Compare commits
14 Commits
fixb_build
...
cap_button
Author | SHA1 | Date | |
---|---|---|---|
fd9a4fd6b3 | |||
d5c30eca7c | |||
b3ac739a35 | |||
3b53537077 | |||
3fad9a7a7d | |||
8973608f59 | |||
8af6505f6d | |||
d39d7978fd | |||
c972a13034 | |||
a95e62e2ea | |||
c79b7abfb6 | |||
dfb124dc8b | |||
972760eb78 | |||
0d621d13f9 |
@ -168,6 +168,16 @@
|
|||||||
"infra",
|
"infra",
|
||||||
"tool"
|
"tool"
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"login": "kimusan",
|
||||||
|
"name": "Kim Schulz",
|
||||||
|
"avatar_url": "https://avatars1.githubusercontent.com/u/1150049?v=4",
|
||||||
|
"profile": "http://www.schulz.dk",
|
||||||
|
"contributions": [
|
||||||
|
"business",
|
||||||
|
"ideas"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"contributorsPerLine": 7,
|
"contributorsPerLine": 7,
|
||||||
|
@ -134,6 +134,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
|
|||||||
<td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
|
<td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
|
||||||
<td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
|
<td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
|
||||||
<td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
|
<td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
|
||||||
|
<td align="center"><a href="http://www.schulz.dk"><img src="https://avatars1.githubusercontent.com/u/1150049?v=4" width="100px;" alt="Kim Schulz"/><br /><sub><b>Kim Schulz</b></sub></a><br /><a href="#business-kimusan" title="Business development">💼</a> <a href="#ideas-kimusan" title="Ideas, Planning, & Feedback">🤔</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
@ -167,7 +168,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
|
|||||||
<br/>
|
<br/>
|
||||||
|
|
||||||
[](https://github.com/solokeys/solo/blob/master/LICENSE)
|
[](https://github.com/solokeys/solo/blob/master/LICENSE)
|
||||||
[](#contributors)
|
[](#contributors)
|
||||||
[](https://travis-ci.com/solokeys/solo)
|
[](https://travis-ci.com/solokeys/solo)
|
||||||
[](https://discourse.solokeys.com)
|
[](https://discourse.solokeys.com)
|
||||||
[](https://keybase.io/team/solokeys.public)
|
[](https://keybase.io/team/solokeys.public)
|
||||||
|
@ -42,6 +42,10 @@ extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
|
|||||||
#define APDU_FIDO_U2F_AUTHENTICATE 0x02
|
#define APDU_FIDO_U2F_AUTHENTICATE 0x02
|
||||||
#define APDU_FIDO_U2F_VERSION 0x03
|
#define APDU_FIDO_U2F_VERSION 0x03
|
||||||
#define APDU_FIDO_NFCCTAP_MSG 0x10
|
#define APDU_FIDO_NFCCTAP_MSG 0x10
|
||||||
|
#define APDU_FIDO_U2F_VENDOR_FIRST 0xc0 // First vendor defined command
|
||||||
|
#define APDU_FIDO_U2F_VENDOR_LAST 0xff // Last vendor defined command
|
||||||
|
#define APDU_SOLO_RESET 0xee
|
||||||
|
|
||||||
#define APDU_INS_SELECT 0xA4
|
#define APDU_INS_SELECT 0xA4
|
||||||
#define APDU_INS_READ_BINARY 0xB0
|
#define APDU_INS_READ_BINARY 0xB0
|
||||||
#define APDU_GET_RESPONSE 0xC0
|
#define APDU_GET_RESPONSE 0xC0
|
||||||
|
41
fido2/ctap.c
41
fido2/ctap.c
@ -437,7 +437,19 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
|
|||||||
static int ctap2_user_presence_test()
|
static int ctap2_user_presence_test()
|
||||||
{
|
{
|
||||||
device_set_status(CTAPHID_STATUS_UPNEEDED);
|
device_set_status(CTAPHID_STATUS_UPNEEDED);
|
||||||
return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
|
int ret = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
|
||||||
|
if ( ret > 0 )
|
||||||
|
{
|
||||||
|
return CTAP1_ERR_SUCCESS;
|
||||||
|
}
|
||||||
|
else if (ret < 0)
|
||||||
|
{
|
||||||
|
return CTAP2_ERR_KEEPALIVE_CANCEL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return CTAP2_ERR_ACTION_TIMEOUT;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
|
static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
|
||||||
@ -470,15 +482,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
|
|||||||
int but;
|
int but;
|
||||||
|
|
||||||
but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
|
but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
|
||||||
|
check_retr(but);
|
||||||
if (!but)
|
|
||||||
{
|
|
||||||
return CTAP2_ERR_OPERATION_DENIED;
|
|
||||||
}
|
|
||||||
else if (but < 0) // Cancel
|
|
||||||
{
|
|
||||||
return CTAP2_ERR_KEEPALIVE_CANCEL;
|
|
||||||
}
|
|
||||||
|
|
||||||
device_set_status(CTAPHID_STATUS_PROCESSING);
|
device_set_status(CTAPHID_STATUS_PROCESSING);
|
||||||
|
|
||||||
@ -707,10 +711,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
|
|||||||
}
|
}
|
||||||
if (MC.pinAuthEmpty)
|
if (MC.pinAuthEmpty)
|
||||||
{
|
{
|
||||||
if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
|
check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) );
|
||||||
{
|
|
||||||
return CTAP2_ERR_OPERATION_DENIED;
|
|
||||||
}
|
|
||||||
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
|
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
|
||||||
}
|
}
|
||||||
if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
|
if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
|
||||||
@ -1143,10 +1144,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
|
|||||||
|
|
||||||
if (GA.pinAuthEmpty)
|
if (GA.pinAuthEmpty)
|
||||||
{
|
{
|
||||||
if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
|
check_retr( ctap2_user_presence_test(CTAP2_UP_DELAY_MS) );
|
||||||
{
|
|
||||||
return CTAP2_ERR_OPERATION_DENIED;
|
|
||||||
}
|
|
||||||
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
|
return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
|
||||||
}
|
}
|
||||||
if (GA.pinAuthPresent)
|
if (GA.pinAuthPresent)
|
||||||
@ -1656,14 +1654,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
|
|||||||
break;
|
break;
|
||||||
case CTAP_RESET:
|
case CTAP_RESET:
|
||||||
printf1(TAG_CTAP,"CTAP_RESET\n");
|
printf1(TAG_CTAP,"CTAP_RESET\n");
|
||||||
if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
|
status = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);
|
||||||
|
if (status == CTAP1_ERR_SUCCESS)
|
||||||
{
|
{
|
||||||
ctap_reset();
|
ctap_reset();
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
status = CTAP2_ERR_OPERATION_DENIED;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case GET_NEXT_ASSERTION:
|
case GET_NEXT_ASSERTION:
|
||||||
printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n");
|
printf1(TAG_CTAP,"CTAP_NEXT_ASSERTION\n");
|
||||||
|
@ -131,7 +131,7 @@
|
|||||||
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
|
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
|
||||||
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot
|
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot
|
||||||
|
|
||||||
#define CTAP2_UP_DELAY_MS 5000
|
#define CTAP2_UP_DELAY_MS 29000
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
|
@ -49,6 +49,7 @@
|
|||||||
#define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37
|
#define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37
|
||||||
#define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38
|
#define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38
|
||||||
#define CTAP2_ERR_REQUEST_TOO_LARGE 0x39
|
#define CTAP2_ERR_REQUEST_TOO_LARGE 0x39
|
||||||
|
#define CTAP2_ERR_ACTION_TIMEOUT 0x3A
|
||||||
#define CTAP1_ERR_OTHER 0x7F
|
#define CTAP1_ERR_OTHER 0x7F
|
||||||
#define CTAP2_ERR_SPEC_LAST 0xDF
|
#define CTAP2_ERR_SPEC_LAST 0xDF
|
||||||
#define CTAP2_ERR_EXTENSION_FIRST 0xE0
|
#define CTAP2_ERR_EXTENSION_FIRST 0xE0
|
||||||
|
@ -30,6 +30,7 @@ void main_loop_delay();
|
|||||||
|
|
||||||
void heartbeat();
|
void heartbeat();
|
||||||
|
|
||||||
|
void device_reboot();
|
||||||
|
|
||||||
void authenticator_read_state(AuthenticatorState * );
|
void authenticator_read_state(AuthenticatorState * );
|
||||||
|
|
||||||
|
@ -43,7 +43,11 @@ void device_set_status(uint32_t status)
|
|||||||
__device_status = status;
|
__device_status = status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void device_reboot()
|
||||||
|
{
|
||||||
|
printf1(TAG_RED, "REBOOT command recieved!\r\n");
|
||||||
|
exit(100);
|
||||||
|
}
|
||||||
|
|
||||||
int udp_server()
|
int udp_server()
|
||||||
{
|
{
|
||||||
|
@ -55,11 +55,43 @@ static int is_physical_button_pressed()
|
|||||||
|
|
||||||
static int is_touch_button_pressed()
|
static int is_touch_button_pressed()
|
||||||
{
|
{
|
||||||
return tsc_read_button(0) || tsc_read_button(1);
|
int is_pressed = (tsc_read_button(0) || tsc_read_button(1));
|
||||||
|
#ifndef IS_BOOTLOADER
|
||||||
|
if (is_pressed)
|
||||||
|
{
|
||||||
|
// delay for debounce, and longer than polling timer period.
|
||||||
|
delay(95);
|
||||||
|
return (tsc_read_button(0) || tsc_read_button(1));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
return is_pressed;
|
||||||
}
|
}
|
||||||
|
|
||||||
int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;
|
int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;
|
||||||
|
|
||||||
|
static void edge_detect_touch_button()
|
||||||
|
{
|
||||||
|
static uint8_t last_touch = 0;
|
||||||
|
uint8_t current_touch = 0;
|
||||||
|
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
|
||||||
|
{
|
||||||
|
current_touch = (tsc_read_button(0) || tsc_read_button(1));
|
||||||
|
|
||||||
|
// 1 sample per 25 ms
|
||||||
|
if ((millis() - __last_button_bounce_time) > 25)
|
||||||
|
{
|
||||||
|
// Detect "touch / rising edge"
|
||||||
|
if (!last_touch && current_touch)
|
||||||
|
{
|
||||||
|
__last_button_press_time = millis();
|
||||||
|
}
|
||||||
|
__last_button_bounce_time = millis();
|
||||||
|
last_touch = current_touch;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
void request_from_nfc(bool request_active) {
|
void request_from_nfc(bool request_active) {
|
||||||
_RequestComeFromNFC = request_active;
|
_RequestComeFromNFC = request_active;
|
||||||
}
|
}
|
||||||
@ -78,19 +110,7 @@ void TIM6_DAC_IRQHandler()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
edge_detect_touch_button();
|
||||||
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
|
|
||||||
{
|
|
||||||
if (IS_BUTTON_PRESSED())
|
|
||||||
{
|
|
||||||
// Only allow 1 press per 25 ms.
|
|
||||||
if ((millis() - __last_button_bounce_time) > 25)
|
|
||||||
{
|
|
||||||
__last_button_press_time = millis();
|
|
||||||
}
|
|
||||||
__last_button_bounce_time = millis();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef IS_BOOTLOADER
|
#ifndef IS_BOOTLOADER
|
||||||
// NFC sending WTX if needs
|
// NFC sending WTX if needs
|
||||||
@ -142,7 +162,6 @@ void device_set_status(uint32_t status)
|
|||||||
|
|
||||||
int device_is_button_pressed()
|
int device_is_button_pressed()
|
||||||
{
|
{
|
||||||
|
|
||||||
return IS_BUTTON_PRESSED();
|
return IS_BUTTON_PRESSED();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -520,13 +520,261 @@ int select_applet(uint8_t * aid, int len)
|
|||||||
return APP_NOTHING;
|
return APP_NOTHING;
|
||||||
}
|
}
|
||||||
|
|
||||||
void nfc_process_iblock(uint8_t * buf, int len)
|
void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
|
||||||
{
|
{
|
||||||
int selected;
|
int selected;
|
||||||
CTAP_RESPONSE ctap_resp;
|
CTAP_RESPONSE ctap_resp;
|
||||||
int status;
|
int status;
|
||||||
uint16_t reslen;
|
uint16_t reslen;
|
||||||
|
|
||||||
|
// check CLA
|
||||||
|
if (apdu->cla != 0x00 && apdu->cla != 0x80) {
|
||||||
|
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu->cla);
|
||||||
|
nfc_write_response(buf0, SW_CLA_INVALID);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO this needs to be organized better
|
||||||
|
switch(apdu->ins)
|
||||||
|
{
|
||||||
|
// ISO 7816. 7.1 GET RESPONSE command
|
||||||
|
case APDU_GET_RESPONSE:
|
||||||
|
if (apdu->p1 != 0x00 || apdu->p2 != 0x00)
|
||||||
|
{
|
||||||
|
nfc_write_response(buf0, SW_INCORRECT_P1P2);
|
||||||
|
printf1(TAG_NFC, "P1 or P2 error\r\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// too many bytes needs. 0x00 and 0x100 - any length
|
||||||
|
if (apdu->le != 0 && apdu->le != 0x100 && apdu->le > chain_buffer_len)
|
||||||
|
{
|
||||||
|
uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700
|
||||||
|
if (chain_buffer_len <= 0xff)
|
||||||
|
wlresp += chain_buffer_len & 0xff;
|
||||||
|
nfc_write_response(buf0, wlresp);
|
||||||
|
printf1(TAG_NFC, "buffer length less than requesteds\r\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// create temporary packet
|
||||||
|
uint8_t pck[255] = {0};
|
||||||
|
size_t pcklen = 253;
|
||||||
|
if (apdu->le)
|
||||||
|
pcklen = apdu->le;
|
||||||
|
if (pcklen > chain_buffer_len)
|
||||||
|
pcklen = chain_buffer_len;
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len);
|
||||||
|
|
||||||
|
// create packet and add 61XX there if we have another portion(s) of data
|
||||||
|
memmove(pck, chain_buffer, pcklen);
|
||||||
|
size_t dlen = 0;
|
||||||
|
if (chain_buffer_len - pcklen)
|
||||||
|
{
|
||||||
|
append_get_response(&pck[pcklen], chain_buffer_len - pcklen);
|
||||||
|
dlen = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
// send
|
||||||
|
nfc_write_response_chaining_plain(buf0, pck, pcklen + dlen); // dlen for 61XX
|
||||||
|
|
||||||
|
// shift the buffer
|
||||||
|
chain_buffer_len -= pcklen;
|
||||||
|
memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_INS_SELECT:
|
||||||
|
// if (apdu->p1 == 0 && apdu->p2 == 0x0c)
|
||||||
|
// {
|
||||||
|
// printf1(TAG_NFC,"Select NDEF\r\n");
|
||||||
|
//
|
||||||
|
// NFC_STATE.selected_applet = APP_NDEF_TAG;
|
||||||
|
// // Select NDEF file!
|
||||||
|
// res[0] = NFC_CMD_IBLOCK | (buf[0] & 1);
|
||||||
|
// res[1] = SW_SUCCESS>>8;
|
||||||
|
// res[2] = SW_SUCCESS & 0xff;
|
||||||
|
// nfc_write_frame(res, 3);
|
||||||
|
// printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3);
|
||||||
|
// }
|
||||||
|
// else
|
||||||
|
{
|
||||||
|
selected = select_applet(apdu->data, apdu->lc);
|
||||||
|
if (selected == APP_FIDO)
|
||||||
|
{
|
||||||
|
nfc_write_response_ex(buf0, (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
|
||||||
|
printf1(TAG_NFC, "FIDO applet selected.\r\n");
|
||||||
|
}
|
||||||
|
else if (selected != APP_NOTHING)
|
||||||
|
{
|
||||||
|
nfc_write_response(buf0, SW_SUCCESS);
|
||||||
|
printf1(TAG_NFC, "SELECTED %d\r\n", selected);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
|
||||||
|
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu->data, apdu->lc);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_FIDO_U2F_VERSION:
|
||||||
|
if (NFC_STATE.selected_applet != APP_FIDO) {
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "U2F GetVersion command.\r\n");
|
||||||
|
|
||||||
|
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
|
||||||
|
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_FIDO_U2F_REGISTER:
|
||||||
|
if (NFC_STATE.selected_applet != APP_FIDO) {
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "U2F Register command.\r\n");
|
||||||
|
|
||||||
|
if (apdu->lc != 64)
|
||||||
|
{
|
||||||
|
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu->lc);
|
||||||
|
nfc_write_response(buf0, SW_WRONG_LENGTH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
timestamp();
|
||||||
|
|
||||||
|
|
||||||
|
// WTX_on(WTX_TIME_DEFAULT);
|
||||||
|
// SystemClock_Config_LF32();
|
||||||
|
// delay(300);
|
||||||
|
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
|
||||||
|
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
|
||||||
|
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
|
||||||
|
// if (!WTX_off())
|
||||||
|
// return;
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
|
||||||
|
printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
|
||||||
|
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
|
||||||
|
|
||||||
|
printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_FIDO_U2F_AUTHENTICATE:
|
||||||
|
if (NFC_STATE.selected_applet != APP_FIDO) {
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "U2F Authenticate command.\r\n");
|
||||||
|
|
||||||
|
if (apdu->lc != 64 + 1 + apdu->data[64])
|
||||||
|
{
|
||||||
|
delay(5);
|
||||||
|
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu->lc, apdu->data[64]);
|
||||||
|
nfc_write_response(buf0, SW_WRONG_LENGTH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
timestamp();
|
||||||
|
// WTX_on(WTX_TIME_DEFAULT);
|
||||||
|
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
|
||||||
|
// if (!WTX_off())
|
||||||
|
// return;
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
|
||||||
|
printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
|
||||||
|
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
|
||||||
|
printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_FIDO_NFCCTAP_MSG:
|
||||||
|
if (NFC_STATE.selected_applet != APP_FIDO) {
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
|
||||||
|
|
||||||
|
// WTX_on(WTX_TIME_DEFAULT);
|
||||||
|
request_from_nfc(true);
|
||||||
|
ctap_response_init(&ctap_resp);
|
||||||
|
status = ctap_request(apdu->data, apdu->lc, &ctap_resp);
|
||||||
|
request_from_nfc(false);
|
||||||
|
// if (!WTX_off())
|
||||||
|
// return;
|
||||||
|
|
||||||
|
printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length);
|
||||||
|
|
||||||
|
if (status == CTAP1_ERR_SUCCESS)
|
||||||
|
{
|
||||||
|
memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length);
|
||||||
|
ctap_resp.length += 3;
|
||||||
|
} else {
|
||||||
|
ctap_resp.length = 3;
|
||||||
|
}
|
||||||
|
ctap_resp.data[0] = status;
|
||||||
|
ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8;
|
||||||
|
ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
|
||||||
|
|
||||||
|
printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
|
||||||
|
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
|
||||||
|
printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_INS_READ_BINARY:
|
||||||
|
// response length
|
||||||
|
reslen = apdu->le & 0xffff;
|
||||||
|
switch(NFC_STATE.selected_applet)
|
||||||
|
{
|
||||||
|
case APP_CAPABILITY_CONTAINER:
|
||||||
|
printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
|
||||||
|
if (reslen == 0 || reslen > sizeof(NFC_CC))
|
||||||
|
reslen = sizeof(NFC_CC);
|
||||||
|
nfc_write_response_ex(buf0, (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
|
||||||
|
ams_wait_for_tx(10);
|
||||||
|
break;
|
||||||
|
case APP_NDEF_TAG:
|
||||||
|
printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
|
||||||
|
if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
|
||||||
|
reslen = sizeof(NDEF_SAMPLE) - 1;
|
||||||
|
nfc_write_response_ex(buf0, NDEF_SAMPLE, reslen, SW_SUCCESS);
|
||||||
|
ams_wait_for_tx(10);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
|
||||||
|
printf1(TAG_ERR, "No binary applet selected!\r\n");
|
||||||
|
return;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case APDU_SOLO_RESET:
|
||||||
|
if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) {
|
||||||
|
printf1(TAG_NFC, "Reset...\r\n");
|
||||||
|
nfc_write_response(buf0, SW_SUCCESS);
|
||||||
|
delay(20);
|
||||||
|
device_reboot();
|
||||||
|
while(1);
|
||||||
|
} else {
|
||||||
|
printf1(TAG_NFC, "Reset FAIL\r\n");
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins);
|
||||||
|
nfc_write_response(buf0, SW_INS_INVALID);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void nfc_process_iblock(uint8_t * buf, int len)
|
||||||
|
{
|
||||||
uint8_t block_offset = p14443_block_offset(buf[0]);
|
uint8_t block_offset = p14443_block_offset(buf[0]);
|
||||||
|
|
||||||
// clear tx chain buffer if we have some other command than GET RESPONSE
|
// clear tx chain buffer if we have some other command than GET RESPONSE
|
||||||
@ -569,240 +817,8 @@ void nfc_process_iblock(uint8_t * buf, int len)
|
|||||||
printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc);
|
printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc);
|
||||||
}
|
}
|
||||||
|
|
||||||
// check CLA
|
|
||||||
if (apdu.cla != 0x00 && apdu.cla != 0x80) {
|
|
||||||
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla);
|
|
||||||
nfc_write_response(buf[0], SW_CLA_INVALID);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO this needs to be organized better
|
apdu_process(buf[0], &buf[block_offset], &apdu);
|
||||||
switch(apdu.ins)
|
|
||||||
{
|
|
||||||
// ISO 7816. 7.1 GET RESPONSE command
|
|
||||||
case APDU_GET_RESPONSE:
|
|
||||||
if (apdu.p1 != 0x00 || apdu.p2 != 0x00)
|
|
||||||
{
|
|
||||||
nfc_write_response(buf[0], SW_INCORRECT_P1P2);
|
|
||||||
printf1(TAG_NFC, "P1 or P2 error\r\n");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// too many bytes needs. 0x00 and 0x100 - any length
|
|
||||||
if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > chain_buffer_len)
|
|
||||||
{
|
|
||||||
uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700
|
|
||||||
if (chain_buffer_len <= 0xff)
|
|
||||||
wlresp += chain_buffer_len & 0xff;
|
|
||||||
nfc_write_response(buf[0], wlresp);
|
|
||||||
printf1(TAG_NFC, "buffer length less than requesteds\r\n");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// create temporary packet
|
|
||||||
uint8_t pck[255] = {0};
|
|
||||||
size_t pcklen = 253;
|
|
||||||
if (apdu.le)
|
|
||||||
pcklen = apdu.le;
|
|
||||||
if (pcklen > chain_buffer_len)
|
|
||||||
pcklen = chain_buffer_len;
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "GET RESPONSE. pck len: %d buffer len: %d\r\n", pcklen, chain_buffer_len);
|
|
||||||
|
|
||||||
// create packet and add 61XX there if we have another portion(s) of data
|
|
||||||
memmove(pck, chain_buffer, pcklen);
|
|
||||||
size_t dlen = 0;
|
|
||||||
if (chain_buffer_len - pcklen)
|
|
||||||
{
|
|
||||||
append_get_response(&pck[pcklen], chain_buffer_len - pcklen);
|
|
||||||
dlen = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
// send
|
|
||||||
nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX
|
|
||||||
|
|
||||||
// shift the buffer
|
|
||||||
chain_buffer_len -= pcklen;
|
|
||||||
memmove(chain_buffer, &chain_buffer[pcklen], chain_buffer_len);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_INS_SELECT:
|
|
||||||
// if (apdu->p1 == 0 && apdu->p2 == 0x0c)
|
|
||||||
// {
|
|
||||||
// printf1(TAG_NFC,"Select NDEF\r\n");
|
|
||||||
//
|
|
||||||
// NFC_STATE.selected_applet = APP_NDEF_TAG;
|
|
||||||
// // Select NDEF file!
|
|
||||||
// res[0] = NFC_CMD_IBLOCK | (buf[0] & 1);
|
|
||||||
// res[1] = SW_SUCCESS>>8;
|
|
||||||
// res[2] = SW_SUCCESS & 0xff;
|
|
||||||
// nfc_write_frame(res, 3);
|
|
||||||
// printf1(TAG_NFC,"<< "); dump_hex1(TAG_NFC,res, 3);
|
|
||||||
// }
|
|
||||||
// else
|
|
||||||
{
|
|
||||||
selected = select_applet(apdu.data, apdu.lc);
|
|
||||||
if (selected == APP_FIDO)
|
|
||||||
{
|
|
||||||
nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
|
|
||||||
printf1(TAG_NFC, "FIDO applet selected.\r\n");
|
|
||||||
}
|
|
||||||
else if (selected != APP_NOTHING)
|
|
||||||
{
|
|
||||||
nfc_write_response(buf[0], SW_SUCCESS);
|
|
||||||
printf1(TAG_NFC, "SELECTED %d\r\n", selected);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
|
|
||||||
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu.data, apdu.lc);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_FIDO_U2F_VERSION:
|
|
||||||
if (NFC_STATE.selected_applet != APP_FIDO) {
|
|
||||||
nfc_write_response(buf[0], SW_INS_INVALID);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "U2F GetVersion command.\r\n");
|
|
||||||
|
|
||||||
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
|
|
||||||
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_FIDO_U2F_REGISTER:
|
|
||||||
if (NFC_STATE.selected_applet != APP_FIDO) {
|
|
||||||
nfc_write_response(buf[0], SW_INS_INVALID);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "U2F Register command.\r\n");
|
|
||||||
|
|
||||||
if (apdu.lc != 64)
|
|
||||||
{
|
|
||||||
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu.lc);
|
|
||||||
nfc_write_response(buf[0], SW_WRONG_LENGTH);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
timestamp();
|
|
||||||
|
|
||||||
|
|
||||||
// WTX_on(WTX_TIME_DEFAULT);
|
|
||||||
// SystemClock_Config_LF32();
|
|
||||||
// delay(300);
|
|
||||||
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
|
|
||||||
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
|
|
||||||
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
|
|
||||||
// if (!WTX_off())
|
|
||||||
// return;
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
|
|
||||||
printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
|
|
||||||
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
|
|
||||||
|
|
||||||
printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_FIDO_U2F_AUTHENTICATE:
|
|
||||||
if (NFC_STATE.selected_applet != APP_FIDO) {
|
|
||||||
nfc_write_response(buf[0], SW_INS_INVALID);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "U2F Authenticate command.\r\n");
|
|
||||||
|
|
||||||
if (apdu.lc != 64 + 1 + apdu.data[64])
|
|
||||||
{
|
|
||||||
delay(5);
|
|
||||||
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu.lc, apdu.data[64]);
|
|
||||||
nfc_write_response(buf[0], SW_WRONG_LENGTH);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
timestamp();
|
|
||||||
// WTX_on(WTX_TIME_DEFAULT);
|
|
||||||
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
|
|
||||||
// if (!WTX_off())
|
|
||||||
// return;
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
|
|
||||||
printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
|
|
||||||
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
|
|
||||||
printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_FIDO_NFCCTAP_MSG:
|
|
||||||
if (NFC_STATE.selected_applet != APP_FIDO) {
|
|
||||||
nfc_write_response(buf[0], SW_INS_INVALID);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
|
|
||||||
|
|
||||||
// WTX_on(WTX_TIME_DEFAULT);
|
|
||||||
request_from_nfc(true);
|
|
||||||
ctap_response_init(&ctap_resp);
|
|
||||||
delay(1);
|
|
||||||
printf1(TAG_NFC,"[%d] ", apdu.lc);
|
|
||||||
dump_hex1(TAG_NFC,apdu.data, apdu.lc);
|
|
||||||
status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
|
|
||||||
request_from_nfc(false);
|
|
||||||
// if (!WTX_off())
|
|
||||||
// return;
|
|
||||||
|
|
||||||
printf1(TAG_NFC, "CTAP resp: 0x%02x len: %d\r\n", status, ctap_resp.length);
|
|
||||||
|
|
||||||
if (status == CTAP1_ERR_SUCCESS)
|
|
||||||
{
|
|
||||||
memmove(&ctap_resp.data[1], &ctap_resp.data[0], ctap_resp.length);
|
|
||||||
ctap_resp.length += 3;
|
|
||||||
} else {
|
|
||||||
ctap_resp.length = 3;
|
|
||||||
}
|
|
||||||
ctap_resp.data[0] = status;
|
|
||||||
ctap_resp.data[ctap_resp.length - 2] = SW_SUCCESS >> 8;
|
|
||||||
ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
|
|
||||||
|
|
||||||
printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
|
|
||||||
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
|
|
||||||
printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
|
|
||||||
break;
|
|
||||||
|
|
||||||
case APDU_INS_READ_BINARY:
|
|
||||||
// response length
|
|
||||||
reslen = apdu.le & 0xffff;
|
|
||||||
switch(NFC_STATE.selected_applet)
|
|
||||||
{
|
|
||||||
case APP_CAPABILITY_CONTAINER:
|
|
||||||
printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
|
|
||||||
if (reslen == 0 || reslen > sizeof(NFC_CC))
|
|
||||||
reslen = sizeof(NFC_CC);
|
|
||||||
nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
|
|
||||||
ams_wait_for_tx(10);
|
|
||||||
break;
|
|
||||||
case APP_NDEF_TAG:
|
|
||||||
printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
|
|
||||||
if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
|
|
||||||
reslen = sizeof(NDEF_SAMPLE) - 1;
|
|
||||||
nfc_write_response_ex(buf[0], NDEF_SAMPLE, reslen, SW_SUCCESS);
|
|
||||||
ams_wait_for_tx(10);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
|
|
||||||
printf1(TAG_ERR, "No binary applet selected!\r\n");
|
|
||||||
return;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu.ins);
|
|
||||||
nfc_write_response(buf[0], SW_INS_INVALID);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf1(TAG_NFC,"prev.Iblock: ");
|
printf1(TAG_NFC,"prev.Iblock: ");
|
||||||
dump_hex1(TAG_NFC, buf, len);
|
dump_hex1(TAG_NFC, buf, len);
|
||||||
|
Reference in New Issue
Block a user