shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

base: shimun:all-contributors/add-oplik0
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert
..
compare: shimun:fixb_build
Branches Tags
shimun:master shimun:master-old shimun:reset-timeout shimun:max_enumeration_issue shimun:hmac-secret-uv shimun:cred_dfs shimun:rgerganov-cred-meta-fix shimun:fix_version_in_build shimun:cbor_safety shimun:backup_improvements shimun:b3.1.1 shimun:aaguid_cert_update shimun:library_refactor shimun:all-contributors/add-Nitrokey shimun:bump3.0.0 shimun:all-contributors/add-ccinelli shimun:simplify_build shimun:move_certs_and_lock_to_data shimun:fido2_on_u2f shimun:redue_bootloader_size shimun:all-contributors/add-jolo1581 shimun:key-backup shimun:ctap2_issues shimun:nfc_conformance shimun:all-contributors/add-oplik0 shimun:ccid shimun:cap_button_delay shimun:all-contributors/add-kimusan shimun:fixb_build shimun:update-udev-docs shimun:nfc_fido2_fixes shimun:documentation_improvements shimun:bump_2.4.3 shimun:fix_cdc_interfaces shimun:cache_button shimun:merlokk-pps_impl shimun:all-contributors/add-szszszsz shimun:windows_hello_error_codes shimun:fix-hmac-secret shimun:fault_tolerance shimun:extapdu shimun:sanitize shimun:persistedkey shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n shimun:4.0.0 shimun:3.1.3 shimun:3.1.2 shimun:3.1.1 shimun:3.1.0 shimun:3.0.1 shimun:3.0.0 shimun:2.5.3 shimun:2.5.2 shimun:2.5.1 shimun:2.5.0 shimun:2.4.3 shimun:2.4.2 shimun:2.4.1 shimun:2.4.0 shimun:2.3.0 shimun:2.2.2 shimun:2.2.1 shimun:2.2.0 shimun:2.1.0 shimun:2.0.0 shimun:1.1.1 shimun:1.1.0 shimun:1.0.2 shimun:1.0.1 shimun:basic-hacker-build shimun:fido2-cert

2 Commits
all-contri ... fixb_build

Author SHA1 Message Date
merlokk
ea6e9ab550 added APDU input chaining 2019-08-21 20:55:57 +03:00
merlokk
31c5b26eb5 fix decoding apdu 2019-08-21 17:30:37 +03:00
11 changed files with 279 additions and 338 deletions
Expand all files Collapse all files

19
.all-contributorsrc
View File

@ -168,25 +168,6 @@
"infra", "infra",
"tool" "tool"
] ]
},
{
"login": "kimusan",
"name": "Kim Schulz",
"avatar_url": "https://avatars1.githubusercontent.com/u/1150049?v=4",
"profile": "http://www.schulz.dk",
"contributions": [
"business",
"ideas"
]
},
{
"login": "oplik0",
"name": "Jakub",
"avatar_url": "https://avatars2.githubusercontent.com/u/25460763?v=4",
"profile": "https://github.com/oplik0",
"contributions": [
"bug"
]
} }
], ],
"contributorsPerLine": 7, "contributorsPerLine": 7,

4
README.md
View File

@ -134,8 +134,6 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
<td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td> <td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
<td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td> <td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
<td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td> <td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
<td align="center"><a href="http://www.schulz.dk"><img src="https://avatars1.githubusercontent.com/u/1150049?v=4" width="100px;" alt="Kim Schulz"/><br /><sub><b>Kim Schulz</b></sub></a><br /><a href="#business-kimusan" title="Business development">💼</a> <a href="#ideas-kimusan" title="Ideas, Planning, & Feedback">🤔</a></td>
<td align="center"><a href="https://github.com/oplik0"><img src="https://avatars2.githubusercontent.com/u/25460763?v=4" width="100px;" alt="Jakub"/><br /><sub><b>Jakub</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Aoplik0" title="Bug reports">🐛</a></td>
</tr> </tr>
</table> </table>
@ -169,7 +167,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
<br/> <br/>
[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE) [![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
[![All Contributors](https://img.shields.io/badge/all_contributors-19-orange.svg?style=flat-square)](#contributors) [![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
[![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo) [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
[![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com) [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
[![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public) [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)

2
STABLE_VERSION
View File

@ -1 +1 @@
2.5.1 2.4.3

4
fido2/apdu.h
View File

@ -42,10 +42,6 @@ extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
#define APDU_FIDO_U2F_AUTHENTICATE 0x02 #define APDU_FIDO_U2F_AUTHENTICATE 0x02
#define APDU_FIDO_U2F_VERSION 0x03 #define APDU_FIDO_U2F_VERSION 0x03
#define APDU_FIDO_NFCCTAP_MSG 0x10 #define APDU_FIDO_NFCCTAP_MSG 0x10
#define APDU_FIDO_U2F_VENDOR_FIRST 0xc0 // First vendor defined command
#define APDU_FIDO_U2F_VENDOR_LAST 0xff // Last vendor defined command
#define APDU_SOLO_RESET 0xee
#define APDU_INS_SELECT 0xA4 #define APDU_INS_SELECT 0xA4
#define APDU_INS_READ_BINARY 0xB0 #define APDU_INS_READ_BINARY 0xB0
#define APDU_GET_RESPONSE 0xC0 #define APDU_GET_RESPONSE 0xC0

43
fido2/ctap.c
View File

@ -437,19 +437,7 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
static int ctap2_user_presence_test() static int ctap2_user_presence_test()
{ {
device_set_status(CTAPHID_STATUS_UPNEEDED); device_set_status(CTAPHID_STATUS_UPNEEDED);
int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS); return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
if ( ret > 0 )
{
return CTAP1_ERR_SUCCESS;
}
else if (ret < 0)
{
return CTAP2_ERR_KEEPALIVE_CANCEL;
}
else
{
return CTAP2_ERR_ACTION_TIMEOUT;
}
} }
static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo) static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
@ -482,11 +470,19 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
int but; int but;
but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS); but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
check_retr(but);
if (!but)
{
return CTAP2_ERR_OPERATION_DENIED;
}
else if (but < 0) // Cancel
{
return CTAP2_ERR_KEEPALIVE_CANCEL;
}
device_set_status(CTAPHID_STATUS_PROCESSING); device_set_status(CTAPHID_STATUS_PROCESSING);
authData->head.flags = (1 << 0); // User presence authData->head.flags = (but << 0);
authData->head.flags |= (ctap_is_pin_set() << 2); authData->head.flags |= (ctap_is_pin_set() << 2);
@ -711,7 +707,10 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
} }
if (MC.pinAuthEmpty) if (MC.pinAuthEmpty)
{ {
check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) ); if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET; return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
} }
if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask) if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
@ -1144,7 +1143,10 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
if (GA.pinAuthEmpty) if (GA.pinAuthEmpty)
{ {
check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) ); if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
{
return CTAP2_ERR_OPERATION_DENIED;
}
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET; return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
} }
if (GA.pinAuthPresent) if (GA.pinAuthPresent)
@ -1654,11 +1656,14 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
break; break;
case CTAP_RESET: case CTAP_RESET:
printf1(TAG_CTAP,"CTAP_RESET\n"); printf1(TAG_CTAP,"CTAP_RESET\n");
status = ctap2_user_presence_test(CTAP2_UP_DELAY_MS); if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
if (status == CTAP1_ERR_SUCCESS)
{ {
ctap_reset(); ctap_reset();
} }
else
{
status = CTAP2_ERR_OPERATION_DENIED;
}
break; break;
case GET_NEXT_ASSERTION: case GET_NEXT_ASSERTION:
printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n"); printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n");

2
fido2/ctap.h
View File

@ -131,7 +131,7 @@
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total #define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot #define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot
#define CTAP2_UP_DELAY_MS 29000 #define CTAP2_UP_DELAY_MS 5000
typedef struct typedef struct
{ {

1
fido2/ctap_errors.h
View File

@ -49,7 +49,6 @@
#define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37 #define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37
#define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38 #define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38
#define CTAP2_ERR_REQUEST_TOO_LARGE 0x39 #define CTAP2_ERR_REQUEST_TOO_LARGE 0x39
#define CTAP2_ERR_ACTION_TIMEOUT 0x3A
#define CTAP1_ERR_OTHER 0x7F #define CTAP1_ERR_OTHER 0x7F
#define CTAP2_ERR_SPEC_LAST 0xDF #define CTAP2_ERR_SPEC_LAST 0xDF
#define CTAP2_ERR_EXTENSION_FIRST 0xE0 #define CTAP2_ERR_EXTENSION_FIRST 0xE0

1
fido2/device.h
View File

@ -30,7 +30,6 @@ void main_loop_delay();
void heartbeat(); void heartbeat();
void device_reboot();
void authenticator_read_state(AuthenticatorState * ); void authenticator_read_state(AuthenticatorState * );

6
pc/device.c
View File

@ -43,11 +43,7 @@ void device_set_status(uint32_t status)
__device_status = status; __device_status = status;
} }
void device_reboot()
{
printf1(TAG_RED, "REBOOT command recieved!\r\n");
exit(100);
}
int udp_server() int udp_server()
{ {

49
targets/stm32l432/src/device.c
View File

@ -55,43 +55,11 @@ static int is_physical_button_pressed()
static int is_touch_button_pressed() static int is_touch_button_pressed()
{ {
int is_pressed = (tsc_read_button(0) || tsc_read_button(1)); return tsc_read_button(0) || tsc_read_button(1);
#ifndef IS_BOOTLOADER
if (is_pressed)
{
// delay for debounce, and longer than polling timer period.
delay(95);
return (tsc_read_button(0) || tsc_read_button(1));
}
#endif
return is_pressed;
} }
int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed; int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;
static void edge_detect_touch_button()
{
static uint8_t last_touch = 0;
uint8_t current_touch = 0;
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
{
current_touch = (tsc_read_button(0) || tsc_read_button(1));
// 1 sample per 25 ms
if ((millis() - __last_button_bounce_time) > 25)
{
// Detect "touch / rising edge"
if (!last_touch && current_touch)
{
__last_button_press_time = millis();
}
__last_button_bounce_time = millis();
last_touch = current_touch;
}
}
}
void request_from_nfc(bool request_active) { void request_from_nfc(bool request_active) {
_RequestComeFromNFC = request_active; _RequestComeFromNFC = request_active;
} }
@ -110,7 +78,19 @@ void TIM6_DAC_IRQHandler()
} }
} }
edge_detect_touch_button();
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
{
if (IS_BUTTON_PRESSED())
{
// Only allow 1 press per 25 ms.
if ((millis() - __last_button_bounce_time) > 25)
{
__last_button_press_time = millis();
}
__last_button_bounce_time = millis();
}
}
#ifndef IS_BOOTLOADER #ifndef IS_BOOTLOADER
// NFC sending WTX if needs // NFC sending WTX if needs
@ -162,6 +142,7 @@ void device_set_status(uint32_t status)
int device_is_button_pressed() int device_is_button_pressed()
{ {
return IS_BUTTON_PRESSED(); return IS_BUTTON_PRESSED();
} }

486
targets/stm32l432/src/nfc.c
View File

@ -520,261 +520,13 @@ int select_applet(uint8_t * aid, int len)
return APP_NOTHING; return APP_NOTHING;
} }
void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu) void nfc_process_iblock(uint8_t * buf, int len)
{ {
int selected; int selected;
CTAP_RESPONSE ctap_resp; CTAP_RESPONSE ctap_resp;
int status; int status;
uint16_t reslen; uint16_t reslen;
// check CLA
if (apdu->cla != 0x00 && apdu->cla != 0x80) {
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu->cla);
nfc_write_response(buf0, SW_CLA_INVALID);
return;
}
// TODO this needs to be organized better
switch(apdu->ins)
{
// ISO 7816. 7.1 GET RESPONSE command
case APDU_GET_RESPONSE:
if (apdu->p1 != 0x00 || apdu->p2 != 0x00)
{
nfc_write_response(buf0, SW_INCORRECT_P1P2);
printf1(TAG_NFC, "P1 or P2 error\r\n");
return;
}
// too many bytes needs. 0x00 and 0x100 - any length
if (apdu->le != 0 && apdu->le != 0x100 && apdu->le > chain_buffer_len)
{
uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700
if (chain_buffer_len <= 0xff)
wlresp += chain_buffer_len & 0xff;
nfc_write_response(buf0, wlresp);
printf1(TAG_NFC, "buffer length less than requesteds\r\n");
return;
}
// create temporary packet
uint8_t pck[255] = {0};
size_t pcklen = 253;
if (apdu->le)
pcklen = apdu->le;
if (pcklen > chain_buffer_len)
pcklen = chain_buffer_len;
printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len);
// create packet and add 61XX there if we have another portion(s) of data
memmove(pck, chain_buffer, pcklen);
size_t dlen = 0;
if (chain_buffer_len - pcklen)
{
append_get_response(&pck[pcklen], chain_buffer_len - pcklen);
dlen = 2;
}
// send
nfc_write_response_chaining_plain(buf0, pck, pcklen + dlen); // dlen for 61XX
// shift the buffer
chain_buffer_len -= pcklen;
memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len);
break;
case APDU_INS_SELECT:
// if (apdu->p1 == 0 && apdu->p2 == 0x0c)
// {
// printf1(TAG_NFC,"Select NDEF\r\n");
//
// NFC_STATE.selected_applet = APP_NDEF_TAG;
// // Select NDEF file!
// res[0] = NFC_CMD_IBLOCK | (buf[0] & 1);
// res[1] = SW_SUCCESS>>8;
// res[2] = SW_SUCCESS & 0xff;
// nfc_write_frame(res, 3);
// printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3);
// }
// else
{
selected = select_applet(apdu->data, apdu->lc);
if (selected == APP_FIDO)
{
nfc_write_response_ex(buf0, (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
printf1(TAG_NFC, "FIDO applet selected.\r\n");
}
else if (selected != APP_NOTHING)
{
nfc_write_response(buf0, SW_SUCCESS);
printf1(TAG_NFC, "SELECTED %d\r\n", selected);
}
else
{
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu->data, apdu->lc);
}
}
break;
case APDU_FIDO_U2F_VERSION:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F GetVersion command.\r\n");
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
break;
case APDU_FIDO_U2F_REGISTER:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Register command.\r\n");
if (apdu->lc != 64)
{
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu->lc);
nfc_write_response(buf0, SW_WRONG_LENGTH);
return;
}
timestamp();
// WTX_on(WTX_TIME_DEFAULT);
// SystemClock_Config_LF32();
// delay(300);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_FIDO_U2F_AUTHENTICATE:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Authenticate command.\r\n");
if (apdu->lc != 64 + 1 + apdu->data[64])
{
delay(5);
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu->lc, apdu->data[64]);
nfc_write_response(buf0, SW_WRONG_LENGTH);
return;
}
timestamp();
// WTX_on(WTX_TIME_DEFAULT);
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
break;
case APDU_FIDO_NFCCTAP_MSG:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
return;
}
printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
// WTX_on(WTX_TIME_DEFAULT);
request_from_nfc(true);
ctap_response_init(&ctap_resp);
status = ctap_request(apdu->data, apdu->lc, &ctap_resp);
request_from_nfc(false);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length);
if (status == CTAP1_ERR_SUCCESS)
{
memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length);
ctap_resp.length += 3;
} else {
ctap_resp.length = 3;
}
ctap_resp.data[0] = status;
ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8;
ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_INS_READ_BINARY:
// response length
reslen = apdu->le & 0xffff;
switch(NFC_STATE.selected_applet)
{
case APP_CAPABILITY_CONTAINER:
printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
if (reslen == 0 || reslen > sizeof(NFC_CC))
reslen = sizeof(NFC_CC);
nfc_write_response_ex(buf0, (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
case APP_NDEF_TAG:
printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
reslen = sizeof(NDEF_SAMPLE) - 1;
nfc_write_response_ex(buf0, NDEF_SAMPLE, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
default:
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
printf1(TAG_ERR, "No binary applet selected!\r\n");
return;
break;
}
break;
case APDU_SOLO_RESET:
if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) {
printf1(TAG_NFC, "Reset...\r\n");
nfc_write_response(buf0, SW_SUCCESS);
delay(20);
device_reboot();
while(1);
} else {
printf1(TAG_NFC, "Reset FAIL\r\n");
nfc_write_response(buf0, SW_INS_INVALID);
}
break;
default:
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins);
nfc_write_response(buf0, SW_INS_INVALID);
break;
}
}
void nfc_process_iblock(uint8_t * buf, int len)
{
uint8_t block_offset = p14443_block_offset(buf[0]); uint8_t block_offset = p14443_block_offset(buf[0]);
// clear tx chain buffer if we have some other command than GET RESPONSE // clear tx chain buffer if we have some other command than GET RESPONSE
@ -802,6 +554,7 @@ void nfc_process_iblock(uint8_t * buf, int len)
memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc); memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc);
chain_buffer_len += apdu.lc; chain_buffer_len += apdu.lc;
delay(1);
nfc_write_response(buf[0], SW_SUCCESS); nfc_write_response(buf[0], SW_SUCCESS);
printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len); printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len);
return; return;
@ -809,14 +562,247 @@ void nfc_process_iblock(uint8_t * buf, int len)
// if we have ISO 7816 APDU chain - move there all the data // if we have ISO 7816 APDU chain - move there all the data
if (!chain_buffer_tx && chain_buffer_len > 0) { if (!chain_buffer_tx && chain_buffer_len > 0) {
delay(1);
memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc); memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc);
memmove(apdu.data, chain_buffer, chain_buffer_len); memmove(apdu.data, chain_buffer, chain_buffer_len);
apdu.lc += chain_buffer_len; // here apdu struct does not match with memory! apdu.lc += chain_buffer_len; // here apdu struct does not match with memory!
printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc); printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc);
} }
// check CLA
if (apdu.cla != 0x00 && apdu.cla != 0x80) {
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla);
nfc_write_response(buf[0], SW_CLA_INVALID);
return;
}
apdu_process(buf[0], &buf[block_offset], &apdu); // TODO this needs to be organized better
switch(apdu.ins)
{
// ISO 7816. 7.1 GET RESPONSE command
case APDU_GET_RESPONSE:
if (apdu.p1 != 0x00 || apdu.p2 != 0x00)
{
nfc_write_response(buf[0], SW_INCORRECT_P1P2);
printf1(TAG_NFC, "P1 or P2 error\r\n");
return;
}
// too many bytes needs. 0x00 and 0x100 - any length
if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > chain_buffer_len)
{
uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700
if (chain_buffer_len <= 0xff)
wlresp += chain_buffer_len & 0xff;
nfc_write_response(buf[0], wlresp);
printf1(TAG_NFC, "buffer length less than requesteds\r\n");
return;
}
// create temporary packet
uint8_t pck[255] = {0};
size_t pcklen = 253;
if (apdu.le)
pcklen = apdu.le;
if (pcklen > chain_buffer_len)
pcklen = chain_buffer_len;
printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len);
// create packet and add 61XX there if we have another portion(s) of data
memmove(pck, chain_buffer, pcklen);
size_t dlen = 0;
if (chain_buffer_len - pcklen)
{
append_get_response(&pck[pcklen], chain_buffer_len - pcklen);
dlen = 2;
}
// send
nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX
// shift the buffer
chain_buffer_len -= pcklen;
memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len);
break;
case APDU_INS_SELECT:
// if (apdu->p1 == 0 && apdu->p2 == 0x0c)
// {
// printf1(TAG_NFC,"Select NDEF\r\n");
//
// NFC_STATE.selected_applet = APP_NDEF_TAG;
// // Select NDEF file!
// res[0] = NFC_CMD_IBLOCK | (buf[0] & 1);
// res[1] = SW_SUCCESS>>8;
// res[2] = SW_SUCCESS & 0xff;
// nfc_write_frame(res, 3);
// printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3);
// }
// else
{
selected = select_applet(apdu.data, apdu.lc);
if (selected == APP_FIDO)
{
nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
printf1(TAG_NFC, "FIDO applet selected.\r\n");
}
else if (selected != APP_NOTHING)
{
nfc_write_response(buf[0], SW_SUCCESS);
printf1(TAG_NFC, "SELECTED %d\r\n", selected);
}
else
{
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu.data, apdu.lc);
}
}
break;
case APDU_FIDO_U2F_VERSION:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F GetVersion command.\r\n");
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
break;
case APDU_FIDO_U2F_REGISTER:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Register command.\r\n");
if (apdu.lc != 64)
{
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu.lc);
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
timestamp();
// WTX_on(WTX_TIME_DEFAULT);
// SystemClock_Config_LF32();
// delay(300);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_FIDO_U2F_AUTHENTICATE:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Authenticate command.\r\n");
if (apdu.lc != 64 + 1 + apdu.data[64])
{
delay(5);
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu.lc, apdu.data[64]);
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
timestamp();
// WTX_on(WTX_TIME_DEFAULT);
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
break;
case APDU_FIDO_NFCCTAP_MSG:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf[0], SW_INS_INVALID);
return;
}
printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
// WTX_on(WTX_TIME_DEFAULT);
request_from_nfc(true);
ctap_response_init(&ctap_resp);
delay(1);
printf1(TAG_NFC,"[%d] ", apdu.lc);
dump_hex1(TAG_NFC,apdu.data, apdu.lc);
status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
request_from_nfc(false);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length);
if (status == CTAP1_ERR_SUCCESS)
{
memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length);
ctap_resp.length += 3;
} else {
ctap_resp.length = 3;
}
ctap_resp.data[0] = status;
ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8;
ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_INS_READ_BINARY:
// response length
reslen = apdu.le & 0xffff;
switch(NFC_STATE.selected_applet)
{
case APP_CAPABILITY_CONTAINER:
printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
if (reslen == 0 || reslen > sizeof(NFC_CC))
reslen = sizeof(NFC_CC);
nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
case APP_NDEF_TAG:
printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
reslen = sizeof(NDEF_SAMPLE) - 1;
nfc_write_response_ex(buf[0], NDEF_SAMPLE, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
default:
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
printf1(TAG_ERR, "No binary applet selected!\r\n");
return;
break;
}
break;
default:
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu.ins);
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC,"prev.Iblock: "); printf1(TAG_NFC,"prev.Iblock: ");
dump_hex1(TAG_NFC, buf, len); dump_hex1(TAG_NFC, buf, len);