CTPL_1)                                  /*!< Charge transfer pulse low during 7 cycles (PGCLK)  */
+#define TSC_CTPL_8CYCLES        (TSC_CR_CTPL_2 | TSC_CR_CTPL_1 | TSC_CR_CTPL_0)                  /*!< Charge transfer pulse low during 8 cycles (PGCLK)  */
+#define TSC_CTPL_9CYCLES        TSC_CR_CTPL_3                                                    /*!< Charge transfer pulse low during 9 cycles (PGCLK)  */
+#define TSC_CTPL_10CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_0)                                  /*!< Charge transfer pulse low during 10 cycles (PGCLK) */
+#define TSC_CTPL_11CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_1)                                  /*!< Charge transfer pulse low during 11 cycles (PGCLK) */
+#define TSC_CTPL_12CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_1 | TSC_CR_CTPL_0)                  /*!< Charge transfer pulse low during 12 cycles (PGCLK) */
+#define TSC_CTPL_13CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_2)                                  /*!< Charge transfer pulse low during 13 cycles (PGCLK) */
+#define TSC_CTPL_14CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_2 | TSC_CR_CTPL_0)                  /*!< Charge transfer pulse low during 14 cycles (PGCLK) */
+#define TSC_CTPL_15CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_2 | TSC_CR_CTPL_1)                  /*!< Charge transfer pulse low during 15 cycles (PGCLK) */
+#define TSC_CTPL_16CYCLES       (TSC_CR_CTPL_3 | TSC_CR_CTPL_2 | TSC_CR_CTPL_1 | TSC_CR_CTPL_0)  /*!< Charge transfer pulse low during 16 cycles (PGCLK) */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_SpreadSpec_Prescaler Spread Spectrum Prescaler
+  * @{
+  */
+#define TSC_SS_PRESC_DIV1       0x00000000UL  /*!< Spread Spectrum Prescaler Div1 */
+#define TSC_SS_PRESC_DIV2       TSC_CR_SSPSC  /*!< Spread Spectrum Prescaler Div2 */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_PulseGenerator_Prescaler Pulse Generator Prescaler
+  * @{
+  */
+#define TSC_PG_PRESC_DIV1       0x00000000UL                                        /*!< Pulse Generator HCLK Div1   */
+#define TSC_PG_PRESC_DIV2       TSC_CR_PGPSC_0                                      /*!< Pulse Generator HCLK Div2   */
+#define TSC_PG_PRESC_DIV4       TSC_CR_PGPSC_1                                      /*!< Pulse Generator HCLK Div4   */
+#define TSC_PG_PRESC_DIV8       (TSC_CR_PGPSC_1 | TSC_CR_PGPSC_0)                   /*!< Pulse Generator HCLK Div8   */
+#define TSC_PG_PRESC_DIV16      TSC_CR_PGPSC_2                                      /*!< Pulse Generator HCLK Div16  */
+#define TSC_PG_PRESC_DIV32      (TSC_CR_PGPSC_2 | TSC_CR_PGPSC_0)                   /*!< Pulse Generator HCLK Div32  */
+#define TSC_PG_PRESC_DIV64      (TSC_CR_PGPSC_2 | TSC_CR_PGPSC_1)                   /*!< Pulse Generator HCLK Div64  */
+#define TSC_PG_PRESC_DIV128     (TSC_CR_PGPSC_2 | TSC_CR_PGPSC_1 | TSC_CR_PGPSC_0)  /*!< Pulse Generator HCLK Div128 */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_MaxCount_Value Max Count Value
+  * @{
+  */
+#define TSC_MCV_255             0x00000000UL                   /*!< 255 maximum number of charge transfer pulses   */
+#define TSC_MCV_511             TSC_CR_MCV_0                   /*!< 511 maximum number of charge transfer pulses   */
+#define TSC_MCV_1023            TSC_CR_MCV_1                   /*!< 1023 maximum number of charge transfer pulses  */
+#define TSC_MCV_2047            (TSC_CR_MCV_1 | TSC_CR_MCV_0)  /*!< 2047 maximum number of charge transfer pulses  */
+#define TSC_MCV_4095            TSC_CR_MCV_2                   /*!< 4095 maximum number of charge transfer pulses  */
+#define TSC_MCV_8191            (TSC_CR_MCV_2 | TSC_CR_MCV_0)  /*!< 8191 maximum number of charge transfer pulses  */
+#define TSC_MCV_16383           (TSC_CR_MCV_2 | TSC_CR_MCV_1)  /*!< 16383 maximum number of charge transfer pulses */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_IO_Default_Mode IO Default Mode
+  * @{
+  */
+#define TSC_IODEF_OUT_PP_LOW    0x00000000UL /*!< I/Os are forced to output push-pull low */
+#define TSC_IODEF_IN_FLOAT      TSC_CR_IODEF /*!< I/Os are in input floating              */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_Synchro_Pin_Polarity Synchro Pin Polarity
+  * @{
+  */
+#define TSC_SYNC_POLARITY_FALLING  0x00000000UL   /*!< Falling edge only           */
+#define TSC_SYNC_POLARITY_RISING   TSC_CR_SYNCPOL /*!< Rising edge and high level  */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_Acquisition_Mode Acquisition Mode
+  * @{
+  */
+#define TSC_ACQ_MODE_NORMAL     0x00000000UL  /*!< Normal acquisition mode (acquisition starts as soon as START bit is set)                                                              */
+#define TSC_ACQ_MODE_SYNCHRO    TSC_CR_AM     /*!< Synchronized acquisition mode (acquisition starts if START bit is set and when the selected signal is detected on the SYNC input pin) */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_interrupts_definition Interrupts definition
+  * @{
+  */
+#define TSC_IT_EOA              TSC_IER_EOAIE /*!< End of acquisition interrupt enable */
+#define TSC_IT_MCE              TSC_IER_MCEIE /*!< Max count error interrupt enable    */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_flags_definition Flags definition
+  * @{
+  */
+#define TSC_FLAG_EOA            TSC_ISR_EOAF /*!< End of acquisition flag */
+#define TSC_FLAG_MCE            TSC_ISR_MCEF /*!< Max count error flag    */
+/**
+  * @}
+  */
+
+/** @defgroup TSC_Group_definition Group definition
+  * @{
+  */
+#define TSC_GROUP1              (uint32_t)(0x1UL << TSC_GROUP1_IDX)
+#define TSC_GROUP2              (uint32_t)(0x1UL << TSC_GROUP2_IDX)
+#define TSC_GROUP3              (uint32_t)(0x1UL << TSC_GROUP3_IDX)
+#define TSC_GROUP4              (uint32_t)(0x1UL << TSC_GROUP4_IDX)
+#if defined(TSC_IOCCR_G5_IO1)
+#define TSC_GROUP5              (uint32_t)(0x1UL << TSC_GROUP5_IDX)
+#endif
+#if defined(TSC_IOCCR_G6_IO1)
+#define TSC_GROUP6              (uint32_t)(0x1UL << TSC_GROUP6_IDX)
+#endif
+#if defined(TSC_IOCCR_G7_IO1)
+#define TSC_GROUP7              (uint32_t)(0x1UL << TSC_GROUP7_IDX)
+#endif
+#if defined(TSC_IOCCR_G8_IO1)
+#define TSC_GROUP8              (uint32_t)(0x1UL << TSC_GROUP8_IDX)
+#endif
+
+#define TSC_GROUPX_NOT_SUPPORTED        0xFF000000UL    /*!< TSC GroupX not supported       */
+
+#define TSC_GROUP1_IO1          TSC_IOCCR_G1_IO1 /*!< TSC Group1 IO1 */
+#define TSC_GROUP1_IO2          TSC_IOCCR_G1_IO2 /*!< TSC Group1 IO2 */
+#define TSC_GROUP1_IO3          TSC_IOCCR_G1_IO3 /*!< TSC Group1 IO3 */
+#define TSC_GROUP1_IO4          TSC_IOCCR_G1_IO4 /*!< TSC Group1 IO4 */
+
+#define TSC_GROUP2_IO1          TSC_IOCCR_G2_IO1 /*!< TSC Group2 IO1 */
+#define TSC_GROUP2_IO2          TSC_IOCCR_G2_IO2 /*!< TSC Group2 IO2 */
+#define TSC_GROUP2_IO3          TSC_IOCCR_G2_IO3 /*!< TSC Group2 IO3 */
+#define TSC_GROUP2_IO4          TSC_IOCCR_G2_IO4 /*!< TSC Group2 IO4 */
+
+#define TSC_GROUP3_IO1          TSC_IOCCR_G3_IO1 /*!< TSC Group3 IO1 */
+#define TSC_GROUP3_IO2          TSC_IOCCR_G3_IO2 /*!< TSC Group3 IO2 */
+#define TSC_GROUP3_IO3          TSC_IOCCR_G3_IO3 /*!< TSC Group3 IO3 */
+#define TSC_GROUP3_IO4          TSC_IOCCR_G3_IO4 /*!< TSC Group3 IO4 */
+
+#define TSC_GROUP4_IO1          TSC_IOCCR_G4_IO1 /*!< TSC Group4 IO1 */
+#define TSC_GROUP4_IO2          TSC_IOCCR_G4_IO2 /*!< TSC Group4 IO2 */
+#define TSC_GROUP4_IO3          TSC_IOCCR_G4_IO3 /*!< TSC Group4 IO3 */
+#define TSC_GROUP4_IO4          TSC_IOCCR_G4_IO4 /*!< TSC Group4 IO4 */
+#if defined(TSC_IOCCR_G5_IO1)
+
+#define TSC_GROUP5_IO1          TSC_IOCCR_G5_IO1 /*!< TSC Group5 IO1 */
+#define TSC_GROUP5_IO2          TSC_IOCCR_G5_IO2 /*!< TSC Group5 IO2 */
+#define TSC_GROUP5_IO3          TSC_IOCCR_G5_IO3 /*!< TSC Group5 IO3 */
+#define TSC_GROUP5_IO4          TSC_IOCCR_G5_IO4 /*!< TSC Group5 IO4 */
+#else
+
+#define TSC_GROUP5_IO1          (uint32_t)(0x00000010UL | TSC_GROUPX_NOT_SUPPORTED)     /*!< TSC Group5 IO1 not supported   */
+#define TSC_GROUP5_IO2          TSC_GROUP5_IO1                                          /*!< TSC Group5 IO2 not supported   */
+#define TSC_GROUP5_IO3          TSC_GROUP5_IO1                                          /*!< TSC Group5 IO3 not supported   */
+#define TSC_GROUP5_IO4          TSC_GROUP5_IO1                                          /*!< TSC Group5 IO4 not supported   */
+#endif
+#if defined(TSC_IOCCR_G6_IO1)
+
+#define TSC_GROUP6_IO1          TSC_IOCCR_G6_IO1 /*!< TSC Group6 IO1 */
+#define TSC_GROUP6_IO2          TSC_IOCCR_G6_IO2 /*!< TSC Group6 IO2 */
+#define TSC_GROUP6_IO3          TSC_IOCCR_G6_IO3 /*!< TSC Group6 IO3 */
+#define TSC_GROUP6_IO4          TSC_IOCCR_G6_IO4 /*!< TSC Group6 IO4 */
+#else
+
+#define TSC_GROUP6_IO1          (uint32_t)(0x00000020UL | TSC_GROUPX_NOT_SUPPORTED)     /*!< TSC Group6 IO1 not supported   */
+#define TSC_GROUP6_IO2          TSC_GROUP6_IO1                                          /*!< TSC Group6 IO2 not supported   */
+#define TSC_GROUP6_IO3          TSC_GROUP6_IO1                                          /*!< TSC Group6 IO3 not supported   */
+#define TSC_GROUP6_IO4          TSC_GROUP6_IO1                                          /*!< TSC Group6 IO4 not supported   */
+#endif
+#if defined(TSC_IOCCR_G7_IO1)
+
+#define TSC_GROUP7_IO1          TSC_IOCCR_G7_IO1 /*!< TSC Group7 IO1 */
+#define TSC_GROUP7_IO2          TSC_IOCCR_G7_IO2 /*!< TSC Group7 IO2 */
+#define TSC_GROUP7_IO3          TSC_IOCCR_G7_IO3 /*!< TSC Group7 IO3 */
+#define TSC_GROUP7_IO4          TSC_IOCCR_G7_IO4 /*!< TSC Group7 IO4 */
+#else
+
+#define TSC_GROUP7_IO1          (uint32_t)(0x00000040UL | TSC_GROUPX_NOT_SUPPORTED)     /*!< TSC Group7 IO1 not supported   */
+#define TSC_GROUP7_IO2          TSC_GROUP7_IO1                                          /*!< TSC Group7 IO2 not supported   */
+#define TSC_GROUP7_IO3          TSC_GROUP7_IO1                                          /*!< TSC Group7 IO3 not supported   */
+#define TSC_GROUP7_IO4          TSC_GROUP7_IO1                                          /*!< TSC Group7 IO4 not supported   */
+#endif
+#if defined(TSC_IOCCR_G8_IO1)
+
+#define TSC_GROUP8_IO1          TSC_IOCCR_G8_IO1 /*!< TSC Group8 IO1 */
+#define TSC_GROUP8_IO2          TSC_IOCCR_G8_IO2 /*!< TSC Group8 IO2 */
+#define TSC_GROUP8_IO3          TSC_IOCCR_G8_IO3 /*!< TSC Group8 IO3 */
+#define TSC_GROUP8_IO4          TSC_IOCCR_G8_IO4 /*!< TSC Group8 IO4 */
+#else
+
+#define TSC_GROUP8_IO1          (uint32_t)(0x00000080UL | TSC_GROUPX_NOT_SUPPORTED)     /*!< TSC Group8 IO1 not supported   */
+#define TSC_GROUP8_IO2          TSC_GROUP8_IO1                                          /*!< TSC Group8 IO2 not supported   */
+#define TSC_GROUP8_IO3          TSC_GROUP8_IO1                                          /*!< TSC Group8 IO3 not supported   */
+#define TSC_GROUP8_IO4          TSC_GROUP8_IO1                                          /*!< TSC Group8 IO4 not supported   */
+#endif
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+/* Exported macros -----------------------------------------------------------*/
+
+/** @defgroup TSC_Exported_Macros TSC Exported Macros
+  * @{
+  */
+
+/** @brief Reset TSC handle state.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#if (USE_HAL_TSC_REGISTER_CALLBACKS == 1)
+#define __HAL_TSC_RESET_HANDLE_STATE(__HANDLE__)                   do{                                                   \
+                                                                       (__HANDLE__)->State = HAL_TSC_STATE_RESET;       \
+                                                                       (__HANDLE__)->MspInitCallback = NULL;            \
+                                                                       (__HANDLE__)->MspDeInitCallback = NULL;          \
+                                                                     } while(0)
+#else
+#define __HAL_TSC_RESET_HANDLE_STATE(__HANDLE__)                   ((__HANDLE__)->State = HAL_TSC_STATE_RESET)
+#endif
+
+/**
+  * @brief Enable the TSC peripheral.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE(__HANDLE__)                               ((__HANDLE__)->Instance->CR |= TSC_CR_TSCE)
+
+/**
+  * @brief Disable the TSC peripheral.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE(__HANDLE__)                              ((__HANDLE__)->Instance->CR &= (uint32_t)(~TSC_CR_TSCE))
+
+/**
+  * @brief Start acquisition.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_START_ACQ(__HANDLE__)                            ((__HANDLE__)->Instance->CR |= TSC_CR_START)
+
+/**
+  * @brief Stop acquisition.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_STOP_ACQ(__HANDLE__)                             ((__HANDLE__)->Instance->CR &= (uint32_t)(~TSC_CR_START))
+
+/**
+  * @brief Set IO default mode to output push-pull low.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_SET_IODEF_OUTPPLOW(__HANDLE__)                   ((__HANDLE__)->Instance->CR &= (uint32_t)(~TSC_CR_IODEF))
+
+/**
+  * @brief Set IO default mode to input floating.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_SET_IODEF_INFLOAT(__HANDLE__)                    ((__HANDLE__)->Instance->CR |= TSC_CR_IODEF)
+
+/**
+  * @brief Set synchronization polarity to falling edge.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_SET_SYNC_POL_FALL(__HANDLE__)                    ((__HANDLE__)->Instance->CR &= (uint32_t)(~TSC_CR_SYNCPOL))
+
+/**
+  * @brief Set synchronization polarity to rising edge and high level.
+  * @param  __HANDLE__ TSC handle
+  * @retval None
+  */
+#define __HAL_TSC_SET_SYNC_POL_RISE_HIGH(__HANDLE__)               ((__HANDLE__)->Instance->CR |= TSC_CR_SYNCPOL)
+
+/**
+  * @brief Enable TSC interrupt.
+  * @param  __HANDLE__ TSC handle
+  * @param  __INTERRUPT__ TSC interrupt
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE_IT(__HANDLE__, __INTERRUPT__)             ((__HANDLE__)->Instance->IER |= (__INTERRUPT__))
+
+/**
+  * @brief Disable TSC interrupt.
+  * @param  __HANDLE__ TSC handle
+  * @param  __INTERRUPT__ TSC interrupt
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE_IT(__HANDLE__, __INTERRUPT__)            ((__HANDLE__)->Instance->IER &= (uint32_t)(~(__INTERRUPT__)))
+
+/** @brief Check whether the specified TSC interrupt source is enabled or not.
+  * @param  __HANDLE__ TSC Handle
+  * @param  __INTERRUPT__ TSC interrupt
+  * @retval SET or RESET
+  */
+#define __HAL_TSC_GET_IT_SOURCE(__HANDLE__, __INTERRUPT__)         ((((__HANDLE__)->Instance->IER & (__INTERRUPT__)) == (__INTERRUPT__)) ? SET : RESET)
+
+/**
+  * @brief Check whether the specified TSC flag is set or not.
+  * @param  __HANDLE__ TSC handle
+  * @param  __FLAG__ TSC flag
+  * @retval SET or RESET
+  */
+#define __HAL_TSC_GET_FLAG(__HANDLE__, __FLAG__)                   ((((__HANDLE__)->Instance->ISR & (__FLAG__)) == (__FLAG__)) ? SET : RESET)
+
+/**
+  * @brief Clear the TSC's pending flag.
+  * @param  __HANDLE__ TSC handle
+  * @param  __FLAG__ TSC flag
+  * @retval None
+  */
+#define __HAL_TSC_CLEAR_FLAG(__HANDLE__, __FLAG__)                 ((__HANDLE__)->Instance->ICR = (__FLAG__))
+
+/**
+  * @brief Enable schmitt trigger hysteresis on a group of IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE_HYSTERESIS(__HANDLE__, __GX_IOY_MASK__)   ((__HANDLE__)->Instance->IOHCR |= (__GX_IOY_MASK__))
+
+/**
+  * @brief Disable schmitt trigger hysteresis on a group of IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE_HYSTERESIS(__HANDLE__, __GX_IOY_MASK__)  ((__HANDLE__)->Instance->IOHCR &= (uint32_t)(~(__GX_IOY_MASK__)))
+
+/**
+  * @brief Open analog switch on a group of IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_OPEN_ANALOG_SWITCH(__HANDLE__, __GX_IOY_MASK__)  ((__HANDLE__)->Instance->IOASCR &= (uint32_t)(~(__GX_IOY_MASK__)))
+
+/**
+  * @brief Close analog switch on a group of IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_CLOSE_ANALOG_SWITCH(__HANDLE__, __GX_IOY_MASK__) ((__HANDLE__)->Instance->IOASCR |= (__GX_IOY_MASK__))
+
+/**
+  * @brief Enable a group of IOs in channel mode.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE_CHANNEL(__HANDLE__, __GX_IOY_MASK__)      ((__HANDLE__)->Instance->IOCCR |= (__GX_IOY_MASK__))
+
+/**
+  * @brief Disable a group of channel IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE_CHANNEL(__HANDLE__, __GX_IOY_MASK__)     ((__HANDLE__)->Instance->IOCCR &= (uint32_t)(~(__GX_IOY_MASK__)))
+
+/**
+  * @brief Enable a group of IOs in sampling mode.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE_SAMPLING(__HANDLE__, __GX_IOY_MASK__)     ((__HANDLE__)->Instance->IOSCR |= (__GX_IOY_MASK__))
+
+/**
+  * @brief Disable a group of sampling IOs.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_IOY_MASK__ IOs mask
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE_SAMPLING(__HANDLE__, __GX_IOY_MASK__) ((__HANDLE__)->Instance->IOSCR &= (uint32_t)(~(__GX_IOY_MASK__)))
+
+/**
+  * @brief Enable acquisition groups.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_MASK__ Groups mask
+  * @retval None
+  */
+#define __HAL_TSC_ENABLE_GROUP(__HANDLE__, __GX_MASK__) ((__HANDLE__)->Instance->IOGCSR |= (__GX_MASK__))
+
+/**
+  * @brief Disable acquisition groups.
+  * @param  __HANDLE__ TSC handle
+  * @param  __GX_MASK__ Groups mask
+  * @retval None
+  */
+#define __HAL_TSC_DISABLE_GROUP(__HANDLE__, __GX_MASK__) ((__HANDLE__)->Instance->IOGCSR &= (uint32_t)(~(__GX_MASK__)))
+
+/** @brief Gets acquisition group status.
+  * @param  __HANDLE__ TSC Handle
+  * @param  __GX_INDEX__ Group index
+  * @retval SET or RESET
+  */
+#define __HAL_TSC_GET_GROUP_STATUS(__HANDLE__, __GX_INDEX__) \
+((((__HANDLE__)->Instance->IOGCSR & (uint32_t)(1UL << (((__GX_INDEX__) & (uint32_t)TSC_NB_OF_GROUPS) + 16UL))) == (uint32_t)(1UL << (((__GX_INDEX__) & (uint32_t)TSC_NB_OF_GROUPS) + 16UL))) ? TSC_GROUP_COMPLETED : TSC_GROUP_ONGOING)
+
+/**
+  * @}
+  */
+
+/* Private macros ------------------------------------------------------------*/
+
+/** @defgroup TSC_Private_Macros TSC Private Macros
+  * @{
+  */
+
+#define IS_TSC_CTPH(__VALUE__)          (((__VALUE__) == TSC_CTPH_1CYCLE)   || \
+                                         ((__VALUE__) == TSC_CTPH_2CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_3CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_4CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_5CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_6CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_7CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_8CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_9CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPH_10CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_11CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_12CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_13CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_14CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_15CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPH_16CYCLES))
+
+#define IS_TSC_CTPL(__VALUE__)          (((__VALUE__) == TSC_CTPL_1CYCLE)   || \
+                                         ((__VALUE__) == TSC_CTPL_2CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_3CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_4CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_5CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_6CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_7CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_8CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_9CYCLES)  || \
+                                         ((__VALUE__) == TSC_CTPL_10CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_11CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_12CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_13CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_14CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_15CYCLES) || \
+                                         ((__VALUE__) == TSC_CTPL_16CYCLES))
+
+#define IS_TSC_SS(__VALUE__)            (((FunctionalState)(__VALUE__) == DISABLE) || ((FunctionalState)(__VALUE__) == ENABLE))
+
+#define IS_TSC_SSD(__VALUE__)           (((__VALUE__) == 0UL) || (((__VALUE__) > 0UL) && ((__VALUE__) < 128UL)))
+
+#define IS_TSC_SS_PRESC(__VALUE__)      (((__VALUE__) == TSC_SS_PRESC_DIV1) || ((__VALUE__) == TSC_SS_PRESC_DIV2))
+
+#define IS_TSC_PG_PRESC(__VALUE__)      (((__VALUE__) == TSC_PG_PRESC_DIV1)  || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV2)  || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV4)  || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV8)  || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV16) || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV32) || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV64) || \
+                                         ((__VALUE__) == TSC_PG_PRESC_DIV128))
+
+#define IS_TSC_MCV(__VALUE__)           (((__VALUE__) == TSC_MCV_255)  || \
+                                         ((__VALUE__) == TSC_MCV_511)  || \
+                                         ((__VALUE__) == TSC_MCV_1023) || \
+                                         ((__VALUE__) == TSC_MCV_2047) || \
+                                         ((__VALUE__) == TSC_MCV_4095) || \
+                                         ((__VALUE__) == TSC_MCV_8191) || \
+                                          ((__VALUE__) == TSC_MCV_16383))
+
+#define IS_TSC_IODEF(__VALUE__)         (((__VALUE__) == TSC_IODEF_OUT_PP_LOW) || ((__VALUE__) == TSC_IODEF_IN_FLOAT))
+
+#define IS_TSC_SYNC_POL(__VALUE__)      (((__VALUE__) == TSC_SYNC_POLARITY_FALLING) || ((__VALUE__) == TSC_SYNC_POLARITY_RISING))
+
+#define IS_TSC_ACQ_MODE(__VALUE__)      (((__VALUE__) == TSC_ACQ_MODE_NORMAL) || ((__VALUE__) == TSC_ACQ_MODE_SYNCHRO))
+
+#define IS_TSC_MCE_IT(__VALUE__)        (((FunctionalState)(__VALUE__) == DISABLE) || ((FunctionalState)(__VALUE__) == ENABLE))
+
+#define IS_TSC_GROUP_INDEX(__VALUE__)   (((__VALUE__) == 0UL) || (((__VALUE__) > 0UL) && ((__VALUE__) < (uint32_t)TSC_NB_OF_GROUPS)))
+
+
+#define IS_TSC_GROUP(__VALUE__)        ((((__VALUE__) & TSC_GROUPX_NOT_SUPPORTED) != TSC_GROUPX_NOT_SUPPORTED) && \
+                                        ((((__VALUE__) & TSC_GROUP1_IO1) == TSC_GROUP1_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP1_IO2) == TSC_GROUP1_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP1_IO3) == TSC_GROUP1_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP1_IO4) == TSC_GROUP1_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP2_IO1) == TSC_GROUP2_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP2_IO2) == TSC_GROUP2_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP2_IO3) == TSC_GROUP2_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP2_IO4) == TSC_GROUP2_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP3_IO1) == TSC_GROUP3_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP3_IO2) == TSC_GROUP3_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP3_IO3) == TSC_GROUP3_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP3_IO4) == TSC_GROUP3_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP4_IO1) == TSC_GROUP4_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP4_IO2) == TSC_GROUP4_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP4_IO3) == TSC_GROUP4_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP4_IO4) == TSC_GROUP4_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP5_IO1) == TSC_GROUP5_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP5_IO2) == TSC_GROUP5_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP5_IO3) == TSC_GROUP5_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP5_IO4) == TSC_GROUP5_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP6_IO1) == TSC_GROUP6_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP6_IO2) == TSC_GROUP6_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP6_IO3) == TSC_GROUP6_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP6_IO4) == TSC_GROUP6_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP7_IO1) == TSC_GROUP7_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP7_IO2) == TSC_GROUP7_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP7_IO3) == TSC_GROUP7_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP7_IO4) == TSC_GROUP7_IO4) ||\
+                                         (((__VALUE__) & TSC_GROUP8_IO1) == TSC_GROUP8_IO1) ||\
+                                         (((__VALUE__) & TSC_GROUP8_IO2) == TSC_GROUP8_IO2) ||\
+                                         (((__VALUE__) & TSC_GROUP8_IO3) == TSC_GROUP8_IO3) ||\
+                                         (((__VALUE__) & TSC_GROUP8_IO4) == TSC_GROUP8_IO4)))
+
+/**
+  * @}
+  */
+
+/* Exported functions --------------------------------------------------------*/
+/** @addtogroup TSC_Exported_Functions
+  * @{
+  */
+
+/** @addtogroup TSC_Exported_Functions_Group1 Initialization and de-initialization functions
+  * @{
+  */
+/* Initialization and de-initialization functions *****************************/
+HAL_StatusTypeDef HAL_TSC_Init(TSC_HandleTypeDef *htsc);
+HAL_StatusTypeDef HAL_TSC_DeInit(TSC_HandleTypeDef *htsc);
+void HAL_TSC_MspInit(TSC_HandleTypeDef *htsc);
+void HAL_TSC_MspDeInit(TSC_HandleTypeDef *htsc);
+
+/* Callbacks Register/UnRegister functions  ***********************************/
+#if (USE_HAL_TSC_REGISTER_CALLBACKS == 1)
+HAL_StatusTypeDef HAL_TSC_RegisterCallback(TSC_HandleTypeDef *htsc, HAL_TSC_CallbackIDTypeDef CallbackID, pTSC_CallbackTypeDef pCallback);
+HAL_StatusTypeDef HAL_TSC_UnRegisterCallback(TSC_HandleTypeDef *htsc, HAL_TSC_CallbackIDTypeDef CallbackID);
+#endif /* USE_HAL_TSC_REGISTER_CALLBACKS */
+/**
+  * @}
+  */
+
+/** @addtogroup TSC_Exported_Functions_Group2 Input and Output operation functions
+  * @{
+  */
+/* IO operation functions *****************************************************/
+HAL_StatusTypeDef HAL_TSC_Start(TSC_HandleTypeDef *htsc);
+HAL_StatusTypeDef HAL_TSC_Start_IT(TSC_HandleTypeDef *htsc);
+HAL_StatusTypeDef HAL_TSC_Stop(TSC_HandleTypeDef *htsc);
+HAL_StatusTypeDef HAL_TSC_Stop_IT(TSC_HandleTypeDef *htsc);
+HAL_StatusTypeDef HAL_TSC_PollForAcquisition(TSC_HandleTypeDef *htsc);
+TSC_GroupStatusTypeDef HAL_TSC_GroupGetStatus(TSC_HandleTypeDef *htsc, uint32_t gx_index);
+uint32_t HAL_TSC_GroupGetValue(TSC_HandleTypeDef *htsc, uint32_t gx_index);
+/**
+  * @}
+  */
+
+/** @addtogroup TSC_Exported_Functions_Group3 Peripheral Control functions
+  * @{
+  */
+/* Peripheral Control functions ***********************************************/
+HAL_StatusTypeDef HAL_TSC_IOConfig(TSC_HandleTypeDef *htsc, TSC_IOConfigTypeDef *config);
+HAL_StatusTypeDef HAL_TSC_IODischarge(TSC_HandleTypeDef *htsc, uint32_t choice);
+/**
+  * @}
+  */
+
+/** @addtogroup TSC_Exported_Functions_Group4 Peripheral State and Errors functions
+  * @{
+  */
+/* Peripheral State and Error functions ***************************************/
+HAL_TSC_StateTypeDef HAL_TSC_GetState(TSC_HandleTypeDef *htsc);
+/**
+  * @}
+  */
+
+/** @addtogroup TSC_IRQ_Handler_and_Callbacks IRQ Handler and Callbacks
+ * @{
+ */
+/******* TSC IRQHandler and Callbacks used in Interrupt mode */
+void HAL_TSC_IRQHandler(TSC_HandleTypeDef *htsc);
+void HAL_TSC_ConvCpltCallback(TSC_HandleTypeDef *htsc);
+void HAL_TSC_ErrorCallback(TSC_HandleTypeDef *htsc);
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* STM32L4xx_HAL_TSC_H */
+
+/************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/

targets/stm32l432/lib/stm32l4xx_ll_spi.c

@@ -0,0 +1,307 @@
+/**
+  ******************************************************************************
+  * @file    stm32l4xx_ll_spi.c
+  * @author  MCD Application Team
+  * @brief   SPI LL module driver.
+  ******************************************************************************
+  * @attention
+  *
+  * <h2><center>&copy; COPYRIGHT(c) 2017 STMicroelectronics</center></h2>
+  *
+  * Redistribution and use in source and binary forms, with or without modification,
+  * are permitted provided that the following conditions are met:
+  *   1. Redistributions of source code must retain the above copyright notice,
+  *      this list of conditions and the following disclaimer.
+  *   2. Redistributions in binary form must reproduce the above copyright notice,
+  *      this list of conditions and the following disclaimer in the documentation
+  *      and/or other materials provided with the distribution.
+  *   3. Neither the name of STMicroelectronics nor the names of its contributors
+  *      may be used to endorse or promote products derived from this software
+  *      without specific prior written permission.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  *
+  ******************************************************************************
+  */
+#if defined(USE_FULL_LL_DRIVER)
+
+/* Includes ------------------------------------------------------------------*/
+#include "stm32l4xx_ll_spi.h"
+#include "stm32l4xx_ll_bus.h"
+
+#ifdef  USE_FULL_ASSERT
+#include "stm32_assert.h"
+#else
+#define assert_param(expr) ((void)0U)
+#endif
+
+/** @addtogroup STM32L4xx_LL_Driver
+  * @{
+  */
+
+#if defined (SPI1) || defined (SPI2) || defined (SPI3)
+
+/** @addtogroup SPI_LL
+  * @{
+  */
+
+/* Private types -------------------------------------------------------------*/
+/* Private variables ---------------------------------------------------------*/
+
+/* Private constants ---------------------------------------------------------*/
+/** @defgroup SPI_LL_Private_Constants SPI Private Constants
+  * @{
+  */
+/* SPI registers Masks */
+#define SPI_CR1_CLEAR_MASK                 (SPI_CR1_CPHA    | SPI_CR1_CPOL     | SPI_CR1_MSTR   | \
+                                            SPI_CR1_BR      | SPI_CR1_LSBFIRST | SPI_CR1_SSI    | \
+                                            SPI_CR1_SSM     | SPI_CR1_RXONLY   | SPI_CR1_CRCL   | \
+                                            SPI_CR1_CRCNEXT | SPI_CR1_CRCEN    | SPI_CR1_BIDIOE | \
+                                            SPI_CR1_BIDIMODE)
+/**
+  * @}
+  */
+
+/* Private macros ------------------------------------------------------------*/
+/** @defgroup SPI_LL_Private_Macros SPI Private Macros
+  * @{
+  */
+#define IS_LL_SPI_TRANSFER_DIRECTION(__VALUE__) (((__VALUE__) == LL_SPI_FULL_DUPLEX)    \
+                                              || ((__VALUE__) == LL_SPI_SIMPLEX_RX)     \
+                                              || ((__VALUE__) == LL_SPI_HALF_DUPLEX_RX) \
+                                              || ((__VALUE__) == LL_SPI_HALF_DUPLEX_TX))
+
+#define IS_LL_SPI_MODE(__VALUE__) (((__VALUE__) == LL_SPI_MODE_MASTER) \
+                                || ((__VALUE__) == LL_SPI_MODE_SLAVE))
+
+#define IS_LL_SPI_DATAWIDTH(__VALUE__) (((__VALUE__) == LL_SPI_DATAWIDTH_4BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_5BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_6BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_7BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_8BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_9BIT)  \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_10BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_11BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_12BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_13BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_14BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_15BIT) \
+                                     || ((__VALUE__) == LL_SPI_DATAWIDTH_16BIT))
+
+#define IS_LL_SPI_POLARITY(__VALUE__) (((__VALUE__) == LL_SPI_POLARITY_LOW) \
+                                    || ((__VALUE__) == LL_SPI_POLARITY_HIGH))
+
+#define IS_LL_SPI_PHASE(__VALUE__) (((__VALUE__) == LL_SPI_PHASE_1EDGE) \
+                                 || ((__VALUE__) == LL_SPI_PHASE_2EDGE))
+
+#define IS_LL_SPI_NSS(__VALUE__) (((__VALUE__) == LL_SPI_NSS_SOFT) \
+                               || ((__VALUE__) == LL_SPI_NSS_HARD_INPUT) \
+                               || ((__VALUE__) == LL_SPI_NSS_HARD_OUTPUT))
+
+#define IS_LL_SPI_BAUDRATE(__VALUE__) (((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV2)   \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV4)   \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV8)   \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV16)  \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV32)  \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV64)  \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV128) \
+                                    || ((__VALUE__) == LL_SPI_BAUDRATEPRESCALER_DIV256))
+
+#define IS_LL_SPI_BITORDER(__VALUE__) (((__VALUE__) == LL_SPI_LSB_FIRST) \
+                                    || ((__VALUE__) == LL_SPI_MSB_FIRST))
+
+#define IS_LL_SPI_CRCCALCULATION(__VALUE__) (((__VALUE__) == LL_SPI_CRCCALCULATION_ENABLE) \
+                                          || ((__VALUE__) == LL_SPI_CRCCALCULATION_DISABLE))
+
+#define IS_LL_SPI_CRC_POLYNOMIAL(__VALUE__) ((__VALUE__) >= 0x1U)
+
+/**
+  * @}
+  */
+
+/* Private function prototypes -----------------------------------------------*/
+
+/* Exported functions --------------------------------------------------------*/
+/** @addtogroup SPI_LL_Exported_Functions
+  * @{
+  */
+
+/** @addtogroup SPI_LL_EF_Init
+  * @{
+  */
+
+/**
+  * @brief  De-initialize the SPI registers to their default reset values.
+  * @param  SPIx SPI Instance
+  * @retval An ErrorStatus enumeration value:
+  *          - SUCCESS: SPI registers are de-initialized
+  *          - ERROR: SPI registers are not de-initialized
+  */
+ErrorStatus LL_SPI_DeInit(SPI_TypeDef *SPIx)
+{
+  ErrorStatus status = ERROR;
+
+  /* Check the parameters */
+  assert_param(IS_SPI_ALL_INSTANCE(SPIx));
+
+#if defined(SPI1)
+  if (SPIx == SPI1)
+  {
+    /* Force reset of SPI clock */
+    LL_APB2_GRP1_ForceReset(LL_APB2_GRP1_PERIPH_SPI1);
+
+    /* Release reset of SPI clock */
+    LL_APB2_GRP1_ReleaseReset(LL_APB2_GRP1_PERIPH_SPI1);
+
+    status = SUCCESS;
+  }
+#endif /* SPI1 */
+#if defined(SPI2)
+  if (SPIx == SPI2)
+  {
+    /* Force reset of SPI clock */
+    LL_APB1_GRP1_ForceReset(LL_APB1_GRP1_PERIPH_SPI2);
+
+    /* Release reset of SPI clock */
+    LL_APB1_GRP1_ReleaseReset(LL_APB1_GRP1_PERIPH_SPI2);
+
+    status = SUCCESS;
+  }
+#endif /* SPI2 */
+#if defined(SPI3)
+  if (SPIx == SPI3)
+  {
+    /* Force reset of SPI clock */
+    LL_APB1_GRP1_ForceReset(LL_APB1_GRP1_PERIPH_SPI3);
+
+    /* Release reset of SPI clock */
+    LL_APB1_GRP1_ReleaseReset(LL_APB1_GRP1_PERIPH_SPI3);
+
+    status = SUCCESS;
+  }
+#endif /* SPI3 */
+
+  return status;
+}
+
+/**
+  * @brief  Initialize the SPI registers according to the specified parameters in SPI_InitStruct.
+  * @note   As some bits in SPI configuration registers can only be written when the SPI is disabled (SPI_CR1_SPE bit =0),
+  *         SPI IP should be in disabled state prior calling this function. Otherwise, ERROR result will be returned.
+  * @param  SPIx SPI Instance
+  * @param  SPI_InitStruct pointer to a @ref LL_SPI_InitTypeDef structure
+  * @retval An ErrorStatus enumeration value. (Return always SUCCESS)
+  */
+ErrorStatus LL_SPI_Init(SPI_TypeDef *SPIx, LL_SPI_InitTypeDef *SPI_InitStruct)
+{
+  ErrorStatus status = ERROR;
+
+  /* Check the SPI Instance SPIx*/
+  assert_param(IS_SPI_ALL_INSTANCE(SPIx));
+
+  /* Check the SPI parameters from SPI_InitStruct*/
+  assert_param(IS_LL_SPI_TRANSFER_DIRECTION(SPI_InitStruct->TransferDirection));
+  assert_param(IS_LL_SPI_MODE(SPI_InitStruct->Mode));
+  assert_param(IS_LL_SPI_DATAWIDTH(SPI_InitStruct->DataWidth));
+  assert_param(IS_LL_SPI_POLARITY(SPI_InitStruct->ClockPolarity));
+  assert_param(IS_LL_SPI_PHASE(SPI_InitStruct->ClockPhase));
+  assert_param(IS_LL_SPI_NSS(SPI_InitStruct->NSS));
+  assert_param(IS_LL_SPI_BAUDRATE(SPI_InitStruct->BaudRate));
+  assert_param(IS_LL_SPI_BITORDER(SPI_InitStruct->BitOrder));
+  assert_param(IS_LL_SPI_CRCCALCULATION(SPI_InitStruct->CRCCalculation));
+
+  if (LL_SPI_IsEnabled(SPIx) == 0x00000000U)
+  {
+    /*---------------------------- SPIx CR1 Configuration ------------------------
+     * Configure SPIx CR1 with parameters:
+     * - TransferDirection:  SPI_CR1_BIDIMODE, SPI_CR1_BIDIOE and SPI_CR1_RXONLY bits
+     * - Master/Slave Mode:  SPI_CR1_MSTR bit
+     * - ClockPolarity:      SPI_CR1_CPOL bit
+     * - ClockPhase:         SPI_CR1_CPHA bit
+     * - NSS management:     SPI_CR1_SSM bit
+     * - BaudRate prescaler: SPI_CR1_BR[2:0] bits
+     * - BitOrder:           SPI_CR1_LSBFIRST bit
+     * - CRCCalculation:     SPI_CR1_CRCEN bit
+     */
+    MODIFY_REG(SPIx->CR1,
+               SPI_CR1_CLEAR_MASK,
+               SPI_InitStruct->TransferDirection | SPI_InitStruct->Mode |
+               SPI_InitStruct->ClockPolarity | SPI_InitStruct->ClockPhase |
+               SPI_InitStruct->NSS | SPI_InitStruct->BaudRate |
+               SPI_InitStruct->BitOrder | SPI_InitStruct->CRCCalculation);
+
+    /*---------------------------- SPIx CR2 Configuration ------------------------
+     * Configure SPIx CR2 with parameters:
+     * - DataWidth:          DS[3:0] bits
+     * - NSS management:     SSOE bit
+     */
+    MODIFY_REG(SPIx->CR2,
+               SPI_CR2_DS | SPI_CR2_SSOE,
+               SPI_InitStruct->DataWidth | (SPI_InitStruct->NSS >> 16U));
+
+    /*---------------------------- SPIx CRCPR Configuration ----------------------
+     * Configure SPIx CRCPR with parameters:
+     * - CRCPoly:            CRCPOLY[15:0] bits
+     */
+    if (SPI_InitStruct->CRCCalculation == LL_SPI_CRCCALCULATION_ENABLE)
+    {
+      assert_param(IS_LL_SPI_CRC_POLYNOMIAL(SPI_InitStruct->CRCPoly));
+      LL_SPI_SetCRCPolynomial(SPIx, SPI_InitStruct->CRCPoly);
+    }
+    status = SUCCESS;
+  }
+
+  return status;
+}
+
+/**
+  * @brief  Set each @ref LL_SPI_InitTypeDef field to default value.
+  * @param  SPI_InitStruct pointer to a @ref LL_SPI_InitTypeDef structure
+  * whose fields will be set to default values.
+  * @retval None
+  */
+void LL_SPI_StructInit(LL_SPI_InitTypeDef *SPI_InitStruct)
+{
+  /* Set SPI_InitStruct fields to default values */
+  SPI_InitStruct->TransferDirection = LL_SPI_FULL_DUPLEX;
+  SPI_InitStruct->Mode              = LL_SPI_MODE_SLAVE;
+  SPI_InitStruct->DataWidth         = LL_SPI_DATAWIDTH_8BIT;
+  SPI_InitStruct->ClockPolarity     = LL_SPI_POLARITY_LOW;
+  SPI_InitStruct->ClockPhase        = LL_SPI_PHASE_1EDGE;
+  SPI_InitStruct->NSS               = LL_SPI_NSS_HARD_INPUT;
+  SPI_InitStruct->BaudRate          = LL_SPI_BAUDRATEPRESCALER_DIV2;
+  SPI_InitStruct->BitOrder          = LL_SPI_MSB_FIRST;
+  SPI_InitStruct->CRCCalculation    = LL_SPI_CRCCALCULATION_DISABLE;
+  SPI_InitStruct->CRCPoly           = 7U;
+}
+
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+#endif /* defined (SPI1) || defined (SPI2) || defined (SPI3) */
+
+/**
+  * @}
+  */
+
+#endif /* USE_FULL_LL_DRIVER */
+
+/************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/

targets/stm32l432/lib/usbd/usbd_composite.c

@@ -110,7 +110,7 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_
   0x03,   /* bNumEndpoints: 3 endpoints used */
   0x02,   /* bInterfaceClass: Communication Interface Class */
   0x02,   /* bInterfaceSubClass: Abstract Control Model */
-  0x01,   /* bInterfaceProtocol: Common AT commands */
+  0x00,   /* bInterfaceProtocol: Common AT commands */
   0x00,   /* iInterface: */
 
   /*Header Functional Descriptor*/

targets/stm32l432/lib/usbd/usbd_ctlreq.c

@@ -821,12 +821,16 @@ void USBD_CtlError( USBD_HandleTypeDef *pdev ,
   * @param  len : descriptor length
   * @retval None
   */
-void USBD_GetString(uint8_t *desc, uint8_t *unicode, uint16_t *len)
+void USBD_GetString(uint8_t *desc, uint8_t *unicode, uint16_t unicode_size, uint16_t *len)
 {
   uint8_t idx = 0U;
 
   if (desc != NULL)
   {
+    if ((idx + 4) >= unicode_size)
+    {
+        return;
+    }
     *len = (uint16_t)USBD_GetLen(desc) * 2U + 2U;
     unicode[idx++] = *(uint8_t *)(void *)len;
     unicode[idx++] = USB_DESC_TYPE_STRING;

targets/stm32l432/lib/usbd/usbd_ctlreq.h

@@ -108,7 +108,7 @@ void USBD_CtlError  (USBD_HandleTypeDef  *pdev, USBD_SetupReqTypedef *req);
 
 void USBD_ParseSetupRequest (USBD_SetupReqTypedef *req, uint8_t *pdata);
 
-void USBD_GetString         (uint8_t *desc, uint8_t *unicode, uint16_t *len);
+void USBD_GetString(uint8_t *desc, uint8_t *unicode, uint16_t unicode_size, uint16_t *len);
 /**
   * @}
   */

targets/stm32l432/lib/usbd/usbd_desc.c

@@ -108,7 +108,7 @@ const uint8_t USBD_LangIDDesc[USB_LEN_LANGID_STR_DESC]=
   HIBYTE(USBD_LANGID_STRING),
 };
 
-uint8_t USBD_StrDesc[32];
+uint8_t USBD_StrDesc[48];
 
 /**
   * @brief  Returns the device descriptor.
@@ -142,7 +142,7 @@ uint8_t *USBD_HID_LangIDStrDescriptor(USBD_SpeedTypeDef speed, uint16_t *length)
   */
 uint8_t *USBD_HID_ProductStrDescriptor(USBD_SpeedTypeDef speed, uint16_t *length)
 {
-  USBD_GetString((uint8_t *)USBD_PRODUCT_FS_STRING, USBD_StrDesc, length);
+  USBD_GetString((uint8_t *)USBD_PRODUCT_FS_STRING, USBD_StrDesc, sizeof(USBD_StrDesc), length);
   return USBD_StrDesc;
 }
 
@@ -154,7 +154,7 @@ uint8_t *USBD_HID_ProductStrDescriptor(USBD_SpeedTypeDef speed, uint16_t *length
   */
 uint8_t *USBD_HID_ManufacturerStrDescriptor(USBD_SpeedTypeDef speed, uint16_t *length)
 {
-  USBD_GetString((uint8_t *)USBD_MANUFACTURER_STRING, USBD_StrDesc, length);
+  USBD_GetString((uint8_t *)USBD_MANUFACTURER_STRING, USBD_StrDesc, sizeof(USBD_StrDesc), length);
   return USBD_StrDesc;
 }
 
@@ -192,6 +192,6 @@ uint8_t *USBD_HID_SerialStrDescriptor(USBD_SpeedTypeDef speed, uint16_t *length)
     }
 
 
-    USBD_GetString((uint8_t *)uuid_str, USBD_StrDesc, length);
+    USBD_GetString((uint8_t *)uuid_str, USBD_StrDesc, sizeof(USBD_StrDesc), length);
     return USBD_StrDesc;
 }

targets/stm32l432/linker/bootloader_stm32l4xx.ld

@@ -1,201 +1,74 @@
-/*
-*****************************************************************************
-**
+/* Copyright 2019 SoloKeys Developers */
+/* */
+/* Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or */
+/* http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or */
+/* http://opensource.org/licenses/MIT>, at your option. This file may not be */
+/* copied, modified, or distributed except according to those terms. */
 
-**  File        : LinkerScript.ld
-**
-**  Abstract    : Linker script for STM32L432KCUx Device with
-**                256KByte FLASH, 64KByte RAM
-**
-**                Set heap size, stack size and stack location according
-**                to application requirements.
-**
-**                Set memory bank area and size if external memory is used.
-**
-**  Target      : STMicroelectronics STM32
-**
-**
-**  Distribution: The file is distributed as is, without any warranty
-**                of any kind.
-**
-**  (c)Copyright Ac6.
-**  You may use this file as-is or modify it according to the needs of your
-**  project. Distribution of this file (unmodified or modified) is not
-**  permitted. Ac6 permit registered System Workbench for MCU users the
-**  rights to distribute the assembled, compiled & linked contents of this
-**  file as part of an application binary file, provided that it is built
-**  using the System Workbench for MCU toolchain.
-**
-*****************************************************************************
-*/
-
-/* Entry Point */
 ENTRY(Reset_Handler)
 
-/* Highest address of the user mode stack */
-_estack = 0x2000c000;    /* end of RAM */
-/* Generate a link error if heap and stack don't fit into RAM */
-_Min_Heap_Size = 0x200;      /* required amount of heap  */
-_Min_Stack_Size = 0x400; /* required amount of stack */
+/* End of RAM */
+_estack = 0x2000c000;
+
+_MIN_STACK_SIZE = 0x400;
 
-/* Specify the memory areas */
 MEMORY
 {
-FLASH (rx)      : ORIGIN = 0x08000000, LENGTH = 20K
-RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 48K
-SRAM2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
+    flash (rx)      : ORIGIN = 0x08000000, LENGTH = 20K
+    ram (xrw)       : ORIGIN = 0x20000000, LENGTH = 48K
+    sram2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
 }
 
-/* Define output sections */
 SECTIONS
 {
-  /* The startup code goes first into FLASH */
     .isr_vector :
     {
         . = ALIGN(8);
-    KEEP(*(.isr_vector)) /* Startup code */
+        KEEP(*(.isr_vector))
         . = ALIGN(8);
-  } >FLASH
+    } >flash
 
-  /* The program code and other data goes into FLASH */
     .text :
     {
         . = ALIGN(8);
-    *(.text)           /* .text sections (code) */
-    *(.text*)          /* .text* sections (code) */
-    *(.glue_7)         /* glue arm to thumb code */
-    *(.glue_7t)        /* glue thumb to arm code */
-    *(.eh_frame)
-
+        *(.text*)
+        *(.rodata*)
         KEEP(*(.init))
-    KEEP (*(.fini))
+        KEEP(*(.finit))
+        . = ALIGN(8);
+        _etext = .;
+    } >flash
 
-    . = ALIGN(8);
-    _etext = .;        /* define a global symbols at end of code */
-  } >FLASH
-
-  /* Constant data goes into FLASH */
-  .rodata :
-  {
-    . = ALIGN(8);
-    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
-    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
-    . = ALIGN(8);
-  } >FLASH
-
-  .ARM.extab   :
-  {
-  . = ALIGN(8);
-  *(.ARM.extab* .gnu.linkonce.armextab.*)
-  . = ALIGN(8);
-  } >FLASH
-  .ARM : {
-	. = ALIGN(8);
-    __exidx_start = .;
-    *(.ARM.exidx*)
-    __exidx_end = .;
-	. = ALIGN(8);
-  } >FLASH
-
-  .preinit_array     :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__preinit_array_start = .);
-    KEEP (*(.preinit_array*))
-    PROVIDE_HIDDEN (__preinit_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  .init_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__init_array_start = .);
-    KEEP (*(SORT(.init_array.*)))
-    KEEP (*(.init_array*))
-    PROVIDE_HIDDEN (__init_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  .fini_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__fini_array_start = .);
-    KEEP (*(SORT(.fini_array.*)))
-    KEEP (*(.fini_array*))
-    PROVIDE_HIDDEN (__fini_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  /* used by the startup to initialize data */
     _sidata = LOADADDR(.data);
 
-  /* Initialized data sections goes into RAM, load LMA copy after code */
     .data :
     {
         . = ALIGN(8);
-    _sdata = .;        /* create a global symbol at data start */
-    *(.data)           /* .data sections */
-    *(.data*)          /* .data* sections */
-
+        _sdata = .;
+        *(.data*)
         . = ALIGN(8);
-    _edata = .;        /* define a global symbol at data end */
-  } >RAM AT> FLASH
+        _edata = .;
+    } >ram AT> flash
 
-  _sisram2 = LOADADDR(.sram2);
-
-  /* CCM-RAM section
-  *
-  * IMPORTANT NOTE!
-  * If initialized variables will be placed in this section,
-  * the startup code needs to be modified to copy the init-values.
-  */
-  .sram2 :
-  {
-    . = ALIGN(8);
-    _ssram2 = .;       /* create a global symbol at sram2 start */
-    *(.sram2)
-    *(.sram2*)
-
-    . = ALIGN(8);
-    _esram2 = .;       /* create a global symbol at sram2 end */
-  } >SRAM2 AT> FLASH
-
-
-  /* Uninitialized data section */
-  . = ALIGN(4);
     .bss :
     {
-    /* This is used by the startup in order to initialize the .bss secion */
-    _sbss = .;         /* define a global symbol at bss start */
+        . = ALIGN(4);
+        _sbss = .;
         __bss_start__ = _sbss;
-    *(.bss)
         *(.bss*)
         *(COMMON)
-
         . = ALIGN(4);
-    _ebss = .;         /* define a global symbol at bss end */
+        _ebss = .;
         __bss_end__ = _ebss;
-  } >RAM
+    } > ram
 
-  /* User_heap_stack section, used to check that there is enough RAM left */
-  ._user_heap_stack :
+    ._stack :
     {
         . = ALIGN(8);
-    PROVIDE ( end = . );
-    PROVIDE ( _end = . );
-    . = . + _Min_Heap_Size;
-    . = . + _Min_Stack_Size;
+        end = .;
+        _end = .;
+        . = . + _MIN_STACK_SIZE;
         . = ALIGN(8);
-  } >RAM
+    } > ram
 
-
-
-  /* Remove information from the standard libraries */
-  /DISCARD/ :
-  {
-    libc.a ( * )
-    libm.a ( * )
-    libgcc.a ( * )
-  }
-
-  .ARM.attributes 0 : { *(.ARM.attributes) }
 }

targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld

@@ -1,201 +1,74 @@
-/*
-*****************************************************************************
-**
+/* Copyright 2019 SoloKeys Developers */
+/* */
+/* Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or */
+/* http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or */
+/* http://opensource.org/licenses/MIT>, at your option. This file may not be */
+/* copied, modified, or distributed except according to those terms. */
 
-**  File        : LinkerScript.ld
-**
-**  Abstract    : Linker script for STM32L432KCUx Device with
-**                256KByte FLASH, 64KByte RAM
-**
-**                Set heap size, stack size and stack location according
-**                to application requirements.
-**
-**                Set memory bank area and size if external memory is used.
-**
-**  Target      : STMicroelectronics STM32
-**
-**
-**  Distribution: The file is distributed as is, without any warranty
-**                of any kind.
-**
-**  (c)Copyright Ac6.
-**  You may use this file as-is or modify it according to the needs of your
-**  project. Distribution of this file (unmodified or modified) is not
-**  permitted. Ac6 permit registered System Workbench for MCU users the
-**  rights to distribute the assembled, compiled & linked contents of this
-**  file as part of an application binary file, provided that it is built
-**  using the System Workbench for MCU toolchain.
-**
-*****************************************************************************
-*/
-
-/* Entry Point */
 ENTRY(Reset_Handler)
 
-/* Highest address of the user mode stack */
-_estack = 0x2000c000;    /* end of RAM */
-/* Generate a link error if heap and stack don't fit into RAM */
-_Min_Heap_Size = 0x200;      /* required amount of heap  */
-_Min_Stack_Size = 0x400; /* required amount of stack */
+/* End of RAM */
+_estack = 0x2000c000;
+
+_MIN_STACK_SIZE = 0x400;
 
-/* Specify the memory areas */
 MEMORY
 {
-FLASH (rx)      : ORIGIN = 0x08000000, LENGTH = 32K
-RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 48K
-SRAM2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
+    flash (rx)      : ORIGIN = 0x08000000, LENGTH = 32K
+    ram (xrw)       : ORIGIN = 0x20000000, LENGTH = 48K
+    sram2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
 }
 
-/* Define output sections */
 SECTIONS
 {
-  /* The startup code goes first into FLASH */
     .isr_vector :
     {
         . = ALIGN(8);
-    KEEP(*(.isr_vector)) /* Startup code */
+        KEEP(*(.isr_vector))
         . = ALIGN(8);
-  } >FLASH
+    } >flash
 
-  /* The program code and other data goes into FLASH */
     .text :
     {
         . = ALIGN(8);
-    *(.text)           /* .text sections (code) */
-    *(.text*)          /* .text* sections (code) */
-    *(.glue_7)         /* glue arm to thumb code */
-    *(.glue_7t)        /* glue thumb to arm code */
-    *(.eh_frame)
-
+        *(.text*)
+        *(.rodata*)
         KEEP(*(.init))
-    KEEP (*(.fini))
+        KEEP(*(.finit))
+        . = ALIGN(8);
+        _etext = .;
+    } >flash
 
-    . = ALIGN(8);
-    _etext = .;        /* define a global symbols at end of code */
-  } >FLASH
-
-  /* Constant data goes into FLASH */
-  .rodata :
-  {
-    . = ALIGN(8);
-    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
-    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
-    . = ALIGN(8);
-  } >FLASH
-
-  .ARM.extab   :
-  {
-  . = ALIGN(8);
-  *(.ARM.extab* .gnu.linkonce.armextab.*)
-  . = ALIGN(8);
-  } >FLASH
-  .ARM : {
-	. = ALIGN(8);
-    __exidx_start = .;
-    *(.ARM.exidx*)
-    __exidx_end = .;
-	. = ALIGN(8);
-  } >FLASH
-
-  .preinit_array     :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__preinit_array_start = .);
-    KEEP (*(.preinit_array*))
-    PROVIDE_HIDDEN (__preinit_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  .init_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__init_array_start = .);
-    KEEP (*(SORT(.init_array.*)))
-    KEEP (*(.init_array*))
-    PROVIDE_HIDDEN (__init_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  .fini_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__fini_array_start = .);
-    KEEP (*(SORT(.fini_array.*)))
-    KEEP (*(.fini_array*))
-    PROVIDE_HIDDEN (__fini_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  /* used by the startup to initialize data */
     _sidata = LOADADDR(.data);
 
-  /* Initialized data sections goes into RAM, load LMA copy after code */
     .data :
     {
         . = ALIGN(8);
-    _sdata = .;        /* create a global symbol at data start */
-    *(.data)           /* .data sections */
-    *(.data*)          /* .data* sections */
-
+        _sdata = .;
+        *(.data*)
         . = ALIGN(8);
-    _edata = .;        /* define a global symbol at data end */
-  } >RAM AT> FLASH
+        _edata = .;
+    } >ram AT> flash
 
-  _sisram2 = LOADADDR(.sram2);
-
-  /* CCM-RAM section
-  *
-  * IMPORTANT NOTE!
-  * If initialized variables will be placed in this section,
-  * the startup code needs to be modified to copy the init-values.
-  */
-  .sram2 :
-  {
-    . = ALIGN(8);
-    _ssram2 = .;       /* create a global symbol at sram2 start */
-    *(.sram2)
-    *(.sram2*)
-
-    . = ALIGN(8);
-    _esram2 = .;       /* create a global symbol at sram2 end */
-  } >SRAM2 AT> FLASH
-
-
-  /* Uninitialized data section */
-  . = ALIGN(4);
     .bss :
     {
-    /* This is used by the startup in order to initialize the .bss secion */
-    _sbss = .;         /* define a global symbol at bss start */
+        . = ALIGN(4);
+        _sbss = .;
         __bss_start__ = _sbss;
-    *(.bss)
         *(.bss*)
         *(COMMON)
-
         . = ALIGN(4);
-    _ebss = .;         /* define a global symbol at bss end */
+        _ebss = .;
         __bss_end__ = _ebss;
-  } >RAM
+    } > ram
 
-  /* User_heap_stack section, used to check that there is enough RAM left */
-  ._user_heap_stack :
+    ._stack :
     {
         . = ALIGN(8);
-    PROVIDE ( end = . );
-    PROVIDE ( _end = . );
-    . = . + _Min_Heap_Size;
-    . = . + _Min_Stack_Size;
+        end = .;
+        _end = .;
+        . = . + _MIN_STACK_SIZE;
         . = ALIGN(8);
-  } >RAM
+    } > ram
 
-
-
-  /* Remove information from the standard libraries */
-  /DISCARD/ :
-  {
-    libc.a ( * )
-    libm.a ( * )
-    libgcc.a ( * )
-  }
-
-  .ARM.attributes 0 : { *(.ARM.attributes) }
 }

targets/stm32l432/linker/stm32l4xx.ld

@@ -1,202 +1,80 @@
-/*
-*****************************************************************************
-**
+/* Copyright 2019 SoloKeys Developers */
+/* */
+/* Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or */
+/* http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or */
+/* http://opensource.org/licenses/MIT>, at your option. This file may not be */
+/* copied, modified, or distributed except according to those terms. */
 
-**  File        : LinkerScript.ld
-**
-**  Abstract    : Linker script for STM32L432KCUx Device with
-**                256KByte FLASH, 64KByte RAM
-**
-**                Set heap size, stack size and stack location according
-**                to application requirements.
-**
-**                Set memory bank area and size if external memory is used.
-**
-**  Target      : STMicroelectronics STM32
-**
-**
-**  Distribution: The file is distributed as is, without any warranty
-**                of any kind.
-**
-**  (c)Copyright Ac6.
-**  You may use this file as-is or modify it according to the needs of your
-**  project. Distribution of this file (unmodified or modified) is not
-**  permitted. Ac6 permit registered System Workbench for MCU users the
-**  rights to distribute the assembled, compiled & linked contents of this
-**  file as part of an application binary file, provided that it is built
-**  using the System Workbench for MCU toolchain.
-**
-*****************************************************************************
-*/
-
-/* Entry Point */
 ENTRY(Reset_Handler)
 
-/* Highest address of the user mode stack */
-_estack = 0x2000c000;    /* end of RAM */
-/* Generate a link error if heap and stack don't fit into RAM */
-_Min_Heap_Size = 0x200;      /* required amount of heap  */
-_Min_Stack_Size = 0x400; /* required amount of stack */
+/* End of RAM */
+_estack = 0x2000c000;
+
+_MIN_STACK_SIZE = 0x400;
+
+/*
+    Memory layout of device:
+        20 KB            198KB-8            38 KB
+    | bootloader |    application     |  secrets/data |
+ */
 
-/* Specify the memory areas */
 MEMORY
 {
-/* First 20 KB is bootloader */
-FLASH (rx)      : ORIGIN = 0x08005000, LENGTH = 198K-8 /* Leave out 38 Kb at end for data */
-RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 48K
-SRAM2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
+    flash (rx)      : ORIGIN = 0x08005000, LENGTH = 198K - 8
+    ram (xrw)       : ORIGIN = 0x20000000, LENGTH = 48K
+    sram2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
 }
 
-/* Define output sections */
 SECTIONS
 {
-  /* The startup code goes first into FLASH */
     .isr_vector :
     {
         . = ALIGN(8);
-    KEEP(*(.isr_vector)) /* Startup code */
+        KEEP(*(.isr_vector))
         . = ALIGN(8);
-  } >FLASH
+    } >flash
 
-  /* The program code and other data goes into FLASH */
     .text :
     {
         . = ALIGN(8);
-    *(.text)           /* .text sections (code) */
-    *(.text*)          /* .text* sections (code) */
-    *(.glue_7)         /* glue arm to thumb code */
-    *(.glue_7t)        /* glue thumb to arm code */
-    *(.eh_frame)
-
+        *(.text*)
+        *(.rodata*)
         KEEP(*(.init))
-    KEEP (*(.fini))
+        KEEP(*(.finit))
+        . = ALIGN(8);
+        _etext = .;
+    } >flash
 
-    . = ALIGN(8);
-    _etext = .;        /* define a global symbols at end of code */
-  } >FLASH
-
-  /* Constant data goes into FLASH */
-  .rodata :
-  {
-    . = ALIGN(8);
-    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
-    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
-    . = ALIGN(8);
-  } >FLASH
-
-  .ARM.extab   :
-  {
-  . = ALIGN(8);
-  *(.ARM.extab* .gnu.linkonce.armextab.*)
-  . = ALIGN(8);
-  } >FLASH
-  .ARM : {
-	. = ALIGN(8);
-    __exidx_start = .;
-    *(.ARM.exidx*)
-    __exidx_end = .;
-	. = ALIGN(8);
-  } >FLASH
-
-  .preinit_array     :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__preinit_array_start = .);
-    KEEP (*(.preinit_array*))
-    PROVIDE_HIDDEN (__preinit_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  .init_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__init_array_start = .);
-    KEEP (*(SORT(.init_array.*)))
-    KEEP (*(.init_array*))
-    PROVIDE_HIDDEN (__init_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  .fini_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__fini_array_start = .);
-    KEEP (*(SORT(.fini_array.*)))
-    KEEP (*(.fini_array*))
-    PROVIDE_HIDDEN (__fini_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  /* used by the startup to initialize data */
     _sidata = LOADADDR(.data);
 
-  /* Initialized data sections goes into RAM, load LMA copy after code */
     .data :
     {
         . = ALIGN(8);
-    _sdata = .;        /* create a global symbol at data start */
-    *(.data)           /* .data sections */
-    *(.data*)          /* .data* sections */
-
+        _sdata = .;
+        *(.data*)
         . = ALIGN(8);
-    _edata = .;        /* define a global symbol at data end */
-  } >RAM AT> FLASH
+        _edata = .;
+    } >ram AT> flash
 
-  _sisram2 = LOADADDR(.sram2);
-
-  /* CCM-RAM section
-  *
-  * IMPORTANT NOTE!
-  * If initialized variables will be placed in this section,
-  * the startup code needs to be modified to copy the init-values.
-  */
-  .sram2 :
-  {
-    . = ALIGN(8);
-    _ssram2 = .;       /* create a global symbol at sram2 start */
-    *(.sram2)
-    *(.sram2*)
-
-    . = ALIGN(8);
-    _esram2 = .;       /* create a global symbol at sram2 end */
-  } >SRAM2 AT> FLASH
-
-
-  /* Uninitialized data section */
-  . = ALIGN(4);
     .bss :
     {
-    /* This is used by the startup in order to initialize the .bss secion */
-    _sbss = .;         /* define a global symbol at bss start */
+        . = ALIGN(4);
+        _sbss = .;
         __bss_start__ = _sbss;
-    *(.bss)
         *(.bss*)
         *(COMMON)
-
         . = ALIGN(4);
-    _ebss = .;         /* define a global symbol at bss end */
+        _ebss = .;
         __bss_end__ = _ebss;
-  } >RAM
+    } > ram
 
-  /* User_heap_stack section, used to check that there is enough RAM left */
-  ._user_heap_stack :
+    ._stack :
     {
         . = ALIGN(8);
-    PROVIDE ( end = . );
-    PROVIDE ( _end = . );
-    . = . + _Min_Heap_Size;
-    . = . + _Min_Stack_Size;
+        end = .;
+        _end = .;
+        . = . + _MIN_STACK_SIZE;
         . = ALIGN(8);
-  } >RAM
+    } > ram
 
-
-
-  /* Remove information from the standard libraries */
-  /DISCARD/ :
-  {
-    libc.a ( * )
-    libm.a ( * )
-    libgcc.a ( * )
-  }
-
-  .ARM.attributes 0 : { *(.ARM.attributes) }
 }

targets/stm32l432/linker/stm32l4xx_extra.ld

@@ -1,203 +1,74 @@
-/*
-*****************************************************************************
-**
+/* Copyright 2019 SoloKeys Developers */
+/* */
+/* Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or */
+/* http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or */
+/* http://opensource.org/licenses/MIT>, at your option. This file may not be */
+/* copied, modified, or distributed except according to those terms. */
 
-**  File        : LinkerScript.ld
-**
-**  Abstract    : Linker script for STM32L432KCUx Device with
-**                256KByte FLASH, 64KByte RAM
-**
-**                Set heap size, stack size and stack location according
-**                to application requirements.
-**
-**                Set memory bank area and size if external memory is used.
-**
-**  Target      : STMicroelectronics STM32
-**
-**
-**  Distribution: The file is distributed as is, without any warranty
-**                of any kind.
-**
-**  (c)Copyright Ac6.
-**  You may use this file as-is or modify it according to the needs of your
-**  project. Distribution of this file (unmodified or modified) is not
-**  permitted. Ac6 permit registered System Workbench for MCU users the
-**  rights to distribute the assembled, compiled & linked contents of this
-**  file as part of an application binary file, provided that it is built
-**  using the System Workbench for MCU toolchain.
-**
-*****************************************************************************
-*/
-
-/* Entry Point */
 ENTRY(Reset_Handler)
 
-/* Highest address of the user mode stack */
-_estack = 0x2000c000;    /* end of RAM */
-/* Generate a link error if heap and stack don't fit into RAM */
-_Min_Heap_Size = 0x200;      /* required amount of heap  */
-_Min_Stack_Size = 0x400; /* required amount of stack */
+/* End of RAM */
+_estack = 0x2000c000;
+
+_MIN_STACK_SIZE = 0x400;
 
-/* Specify the memory areas */
 MEMORY
 {
-/* First 32 KB is bootloader */ 
-/*FLASH (rx)      : ORIGIN = 0x08000000, LENGTH = 238K-8 [> Leave out 38 Kb at end for data <]*/
-FLASH (rx)      : ORIGIN = 0x08008000, LENGTH = 186K-8 /* Leave out 38 Kb at end for data */
-RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 48K
-SRAM2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
+    flash (rx)      : ORIGIN = 0x08008000, LENGTH = 186K - 8
+    ram (xrw)       : ORIGIN = 0x20000000, LENGTH = 48K
+    sram2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
 }
 
-/* Define output sections */
 SECTIONS
 {
-  /* The startup code goes first into FLASH */
     .isr_vector :
     {
         . = ALIGN(8);
-    KEEP(*(.isr_vector)) /* Startup code */
+        KEEP(*(.isr_vector))
         . = ALIGN(8);
-  } >FLASH
+    } >flash
 
-  /* The program code and other data goes into FLASH */
     .text :
     {
         . = ALIGN(8);
-    *(.text)           /* .text sections (code) */
-    *(.text*)          /* .text* sections (code) */
-    *(.glue_7)         /* glue arm to thumb code */
-    *(.glue_7t)        /* glue thumb to arm code */
-    *(.eh_frame)
-
+        *(.text*)
+        *(.rodata*)
         KEEP(*(.init))
-    KEEP (*(.fini))
+        KEEP(*(.finit))
+        . = ALIGN(8);
+        _etext = .;
+    } >flash
 
-    . = ALIGN(8);
-    _etext = .;        /* define a global symbols at end of code */
-  } >FLASH
-
-  /* Constant data goes into FLASH */
-  .rodata :
-  {
-    . = ALIGN(8);
-    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
-    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
-    . = ALIGN(8);
-  } >FLASH
-
-  .ARM.extab   :
-  {
-  . = ALIGN(8);
-  *(.ARM.extab* .gnu.linkonce.armextab.*)
-  . = ALIGN(8);
-  } >FLASH
-  .ARM : {
-	. = ALIGN(8);
-    __exidx_start = .;
-    *(.ARM.exidx*)
-    __exidx_end = .;
-	. = ALIGN(8);
-  } >FLASH
-
-  .preinit_array     :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__preinit_array_start = .);
-    KEEP (*(.preinit_array*))
-    PROVIDE_HIDDEN (__preinit_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  .init_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__init_array_start = .);
-    KEEP (*(SORT(.init_array.*)))
-    KEEP (*(.init_array*))
-    PROVIDE_HIDDEN (__init_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  .fini_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__fini_array_start = .);
-    KEEP (*(SORT(.fini_array.*)))
-    KEEP (*(.fini_array*))
-    PROVIDE_HIDDEN (__fini_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  /* used by the startup to initialize data */
     _sidata = LOADADDR(.data);
 
-  /* Initialized data sections goes into RAM, load LMA copy after code */
     .data :
     {
         . = ALIGN(8);
-    _sdata = .;        /* create a global symbol at data start */
-    *(.data)           /* .data sections */
-    *(.data*)          /* .data* sections */
-
+        _sdata = .;
+        *(.data*)
         . = ALIGN(8);
-    _edata = .;        /* define a global symbol at data end */
-  } >RAM AT> FLASH
+        _edata = .;
+    } >ram AT> flash
 
-  _sisram2 = LOADADDR(.sram2);
-
-  /* CCM-RAM section
-  *
-  * IMPORTANT NOTE!
-  * If initialized variables will be placed in this section,
-  * the startup code needs to be modified to copy the init-values.
-  */
-  .sram2 :
-  {
-    . = ALIGN(8);
-    _ssram2 = .;       /* create a global symbol at sram2 start */
-    *(.sram2)
-    *(.sram2*)
-
-    . = ALIGN(8);
-    _esram2 = .;       /* create a global symbol at sram2 end */
-  } >SRAM2 AT> FLASH
-
-
-  /* Uninitialized data section */
-  . = ALIGN(4);
     .bss :
     {
-    /* This is used by the startup in order to initialize the .bss secion */
-    _sbss = .;         /* define a global symbol at bss start */
+        . = ALIGN(4);
+        _sbss = .;
         __bss_start__ = _sbss;
-    *(.bss)
         *(.bss*)
         *(COMMON)
-
         . = ALIGN(4);
-    _ebss = .;         /* define a global symbol at bss end */
+        _ebss = .;
         __bss_end__ = _ebss;
-  } >RAM
+    } > ram
 
-  /* User_heap_stack section, used to check that there is enough RAM left */
-  ._user_heap_stack :
+    ._stack :
     {
         . = ALIGN(8);
-    PROVIDE ( end = . );
-    PROVIDE ( _end = . );
-    . = . + _Min_Heap_Size;
-    . = . + _Min_Stack_Size;
+        end = .;
+        _end = .;
+        . = . + _MIN_STACK_SIZE;
         . = ALIGN(8);
-  } >RAM
+    } > ram
 
-
-
-  /* Remove information from the standard libraries */
-  /DISCARD/ :
-  {
-    libc.a ( * )
-    libm.a ( * )
-    libgcc.a ( * )
-  }
-
-  .ARM.attributes 0 : { *(.ARM.attributes) }
 }

targets/stm32l432/src/ams.c

@@ -0,0 +1,373 @@
+#include <string.h>
+
+#include "stm32l4xx_ll_spi.h"
+
+#include "ams.h"
+#include "log.h"
+#include "util.h"
+#include "device.h"
+#include "nfc.h"
+
+static void flush_rx()
+{
+    while(LL_SPI_IsActiveFlag_RXNE(SPI1) != 0)
+    {
+        LL_SPI_ReceiveData8(SPI1);
+    }
+}
+static void wait_for_tx()
+{
+    // while (LL_SPI_IsActiveFlag_BSY(SPI1) == 1)
+    //     ;
+    while(LL_SPI_GetTxFIFOLevel(SPI1) != LL_SPI_TX_FIFO_EMPTY)
+        ;
+}
+static void wait_for_rx()
+{
+    while(LL_SPI_IsActiveFlag_RXNE(SPI1) == 0)
+        ;
+}
+
+
+void ams_print_device(AMS_DEVICE * dev)
+{
+    printf1(TAG_NFC, "AMS_DEVICE:\r\n");
+    printf1(TAG_NFC, "    io_conf:        %02x\r\n",dev->regs.io_conf);
+    printf1(TAG_NFC, "    ic_conf0:       %02x\r\n",dev->regs.ic_conf0);
+    printf1(TAG_NFC, "    ic_conf1:       %02x\r\n",dev->regs.ic_conf1);
+    printf1(TAG_NFC, "    ic_conf2:       %02x\r\n",dev->regs.ic_conf2);
+    printf1(TAG_NFC, "    rfid_status:    %02x\r\n",dev->regs.rfid_status);
+    printf1(TAG_NFC, "    ic_status:      %02x\r\n",dev->regs.ic_status);
+    printf1(TAG_NFC, "    mask_int0:      %02x\r\n",dev->regs.mask_int0);
+    printf1(TAG_NFC, "    mask_int1:      %02x\r\n",dev->regs.mask_int1);
+    printf1(TAG_NFC, "    int0:           %02x\r\n",dev->regs.int0);
+    printf1(TAG_NFC, "    int1:           %02x\r\n",dev->regs.int1);
+    printf1(TAG_NFC, "    buffer_status2: %02x\r\n",dev->regs.buffer_status2);
+    printf1(TAG_NFC, "    buffer_status1: %02x\r\n",dev->regs.buffer_status1);
+    printf1(TAG_NFC, "    last_nfc_addr:  %02x\r\n",dev->regs.last_nfc_addr);
+    printf1(TAG_NFC, "    product_type:   %02x\r\n",dev->regs.product_type);
+    printf1(TAG_NFC, "    product_subtype:%02x\r\n",dev->regs.product_subtype);
+    printf1(TAG_NFC, "    version_maj:    %02x\r\n",dev->regs.version_maj);
+    printf1(TAG_NFC, "    version_min:    %02x\r\n",dev->regs.version_min);
+}
+
+static uint8_t send_recv(uint8_t b)
+{
+    wait_for_tx();
+    LL_SPI_TransmitData8(SPI1, b);
+    wait_for_rx();
+    b  = LL_SPI_ReceiveData8(SPI1);
+    return b;
+}
+
+
+void ams_write_reg(uint8_t addr, uint8_t tx)
+{
+    send_recv(0x00| addr);
+    send_recv(tx);
+
+    UNSELECT();
+    SELECT();
+}
+
+
+uint8_t ams_read_reg(uint8_t addr)
+{
+    send_recv(0x20| (addr & 0x1f));
+    uint8_t data = send_recv(0);
+    UNSELECT();
+    SELECT();
+    return data;
+}
+
+
+// data must be 14 bytes long
+void read_reg_block(AMS_DEVICE * dev)
+{
+	int i;
+	uint8_t mode = 0x20 | (4 );
+    flush_rx();
+
+	send_recv(mode);
+	for (i = 0x04; i < 0x0d; i++)
+	{
+		dev->buf[i] = send_recv(0);
+	}
+
+    UNSELECT();
+    SELECT();
+}
+
+void ams_read_buffer(uint8_t * data, int len)
+{
+    send_recv(0xa0);
+    while(len--)
+    {
+        *data++ = send_recv(0x00);
+    }
+
+    UNSELECT();
+    SELECT();
+}
+
+void ams_write_buffer(uint8_t * data, int len)
+{
+    send_recv(0x80);
+    while(len--)
+    {
+        send_recv(*data++);
+    }
+
+    UNSELECT();
+    SELECT();
+}
+
+// data must be 4 bytes
+void ams_read_eeprom_block(uint8_t block, uint8_t * data)
+{
+    send_recv(0x7f);
+    send_recv(block << 1);
+
+    data[0] = send_recv(0);
+    data[1] = send_recv(0);
+    data[2] = send_recv(0);
+    data[3] = send_recv(0);
+
+    UNSELECT();
+    SELECT();
+}
+
+
+// data must be 4 bytes
+void ams_write_eeprom_block(uint8_t block, uint8_t * data)
+{
+    send_recv(0x40);
+    send_recv(block << 1);
+
+    send_recv(data[0]);
+    send_recv(data[1]);
+    send_recv(data[2]);
+    send_recv(data[3]);
+
+    UNSELECT();
+    SELECT();
+}
+
+void ams_write_command(uint8_t cmd)
+{
+	send_recv(0xc0 | cmd);
+    UNSELECT();
+	SELECT();
+}
+
+const char * ams_get_state_string(uint8_t regval)
+{
+    if (regval & AMS_STATE_INVALID)
+    {
+        return "STATE_INVALID";
+    }
+    switch (regval & AMS_STATE_MASK)
+    {
+        case AMS_STATE_OFF:
+            return "STATE_OFF";
+        case AMS_STATE_SENSE:
+            return "STATE_SENSE";
+        case AMS_STATE_RESOLUTION:
+            return "STATE_RESOLUTION";
+        case AMS_STATE_RESOLUTION_L2:
+            return "STATE_RESOLUTION_L2";
+        case AMS_STATE_SELECTED:
+            return "STATE_SELECTED";
+        case AMS_STATE_SECTOR2:
+            return "STATE_SECTOR2";
+        case AMS_STATE_SECTORX_2:
+            return "STATE_SECTORX_2";
+        case AMS_STATE_SELECTEDX:
+            return "STATE_SELECTEDX";
+        case AMS_STATE_SENSEX_L2:
+            return "STATE_SENSEX_L2";
+        case AMS_STATE_SENSEX:
+            return "STATE_SENSEX";
+        case AMS_STATE_SLEEP:
+            return "STATE_SLEEP";
+    }
+    return "STATE_WRONG";
+}
+
+int ams_state_is_valid(uint8_t regval)
+{
+    if (regval & AMS_STATE_INVALID)
+    {
+        return 0;
+    }
+    switch (regval & AMS_STATE_MASK)
+    {
+        case AMS_STATE_OFF:
+        case AMS_STATE_SENSE:
+        case AMS_STATE_RESOLUTION:
+        case AMS_STATE_RESOLUTION_L2:
+        case AMS_STATE_SELECTED:
+        case AMS_STATE_SECTOR2:
+        case AMS_STATE_SECTORX_2:
+        case AMS_STATE_SELECTEDX:
+        case AMS_STATE_SENSEX_L2:
+        case AMS_STATE_SENSEX:
+        case AMS_STATE_SLEEP:
+            return 1;
+    }
+    return 0;
+}
+
+void ams_print_int0(uint8_t int0)
+{
+#if DEBUG_LEVEL
+    uint32_t tag = (TAG_NFC)|(TAG_NO_TAG);
+    printf1(TAG_NFC,"    ");
+    if (int0 & AMS_INT_XRF)
+        printf1(tag," XRF");
+    if (int0 & AMS_INT_TXE)
+        printf1(tag," TXE");
+    if (int0 & AMS_INT_RXE)
+        printf1(tag," RXE");
+    if (int0 & AMS_INT_EER_RF)
+        printf1(tag," EER_RF");
+    if (int0 & AMS_INT_EEW_RF)
+        printf1(tag," EEW_RF");
+    if (int0 & AMS_INT_SLP)
+        printf1(tag," SLP");
+    if (int0 & AMS_INT_WU_A)
+        printf1(tag," WU_A");
+    if (int0 & AMS_INT_INIT)
+        printf1(tag," INIT");
+
+    printf1(tag,"\r\n");
+#endif
+}
+
+void ams_print_int1(uint8_t int0)
+{
+#if DEBUG_LEVEL
+    uint32_t tag = (TAG_NFC)|(TAG_NO_TAG);
+    printf1(TAG_NFC,"    ");
+    if (int0 & AMS_INT_ACC_ERR)
+        printf1(tag," ACC_ERR");
+    if (int0 & AMS_INT_EEAC_ERR)
+        printf1(tag," EEAC_ERR");
+    if (int0 & AMS_INT_IO_EEWR)
+        printf1(tag," IO_EEWR");
+    if (int0 & AMS_INT_BF_ERR)
+        printf1(tag," BF_ERR");
+    if (int0 & AMS_INT_CRC_ERR)
+        printf1(tag," CRC_ERR");
+    if (int0 & AMS_INT_PAR_ERR)
+        printf1(tag," PAR_ERR");
+    if (int0 & AMS_INT_FRM_ERR)
+        printf1(tag," FRM_ERR");
+    if (int0 & AMS_INT_RXS)
+        printf1(tag," RXS");
+
+    printf1(tag,"\r\n");
+#endif
+}
+
+int ams_init()
+{
+    LL_GPIO_SetPinMode(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN,LL_GPIO_MODE_OUTPUT);
+    LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN);
+
+    LL_SPI_SetClockPolarity(SPI1,LL_SPI_POLARITY_LOW);
+    LL_SPI_SetClockPhase(SPI1,LL_SPI_PHASE_2EDGE);
+    LL_SPI_SetRxFIFOThreshold(SPI1,LL_SPI_RX_FIFO_TH_QUARTER);
+    LL_SPI_Enable(SPI1);
+
+    // delay(10);
+    SELECT();
+    delay(1);
+
+    uint8_t productType = ams_read_reg(AMS_REG_PRODUCT_TYPE);
+    if (productType == 0x14)
+    {
+        return 1;
+    }
+    return 0;
+}
+
+void ams_configure()
+{
+    // Should not be used during passive operation.
+    uint8_t block[4];
+
+	// check connection
+	uint8_t productType = ams_read_reg(AMS_REG_PRODUCT_TYPE);
+	if (productType != 0x14)
+	{
+		printf1(TAG_ERR, "Have wrong product type [0x%02x]. AMS3956 connection error.\n", productType);
+	}
+
+	printf1(TAG_NFC,"AMS3956 product type 0x%02x.\n", productType);
+
+    ams_read_eeprom_block(AMS_CONFIG_UID_ADDR, block);
+    printf1(TAG_NFC,"UID: 3F 14 02 - "); dump_hex1(TAG_NFC,block,4);
+
+    ams_read_eeprom_block(AMS_CONFIG_BLOCK0_ADDR, block);
+    printf1(TAG_NFC,"conf0: "); dump_hex1(TAG_NFC,block,4);
+
+    uint8_t sense1 = 0x44;
+    uint8_t sense2 = 0x00;
+    uint8_t selr   = 0x20;    // SAK
+
+    if(block[0] != sense1 || block[1] != sense2 || block[2] != selr)
+    {
+        printf1(TAG_NFC,"Writing config block 0\r\n");
+        block[0] = sense1;
+        block[1] = sense2;
+        block[2] = selr;
+        block[3] = 0x00;
+
+        ams_write_eeprom_block(AMS_CONFIG_BLOCK0_ADDR, block);
+        UNSELECT();
+        delay(10);
+        SELECT();
+        delay(10);
+
+        ams_read_eeprom_block(AMS_CONFIG_BLOCK0_ADDR, block);
+        printf1(TAG_NFC,"conf0: "); dump_hex1(TAG_NFC,block,4);
+    }
+
+    ams_read_eeprom_block(AMS_CONFIG_BLOCK1_ADDR, block);
+    printf1(TAG_NFC,"conf1: "); dump_hex1(TAG_NFC,block,4);
+
+    uint8_t ic_cfg1 = AMS_CFG1_OUTPUT_RESISTANCE_100 | AMS_CFG1_VOLTAGE_LEVEL_2V0;
+    uint8_t ic_cfg2 = AMS_CFG2_TUN_MOD;
+
+    if (block[0] != ic_cfg1 || block[1] != ic_cfg2)
+    {
+
+        printf1(TAG_NFC,"Writing config block 1\r\n");
+
+        ams_write_reg(AMS_REG_IC_CONF1,ic_cfg1);
+        ams_write_reg(AMS_REG_IC_CONF2,ic_cfg2);
+
+        // set IC_CFG1
+        block[0] = ic_cfg1;
+
+        // set IC_CFG2
+        block[1] = ic_cfg2;
+
+        // mask interrupt bits
+        block[2] = 0x80;
+        block[3] = 0;
+
+        ams_write_eeprom_block(AMS_CONFIG_BLOCK1_ADDR, block);
+
+        UNSELECT();
+        delay(10);
+        SELECT();
+        delay(10);
+
+        ams_read_eeprom_block(0x7F, block);
+        printf1(TAG_NFC,"conf1: "); dump_hex1(TAG_NFC,block,4);
+    }
+
+
+}

targets/stm32l432/src/ams.h

@@ -0,0 +1,162 @@
+// AS3956 interface
+// https://ams.com/as3956
+// https://ams.com/documents/20143/36005/AS3956_DS000546_7-00.pdf
+
+#ifndef _AMS_H_
+#define _AMS_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "stm32l4xx_ll_gpio.h"
+
+
+typedef union
+{
+    uint8_t buf[0x20];
+    struct {
+        uint8_t io_conf;                // 0x00
+        uint8_t ic_conf0;               // 0x01
+        uint8_t ic_conf1;               // 0x02
+        uint8_t ic_conf2;               // 0x03
+        uint8_t rfid_status;            // 0x04
+        uint8_t ic_status;              // 0x05
+        uint8_t _nc0[2];                   // 0x06 - 0x07
+        uint8_t mask_int0;              // 0x08
+        uint8_t mask_int1;              // 0x09
+        uint8_t int0;                   // 0x0a
+        uint8_t int1;                   // 0x0b
+        uint8_t buffer_status2;         // 0x0c
+        uint8_t buffer_status1;         // 0x0d
+        uint8_t last_nfc_addr;          // 0x0e
+        uint8_t _nc1[0x1b - 0x0f + 1];  // 0x0f - 0x1b
+        uint8_t product_type;           // 0x1c
+        uint8_t product_subtype;        // 0x1d
+        uint8_t version_maj;            // 0x1e
+        uint8_t version_min;            // 0x1f
+    } regs;
+} __attribute__((packed)) AMS_DEVICE;
+
+#define SELECT() LL_GPIO_ResetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN)
+#define UNSELECT() LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN)
+
+int ams_init();
+void ams_configure();
+
+void ams_read_buffer(uint8_t * data, int len);
+void ams_write_buffer(uint8_t * data, int len);
+
+void ams_write_command(uint8_t cmd);
+
+void read_reg_block(AMS_DEVICE * dev);
+
+uint8_t ams_read_reg(uint8_t addr);
+
+void ams_write_reg(uint8_t addr, uint8_t tx);
+
+const char * ams_get_state_string(uint8_t regval);
+int ams_state_is_valid(uint8_t regval);
+
+
+#define AMS_REG_IO_CONF                 0x00
+#define AMS_REG_IC_CONF0                0x01
+#define AMS_REG_IC_CONF1                0x02
+#define AMS_REG_IC_CONF2                0x03
+    #define AMS_RFCFG_EN                0x80
+    #define AMS_TUN_MOD                 0x40
+#define AMS_REG_RFID_STATUS             0x04
+    #define AMS_HF_PON                  0x80
+    #define AMS_STATE_MASK              0x78
+    #define AMS_STATE_INVALID           0x04
+    #define AMS_STATE_OFF               (0 << 3)
+    #define AMS_STATE_SENSE             (1 << 3)
+    #define AMS_STATE_RESOLUTION        (3 << 3)
+    #define AMS_STATE_RESOLUTION_L2     (2 << 3)
+    #define AMS_STATE_SELECTED          (6 << 3)
+    #define AMS_STATE_SECTOR2           (7 << 3)
+    #define AMS_STATE_SECTORX_2         (0xf << 3)
+    #define AMS_STATE_SELECTEDX         (0xe << 3)
+    #define AMS_STATE_SENSEX_L2         (0xa << 3)
+    #define AMS_STATE_SENSEX            (0xb << 3)
+    #define AMS_STATE_SLEEP             (0x9 << 3)
+// ... //
+#define AMS_REG_MASK_INT0               0x08
+    #define AMS_MASK0_PU                (1<<7)  // power up
+    #define AMS_MASK0_WU_A              (1<<6)  // selected INT
+    #define AMS_MASK0_SLP               (1<<5)
+    #define AMS_MASK0_EEW_RF            (1<<4)
+    #define AMS_MASK0_EER_RF            (1<<3)
+    #define AMS_MASK0_RXE               (1<<2)
+    #define AMS_MASK0_TXE               (1<<1)
+    #define AMS_MASK0_XRF               (1<<0)
+#define AMS_REG_MASK_INT1               0x09
+#define AMS_REG_INT0                    0x0a
+    #define AMS_INT_XRF                 (1<<0)
+    #define AMS_INT_TXE                 (1<<1)
+    #define AMS_INT_RXE                 (1<<2)
+    #define AMS_INT_EER_RF              (1<<3)
+    #define AMS_INT_EEW_RF              (1<<4)
+    #define AMS_INT_SLP                 (1<<5)
+    #define AMS_INT_WU_A                (1<<6)
+    #define AMS_INT_INIT                (1<<7)
+#define AMS_REG_INT1                    0x0b
+    #define AMS_INT_ACC_ERR             (1<<0)
+    #define AMS_INT_EEAC_ERR            (1<<1)
+    #define AMS_INT_IO_EEWR             (1<<2)
+    #define AMS_INT_BF_ERR              (1<<3)
+    #define AMS_INT_CRC_ERR             (1<<4)
+    #define AMS_INT_PAR_ERR             (1<<5)
+    #define AMS_INT_FRM_ERR             (1<<6)
+    #define AMS_INT_RXS                 (1<<7)
+#define AMS_REG_BUF2                    0x0c
+    #define AMS_BUF_LEN_MASK            0x1f
+    #define AMS_BUF_INVALID             0x80
+#define AMS_REG_BUF1                    0x0d
+// ... //
+#define AMS_REG_PRODUCT_TYPE            0x1c
+#define AMS_REG_PRODUCT_SUBTYPE         0x1d
+#define AMS_REG_VERSION_MAJOR           0x1e
+#define AMS_REG_VERSION_MINOR           0x1f
+
+#define AMS_CONFIG_UID_ADDR				0x00
+#define AMS_CONFIG_BLOCK0_ADDR          0x7e
+#define AMS_CONFIG_BLOCK1_ADDR          0x7f
+
+#define AMS_CFG1_VOLTAGE_LEVEL_1V9      (0x00<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V0      (0x01<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V1      (0x02<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V2      (0x03<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V3      (0x04<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V4      (0x05<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V5      (0x06<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V6      (0x07<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V7      (0x08<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V8      (0x09<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_2V9      (0x0a<<2)
+#define AMS_CFG1_VOLTAGE_LEVEL_3V0      (0x0b<<2)
+
+#define AMS_CFG1_OUTPUT_RESISTANCE_ZZ   0x00
+#define AMS_CFG1_OUTPUT_RESISTANCE_100  0x01
+#define AMS_CFG1_OUTPUT_RESISTANCE_50   0x02
+#define AMS_CFG1_OUTPUT_RESISTANCE_25   0x03
+
+#define AMS_CFG2_RFCFG_EN               (1<<7)
+#define AMS_CFG2_TUN_MOD                (1<<6)
+
+#define AMS_CMD_DEFAULT                 0x02
+#define AMS_CMD_CLEAR_BUFFER            0x04
+#define AMS_CMD_RESTART_TRANSCEIVER     0x06
+#define AMS_CMD_DIS_EN_TRANSCEIVER      0x07
+#define AMS_CMD_TRANSMIT_BUFFER         0x08
+#define AMS_CMD_TRANSMIT_ACK            0x09
+#define AMS_CMD_TRANSMIT_NACK0          0x0A
+#define AMS_CMD_TRANSMIT_NACK1          0x0B
+#define AMS_CMD_TRANSMIT_NACK4          0x0D
+#define AMS_CMD_TRANSMIT_NACK5          0x0C
+#define AMS_CMD_SLEEP                   0x10
+#define AMS_CMD_SENSE                   0x11
+#define AMS_CMD_SENSE_SLEEP             0x12
+
+
+
+
+#endif

targets/stm32l432/src/app.h

@@ -23,6 +23,7 @@
 //#define USING_DEV_BOARD
 
 #define ENABLE_U2F_EXTENSIONS
+    // #define ENABLE_WALLET
 
 #define ENABLE_U2F
 
@@ -30,6 +31,7 @@
 // #define DISABLE_CTAPHID_WINK
 // #define DISABLE_CTAPHID_CBOR
 
+#define ENABLE_SERIAL_PRINTING
 
 #if defined(SOLO_HACKER)
 #define SOLO_PRODUCT_NAME "Solo Hacker " SOLO_VERSION
@@ -38,7 +40,7 @@
 #endif
 
 void printing_init();
-void hw_init(void);
+void hw_init(int lf);
 
 //#define TEST
 //#define TEST_POWER
@@ -63,6 +65,12 @@ void hw_init(void);
 #define SOLO_BUTTON_PORT        GPIOA
 #define SOLO_BUTTON_PIN         LL_GPIO_PIN_0
 
+#define SOLO_AMS_CS_PORT        GPIOB
+#define SOLO_AMS_CS_PIN         LL_GPIO_PIN_0
+
+#define SOLO_AMS_IRQ_PORT       GPIOC
+#define SOLO_AMS_IRQ_PIN        LL_GPIO_PIN_15
+
 #define SKIP_BUTTON_CHECK_WITH_DELAY        0
 #define SKIP_BUTTON_CHECK_FAST              0
 

targets/stm32l432/src/crypto.c

@@ -24,6 +24,9 @@
 #include "aes.h"
 #include "ctap.h"
 #include "device.h"
+// stuff for SHA512
+#include "sha2.h"
+#include "blockwise.h"
 #include APP_CONFIG
 #include "log.h"
 #include "memory_layout.h"
@@ -48,6 +51,7 @@ typedef enum
 
 
 static SHA256_CTX sha256_ctx;
+static cf_sha512_context sha512_ctx;
 static const struct uECC_Curve_t * _es256_curve = NULL;
 static const uint8_t * _signing_key = NULL;
 static int _key_len = 0;
@@ -62,6 +66,9 @@ void crypto_sha256_init()
     sha256_init(&sha256_ctx);
 }
 
+void crypto_sha512_init() {
+    cf_sha512_init(&sha512_ctx);
+}
 
 void crypto_load_master_secret(uint8_t * key)
 {
@@ -86,6 +93,10 @@ void crypto_sha256_update(uint8_t * data, size_t len)
     sha256_update(&sha256_ctx, data, len);
 }
 
+void crypto_sha512_update(const uint8_t * data, size_t len) {
+    cf_sha512_update(&sha512_ctx, data, len);
+}
+
 void crypto_sha256_update_secret()
 {
     sha256_update(&sha256_ctx, master_secret, 32);
@@ -96,6 +107,11 @@ void crypto_sha256_final(uint8_t * hash)
     sha256_final(&sha256_ctx, hash);
 }
 
+void crypto_sha512_final(uint8_t * hash) {
+    // NB: there is also cf_sha512_digest
+    cf_sha512_digest_final(&sha512_ctx, hash);
+}
+
 void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
 {
     uint8_t buf[64];

targets/stm32l432/src/device.c

@@ -10,6 +10,7 @@
 #include "stm32l4xx_ll_gpio.h"
 #include "stm32l4xx_ll_tim.h"
 #include "stm32l4xx_ll_usart.h"
+#include "stm32l4xx_ll_pwr.h"
 #include "usbd_hid.h"
 
 #include APP_CONFIG
@@ -26,6 +27,12 @@
 #include "memory_layout.h"
 #include "stm32l4xx_ll_iwdg.h"
 #include "usbd_cdc_if.h"
+#include "nfc.h"
+#include "init.h"
+#include "sense.h"
+
+#define LOW_FREQUENCY        1
+#define HIGH_FREQUENCY       0
 
 void wait_for_usb_tether();
 
@@ -34,8 +41,21 @@ uint32_t __90_ms = 0;
 uint32_t __device_status = 0;
 uint32_t __last_update = 0;
 extern PCD_HandleTypeDef hpcd;
+static int _NFC_status = 0;
+static bool isLowFreq = 0;
 
-#define IS_BUTTON_PRESSED()         (0  == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN))
+// #define IS_BUTTON_PRESSED()         (0  == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN))
+static int is_physical_button_pressed()
+{
+    return (0  == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN));
+}
+
+static int is_touch_button_pressed()
+{
+    return tsc_read_button(0) || tsc_read_button(1);
+}
+
+int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;
 
 // Timer6 overflow handler.  happens every ~90ms.
 void TIM6_DAC_IRQHandler()
@@ -43,13 +63,20 @@ void TIM6_DAC_IRQHandler()
     // timer is only 16 bits, so roll it over here
     TIM6->SR = 0;
     __90_ms += 1;
-    if ((millis() - __last_update) > 8)
+    if ((millis() - __last_update) > 90)
     {
         if (__device_status != CTAPHID_STATUS_IDLE)
         {
             ctaphid_update_status(__device_status);
         }
     }
+#ifndef IS_BOOTLOADER
+	// NFC sending WTX if needs
+	if (device_is_nfc() == NFC_IS_ACTIVE)
+	{
+		WTX_timer_exec();
+	}
+#endif
 }
 
 // Global USB interrupt handler
@@ -78,6 +105,7 @@ void device_set_status(uint32_t status)
 
 int device_is_button_pressed()
 {
+
     return IS_BUTTON_PRESSED();
 }
 
@@ -91,32 +119,60 @@ void device_reboot()
 {
     NVIC_SystemReset();
 }
-void device_init()
-{
-    hw_init();
-    LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT);
-    LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP);
 
-#ifndef IS_BOOTLOADER
+void device_init_button()
+{
+    if (tsc_sensor_exists())
+    {
+        tsc_init();
+        IS_BUTTON_PRESSED = is_touch_button_pressed;
+    }
+    else
+    {
+        IS_BUTTON_PRESSED = is_physical_button_pressed;
+    }
+}
+
+void device_init(int argc, char *argv[])
+{
+
+    hw_init(LOW_FREQUENCY);
+
+    if (! tsc_sensor_exists())
+    {
+        _NFC_status = nfc_init();
+    }
+
+    if (_NFC_status == NFC_IS_ACTIVE)
+    {
+        printf1(TAG_NFC, "Have NFC\r\n");
+        isLowFreq = 1;
+        IS_BUTTON_PRESSED = is_physical_button_pressed;
+    }
+    else
+    {
+        printf1(TAG_NFC, "Have NO NFC\r\n");
+        hw_init(HIGH_FREQUENCY);
+        isLowFreq = 0;
+        device_init_button();
+    }
+
+    usbhid_init();
+    ctaphid_init();
+    ctap_init();
+
 #if BOOT_TO_DFU
     flash_option_bytes_init(1);
 #else
     flash_option_bytes_init(0);
-#endif
 #endif
 
-    printf1(TAG_GEN,"hello solo\r\n");
+
 }
 
-void usb_init(void);
-void usbhid_init()
+int device_is_nfc()
 {
-    usb_init();
-
-#if DEBUG_LEVEL>1
-    wait_for_usb_tether();
-#endif
-
+    return _NFC_status;
 }
 
 void wait_for_usb_tether()
@@ -130,6 +186,26 @@ void wait_for_usb_tether()
         ;
 }
 
+void usbhid_init()
+{
+    if (!isLowFreq)
+    {
+        init_usb();
+
+#if DEBUG_LEVEL>1
+        wait_for_usb_tether();
+#endif
+    }
+    else
+    {
+
+
+
+    }
+}
+
+
+
 int usbhid_recv(uint8_t * msg)
 {
     if (fifo_hidmsg_size())
@@ -366,6 +442,7 @@ uint32_t ctap_atomic_count(int sel)
 }
 
 
+
 void device_manage()
 {
 #if NON_BLOCK_PRINTING
@@ -386,6 +463,10 @@ void device_manage()
         }
     }
 #endif
+#ifndef IS_BOOTLOADER
+	if(device_is_nfc())
+		nfc_loop();
+#endif
 }
 
 static int handle_packets()
@@ -407,9 +488,13 @@ static int handle_packets()
     return 0;
 }
 
-int ctap_user_presence_test()
+int ctap_user_presence_test(uint32_t up_delay)
 {
     int ret;
+    if (device_is_nfc() == NFC_IS_ACTIVE)
+    {
+        return 1;
+    }
 #if SKIP_BUTTON_CHECK_WITH_DELAY
     int i=500;
     while(i--)
@@ -428,9 +513,12 @@ int ctap_user_presence_test()
     uint32_t t1 = millis();
     led_rgb(0xff3520);
 
+if (IS_BUTTON_PRESSED == is_touch_button_pressed)
+{
+    // Wait for user to release touch button if it's already pressed
     while (IS_BUTTON_PRESSED())
     {
-    if (t1 + 5000 < millis())
+        if (t1 + up_delay < millis())
         {
             printf1(TAG_GEN,"Button not pressed\n");
             goto fail;
@@ -438,12 +526,13 @@ while (IS_BUTTON_PRESSED())
         ret = handle_packets();
         if (ret) return ret;
     }
+}
 
 t1 = millis();
 
 do
 {
-    if (t1 + 5000 < millis())
+    if (t1 + up_delay < millis())
     {
         goto fail;
     }
@@ -543,7 +632,7 @@ void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
 
         memmove(tmppage + (sizeof(CTAP_residentKey) * index) % PAGE_SIZE, rk, sizeof(CTAP_residentKey));
         flash_erase_page(page);
-        flash_write(flash_addr(page), tmppage, ((sizeof(CTAP_residentKey) * (index + 1)) % PAGE_SIZE) );
+        flash_write(flash_addr(page), tmppage, PAGE_SIZE);
     }
     else
     {

targets/stm32l432/src/init.c

@@ -18,6 +18,7 @@
 #include "stm32l4xx_ll_bus.h"
 #include "stm32l4xx_ll_tim.h"
 #include "stm32l4xx_ll_rng.h"
+#include "stm32l4xx_ll_spi.h"
 #include "stm32l4xx_ll_usb.h"
 #include "stm32l4xx_hal_pcd.h"
 #include "stm32l4xx_hal.h"
@@ -29,57 +30,86 @@
 #include "usbd_composite.h"
 #include "usbd_cdc_if.h"
 #include "device.h"
+#include "init.h"
+#include "sense.h"
 #include APP_CONFIG
 
-/* USER CODE BEGIN Includes */
+// KHz
+#define MAX_CLOCK_RATE      24000
 
-/* USER CODE END Includes */
+#define SET_CLOCK_RATE2()        SystemClock_Config()
 
-/* Private variables ---------------------------------------------------------*/
+#if MAX_CLOCK_RATE == 48000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF32()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF48()
+#elif MAX_CLOCK_RATE == 32000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF24()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF32()
+#elif MAX_CLOCK_RATE == 28000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF24()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF28()
+#elif MAX_CLOCK_RATE == 24000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF16()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF24()
+#elif MAX_CLOCK_RATE == 20000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF16()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF20()
+#elif MAX_CLOCK_RATE == 16000
+    #define SET_CLOCK_RATE0()        SystemClock_Config_LF8()
+    #define SET_CLOCK_RATE1()        SystemClock_Config_LF16()
+#else
+#error "Invalid clock rate selected"
+#endif
 
 USBD_HandleTypeDef Solo_USBD_Device;
 
-/* Private function prototypes -----------------------------------------------*/
 static void LL_Init(void);
-void SystemClock_Config(void);
-static void MX_GPIO_Init(void);
-#if DEBUG_LEVEL > 0
-static void MX_USART1_UART_Init(void);
-#endif
-static void MX_TIM2_Init(void);
-static void MX_TIM6_Init(void);
-static void MX_RNG_Init(void);
 
 #define Error_Handler() _Error_Handler(__FILE__,__LINE__)
 void _Error_Handler(char *file, int line);
 
+void SystemClock_Config(void);
+void SystemClock_Config_LF16(void);
+void SystemClock_Config_LF20(void);
+void SystemClock_Config_LF24(void);
+void SystemClock_Config_LF28(void);
+void SystemClock_Config_LF48(void);
 
-void hw_init(void)
+void hw_init(int lowfreq)
 {
 #ifdef IS_BOOTLOADER
     SCB->VTOR = FLASH_BASE;
 #else
 #endif
     LL_Init();
+    init_gpio();
 
-    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+    if (lowfreq)
+    {
+        LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE2); // Under voltage
+        device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
+        LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE2);
+    }
+    else
+    {
+        SystemClock_Config();
+    }
 
-    SystemClock_Config(); // TODO bootloader should not change clk freq.
+    if (!lowfreq)
+    {
+        init_pwm();
+    }
 
-    MX_GPIO_Init();
-    MX_TIM2_Init();       // PWM for LEDs
-
-    MX_TIM6_Init();       // ~1 ms timer
+    init_millisecond_timer(lowfreq);
 
 #if DEBUG_LEVEL > 0
-    MX_USART1_UART_Init();// debug uart
+    init_debug_uart();
 #endif
 
-    MX_RNG_Init();
+    init_rng();
+
+    init_spi();
 
-    TIM6->SR = 0;
-    __enable_irq();
-    NVIC_EnableIRQ(TIM6_IRQn);
 }
 
 static void LL_Init(void)
@@ -107,12 +137,29 @@ static void LL_Init(void)
 
 }
 
+void device_set_clock_rate(DEVICE_CLOCK_RATE param)
+{
+    switch(param)
+    {
+        case DEVICE_LOW_POWER_IDLE:
+            SET_CLOCK_RATE0();
+        break;
+        case DEVICE_LOW_POWER_FAST:
+            SET_CLOCK_RATE1();
+        break;
+        case DEVICE_FAST:
+            SET_CLOCK_RATE2();
+        break;
+    }
+}
+
 /**
   * @brief System Clock Configuration
   * @retval None
   */
 void SystemClock_Config(void)
 {
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
 
       LL_FLASH_SetLatency(LL_FLASH_LATENCY_2);
 
@@ -129,8 +176,15 @@ void SystemClock_Config(void)
       {
 
       }
-  LL_RCC_MSI_Enable();
 
+      LL_RCC_LSI_Enable();
+
+       /* Wait till LSI is ready */
+      while(LL_RCC_LSI_IsReady() != 1)
+      {
+
+      }
+      LL_RCC_MSI_Enable();
        /* Wait till MSI is ready */
       while(LL_RCC_MSI_IsReady() != 1)
       {
@@ -187,7 +241,463 @@ void SystemClock_Config(void)
       NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
 }
 
-void usb_init()
+void SystemClock_Config_LF4(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+    LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE1);
+
+    LL_RCC_LSI_Enable();
+
+     /* Wait till LSI is ready */
+    while(LL_RCC_LSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_Enable();
+
+     /* Wait till MSI is ready */
+    while(LL_RCC_MSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_EnableRangeSelection();
+
+    LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_6);
+
+    LL_RCC_MSI_SetCalibTrimming(0);
+
+    LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+     /* Wait till System clock is ready */
+    while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+    {
+
+    }
+    LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+    LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+    LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_1);
+
+    LL_Init1msTick(4000000);
+
+    LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+    LL_SetSystemCoreClock(4000000);
+
+    LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+    LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+    /* SysTick_IRQn interrupt configuration */
+    NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_0);
+
+    if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_0)
+    {
+        Error_Handler();
+    }
+}
+
+// 8MHz
+void SystemClock_Config_LF8(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+    LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE1);
+
+    LL_RCC_LSI_Enable();
+
+     /* Wait till LSI is ready */
+    while(LL_RCC_LSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_Enable();
+
+     /* Wait till MSI is ready */
+    while(LL_RCC_MSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_EnableRangeSelection();
+
+    LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_7);
+
+    LL_RCC_MSI_SetCalibTrimming(0);
+
+    LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+     /* Wait till System clock is ready */
+    while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+    {
+
+    }
+    LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+    LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+    LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_1);
+
+    LL_Init1msTick(8000000);
+
+    LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+    LL_SetSystemCoreClock(8000000);
+
+    LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+    LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+    /* SysTick_IRQn interrupt configuration */
+    NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_0);
+
+    if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_0)
+    {
+        Error_Handler();
+    }
+}
+
+// 16MHz
+void SystemClock_Config_LF16(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+    LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE2);
+
+    LL_RCC_LSI_Enable();
+
+     /* Wait till LSI is ready */
+    while(LL_RCC_LSI_IsReady() != 1)
+    {
+
+    }
+
+    LL_RCC_MSI_Enable();
+
+     /* Wait till MSI is ready */
+    while(LL_RCC_MSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_EnableRangeSelection();
+
+    LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_8);
+
+    LL_RCC_MSI_SetCalibTrimming(0);
+
+    LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+     /* Wait till System clock is ready */
+    while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+    {
+
+    }
+    LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+    LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+    LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_8);
+
+    LL_Init1msTick(16000000);
+
+    LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+    LL_SetSystemCoreClock(16000000);
+
+    LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+    LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+    /* SysTick_IRQn interrupt configuration */
+    NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_0);
+
+    if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_0)
+    {
+        Error_Handler();
+    }
+
+}
+
+
+
+// 24 MHz
+void SystemClock_Config_LF24(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_1);
+
+    if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_1)
+    {
+        Error_Handler();
+    }
+    LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE2);
+
+    LL_RCC_LSI_Enable();
+
+     /* Wait till LSI is ready */
+    while(LL_RCC_LSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_Enable();
+
+     /* Wait till MSI is ready */
+    while(LL_RCC_MSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_EnableRangeSelection();
+
+    LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_9);
+
+    LL_RCC_MSI_SetCalibTrimming(0);
+
+    LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+     /* Wait till System clock is ready */
+    while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+    {
+
+    }
+    LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+    LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+    LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_8);
+
+    LL_Init1msTick(24000000);
+
+    LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+    LL_SetSystemCoreClock(24000000);
+
+    LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+    LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+    /* SysTick_IRQn interrupt configuration */
+    NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+}
+
+// 32 MHz
+void SystemClock_Config_LF32(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_1);
+
+    if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_1)
+    {
+    Error_Handler();
+    }
+    LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE1);
+
+    LL_RCC_LSI_Enable();
+
+     /* Wait till LSI is ready */
+    while(LL_RCC_LSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_Enable();
+
+     /* Wait till MSI is ready */
+    while(LL_RCC_MSI_IsReady() != 1)
+    {
+
+    }
+    LL_RCC_MSI_EnableRangeSelection();
+
+    LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_10);
+
+    LL_RCC_MSI_SetCalibTrimming(0);
+
+    LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+     /* Wait till System clock is ready */
+    while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+    {
+
+    }
+    LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+    LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+    LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_16);
+
+    LL_Init1msTick(32000000);
+
+    LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+    LL_SetSystemCoreClock(32000000);
+
+    LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+    LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+    /* SysTick_IRQn interrupt configuration */
+    NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+}
+
+// 28 MHz
+void SystemClock_Config_LF28(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+  LL_FLASH_SetLatency(LL_FLASH_LATENCY_1);
+
+  if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_1)
+  {
+  Error_Handler();
+  }
+  LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE1);
+
+  LL_RCC_HSI_Enable();
+
+   /* Wait till HSI is ready */
+  while(LL_RCC_HSI_IsReady() != 1)
+  {
+
+  }
+  LL_RCC_HSI_SetCalibTrimming(16);
+
+  LL_RCC_LSI_Enable();
+
+   /* Wait till LSI is ready */
+  while(LL_RCC_LSI_IsReady() != 1)
+  {
+
+  }
+  LL_RCC_MSI_Enable();
+
+   /* Wait till MSI is ready */
+  while(LL_RCC_MSI_IsReady() != 1)
+  {
+
+  }
+  LL_RCC_MSI_EnableRangeSelection();
+
+  LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_6);
+
+  LL_RCC_MSI_SetCalibTrimming(0);
+
+  LL_RCC_PLL_ConfigDomain_SYS(LL_RCC_PLLSOURCE_HSI, LL_RCC_PLLM_DIV_2, 28, LL_RCC_PLLR_DIV_8);
+
+  LL_RCC_PLL_EnableDomain_SYS();
+
+  LL_RCC_PLL_Enable();
+
+   /* Wait till PLL is ready */
+  while(LL_RCC_PLL_IsReady() != 1)
+  {
+
+  }
+  LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_PLL);
+
+   /* Wait till System clock is ready */
+  while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_PLL)
+  {
+
+  }
+  LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+  LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+  LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_8);
+
+  LL_Init1msTick(28000000);
+
+  LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+  LL_SetSystemCoreClock(28000000);
+
+  LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+  LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+  /* SysTick_IRQn interrupt configuration */
+  NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+}
+
+// 48 MHz
+void SystemClock_Config_LF48(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+
+
+    LL_FLASH_SetLatency(LL_FLASH_LATENCY_2);
+
+      if(LL_FLASH_GetLatency() != LL_FLASH_LATENCY_2)
+     {
+     Error_Handler();
+     }
+     LL_PWR_SetRegulVoltageScaling(LL_PWR_REGU_VOLTAGE_SCALE1);
+
+     LL_RCC_LSI_Enable();
+
+      /* Wait till LSI is ready */
+     while(LL_RCC_LSI_IsReady() != 1)
+     {
+
+     }
+     LL_RCC_MSI_Enable();
+
+      /* Wait till MSI is ready */
+     while(LL_RCC_MSI_IsReady() != 1)
+     {
+
+     }
+     LL_RCC_MSI_EnableRangeSelection();
+
+     LL_RCC_MSI_SetRange(LL_RCC_MSIRANGE_11);
+
+     LL_RCC_MSI_SetCalibTrimming(0);
+
+     LL_RCC_SetSysClkSource(LL_RCC_SYS_CLKSOURCE_MSI);
+
+      /* Wait till System clock is ready */
+     while(LL_RCC_GetSysClkSource() != LL_RCC_SYS_CLKSOURCE_STATUS_MSI)
+     {
+
+     }
+     LL_RCC_SetAHBPrescaler(LL_RCC_SYSCLK_DIV_1);
+
+     LL_RCC_SetAPB1Prescaler(LL_RCC_APB1_DIV_1);
+
+     LL_RCC_SetAPB2Prescaler(LL_RCC_APB2_DIV_16);
+
+     LL_Init1msTick(48000000);
+
+     LL_SYSTICK_SetClkSource(LL_SYSTICK_CLKSOURCE_HCLK);
+
+     LL_SetSystemCoreClock(48000000);
+
+     LL_RCC_SetUSARTClockSource(LL_RCC_USART1_CLKSOURCE_PCLK2);
+
+     LL_RCC_SetRNGClockSource(LL_RCC_RNG_CLKSOURCE_MSI);
+
+     /* SysTick_IRQn interrupt configuration */
+     NVIC_SetPriority(SysTick_IRQn, NVIC_EncodePriority(NVIC_GetPriorityGrouping(),0, 0));
+
+
+}
+
+// 20 MHz
+void SystemClock_Config_LF20(void)
+{
+    SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
+}
+
+void init_usb()
 {
     // enable USB power
     SET_BIT(PWR->CR2, PWR_CR2_USV);
@@ -217,8 +727,7 @@ void usb_init()
     USBD_Start(&Solo_USBD_Device);
 }
 
-/* TIM2 init function */
-static void MX_TIM2_Init(void)
+void init_pwm(void)
 {
 
     LL_TIM_InitTypeDef TIM_InitStruct;
@@ -289,9 +798,7 @@ static void MX_TIM2_Init(void)
 
 }
 
-#if DEBUG_LEVEL > 0
-/* USART1 init function */
-static void MX_USART1_UART_Init(void)
+void init_debug_uart(void)
 {
 
   LL_USART_InitTypeDef USART_InitStruct;
@@ -301,6 +808,8 @@ static void MX_USART1_UART_Init(void)
   /* Peripheral clock enable */
   LL_APB2_GRP1_EnableClock(LL_APB2_GRP1_PERIPH_USART1);
 
+
+  LL_USART_DeInit(USART1);
   /**USART1 GPIO Configuration
   PB6   ------> USART1_TX
   PB7   ------> USART1_RX
@@ -327,22 +836,37 @@ static void MX_USART1_UART_Init(void)
   LL_USART_Enable(USART1);
 
 }
-#endif
 
-/** Pinout Configuration
-*/
-static void MX_GPIO_Init(void)
+void init_gpio(void)
 {
 
   /* GPIO Ports Clock Enable */
   LL_AHB2_GRP1_EnableClock(LL_AHB2_GRP1_PERIPH_GPIOA);
   LL_AHB2_GRP1_EnableClock(LL_AHB2_GRP1_PERIPH_GPIOB);
 
+
+
+  LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT);
+  LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP);
+
+#ifdef SOLO_AMS_IRQ_PORT
+// SAVE POWER
+  // LL_AHB2_GRP1_EnableClock(LL_AHB2_GRP1_PERIPH_GPIOC);
+  // /**/
+  // LL_GPIO_InitTypeDef GPIO_InitStruct;
+  // GPIO_InitStruct.Pin = SOLO_AMS_IRQ_PIN;
+  // GPIO_InitStruct.Mode = LL_GPIO_MODE_INPUT;
+  // GPIO_InitStruct.Pull = LL_GPIO_PULL_NO;
+  // LL_GPIO_Init(SOLO_AMS_IRQ_PORT, &GPIO_InitStruct);
+  //
+  //
+  // LL_GPIO_SetPinMode(SOLO_AMS_IRQ_PORT,SOLO_AMS_IRQ_PIN,LL_GPIO_MODE_INPUT);
+  // LL_GPIO_SetPinPull(SOLO_AMS_IRQ_PORT,SOLO_AMS_IRQ_PIN,LL_GPIO_PULL_UP);
+#endif
+
 }
 
-
-/* TIM6 init function */
-static void MX_TIM6_Init(void)
+void init_millisecond_timer(int lf)
 {
 
     LL_TIM_InitTypeDef TIM_InitStruct;
@@ -352,7 +876,11 @@ static void MX_TIM6_Init(void)
 
     // 48 MHz sys clock --> 6 MHz timer clock
     // 48 MHz / 48000 == 1000 Hz
+    if (!lf)
         TIM_InitStruct.Prescaler = 48000;
+    else
+        TIM_InitStruct.Prescaler = MAX_CLOCK_RATE;
+
     TIM_InitStruct.CounterMode = LL_TIM_COUNTERMODE_UP;
     TIM_InitStruct.Autoreload = 90;
     LL_TIM_Init(TIM6, &TIM_InitStruct);
@@ -368,39 +896,14 @@ static void MX_TIM6_Init(void)
 
     // Start immediately
     LL_TIM_EnableCounter(TIM6);
+
+    TIM6->SR = 0;
+    __enable_irq();
+    NVIC_EnableIRQ(TIM6_IRQn);
 }
 
-/* TIM7 init function */
-// static void MX_TIM7_Init(void)
-// {
-//
-//   LL_TIM_InitTypeDef TIM_InitStruct;
-//
-//   /* Peripheral clock enable */
-//   LL_APB1_GRP1_EnableClock(LL_APB1_GRP1_PERIPH_TIM7);
-//
-//   // 48 MHz sys clock --> 6 MHz timer clock
-//   // 6 MHz / 6000 == 1000 Hz
-//   TIM_InitStruct.Prescaler = 48000;
-//   TIM_InitStruct.CounterMode = LL_TIM_COUNTERMODE_UP;
-//   TIM_InitStruct.Autoreload = 0xffff;
-//   LL_TIM_Init(TIM6, &TIM_InitStruct);
-//
-//   LL_TIM_DisableARRPreload(TIM7);
-//
-//   LL_TIM_SetTriggerOutput(TIM7, LL_TIM_TRGO_RESET);
-//
-//   LL_TIM_DisableMasterSlaveMode(TIM7);
-//
-//   // enable interrupt
-//   TIM7->DIER |= 1;
-//
-//   // Start immediately
-//   LL_TIM_EnableCounter(TIM7);
-// }
 
-/* RNG init function */
-static void MX_RNG_Init(void)
+void init_rng(void)
 {
 
   /* Peripheral clock enable */
@@ -409,3 +912,45 @@ static void MX_RNG_Init(void)
   LL_RNG_Enable(RNG);
 
 }
+
+/* SPI1 init function */
+void init_spi(void)
+{
+
+    LL_SPI_InitTypeDef SPI_InitStruct;
+
+    LL_GPIO_InitTypeDef GPIO_InitStruct;
+
+    /* Peripheral clock enable */
+    LL_APB2_GRP1_EnableClock(LL_APB2_GRP1_PERIPH_SPI1);
+
+    /**SPI1 GPIO Configuration
+    PA5   ------> SPI1_SCK
+    PA6   ------> SPI1_MISO
+    PA7   ------> SPI1_MOSI
+    */
+    GPIO_InitStruct.Pin = LL_GPIO_PIN_5|LL_GPIO_PIN_6|LL_GPIO_PIN_7;
+    GPIO_InitStruct.Mode = LL_GPIO_MODE_ALTERNATE;
+    GPIO_InitStruct.Speed = LL_GPIO_SPEED_FREQ_VERY_HIGH;
+    GPIO_InitStruct.OutputType = LL_GPIO_OUTPUT_PUSHPULL;
+    GPIO_InitStruct.Pull = LL_GPIO_PULL_NO;
+    GPIO_InitStruct.Alternate = LL_GPIO_AF_5;
+    LL_GPIO_Init(GPIOA, &GPIO_InitStruct);
+
+    /* SPI1 parameter configuration*/
+    SPI_InitStruct.TransferDirection = LL_SPI_FULL_DUPLEX;
+    SPI_InitStruct.Mode = LL_SPI_MODE_MASTER;
+    SPI_InitStruct.DataWidth = LL_SPI_DATAWIDTH_8BIT;
+    SPI_InitStruct.ClockPolarity = LL_SPI_POLARITY_LOW;
+    SPI_InitStruct.ClockPhase = LL_SPI_PHASE_2EDGE;
+    SPI_InitStruct.NSS = LL_SPI_NSS_SOFT;
+    SPI_InitStruct.BaudRate = LL_SPI_BAUDRATEPRESCALER_DIV8;
+    SPI_InitStruct.BitOrder = LL_SPI_MSB_FIRST;
+    SPI_InitStruct.CRCCalculation = LL_SPI_CRCCALCULATION_DISABLE;
+    SPI_InitStruct.CRCPoly = 7;
+    LL_SPI_Init(SPI1, &SPI_InitStruct);
+
+    LL_SPI_SetStandard(SPI1, LL_SPI_PROTOCOL_MOTOROLA);
+
+
+}

targets/stm32l432/src/init.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2018 SoloKeys, Inc. <https://solokeys.com/>
+ *
+ * This file is part of Solo.
+ *
+ * Solo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Solo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Solo.  If not, see <https://www.gnu.org/licenses/>
+ *
+ * This code is available under licenses for commercial use.
+ * Please contact SoloKeys for more information.
+ */
+#ifndef _INIT_H_
+#define _INIT_H_
+
+void init_usb();
+void init_gpio(void);
+void init_debug_uart(void);
+void init_pwm(void);
+void init_millisecond_timer(int lf);
+void init_rng(void);
+void init_spi(void);
+
+
+#endif

targets/stm32l432/src/nfc.c

@@ -0,0 +1,805 @@
+#include <string.h>
+
+#include "stm32l4xx.h"
+
+#include "nfc.h"
+#include "ams.h"
+#include "log.h"
+#include "util.h"
+#include "device.h"
+#include "u2f.h"
+#include "crypto.h"
+
+#include "ctap_errors.h"
+
+#define IS_IRQ_ACTIVE()         (1  == (LL_GPIO_ReadInputPort(SOLO_AMS_IRQ_PORT) & SOLO_AMS_IRQ_PIN))
+
+// Capability container
+const CAPABILITY_CONTAINER NFC_CC = {
+    .cclen_hi = 0x00, .cclen_lo = 0x0f,
+    .version = 0x20,
+    .MLe_hi = 0x00, .MLe_lo = 0x7f,
+    .MLc_hi = 0x00, .MLc_lo = 0x7f,
+    .tlv = { 0x04,0x06,
+            0xe1,0x04,
+            0x00,0x7f,
+            0x00,0x00 }
+};
+
+// 13 chars
+uint8_t NDEF_SAMPLE[] = "\x00\x14\xd1\x01\x0eU\x04solokeys.com/";
+
+// Poor way to get some info while in passive operation
+#include <stdarg.h>
+void nprintf(const char *format, ...)
+{
+    memmove((char*)NDEF_SAMPLE + sizeof(NDEF_SAMPLE) - 1 - 13,"             ", 13);
+    va_list args;
+    va_start (args, format);
+    vsnprintf ((char*)NDEF_SAMPLE + sizeof(NDEF_SAMPLE) - 1 - 13, 13, format, args);
+    va_end (args);
+}
+
+static struct
+{
+    uint8_t max_frame_size;
+    uint8_t cid;
+    uint8_t block_num;
+    uint8_t selected_applet;
+} NFC_STATE;
+
+void nfc_state_init()
+{
+    memset(&NFC_STATE,0,sizeof(NFC_STATE));
+    NFC_STATE.max_frame_size = 32;
+    NFC_STATE.block_num = 1;
+}
+
+int nfc_init()
+{
+    uint32_t t1;
+    int init;
+    nfc_state_init();
+    init = ams_init();
+
+    // Detect if we are powered by NFC field by listening for a message for
+    // first 10 ms.
+    t1 = millis();
+    while ((millis() - t1) < 10)
+    {
+        if (nfc_loop() > 0)
+            return NFC_IS_ACTIVE;
+    }
+
+    // Under USB power.  Configure AMS chip.
+    ams_configure();
+
+    if (init)
+    {
+        return NFC_IS_AVAILABLE;
+    }
+
+    return NFC_IS_NA;
+}
+
+void process_int0(uint8_t int0)
+{
+
+}
+
+bool ams_wait_for_tx(uint32_t timeout_ms)
+{
+	uint32_t tstart = millis();
+	while (tstart + timeout_ms > millis())
+	{
+		uint8_t int0 = ams_read_reg(AMS_REG_INT0);
+		if (int0) process_int0(int0);
+		if (int0 & AMS_INT_TXE)
+			return true;
+
+		delay(1);
+	}
+
+	return false;
+}
+
+bool ams_receive_with_timeout(uint32_t timeout_ms, uint8_t * data, int maxlen, int *dlen)
+{
+	uint8_t buf[32];
+	*dlen = 0;
+
+	uint32_t tstart = millis();
+	while (tstart + timeout_ms > millis())
+	{
+		uint8_t int0 = ams_read_reg(AMS_REG_INT0);
+		uint8_t buffer_status2 = ams_read_reg(AMS_REG_BUF2);
+
+        if (buffer_status2 && (int0 & AMS_INT_RXE))
+        {
+            if (buffer_status2 & AMS_BUF_INVALID)
+            {
+                printf1(TAG_NFC,"Buffer being updated!\r\n");
+            }
+            else
+            {
+                uint8_t len = buffer_status2 & AMS_BUF_LEN_MASK;
+                ams_read_buffer(buf, len);
+				printf1(TAG_NFC_APDU, ">> ");
+				dump_hex1(TAG_NFC_APDU, buf, len);
+
+				*dlen = MIN(32, MIN(maxlen, len));
+				memcpy(data, buf, *dlen);
+
+				return true;
+            }
+        }
+
+		delay(1);
+	}
+
+	return false;
+}
+
+void nfc_write_frame(uint8_t * data, uint8_t len)
+{
+    if (len > 32)
+    {
+        len = 32;
+    }
+    ams_write_command(AMS_CMD_CLEAR_BUFFER);
+    ams_write_buffer(data,len);
+    ams_write_command(AMS_CMD_TRANSMIT_BUFFER);
+
+    printf1(TAG_NFC_APDU, "<< ");
+	dump_hex1(TAG_NFC_APDU, data, len);
+}
+
+bool nfc_write_response_ex(uint8_t req0, uint8_t * data, uint8_t len, uint16_t resp)
+{
+    uint8_t res[32];
+
+	if (len > 32 - 3)
+		return false;
+
+	res[0] = NFC_CMD_IBLOCK | (req0 & 3);
+
+	if (len && data)
+		memcpy(&res[1], data, len);
+
+	res[len + 1] = resp >> 8;
+	res[len + 2] = resp & 0xff;
+	nfc_write_frame(res, 3 + len);
+
+	return true;
+}
+
+bool nfc_write_response(uint8_t req0, uint16_t resp)
+{
+	return nfc_write_response_ex(req0, NULL, 0, resp);
+}
+
+void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len)
+{
+    uint8_t res[32 + 2];
+	int sendlen = 0;
+	uint8_t iBlock = NFC_CMD_IBLOCK | (req0 & 3);
+
+	if (len <= 31)
+	{
+		uint8_t res[32] = {0};
+		res[0] = iBlock;
+		if (len && data)
+			memcpy(&res[1], data, len);
+		nfc_write_frame(res, len + 1);
+	} else {
+		do {
+			// transmit I block
+			int vlen = MIN(31, len - sendlen);
+			res[0] = iBlock;
+			memcpy(&res[1], &data[sendlen], vlen);
+
+			// if not a last block
+			if (vlen + sendlen < len)
+			{
+				res[0] |= 0x10;
+			}
+
+			// send data
+			nfc_write_frame(res, vlen + 1);
+			sendlen += vlen;
+
+			// wait for transmit (32 bytes aprox 2,5ms)
+			// if (!ams_wait_for_tx(10))
+			// {
+			// 	printf1(TAG_NFC, "TX timeout. slen: %d \r\n", sendlen);
+			// 	break;
+			// }
+
+			// if needs to receive R block (not a last block)
+			if (res[0] & 0x10)
+			{
+				uint8_t recbuf[32] = {0};
+				int reclen;
+				if (!ams_receive_with_timeout(100, recbuf, sizeof(recbuf), &reclen))
+				{
+					printf1(TAG_NFC, "R block RX timeout %d/%d.\r\n",sendlen,len);
+					break;
+				}
+
+				if (reclen != 1)
+				{
+					printf1(TAG_NFC, "R block length error. len: %d. %d/%d \r\n", reclen,sendlen,len);
+                    dump_hex1(TAG_NFC, recbuf, reclen);
+					break;
+				}
+
+				if (((recbuf[0] & 0x01) == (res[0] & 1)) && ((recbuf[0] & 0xf6) == 0xa2))
+				{
+					printf1(TAG_NFC, "R block error. txdata: %02x rxdata: %02x \r\n", res[0], recbuf[0]);
+					break;
+				}
+			}
+
+			iBlock ^= 0x01;
+		} while (sendlen < len);
+	}
+}
+
+// WTX on/off:
+// sends/receives WTX frame to reader every `WTX_time` time in ms
+// works via timer interrupts
+// WTX: f2 01 91 40 === f2(S-block + WTX, frame without CID) 01(from iso - multiply WTX from ATS by 1) <2b crc16>
+static bool WTX_sent;
+static bool WTX_fail;
+static uint32_t WTX_timer;
+
+bool WTX_process(int read_timeout);
+
+void WTX_clear()
+{
+	WTX_sent = false;
+	WTX_fail = false;
+	WTX_timer = 0;
+}
+
+bool WTX_on(int WTX_time)
+{
+	WTX_clear();
+	WTX_timer = millis();
+
+	return true;
+}
+
+bool WTX_off()
+{
+	WTX_timer = 0;
+
+	// read data if we sent WTX
+	if (WTX_sent)
+	{
+		if (!WTX_process(100))
+		{
+			printf1(TAG_NFC, "WTX-off get last WTX error\n");
+			return false;
+		}
+	}
+
+	if (WTX_fail)
+	{
+		printf1(TAG_NFC, "WTX-off fail\n");
+		return false;
+	}
+
+	WTX_clear();
+	return true;
+}
+
+void WTX_timer_exec()
+{
+	// condition: (timer on) or (not expired[300ms])
+	if ((WTX_timer <= 0) || WTX_timer + 300 > millis())
+		return;
+
+	WTX_process(10);
+	WTX_timer = millis();
+}
+
+// executes twice a period. 1st for send WTX, 2nd for check the result
+// read timeout must be 10 ms to call from interrupt
+bool WTX_process(int read_timeout)
+{
+	uint8_t wtx[] = {0xf2, 0x01};
+	if (WTX_fail)
+		return false;
+
+	if (!WTX_sent)
+	{
+		nfc_write_frame(wtx, sizeof(wtx));
+		WTX_sent = true;
+		return true;
+	}
+	else
+	{
+		uint8_t data[32];
+		int len;
+		if (!ams_receive_with_timeout(read_timeout, data, sizeof(data), &len))
+		{
+			WTX_fail = true;
+			return false;
+		}
+
+		if (len != 2 || data[0] != 0xf2 || data[1] != 0x01)
+		{
+			WTX_fail = true;
+			return false;
+		}
+
+		WTX_sent = false;
+		return true;
+	}
+}
+
+int answer_rats(uint8_t parameter)
+{
+
+    uint8_t fsdi = (parameter & 0xf0) >> 4;
+    uint8_t cid = (parameter & 0x0f);
+
+    NFC_STATE.cid = cid;
+
+    if (fsdi == 0)
+        NFC_STATE.max_frame_size = 16;
+    else if (fsdi == 1)
+        NFC_STATE.max_frame_size = 24;
+    else
+        NFC_STATE.max_frame_size = 32;
+
+    uint8_t res[3 + 11];
+    res[0] = sizeof(res);
+    res[1] = 2 | (1<<5);     // 2 FSCI == 32 byte frame size, TB is enabled
+
+    // frame wait time = (256 * 16 / 13.56MHz) * 2^FWI
+    // FWI=0, FMT=0.3ms (min)
+    // FWI=4, FMT=4.8ms (default)
+    // FWI=10, FMT=309ms
+    // FWI=12, FMT=1237ms
+    // FWI=14, FMT=4949ms (max)
+    res[2] = (12<<4) | (0);     // TB (FWI << 4) | (SGTI)
+
+	// historical bytes
+	memcpy(&res[3], (uint8_t *)"SoloKey tap", 11);
+
+
+    nfc_write_frame(res, sizeof(res));
+	ams_wait_for_tx(10);
+
+
+    return 0;
+}
+
+void rblock_acknowledge()
+{
+    uint8_t buf[32];
+    NFC_STATE.block_num = !NFC_STATE.block_num;
+    buf[0] = NFC_CMD_RBLOCK | NFC_STATE.block_num;
+    nfc_write_frame(buf,1);
+}
+
+// Selects application.  Returns 1 if success, 0 otherwise
+int select_applet(uint8_t * aid, int len)
+{
+    if (memcmp(aid,AID_FIDO,sizeof(AID_FIDO)) == 0)
+    {
+        NFC_STATE.selected_applet = APP_FIDO;
+        return APP_FIDO;
+    }
+    else if (memcmp(aid,AID_NDEF_TYPE_4,sizeof(AID_NDEF_TYPE_4)) == 0)
+    {
+        NFC_STATE.selected_applet = APP_NDEF_TYPE_4;
+        return APP_NDEF_TYPE_4;
+    }
+    else if (memcmp(aid,AID_CAPABILITY_CONTAINER,sizeof(AID_CAPABILITY_CONTAINER)) == 0)
+    {
+        NFC_STATE.selected_applet = APP_CAPABILITY_CONTAINER;
+        return APP_CAPABILITY_CONTAINER;
+    }
+    else if (memcmp(aid,AID_NDEF_TAG,sizeof(AID_NDEF_TAG)) == 0)
+    {
+        NFC_STATE.selected_applet = APP_NDEF_TAG;
+        return APP_NDEF_TAG;
+    }
+    return APP_NOTHING;
+}
+
+void nfc_process_iblock(uint8_t * buf, int len)
+{
+    APDU_HEADER * apdu = (APDU_HEADER *)(buf + 1);
+    uint8_t * payload = buf + 1 + 5;
+    uint8_t plen = apdu->lc;
+    int selected;
+    CTAP_RESPONSE ctap_resp;
+    int status;
+
+    printf1(TAG_NFC,"Iblock: ");
+	dump_hex1(TAG_NFC, buf, len);
+
+    // TODO this needs to be organized better
+    switch(apdu->ins)
+    {
+        case APDU_INS_SELECT:
+            if (plen > len - 6)
+            {
+                printf1(TAG_ERR, "Truncating APDU length %d\r\n", apdu->lc);
+                plen = len-6;
+            }
+            // if (apdu->p1 == 0 && apdu->p2 == 0x0c)
+            // {
+            //     printf1(TAG_NFC,"Select NDEF\r\n");
+            //
+            //     NFC_STATE.selected_applet = APP_NDEF_TAG;
+            //     // Select NDEF file!
+            //     res[0] = NFC_CMD_IBLOCK | (buf[0] & 1);
+            //     res[1] = SW_SUCCESS>>8;
+            //     res[2] = SW_SUCCESS & 0xff;
+            //     nfc_write_frame(res, 3);
+            //     printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3);
+            // }
+            // else
+            {
+                selected = select_applet(payload, plen);
+                if (selected == APP_FIDO)
+                {
+                    // block = buf[0] & 1;
+                    // block = NFC_STATE.block_num;
+                    // block = !block;
+                    // NFC_STATE.block_num = block;
+                    // NFC_STATE.block_num = block;
+					nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
+					printf1(TAG_NFC, "FIDO applet selected.\r\n");
+               }
+               else if (selected != APP_NOTHING)
+               {
+                   nfc_write_response(buf[0], SW_SUCCESS);
+                   printf1(TAG_NFC, "SELECTED %d\r\n", selected);
+               }
+                else
+                {
+					nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
+                    printf1(TAG_NFC, "NOT selected\r\n"); dump_hex1(TAG_NFC,payload, plen);
+                }
+            }
+        break;
+
+        case APDU_FIDO_U2F_VERSION:
+			if (NFC_STATE.selected_applet != APP_FIDO) {
+				nfc_write_response(buf[0], SW_INS_INVALID);
+				break;
+			}
+
+			printf1(TAG_NFC, "U2F GetVersion command.\r\n");
+
+			nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
+        break;
+
+        case APDU_FIDO_U2F_REGISTER:
+			if (NFC_STATE.selected_applet != APP_FIDO) {
+				nfc_write_response(buf[0], SW_INS_INVALID);
+				break;
+			}
+
+			printf1(TAG_NFC, "U2F Register command.\r\n");
+
+			if (plen != 64)
+			{
+				printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", plen);
+				nfc_write_response(buf[0], SW_WRONG_LENGTH);
+				return;
+			}
+
+			timestamp();
+
+
+			// WTX_on(WTX_TIME_DEFAULT);
+            // SystemClock_Config_LF32();
+            // delay(300);
+            if (device_is_nfc()) device_set_clock_rate(DEVICE_LOW_POWER_FAST);;
+			u2f_request_nfc(&buf[1], len, &ctap_resp);
+            if (device_is_nfc())  device_set_clock_rate(DEVICE_LOW_POWER_IDLE);;
+			// if (!WTX_off())
+			// 	return;
+
+            printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
+            nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length);
+
+			// printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
+
+
+
+
+            printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
+       break;
+
+        case APDU_FIDO_U2F_AUTHENTICATE:
+			if (NFC_STATE.selected_applet != APP_FIDO) {
+				nfc_write_response(buf[0], SW_INS_INVALID);
+				break;
+			}
+
+			printf1(TAG_NFC, "U2F Authenticate command.\r\n");
+
+			if (plen != 64 + 1 + buf[6 + 64])
+			{
+				delay(5);
+				printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", plen, buf[6 + 64]);
+				nfc_write_response(buf[0], SW_WRONG_LENGTH);
+				return;
+			}
+
+			timestamp();
+			// WTX_on(WTX_TIME_DEFAULT);
+			u2f_request_nfc(&buf[1], len, &ctap_resp);
+			// if (!WTX_off())
+			// 	return;
+
+			printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
+            printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
+			nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length);
+            printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
+        break;
+
+        case APDU_FIDO_NFCCTAP_MSG:
+			if (NFC_STATE.selected_applet != APP_FIDO) {
+				nfc_write_response(buf[0], SW_INS_INVALID);
+				break;
+			}
+
+			printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
+
+			WTX_on(WTX_TIME_DEFAULT);
+            ctap_response_init(&ctap_resp);
+            status = ctap_request(payload, plen, &ctap_resp);
+			if (!WTX_off())
+				return;
+
+			printf1(TAG_NFC, "CTAP resp: 0x%02<30>  len: %d\r\n", status, ctap_resp.length);
+
+			if (status == CTAP1_ERR_SUCCESS)
+			{
+				memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length);
+				ctap_resp.length += 3;
+			} else {
+				ctap_resp.length = 3;
+			}
+			ctap_resp.data[0] = status;
+			ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8;
+			ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
+
+            printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
+			nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length);
+            printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
+        break;
+
+        case APDU_INS_READ_BINARY:
+
+
+            switch(NFC_STATE.selected_applet)
+            {
+                case APP_CAPABILITY_CONTAINER:
+                    printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
+                    if (plen > 15)
+                    {
+                        printf1(TAG_ERR, "Truncating requested CC length %d\r\n", apdu->lc);
+                        plen = 15;
+                    }
+                    nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, plen, SW_SUCCESS);
+                    ams_wait_for_tx(10);
+                break;
+                case APP_NDEF_TAG:
+                    printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
+                    if (plen > (sizeof(NDEF_SAMPLE) -  1))
+                    {
+                        printf1(TAG_ERR, "Truncating requested CC length %d\r\n", apdu->lc);
+                        plen = sizeof(NDEF_SAMPLE) -  1;
+                    }
+                    nfc_write_response_ex(buf[0], NDEF_SAMPLE, plen, SW_SUCCESS);
+                    ams_wait_for_tx(10);
+                break;
+                default:
+                    printf1(TAG_ERR, "No binary applet selected!\r\n");
+                    return;
+                break;
+            }
+
+        break;
+        default:
+            printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins);
+			nfc_write_response(buf[0], SW_INS_INVALID);
+        break;
+    }
+
+
+}
+
+static uint8_t ibuf[1024];
+static int ibuflen = 0;
+
+void clear_ibuf()
+{
+	ibuflen = 0;
+	memset(ibuf, 0, sizeof(ibuf));
+}
+
+void nfc_process_block(uint8_t * buf, unsigned int len)
+{
+
+	if (!len)
+		return;
+
+    if (IS_PPSS_CMD(buf[0]))
+    {
+        printf1(TAG_NFC, "NFC_CMD_PPSS\r\n");
+    }
+    else if (IS_IBLOCK(buf[0]))
+    {
+		if (buf[0] & 0x10)
+		{
+			printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d\r\n", ibuflen, len);
+			if (ibuflen + len > sizeof(ibuf))
+			{
+				printf1(TAG_NFC, "I block memory error! must have %d but have only %d\r\n", ibuflen + len, sizeof(ibuf));
+				nfc_write_response(buf[0], SW_INTERNAL_EXCEPTION);
+				return;
+			}
+
+			printf1(TAG_NFC_APDU,"i> ");
+			dump_hex1(TAG_NFC_APDU, buf, len);
+
+			if (len)
+			{
+				memcpy(&ibuf[ibuflen], &buf[1], len - 1);
+				ibuflen += len - 1;
+			}
+
+			// send R block
+			uint8_t rb = NFC_CMD_RBLOCK | NFC_CMD_RBLOCK_ACK | (buf[0] & 3);
+			nfc_write_frame(&rb, 1);
+		} else {
+			if (ibuflen)
+			{
+				if (len)
+				{
+					memcpy(&ibuf[ibuflen], &buf[1], len - 1);
+					ibuflen += len - 1;
+				}
+
+				memmove(&ibuf[1], ibuf, ibuflen);
+				ibuf[0] = buf[0];
+				ibuflen++;
+
+				printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining last block. blen=%d len=%d\r\n", ibuflen, len);
+
+				printf1(TAG_NFC_APDU,"i> ");
+				dump_hex1(TAG_NFC_APDU, buf, len);
+
+				nfc_process_iblock(ibuf, ibuflen);
+			} else {
+				// printf1(TAG_NFC, "NFC_CMD_IBLOCK\r\n");
+				nfc_process_iblock(buf, len);
+			}
+			clear_ibuf();
+		}
+    }
+    else if (IS_RBLOCK(buf[0]))
+    {
+        rblock_acknowledge();
+        printf1(TAG_NFC, "NFC_CMD_RBLOCK\r\n");
+    }
+    else if (IS_SBLOCK(buf[0]))
+    {
+
+        if ((buf[0] & NFC_SBLOCK_DESELECT) == 0)
+        {
+            printf1(TAG_NFC, "NFC_CMD_SBLOCK, DESELECTED\r\n");
+            nfc_write_frame(buf, 1);
+            ams_wait_for_tx(2);
+            ams_write_command(AMS_CMD_SLEEP);
+            nfc_state_init();
+			clear_ibuf();
+			WTX_clear();
+        }
+        else
+        {
+            printf1(TAG_NFC, "NFC_CMD_SBLOCK, Unknown. len[%d]\r\n", len);
+        }
+        dump_hex1(TAG_NFC, buf, len);
+    }
+    else
+    {
+        printf1(TAG_NFC, "unknown NFC request\r\n len[%d]:", len);
+        dump_hex1(TAG_NFC, buf, len);
+    }
+}
+
+int nfc_loop()
+{
+    uint8_t buf[32];
+    AMS_DEVICE ams;
+    int len = 0;
+
+
+    read_reg_block(&ams);
+    uint8_t state = AMS_STATE_MASK & ams.regs.rfid_status;
+
+    if (state != AMS_STATE_SELECTED && state != AMS_STATE_SELECTEDX)
+    {
+        // delay(1);  // sleep ?
+        return 0;
+    }
+
+    if (ams.regs.rfid_status)
+    {
+        // if (state != AMS_STATE_SENSE)
+        //      printf1(TAG_NFC,"    %s  x%02x\r\n", ams_get_state_string(ams.regs.rfid_status), state);
+    }
+    if (ams.regs.int0 & AMS_INT_INIT)
+    {
+        nfc_state_init();
+    }
+    if (ams.regs.int1)
+    {
+        // ams_print_int1(ams.regs.int1);
+    }
+
+    if ((ams.regs.int0 & AMS_INT_RXE))
+    {
+        if (ams.regs.buffer_status2)
+        {
+            if (ams.regs.buffer_status2 & AMS_BUF_INVALID)
+            {
+                printf1(TAG_NFC,"Buffer being updated!\r\n");
+            }
+            else
+            {
+                len = ams.regs.buffer_status2 & AMS_BUF_LEN_MASK;
+                ams_read_buffer(buf, len);
+            }
+        }
+    }
+
+    if (len)
+    {
+
+        // ISO 14443-3
+        switch(buf[0])
+        {
+            case NFC_CMD_REQA:
+                printf1(TAG_NFC, "NFC_CMD_REQA\r\n");
+            break;
+            case NFC_CMD_WUPA:
+                printf1(TAG_NFC, "NFC_CMD_WUPA\r\n");
+            break;
+            case NFC_CMD_HLTA:
+                printf1(TAG_NFC, "HLTA/Halt\r\n");
+            break;
+            case NFC_CMD_RATS:
+
+                answer_rats(buf[1]);
+
+                NFC_STATE.block_num = 1;
+				clear_ibuf();
+				WTX_clear();
+            break;
+            default:
+
+                // ISO 14443-4
+                nfc_process_block(buf,len);
+
+
+            break;
+        }
+
+    }
+
+    return len;
+
+}

targets/stm32l432/src/nfc.h

@@ -0,0 +1,64 @@
+#ifndef _NFC_H_
+#define _NFC_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "apdu.h"
+
+// Return number of bytes read if any.
+int nfc_loop();
+
+int nfc_init();
+
+typedef struct
+{
+    uint8_t cclen_hi;
+    uint8_t cclen_lo;
+    uint8_t version;
+    uint8_t MLe_hi;
+    uint8_t MLe_lo;
+    uint8_t MLc_hi;
+    uint8_t MLc_lo;
+    uint8_t tlv[8];
+} __attribute__((packed)) CAPABILITY_CONTAINER;
+
+// WTX time in ms
+#define WTX_TIME_DEFAULT              300
+
+#define NFC_CMD_REQA                  0x26
+#define NFC_CMD_WUPA                  0x52
+#define NFC_CMD_HLTA                  0x50
+#define NFC_CMD_RATS                  0xe0
+
+#define NFC_CMD_PPSS                  0xd0
+#define IS_PPSS_CMD(x)                (((x) & 0xf0) == NFC_CMD_PPSS)
+#define NFC_CMD_IBLOCK                0x00
+#define IS_IBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_IBLOCK) && (((x) & 0x02) == 0x02) )
+#define NFC_CMD_RBLOCK                0x80
+#define NFC_CMD_RBLOCK_ACK            0x20
+#define IS_RBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_RBLOCK) && (((x) & 0x02) == 0x02) )
+#define NFC_CMD_SBLOCK                0xc0
+#define IS_SBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_SBLOCK) && (((x) & 0x02) == 0x02) )
+
+#define NFC_SBLOCK_DESELECT           0x30
+#define NFC_SBLOCK_WTX                0x30
+
+#define AID_NDEF_TYPE_4               "\xD2\x76\x00\x00\x85\x01\x01"
+#define AID_NDEF_MIFARE_TYPE_4        "\xD2\x76\x00\x00\x85\x01\x00"
+#define AID_CAPABILITY_CONTAINER      "\xE1\x03"
+#define AID_NDEF_TAG                  "\xE1\x04"
+#define AID_FIDO                      "\xa0\x00\x00\x06\x47\x2f\x00\x01"
+
+typedef enum
+{
+    APP_NOTHING = 0,
+    APP_NDEF_TYPE_4 = 1,
+    APP_MIFARE_TYPE_4,
+    APP_CAPABILITY_CONTAINER,
+    APP_NDEF_TAG,
+	APP_FIDO,
+} APPLETS;
+
+void WTX_timer_exec();
+
+#endif

targets/stm32l432/src/redirect.c

@@ -24,19 +24,33 @@ void _putchar(char c)
 }
 
 
-
-int _write (int fd, const void *buf, long int len)
+int _write (int fd, const void *buf, unsigned long int len)
 {
     uint8_t * data = (uint8_t *) buf;
+#if DEBUG_LEVEL>0
+	// static uint8_t logbuf[1000] = {0};
+	// static int logbuflen = 0;
+	// if (logbuflen + len > sizeof(logbuf)) {
+	// 	int mlen = logbuflen + len - sizeof(logbuf);
+	// 	memmove(logbuf, &logbuf[mlen], sizeof(logbuf) - mlen);
+	// 	logbuflen -= mlen;
+	// }
+	// memcpy(&logbuf[logbuflen], data, len);
+	// logbuflen += len;
 
 	// Send out USB serial
 	CDC_Transmit_FS(data, len);
-
+	// if (res == USBD_OK)
+	// 	logbuflen = 0;
+#endif
+#ifdef ENABLE_SERIAL_PRINTING
     // Send out UART serial
     while(len--)
     {
         _putchar(*data++);
     }
+#endif
     return 0;
+
 }
 #endif

targets/stm32l432/src/rng.c

@@ -17,7 +17,7 @@ int __errno = 0;
 
 void rng_get_bytes(uint8_t * dst, size_t sz)
 {
-    uint8_t r[8];
+    uint8_t r[4];
     unsigned int i,j;
     for (i = 0; i < sz; i += 4)
     {
@@ -33,7 +33,7 @@ void rng_get_bytes(uint8_t * dst, size_t sz)
 
         for (j = 0; j < 4; j++)
         {
-            if ((i + j) > sz)
+            if ((i + j) >= sz)
             {
                 return;
             }

targets/stm32l432/src/script.ld

@@ -1,183 +0,0 @@
-/*
-*****************************************************************************
-**
-
-**  File        : LinkerScript.ld
-**
-**  Abstract    : Linker script for STM32L432KCUx Device with
-**                256KByte FLASH, 64KByte RAM
-**
-**                Set heap size, stack size and stack location according
-**                to application requirements.
-**
-**                Set memory bank area and size if external memory is used.
-**
-**  Target      : STMicroelectronics STM32
-**
-**
-**  Distribution: The file is distributed as is, without any warranty
-**                of any kind.
-**
-**  (c)Copyright Ac6.
-**  You may use this file as-is or modify it according to the needs of your
-**  project. Distribution of this file (unmodified or modified) is not
-**  permitted. Ac6 permit registered System Workbench for MCU users the
-**  rights to distribute the assembled, compiled & linked contents of this
-**  file as part of an application binary file, provided that it is built
-**  using the System Workbench for MCU toolchain.
-**
-*****************************************************************************
-*/
-
-/* Entry Point */
-ENTRY(Reset_Handler)
-
-/* Highest address of the user mode stack */
-_estack = 0x20010000;    /* end of RAM */
-/* Generate a link error if heap and stack don't fit into RAM */
-_Min_Heap_Size = 0x200;      /* required amount of heap  */
-_Min_Stack_Size = 0x400; /* required amount of stack */
-
-/* Specify the memory areas */
-MEMORY
-{
-RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 64K
-FLASH (rx)      : ORIGIN = 0x8000000, LENGTH = 256K
-}
-
-/* Define output sections */
-SECTIONS
-{
-  /* The startup code goes first into FLASH */
-  .isr_vector :
-  {
-    . = ALIGN(8);
-    KEEP(*(.isr_vector)) /* Startup code */
-    . = ALIGN(8);
-  } >FLASH
-
-  /* The program code and other data goes into FLASH */
-  .text :
-  {
-    . = ALIGN(8);
-    *(.text)           /* .text sections (code) */
-    *(.text*)          /* .text* sections (code) */
-    *(.glue_7)         /* glue arm to thumb code */
-    *(.glue_7t)        /* glue thumb to arm code */
-    *(.eh_frame)
-
-    KEEP (*(.init))
-    KEEP (*(.fini))
-
-    . = ALIGN(8);
-    _etext = .;        /* define a global symbols at end of code */
-  } >FLASH
-
-  /* Constant data goes into FLASH */
-  .rodata :
-  {
-    . = ALIGN(8);
-    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
-    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
-    . = ALIGN(8);
-  } >FLASH
-
-  .ARM.extab   : 
-  { 
-  . = ALIGN(8);
-  *(.ARM.extab* .gnu.linkonce.armextab.*)
-  . = ALIGN(8);
-  } >FLASH
-  .ARM : {
-	. = ALIGN(8);
-    __exidx_start = .;
-    *(.ARM.exidx*)
-    __exidx_end = .;
-	. = ALIGN(8);
-  } >FLASH
-
-  .preinit_array     :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__preinit_array_start = .);
-    KEEP (*(.preinit_array*))
-    PROVIDE_HIDDEN (__preinit_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  
-  .init_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__init_array_start = .);
-    KEEP (*(SORT(.init_array.*)))
-    KEEP (*(.init_array*))
-    PROVIDE_HIDDEN (__init_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-  .fini_array :
-  {
-	. = ALIGN(8);
-    PROVIDE_HIDDEN (__fini_array_start = .);
-    KEEP (*(SORT(.fini_array.*)))
-    KEEP (*(.fini_array*))
-    PROVIDE_HIDDEN (__fini_array_end = .);
-	. = ALIGN(8);
-  } >FLASH
-
-  /* used by the startup to initialize data */
-  _sidata = LOADADDR(.data);
-
-  /* Initialized data sections goes into RAM, load LMA copy after code */
-  .data : 
-  {
-    . = ALIGN(8);
-    _sdata = .;        /* create a global symbol at data start */
-    *(.data)           /* .data sections */
-    *(.data*)          /* .data* sections */
-
-    . = ALIGN(8);
-    _edata = .;        /* define a global symbol at data end */
-  } >RAM AT> FLASH
-
-  
-  /* Uninitialized data section */
-  . = ALIGN(4);
-  .bss :
-  {
-    /* This is used by the startup in order to initialize the .bss secion */
-    _sbss = .;         /* define a global symbol at bss start */
-    __bss_start__ = _sbss;
-    *(.bss)
-    *(.bss*)
-    *(COMMON)
-
-    . = ALIGN(4);
-    _ebss = .;         /* define a global symbol at bss end */
-    __bss_end__ = _ebss;
-  } >RAM
-
-  /* User_heap_stack section, used to check that there is enough RAM left */
-  ._user_heap_stack :
-  {
-    . = ALIGN(8);
-    PROVIDE ( end = . );
-    PROVIDE ( _end = . );
-    . = . + _Min_Heap_Size;
-    . = . + _Min_Stack_Size;
-    . = ALIGN(8);
-  } >RAM
-
-  
-
-  /* Remove information from the standard libraries */
-  /DISCARD/ :
-  {
-    libc.a ( * )
-    libm.a ( * )
-    libgcc.a ( * )
-  }
-
-  .ARM.attributes 0 : { *(.ARM.attributes) }
-}
-
-

targets/stm32l432/src/sense.c

@@ -0,0 +1,136 @@
+#include "sense.h"
+#include "device.h"
+#include "log.h"
+
+#include "stm32l4xx_ll_gpio.h"
+#include "stm32l4xx_hal_tsc.h"
+
+#define ELECTRODE_0     TSC_GROUP2_IO1
+#define ELECTRODE_1     TSC_GROUP2_IO2
+
+void tsc_init()
+{
+    LL_GPIO_InitTypeDef GPIO_InitStruct;
+    // Enable TSC clock
+    RCC->AHB1ENR |= (1<<16);
+
+    /** TSC GPIO Configuration
+    PA4   ------> Channel 1
+    PA5   ------> Channel 2
+    */
+    GPIO_InitStruct.Pin = LL_GPIO_PIN_5|LL_GPIO_PIN_4;
+    GPIO_InitStruct.Mode = LL_GPIO_MODE_ALTERNATE;
+    GPIO_InitStruct.Speed = LL_GPIO_SPEED_FREQ_LOW;
+    GPIO_InitStruct.OutputType = LL_GPIO_OUTPUT_PUSHPULL;
+    GPIO_InitStruct.Pull = LL_GPIO_PULL_NO;
+    GPIO_InitStruct.Alternate = LL_GPIO_AF_9;
+    LL_GPIO_Init(GPIOB, &GPIO_InitStruct);
+
+    /** TSC GPIO Configuration
+    PA6   ------> sampling cap
+    */
+    GPIO_InitStruct.Pin = LL_GPIO_PIN_6;
+    GPIO_InitStruct.OutputType = LL_GPIO_OUTPUT_OPENDRAIN;
+    LL_GPIO_Init(GPIOB, &GPIO_InitStruct);
+
+    // Channel IOs
+    uint32_t channel_ios = TSC_GROUP2_IO1 | TSC_GROUP2_IO2;
+
+    // enable
+    TSC->CR = TSC_CR_TSCE;
+
+    TSC->CR |= (TSC_CTPH_8CYCLES |
+                           TSC_CTPL_10CYCLES |
+                           (uint32_t)(1 << TSC_CR_SSD_Pos) |
+                           TSC_SS_PRESC_DIV1 |
+                           TSC_PG_PRESC_DIV16 |
+                           TSC_MCV_16383 |
+                           TSC_SYNC_POLARITY_FALLING |
+                           TSC_ACQ_MODE_NORMAL);
+
+    // Spread spectrum
+    if (0)
+    {
+      TSC->CR |= TSC_CR_SSE;
+    }
+
+    // Schmitt trigger and hysteresis
+    TSC->IOHCR = (uint32_t)(~(channel_ios | 0 | TSC_GROUP2_IO3));
+
+    // Sampling IOs
+    TSC->IOSCR = TSC_GROUP2_IO3;
+
+    // Groups
+    uint32_t grps = 0x02;
+    TSC->IOGCSR = grps;
+
+    TSC->IER &= (uint32_t)(~(TSC_IT_EOA | TSC_IT_MCE));
+    TSC->ICR = (TSC_FLAG_EOA | TSC_FLAG_MCE);
+
+}
+
+void tsc_set_electrode(uint32_t channel_ids)
+{
+    TSC->IOCCR = (channel_ids);
+}
+
+void tsc_start_acq()
+{
+    TSC->CR &= ~(TSC_CR_START);
+
+    TSC->ICR = TSC_FLAG_EOA | TSC_FLAG_MCE;
+
+    // Set IO output to output push-pull low
+    TSC->CR &= (~TSC_CR_IODEF);
+
+    TSC->CR |= TSC_CR_START;
+}
+
+void tsc_wait_on_acq()
+{
+    while ( ! (TSC->ISR & TSC_FLAG_EOA) )
+        ;
+    if ( TSC->ISR & TSC_FLAG_MCE )
+    {
+        printf1(TAG_ERR,"Max count reached\r\n");
+    }
+}
+
+uint32_t tsc_read(uint32_t indx)
+{
+    return TSC->IOGXCR[indx];
+}
+
+uint32_t tsc_read_button(uint32_t index)
+{
+    switch(index)
+    {
+        case 0:
+            tsc_set_electrode(ELECTRODE_0);
+            break;
+        case 1:
+            tsc_set_electrode(ELECTRODE_1);
+            break;
+    }
+    tsc_start_acq();
+    tsc_wait_on_acq();
+    return tsc_read(1) < 45;
+}
+
+int tsc_sensor_exists()
+{
+    static uint8_t does = 0;
+    if (does) return 1;
+
+    LL_GPIO_SetPinMode(GPIOB, (1 << 1), LL_GPIO_MODE_INPUT);
+    LL_GPIO_SetPinPull(GPIOB, (1 << 1), LL_GPIO_PULL_UP);
+
+    // Short delay before reading pin
+    asm("nop"); asm("nop"); asm("nop"); asm("nop");
+
+    does = (LL_GPIO_ReadInputPort(GPIOB) & (1 << 1)) == 0;
+
+    LL_GPIO_SetPinPull(GPIOB, 1, LL_GPIO_PULL_NO);
+
+    return does;
+}

targets/stm32l432/src/sense.h

@@ -0,0 +1,14 @@
+#ifndef _SENSE_H_
+#define _SENSE_H_
+
+#include <stdint.h>
+
+void tsc_init();
+
+int tsc_sensor_exists();
+
+// Read button0 or button1
+// Returns 1 if pressed, 0 if not.
+uint32_t tsc_read_button(uint32_t index);
+
+#endif

targets/stm32l432/src/startup_stm32l432xx.s

@@ -79,6 +79,8 @@ Reset_Handler:
   ldr   sp, =_estack    /* Atollic update: set stack pointer */
 
 /* Copy the data segment initializers from flash to SRAM */
+/* Call the clock system intitialization function.*/
+    bl  SystemInit
   movs	r1, #0
   b	LoopCopyDataInit
 
@@ -106,8 +108,7 @@ LoopFillZerobss:
 	cmp	r2, r3
 	bcc	FillZerobss
 
-/* Call the clock system intitialization function.*/
-    bl  SystemInit
+
 /* Call static constructors */
     bl __libc_init_array
 /* Call the application's entry point.*/

targets/stm32l432/src/system_stm32l4xx.c

@@ -106,6 +106,8 @@
   */
 
 #include "stm32l4xx.h"
+#include "device.h"
+#include "init.h"
 
 #if !defined  (HSE_VALUE)
   #define HSE_VALUE    8000000U  /*!< Value of the External oscillator in Hz */
@@ -219,6 +221,9 @@ void SystemInit(void)
   /* Disable all interrupts */
   RCC->CIER = 0x00000000U;
 
+  // TODO this is causing boot issues for old bootloader
+  device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
+
 }
 
 /**

tools/ctap_test.py

@@ -1,838 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-# Copyright 2019 SoloKeys Developers
-#
-# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
-# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
-# http://opensource.org/licenses/MIT>, at your option. This file may not be
-# copied, modified, or distributed except according to those terms.
-#
-
-# Script for testing correctness of CTAP2/CTAP1 security token
-
-from __future__ import print_function, absolute_import, unicode_literals
-
-from fido2.hid import CtapHidDevice, CTAPHID
-from fido2.client import Fido2Client, ClientError
-from fido2.ctap import CtapError
-from fido2.ctap1 import CTAP1
-from fido2.ctap2 import *
-from fido2.cose import *
-from fido2.utils import Timeout, sha256
-import sys, os, time
-from random import randint
-from binascii import hexlify
-import array, struct, socket
-
-# Set up a FIDO 2 client using the origin https://example.com
-
-
-def ForceU2F(client, device):
-    client.ctap = CTAP1(device)
-    client.pin_protocol = None
-    client._do_make_credential = client._ctap1_make_credential
-    client._do_get_assertion = client._ctap1_get_assertion
-
-
-class Packet(object):
-    def __init__(self, data):
-        l = len(data)
-        self.data = data
-
-    def ToWireFormat(self,):
-        return self.data
-
-    @staticmethod
-    def FromWireFormat(pkt_size, data):
-        return Packet(data)
-
-
-class Tester:
-    def __init__(self,):
-        self.origin = "https://examplo.org"
-        self.host = "examplo.org"
-
-    def find_device(self,):
-        print(list(CtapHidDevice.list_devices()))
-        dev = next(CtapHidDevice.list_devices(), None)
-        if not dev:
-            raise RuntimeError("No FIDO device found")
-        self.dev = dev
-        self.client = Fido2Client(dev, self.origin)
-        self.ctap = self.client.ctap2
-        self.ctap1 = CTAP1(dev)
-
-        # consume timeout error
-        # cmd,resp = self.recv_raw()
-
-    def send_data(self, cmd, data):
-        if type(data) != type(b""):
-            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
-        with Timeout(1.0) as event:
-            return self.dev.call(cmd, data, event)
-
-    def send_raw(self, data, cid=None):
-        if cid is None:
-            cid = self.dev._dev.cid
-        elif type(cid) != type(b""):
-            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
-        if type(data) != type(b""):
-            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
-        data = cid + data
-        l = len(data)
-        if l != 64:
-            pad = "\x00" * (64 - l)
-            pad = struct.pack("%dB" % len(pad), *[ord(x) for x in pad])
-            data = data + pad
-        data = list(data)
-        assert len(data) == 64
-        self.dev._dev.InternalSendPacket(Packet(data))
-
-    def cid(self,):
-        return self.dev._dev.cid
-
-    def set_cid(self, cid):
-        if type(cid) not in [type(b""), type(bytearray())]:
-            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
-        self.dev._dev.cid = cid
-
-    def recv_raw(self,):
-        with Timeout(1.0) as t:
-            cmd, payload = self.dev._dev.InternalRecv()
-        return cmd, payload
-
-    def check_error(self, data, err=None):
-        assert len(data) == 1
-        if err is None:
-            if data[0] != 0:
-                raise CtapError(data[0])
-        elif data[0] != err:
-            raise ValueError("Unexpected error: %02x" % data[0])
-
-    def test_long_ping(self):
-        amt = 1000
-        pingdata = os.urandom(amt)
-        try:
-            t1 = time.time() * 1000
-            r = self.send_data(CTAPHID.PING, pingdata)
-            t2 = time.time() * 1000
-            delt = t2 - t1
-            # if (delt < 140 ):
-            # raise RuntimeError('Fob is too fast (%d ms)' % delt)
-            if delt > 555 * (amt / 1000):
-                raise RuntimeError("Fob is too slow (%d ms)" % delt)
-            if r != pingdata:
-                raise ValueError("Ping data not echo'd")
-            print("1000 byte ping time: %s ms" % delt)
-        except CtapError as e:
-            print("7609 byte Ping failed:", e)
-            raise RuntimeError("ping failed")
-        print("PASS: 7609 byte ping")
-        # sys.flush(sys.sto)
-        sys.stdout.flush()
-
-    def test_hid(self, check_timeouts=False):
-        if check_timeouts:
-            print("Test idle")
-            try:
-                cmd, resp = self.recv_raw()
-            except socket.timeout:
-                print("Pass: Idle")
-
-        print("Test init")
-        r = self.send_data(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11")
-
-        pingdata = os.urandom(100)
-        try:
-            r = self.send_data(CTAPHID.PING, pingdata)
-            if r != pingdata:
-                raise ValueError("Ping data not echo'd")
-        except CtapError as e:
-            print("100 byte Ping failed:", e)
-            raise RuntimeError("ping failed")
-        print("PASS: 100 byte ping")
-
-        self.test_long_ping()
-
-        try:
-            r = self.send_data(CTAPHID.WINK, "")
-            print(hexlify(r))
-            # assert(len(r) == 0)
-        except CtapError as e:
-            print("wink failed:", e)
-            raise RuntimeError("wink failed")
-        print("PASS: wink")
-
-        # try:
-        # r = self.send_data(CTAPHID.WINK, 'we9gofrei8g')
-        # raise RuntimeError('Wink is not supposed to have payload')
-        # except CtapError as e:
-        # assert(e.code == CtapError.ERR.INVALID_LENGTH)
-        # print('PASS: malformed wink')
-
-        try:
-            r = self.send_data(CTAPHID.CBOR, "")
-            if len(r) > 1 or r[0] == 0:
-                raise RuntimeError("Cbor is supposed to have payload")
-        except CtapError as e:
-            assert e.code == CtapError.ERR.INVALID_LENGTH
-        print("PASS: no data cbor")
-
-        try:
-            r = self.send_data(CTAPHID.MSG, "")
-            print(hexlify(r))
-            if len(r) > 2:
-                raise RuntimeError("MSG is supposed to have payload")
-        except CtapError as e:
-            assert e.code == CtapError.ERR.INVALID_LENGTH
-        print("PASS: no data msg")
-
-        try:
-            r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        except CtapError as e:
-            raise RuntimeError("resync fail: ", e)
-        print("PASS: resync")
-
-        try:
-            r = self.send_data(0x66, "")
-            raise RuntimeError("Invalid command did not return error")
-        except CtapError as e:
-            assert e.code == CtapError.ERR.INVALID_COMMAND
-        print("PASS: invalid HID command")
-
-        print("Sending packet with too large of a length.")
-        self.send_raw("\x81\x1d\xba\x00")
-        cmd, resp = self.recv_raw()
-        self.check_error(resp, CtapError.ERR.INVALID_LENGTH)
-        print("PASS: invalid length")
-
-        r = self.send_data(CTAPHID.PING, "\x44" * 200)
-        print("Sending packets that skip a sequence number.")
-        self.send_raw("\x81\x04\x90")
-        self.send_raw("\x00")
-        self.send_raw("\x01")
-        # skip 2
-        self.send_raw("\x03")
-        cmd, resp = self.recv_raw()
-        self.check_error(resp, CtapError.ERR.INVALID_SEQ)
-        if check_timeouts:
-            cmd, resp = self.recv_raw()
-            assert cmd == 0xBF  # timeout
-        print("PASS: invalid sequence")
-
-        print("Resync and send ping")
-        try:
-            r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            pingdata = os.urandom(100)
-            r = self.send_data(CTAPHID.PING, pingdata)
-            if r != pingdata:
-                raise ValueError("Ping data not echo'd")
-        except CtapError as e:
-            raise RuntimeError("resync fail: ", e)
-        print("PASS: resync and ping")
-
-        print("Send ping and abort it")
-        self.send_raw("\x81\x04\x00")
-        self.send_raw("\x00")
-        self.send_raw("\x01")
-        try:
-            r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        except CtapError as e:
-            raise RuntimeError("resync fail: ", e)
-        print("PASS: interrupt ping with resync")
-
-        print("Send ping and abort it with different cid, expect timeout")
-        oldcid = self.cid()
-        newcid = "\x11\x22\x33\x44"
-        self.send_raw("\x81\x10\x00")
-        self.send_raw("\x00")
-        self.send_raw("\x01")
-        self.set_cid(newcid)
-        self.send_raw(
-            "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88"
-        )  # init from different cid
-        print("wait for init response")
-        cmd, r = self.recv_raw()  # init response
-        assert cmd == 0x86
-        self.set_cid(oldcid)
-        if check_timeouts:
-            # print('wait for timeout')
-            cmd, r = self.recv_raw()  # timeout response
-            assert cmd == 0xBF
-
-        print("PASS: resync and timeout")
-
-        print("Test timeout")
-        self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        t1 = time.time() * 1000
-        self.send_raw("\x81\x04\x00")
-        self.send_raw("\x00")
-        self.send_raw("\x01")
-        cmd, r = self.recv_raw()  # timeout response
-        t2 = time.time() * 1000
-        delt = t2 - t1
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.TIMEOUT
-        assert delt < 1000 and delt > 400
-        print("Pass timeout")
-
-        print("Test not cont")
-        self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        self.send_raw("\x81\x04\x00")
-        self.send_raw("\x00")
-        self.send_raw("\x01")
-        self.send_raw("\x81\x10\x00")  # init packet
-        cmd, r = self.recv_raw()  # timeout response
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.INVALID_SEQ
-        print("PASS: Test not cont")
-
-        if check_timeouts:
-            print("Check random cont ignored")
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            self.send_raw("\x01\x10\x00")
-            try:
-                cmd, r = self.recv_raw()  # timeout response
-            except socket.timeout:
-                pass
-            print("PASS: random cont")
-
-        print("Check busy")
-        t1 = time.time() * 1000
-        self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        oldcid = self.cid()
-        newcid = "\x11\x22\x33\x44"
-        self.send_raw("\x81\x04\x00")
-        self.set_cid(newcid)
-        self.send_raw("\x81\x04\x00")
-        cmd, r = self.recv_raw()  # busy response
-        t2 = time.time() * 1000
-        assert t2 - t1 < 100
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.CHANNEL_BUSY
-
-        self.set_cid(oldcid)
-        cmd, r = self.recv_raw()  # timeout response
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.TIMEOUT
-        print("PASS: busy")
-
-        print("Check busy interleaved")
-        cid1 = "\x11\x22\x33\x44"
-        cid2 = "\x01\x22\x33\x44"
-        self.set_cid(cid2)
-        self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        self.set_cid(cid1)
-        self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-        self.send_raw("\x81\x00\x63")  # echo 99 bytes first channel
-
-        self.set_cid(cid2)  # send ping on 2nd channel
-        self.send_raw("\x81\x00\x63")
-        self.send_raw("\x00")
-
-        cmd, r = self.recv_raw()  # busy response
-
-        self.set_cid(cid1)  # finish 1st channel ping
-        self.send_raw("\x00")
-
-        self.set_cid(cid2)
-
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.CHANNEL_BUSY
-
-        self.set_cid(cid1)
-        cmd, r = self.recv_raw()  # ping response
-        assert cmd == 0x81
-        assert len(r) == 0x63
-
-        if check_timeouts:
-            cmd, r = self.recv_raw()  # timeout
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.TIMEOUT
-        print("PASS: busy interleaved")
-
-        if check_timeouts:
-            print("Test idle, wait for timeout")
-            sys.stdout.flush()
-            try:
-                cmd, resp = self.recv_raw()
-            except socket.timeout:
-                print("Pass: Idle")
-
-        print("Test cid 0 is invalid")
-        self.set_cid("\x00\x00\x00\x00")
-        self.send_raw(
-            "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00"
-        )
-        cmd, r = self.recv_raw()  # timeout
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.INVALID_CHANNEL
-        print("Pass: cid 0")
-
-        print("Test invalid broadcast cid use")
-        self.set_cid("\xff\xff\xff\xff")
-        self.send_raw(
-            "\x81\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\xff\xff\xff\xff"
-        )
-        cmd, r = self.recv_raw()  # timeout
-        assert cmd == 0xBF
-        assert r[0] == CtapError.ERR.INVALID_CHANNEL
-        print("Pass: cid broadcast")
-
-    def test_u2f(self,):
-        chal = sha256(b"AAA")
-        appid = sha256(b"BBB")
-        lastc = 0
-        for i in range(0, 5):
-            reg = self.ctap1.register(chal, appid)
-            reg.verify(appid, chal)
-            auth = self.ctap1.authenticate(chal, appid, reg.key_handle)
-            # check endianness
-            if lastc:
-                assert (auth.counter - lastc) < 10
-            lastc = auth.counter
-            print(hex(lastc))
-            print("U2F reg + auth pass %d/5" % (i + 1))
-
-    def test_fido2_simple(self, pin_token=None):
-        creds = []
-        exclude_list = []
-        rp = {"id": self.host, "name": "ExaRP"}
-        user = {"id": b"usee_od", "name": "AB User"}
-        challenge = "Y2hhbGxlbmdl"
-        PIN = pin_token
-
-        fake_id1 = array.array("B", [randint(0, 255) for i in range(0, 150)]).tobytes()
-        fake_id2 = array.array("B", [randint(0, 255) for i in range(0, 73)]).tobytes()
-
-        exclude_list.append({"id": fake_id1, "type": "public-key"})
-        exclude_list.append({"id": fake_id2, "type": "public-key"})
-
-        print("MC")
-        t1 = time.time() * 1000
-        attest, data = self.client.make_credential(
-            rp, user, challenge, pin=PIN, exclude_list=[]
-        )
-        t2 = time.time() * 1000
-        attest.verify(data.hash)
-        print("Register valid (%d ms)" % (t2 - t1))
-
-        cred = attest.auth_data.credential_data
-        creds.append(cred)
-
-        allow_list = [{"id": creds[0].credential_id, "type": "public-key"}]
-        t1 = time.time() * 1000
-        assertions, client_data = self.client.get_assertion(
-            rp["id"], challenge, allow_list, pin=PIN
-        )
-        t2 = time.time() * 1000
-        assertions[0].verify(client_data.hash, creds[0].public_key)
-
-        print("Assertion valid (%d ms)" % (t2 - t1))
-
-    def test_fido2_brute_force(self):
-        creds = []
-        exclude_list = []
-        rp = {"id": self.host, "name": "ExaRP"}
-        user = {"id": b"usee_od", "name": "AB User"}
-        PIN = None
-        abc = "abcdefghijklnmopqrstuvwxyz"
-        abc += abc.upper()
-
-        self.ctap.reset()
-
-        for i in range(0, 2048 ** 2):
-            creds = []
-
-            challenge = "".join([abc[randint(0, len(abc) - 1)] for x in range(0, 32)])
-
-            fake_id1 = array.array(
-                "B", [randint(0, 255) for i in range(0, 150)]
-            ).tostring()
-            fake_id2 = array.array(
-                "B", [randint(0, 255) for i in range(0, 73)]
-            ).tostring()
-
-            exclude_list.append({"id": fake_id1, "type": "public-key"})
-            exclude_list.append({"id": fake_id2, "type": "public-key"})
-
-            # for i in range(0,2048**2):
-            for i in range(0, 1):
-                t1 = time.time() * 1000
-                attest, data = self.client.make_credential(
-                    rp, user, challenge, pin=PIN, exclude_list=[]
-                )
-                print(attest.auth_data.counter)
-                t2 = time.time() * 1000
-                attest.verify(data.hash)
-                print("Register valid (%d ms)" % (t2 - t1))
-            sys.stdout.flush()
-
-            cred = attest.auth_data.credential_data
-            creds.append(cred)
-
-            # for i in range(0,2048**2):
-            for i in range(0, 1):
-                allow_list = [{"id": creds[0].credential_id, "type": "public-key"}]
-                t1 = time.time() * 1000
-                assertions, client_data = self.client.get_assertion(
-                    rp["id"], challenge, allow_list, pin=PIN
-                )
-                t2 = time.time() * 1000
-                assertions[0].verify(client_data.hash, creds[0].public_key)
-                print(assertions[0].auth_data.counter)
-
-                print("Assertion valid (%d ms)" % (t2 - t1))
-                sys.stdout.flush()
-
-    def test_fido2(self):
-        def test(self, pincode=None):
-            creds = []
-            exclude_list = []
-            rp = {"id": self.host, "name": "ExaRP"}
-            user = {"id": b"usee_od", "name": "AB User"}
-            challenge = "Y2hhbGxlbmdl"
-            PIN = pincode
-
-            fake_id1 = array.array(
-                "B", [randint(0, 255) for i in range(0, 150)]
-            ).tostring()
-            fake_id2 = array.array(
-                "B", [randint(0, 255) for i in range(0, 73)]
-            ).tostring()
-
-            exclude_list.append({"id": fake_id1, "type": "public-key"})
-            exclude_list.append({"id": fake_id2, "type": "public-key"})
-
-            # test make credential
-            print("make 3 credentials")
-            for i in range(0, 3):
-                attest, data = self.client.make_credential(
-                    rp, user, challenge, pin=PIN, exclude_list=[]
-                )
-                attest.verify(data.hash)
-                # verify endian-ness is correct
-                assert attest.auth_data.counter < 0x10000
-                cred = attest.auth_data.credential_data
-                creds.append(cred)
-                print(cred)
-            print("PASS")
-
-            if PIN is not None:
-                print("make credential with wrong pin code")
-                try:
-                    attest, data = self.client.make_credential(
-                        rp, user, challenge, pin=PIN + " ", exclude_list=[]
-                    )
-                except CtapError as e:
-                    assert e.code == CtapError.ERR.PIN_INVALID
-                except ClientError as e:
-                    assert e.cause.code == CtapError.ERR.PIN_INVALID
-                print("PASS")
-
-            print("make credential with exclude list")
-            attest, data = self.client.make_credential(
-                rp, user, challenge, pin=PIN, exclude_list=exclude_list
-            )
-            attest.verify(data.hash)
-            cred = attest.auth_data.credential_data
-            creds.append(cred)
-            print("PASS")
-
-            print("make credential with exclude list including real credential")
-            real_excl = [{"id": cred.credential_id, "type": "public-key"}]
-            try:
-                attest, data = self.client.make_credential(
-                    rp, user, challenge, pin=PIN, exclude_list=exclude_list + real_excl
-                )
-                raise RuntimeError("Exclude list did not return expected error")
-            except CtapError as e:
-                assert e.code == CtapError.ERR.CREDENTIAL_EXCLUDED
-            except ClientError as e:
-                assert e.cause.code == CtapError.ERR.CREDENTIAL_EXCLUDED
-            print("PASS")
-
-            for i, x in enumerate(creds):
-                print("get assertion %d" % i)
-                allow_list = [{"id": x.credential_id, "type": "public-key"}]
-                assertions, client_data = self.client.get_assertion(
-                    rp["id"], challenge, allow_list, pin=PIN
-                )
-                assertions[0].verify(client_data.hash, x.public_key)
-                print("PASS")
-
-            if PIN is not None:
-                print("get assertion with wrong pin code")
-                try:
-                    assertions, client_data = self.client.get_assertion(
-                        rp["id"], challenge, allow_list, pin=PIN + " "
-                    )
-                except CtapError as e:
-                    assert e.code == CtapError.ERR.PIN_INVALID
-                except ClientError as e:
-                    assert e.cause.code == CtapError.ERR.PIN_INVALID
-                print("PASS")
-
-            print("get multiple assertions")
-            allow_list = [{"id": x.credential_id, "type": "public-key"} for x in creds]
-            assertions, client_data = self.client.get_assertion(
-                rp["id"], challenge, allow_list, pin=PIN
-            )
-
-            for ass, cred in zip(assertions, creds):
-                i += 1
-
-                ass.verify(client_data.hash, cred.public_key)
-                print("%d verified" % i)
-            print("PASS")
-
-        print("Reset device")
-        try:
-            self.ctap.reset()
-        except CtapError as e:
-            print("Warning, reset failed: ", e)
-            pass
-        print("PASS")
-
-        test(self, None)
-
-        print("Set a pin code")
-        PIN = "1122aabbwfg0h9g !@#=="
-        self.client.pin_protocol.set_pin(PIN)
-        print("PASS")
-
-        print("Illegally set pin code again")
-        try:
-            self.client.pin_protocol.set_pin(PIN)
-        except CtapError as e:
-            assert e.code == CtapError.ERR.NOT_ALLOWED
-        print("PASS")
-
-        print("Change pin code")
-        PIN2 = PIN + "_pin2"
-        self.client.pin_protocol.change_pin(PIN, PIN2)
-        PIN = PIN2
-        print("PASS")
-
-        print("Change pin code using wrong pin")
-        try:
-            self.client.pin_protocol.change_pin(PIN.replace("a", "b"), "1234")
-        except CtapError as e:
-            assert e.code == CtapError.ERR.PIN_INVALID
-        print("PASS")
-
-        print("MC using wrong pin")
-        try:
-            self.test_fido2_simple("abcd3")
-        except ClientError as e:
-            assert e.cause.code == CtapError.ERR.PIN_INVALID
-        print("PASS")
-
-        print("get info")
-        inf = self.ctap.get_info()
-        print("PASS")
-
-        self.test_fido2_simple(PIN)
-
-        print("Re-run make_credential and get_assertion tests with pin code")
-        test(self, PIN)
-
-        print("Reset device")
-        try:
-            self.ctap.reset()
-        except CtapError as e:
-            print("Warning, reset failed: ", e)
-        print("PASS")
-
-    def test_rk(self,):
-        creds = []
-        rp = {"id": self.host, "name": "ExaRP"}
-        user0 = {"id": b"first one", "name": "single User"}
-
-        users = [
-            {"id": b"user" + os.urandom(16), "name": "AB User"} for i in range(0, 2)
-        ]
-        challenge = "Y2hhbGxlbmdl"
-        PIN = None
-        print("reset")
-        self.ctap.reset()
-        # if PIN: self.client.pin_protocol.set_pin(PIN)
-
-        print("registering 1 user with RK")
-        t1 = time.time() * 1000
-        attest, data = self.client.make_credential(
-            rp, user0, challenge, pin=PIN, exclude_list=[], rk=True
-        )
-        t2 = time.time() * 1000
-        attest.verify(data.hash)
-        creds.append(attest.auth_data.credential_data)
-        print("Register valid (%d ms)" % (t2 - t1))
-
-        print("1 assertion")
-        t1 = time.time() * 1000
-        assertions, client_data = self.client.get_assertion(
-            rp["id"], challenge, pin=PIN
-        )
-        t2 = time.time() * 1000
-        assertions[0].verify(client_data.hash, creds[0].public_key)
-        print("Assertion valid (%d ms)" % (t2 - t1))
-
-        print(assertions[0], client_data)
-
-        print("registering %d users with RK" % len(users))
-        for i in range(0, len(users)):
-            t1 = time.time() * 1000
-            attest, data = self.client.make_credential(
-                rp, users[i], challenge, pin=PIN, exclude_list=[], rk=True
-            )
-            t2 = time.time() * 1000
-            attest.verify(data.hash)
-            print("Register valid (%d ms)" % (t2 - t1))
-
-            creds.append(attest.auth_data.credential_data)
-
-        t1 = time.time() * 1000
-        assertions, client_data = self.client.get_assertion(
-            rp["id"], challenge, pin=PIN
-        )
-        t2 = time.time() * 1000
-
-        for x, y in zip(assertions, creds):
-            x.verify(client_data.hash, y.public_key)
-
-        print("Assertion(s) valid (%d ms)" % (t2 - t1))
-
-        print("registering a duplicate user ")
-
-        t1 = time.time() * 1000
-        attest, data = self.client.make_credential(
-            rp, users[1], challenge, pin=PIN, exclude_list=[], rk=True
-        )
-        t2 = time.time() * 1000
-        attest.verify(data.hash)
-        creds = creds[:2] + creds[3:] + [attest.auth_data.credential_data]
-        print("Register valid (%d ms)" % (t2 - t1))
-
-        t1 = time.time() * 1000
-        assertions, client_data = self.client.get_assertion(
-            rp["id"], challenge, pin=PIN
-        )
-        t2 = time.time() * 1000
-        assert len(assertions) == len(users) + 1
-        for x, y in zip(assertions, creds):
-            x.verify(client_data.hash, y.public_key)
-
-        print("Assertion(s) valid (%d ms)" % (t2 - t1))
-
-    def test_responses(self,):
-        PIN = "1234"
-        RPID = self.host
-        for dev in CtapHidDevice.list_devices():
-            print("dev", dev)
-            client = Fido2Client(dev, RPID)
-            ctap = client.ctap2
-            # ctap.reset()
-            try:
-                if PIN:
-                    client.pin_protocol.set_pin(PIN)
-            except:
-                pass
-
-            inf = ctap.get_info()
-            # print (inf)
-            print("versions: ", inf.versions)
-            print("aaguid: ", inf.aaguid)
-            print("rk: ", inf.options["rk"])
-            print("clientPin: ", inf.options["clientPin"])
-            print("max_message_size: ", inf.max_msg_size)
-
-            # rp = {'id': 'SelectDevice', 'name': 'SelectDevice'}
-            rp = {"id": RPID, "name": "ExaRP"}
-            user = {"id": os.urandom(10), "name": "SelectDevice"}
-            user = {"id": b"21first one", "name": "single User"}
-            challenge = "Y2hhbGxlbmdl"
-
-            if 1:
-                attest, data = client.make_credential(
-                    rp, user, challenge, exclude_list=[], pin=PIN, rk=True
-                )
-
-                cred = attest.auth_data.credential_data
-                creds = [cred]
-
-                allow_list = [{"id": creds[0].credential_id, "type": "public-key"}]
-                allow_list = []
-                assertions, client_data = client.get_assertion(
-                    rp["id"], challenge, pin=PIN
-                )
-                assertions[0].verify(client_data.hash, creds[0].public_key)
-
-            if 0:
-                print("registering 1 user with RK")
-                t1 = time.time() * 1000
-                attest, data = client.make_credential(
-                    rp, user, challenge, pin=PIN, exclude_list=[], rk=True
-                )
-                t2 = time.time() * 1000
-                attest.verify(data.hash)
-                creds = [attest.auth_data.credential_data]
-                print("Register valid (%d ms)" % (t2 - t1))
-
-                print("1 assertion")
-                t1 = time.time() * 1000
-                assertions, client_data = client.get_assertion(
-                    rp["id"], challenge, pin=PIN
-                )
-                t2 = time.time() * 1000
-                assertions[0].verify(client_data.hash, creds[0].public_key)
-                print("Assertion valid (%d ms)" % (t2 - t1))
-
-            # print('fmt:',attest.fmt)
-            # print('rp_id_hash',attest.auth_data.rp_id_hash)
-            # print('flags:', hex(attest.auth_data.flags))
-            # print('count:', hex(attest.auth_data.counter))
-            print("flags MC:", attest.auth_data)
-            print("flags GA:", assertions[0].auth_data)
-            # print('cred_id:',attest.auth_data.credential_data.credential_id)
-            # print('pubkey:',attest.auth_data.credential_data.public_key)
-            # print('aaguid:',attest.auth_data.credential_data.aaguid)
-            # print('cred data:',attest.auth_data.credential_data)
-            # print('auth_data:',attest.auth_data)
-            # print('auth_data:',attest.auth_data)
-            # print('alg:',attest.att_statement['alg'])
-            # print('sig:',attest.att_statement['sig'])
-            # print('x5c:',attest.att_statement['x5c'])
-            # print('data:',data)
-
-            print("assertion:", assertions[0])
-            print("clientData:", client_data)
-
-            print()
-            # break
-
-
-def test_find_brute_force():
-    i = 0
-    while 1:
-        t1 = time.time() * 1000
-        t = Tester()
-        t.find_device()
-        t2 = time.time() * 1000
-        print("connected %d (%d ms)" % (i, t2 - t1))
-        i += 1
-        time.sleep(0.01)
-
-
-if __name__ == "__main__":
-    t = Tester()
-    t.find_device()
-    # t.test_hid()
-    # t.test_long_ping()
-    t.test_fido2()
-    t.test_u2f()
-    # t.test_rk()
-    # t.test_responses()
-    # test_find_brute_force()
-    # t.test_fido2_simple()
-    # t.test_fido2_brute_force()

tools/gadgetfs/Makefile

@@ -0,0 +1,65 @@
+TOP := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+KERNEL_FULL_VERSION := $(shell uname -r)
+KERNEL_VERSION := $(shell uname -r | grep -o "^[^-]*")
+KERNEL_MAJOR := $(shell uname -r | cut -d. -f1)
+KERNEL_MINOR := $(shell uname -r | cut -d. -f2)
+
+MANUFACTURER = "Solo"
+SERIAL = "1234567890"
+IDVENDOR = "0x0483"
+IDPRODUCT = "0xa2ca"
+PRODUCT = "Solo Software Authenticator"
+CONFIGFS = /sys/kernel/config
+CONFIGFS_FIDO2 = $(CONFIGFS)/usb_gadget/fido2
+
+obj-m := dummy_hcd.o
+KVERSION := $(shell uname -r)
+SHELL := /bin/bash
+
+all: dummy_hcd.ko
+
+install: dummy_hcd.ko
+	modprobe libcomposite
+	insmod dummy_hcd.ko
+	mkdir -p $(CONFIGFS_FIDO2)
+	mkdir -p $(CONFIGFS_FIDO2)/configs/c.1
+	mkdir -p $(CONFIGFS_FIDO2)/functions/hid.usb0
+	echo 0 > $(CONFIGFS_FIDO2)/functions/hid.usb0/protocol
+	echo 0 > $(CONFIGFS_FIDO2)/functions/hid.usb0/subclass
+	echo 64 > $(CONFIGFS_FIDO2)/functions/hid.usb0/report_length
+	echo -ne "\x06\xd0\xf1\x09\x01\xa1\x01\x09\x20\x15\x00\x26\xff\x00\x75\x08\x95\x40\x81\x02\x09\x21\x15\x00\x26\xff\x00\x75\x08\x95\x40\x91\x02\xc0" > $(CONFIGFS_FIDO2)/functions/hid.usb0/report_desc
+	mkdir $(CONFIGFS_FIDO2)/strings/0x409
+	mkdir $(CONFIGFS_FIDO2)/configs/c.1/strings/0x409
+	echo $(IDPRODUCT) > $(CONFIGFS_FIDO2)/idProduct
+	echo $(IDVENDOR) > $(CONFIGFS_FIDO2)/idVendor
+	echo $(SERIAL) > $(CONFIGFS_FIDO2)/strings/0x409/serialnumber
+	echo $(MANUFACTURER) > $(CONFIGFS_FIDO2)/strings/0x409/manufacturer
+	echo $(PRODUCT) > $(CONFIGFS_FIDO2)/strings/0x409/product
+	echo "Configuration 1" > $(CONFIGFS_FIDO2)/configs/c.1/strings/0x409/configuration
+	echo 120 > $(CONFIGFS_FIDO2)/configs/c.1/MaxPower
+	ln -s $(CONFIGFS_FIDO2)/functions/hid.usb0 $(CONFIGFS_FIDO2)/configs/c.1
+	echo "dummy_udc.0" > $(CONFIGFS_FIDO2)/UDC
+
+uninstall:
+	echo "" > $(CONFIGFS_FIDO2)/UDC
+	rm $(CONFIGFS_FIDO2)/configs/c.1/hid.usb0
+	rmdir $(CONFIGFS_FIDO2)/configs/c.1/strings/0x409
+	rmdir $(CONFIGFS_FIDO2)/configs/c.1
+	rmdir $(CONFIGFS_FIDO2)/functions/hid.usb0
+	rmdir $(CONFIGFS_FIDO2)/strings/0x409
+	rmdir $(CONFIGFS_FIDO2)
+	rmmod dummy_hcd.ko
+
+dummy_hcd.ko: dummy_hcd.c
+	$(MAKE) -C /lib/modules/$(KERNEL_FULL_VERSION)/build M=$(TOP) modules
+
+dummy_hcd.c: /usr/src/linux-source-$(KERNEL_VERSION).tar.bz2
+	tar -xvf $^ linux-source-$(KERNEL_VERSION)/drivers/usb/gadget/udc/dummy_hcd.c
+	cp linux-source-$(KERNEL_VERSION)/drivers/usb/gadget/udc/dummy_hcd.c $@
+
+clean:
+	$(MAKE) -C /lib/modules/$(KERNEL_FULL_VERSION)/build M=$(TOP) clean
+	rm -rf linux-source-$(KERNEL_VERSION)
+	rm -f dummy_hcd.c
+
+

tools/requirements.txt

@@ -2,5 +2,6 @@ ecdsa
 fido2
 intelhex
 pyserial
+solo-python
 pyusb
 wheel

tools/test_sw_token.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+./main
+
+while [ $? == 100 ] ; do
+    echo "Restarting software authentictor."
+    ./main
+done

tools/testing/main.py

@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Copyright 2019 SoloKeys Developers
+#
+# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
+# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
+# http://opensource.org/licenses/MIT>, at your option. This file may not be
+# copied, modified, or distributed except according to those terms.
+#
+
+# Script for testing correctness of CTAP2/CTAP1 security token
+
+import sys
+
+from solo.fido2 import force_udp_backend
+from tests import Tester, FIDO2Tests, U2FTests, HIDTests, SoloTests
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("Usage: %s [sim] <[u2f]|[fido2]|[rk]|[hid]|[ping]>")
+        sys.exit(0)
+
+    t = Tester()
+    t.set_user_count(3)
+
+    if "sim" in sys.argv:
+        print("Using UDP backend.")
+        force_udp_backend()
+        t.set_sim(True)
+        t.set_user_count(10)
+
+    t.find_device()
+
+    if "solo" in sys.argv:
+        SoloTests(t).run()
+
+    if "u2f" in sys.argv:
+        U2FTests(t).run()
+
+    if "fido2" in sys.argv:
+        # t.test_fido2()
+        FIDO2Tests(t).run()
+
+    # hid tests are a bit invasive and should be done last
+    if "hid" in sys.argv:
+        HIDTests(t).run()
+
+    if "bootloader" in sys.argv:
+        if t.is_sim:
+            raise RuntimeError("Cannot test bootloader in simulation yet.")
+        # print("Put device in bootloader mode and then hit enter")
+        # input()
+        # t.test_bootloader()
+
+    # t.test_responses()
+    # t.test_fido2_brute_force()

tools/testing/tests/__init__.py

@@ -0,0 +1,11 @@
+from . import fido2
+from . import hid
+from . import solo
+from . import u2f
+from . import tester
+
+FIDO2Tests = fido2.FIDO2Tests
+HIDTests = hid.HIDTests
+U2FTests = u2f.U2FTests
+SoloTests = solo.SoloTests
+Tester = tester.Tester

tools/testing/tests/hid.py

@@ -0,0 +1,252 @@
+import sys, os, time
+from binascii import hexlify
+
+from fido2.hid import CTAPHID
+from fido2.ctap import CtapError
+
+from .tester import Tester, Test
+
+
+class HIDTests(Tester):
+    def __init__(self, tester=None):
+        super().__init__(tester)
+        self.check_timeouts = False
+
+    def set_check_timeouts(self, en):
+        self.check_timeouts = en
+
+    def run(self,):
+        self.test_long_ping()
+        self.test_hid(self.check_timeouts)
+
+    def test_long_ping(self):
+        amt = 1000
+        pingdata = os.urandom(amt)
+        with Test("Send %d byte ping" % amt):
+            try:
+                t1 = time.time() * 1000
+                r = self.send_data(CTAPHID.PING, pingdata)
+                t2 = time.time() * 1000
+                delt = t2 - t1
+                # if (delt < 140 ):
+                # raise RuntimeError('Fob is too fast (%d ms)' % delt)
+                if delt > 555 * (amt / 1000):
+                    raise RuntimeError("Fob is too slow (%d ms)" % delt)
+                if r != pingdata:
+                    raise ValueError("Ping data not echo'd")
+            except CtapError:
+                raise RuntimeError("ping failed")
+
+        sys.stdout.flush()
+
+    def test_hid(self, check_timeouts=False):
+        if check_timeouts:
+            with Test("idle"):
+                try:
+                    cmd, resp = self.recv_raw()
+                except socket.timeout:
+                    pass
+
+        with Test("init"):
+            r = self.send_data(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11")
+
+        with Test("100 byte ping"):
+            pingdata = os.urandom(100)
+            try:
+                r = self.send_data(CTAPHID.PING, pingdata)
+                if r != pingdata:
+                    raise ValueError("Ping data not echo'd")
+            except CtapError as e:
+                print("100 byte Ping failed:", e)
+                raise RuntimeError("ping failed")
+
+        self.test_long_ping()
+
+        with Test("Wink"):
+            r = self.send_data(CTAPHID.WINK, "")
+
+        with Test("CBOR msg with no data"):
+            try:
+                r = self.send_data(CTAPHID.CBOR, "")
+                if len(r) > 1 or r[0] == 0:
+                    raise RuntimeError("Cbor is supposed to have payload")
+            except CtapError as e:
+                assert e.code == CtapError.ERR.INVALID_LENGTH
+
+        with Test("No data in U2F msg"):
+            try:
+                r = self.send_data(CTAPHID.MSG, "")
+                print(hexlify(r))
+                if len(r) > 2:
+                    raise RuntimeError("MSG is supposed to have payload")
+            except CtapError as e:
+                assert e.code == CtapError.ERR.INVALID_LENGTH
+
+        with Test("Use init command to resync"):
+            r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+
+        with Test("Invalid HID command"):
+            try:
+                r = self.send_data(0x66, "")
+                raise RuntimeError("Invalid command did not return error")
+            except CtapError as e:
+                assert e.code == CtapError.ERR.INVALID_COMMAND
+
+        with Test("Sending packet with too large of a length."):
+            self.send_raw("\x81\x1d\xba\x00")
+            cmd, resp = self.recv_raw()
+            Tester.check_error(resp, CtapError.ERR.INVALID_LENGTH)
+
+        r = self.send_data(CTAPHID.PING, "\x44" * 200)
+        with Test("Sending packets that skip a sequence number."):
+            self.send_raw("\x81\x04\x90")
+            self.send_raw("\x00")
+            self.send_raw("\x01")
+            # skip 2
+            self.send_raw("\x03")
+            cmd, resp = self.recv_raw()
+            Tester.check_error(resp, CtapError.ERR.INVALID_SEQ)
+
+        with Test("Resync and send ping"):
+            try:
+                r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+                pingdata = os.urandom(100)
+                r = self.send_data(CTAPHID.PING, pingdata)
+                if r != pingdata:
+                    raise ValueError("Ping data not echo'd")
+            except CtapError as e:
+                raise RuntimeError("resync fail: ", e)
+
+        with Test("Send ping and abort it"):
+            self.send_raw("\x81\x04\x00")
+            self.send_raw("\x00")
+            self.send_raw("\x01")
+            try:
+                r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            except CtapError as e:
+                raise RuntimeError("resync fail: ", e)
+
+        with Test("Send ping and abort it with different cid, expect timeout"):
+            oldcid = self.cid()
+            newcid = "\x11\x22\x33\x44"
+            self.send_raw("\x81\x10\x00")
+            self.send_raw("\x00")
+            self.send_raw("\x01")
+            self.set_cid(newcid)
+            self.send_raw(
+                "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88"
+            )  # init from different cid
+            print("wait for init response")
+            cmd, r = self.recv_raw()  # init response
+            assert cmd == 0x86
+            self.set_cid(oldcid)
+            if check_timeouts:
+                # print('wait for timeout')
+                cmd, r = self.recv_raw()  # timeout response
+                assert cmd == 0xBF
+
+        with Test("Test timeout"):
+            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            t1 = time.time() * 1000
+            self.send_raw("\x81\x04\x00")
+            self.send_raw("\x00")
+            self.send_raw("\x01")
+            cmd, r = self.recv_raw()  # timeout response
+            t2 = time.time() * 1000
+            delt = t2 - t1
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.TIMEOUT
+            assert delt < 1000 and delt > 400
+
+        with Test("Test not cont"):
+            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            self.send_raw("\x81\x04\x00")
+            self.send_raw("\x00")
+            self.send_raw("\x01")
+            self.send_raw("\x81\x10\x00")  # init packet
+            cmd, r = self.recv_raw()  # timeout response
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.INVALID_SEQ
+
+        if check_timeouts:
+            with Test("Check random cont ignored"):
+                self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+                self.send_raw("\x01\x10\x00")
+                try:
+                    cmd, r = self.recv_raw()  # timeout response
+                except socket.timeout:
+                    pass
+
+        with Test("Check busy"):
+            t1 = time.time() * 1000
+            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            oldcid = self.cid()
+            newcid = "\x11\x22\x33\x44"
+            self.send_raw("\x81\x04\x00")
+            self.set_cid(newcid)
+            self.send_raw("\x81\x04\x00")
+            cmd, r = self.recv_raw()  # busy response
+            t2 = time.time() * 1000
+            assert t2 - t1 < 100
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.CHANNEL_BUSY
+
+            self.set_cid(oldcid)
+            cmd, r = self.recv_raw()  # timeout response
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.TIMEOUT
+
+        with Test("Check busy interleaved"):
+            cid1 = "\x11\x22\x33\x44"
+            cid2 = "\x01\x22\x33\x44"
+            self.set_cid(cid2)
+            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            self.set_cid(cid1)
+            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
+            self.send_raw("\x81\x00\x63")  # echo 99 bytes first channel
+
+            self.set_cid(cid2)  # send ping on 2nd channel
+            self.send_raw("\x81\x00\x63")
+            Tester.delay(0.1)
+            self.send_raw("\x00")
+
+            cmd, r = self.recv_raw()  # busy response
+
+            self.set_cid(cid1)  # finish 1st channel ping
+            self.send_raw("\x00")
+
+            self.set_cid(cid2)
+
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.CHANNEL_BUSY
+
+            self.set_cid(cid1)
+            cmd, r = self.recv_raw()  # ping response
+            assert cmd == 0x81
+            assert len(r) == 0x63
+
+        if check_timeouts:
+            with Test("Test idle, wait for timeout"):
+                sys.stdout.flush()
+                try:
+                    cmd, resp = self.recv_raw()
+                except socket.timeout:
+                    pass
+
+        with Test("Test cid 0 is invalid"):
+            self.set_cid("\x00\x00\x00\x00")
+            self.send_raw(
+                "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00"
+            )
+            cmd, r = self.recv_raw()  # timeout
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.INVALID_CHANNEL
+
+        with Test("Test invalid broadcast cid use"):
+            self.set_cid("\xff\xff\xff\xff")
+            self.send_raw(
+                "\x81\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\xff\xff\xff\xff"
+            )
+            cmd, r = self.recv_raw()  # timeout
+            assert cmd == 0xBF
+            assert r[0] == CtapError.ERR.INVALID_CHANNEL

tools/testing/tests/solo.py

@@ -0,0 +1,83 @@
+from solo.client import SoloClient
+from solo.commands import SoloExtension
+
+from fido2.ctap1 import ApduError
+from fido2.utils import sha256
+
+from .util import shannon_entropy
+from .tester import Tester, Test
+
+
+class SoloTests(Tester):
+    def __init__(self, tester=None):
+        super().__init__(tester)
+
+    def run(self,):
+        self.test_solo()
+
+    def test_solo(self,):
+        """
+        Solo specific tests
+        """
+        # RNG command
+        sc = SoloClient()
+        sc.find_device(self.dev)
+        sc.use_u2f()
+        memmap = (0x08005000, 0x08005000 + 198 * 1024 - 8)
+
+        total = 1024 * 16
+        with Test("Gathering %d random bytes..." % total):
+            entropy = b""
+            while len(entropy) < total:
+                entropy += sc.get_rng()
+
+        with Test("Test entropy is close to perfect"):
+            s = shannon_entropy(entropy)
+            assert s > 7.98
+        print("Entropy is %.5f bits per byte." % s)
+
+        with Test("Test Solo version command"):
+            assert len(sc.solo_version()) == 3
+
+        with Test("Test bootloader is not active"):
+            try:
+                sc.write_flash(memmap[0], b"1234")
+            except ApduError:
+                pass
+
+        sc.exchange = sc.exchange_fido2
+
+        req = SoloClient.format_request(SoloExtension.version, 0, b"A" * 16)
+        a = sc.ctap2.get_assertion(
+            sc.host, b"B" * 32, [{"id": req, "type": "public-key"}]
+        )
+
+        with Test("Test custom command returned valid assertion"):
+            assert a.auth_data.rp_id_hash == sha256(sc.host.encode("utf8"))
+            assert a.credential["id"] == req
+            assert (a.auth_data.flags & 0x5) == 0x5
+
+        with Test("Test Solo version and random commands with fido2 layer"):
+            assert len(sc.solo_version()) == 3
+            sc.get_rng()
+
+    def test_bootloader(self,):
+        sc = SoloClient()
+        sc.find_device(self.dev)
+        sc.use_u2f()
+
+        memmap = (0x08005000, 0x08005000 + 198 * 1024 - 8)
+        data = b"A" * 64
+
+        with Test("Test version command"):
+            assert len(sc.bootloader_version()) == 3
+
+        with Test("Test write command"):
+            sc.write_flash(memmap[0], data)
+
+        for addr in (memmap[0] - 8, memmap[0] - 4, memmap[1], memmap[1] - 8):
+            with Test("Test out of bounds write command at 0x%04x" % addr):
+                try:
+                    sc.write_flash(addr, data)
+                except CtapError as e:
+                    assert e.code == CtapError.ERR.NOT_ALLOWED

tools/testing/tests/tester.py

@@ -0,0 +1,204 @@
+import time, struct
+
+from fido2.hid import CtapHidDevice
+from fido2.client import Fido2Client
+from fido2.ctap1 import CTAP1
+from fido2.utils import Timeout
+
+from fido2.ctap import CtapError
+
+
+def ForceU2F(client, device):
+    client.ctap = CTAP1(device)
+    client.pin_protocol = None
+    client._do_make_credential = client._ctap1_make_credential
+    client._do_get_assertion = client._ctap1_get_assertion
+
+
+class Packet(object):
+    def __init__(self, data):
+        self.data = data
+
+    def ToWireFormat(self,):
+        return self.data
+
+    @staticmethod
+    def FromWireFormat(pkt_size, data):
+        return Packet(data)
+
+
+class Test:
+    def __init__(self, msg, catch=None):
+        self.msg = msg
+        self.catch = catch
+
+    def __enter__(self,):
+        print(self.msg)
+
+    def __exit__(self, a, b, c):
+        if self.catch is None:
+            print("Pass")
+        elif isinstance(b, self.catch):
+            print("Pass")
+            return b
+        else:
+            raise RuntimeError(f"Expected exception {self.catch} did not occur.")
+
+
+class Tester:
+    def __init__(self, tester=None):
+        self.origin = "https://examplo.org"
+        self.host = "examplo.org"
+        self.user_count = 10
+        self.is_sim = False
+        if tester:
+            self.initFromTester(tester)
+
+    def initFromTester(self, tester):
+        self.user_count = tester.user_count
+        self.is_sim = tester.is_sim
+        self.dev = tester.dev
+        self.ctap = tester.ctap
+        self.ctap1 = tester.ctap1
+        self.client = tester.client
+
+    def find_device(self,):
+        print(list(CtapHidDevice.list_devices()))
+        dev = next(CtapHidDevice.list_devices(), None)
+        if not dev:
+            raise RuntimeError("No FIDO device found")
+        self.dev = dev
+        self.client = Fido2Client(dev, self.origin)
+        self.ctap = self.client.ctap2
+        self.ctap1 = CTAP1(dev)
+
+        # consume timeout error
+        # cmd,resp = self.recv_raw()
+
+    def set_user_count(self, count):
+        self.user_count = count
+
+    def set_sim(self, b):
+        self.is_sim = b
+
+    def reboot(self,):
+        if self.is_sim:
+            print("Sending restart command...")
+            self.send_magic_reboot()
+            Tester.delay(0.25)
+        else:
+            print("Please reboot authentictor and hit enter")
+            input()
+            self.find_device()
+
+    def send_data(self, cmd, data):
+        if not isinstance(data, bytes):
+            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
+        with Timeout(1.0) as event:
+            return self.dev.call(cmd, data, event)
+
+    def send_raw(self, data, cid=None):
+        if cid is None:
+            cid = self.dev._dev.cid
+        elif not isinstance(cid, bytes):
+            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
+        if not isinstance(data, bytes):
+            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
+        data = cid + data
+        l = len(data)
+        if l != 64:
+            pad = "\x00" * (64 - l)
+            pad = struct.pack("%dB" % len(pad), *[ord(x) for x in pad])
+            data = data + pad
+        data = list(data)
+        assert len(data) == 64
+        self.dev._dev.InternalSendPacket(Packet(data))
+
+    def send_magic_reboot(self,):
+        """
+        For use in simulation and testing.  Random bytes that authentictor should detect
+        and then restart itself.
+        """
+        magic_cmd = (
+            b"\xac\x10\x52\xca\x95\xe5\x69\xde\x69\xe0\x2e\xbf"
+            + b"\xf3\x33\x48\x5f\x13\xf9\xb2\xda\x34\xc5\xa8\xa3"
+            + b"\x40\x52\x66\x97\xa9\xab\x2e\x0b\x39\x4d\x8d\x04"
+            + b"\x97\x3c\x13\x40\x05\xbe\x1a\x01\x40\xbf\xf6\x04"
+            + b"\x5b\xb2\x6e\xb7\x7a\x73\xea\xa4\x78\x13\xf6\xb4"
+            + b"\x9a\x72\x50\xdc"
+        )
+        self.dev._dev.InternalSendPacket(Packet(magic_cmd))
+
+    def cid(self,):
+        return self.dev._dev.cid
+
+    def set_cid(self, cid):
+        if not isinstance(cid, (bytes, bytearray)):
+            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
+        self.dev._dev.cid = cid
+
+    def recv_raw(self,):
+        with Timeout(1.0):
+            cmd, payload = self.dev._dev.InternalRecv()
+        return cmd, payload
+
+    def check_error(data, err=None):
+        assert len(data) == 1
+        if err is None:
+            if data[0] != 0:
+                raise CtapError(data[0])
+        elif data[0] != err:
+            raise ValueError("Unexpected error: %02x" % data[0])
+
+    def testFunc(self, func, test, *args, **kwargs):
+        with Test(test):
+            res = None
+            expectedError = kwargs.get("expectedError", None)
+            otherArgs = kwargs.get("other", {})
+            try:
+                res = func(*args, **otherArgs)
+                if expectedError != CtapError.ERR.SUCCESS:
+                    raise RuntimeError("Expected error to occur for test: %s" % test)
+            except CtapError as e:
+                if expectedError is not None:
+                    cond = e.code != expectedError
+                    if isinstance(expectedError, list):
+                        cond = e.code not in expectedError
+                    else:
+                        expectedError = [expectedError]
+                    if cond:
+                        raise RuntimeError(
+                            f"Got error code {hex(e.code)}, expected {[hex(x) for x in expectedError]}"
+                        )
+                else:
+                    print(e)
+        return res
+
+    def testReset(self,):
+        print("Resetting Authenticator...")
+        try:
+            self.ctap.reset()
+        except CtapError:
+            # Some authenticators need a power cycle
+            print("You must power cycle authentictor.  Hit enter when done.")
+            input()
+            time.sleep(0.2)
+            self.find_device()
+            self.ctap.reset()
+
+    def testMC(self, test, *args, **kwargs):
+        return self.testFunc(self.ctap.make_credential, test, *args, **kwargs)
+
+    def testGA(self, test, *args, **kwargs):
+        return self.testFunc(self.ctap.get_assertion, test, *args, **kwargs)
+
+    def testCP(self, test, *args, **kwargs):
+        return self.testFunc(self.ctap.client_pin, test, *args, **kwargs)
+
+    def testPP(self, test, *args, **kwargs):
+        return self.testFunc(
+            self.client.pin_protocol.get_pin_token, test, *args, **kwargs
+        )
+
+    def delay(secs):
+        time.sleep(secs)

tools/testing/tests/u2f.py

@@ -0,0 +1,121 @@
+from fido2.ctap1 import CTAP1, ApduError, APDU
+from fido2.utils import sha256
+from fido2.client import _call_polling
+
+from .tester import Tester, Test
+
+
+class U2FTests(Tester):
+    def __init__(self, tester=None):
+        super().__init__(tester)
+
+    def run(self,):
+        self.test_u2f()
+
+    def register(self, chal, appid):
+        reg_data = _call_polling(0.25, None, None, self.ctap1.register, chal, appid)
+        return reg_data
+
+    def authenticate(self, chal, appid, key_handle, check_only=False):
+        auth_data = _call_polling(
+            0.25,
+            None,
+            None,
+            self.ctap1.authenticate,
+            chal,
+            appid,
+            key_handle,
+            check_only=check_only,
+        )
+        return auth_data
+
+    def test_u2f(self,):
+        chal = sha256(b"AAA")
+        appid = sha256(b"BBB")
+        lastc = 0
+
+        regs = []
+
+        with Test("Check version"):
+            assert self.ctap1.get_version() == "U2F_V2"
+
+        with Test("Check bad INS"):
+            try:
+                self.ctap1.send_apdu(0, 0, 0, 0, b"")
+            except ApduError as e:
+                assert e.code == 0x6D00
+
+        with Test("Check bad CLA"):
+            try:
+                self.ctap1.send_apdu(1, CTAP1.INS.VERSION, 0, 0, b"abc")
+            except ApduError as e:
+                assert e.code == 0x6E00
+
+        for i in range(0, self.user_count):
+            with Test(
+                "U2F reg + auth %d/%d (count: %02x)" % (i + 1, self.user_count, lastc)
+            ):
+                reg = self.register(chal, appid)
+                reg.verify(appid, chal)
+                auth = self.authenticate(chal, appid, reg.key_handle)
+                auth.verify(appid, chal, reg.public_key)
+
+                regs.append(reg)
+                # check endianness
+                if lastc:
+                    assert (auth.counter - lastc) < 10
+                lastc = auth.counter
+                if lastc > 0x80000000:
+                    print("WARNING: counter is unusually high: %04x" % lastc)
+                    assert 0
+
+        for i in range(0, self.user_count):
+            with Test(
+                "Checking previous registration %d/%d" % (i + 1, self.user_count)
+            ):
+                auth = self.authenticate(chal, appid, regs[i].key_handle)
+                auth.verify(appid, chal, regs[i].public_key)
+
+        print("Check that all previous credentials are registered...")
+        for i in range(0, self.user_count):
+            with Test("Check that previous credential %d is registered" % i):
+                try:
+                    auth = self.ctap1.authenticate(
+                        chal, appid, regs[i].key_handle, check_only=True
+                    )
+                except ApduError as e:
+                    # Indicates that key handle is registered
+                    assert e.code == APDU.USE_NOT_SATISFIED
+
+        with Test("Check an incorrect key handle is not registered"):
+            kh = bytearray(regs[0].key_handle)
+            kh[0] = kh[0] ^ (0x40)
+            try:
+                self.ctap1.authenticate(chal, appid, kh, check_only=True)
+                assert 0
+            except ApduError as e:
+                assert e.code == APDU.WRONG_DATA
+
+        with Test("Try to sign with incorrect key handle"):
+            try:
+                self.ctap1.authenticate(chal, appid, kh)
+                assert 0
+            except ApduError as e:
+                assert e.code == APDU.WRONG_DATA
+
+        with Test("Try to sign using an incorrect keyhandle length"):
+            try:
+                kh = regs[0].key_handle
+                self.ctap1.authenticate(chal, appid, kh[: len(kh) // 2])
+                assert 0
+            except ApduError as e:
+                assert e.code == APDU.WRONG_DATA
+
+        with Test("Try to sign using an incorrect appid"):
+            badid = bytearray(appid)
+            badid[0] = badid[0] ^ (0x40)
+            try:
+                auth = self.ctap1.authenticate(chal, badid, regs[0].key_handle)
+                assert 0
+            except ApduError as e:
+                assert e.code == APDU.WRONG_DATA

tools/testing/tests/util.py

@@ -0,0 +1,12 @@
+import math
+
+
+def shannon_entropy(data):
+    s = 0.0
+    total = len(data)
+    for x in range(0, 256):
+        freq = data.count(x)
+        p = freq / total
+        if p > 0:
+            s -= p * math.log2(p)
+    return s

udev/70-solokeys-access.rules

@@ -0,0 +1,19 @@
+# Notify ModemManager this device should be ignored
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
+
+ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+
+
+# Solo bootloader + firmware access
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+
+# ST DFU access
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+# U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess"

udev/70-solokeys-legacy-access.rules

@@ -0,0 +1,19 @@
+# Notify ModemManager this device should be ignored
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
+
+ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+
+
+# Solo bootloader + firmware access
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", MODE="0660", GROUP="plugdev"
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", MODE="0660", GROUP="plugdev"
+
+# ST DFU access
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0660", GROUP="plugdev"
+
+# U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", MODE="0660", GROUP="plugdev"

udev/71-solokeys-symlinks.rules

@@ -0,0 +1,17 @@
+# TODO: would like to lookup ID_SERIAL_SHORT from `usb` SUBSYSTEM
+#       but link on `hidraw` subsystem level
+#       and end up with symlinks `/dev/solo[hacker|secure]-<serial>`
+
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", SYMLINK+="solo-$env{ID_SERIAL_SHORT}-%n"
+## Solo Secure symlinks
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo [1-9]*", SYMLINK+="solosecure-$env{ID_SERIAL_SHORT}-%n"
+## Solo Hacker symlinks
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo Hacker [1-9]*", SYMLINK+="solohacker-$env{ID_SERIAL_SHORT}-%n"
+## Solo Serial access + symlink
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", SYMLINK+="soloserial"
+
+# Non-unique rules (breakdown if multiple Solos are plugged in)
+## Solo
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", SYMLINK+="solo"
+## U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", SYMLINK+="u2fzero"

udev/Makefile

@@ -0,0 +1,30 @@
+# On modern systems, udev has a TAG uaccess, which is used in 73-seat-late.rules
+# On older systems, we use GROUP plugdev with MODE
+# --> Try `make setup` first, if it doesn't work, try `make legacy-setup`.
+#
+# The symlinks are optional, install with `make symlinks`.
+#
+# We keep 99-solo.rules in the parent directory but deprecate it,
+# remove when documentation is updated.
+
+
+setup: install activate
+legacy-setup: install-legacy activate
+
+# Symlinks can be setup, we don't officially supply any
+# symlinks: install-symlinks activate
+
+RULES_PATH=/etc/udev/rules.d
+
+activate:
+	sudo udevadm control --reload-rules
+	sudo udevadm trigger
+
+install:
+	sudo cp $(PWD)/70-solokeys-access.rules ${RULES_PATH}/70-solokeys-access.rules
+
+install-legacy:
+	sudo cp $(PWD)/70-solokeys-legacy-access.rules ${RULES_PATH}/70-solokeys-access.rules
+
+# install-symlinks:
+# 	sudo cp $(PWD)/71-solokeys-symlinks.rules ${RULES_PATH}/71-solokeys-symlinks.rules

udev/README.md

@@ -0,0 +1,14 @@
+This is for Linux systems only.
+
+To install the official SoloKeys udev rules, allowing access to your key, run
+
+```
+make install
+```
+
+This should work assuming your system is reasonably up-to-date. If not, try
+
+```
+make install-legacy
+```
+