add checking some rare case in iso14443-4 chaining. add NAK checking and aborting the data sending.

return SW_WRONG_LENGTH for incorrect lc
docs: update .all-contributorsrc
2019-08-31 02:12:05 +08:00 · 2019-08-30 16:37:17 +08:00 · 2019-08-30 01:46:40 +02:00 · 2019-08-30 01:46:40 +02:00 · 2019-08-29 22:05:10 +08:00 · 2019-08-23 22:25:22 +08:00
11 changed files with 120 additions and 57 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@ -168,6 +168,25 @@
        "infra",
        "tool"
      ]
+    },
+    {
+      "login": "kimusan",
+      "name": "Kim Schulz",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/1150049?v=4",
+      "profile": "http://www.schulz.dk",
+      "contributions": [
+        "business",
+        "ideas"
+      ]
+    },
+    {
+      "login": "oplik0",
+      "name": "Jakub",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/25460763?v=4",
+      "profile": "https://github.com/oplik0",
+      "contributions": [
+        "bug"
+      ]
    }
  ],
  "contributorsPerLine": 7,
--- a/README.md
+++ b/README.md
@ -134,6 +134,8 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
    <td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
    <td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
    <td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
+    <td align="center"><a href="http://www.schulz.dk"><img src="https://avatars1.githubusercontent.com/u/1150049?v=4" width="100px;" alt="Kim Schulz"/><br /><sub><b>Kim Schulz</b></sub></a><br /><a href="#business-kimusan" title="Business development">💼</a> <a href="#ideas-kimusan" title="Ideas, Planning, & Feedback">🤔</a></td>
+    <td align="center"><a href="https://github.com/oplik0"><img src="https://avatars2.githubusercontent.com/u/25460763?v=4" width="100px;" alt="Jakub"/><br /><sub><b>Jakub</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Aoplik0" title="Bug reports">🐛</a></td>
  </tr>
 </table>

@ -167,7 +169,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
 <br/>

 [![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
-[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
+[![All Contributors](https://img.shields.io/badge/all_contributors-19-orange.svg?style=flat-square)](#contributors)
 [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
 [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
 [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
--- a/2
+++ b/2
@ -1 +1 @@
-2.4.3
+2.5.1
--- a/fido2/apdu.c
+++ b/fido2/apdu.c
@ -9,7 +9,7 @@

 #include "apdu.h"

-int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) 
+uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) 
 {
    EXT_APDU_HEADER *hapdu = (EXT_APDU_HEADER *)data;
    
@ -63,6 +63,11 @@ int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
    {
        uint16_t extlen = (hapdu->lc[1] << 8) + hapdu->lc[2];

+        if (len - 7 < extlen)
+        {
+            return SW_WRONG_LENGTH;
+        }
+        
         // case 2E (Le) - extended
        if (len == 7)
        {
@ -103,9 +108,18 @@ int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
            apdu->le = 0x10000;
        }
    }
+    else
+    {
+        if ((len > 5) && (len - 5 < hapdu->lc[0]))
+        {
+            return SW_WRONG_LENGTH;
+        }
+    }
    
    if (!apdu->case_type)
-        return 1;
+    {
+        return SW_COND_USE_NOT_SATISFIED;
+    }
    
    if (apdu->lc)
    {
--- a/fido2/apdu.h
+++ b/fido2/apdu.h
@ -36,7 +36,7 @@ typedef struct
    uint8_t case_type;
 } __attribute__((packed)) APDU_STRUCT;

-extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
+extern uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);

 #define APDU_FIDO_U2F_REGISTER        0x01
 #define APDU_FIDO_U2F_AUTHENTICATE    0x02
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -437,7 +437,19 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
 static int ctap2_user_presence_test()
 {
    device_set_status(CTAPHID_STATUS_UPNEEDED);
-    return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+    int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+    if ( ret > 0 )
+    {
+        return CTAP1_ERR_SUCCESS;
+    }
+    else if (ret < 0)
+    {
+        return CTAP2_ERR_KEEPALIVE_CANCEL;
+    }
+    else
+    {
+        return CTAP2_ERR_ACTION_TIMEOUT;
+    }
 }

 static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
@ -470,19 +482,11 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
    int but;

    but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
-
-    if (!but)
-    {
-        return CTAP2_ERR_OPERATION_DENIED;
-    }
-    else if (but < 0)   // Cancel
-    {
-        return CTAP2_ERR_KEEPALIVE_CANCEL;
-    }
+    check_retr(but);
    
    device_set_status(CTAPHID_STATUS_PROCESSING);

-    authData->head.flags = (but << 0);
+    authData->head.flags = (1 << 0);        // User presence
    authData->head.flags |= (ctap_is_pin_set() << 2);


@ -707,10 +711,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
    }
    if (MC.pinAuthEmpty)
    {
-        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
-        {
-                return CTAP2_ERR_OPERATION_DENIED;
-        }
+        check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) );
        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
@ -1143,10 +1144,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

    if (GA.pinAuthEmpty)
    {
-        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
-        {
-                return CTAP2_ERR_OPERATION_DENIED;
-        }
+        check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) );
        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if (GA.pinAuthPresent)
@ -1656,14 +1654,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        case CTAP_RESET:
            printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
+            status = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
+            if (status == CTAP1_ERR_SUCCESS)
            {
                ctap_reset();
            }
-            else
-            {
-                status = CTAP2_ERR_OPERATION_DENIED;
-            }
            break;
        case GET_NEXT_ASSERTION:
            printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n");
--- a/fido2/ctap.h
+++ b/fido2/ctap.h
@ -131,7 +131,7 @@
 #define PIN_LOCKOUT_ATTEMPTS        8       // Number of attempts total
 #define PIN_BOOT_ATTEMPTS           3       // number of attempts per boot

-#define CTAP2_UP_DELAY_MS           5000
+#define CTAP2_UP_DELAY_MS           29000

 typedef struct
 {
--- a/fido2/ctap_errors.h
+++ b/fido2/ctap_errors.h
@ -49,6 +49,7 @@
 #define CTAP2_ERR_PIN_POLICY_VIOLATION      0x37
 #define CTAP2_ERR_PIN_TOKEN_EXPIRED         0x38
 #define CTAP2_ERR_REQUEST_TOO_LARGE         0x39
+#define CTAP2_ERR_ACTION_TIMEOUT            0x3A
 #define CTAP1_ERR_OTHER                     0x7F
 #define CTAP2_ERR_SPEC_LAST                 0xDF
 #define CTAP2_ERR_EXTENSION_FIRST           0xE0
--- a/targets/stm32l432/src/device.c
+++ b/targets/stm32l432/src/device.c
@ -55,11 +55,43 @@ static int is_physical_button_pressed()

 static int is_touch_button_pressed()
 {
-    return tsc_read_button(0) || tsc_read_button(1);
+    int is_pressed = (tsc_read_button(0) || tsc_read_button(1));
+#ifndef IS_BOOTLOADER
+    if (is_pressed)
+    {
+        // delay for debounce, and longer than polling timer period.
+        delay(95);
+        return (tsc_read_button(0) || tsc_read_button(1));
+    }
+#endif
+    return is_pressed;
 }

 int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;

+static void edge_detect_touch_button()
+{
+    static uint8_t last_touch = 0;
+    uint8_t current_touch = 0;
+    if (is_touch_button_pressed == IS_BUTTON_PRESSED)
+    {
+        current_touch = (tsc_read_button(0) || tsc_read_button(1));
+
+        // 1 sample per 25 ms
+        if ((millis() - __last_button_bounce_time) > 25)
+        {
+            // Detect "touch / rising edge"
+            if (!last_touch && current_touch)
+            {
+                __last_button_press_time = millis();
+            }
+            __last_button_bounce_time = millis();
+            last_touch = current_touch;
+        }
+    }
+
+}
+
 void request_from_nfc(bool request_active) {
    _RequestComeFromNFC = request_active;
 }
@ -78,19 +110,7 @@ void TIM6_DAC_IRQHandler()
        }
    }

-
-    if (is_touch_button_pressed == IS_BUTTON_PRESSED)
-    {
-        if (IS_BUTTON_PRESSED())
-        {
-            // Only allow 1 press per 25 ms.
-            if ((millis() - __last_button_bounce_time) > 25)
-            {
-                __last_button_press_time = millis();
-            }
-            __last_button_bounce_time = millis();
-        }
-    }
+    edge_detect_touch_button();

 #ifndef IS_BOOTLOADER
 	// NFC sending WTX if needs
@ -142,7 +162,6 @@ void device_set_status(uint32_t status)

 int device_is_button_pressed()
 {
-
    return IS_BUTTON_PRESSED();
 }

--- a/targets/stm32l432/src/nfc.c
+++ b/targets/stm32l432/src/nfc.c
@ -228,6 +228,8 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len)
 	{
 		uint8_t res[32] = {0};
        res[0] = iBlock;
+        res[1] = 0;
+        res[2] = 0;
 		if (len && data)
 			memcpy(&res[block_offset], data, len);
 		nfc_write_frame(res, len + block_offset);
@ -269,6 +271,19 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len)
 					break;
 				}
                
+                if (!IS_RBLOCK(recbuf[0]))
+                {
+					printf1(TAG_NFC, "R block RX error. Not a R block(0x%02x) %d/%d.\r\n", recbuf[0], sendlen, len);
+					break;
+				}
+                
+                // NAK check
+                if (recbuf[0] & NFC_CMD_RBLOCK_ACK)
+                {
+					printf1(TAG_NFC, "R block RX error. NAK received. %d/%d.\r\n", recbuf[0], sendlen, len);
+					break;
+                }
+
                uint8_t rblock_offset = p14443_block_offset(recbuf[0]);
 				if (reclen != rblock_offset)
 				{
@ -466,7 +481,8 @@ void rblock_acknowledge(uint8_t req0, bool ack)
    NFC_STATE.block_num = !NFC_STATE.block_num;

    buf[0] = NFC_CMD_RBLOCK | (req0 & 0x0f);
-    if (ack)
+    // iso14443-4:2001 page 16. ACK, if bit is set to 0, NAK, if bit is set to 1
+    if (!ack)
        buf[0] |= NFC_CMD_RBLOCK_ACK;

    nfc_write_frame(buf, block_offset);
@ -703,9 +719,6 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
 			// WTX_on(WTX_TIME_DEFAULT);
            request_from_nfc(true);
            ctap_response_init(&ctap_resp);
-            delay(1);
-            printf1(TAG_NFC,"[%d] ", apdu->lc);
-            dump_hex1(TAG_NFC, apdu->data, apdu->lc);
            status = ctap_request(apdu->data, apdu->lc, &ctap_resp);
            request_from_nfc(false);
 			// if (!WTX_off())
@ -759,7 +772,8 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
        case  APDU_SOLO_RESET:
            if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) {
                printf1(TAG_NFC, "Reset...\r\n");
-                delay(10);
+                nfc_write_response(buf0, SW_SUCCESS);
+                delay(20);
                device_reboot();
                while(1);
            } else {
@ -786,9 +800,10 @@ void nfc_process_iblock(uint8_t * buf, int len)
    }
    
    APDU_STRUCT apdu;
-    if (apdu_decode(buf + block_offset, len - block_offset, &apdu)) {
+    uint16_t ret = apdu_decode(buf + block_offset, len - block_offset, &apdu);
+    if (ret != 0) {
        printf1(TAG_NFC,"apdu decode error\r\n");
-        nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED);
+        nfc_write_response(buf[0], ret);
        return;
    }
    printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n", 
@ -804,7 +819,6 @@ void nfc_process_iblock(uint8_t * buf, int len)
        
        memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc);
        chain_buffer_len += apdu.lc;
-        delay(1);
        nfc_write_response(buf[0], SW_SUCCESS);
        printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len);
        return;
@ -812,7 +826,6 @@ void nfc_process_iblock(uint8_t * buf, int len)
    
    // if we have ISO 7816 APDU chain - move there all the data
    if (!chain_buffer_tx && chain_buffer_len > 0) {
-        delay(1);
        memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc);
        memmove(apdu.data, chain_buffer, chain_buffer_len);
        apdu.lc += chain_buffer_len; // here apdu struct does not match with memory!
--- a/targets/stm32l432/src/nfc.h
+++ b/targets/stm32l432/src/nfc.h
@ -34,9 +34,9 @@ typedef struct
 #define IS_PPSS_CMD(x)                (((x) & 0xf0) == NFC_CMD_PPSS)
 #define NFC_CMD_IBLOCK                0x00
 #define IS_IBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_IBLOCK) && (((x) & 0x02) == 0x02) )
-#define NFC_CMD_RBLOCK                0x80
-#define NFC_CMD_RBLOCK_ACK            0x20
-#define IS_RBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_RBLOCK) && (((x) & 0x02) == 0x02) )
+#define NFC_CMD_RBLOCK                0xa0
+#define NFC_CMD_RBLOCK_ACK            0x10
+#define IS_RBLOCK(x)                  ( (((x) & 0xe0) == NFC_CMD_RBLOCK) && (((x) & 0x02) == 0x02) )
 #define NFC_CMD_SBLOCK                0xc0
 #define IS_SBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_SBLOCK) && (((x) & 0x02) == 0x02) )
Author	SHA1	Message	Date
merlokk	1ce191343f	add checking some rare case in iso14443-4 chaining. add NAK checking and aborting the data sending.	2019-08-31 02:12:05 +08:00
Conor Patrick	9041e5903c	return SW_WRONG_LENGTH for incorrect lc	2019-08-30 16:37:17 +08:00
allcontributors[bot]	689d471688	docs: update .all-contributorsrc	2019-08-30 01:46:40 +02:00
allcontributors[bot]	8b9e44c3ed	docs: update README.md	2019-08-30 01:46:40 +02:00
Conor Patrick	83dd92d9ba	Update STABLE_VERSION	2019-08-29 22:05:10 +08:00
merlokk	5d3914bc5e	remove delays	2019-08-23 22:25:22 +08:00
Conor Patrick	abe306a649	Merge branch 'master' of github.com:solokeys/solo	2019-08-23 14:53:22 +08:00
Conor Patrick	41ceb78f6c	add user presence to flags	2019-08-23 14:48:21 +08:00
Conor Patrick	8e192f2363	do not delay bootloader	2019-08-23 14:41:26 +08:00
Conor Patrick	affc256ca2	add delay to cap button improve reliability	2019-08-23 14:41:26 +08:00
Conor Patrick	b3ac739a35	make touch sensor edge based to avoid approving >1 transaction	2019-08-23 13:44:06 +08:00
Conor Patrick	3b53537077	refactor fido2 user presence handling & increase timeout to 29s	2019-08-23 13:19:28 +08:00
merlokk	3fad9a7a7d	add response to reset command and delete debug	2019-08-23 10:43:09 +08:00
allcontributors[bot]	8973608f59	docs: update .all-contributorsrc	2019-08-22 22:42:17 +02:00
allcontributors[bot]	8af6505f6d	docs: update README.md	2019-08-22 22:42:17 +02:00
 @ -1 +1 @@
 .4.3
 .5.1