Compare commits
2 Commits
fido2_on_u
...
all-contri
| Author | SHA1 | Date | |
|---|---|---|---|
| 1b85b2f433 | |||
| 43e778ae53 |
2
Makefile
2
Makefile
@ -39,7 +39,7 @@ INCLUDES += -I./crypto/cifra/src
|
||||
|
||||
CFLAGS += $(INCLUDES)
|
||||
# for crypto/tiny-AES-c
|
||||
CFLAGS += -DAES256=1 -DAPP_CONFIG=\"app.h\" -DSOLO_EXPERIMENTAL=1
|
||||
CFLAGS += -DAES256=1 -DAPP_CONFIG=\"app.h\"
|
||||
|
||||
name = main
|
||||
|
||||
|
||||
21
fido2/ctap.c
21
fido2/ctap.c
@ -698,7 +698,7 @@ int ctap_authenticate_credential(struct rpId * rp, CTAP_credentialDescriptor * d
|
||||
crypto_sha256_init();
|
||||
crypto_sha256_update(rp->id, rp->size);
|
||||
crypto_sha256_final(rpIdHash);
|
||||
return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, U2F_KEY_HANDLE_SIZE,rpIdHash);
|
||||
return u2f_authenticate_credential((struct u2f_key_handle *)&desc->credential.id, rpIdHash);
|
||||
break;
|
||||
case PUB_KEY_CRED_CUSTOM:
|
||||
return is_extension_request(getAssertionState.customCredId, getAssertionState.customCredIdSize);
|
||||
@ -1761,28 +1761,11 @@ static void ctap_state_init()
|
||||
|
||||
printf1(TAG_STOR, "Generated PIN SALT: ");
|
||||
dump_hex1(TAG_STOR, STATE.PIN_SALT, sizeof STATE.PIN_SALT);
|
||||
|
||||
}
|
||||
|
||||
/** Overwrite master secret from external source.
|
||||
* @param keybytes an array of KEY_SPACE_BYTES length.
|
||||
*
|
||||
* This function should only be called from a privilege mode.
|
||||
*/
|
||||
void ctap_load_external_keys(uint8_t * keybytes){
|
||||
memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES);
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE, 1);
|
||||
crypto_load_master_secret(STATE.key_space);
|
||||
}
|
||||
|
||||
#include "version.h"
|
||||
void ctap_init()
|
||||
{
|
||||
printf1(TAG_ERR,"Current firmware version address: %p\r\n", &firmware_version);
|
||||
printf1(TAG_ERR,"Current firmware version: %d.%d.%d.%d (%02x.%02x.%02x.%02x)\r\n",
|
||||
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved,
|
||||
firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved
|
||||
);
|
||||
crypto_ecc256_init();
|
||||
|
||||
authenticator_read_state(&STATE);
|
||||
|
||||
@ -361,6 +361,4 @@ extern uint8_t KEY_AGREEMENT_PUB[64];
|
||||
|
||||
void lock_device_permanently();
|
||||
|
||||
void ctap_load_external_keys(uint8_t * keybytes);
|
||||
|
||||
#endif
|
||||
|
||||
207
fido2/ctaphid.c
207
fido2/ctaphid.c
@ -539,14 +539,11 @@ extern void _check_ret(CborError ret, int line, const char * filename);
|
||||
#define check_hardcore(r) _check_ret(r,__LINE__, __FILE__);\
|
||||
if ((r) != CborNoError) exit(1);
|
||||
|
||||
|
||||
uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb);
|
||||
|
||||
uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
{
|
||||
uint8_t cmd = 0;
|
||||
uint8_t cmd;
|
||||
uint32_t cid;
|
||||
int len = 0;
|
||||
int len;
|
||||
#ifndef DISABLE_CTAPHID_CBOR
|
||||
int status;
|
||||
#endif
|
||||
@ -556,10 +553,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
CTAP_RESPONSE ctap_resp;
|
||||
|
||||
int bufstatus = ctaphid_buffer_packet(pkt_raw, &cmd, &cid, &len);
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
|
||||
wb.cid = cid;
|
||||
wb.cmd = cmd;
|
||||
|
||||
if (bufstatus == HID_IGNORE)
|
||||
{
|
||||
@ -595,6 +588,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
case CTAPHID_PING:
|
||||
printf1(TAG_HID,"CTAPHID_PING\n");
|
||||
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_PING;
|
||||
wb.bcnt = len;
|
||||
timestamp();
|
||||
ctaphid_write(&wb, ctap_buffer, len);
|
||||
@ -607,9 +603,13 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
case CTAPHID_WINK:
|
||||
printf1(TAG_HID,"CTAPHID_WINK\n");
|
||||
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
|
||||
device_wink();
|
||||
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_WINK;
|
||||
|
||||
ctaphid_write(&wb,NULL,0);
|
||||
|
||||
break;
|
||||
@ -634,6 +634,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
ctap_response_init(&ctap_resp);
|
||||
status = ctap_request(ctap_buffer, len, &ctap_resp);
|
||||
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_CBOR;
|
||||
wb.bcnt = (ctap_resp.length+1);
|
||||
|
||||
|
||||
@ -664,6 +667,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
ctap_response_init(&ctap_resp);
|
||||
u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp);
|
||||
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_MSG;
|
||||
wb.bcnt = (ctap_resp.length);
|
||||
|
||||
ctaphid_write(&wb, ctap_resp.data, ctap_resp.length);
|
||||
@ -674,14 +680,76 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
printf1(TAG_HID,"CTAPHID_CANCEL\n");
|
||||
is_busy = 0;
|
||||
break;
|
||||
#if defined(IS_BOOTLOADER)
|
||||
case CTAPHID_BOOT:
|
||||
printf1(TAG_HID,"CTAPHID_BOOT\n");
|
||||
ctap_response_init(&ctap_resp);
|
||||
u2f_set_writeback_buffer(&ctap_resp);
|
||||
is_busy = bootloader_bridge(len, ctap_buffer);
|
||||
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_BOOT;
|
||||
wb.bcnt = (ctap_resp.length + 1);
|
||||
ctaphid_write(&wb, &is_busy, 1);
|
||||
ctaphid_write(&wb, ctap_resp.data, ctap_resp.length);
|
||||
ctaphid_write(&wb, NULL, 0);
|
||||
is_busy = 0;
|
||||
break;
|
||||
#endif
|
||||
#if defined(SOLO_HACKER)
|
||||
case CTAPHID_ENTERBOOT:
|
||||
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
|
||||
boot_solo_bootloader();
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_ENTERBOOT;
|
||||
wb.bcnt = 0;
|
||||
ctaphid_write(&wb, NULL, 0);
|
||||
is_busy = 0;
|
||||
break;
|
||||
case CTAPHID_ENTERSTBOOT:
|
||||
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
|
||||
boot_st_bootloader();
|
||||
break;
|
||||
#endif
|
||||
#if !defined(IS_BOOTLOADER)
|
||||
case CTAPHID_GETRNG:
|
||||
printf1(TAG_HID,"CTAPHID_GETRNG\n");
|
||||
ctap_response_init(&ctap_resp);
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_GETRNG;
|
||||
wb.bcnt = ctap_buffer[0];
|
||||
if (!wb.bcnt)
|
||||
wb.bcnt = 57;
|
||||
memset(ctap_buffer,0,wb.bcnt);
|
||||
ctap_generate_rng(ctap_buffer, wb.bcnt);
|
||||
ctaphid_write(&wb, &ctap_buffer, wb.bcnt);
|
||||
ctaphid_write(&wb, NULL, 0);
|
||||
is_busy = 0;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case CTAPHID_GETVERSION:
|
||||
printf1(TAG_HID,"CTAPHID_GETVERSION\n");
|
||||
ctap_response_init(&ctap_resp);
|
||||
ctaphid_write_buffer_init(&wb);
|
||||
wb.cid = cid;
|
||||
wb.cmd = CTAPHID_GETVERSION;
|
||||
wb.bcnt = 3;
|
||||
ctap_buffer[0] = SOLO_VERSION_MAJ;
|
||||
ctap_buffer[1] = SOLO_VERSION_MIN;
|
||||
ctap_buffer[2] = SOLO_VERSION_PATCH;
|
||||
ctaphid_write(&wb, &ctap_buffer, 3);
|
||||
ctaphid_write(&wb, NULL, 0);
|
||||
is_busy = 0;
|
||||
break;
|
||||
|
||||
default:
|
||||
if (ctaphid_custom_command(len, &ctap_resp, &wb) != 0){
|
||||
is_busy = 0;
|
||||
}else{
|
||||
printf2(TAG_ERR, "error, unimplemented HID cmd: %02x\r\n", buffer_cmd());
|
||||
ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND);
|
||||
}
|
||||
printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd());
|
||||
ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND);
|
||||
break;
|
||||
}
|
||||
cid_del(cid);
|
||||
buffer_reset();
|
||||
@ -691,112 +759,3 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
|
||||
else return 0;
|
||||
|
||||
}
|
||||
|
||||
uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb)
|
||||
{
|
||||
ctap_response_init(ctap_resp);
|
||||
|
||||
#if !defined(IS_BOOTLOADER) && (defined(SOLO_HACKER) || defined(SOLO_EXPERIMENTAL))
|
||||
uint32_t param;
|
||||
#endif
|
||||
#if defined(IS_BOOTLOADER)
|
||||
uint8_t is_busy;
|
||||
#endif
|
||||
|
||||
switch(wb->cmd)
|
||||
{
|
||||
#if defined(IS_BOOTLOADER)
|
||||
case CTAPHID_BOOT:
|
||||
printf1(TAG_HID,"CTAPHID_BOOT\n");
|
||||
u2f_set_writeback_buffer(ctap_resp);
|
||||
is_busy = bootloader_bridge(len, ctap_buffer);
|
||||
|
||||
ctaphid_write(wb, &is_busy, 1);
|
||||
ctaphid_write(wb, ctap_resp->data, ctap_resp->length);
|
||||
ctaphid_write(wb, NULL, 0);
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(SOLO_HACKER)
|
||||
case CTAPHID_ENTERBOOT:
|
||||
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
|
||||
boot_solo_bootloader();
|
||||
wb->bcnt = 0;
|
||||
ctaphid_write(wb, NULL, 0);
|
||||
return 1;
|
||||
case CTAPHID_ENTERSTBOOT:
|
||||
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
|
||||
boot_st_bootloader();
|
||||
return 1;
|
||||
#endif
|
||||
|
||||
#if !defined(IS_BOOTLOADER)
|
||||
case CTAPHID_GETRNG:
|
||||
printf1(TAG_HID,"CTAPHID_GETRNG\n");
|
||||
wb->bcnt = ctap_buffer[0];
|
||||
if (!wb->bcnt)
|
||||
wb->bcnt = 57;
|
||||
memset(ctap_buffer,0,wb->bcnt);
|
||||
ctap_generate_rng(ctap_buffer, wb->bcnt);
|
||||
ctaphid_write(wb, ctap_buffer, wb->bcnt);
|
||||
ctaphid_write(wb, NULL, 0);
|
||||
return 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case CTAPHID_GETVERSION:
|
||||
printf1(TAG_HID,"CTAPHID_GETVERSION\n");
|
||||
wb->bcnt = 3;
|
||||
ctap_buffer[0] = SOLO_VERSION_MAJ;
|
||||
ctap_buffer[1] = SOLO_VERSION_MIN;
|
||||
ctap_buffer[2] = SOLO_VERSION_PATCH;
|
||||
ctaphid_write(wb, ctap_buffer, 3);
|
||||
ctaphid_write(wb, NULL, 0);
|
||||
return 1;
|
||||
break;
|
||||
|
||||
#if !defined(IS_BOOTLOADER) && (defined(SOLO_HACKER) || defined(SOLO_EXPERIMENTAL))
|
||||
case CTAPHID_LOADKEY:
|
||||
/**
|
||||
* Load external key. Useful for enabling backups.
|
||||
* bytes: 4 96
|
||||
* payload: | counter_increase (BE) | master_key |
|
||||
*
|
||||
* Counter should be increased by a large amount, e.g. (0x10000000)
|
||||
* to outdo any previously lost/broken keys.
|
||||
*/
|
||||
printf1(TAG_HID,"CTAPHID_LOADKEY\n");
|
||||
if (len != 100)
|
||||
{
|
||||
printf2(TAG_ERR,"Error, invalid length.\n");
|
||||
ctaphid_send_error(wb->cid, CTAP1_ERR_INVALID_LENGTH);
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Ask for THREE button presses
|
||||
if (ctap_user_presence_test(8000) > 0)
|
||||
if (ctap_user_presence_test(8000) > 0)
|
||||
if (ctap_user_presence_test(8000) > 0)
|
||||
{
|
||||
ctap_load_external_keys(ctap_buffer + 4);
|
||||
param = ctap_buffer[3];
|
||||
param |= ctap_buffer[2] << 8;
|
||||
param |= ctap_buffer[1] << 16;
|
||||
param |= ctap_buffer[0] << 24;
|
||||
ctap_atomic_count(param);
|
||||
|
||||
wb->bcnt = 0;
|
||||
|
||||
ctaphid_write(wb, NULL, 0);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf2(TAG_ERR, "Error, invalid length.\n");
|
||||
ctaphid_send_error(wb->cid, CTAP2_ERR_OPERATION_DENIED);
|
||||
return 1;
|
||||
#endif
|
||||
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -29,7 +29,6 @@
|
||||
#define CTAPHID_ENTERSTBOOT (TYPE_INIT | 0x52)
|
||||
#define CTAPHID_GETRNG (TYPE_INIT | 0x60)
|
||||
#define CTAPHID_GETVERSION (TYPE_INIT | 0x61)
|
||||
#define CTAPHID_LOADKEY (TYPE_INIT | 0x62)
|
||||
// reserved for debug, not implemented except for HACKER and DEBUG_LEVEl > 0
|
||||
#define CTAPHID_PROBE (TYPE_INIT | 0x70)
|
||||
|
||||
|
||||
@ -61,8 +61,8 @@ int ctap_user_presence_test(uint32_t delay);
|
||||
int ctap_generate_rng(uint8_t * dst, size_t num);
|
||||
|
||||
// Increment atomic counter and return it.
|
||||
// @param amount the amount to increase the counter by.
|
||||
uint32_t ctap_atomic_count(uint32_t amount);
|
||||
// Must support two counters, @sel selects counter0 or counter1.
|
||||
uint32_t ctap_atomic_count(int sel);
|
||||
|
||||
// Verify the user
|
||||
// return 1 if user is verified, 0 if not
|
||||
|
||||
54
fido2/u2f.c
54
fido2/u2f.c
@ -26,7 +26,6 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
|
||||
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
|
||||
void u2f_reset_response();
|
||||
|
||||
void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t * tag);
|
||||
|
||||
static CTAP_RESPONSE * _u2f_resp = NULL;
|
||||
|
||||
@ -161,9 +160,9 @@ static void dump_signature_der(uint8_t * sig)
|
||||
len = ctap_encode_der_sig(sig, sigder);
|
||||
u2f_response_writeback(sigder, len);
|
||||
}
|
||||
static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t khl, uint8_t * appid)
|
||||
static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)
|
||||
{
|
||||
crypto_ecc256_load_key((uint8_t*)kh, khl, NULL, 0);
|
||||
crypto_ecc256_load_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, NULL, 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -188,41 +187,21 @@ int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pu
|
||||
|
||||
|
||||
// Return 1 if authenticate, 0 if not.
|
||||
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid)
|
||||
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
|
||||
{
|
||||
printf1(TAG_U2F, "checked CRED SIZE %d. (FIDO2: %d)\n", key_handle_len, sizeof(CredentialId));
|
||||
uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
|
||||
|
||||
if (key_handle_len == sizeof(CredentialId))
|
||||
u2f_make_auth_tag(kh, appid, tag);
|
||||
if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
|
||||
{
|
||||
printf1(TAG_U2F, "FIDO2 key handle detected.\n");
|
||||
CredentialId * cred = (CredentialId *) kh;
|
||||
// FIDO2 credential.
|
||||
|
||||
if (memcmp(cred->rpIdHash, appid, 32) != 0)
|
||||
{
|
||||
printf1(TAG_U2F, "APPID does not match rpIdHash.\n");
|
||||
return 0;
|
||||
}
|
||||
make_auth_tag(appid, cred->nonce, cred->count, tag);
|
||||
|
||||
if (memcmp(cred->tag, tag, CREDENTIAL_TAG_SIZE) == 0){
|
||||
return 1;
|
||||
}
|
||||
|
||||
}else if (key_handle_len == U2F_KEY_HANDLE_SIZE)
|
||||
{
|
||||
u2f_make_auth_tag(kh, appid, tag);
|
||||
if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
printf1(TAG_U2F, "key handle + appid not authentic\n");
|
||||
printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
|
||||
printf1(TAG_U2F, "inp tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
printf1(TAG_U2F, "key handle + appid not authentic\n");
|
||||
printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
|
||||
printf1(TAG_U2F, "inp tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -237,7 +216,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
|
||||
if (control == U2F_AUTHENTICATE_CHECK)
|
||||
{
|
||||
printf1(TAG_U2F, "CHECK-ONLY\r\n");
|
||||
if (u2f_authenticate_credential(&req->kh, req->khl, req->app))
|
||||
if (u2f_authenticate_credential(&req->kh, req->app))
|
||||
{
|
||||
return U2F_SW_CONDITIONS_NOT_SATISFIED;
|
||||
}
|
||||
@ -248,8 +227,9 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
|
||||
}
|
||||
if (
|
||||
(control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
|
||||
(!u2f_authenticate_credential(&req->kh, req->khl, req->app)) || // Order of checks is important
|
||||
u2f_load_key(&req->kh, req->khl, req->app) != 0
|
||||
req->khl != U2F_KEY_HANDLE_SIZE ||
|
||||
(!u2f_authenticate_credential(&req->kh, req->app)) || // Order of checks is important
|
||||
u2f_load_key(&req->kh, req->app) != 0
|
||||
|
||||
)
|
||||
{
|
||||
|
||||
@ -103,7 +103,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
|
||||
// @len data length
|
||||
void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONSE * resp);
|
||||
|
||||
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid);
|
||||
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid);
|
||||
|
||||
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
|
||||
void u2f_reset_response();
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
#include "version.h"
|
||||
|
||||
|
||||
const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) = {
|
||||
.major = SOLO_VERSION_MAJ,
|
||||
.minor = SOLO_VERSION_MIN,
|
||||
.patch = SOLO_VERSION_PATCH,
|
||||
.reserved = 0
|
||||
};
|
||||
|
||||
// from tinycbor, for a quick static_assert
|
||||
#include <compilersupport_p.h>
|
||||
cbor_static_assert(sizeof(version_t) == 4);
|
||||
@ -17,23 +17,5 @@
|
||||
#define SOLO_VERSION __STR(SOLO_VERSION_MAJ) "." __STR(SOLO_VERSION_MIN) "." __STR(SOLO_VERSION_PATCH)
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
typedef struct {
|
||||
union{
|
||||
uint32_t raw;
|
||||
struct {
|
||||
uint8_t major;
|
||||
uint8_t minor;
|
||||
uint8_t patch;
|
||||
uint8_t reserved;
|
||||
};
|
||||
};
|
||||
} version_t;
|
||||
|
||||
bool is_newer(const version_t* const newer, const version_t* const older);
|
||||
const version_t firmware_version ;
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
18
pc/device.c
18
pc/device.c
@ -108,7 +108,6 @@ int udp_recv(int fd, uint8_t * buf, int size)
|
||||
perror( "recvfrom failed" );
|
||||
exit(1);
|
||||
}
|
||||
printf1(TAG_DUMP, ">>"); dump_hex1(TAG_DUMP, buf, length);
|
||||
return length;
|
||||
}
|
||||
|
||||
@ -125,8 +124,6 @@ void udp_send(int fd, uint8_t * buf, int size)
|
||||
perror( "sendto failed" );
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf1(TAG_DUMP, "<<"); dump_hex1(TAG_DUMP, buf, size);
|
||||
}
|
||||
|
||||
|
||||
@ -316,11 +313,20 @@ int ctap_user_verification(uint8_t arg)
|
||||
}
|
||||
|
||||
|
||||
uint32_t ctap_atomic_count(uint32_t amount)
|
||||
uint32_t ctap_atomic_count(int sel)
|
||||
{
|
||||
static uint32_t counter1 = 25;
|
||||
counter1 += (amount + 1);
|
||||
return counter1;
|
||||
/*return 713;*/
|
||||
if (sel == 0)
|
||||
{
|
||||
printf1(TAG_RED,"counter1: %d\n", counter1);
|
||||
return counter1++;
|
||||
}
|
||||
else
|
||||
{
|
||||
printf2(TAG_ERR,"counter2 not imple\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
int ctap_generate_rng(uint8_t * dst, size_t num)
|
||||
|
||||
@ -90,7 +90,8 @@ flash_dfu: solo.hex bootloader.hex
|
||||
# STM32_Programmer_CLI -c port=usb1 -halt -e all --readunprotect
|
||||
STM32_Programmer_CLI -c port=usb1 -halt -rdu -d all.hex
|
||||
|
||||
flashboot: bootloader.hex
|
||||
flashboot: solo.hex bootloader.hex
|
||||
$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
|
||||
STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
|
||||
STM32_Programmer_CLI -c port=SWD -halt -d bootloader.hex -rst
|
||||
|
||||
|
||||
@ -19,12 +19,6 @@
|
||||
#include "ctap_errors.h"
|
||||
#include "log.h"
|
||||
|
||||
volatile version_t current_firmware_version __attribute__ ((section (".flag2"))) __attribute__ ((__used__)) = {
|
||||
.major = SOLO_VERSION_MAJ,
|
||||
.minor = SOLO_VERSION_MIN,
|
||||
.patch = SOLO_VERSION_PATCH,
|
||||
.reserved = 0
|
||||
};
|
||||
|
||||
extern uint8_t REBOOT_FLAG;
|
||||
|
||||
@ -62,6 +56,8 @@ static void erase_application()
|
||||
}
|
||||
}
|
||||
|
||||
#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8)
|
||||
#define LAST_PAGE (APPLICATION_END_PAGE-1)
|
||||
static void disable_bootloader()
|
||||
{
|
||||
// Clear last 4 bytes of the last application page-1, which is 108th
|
||||
@ -106,38 +102,6 @@ int is_bootloader_disabled()
|
||||
uint32_t * auth = (uint32_t *)(AUTH_WORD_ADDR+4);
|
||||
return *auth == 0;
|
||||
}
|
||||
uint8_t * last_written_app_address;
|
||||
|
||||
#include "version.h"
|
||||
bool is_firmware_version_newer_or_equal()
|
||||
{
|
||||
|
||||
printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
|
||||
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
|
||||
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
|
||||
);
|
||||
volatile version_t * new_version = ((volatile version_t *) last_written_app_address);
|
||||
printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
|
||||
new_version->major, new_version->minor, new_version->patch, new_version->reserved,
|
||||
new_version->major, new_version->minor, new_version->patch, new_version->reserved
|
||||
);
|
||||
|
||||
const bool allowed = is_newer((const version_t *)new_version, (const version_t *)¤t_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF;
|
||||
if (allowed){
|
||||
printf1(TAG_BOOT, "Update allowed, setting new firmware version as current.\r\n");
|
||||
// current_firmware_version.raw = new_version.raw;
|
||||
uint8_t page[PAGE_SIZE];
|
||||
memmove(page, (uint8_t*)BOOT_VERSION_ADDR, PAGE_SIZE);
|
||||
memmove(page, (version_t *)new_version, 4);
|
||||
printf1(TAG_BOOT, "Writing\r\n");
|
||||
flash_erase_page(BOOT_VERSION_PAGE);
|
||||
flash_write(BOOT_VERSION_ADDR, page, PAGE_SIZE);
|
||||
printf1(TAG_BOOT, "Finish\r\n");
|
||||
} else {
|
||||
printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n");
|
||||
}
|
||||
return allowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute bootloader commands
|
||||
@ -161,7 +125,10 @@ int bootloader_bridge(int klen, uint8_t * keyh)
|
||||
return CTAP1_ERR_INVALID_LENGTH;
|
||||
}
|
||||
#ifndef SOLO_HACKER
|
||||
extern uint8_t *pubkey_boot;
|
||||
uint8_t * pubkey = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20"
|
||||
"\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce"
|
||||
"\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7"
|
||||
"\x1f\xa8\x14\xf2";
|
||||
|
||||
const struct uECC_Curve_t * curve = NULL;
|
||||
#endif
|
||||
@ -198,11 +165,12 @@ int bootloader_bridge(int klen, uint8_t * keyh)
|
||||
}
|
||||
// Do the actual write
|
||||
flash_write((uint32_t)ptr,req->payload, len);
|
||||
last_written_app_address = (uint8_t *)ptr + len - 8 + 4;
|
||||
|
||||
|
||||
break;
|
||||
case BootDone:
|
||||
// Writing to flash finished. Request code validation.
|
||||
printf1(TAG_BOOT, "BootDone: \r\n");
|
||||
printf1(TAG_BOOT, "BootDone: ");
|
||||
#ifndef SOLO_HACKER
|
||||
if (len != 64)
|
||||
{
|
||||
@ -217,23 +185,17 @@ int bootloader_bridge(int klen, uint8_t * keyh)
|
||||
crypto_sha256_final(hash);
|
||||
curve = uECC_secp256r1();
|
||||
// Verify incoming signature made over the SHA256 hash
|
||||
if (
|
||||
!uECC_verify(pubkey_boot, hash, 32, req->payload, curve)
|
||||
)
|
||||
if (! uECC_verify(pubkey,
|
||||
hash,
|
||||
32,
|
||||
req->payload,
|
||||
curve))
|
||||
{
|
||||
printf1(TAG_BOOT, "Signature invalid\r\n");
|
||||
return CTAP2_ERR_OPERATION_DENIED;
|
||||
}
|
||||
if (!is_firmware_version_newer_or_equal()){
|
||||
printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n");
|
||||
printf1(TAG_BOOT, "Rebooting...\r\n");
|
||||
REBOOT_FLAG = 1;
|
||||
return CTAP2_ERR_OPERATION_DENIED;
|
||||
}
|
||||
#endif
|
||||
// Set the application validated, and mark for reboot.
|
||||
authorize_application();
|
||||
|
||||
REBOOT_FLAG = 1;
|
||||
break;
|
||||
case BootCheck:
|
||||
@ -256,7 +218,6 @@ int bootloader_bridge(int klen, uint8_t * keyh)
|
||||
break;
|
||||
case BootReboot:
|
||||
printf1(TAG_BOOT, "BootReboot.\r\n");
|
||||
printf1(TAG_BOOT, "Application authorized: %d.\r\n", is_authorized_to_boot());
|
||||
REBOOT_FLAG = 1;
|
||||
break;
|
||||
case BootDisable:
|
||||
@ -316,10 +277,3 @@ void bootloader_heartbeat()
|
||||
|
||||
led_rgb(((val * g)<<8) | ((val*r) << 16) | (val*b));
|
||||
}
|
||||
|
||||
uint32_t ctap_atomic_count(uint32_t amount)
|
||||
{
|
||||
static uint32_t count = 1000;
|
||||
count += (amount + 1);
|
||||
return count;
|
||||
}
|
||||
@ -138,14 +138,6 @@ int main()
|
||||
|
||||
printf1(TAG_GEN,"recv'ing hid msg \n");
|
||||
|
||||
extern volatile version_t current_firmware_version;
|
||||
printf1(TAG_BOOT,"Current firmware version address: %p\r\n", ¤t_firmware_version);
|
||||
printf1(TAG_BOOT,"Current firmware version: %d.%d.%d.%d (%02x.%02x.%02x.%02x)\r\n",
|
||||
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
|
||||
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
|
||||
);
|
||||
dump_hex1(TAG_BOOT, (uint8_t*)(¤t_firmware_version) - 16, 32);
|
||||
|
||||
|
||||
while(1)
|
||||
{
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
#include "stdint.h"
|
||||
|
||||
uint8_t * pubkey_boot = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20"
|
||||
"\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce"
|
||||
"\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7"
|
||||
"\x1f\xa8\x14\xf2";
|
||||
@ -1,8 +0,0 @@
|
||||
#include "version.h"
|
||||
|
||||
// FIXME test version check function
|
||||
bool is_newer(const version_t* const newer, const version_t* const older){
|
||||
return (newer->major > older->major) ||
|
||||
(newer->major == older->major && newer->minor > older->minor) ||
|
||||
(newer->major == older->major && newer->minor == older->minor && newer->patch >= older->patch);
|
||||
}
|
||||
@ -10,7 +10,6 @@ SRC += $(DRIVER_LIBS) $(USB_LIB)
|
||||
SRC += ../../fido2/apdu.c ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
|
||||
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
|
||||
SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
|
||||
SRC += ../../fido2/version.c
|
||||
SRC += ../../fido2/data_migration.c
|
||||
SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c
|
||||
SRC += ../../fido2/extensions/wallet.c
|
||||
@ -71,7 +70,6 @@ all: $(TARGET).elf
|
||||
|
||||
%.elf: $(OBJ)
|
||||
$(CC) $^ $(HW) $(LDFLAGS) -o $@
|
||||
@echo "Built version: $(VERSION_FLAGS)"
|
||||
|
||||
%.hex: %.elf
|
||||
$(SZ) $^
|
||||
|
||||
@ -2,7 +2,6 @@ include build/common.mk
|
||||
|
||||
# ST related
|
||||
SRC = bootloader/main.c bootloader/bootloader.c
|
||||
SRC += bootloader/pubkey_bootloader.c bootloader/version_check.c
|
||||
SRC += src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
|
||||
SRC += src/fifo.c src/crypto.c src/attestation.c src/sense.c
|
||||
SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
|
||||
@ -66,7 +65,6 @@ all: $(TARGET).elf
|
||||
|
||||
%.elf: $(OBJ)
|
||||
$(CC) $^ $(HW) $(LDFLAGS) -o $@
|
||||
arm-none-eabi-size $@
|
||||
|
||||
%.hex: %.elf
|
||||
$(CP) -O ihex $^ $(TARGET).hex
|
||||
|
||||
@ -12,17 +12,9 @@ _estack = 0x2000c000;
|
||||
|
||||
_MIN_STACK_SIZE = 0x400;
|
||||
|
||||
/*
|
||||
flash_cfg is for storing bootloader data, like last used firmware version.
|
||||
bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin
|
||||
*/
|
||||
|
||||
bootloader_configuration = 0x08000000 + 216*1024+8;
|
||||
|
||||
MEMORY
|
||||
{
|
||||
flash (rx) : ORIGIN = 0x08000000, LENGTH = 20K
|
||||
flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8
|
||||
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
|
||||
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
|
||||
}
|
||||
@ -47,11 +39,6 @@ SECTIONS
|
||||
_etext = .;
|
||||
} >flash
|
||||
|
||||
.flag2 bootloader_configuration :
|
||||
{
|
||||
KEEP(*(.flag2)) ;
|
||||
} > flash_cfg
|
||||
|
||||
_sidata = LOADADDR(.data);
|
||||
|
||||
.data :
|
||||
|
||||
@ -12,17 +12,9 @@ _estack = 0x2000c000;
|
||||
|
||||
_MIN_STACK_SIZE = 0x400;
|
||||
|
||||
/*
|
||||
flash_cfg is for storing bootloader data, like last used firmware version.
|
||||
bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin
|
||||
*/
|
||||
|
||||
bootloader_configuration = 0x08000000 + 216*1024+8;
|
||||
|
||||
MEMORY
|
||||
{
|
||||
flash (rx) : ORIGIN = 0x08000000, LENGTH = 32K
|
||||
flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8
|
||||
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
|
||||
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
|
||||
}
|
||||
@ -47,11 +39,6 @@ SECTIONS
|
||||
_etext = .;
|
||||
} >flash
|
||||
|
||||
.flag2 bootloader_configuration :
|
||||
{
|
||||
KEEP(*(.flag2)) ;
|
||||
} > flash_cfg
|
||||
|
||||
_sidata = LOADADDR(.data);
|
||||
|
||||
.data :
|
||||
|
||||
@ -13,21 +13,14 @@ _estack = 0x2000c000;
|
||||
_MIN_STACK_SIZE = 0x400;
|
||||
|
||||
/*
|
||||
len | 20 KB/10p| 196KB-8-8/98p | 2kB/1p | 38 KB/19p |
|
||||
pos | 0->20 KB | 20->216KB-8-8 | 216kB -> 218 kB | 218->256 KB |
|
||||
posp | 0-10 | 10-113 | 113-114 | 113-128 |
|
||||
desc | bootloader | application | bootloader data | secrets/data |
|
||||
|
||||
Last 8 bytes in application space are occupied by bootloader flags - app
|
||||
authorization and bootloader activation flag.
|
||||
Memory layout of device:
|
||||
20 KB 198KB-8 38 KB
|
||||
| bootloader | application | secrets/data |
|
||||
*/
|
||||
|
||||
/* Current firmware version number is concatenated to the firmware code - see .flag marker */
|
||||
/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */
|
||||
|
||||
MEMORY
|
||||
{
|
||||
flash (rx) : ORIGIN = 0x08000000 + 20K, LENGTH = 216K - 20K - 8
|
||||
flash (rx) : ORIGIN = 0x08005000, LENGTH = 198K - 8
|
||||
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
|
||||
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
|
||||
}
|
||||
@ -63,12 +56,6 @@ SECTIONS
|
||||
_edata = .;
|
||||
} >ram AT> flash
|
||||
|
||||
.flag :
|
||||
{
|
||||
. = ALIGN(8);
|
||||
KEEP(*(.flag)) ;
|
||||
} > flash
|
||||
|
||||
.bss :
|
||||
{
|
||||
. = ALIGN(4);
|
||||
|
||||
@ -12,22 +12,9 @@ _estack = 0x2000c000;
|
||||
|
||||
_MIN_STACK_SIZE = 0x400;
|
||||
|
||||
/*
|
||||
len | 32 KB/16p| 184KB-8-8/92p | 2kB/1p | 38 KB/19p |
|
||||
pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB |
|
||||
posp | 0-16 | 16-113 | 113-114 | 113-128 |
|
||||
desc | bootloader | application | bootloader data | secrets/data |
|
||||
|
||||
Last 8 bytes in application space are occupied by bootloader flags - app
|
||||
authorization and bootloader activation flag.
|
||||
*/
|
||||
|
||||
/* Current firmware version number is concatenated to the firmware code - see .flag marker */
|
||||
/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */
|
||||
|
||||
MEMORY
|
||||
{
|
||||
flash (rx) : ORIGIN = 0x08000000 + 20K + 12K, LENGTH = 216K - 20K - 12K - 8
|
||||
flash (rx) : ORIGIN = 0x08008000, LENGTH = 186K - 8
|
||||
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
|
||||
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
|
||||
}
|
||||
@ -63,12 +50,6 @@ SECTIONS
|
||||
_edata = .;
|
||||
} >ram AT> flash
|
||||
|
||||
.flag :
|
||||
{
|
||||
. = ALIGN(8);
|
||||
KEEP(*(.flag)) ;
|
||||
} > flash
|
||||
|
||||
.bss :
|
||||
{
|
||||
. = ALIGN(4);
|
||||
|
||||
@ -410,8 +410,7 @@ void authenticator_write_state(AuthenticatorState * a, int backup)
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(IS_BOOTLOADER)
|
||||
uint32_t ctap_atomic_count(uint32_t amount)
|
||||
uint32_t ctap_atomic_count(int sel)
|
||||
{
|
||||
int offset = 0;
|
||||
uint32_t * ptr = (uint32_t *)flash_addr(COUNTER1_PAGE);
|
||||
@ -426,12 +425,10 @@ uint32_t ctap_atomic_count(uint32_t amount)
|
||||
|
||||
uint32_t lastc = 0;
|
||||
|
||||
if (amount == 0)
|
||||
if (sel != 0)
|
||||
{
|
||||
// Use a random count [1-16].
|
||||
uint8_t rng[1];
|
||||
ctap_generate_rng(rng, 1);
|
||||
amount = (rng[0] & 0x0f) + 1;
|
||||
printf2(TAG_ERR,"counter2 not imple\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
for (offset = 0; offset < PAGE_SIZE/4; offset += 2) // wear-level the flash
|
||||
@ -464,7 +461,7 @@ uint32_t ctap_atomic_count(uint32_t amount)
|
||||
return lastc;
|
||||
}
|
||||
|
||||
lastc += amount;
|
||||
lastc++;
|
||||
|
||||
if (lastc/256 > erases)
|
||||
{
|
||||
@ -502,7 +499,7 @@ uint32_t ctap_atomic_count(uint32_t amount)
|
||||
|
||||
return lastc;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
void device_manage(void)
|
||||
|
||||
@ -37,33 +37,10 @@
|
||||
|
||||
// End of application code. Leave some extra room for future data storage.
|
||||
// NOT included in application
|
||||
#define APPLICATION_END_PAGE ((PAGES - 20))
|
||||
#define APPLICATION_END_PAGE ((PAGES - 19))
|
||||
#define APPLICATION_END_ADDR ((0x08000000 + ((APPLICATION_END_PAGE)*PAGE_SIZE))-8)
|
||||
|
||||
// Bootloader state.
|
||||
#define AUTH_WORD_ADDR (APPLICATION_END_ADDR)
|
||||
|
||||
#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8)
|
||||
#define BOOT_VERSION_PAGE (APPLICATION_END_PAGE)
|
||||
#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8)
|
||||
#define LAST_PAGE (APPLICATION_END_PAGE-1)
|
||||
|
||||
|
||||
struct flash_memory_st{
|
||||
uint8_t bootloader[APPLICATION_START_PAGE*2*1024];
|
||||
uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-8];
|
||||
uint8_t auth_word[4];
|
||||
uint8_t bootloader_disabled[4];
|
||||
// place for more user data
|
||||
uint8_t _reserved_application_end_mark[8];
|
||||
uint8_t bootloader_data[2*1024-8];
|
||||
uint8_t user_data[38*1024];
|
||||
} __attribute__((packed));
|
||||
|
||||
typedef struct flash_memory_st flash_memory_st;
|
||||
|
||||
#include <assert.h>
|
||||
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user