shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Compare commits

base: shimun:master
Branches Tags
shimun:master
shimun:master-old
shimun:reset-timeout
shimun:max_enumeration_issue
shimun:hmac-secret-uv
shimun:cred_dfs
shimun:rgerganov-cred-meta-fix
shimun:fix_version_in_build
shimun:cbor_safety
shimun:backup_improvements
shimun:b3.1.1
shimun:aaguid_cert_update
shimun:library_refactor
shimun:all-contributors/add-Nitrokey
shimun:bump3.0.0
shimun:all-contributors/add-ccinelli
shimun:simplify_build
shimun:move_certs_and_lock_to_data
shimun:fido2_on_u2f
shimun:redue_bootloader_size
shimun:all-contributors/add-jolo1581
shimun:key-backup
shimun:ctap2_issues
shimun:nfc_conformance
shimun:all-contributors/add-oplik0
shimun:ccid
shimun:cap_button_delay
shimun:all-contributors/add-kimusan
shimun:fixb_build
shimun:update-udev-docs
shimun:nfc_fido2_fixes
shimun:documentation_improvements
shimun:bump_2.4.3
shimun:fix_cdc_interfaces
shimun:cache_button
shimun:merlokk-pps_impl
shimun:all-contributors/add-szszszsz
shimun:windows_hello_error_codes
shimun:fix-hmac-secret
shimun:fault_tolerance
shimun:extapdu
shimun:sanitize
shimun:persistedkey
shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n
shimun:4.0.0
shimun:3.1.3
shimun:3.1.2
shimun:3.1.1
shimun:3.1.0
shimun:3.0.1
shimun:3.0.0
shimun:2.5.3
shimun:2.5.2
shimun:2.5.1
shimun:2.5.0
shimun:2.4.3
shimun:2.4.2
shimun:2.4.1
shimun:2.4.0
shimun:2.3.0
shimun:2.2.2
shimun:2.2.1
shimun:2.2.0
shimun:2.1.0
shimun:2.0.0
shimun:1.1.1
shimun:1.1.0
shimun:1.0.2
shimun:1.0.1
shimun:basic-hacker-build
shimun:fido2-cert
..
compare: shimun:fixb_build
Branches Tags
shimun:master
shimun:master-old
shimun:reset-timeout
shimun:max_enumeration_issue
shimun:hmac-secret-uv
shimun:cred_dfs
shimun:rgerganov-cred-meta-fix
shimun:fix_version_in_build
shimun:cbor_safety
shimun:backup_improvements
shimun:b3.1.1
shimun:aaguid_cert_update
shimun:library_refactor
shimun:all-contributors/add-Nitrokey
shimun:bump3.0.0
shimun:all-contributors/add-ccinelli
shimun:simplify_build
shimun:move_certs_and_lock_to_data
shimun:fido2_on_u2f
shimun:redue_bootloader_size
shimun:all-contributors/add-jolo1581
shimun:key-backup
shimun:ctap2_issues
shimun:nfc_conformance
shimun:all-contributors/add-oplik0
shimun:ccid
shimun:cap_button_delay
shimun:all-contributors/add-kimusan
shimun:fixb_build
shimun:update-udev-docs
shimun:nfc_fido2_fixes
shimun:documentation_improvements
shimun:bump_2.4.3
shimun:fix_cdc_interfaces
shimun:cache_button
shimun:merlokk-pps_impl
shimun:all-contributors/add-szszszsz
shimun:windows_hello_error_codes
shimun:fix-hmac-secret
shimun:fault_tolerance
shimun:extapdu
shimun:sanitize
shimun:persistedkey
shimun:fido2-conformance
shimun:8lfp9n2gyxjssac4d2c7n5pcj1ydmg6n
shimun:4.0.0
shimun:3.1.3
shimun:3.1.2
shimun:3.1.1
shimun:3.1.0
shimun:3.0.1
shimun:3.0.0
shimun:2.5.3
shimun:2.5.2
shimun:2.5.1
shimun:2.5.0
shimun:2.4.3
shimun:2.4.2
shimun:2.4.1
shimun:2.4.0
shimun:2.3.0
shimun:2.2.2
shimun:2.2.1
shimun:2.2.0
shimun:2.1.0
shimun:2.0.0
shimun:1.1.1
shimun:1.1.0
shimun:1.0.2
shimun:1.0.1
shimun:basic-hacker-build
shimun:fido2-cert

2 Commits
master ... fixb_build

Author SHA1 Message Date
merlokk
ea6e9ab550 added APDU input chaining 2019-08-21 20:55:57 +03:00
merlokk
31c5b26eb5 fix decoding apdu 2019-08-21 17:30:37 +03:00
105 changed files with 2204 additions and 4657 deletions
Show Stats Expand all files Collapse all files

50
.all-contributorsrc
View File

@ -168,56 +168,6 @@
"infra",
"tool"
]
},
{
"login": "kimusan",
"name": "Kim Schulz",
"avatar_url": "https://avatars1.githubusercontent.com/u/1150049?v=4",
"profile": "http://www.schulz.dk",
"contributions": [
"business",
"ideas"
]
},
{
"login": "oplik0",
"name": "Jakub",
"avatar_url": "https://avatars2.githubusercontent.com/u/25460763?v=4",
"profile": "https://github.com/oplik0",
"contributions": [
"bug"
]
},
{
"login": "jolo1581",
"name": "Jan A.",
"avatar_url": "https://avatars1.githubusercontent.com/u/53423977?v=4",
"profile": "https://github.com/jolo1581",
"contributions": [
"code",
"doc"
]
},
{
"login": "ccinelli",
"name": "ccinelli",
"avatar_url": "https://avatars0.githubusercontent.com/u/38021940?v=4",
"profile": "https://github.com/ccinelli",
"contributions": [
"infra",
"test"
]
},
{
"login": "Nitrokey",
"name": "Nitrokey",
"avatar_url": "https://avatars1.githubusercontent.com/u/9438831?v=4",
"profile": "https://www.nitrokey.com",
"contributions": [
"code",
"test",
"ideas"
]
}
],
"contributorsPerLine": 7,

3
.gitignore vendored
View File

@ -34,8 +34,7 @@
*.app
*.i*86
*.x86_64
targets/*/*.hex
targets/*/*.sha2
*.hex
# Debug files
*.dSYM/

9
.travis.yml
View File

@ -6,15 +6,14 @@ addons:
sources:
- ubuntu-toolchain-r-test
packages:
- gcc-8
- gcc-7
- cppcheck
services:
- docker
before_install:
- sudo add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
- sudo apt-get update -q
- sudo apt-get install -y gcc-arm-embedded python3-venv
- sudo apt-get install -y gcc-arm-embedded
- sudo apt-get install -y python3-venv
script:
- export CC=gcc-8
- export CC=gcc-7
- pyenv shell 3.6.7
- make travis

61
Dockerfile
View File

@ -1,38 +1,33 @@
FROM debian:9.11-slim
FROM debian:stretch-slim
MAINTAINER SoloKeys <hello@solokeys.com>
# Install necessary packages
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
make \
wget \
bzip2 \
git \
&& rm -rf /var/lib/apt/lists/*
RUN apt-get update -qq
RUN apt-get install -qq bzip2 git make wget >/dev/null
# Install ARM compiler
RUN set -eux; \
url="https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2019q3/RC1.1/gcc-arm-none-eabi-8-2019-q3-update-linux.tar.bz2?revision=c34d758a-be0c-476e-a2de-af8c6e16a8a2?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,8-2019-q3-update"; \
wget -O gcc.tar.bz2 "$url"; \
echo "6341f11972dac8de185646d0fbd73bfc gcc.tar.bz2" | md5sum -c -; \
echo "b50b02b0a16e5aad8620e9d7c31110ef285c1dde28980b1a9448b764d77d8f92 gcc.tar.bz2" | sha256sum -c -; \
tar -C /opt -xf gcc.tar.bz2; \
rm gcc.tar.bz2;
# 1. ARM GCC: for compilation
RUN wget -q -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2?revision=d830f9dd-cd4f-406d-8672-cca9210dd220?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,8-2018-q4-major
# from website
RUN echo "f55f90d483ddb3bcf4dae5882c2094cd gcc.tar.bz2" > gcc.md5
RUN md5sum -c gcc.md5
# self-generated
RUN echo "fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52 gcc.tar.bz2" > gcc.sha256
RUN sha256sum -c gcc.sha256
RUN tar -C /opt -xf gcc.tar.bz2
# Python3.7: for solo-python (merging etc.)
RUN set -eux; \
url="https://repo.anaconda.com/miniconda/Miniconda3-4.5.12-Linux-x86_64.sh"; \
wget -O miniconda.sh "$url"; \
echo "866ae9dff53ad0874e1d1a60b1ad1ef8 miniconda.sh" | md5sum -c -; \
echo "e5e5b4cd2a918e0e96b395534222773f7241dc59d776db1b9f7fedfcb489157a miniconda.sh" | sha256sum -c -; \
bash ./miniconda.sh -b -p /opt/conda; \
ln -s /opt/conda/bin/python /usr/local/bin/python3; \
ln -s /opt/conda/bin/python /usr/local/bin/python; \
ln -s /opt/conda/bin/pip /usr/local/bin/pip3; \
ln -s /opt/conda/bin/pip /usr/local/bin/pip; \
rm miniconda.sh; \
pip install -U pip
# 2. Python3.7: for solo-python (merging etc.)
RUN wget -q -O miniconda.sh https://repo.anaconda.com/miniconda/Miniconda3-4.5.12-Linux-x86_64.sh
# from website
RUN echo "866ae9dff53ad0874e1d1a60b1ad1ef8 miniconda.sh" > miniconda.md5
RUN md5sum -c miniconda.md5
# self-generated
RUN echo "e5e5b4cd2a918e0e96b395534222773f7241dc59d776db1b9f7fedfcb489157a miniconda.sh" > miniconda.sha256
RUN sha256sum -c miniconda.sha256
# solo-python (Python3.7 script for merging etc.)
RUN pip install -U solo-python
RUN bash ./miniconda.sh -b -p /opt/conda
RUN ln -s /opt/conda/bin/python /usr/local/bin/python3
RUN ln -s /opt/conda/bin/python /usr/local/bin/python
RUN ln -s /opt/conda/bin/pip /usr/local/bin/pip3
RUN ln -s /opt/conda/bin/pip /usr/local/bin/pip
# 3. Source code
RUN git clone --recurse-submodules https://github.com/solokeys/solo /solo --config core.autocrlf=input

86
Makefile
View File

@ -1,5 +1,3 @@
include fido2/version.mk
#define uECC_arch_other 0
#define uECC_x86 1
#define uECC_x86_64 2
@ -8,34 +6,44 @@ include fido2/version.mk
#define uECC_arm_thumb2 5
#define uECC_arm64 6
#define uECC_avr 7
ecc_platform=2
src = pc/device.c pc/main.c
src = $(wildcard pc/*.c) $(wildcard fido2/*.c) $(wildcard fido2/extensions/*.c) \
$(wildcard crypto/sha256/*.c) crypto/tiny-AES-c/aes.c
obj = $(src:.c=.o)
obj = $(src:.c=.o) crypto/micro-ecc/uECC.o
LIBCBOR = tinycbor/lib/libtinycbor.a
LIBSOLO = fido2/libsolo.a
ifeq ($(shell uname -s),Darwin)
export LDFLAGS = -Wl,-dead_strip
else
export LDFLAGS = -Wl,--gc-sections
endif
LDFLAGS += $(LIBSOLO) $(LIBCBOR)
LDFLAGS += $(LIBCBOR)
VERSION:=$(shell git describe --abbrev=0 )
VERSION_FULL:=$(shell git describe)
VERSION_MAJ:=$(shell python -c 'print("$(VERSION)".split(".")[0])')
VERSION_MIN:=$(shell python -c 'print("$(VERSION)".split(".")[1])')
VERSION_PAT:=$(shell python -c 'print("$(VERSION)".split(".")[2])')
CFLAGS = -O2 -fdata-sections -ffunction-sections -g
ECC_CFLAGS = -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(ecc_platform)
VERSION_FLAGS= -DSOLO_VERSION_MAJ=$(VERSION_MAJ) -DSOLO_VERSION_MIN=$(VERSION_MIN) \
-DSOLO_VERSION_PATCH=$(VERSION_PAT) -DSOLO_VERSION=\"$(VERSION_FULL)\"
INCLUDES = -I../ -I./fido2/ -I./pc -I../pc -I./tinycbor/src
CFLAGS = -O2 -fdata-sections -ffunction-sections $(VERSION_FLAGS) -g
INCLUDES = -I./tinycbor/src -I./crypto/sha256 -I./crypto/micro-ecc/ -Icrypto/tiny-AES-c/ -I./fido2/ -I./pc -I./fido2/extensions
INCLUDES += -I./crypto/cifra/src
CFLAGS += $(INCLUDES)
CFLAGS += -DAES256=1 -DSOLO_EXPERIMENTAL=1 -DDEBUG_LEVEL=1
# for crypto/tiny-AES-c
CFLAGS += -DAES256=1 -DAPP_CONFIG=\"app.h\"
name = main
.PHONY: all $(LIBCBOR) $(LIBSOLO) black blackcheck cppcheck wink fido2-test clean full-clean travis test clean version
.PHONY: all $(LIBCBOR) black blackcheck cppcheck wink fido2-test clean full-clean travis test clean version
all: main
tinycbor/Makefile crypto/tiny-AES-c/aes.c:
@ -45,10 +53,7 @@ tinycbor/Makefile crypto/tiny-AES-c/aes.c:
cbor: $(LIBCBOR)
$(LIBCBOR):
cd tinycbor/ && $(MAKE) LDFLAGS='' -j8
$(LIBSOLO):
cd fido2/ && $(MAKE) CFLAGS="$(CFLAGS)" ECC_CFLAGS="$(ECC_CFLAGS)" APP_CONFIG=app.h -j8
cd tinycbor/ && $(MAKE) clean && $(MAKE) LDFLAGS='' -j8
version:
@git describe
@ -57,13 +62,16 @@ test: venv
$(MAKE) clean
$(MAKE) -C . main
$(MAKE) clean
$(MAKE) -C ./targets/stm32l432 test PREFIX=$(PREFIX) "VENV=$(VENV)" VERSION_FULL=${SOLO_VERSION_FULL}
$(MAKE) -C ./targets/stm32l432 test PREFIX=$(PREFIX) "VENV=$(VENV)"
$(MAKE) clean
$(MAKE) cppcheck
$(name): $(obj) $(LIBCBOR) $(LIBSOLO)
$(name): $(obj) $(LIBCBOR)
$(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS)
crypto/micro-ecc/uECC.o: ./crypto/micro-ecc/uECC.c
$(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(ecc_platform) -I./crypto/micro-ecc/
venv:
python3 -m venv venv
venv/bin/pip -q install --upgrade pip
@ -80,31 +88,18 @@ wink: venv
fido2-test: venv
venv/bin/python tools/ctap_test.py
update:
git fetch --tags
git checkout master
git rebase origin/master
git submodule update --init --recursive
DOCKER_TOOLCHAIN_IMAGE := "solokeys/solo-firmware-toolchain"
docker-build-toolchain:
docker build -t $(DOCKER_TOOLCHAIN_IMAGE) .
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION}
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION_MAJ}
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION_MAJ}.${SOLO_VERSION_MIN}
uncached-docker-build-toolchain:
docker build --no-cache -t $(DOCKER_TOOLCHAIN_IMAGE) .
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION}
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION_MAJ}
docker tag $(DOCKER_TOOLCHAIN_IMAGE):latest $(DOCKER_TOOLCHAIN_IMAGE):${SOLO_VERSION_MAJ}.${SOLO_VERSION_MIN}
docker-build-all:
DOCKER_IMAGE := "solokeys/solo-firmware:local"
SOLO_VERSIONISH := "master"
docker-build:
docker build -t $(DOCKER_IMAGE) .
docker run --rm -v "$(CURDIR)/builds:/builds" \
-v "$(CURDIR):/solo" \
-u $(shell id -u ${USER}):$(shell id -g ${USER}) \
$(DOCKER_TOOLCHAIN_IMAGE) "solo/in-docker-build.sh" ${SOLO_VERSION_FULL}
-v "$(CURDIR)/in-docker-build.sh:/in-docker-build.sh" \
$(DOCKER_IMAGE) "./in-docker-build.sh" $(SOLO_VERSIONISH)
uncached-docker-build:
docker build --no-cache -t $(DOCKER_IMAGE) .
docker run --rm -v "$(CURDIR)/builds:/builds" \
-v "$(CURDIR)/in-docker-build.sh:/in-docker-build.sh" \
$(DOCKER_IMAGE) "./in-docker-build.sh" $(SOLO_VERSIONISH)
CPPCHECK_FLAGS=--quiet --error-exitcode=2
@ -121,19 +116,10 @@ clean:
(cd `dirname $$f` ; git checkout -- .) ;\
fi ;\
done
cd fido2 && $(MAKE) clean
full-clean: clean
rm -rf venv
test-docker:
rm -rf builds/*
$(MAKE) uncached-docker-build-toolchain
# Check if there are 4 docker images/tas named "solokeys/solo-firmware-toolchain"
NTAGS=$$(docker images | grep -c "solokeys/solo-firmware-toolchain") && [ $$NTAGS -eq 4 ]
$(MAKE) docker-build-all
travis:
$(MAKE) test VENV=". ../../venv/bin/activate;"
$(MAKE) test-docker
$(MAKE) black

86
README.md
View File

@ -1,3 +1,9 @@
**NEW!** We launched a new tiny security key called Somu, it's live on Crowd Supply and you can [pre-order it now](https://solokeys.com/somu)!
[<img src="https://miro.medium.com/max/1400/1*PnzCPLqq_5nt1gjgSEY2LQ.png" width="600">](https://solokeys.com/somu)
Somu is the micro version of Solo. We were inspired to make a secure Tomu, so we took its tiny form factor, we added the secure microcontroller and firmware of Solo, et voilà! Here we have Somu.
[![latest release](https://img.shields.io/github/release/solokeys/solo.svg)](https://update.solokeys.com/)
[![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
[![Build Status](https://travis-ci.com/solokeys/solo.svg?style=flat-square&branch=master)](https://travis-ci.com/solokeys/solo)
@ -30,62 +36,12 @@ Solo for Hacker is a special version of Solo that let you customize its firmware
Check out [solokeys.com](https://solokeys.com), for options on where to buy Solo. Solo Hacker can be converted to a secure version, but normal Solo cannot be converted to a Hacker version.
If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.dev/building/). We support Python3.
If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.io/solo/building/). We support Python3.
For example, if you want to turn off any blue light emission, you can edit [`led_rgb()`](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h#L48) and change `LED_INIT_VALUE`
to be a different hex color.
Then recompile, load your new firmware, and enjoy a different LED color Solo.
In the Hacker version, hardware is the same but the firmware is unlocked, so you can 1) load an unsigned application, or 2) entirely reflash the key. By contrast, in a regular Solo you can only upgrade to a firmware signed by SoloKeys, and flash is locked and debug disabled permanently.
Hacker Solo isn't really secure so you should only use it for development. An attacker with physical access to a Solo for Hacker can reflash it following the steps above, and even a malware on your computer could possibly reflash it.
## Checking out the code
```bash
git clone --recurse-submodules https://github.com/solokeys/solo
cd solo
```
If you forgot the `--recurse-submodules` while cloning, simply run `git submodule update --init --recursive`.
`make update` will also checkout the latest code on `master` and submodules.
## Checking out the code to build a specific version
You can checkout the code to build a specific version of the firmware with:
```
VERSION_TO_BUILD=2.5.3
git fetch --tags
git checkout ${VERSION_TO_BUILD}
git submodule update --init --recursive
```
## Installing the toolchain and applying updates
In order to compile ARM code, you need the ARM compiler and other things like bundling bootloader and firmware require the [solo-python](https://github.com/solokeys/solo-python) python package. Check our [documentation](https://docs.solokeys.dev/) for details.
You can update your solokey after running `pip3 install solo-python` with `solo key update` for the latest version. To apply a custom image use `solo program bootloader <file>(.json|.hex)`.
## Installing the toolkit and compiling in Docker
Alternatively, you can use Docker to create a container with the toolchain.
You can run:
```bash
# Build the toolchain container
make docker-build-toolchain
# Build all versions of the firmware in the "builds" folder
make docker-build-all
```
The `builds` folder will contain all the variation on the firmware in `.hex` files.
## Build locally
If you have the toolchain installed on your machine you can build the firmware with:
```bash
cd targets/stm32l432
make cbor
make build-hacker
@ -97,6 +53,19 @@ solo program aux enter-bootloader
solo program bootloader targets/stm32l432/solo.hex
```
Alternatively, run `make docker-build` and use the firmware generated in `/tmp`.
If you forgot the `--recurse-submodules` when cloning, simply `git submodule update --init --recursive`.
For example, if you want to turn off any blue light emission, you can edit [`led_rgb()`](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h#L48) and change `LED_INIT_VALUE`
to be a different hex color.
Then recompile, load your new firmware, and enjoy a different LED color Solo.
In the Hacker version, hardware is the same but the firmware is unlocked, so you can 1) load an unsigned application, or 2) entirely reflash the key. By contrast, in a regular Solo you can only upgrade to a firmware signed by SoloKeys, and flash is locked and debug disabled permanently.
Hacker Solo isn't really secure so you should only use it for development. An attacker with physical access to a Solo for Hacker can reflash it following the steps above, and even a malware on your computer could possibly reflash it.
# Developing Solo (No Hardware Needed)
Clone Solo and build it
@ -122,12 +91,12 @@ Run the Solo application:
In another shell, you can run our [test suite](https://github.com/solokeys/fido2-tests).
You can find more details in our [documentation](https://docs.solokeys.dev/), including how to build on the the NUCLEO-L432KC development board.
You can find more details in our [documentation](https://docs.solokeys.io/solo/), including how to build on the the NUCLEO-L432KC development board.
# Documentation
Check out our [official documentation](https://docs.solokeys.dev/).
Check out our [official documentation](https://docs.solokeys.io/solo/).
# Contributors ✨
@ -165,13 +134,6 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
<td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
<td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
<td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
<td align="center"><a href="http://www.schulz.dk"><img src="https://avatars1.githubusercontent.com/u/1150049?v=4" width="100px;" alt="Kim Schulz"/><br /><sub><b>Kim Schulz</b></sub></a><br /><a href="#business-kimusan" title="Business development">💼</a> <a href="#ideas-kimusan" title="Ideas, Planning, & Feedback">🤔</a></td>
<td align="center"><a href="https://github.com/oplik0"><img src="https://avatars2.githubusercontent.com/u/25460763?v=4" width="100px;" alt="Jakub"/><br /><sub><b>Jakub</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Aoplik0" title="Bug reports">🐛</a></td>
<td align="center"><a href="https://github.com/jolo1581"><img src="https://avatars1.githubusercontent.com/u/53423977?v=4" width="100px;" alt="Jan A."/><br /><sub><b>Jan A.</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=jolo1581" title="Code">💻</a> <a href="https://github.com/solokeys/solo/commits?author=jolo1581" title="Documentation">📖</a></td>
<td align="center"><a href="https://github.com/ccinelli"><img src="https://avatars0.githubusercontent.com/u/38021940?v=4" width="100px;" alt="ccinelli"/><br /><sub><b>ccinelli</b></sub></a><br /><a href="#infra-ccinelli" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/solokeys/solo/commits?author=ccinelli" title="Tests">⚠️</a></td>
</tr>
<tr>
<td align="center"><a href="https://www.nitrokey.com"><img src="https://avatars1.githubusercontent.com/u/9438831?v=4" width="100px;" alt="Nitrokey"/><br /><sub><b>Nitrokey</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=Nitrokey" title="Code">💻</a> <a href="https://github.com/solokeys/solo/commits?author=Nitrokey" title="Tests">⚠️</a> <a href="#ideas-Nitrokey" title="Ideas, Planning, & Feedback">🤔</a></td>
</tr>
</table>
@ -188,7 +150,7 @@ You may use Solo software under the terms of either the Apache 2.0 license or MI
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
All hardware, unless otherwise noted, is dual licensed under CERN and CC-BY-SA.
You may use Solo hardware under the terms of either the CERN 1.2 license or CC-BY-SA 4.0 license.
You may use Solo hardware under the terms of either the CERN 2.1 license or CC-BY-SA 4.0 license.
All documentation, unless otherwise noted, is licensed under CC-BY-SA.
You may use Solo documentation under the terms of the CC-BY-SA 4.0 license
@ -205,7 +167,7 @@ You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solok
<br/>
[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
[![All Contributors](https://img.shields.io/badge/all_contributors-22-orange.svg?style=flat-square)](#contributors)
[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
[![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
[![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
[![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)

2
SECURITY.md
View File

@ -21,7 +21,7 @@ To report vulnerabilities you have found:
- preferably contact [@conor1](https://keybase.io/conor1), [@0x0ece](https://keybase.io/0x0ece) or [@nickray](https://keybase.io/nickray) via Keybase, or
- send us e-mail using OpenPGP to [security@solokeys.com](mailto:security@solokeys.com).
<https://keys.openpgp.org/vks/v1/by-fingerprint/BFA3F5387D025E8945CF907FC2F2505A63868DFA>
<https://keys.openpgp.org/vks/v1/by-fingerprint/85AFA2769F4381E5712C36A04DDFC46FEF1F7F3F>
We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.

2
STABLE_VERSION
View File

@ -1 +1 @@
4.0.0
2.4.3

27
default.nix
View File

@ -1,27 +0,0 @@
let
pkgs = import (fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/20.03.tar.gz"; sha256 = "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq"; }) { };
pyPackages = (python-packages: with python-packages; ([
solo-python
pytest
] ++ (with builtins; map (d: getAttr d python-packages) (filter (d: stringLength d > 0) (pkgs.lib.splitString "\n" (builtins.readFile ./tools/requirements.txt))))));
python-with-my-packages = pkgs.python3.withPackages pyPackages;
src = with pkgs.lib; builtins.filterSource (path: type: !(hasSuffix path "hex" || hasSuffix path "sha256" || baseNameOf path == "result")) ./.;
in
with pkgs; stdenv.mkDerivation {
name = "solo";
outputs = [ "out" ];
inherit src;
buildInputs = [ src gnumake gcc gcc-arm-embedded-8 git python-with-my-packages ];
phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
installPhase = ''
mkdir -p $out/firmware $out/standalone/bin
make
cp main $out/standalone/bin/
cd targets/stm32l432
make cbor
make build-hacker
cp *.hex *.sha256 *.elf cubeconfig_stm32l442.ioc $out/firmware/
ln -s ${src} $out/src
'';
keepDebugInfo = true;
}

1
docs/_redirects
View File

@ -1 +0,0 @@
/solo/* /:splat 302

147
docs/application-ideas.md
View File

@ -1,147 +0,0 @@
# Using Solo for passwordless or second factor login on Linux
## Setup on Ubuntu and Manjaro
Before you can use Solo for passwordless or second factor login in your Linux system you have to install some packages.
This was tested on **Linux Mint 19.3** and on **Manjaro 18.x**
First you have to install PAM modules for u2f.
**Ubuntu (Linux Mint):**
```
sudo apt install libpam-u2f pamu2fcfg
```
**Manjaro**
```
pacman -Syu pam-u2f
```
## Setting up key
To use Solo as passwordless or second factor login, you have to setup your system with your Solo.
First create a new folder named **Yubico** in your **.config** folder in your **home** directory
```
mkdir ~/.config/Yubico
```
Then create a new key for PAM U2F module. If it is your first key you want to register use following command:
```
pamu2fcfg > ~/.config/Yubico/u2f_keys
```
If you want to register an additional key use this command instead:
```
pamu2fcfg >> ~/.config/Yubico/u2f_keys
```
Now press the button on your Solo.
<br>
<br>
If you can't generate your key on **Ubuntu** (error message), you may add Yubico Team from PPA and install latest libpam-u2f and pamu2fcfg and try again.
```
sudo add-apt-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get upgrade
```
**Manjaro** should work without problems.
## Login into Linux
### Passwordless
To login passwordless into your Linux system, you have to edit the file **lightdm** (or **gdm** or which display manager you prefered).
In case of lightdm and VIM as editor:
```
sudo vim /etc/pam.d/lightdm
```
**On Ubuntu:**<br>
Search following entry:
```
@include common-auth
```
and add
```
auth sufficient pam_u2f.so
```
**before** *@include common-auth.*
<br>
<br>
**On Manjaro**<br>
Search following enrty
```
auth include system-login
```
and add
```
auth sufficient pam_u2f.so
```
** before** *auth include system-login*.
<br>
<br>
Now save the file and test it.<br>
Insert Solo in your USB port and logout.
Now you should be able to login into Linux without password, only with pressing your button on Solo and press enter.
Why **sufficient**? The difference between the keyword sufficient and required is, if you don't have your Solo available, you can also login, because the system falls back to password mode.
The login mechanism can be also used for additional features like:
- Login after screen timeout - edit /etc/pam.d/mate-screensaver (or kde-screensaver, ...)
- Passwordless sudo - edit /etc/pam.d/sudo
Check out your folder **/etc/pam.d/** and do some experiments.
**But remember:** <br>
The login passwordless won't make your system more secure, but maybe more comfortable. If somebody have access to your Solo, this person will be also able to login into your system.
### Solo as second factor
To use Solo as second factor, for login into your Linux system, is nearly the same.
```
sudo vim /etc/pam.d/lightdm
```
**On Ubuntu**<br>
Search following entry:
```
@include common-auth
```
and add
```
auth required pam_u2f.so
```
**after** *@include common-auth*.
<br>
<br>
**On Manjaro**<br>
Search following entry:
```
auth include system-login
```
Add following entry
```
auth required pam_u2f.so
```
**after** *auth include system-login*.
<br>
<br>
Save the file and test it. <br>
In case your Solo is not present, your password will be incrorrect. If Solo is plugged into your USB port, it will signal pressing the button and you will be able to login into Linux.
Why **required**? If you choose the option **sufficent** your Solo is optional. You could also login without second factor if your Solo is not connected.
**But remember:**<br>
If you loose your Solo you won't be able to login into your system.

60
docs/porting.md
View File

@ -1,60 +0,0 @@
# Usage and Porting
Solo is designed to be used as a library or ported to other platforms easily. Here is an example
`main()` function.
```c
int main()
{
uint8_t hidmsg[64];
uint32_t t1 = 0;
device_init();
memset(hidmsg,0,sizeof(hidmsg));
while(1)
{
if (usbhid_recv(hidmsg) > 0)
{
ctaphid_handle_packet(hidmsg); // pass into libsolo!
memset(hidmsg, 0, sizeof(hidmsg));
}
ctaphid_check_timeouts();
}
}
```
`ctaphid_handle_packet(hidmsg);` is the entrance into the HID layer of libsolo, and will buffer packets and pass them
into FIDO2 or U2F layers.
Everything in the library is cross-platform, but it needs some functions implemented that are usually
platform specific. For example, how should libsolo implement an atomic counter? Where should it save state?
For all of these platform specific functions, the library contains it's own `weak` definition, so the library will compile and run.
LibSolo by default will not try to use an atomic
counter or save data persistently -- that needs to be implemented externally.
If you are using libsolo on another platform,
you should take a look at these possibly platform specific functions. They are listed in `fido2/device.h`.
If you'd like to reimplement any of the functions, then simply implement the function and compile normally.
GCC will replace libsolo's `weak` defined functions (everything in `fido2/device.h`) with your functions. By doing this, you
are replacing the function that is used by libsolo.
To get the library to compile
and run, you only need to implement one function for libsolo: `usbhid_send(uint8_t * send)`, which
is called by the library to send a 64 byte packet over a USB HID endpoint. In essence, you are giving
libsolo a function to write to USB.
The rest of the definitions in `fido2/device.h` are not required to compile and run so you can
immediately hit the ground running and iterative add what else you need. You'll definitely want
to continue implementing other functions in `fido2/device.h`. For example, no data will be stored
persistently until you define how it can be done!
For examples, check out the build for STM32L4 and PC (check out `pc/device` and `targets/stm32l432/src/device.c`).
If there's something that doesn't work for you -- send a pull request! It's better if we can
work together off of the same repo and not fork.

1
docs/repo-readme.md
View File

@ -1 +0,0 @@
../README.md

18
docs/bootloader-mode.md → docs/solo/bootloader-mode.md
View File

@ -1,17 +1,16 @@
# Booting into bootloader mode
If you have a recent version of Solo, you can put it into bootloader mode by running this command.
You can put Solo into bootloader mode by holding down the button, and plugging in Solo. After 2 seconds, bootloader mode will activate.
You'll see a yellowish flashing light and you can let go of the button.
Now Solo is ready to [accept firmware updates](/solo/signed-updates). If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.
If Solo is running a hacker build, it can be put into bootloader mode on command. This makes it easier for development.
```bash
solo program aux enter-bootloader
```
If your Solo is a bit older (<=2.5.3) You can put Solo into bootloader mode by using the button method:
Hold down button while plugging in Solo. After 2 seconds, bootloader mode will activate.
You'll see a yellowish flashing light and you can let go of the button.
Now Solo is ready to [accept firmware updates](/signed-updates). If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.
# The boot stages of Solo
Solo has 3 boot stages.
@ -22,8 +21,7 @@ The first stage is the DFU (Device Firmware Update) which is in a ROM on Solo.
This is what allows the entire firmware of Solo to be programmed. **It's not recommended to develop for Solo using the DFU because
if you program broken firmware, you could brick your device**.
On hacker/nonverifying-bootloader devices, you can boot into the DFU by holding down the button for 5 seconds,
when Solo is already in bootloader mode.
On hacker devices, you can boot into the DFU by holding down the button for 5 seconds, when Solo is already in bootloader mode.
You can also run this command when Solo is in bootloader mode to put it in DFU mode.
@ -31,7 +29,7 @@ You can also run this command when Solo is in bootloader mode to put it in DFU m
solo program aux enter-dfu
```
Note it will stay in DFU mode until you to tell it to boot again. You can boot it again by running the following.
Note it will stay in DFU mode until to tell it to boot again. You can boot it again by running the following.
```bash
solo program aux leave-dfu

75
docs/building.md → docs/solo/building.md
View File

@ -36,21 +36,17 @@ Enter the `stm32l4xx` target directory.
cd targets/stm32l432
```
Now build the Solo application.
Now build Solo.
```
make firmware
make build-hacker
```
The `firmware` recipe builds the solo application, and outputs `solo.hex`. You can use this
to reprogram any unlocked/hacker Solo model. Note that it does not include the Solo bootloader,
so it is not a full reprogram.
<!-- First it builds the bootloader, with
The `build-hacker` recipe does a few things. First it builds the bootloader, with
signature checking disabled. Then it builds the Solo application with "hacker" features
enabled, like being able to jump to the bootloader on command. It then merges bootloader
and solo builds into the same binary. I.e. it combines `bootloader.hex` and `solo.hex`
into `all.hex`. -->
into `all.hex`.
If you're just planning to do development, **please don't try to reprogram the bootloader**,
as this can be risky if done often. Just use `solo.hex`.
@ -61,13 +57,13 @@ If you're developing, you probably want to see debug messages! Solo has a USB
Serial port that it will send debug messages through (from `printf`). You can read them using
a normal serial terminal like `picocom` or `putty`.
Just add `-debug-1` or `-debug-2` to your build recipe, like this.
Just add `DEBUG=1` or `DEBUG=2` to your build recipe, like this.
```
make firmware-debug-1
make build-hacker DEBUG=1
```
If you use `debug-2`, that means Solo will not boot until something starts reading
If you use `DEBUG=2`, that means Solo will not boot until something starts reading
its debug messages. So it basically waits to tether to a serial terminal so that you don't
miss any debug messages.
@ -82,56 +78,27 @@ solo monitor <serial-port>
[See issue 62](https://github.com/solokeys/solo/issues/62).
### Building a complete Solo build (application + bootloader + certificate)
### Building a Solo release
To make a complete Solo build, you need to build the bootloader. We provide
two easy recipes:
To build Solo
* `bootloader-nonverifying`: bootloader with no signature checking on updates. I.e. "unlocked".
* `bootloader-verifying`: bootloader with signature checking enforced on updated. I.e. "Locked".
If you want to build a release of Solo, we recommend trying a Hacker build first
just to make sure that it's working. Otherwise it may not be as easy or possible to
fix any mistakes.
To be safe, let's use the `-nonverifying` build.
If you're ready to program a full release, run this recipe to build.
```
make bootloader-nonverifying
make build-release-locked
```
This outputs `bootloader.hex`. We can then merge the bootloader and application.
This outputs bootloader.hex, solo.hex, and the combined all.hex.
```
solo mergehex bootloader.hex solo.hex bundle.hex
```
Programming `all.hex` will cause the device to permanently lock itself. This means debuggers cannot be used and signature checking
will be enforced on all future updates.
`bundle.hex` is our complete firmware build. Note it is in this step that you can
include a custom attestation certificate or lock the device from debugging/DFU.
By default the "hacker" attestation certifcate and key is used. Use the `--lock` flag
to make this permanent.
```
solo mergehex \
--attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
--attestation-cert attestation.der \
solo.hex \
bootloader.hex \
bundle.hex
```
**Warning**: If you use `--lock`, this will permanently lock the device to this new bootloader. You
won't be able to program the bootloader again or be able to connect a hardware debugger.
The new bootloader may be able to accept (signed) updates still, depending on how you configured it.
```
# Permanent!
solo mergehex \
--attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
--attestation-cert attestation.der \
--lock \
solo.hex \
bootloader.hex \
bundle.hex
```
See [here for more information on custom attestation](/customization/).
To learn more about normal updates or a "full" update, you should [read more on Solo's boot stages](/bootloader-mode).
Note if you program a secured `solo.hex` file onto a Solo Hacker, it will lock the flash, but the bootloader
will still accept unsigned firmware updates. So you can switch it back to being a hacker, but you will
not be able to replace the unlocked bootloader anymore, since the permanently locked flash also disables the DFU.
[Read more on Solo's boot stages](/solo/bootloader-mode).

0
docs/code-overview.md → docs/solo/code-overview.md
View File

0
docs/contributing.md → docs/solo/contributing.md
View File

39
docs/customization.md → docs/solo/customization.md
View File

@ -19,7 +19,7 @@ and program it.
### Creating your attestation key pair
Since we are generating keys, it's important to use a good entropy source.
You can use the [True RNG on your Solo](/solo-extras) to generate some good random numbers.
You can use the [True RNG on your Solo](/solo/solo-extras) to generate some good random numbers.
```
# Run for 1 second, then hit control-c
@ -45,7 +45,7 @@ email=example@example.com
openssl ecparam -genkey -name "$curve" -out root_key.pem -rand seed.bin
# generate a "signing request"
openssl req -new -key root_key.pem -out root_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
openssl req -new -key root_key.pem -out root_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
# self sign the request
openssl x509 -trustout -req -days 18250 -in root_key.pem.csr -signkey root_key.pem -out root_cert.pem -sha256
@ -74,7 +74,7 @@ Note you must use a prime256v1 curve for this step, and you must leave the unit/
country=US
state=Maine
organization=OpenSourceSecurity
unit="Authenticator Attestation" # MUST KEEP THIS AS "Authenticator Attestation" for FIDO2.
unit="Authenticator Attestation"
CN=example.com
email=example@example.com
@ -82,7 +82,7 @@ email=example@example.com
openssl ecparam -genkey -name "$curve" -out device_key.pem -rand seed.bin
# generate a "signing request"
openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
# sign the request
openssl x509 -req -days 18250 -in device_key.pem.csr -extfile v3.ext -CA root_cert.pem -CAkey root_key.pem -set_serial 01 -out device_cert.pem -sha256
@ -114,29 +114,28 @@ If the checks succeed, you are ready to program the device attestation key and c
### Programming an attestation key and certificate
First, [Build your solo application and bootloader](/building).
Print your attestation key in a hex string format. Using our utility script:
Convert the DER format of the device attestation certificate to "C" bytes using our utility script. You may first need to
first install prerequisite python modules (pip install -r tools/requirements.txt).
```
python3 tools/gencert/print_x_y.py device_key.pem
python tools/gencert/cbytes.py device_cert.der
```
Merge the `bootloader.hex`, `solo.hex`, attestion key, and certificate into one firmware file.
Copy the byte string portion into the [`attestation.c` source file of Solo](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/attestation.c). Overwrite the development or "default" certificate that is already there.
Now [build the Solo firmware](/solo/building), either a secure or hacker build. You will need to produce a bootloader.hex file and a solo.hex file.
Print your attestation key in a hex string format.
```
solo mergehex \
--attestation-key "(The 32-byte hex string extracted from device_key.pem)" \
--attestation-cert device_cert.der \
--lock \
solo.hex \
bootloader.hex \
bundle.hex
python tools/print_x_y.py device_key.pem
```
**Warning**: Using the `--lock` flag prevents the DFU from being accessed on the device again. It's recommended to try first without the `--lock` flag to make sure it works.
Merge the bootloader.hex, solo.hex, and attestion key into one firmware file.
Now you have a newly created `bundle.hex` file with a custom attestation key and cert. You can [program this `bundle.hex` file
with Solo in DFU mode](/programming#procedure).
```
solo mergehex --attestation-key <attestation-key-hex-string> bootloader.hex solo.hex all.hex
```
Are you interested in customizing in bulk? Contact hello@solokeys.com and we can help.
Now you have a newly create `all.hex` file with a custom attestation key. You can [program this all.hex file
with Solo in DFU mode](/solo/programming#procedure).

0
docs/documenting.md → docs/solo/documenting.md
View File

0
docs/fido2-impl.md → docs/solo/fido2-impl.md
View File

0
docs/images/conforms.PNG → docs/solo/images/conforms.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 134 KiB

After

Width:  |  Height:  |  Size: 134 KiB

0
docs/images/favicon.ico → docs/solo/images/favicon.ico
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

0
docs/images/logo.svg → docs/solo/images/logo.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.9 KiB

After

Width:  |  Height:  |  Size: 3.9 KiB

0
docs/images/solo_conforms.PNG → docs/solo/images/solo_conforms.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 129 KiB

After

Width:  |  Height:  |  Size: 129 KiB

0
docs/index.md → docs/solo/index.md
View File

0
docs/metadata-statements.md → docs/solo/metadata-statements.md
View File

17
docs/nucleo32-board.md → docs/solo/nucleo32-board.md
View File

@ -64,7 +64,7 @@ In that case the mentioned patch would not be required.
Environment: Fedora 29 x64, Linux 4.19.9
See <https://docs.solokeys.dev/building/> for the original guide. Here details not included there will be covered.
See <https://docs.solokeys.io/solo/building/> for the original guide. Here details not included there will be covered.
### Install ARM tools Linux
@ -85,13 +85,14 @@ brew install arm-none-eabi-gcc
### Install flashing software
ST provides a CLI flashing tool - `STM32_Programmer_CLI`. It can be downloaded directly from the vendor's site:
1. Go to [download site URL](https://www.st.com/content/st_com/en/products/development-tools/software-development-tools/stm32-software-development-tools/stm32-programmers/stm32cubeprog.html), go to bottom page and from STM32CubeProg row select Download button.
2. Unzip contents of the archive.
3. Run \*Linux setup
4. In installation directory go to `./bin` - there the `./STM32_Programmer_CLI` is located
5. Add symlink to the STM32 CLI binary to `.local/bin`. Make sure the latter it is in `$PATH`.
1\. Go to [download site URL](https://www.st.com/content/st_com/en/products/development-tools/software-development-tools/stm32-software-development-tools/stm32-programmers/stm32cubeprog.html),
go to bottom page and from STM32CubeProg row select Download button.
2\. Unzip contents of the archive.
3\. Run \*Linux setup
4\. In installation directory go to ./bin - there the ./STM32_Programmer_CLI is located
5\. Add symlink to the STM32 CLI binary to .local/bin. Make sure the latter it is in $PATH.
If you're on MacOS X and installed the STM32CubeProg, you need to add the following to your path:
If you're on OsX and installed the STM32CubeProg, you need to add the following to your path:
```bash
# ~/.bash_profile
@ -102,7 +103,7 @@ export PATH="/Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM3
### Building
Please follow <https://docs.solokeys.dev/building/>, as the build way changes rapidly.
Please follow <https://docs.solokeys.io/solo/building/>, as the build way changes rapidly.
Currently (8.1.19) to build the firmware, following lines should be executed
```bash

21
docs/programming.md → docs/solo/programming.md
View File

@ -13,7 +13,7 @@ pip3 install solo-python
## Updating the firmware
If you just want to update the firmware, you can run one of the following commands.
Make sure your key [is in bootloader mode](/bootloader-mode#solo-bootloader) first.
Make sure your key [is in bootloader mode](/solo/bootloader-mode#solo-bootloader) first.
```bash
solo key update <--secure | --hacker>
@ -22,33 +22,30 @@ solo key update <--secure | --hacker>
You can manually install the [latest release](https://github.com/solokeys/solo/releases), or use a build that you made.
```bash
# If it's a hacker, it will automatically boot into bootloader mode.
solo program bootloader <firmware.hex | firmware.json>
```
Note you won't be able to use `all.hex` or the `bundle-*.hex` builds, as these include the solo bootloader. You shouldn't
risk changing the Solo bootloader unless you want to make it a secure device, or [make other customizations](/customization/).
risk changing the Solo bootloader unless you want to make it a secure device, or [make other customizations]().
## Updating a Hacker to a Secure Solo
Updating a hacker to be a secure build overwrites the [Solo bootloader](/bootloader-mode#solo-bootloader).
Updating a hacker to be a secure build overwrites the [Solo bootloader](/solo/bootloader-mode#solo-bootloader).
So it's important to not mess this up or you may brick your device.
You can use a firmware build from the [latest release](https://github.com/solokeys/solo/releases) or use
a build that you made yourself.
You need to use a firmware file that has the combined bootloader, application, and attestation key pair (bootloader + firmware + key).
This means using the `bundle-*.hex` file or the `bundle.hex` from your build.
#### *Warning*
* **Any DFU update erases everything! If you overwrite the Solo flash with a missing bootloader, it will be bricked.**
* **If you program bootloader and firmware with no attestation, you will run into FIDO registration issues.**
You need to use a firmware file that has the combined bootloader and application (or at the very least just the bootloader).
This means using the `bundle-*.hex` file or the `all.hex` from your build. If you overwrite the Solo flash with a missing bootloader,
it will be bricked.
We provide two types of bundled builds. The `bundle-hacker-*.hex` build is the hacker build. If you update with this,
you will update the bootloader and application, but nothing will be secured. The `bundle-secure-non-solokeys.hex`
is a secured build that will lock your device and it will behave just like a Secure Solo. The main difference is that
it uses a "default" attestation key in the device, rather than the SoloKeys attestation key. There is no security
concern with using our default attestation key, aside from a small privacy implication that services can distinguish it from Solo Secure.
concern with using our default attestation key, aside from a privacy implication that services can distinguish it from Solo Secure.
### Procedure
@ -64,7 +61,7 @@ concern with using our default attestation key, aside from a small privacy impli
2. Program the device
solo program dfu <bundle-secure-non-solokeys.hex | bundle.hex>
solo program dfu <bundle-secure-non-solokeys.hex | all.hex>
Double check you programmed it with bootloader + application (or just bootloader).
If you messed it up, simply don't do the next step and repeat this step correctly.

1
docs/solo/repo-readme.md Symbolic link
View File

@ -0,0 +1 @@
../../README.md

0
docs/signed-updates.md → docs/solo/signed-updates.md
View File

6
docs/solo-extras.md → docs/solo/solo-extras.md
View File

@ -3,16 +3,16 @@
## Random number generation
Solo contains a True Random Number Generator (TRNG). A TRNG is a hardware based mechanism
that leverages natural phenomenon to generate random numbers, which can be better than a traditional
that leverages natural phenomenon to generate random numbers, which is can be better than a traditional
RNG that has state and updates deterministically using cryptographic methods.
You can easily access the TRNG stream on Solo using our python tool [`solo-python`](https://github.com/solokeys/solo-python).
You can easily access the TRNG stream on Solo using our python tool [solo-python](https://github.com/solokeys/solo-python).
```
solo key rng raw > random.bin
```
Or you can seed the state of the RNG on your kernel (`/dev/random`).
Or you can seed the state of the RNG on your kernel (/dev/random).
```
solo key rng feedkernel

9
docs/udev.md → docs/solo/udev.md
View File

@ -4,16 +4,21 @@ On Linux, by default USB dongles can't be accessed by users, for security reason
For some users, things will work automatically:
- Recent Linux distributions (such as Ubuntu Focal, Fedora 32, [Arch Linux](https://wiki.archlinux.org/index.php/Solo)) with systemd 244 or higher automatically detect FIDO devices (check with `systemctl --version`)
- Fedora seems to use a ["universal" udev rule for FIDO devices](https://github.com/amluto/u2f-hidraw-policy)
- Our udev rule made it into [libu2f-host](https://github.com/Yubico/libu2f-host/) v1.1.10
- Arch Linux [has this package](https://www.archlinux.org/packages/community/x86_64/libu2f-host/)
- [Debian sid](https://packages.debian.org/sid/libu2f-udev) and [Ubuntu Eon](https://packages.ubuntu.com/eoan/libu2f-udev) can use the `libu2f-udev` package
- Debian Buster and Ubuntu Disco still distribute v1.1.10, so need the manual rule
- FreeBSD has support in [u2f-devd](https://github.com/solokeys/solo/issues/144#issuecomment-500216020)
There is hope that `udev` itself will adopt the Fedora approach (which is to check for HID usage page `F1D0`, and avoids manually whitelisting each U2F/FIDO2 key): <https://github.com/systemd/systemd/issues/11996>.
Further progress is tracked in: <https://github.com/solokeys/solo/issues/144>.
If you still need to setup a rule, a simple way to do it is:
```
git clone https://github.com/solokeys/solo.git
git clone git@github.com:solokeys/solo.git
cd solo/udev
make setup
```

219
docs/tutorial-getting-started.md
View File

@ -1,219 +0,0 @@
# Tutorial: Getting started with the solo hacker
This is small guide to let you get started with the solo hacker key. In the end you will have set up everything you need and changed the LED from green to red.
## Some additional ressources
This tutorial will take you through all the necessary steps needed to install and get the solo key running. Before we start, I will just list you additional ressources, which might have important information for you:
* [The git repository](https://github.com/solokeys/solo): Here you will find all the code and a quick readme.
* [The Documenation](https://docs.solokeys.io/solo/building/): The official documentation. Especially the [build instructions](https://docs.solokeys.io/solo/building/) are worth a look, if you got stuck.
## Getting the prerequisites
There are two main tools you will need to work on your solo hacker:
* ARM Compiler tool chain
* Solo python tool
The ARM Compiler is used to compile your C-code to a hex file, which can then be deployed onto your solo hacker. The solo tool helps with deploying, updating etc. of the solo hacker. It is a python3 tool. So make sure, that you got Python3 installed on your system \([pip](https://pip.pypa.io/en/stable/) might also come in handy\).
Besides that, you will also need to get the [solo code](https://github.com/solokeys/solo).
### Get the code
The codebase for the solo hacker and other solo keys, can be found at this [git repository](https://github.com/solokeys/solo). So just clone this into your development folder. Make sure, that all the submodules are loaded by using the following command. I forgot to get all the submoules at my first try and the make command failed \(I got an error message telling me, that no solo.elf target can be found\).
```bash
git clone --recurse-submodules https://github.com/solokeys/solo
```
### Getting the ARM Compiler tool chain
Download the Compiler tool chain for your system [here](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads). After you have downloaded it, you will have to unzip it and add the path to the installation folder.
**Readme**
There is a readme.txt __ in _gcc-arm-none-eabi-x-yyyy-dd-major/share/doc/gcc-arm-none-eabi_. It contains installation guides for Linux, Windows and Mac.
**Installation**
As I used Mac, I will guide you through the installation using MacOS. If you have unpacked the folder already, you can skip the first step.
```bash
#Unzip the tarball
cd $install_dir && tar xjf gcc-arm-none-eabi-*-yyyymmdd-mac.tar.bz2
#Set path
export PATH=$PATH:$install_dir/gcc-arm-none-eabi-*/bin
#Test if it works
arm-none-eabi-gcc
```
If everything worked your output should like this:
```bash
arm-none-eabi-gcc: fatal error: no input files
compilation terminated.
```
### Getting the solo tool
There are several ways, which are listed at the [build instructions](https://docs.solokeys.io/solo/building/). If you are familiar with pip, just use this.
```bash
pip install solo-python
#Or
pip3 install solo-python
```
**Install all other requirements**
To do this either do it in the virtual env or directly on your machine. The requirements can be found in the source folder in requirements.txt.
```bash
#Move to source folder
cd solo
#Install requirements, use pip3 otherwise
pip install -r solo/tools/requirements.txt
```
## Let's get a red light blinking
You will find the code for the key in _/solo/targets/stm32l432_ \(The target might have another id for you, so just use that id\). The LED colors can be found in [_/solo/targets/stm32l432 /src/app.h_](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h)_._ To change the color we will just have to change the hex-value. Out of the box it should look like this:
```c
// 0xRRGGBB
#define LED_INIT_VALUE 0x000800
#define LED_WINK_VALUE 0x000010
#define LED_MAX_SCALER 15
#define LED_MIN_SCALER 1
```
_LED\_INIT\_VALUE_ is the color, that the LED shows whenever it is plugged in. It normally is a green light. So let's change it to red:
```c
// 0xRRGGBB
#define LED_INIT_VALUE 0xFF0800
#define LED_WINK_VALUE 0x000010
#define LED_MAX_SCALER 15
#define LED_MIN_SCALER 1
```
_LED\_WINK\_VALUE_ is the color, which is shown, whenever the bottom is pressed. It normally is a blue tone, but let's change it to a yellow:
```c
// 0xRRGGBB
#define LED_INIT_VALUE 0xFF0800
#define LED_WINK_VALUE 0xFFFF00
#define LED_MAX_SCALER 15
#define LED_MIN_SCALER 1
```
Save the file and then let's try to get the code onto the stick.
## Move code to solo hacker
First we have to build cbor. To do this change into the target folder and use the corresponding command.
```bash
#Change into correct directory
cd solo/targets/stm32l432/
#Make cbor
make cbor
```
You should also make sure to check, that your key has the newest solo firmware installed. To check the firmware on the device, use this command:
```bash
solo key version
```
To update to the newest version, use this command:
```bash
solo key version
```
**Note:** Sometimes the connection between Mac and key seemed to be broken and you might get an error stating: _No solo found_. Just unplug the key and plug it back in.
### General deployment cycle
In general we will always have to go through these steps:
* Compile code and generate new firmware
* Change device into bootloader mode
* Deploy code to device
#### Compile code
To compile the code, we will again have to change into our target directory:
```bash
#Change into correct directory
cd solo/targets/stm32l432/
```
It is important to choose the correct build target. Most explanations focus on the build of the firmware and use:
```bash
make firmware
```
As we are using the solo hacker, we will need to use:
```bash
make build-hacker
```
This will generate a file _solo.hex_, which has the compiled code on it. If you later need to change the bootloader itself, please refer to [the documentation](https://docs.solokeys.io/solo/building/).
#### Deploy code
To deploy the code make sure you are back at the source root.
```bash
cd ../..
```
First we will have to change into bootload modus:
```bash
solo program aux enter-bootloader
```
This is needed to be able to load the new firmware on the device. If we forget this step, the solo tool will do it for us in the next step.
This is the moment of truth. We delete the old firmware and deploy the new one with the changed LED lights to the solo key. For this step we will also stay in the source root.
```bash
solo program bootloader targets/stm32l432/solo.hex
```
If there is another hex-File, that you want to load, you can just exchange the last argument.
And that's it, now your LED should be red.
To summarize, here are again the steps to update your solo:
1. Change code
2. Run these commands
```bash
#Change into correct directory
cd solo/targets/stm32l432/
#Compile code
make build-hacker
#Change to root
cd ../..
#Enter bootload mode
solo program aux enter-bootloader
#Deploy code
solo program bootloader targets/stm32l432/solo.hex
```

205
docs/tutorial-writing-extensions.md
View File

@ -1,205 +0,0 @@
# Tutorial: Writing an extension for the solo stick
A short overview about, where and how you should implement your extension into the solo stick code base. In this tutorial we will add a small extension, that will engage in a "ping"-"pong" exchange.
## Make it visible
We need to make it visible, that the key now supports a new extension.
This is done in the function _ctap_get_info_ in [ctap.c](https://github.com/solokeys/solo/blob/master/fido2/ctap.c). This function creates a map with all the information about the solo key. You should therefore add your extension identifier here, too.
```c
uint8_t ctap_get_info(CborEncoder * encoder){
//[...]
ret = cbor_encode_uint(&map, RESP_extensions);
check_ret(ret);
{
ret = cbor_encoder_create_array(&map, &array, 3);
check_ret(ret);
{
ret = cbor_encode_text_stringz(&array, "hmac-secret");
check_ret(ret);
ret = cbor_encode_text_stringz(&array, "credProtect");
check_ret(ret);
//Add it here
}
ret = cbor_encoder_close_container(&map, &array);
check_ret(ret);
}
//[...]
}
```
After you have added your identifier it should look similiar to this:
```c
uint8_t ctap_get_info(CborEncoder * encoder){
//[...]
ret = cbor_encode_uint(&map, RESP_extensions);
check_ret(ret);
{
ret = cbor_encoder_create_array(&map, &array, 3); //This number should reflect the number of supported extensions
check_ret(ret);
{
ret = cbor_encode_text_stringz(&array, "hmac-secret");
check_ret(ret);
ret = cbor_encode_text_stringz(&array, "credProtect");
check_ret(ret);
//Add it here
ret = cbor_encode_text_stringz(&array, "ping-pong");
check_ret(ret);
}
ret = cbor_encoder_close_container(&map, &array);
check_ret(ret);
}
//[...]
}
```
Important: make sure to change the size of the created array to the correct number of elements.
## Let's get our extension parsed
As with all incoming messages, the extension has to be parsed and depending on the incoming message the reply has to be constructed. For this the function _ctap_parse_extensions_ in [ctap_parse.c](https://github.com/solokeys/solo/blob/master/fido2/ctap_parse.c) is used.
In this function the extension identifier is checked. So, if we want to add our ping-pong extension, we need to compare the incoming identifier to our identifier "ping-pong".
```c
uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext){
//[...]
if (strncmp(key, "hmac-secret",11) == 0){
//[...]
}else if (strncmp(key, "credProtect",11) == 0) {
//[...]
else if (strncmp(key, "ping-pong",9) == 0) {
//Logic should be placed here
}
//[...]
}
```
What happens then, depends on your extension. You should make sure, to check incoming values for correctness, though. As hmac-secret and credProtect are already implemented, you could have a look at their implementations for a kind of guideline.
At this stage we can use the extension struct, which can be found in [ctap.h](https://github.com/solokeys/solo/blob/master/fido2/ctap.h).
```c
typedef struct
{
uint8_t hmac_secret_present;
CTAP_hmac_secret hmac_secret;
uint32_t cred_protect;
} CTAP_extensions;
```
This struct already contains important values for the other extensions, so we are going to add two for our extension. The first "ping_pong_present" should indicate if the key received a message with a ping-pong extension. The response should then contain the correct response.
```c
typedef struct
{
uint8_t hmac_secret_present;
CTAP_hmac_secret hmac_secret;
uint32_t cred_protect;
uint8_t ping_pong_present;
char ping_pong_response[4];
} CTAP_extensions;
```
Now we have to parse our message accordingly.
```c
uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext){
//[...]
if (strncmp(key, "hmac-secret",11) == 0){
//[...]
}else if (strncmp(key, "credProtect",11) == 0) {
//[...]
else if (strncmp(key, "ping-pong",9) == 0) {
if (cbor_value_get_type(&map) == CborTextStringType)
{
//Cop incoming message
uint8_t txt[5];
sz = sizeof(txt);
ret = cbor_value_copy_text_string(&map, (char *)txt, &sz, NULL);
check_ret(ret);
if(strcmp((const char*)txt, "ping") == 0) {
ext->ping_pong_present = 0x01;
strcpy((char *)ext->ping_pong_response, "pong");
}else if(strcmp((const char*)txt, "pong") == 0) {
ext->ping_pong_present = 0x01;
strcpy((char *)ext->ping_pong_response, "ping");
}else{
printf2(TAG_ERR, "Wrong parameter requested. Got %s.\r\n", txt);
return CTAP2_ERR_INVALID_OPTION;
}
}else{
printf1(TAG_RED, "warning: ping-pong request ignored for being wrong type\r\n");
}
}
//[...]
}
```
Here we are doing the following:
1. Check if we got a message with either "ping" or "pong"
2. Set the correct value, to note, that we received a message using the ping-pong extension
3. Set the correct response ("pong" for "ping" and vice versa)
## Create a reply
Now, that we have parsed the correct message, we have to construct the correct reply. That is done in the function _ctap_make_extensions_ in [ctap.c](https://github.com/solokeys/solo/blob/master/fido2/ctap.c). We will use the before filled _CTAP_extensions_ in here.
We have to do two things here:
1. Check, if a message using the ping-pong extension
2. Set the correct response according to our parsed incoming message
```c
static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf, unsigned int * ext_encoder_buf_size){
//[...]
if (ext->hmac_secret_present == EXT_HMAC_SECRET_PARSED)
{
//[...]
}
else if (ext->hmac_secret_present == EXT_HMAC_SECRET_REQUESTED)
{
//[...]
}
if (ext->cred_protect != EXT_CRED_PROTECT_INVALID) {
//[...]
}
if(ext->ping_pong_present){
extensions_used += 1;
ping_pong_is_valid = 1;
}
if (extensions_used > 0)
{
//[...]
if (hmac_secret_output_is_valid) {
{
//[...]
}
}
if (hmac_secret_requested_is_valid) {
{
//[...]
}
}
if (cred_protect_is_valid) {
{
//[...]
}
}
if (ping_pong_is_valid) {
{
ret = cbor_encode_text_stringz(&extension_output_map, "ping-pong");
check_ret(ret);
//Set the response message
ret = cbor_encode_text_stringz(&extension_output_map, (const char*)ext->ping_pong_response);
check_ret(ret);
}
}
//[...]
}
//[...]
}
```
## Recap
To create a new extension, you would have to take the following three steps:
- Make sure, that the new extension will be made visible through a call of get_info
- Parse incoming messages correctly
- Construct the correct reply

44
fido2/Makefile
View File

@ -1,44 +0,0 @@
include version.mk
ifndef APP_CONFIG
APP_CONFIG=example_app.h
endif
INC = -I./ -I./extensions
INC += -I../tinycbor/src
INC += -I../crypto/sha256 -I../crypto/micro-ecc -I../crypto/tiny-AES-c
INC += -I../crypto/cifra/src -I../crypto/cifra/src/ext
INT_CFLAGS = -DAPP_CONFIG=\"$(APP_CONFIG)\"
INT_CFLAGS += $(INC)
INT_CFLAGS += $(SOLO_VERSION_FLAGS)
SRC = apdu.c util.c u2f.c test_power.c
SRC += stubs.c log.c ctaphid.c ctap.c
SRC += ctap_parse.c crypto.c
SRC += device.c
SRC += version.c
SRC += data_migration.c
SRC += extensions/extensions.c extensions/solo.c
SRC += extensions/wallet.c
# Crypto libs
SRC += ../crypto/sha256/sha256.c ../crypto/micro-ecc/uECC.c ../crypto/tiny-AES-c/aes.c
SRC += ../crypto/cifra/src/sha512.c ../crypto/cifra/src/blockwise.c
OBJ = $(SRC:.c=.o)
all: libsolo.a
libsolo.a: $(OBJ)
$(AR) cqs $@ $^
%.o: %.c
$(CC) $^ $(INT_CFLAGS) $(CFLAGS) -c -o $@
../crypto/micro-ecc/uECC.o: ../crypto/micro-ecc/uECC.c
$(CC) $^ $(INT_CFLAGS) $(ECC_CFLAGS) -c -o $@
clean:
rm -f $(OBJ) libsolo.a

18
fido2/apdu.c
View File

@ -9,7 +9,7 @@
#include "apdu.h"
uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
{
EXT_APDU_HEADER *hapdu = (EXT_APDU_HEADER *)data;
@ -63,11 +63,6 @@ uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
{
uint16_t extlen = (hapdu->lc[1] << 8) + hapdu->lc[2];
if (len - 7 < extlen)
{
return SW_WRONG_LENGTH;
}
// case 2E (Le) - extended
if (len == 7)
{
@ -108,18 +103,9 @@ uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu)
apdu->le = 0x10000;
}
}
else
{
if ((len > 5) && (len - 5 < hapdu->lc[0]))
{
return SW_WRONG_LENGTH;
}
}
if (!apdu->case_type)
{
return SW_COND_USE_NOT_SATISFIED;
}
return 1;
if (apdu->lc)
{

6
fido2/apdu.h
View File

@ -36,16 +36,12 @@ typedef struct
uint8_t case_type;
} __attribute__((packed)) APDU_STRUCT;
extern uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
#define APDU_FIDO_U2F_REGISTER 0x01
#define APDU_FIDO_U2F_AUTHENTICATE 0x02
#define APDU_FIDO_U2F_VERSION 0x03
#define APDU_FIDO_NFCCTAP_MSG 0x10
#define APDU_FIDO_U2F_VENDOR_FIRST 0xc0 // First vendor defined command
#define APDU_FIDO_U2F_VENDOR_LAST 0xff // Last vendor defined command
#define APDU_SOLO_RESET 0xee
#define APDU_INS_SELECT 0xA4
#define APDU_INS_READ_BINARY 0xB0
#define APDU_GET_RESPONSE 0xC0

147
fido2/crypto.c
View File

@ -5,33 +5,29 @@
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
/*
* Wrapper for crypto implementation on device.
*
* Can be replaced with different crypto implementation by
* defining EXTERNAL_SOLO_CRYPTO
* Wrapper for crypto implementation on device
*
* */
#ifndef EXTERNAL_SOLO_CRYPTO
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "util.h"
#include "crypto.h"
#ifdef USE_SOFTWARE_IMPLEMENTATION
#include "sha256.h"
#include "uECC.h"
#include "aes.h"
#include "ctap.h"
#include "device.h"
// stuff for SHA512
#include "sha2.h"
#include "blockwise.h"
#include APP_CONFIG
#include "log.h"
#include APP_CONFIG
#ifdef USING_PC
typedef enum
{
MBEDTLS_ECP_DP_NONE = 0,
@ -48,56 +44,53 @@ typedef enum
MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
} mbedtls_ecp_group_id;
#endif
const uint8_t attestation_cert_der[];
const uint16_t attestation_cert_der_size;
const uint8_t attestation_key[];
const uint16_t attestation_key_size;
static SHA256_CTX sha256_ctx;
static cf_sha512_context sha512_ctx;
static const struct uECC_Curve_t * _es256_curve = NULL;
static const uint8_t * _signing_key = NULL;
static int _key_len = 0;
// Secrets for testing only
static uint8_t master_secret[64];
static uint8_t transport_secret[32];
void crypto_sha256_init(void)
void crypto_sha256_init()
{
sha256_init(&sha256_ctx);
}
void crypto_sha512_init(void)
void crypto_reset_master_secret()
{
cf_sha512_init(&sha512_ctx);
}
void crypto_load_master_secret(uint8_t * key)
{
#if KEY_SPACE_BYTES < 96
#error "need more key bytes"
#endif
memmove(master_secret, key, 64);
memmove(transport_secret, key+64, 32);
}
void crypto_reset_master_secret(void)
{
memset(master_secret, 0, 64);
memset(transport_secret, 0, 32);
ctap_generate_rng(master_secret, 64);
ctap_generate_rng(transport_secret, 32);
}
void crypto_load_master_secret(uint8_t * key)
{
#if KEY_SPACE_BYTES < 96
#error "need more key bytes"
#endif
memmove(master_secret, key, 64);
memmove(transport_secret, key+64, 32);
}
void crypto_sha256_update(uint8_t * data, size_t len)
{
sha256_update(&sha256_ctx, data, len);
}
void crypto_sha512_update(const uint8_t * data, size_t len) {
cf_sha512_update(&sha512_ctx, data, len);
}
void crypto_sha256_update_secret()
{
sha256_update(&sha256_ctx, master_secret, 32);
@ -108,22 +101,16 @@ void crypto_sha256_final(uint8_t * hash)
sha256_final(&sha256_ctx, hash);
}
void crypto_sha512_final(uint8_t * hash)
{
// NB: there is also cf_sha512_digest
cf_sha512_digest_final(&sha512_ctx, hash);
}
void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
{
uint8_t buf[64];
unsigned int i;
int i;
memset(buf, 0, sizeof(buf));
if (key == CRYPTO_MASTER_KEY)
{
key = master_secret;
klen = sizeof(master_secret)/2;
klen = sizeof(master_secret);
}
else if (key == CRYPTO_TRANSPORT_KEY)
{
@ -133,7 +120,7 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64)
{
printf2(TAG_ERR, "Error, key size must be <= 64\n");
printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1);
}
@ -151,24 +138,19 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
{
uint8_t buf[64];
unsigned int i;
int i;
crypto_sha256_final(hmac);
memset(buf, 0, sizeof(buf));
if (key == CRYPTO_MASTER_KEY)
{
key = master_secret;
klen = sizeof(master_secret)/2;
}
else if (key == CRYPTO_TRANSPORT_KEY2)
{
key = transport_secret;
klen = 32;
klen = sizeof(master_secret);
}
if(klen > 64)
{
printf2(TAG_ERR, "Error, key size must be <= 64\n");
printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1);
}
memmove(buf, key, klen);
@ -185,16 +167,16 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
}
void crypto_ecc256_init(void)
void crypto_ecc256_init()
{
uECC_set_rng((uECC_RNG_Function)ctap_generate_rng);
_es256_curve = uECC_secp256r1();
}
void crypto_ecc256_load_attestation_key(void)
void crypto_ecc256_load_attestation_key()
{
_signing_key = device_get_attestation_key();
_signing_key = attestation_key;
_key_len = 32;
}
@ -202,7 +184,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
{
if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0)
{
printf2(TAG_ERR, "error, uECC failed\n");
printf2(TAG_ERR,"error, uECC failed\n");
exit(1);
}
}
@ -239,19 +221,19 @@ void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_I
if (_key_len != 32) goto fail;
break;
default:
printf2(TAG_ERR, "error, invalid ECDSA alg specifier\n");
printf2(TAG_ERR,"error, invalid ECDSA alg specifier\n");
exit(1);
}
if ( uECC_sign(_signing_key, data, len, sig, curve) == 0)
{
printf2(TAG_ERR, "error, uECC failed\n");
printf2(TAG_ERR,"error, uECC failed\n");
exit(1);
}
return;
fail:
printf2(TAG_ERR, "error, invalid key length\n");
printf2(TAG_ERR,"error, invalid key length\n");
exit(1);
}
@ -261,11 +243,8 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey);
crypto_sha256_update(data, len);
crypto_sha256_update(data2, len2);
crypto_sha256_update(master_secret, 32); // TODO AES
crypto_sha256_update(master_secret, 32);
crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey);
crypto_aes256_init(master_secret + 32, NULL);
crypto_aes256_encrypt(privkey, 32);
}
@ -282,12 +261,12 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
memmove(x,pubkey,32);
memmove(y,pubkey+32,32);
}
void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
{
uECC_compute_public_key(privkey, pubkey, _es256_curve);
}
void crypto_load_external_key(uint8_t * key, int len)
{
_signing_key = key;
@ -299,7 +278,7 @@ void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{
if (uECC_make_key(pubkey, privkey, _es256_curve) != 1)
{
printf2(TAG_ERR, "Error, uECC_make_key failed\n");
printf2(TAG_ERR,"Error, uECC_make_key failed\n");
exit(1);
}
}
@ -308,7 +287,7 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey
{
if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1)
{
printf2(TAG_ERR, "Error, uECC_shared_secret failed\n");
printf2(TAG_ERR,"Error, uECC_shared_secret failed\n");
exit(1);
}
@ -359,4 +338,42 @@ void crypto_aes256_encrypt(uint8_t * buf, int length)
}
const uint8_t attestation_cert_der[] =
"\x30\x82\x01\xfb\x30\x82\x01\xa1\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13"
"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e"
"\x06\x03\x55\x04\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x30\x20\x17\x0d\x31\x38"
"\x30\x35\x31\x30\x30\x33\x30\x36\x32\x30\x5a\x18\x0f\x32\x30\x36\x38\x30\x34\x32"
"\x37\x30\x33\x30\x36\x32\x30\x5a\x30\x7c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13"
"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x0f\x30\x0d"
"\x06\x03\x55\x04\x07\x0c\x06\x4c\x61\x75\x72\x65\x6c\x31\x15\x30\x13\x06\x03\x55"
"\x04\x0a\x0c\x0c\x54\x45\x53\x54\x20\x43\x4f\x4d\x50\x41\x4e\x59\x31\x22\x30\x20"
"\x06\x03\x55\x04\x0b\x0c\x19\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72"
"\x20\x41\x74\x74\x65\x73\x74\x61\x74\x69\x6f\x6e\x31\x14\x30\x12\x06\x03\x55\x04"
"\x03\x0c\x0b\x63\x6f\x6e\x6f\x72\x70\x70\x2e\x63\x6f\x6d\x30\x59\x30\x13\x06\x07"
"\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00"
"\x04\x45\xa9\x02\xc1\x2e\x9c\x0a\x33\xfa\x3e\x84\x50\x4a\xb8\x02\xdc\x4d\xb9\xaf"
"\x15\xb1\xb6\x3a\xea\x8d\x3f\x03\x03\x55\x65\x7d\x70\x3f\xb4\x02\xa4\x97\xf4\x83"
"\xb8\xa6\xf9\x3c\xd0\x18\xad\x92\x0c\xb7\x8a\x5a\x3e\x14\x48\x92\xef\x08\xf8\xca"
"\xea\xfb\x32\xab\x20\xa3\x62\x30\x60\x30\x46\x06\x03\x55\x1d\x23\x04\x3f\x30\x3d"
"\xa1\x30\xa4\x2e\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31"
"\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e\x06\x03\x55\x04"
"\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x82\x09\x00\xf7\xc9\xec\x89\xf2\x63\x94"
"\xd9\x30\x09\x06\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04"
"\x04\x03\x02\x04\xf0\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x02\x03\x48\x00"
"\x30\x45\x02\x20\x18\x38\xb0\x45\x03\x69\xaa\xa7\xb7\x38\x62\x01\xaf\x24\x97\x5e"
"\x7e\x74\x64\x1b\xa3\x7b\xf7\xe6\xd3\xaf\x79\x28\xdb\xdc\xa5\x88\x02\x21\x00\xcd"
"\x06\xf1\xe3\xab\x16\x21\x8e\xd8\xc0\x14\xaf\x09\x4f\x5b\x73\xef\x5e\x9e\x4b\xe7"
"\x35\xeb\xdd\x9b\x6d\x8f\x7d\xf3\xc4\x3a\xd7";
const uint16_t attestation_cert_der_size = sizeof(attestation_cert_der)-1;
const uint8_t attestation_key[] = "\xcd\x67\xaa\x31\x0d\x09\x1e\xd1\x6e\x7e\x98\x92\xaa\x07\x0e\x19\x94\xfc\xd7\x14\xae\x7c\x40\x8f\xb9\x46\xb7\x2e\x5f\xe7\x5d\x30";
const uint16_t attestation_key_size = sizeof(attestation_key)-1;
#else
#error "No crypto implementation defined"
#endif

9
fido2/crypto.h
View File

@ -9,6 +9,8 @@
#include <stddef.h>
#define USE_SOFTWARE_IMPLEMENTATION
void crypto_sha256_init();
void crypto_sha256_update(uint8_t * data, size_t len);
void crypto_sha256_update_secret();
@ -21,6 +23,7 @@ void crypto_sha512_init();
void crypto_sha512_update(const uint8_t * data, size_t len);
void crypto_sha512_final(uint8_t * hash);
void crypto_ecc256_init();
void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);
void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey);
@ -51,4 +54,10 @@ void crypto_reset_master_secret();
void crypto_load_master_secret(uint8_t * key);
extern const uint8_t attestation_cert_der[];
extern const uint16_t attestation_cert_der_size;
extern const uint8_t attestation_key[];
extern const uint16_t attestation_key_size;
#endif

1075
fido2/ctap.c
View File

File diff suppressed because it is too large Load Diff

71
fido2/ctap.h
View File

@ -16,11 +16,12 @@
#define CTAP_CLIENT_PIN 0x06
#define CTAP_RESET 0x07
#define GET_NEXT_ASSERTION 0x08
#define CTAP_CBOR_CRED_MGMT 0x0A
#define CTAP_VENDOR_FIRST 0x40
#define CTAP_CBOR_CRED_MGMT_PRE 0x41
#define CTAP_VENDOR_LAST 0xBF
// AAGUID For Solo
#define CTAP_AAGUID ((uint8_t*)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79")
#define MC_clientDataHash 0x01
#define MC_rp 0x02
#define MC_user 0x03
@ -39,19 +40,6 @@
#define GA_pinAuth 0x06
#define GA_pinProtocol 0x07
#define CM_cmd 0x01
#define CM_cmdMetadata 0x01
#define CM_cmdRPBegin 0x02
#define CM_cmdRPNext 0x03
#define CM_cmdRKBegin 0x04
#define CM_cmdRKNext 0x05
#define CM_cmdRKDelete 0x06
#define CM_subCommandParams 0x02
#define CM_subCommandRpId 0x01
#define CM_subCommandCred 0x02
#define CM_pinProtocol 0x03
#define CM_pinAuth 0x04
#define CP_pinProtocol 0x01
#define CP_subCommand 0x02
#define CP_cmdGetRetries 0x01
@ -73,11 +61,6 @@
#define EXT_HMAC_SECRET_REQUESTED 0x01
#define EXT_HMAC_SECRET_PARSED 0x02
#define EXT_CRED_PROTECT_INVALID 0x00
#define EXT_CRED_PROTECT_OPTIONAL 0x01
#define EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID 0x02
#define EXT_CRED_PROTECT_REQUIRED 0x03
#define RESP_versions 0x1
#define RESP_extensions 0x2
#define RESP_aaguid 0x3
@ -148,7 +131,7 @@
#define PIN_LOCKOUT_ATTEMPTS 8 // Number of attempts total
#define PIN_BOOT_ATTEMPTS 3 // number of attempts per boot
#define CTAP2_UP_DELAY_MS 29000
#define CTAP2_UP_DELAY_MS 5000
typedef struct
{
@ -161,29 +144,16 @@ typedef struct
typedef struct {
uint8_t tag[CREDENTIAL_TAG_SIZE];
union {
uint8_t nonce[CREDENTIAL_NONCE_SIZE];
struct {
uint8_t _pad[CREDENTIAL_NONCE_SIZE - 4];
uint32_t value;
}__attribute__((packed)) metadata;
}__attribute__((packed)) entropy;
uint8_t rpIdHash[32];
uint32_t count;
}__attribute__((packed)) CredentialId;
struct __attribute__((packed)) Credential {
struct Credential {
CredentialId id;
CTAP_userEntity user;
};
typedef struct {
CredentialId id;
CTAP_userEntity user;
// Maximum amount of "extra" space in resident key.
uint8_t rpId[48];
uint8_t rpIdSize;
} __attribute__((packed)) CTAP_residentKey;
typedef struct Credential CTAP_residentKey;
typedef struct
{
@ -250,7 +220,6 @@ typedef struct
{
uint8_t hmac_secret_present;
CTAP_hmac_secret hmac_secret;
uint32_t cred_protect;
} CTAP_extensions;
typedef struct
@ -319,26 +288,6 @@ typedef struct
} CTAP_getAssertion;
typedef struct
{
int cmd;
struct {
uint8_t rpIdHash[32];
CTAP_credentialDescriptor credentialDescriptor;
} subCommandParams;
struct {
uint8_t cmd;
uint8_t subCommandParamsCborCopy[sizeof(CTAP_credentialDescriptor) + 16];
} hashed;
uint32_t subCommandParamsCborSize;
uint8_t pinAuth[16];
uint8_t pinAuthPresent;
int pinProtocol;
} CTAP_credMgmt;
typedef struct
{
int pinProtocol;
@ -357,12 +306,7 @@ typedef struct
struct _getAssertionState {
// Room for both authData struct and extensions
struct {
CTAP_authDataHeader authData;
uint8_t extensions[80];
} __attribute__((packed)) buf;
CTAP_extensions extensions;
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
uint8_t lastcmd;
@ -415,8 +359,5 @@ uint16_t ctap_key_len(uint8_t index);
extern uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
extern uint8_t KEY_AGREEMENT_PUB[64];
void lock_device_permanently();
void ctap_load_external_keys(uint8_t * keybytes);
#endif

1
fido2/ctap_errors.h
View File

@ -49,7 +49,6 @@
#define CTAP2_ERR_PIN_POLICY_VIOLATION 0x37
#define CTAP2_ERR_PIN_TOKEN_EXPIRED 0x38
#define CTAP2_ERR_REQUEST_TOO_LARGE 0x39
#define CTAP2_ERR_ACTION_TIMEOUT 0x3A
#define CTAP1_ERR_OTHER 0x7F
#define CTAP2_ERR_SPEC_LAST 0xDF
#define CTAP2_ERR_EXTENSION_FIRST 0xE0

185
fido2/ctap_parse.c
View File

@ -666,8 +666,8 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
if (ret == CborErrorOutOfMemory)
{
printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n");
check_ret( cbor_value_advance(&map) );
check_ret( cbor_value_advance(&map) );
cbor_value_advance(&map);
cbor_value_advance(&map);
continue;
}
check_ret(ret);
@ -698,14 +698,6 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
printf1(TAG_RED, "warning: hmac_secret request ignored for being wrong type\r\n");
}
}
else if (strncmp(key, "credProtect",11) == 0) {
if (cbor_value_get_type(&map) == CborIntegerType) {
ret = cbor_value_get_int(&map, (int*)&ext->cred_protect);
check_ret(ret);
} else {
printf1(TAG_RED, "warning: credProtect request ignored for being wrong type\r\n");
}
}
ret = cbor_value_advance(&map);
check_ret(ret);
@ -723,7 +715,6 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
CborValue it,map;
memset(MC, 0, sizeof(CTAP_makeCredential));
MC->up = 0xff;
ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
check_retr(ret);
@ -879,7 +870,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
{
return ret;
}
ret = cbor_value_advance(&map);
cbor_value_advance(&map);
check_ret(ret);
}
@ -1007,163 +998,6 @@ uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
return 0;
}
static uint8_t parse_cred_mgmt_subcommandparams(CborValue * val, CTAP_credMgmt * CM)
{
size_t map_length;
int key;
int ret;
unsigned int i;
CborValue map;
size_t sz = 32;
if (cbor_value_get_type(val) != CborMapType)
{
printf2(TAG_ERR,"error, wrong type\n");
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_enter_container(val,&map);
check_ret(ret);
const uint8_t * start_byte = cbor_value_get_next_byte(&map) - 1;
ret = cbor_value_get_map_length(val, &map_length);
check_ret(ret);
for (i = 0; i < map_length; i++)
{
if (cbor_value_get_type(&map) != CborIntegerType)
{
printf2(TAG_ERR,"Error, expecting integer type for map key, got %s\n", cbor_value_get_type_string(&map));
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_get_int(&map, &key);
check_ret(ret);
ret = cbor_value_advance(&map);
check_ret(ret);
switch(key)
{
case CM_subCommandRpId:
ret = cbor_value_copy_byte_string(&map, CM->subCommandParams.rpIdHash, &sz, NULL);
if (ret == CborErrorOutOfMemory)
{
printf2(TAG_ERR,"Error, map key is too large\n");
return CTAP2_ERR_LIMIT_EXCEEDED;
}
check_ret(ret);
break;
case CM_subCommandCred:
ret = parse_credential_descriptor(&map, &CM->subCommandParams.credentialDescriptor);
check_ret(ret);;
break;
}
ret = cbor_value_advance(&map);
check_ret(ret);
}
const uint8_t * end_byte = cbor_value_get_next_byte(&map);
uint32_t length = (uint32_t)end_byte - (uint32_t)start_byte;
if (length > sizeof(CM->hashed.subCommandParamsCborCopy))
{
return CTAP2_ERR_LIMIT_EXCEEDED;
}
// Copy the details that were hashed so they can be verified later.
memmove(CM->hashed.subCommandParamsCborCopy, start_byte, length);
CM->subCommandParamsCborSize = length;
return 0;
}
uint8_t ctap_parse_cred_mgmt(CTAP_credMgmt * CM, uint8_t * request, int length)
{
int ret;
unsigned int i;
int key;
size_t map_length;
CborParser parser;
CborValue it,map;
memset(CM, 0, sizeof(CTAP_credMgmt));
ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
check_ret(ret);
CborType type = cbor_value_get_type(&it);
if (type != CborMapType)
{
printf2(TAG_ERR,"Error, expecting cbor map\n");
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_enter_container(&it,&map);
check_ret(ret);
ret = cbor_value_get_map_length(&it, &map_length);
check_ret(ret);
printf1(TAG_PARSE, "CM map has %d elements\n", map_length);
for (i = 0; i < map_length; i++)
{
type = cbor_value_get_type(&map);
if (type != CborIntegerType)
{
printf2(TAG_ERR,"Error, expecting int for map key\n");
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_get_int_checked(&map, &key);
check_ret(ret);
ret = cbor_value_advance(&map);
check_ret(ret);
switch(key)
{
case CM_cmd:
printf1(TAG_PARSE, "CM_cmd\n");
if (cbor_value_get_type(&map) == CborIntegerType)
{
ret = cbor_value_get_int_checked(&map, &CM->cmd);
check_ret(ret);
CM->hashed.cmd = CM->cmd;
}
else
{
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
break;
case CM_subCommandParams:
printf1(TAG_PARSE, "CM_subCommandParams\n");
ret = parse_cred_mgmt_subcommandparams(&map, CM);
check_ret(ret);
break;
case CM_pinProtocol:
printf1(TAG_PARSE, "CM_pinProtocol\n");
if (cbor_value_get_type(&map) == CborIntegerType)
{
ret = cbor_value_get_int_checked(&map, &CM->pinProtocol);
check_ret(ret);
}
else
{
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
break;
case CM_pinAuth:
printf1(TAG_PARSE, "CM_pinAuth\n");
ret = parse_fixed_byte_string(&map, CM->pinAuth, 16);
check_retr(ret);
CM->pinAuthPresent = 1;
break;
}
ret = cbor_value_advance(&map);
check_ret(ret);
}
return 0;
}
uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length)
{
@ -1176,7 +1010,6 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
memset(GA, 0, sizeof(CTAP_getAssertion));
GA->creds = getAssertionState.creds; // Save stack memory
GA->up = 0xff;
ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
check_ret(ret);
@ -1297,7 +1130,7 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
return ret;
}
ret = cbor_value_advance(&map);
cbor_value_advance(&map);
check_ret(ret);
}
@ -1518,21 +1351,11 @@ uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length
break;
case CP_getKeyAgreement:
printf1(TAG_CP,"CP_getKeyAgreement\n");
if (cbor_value_get_type(&map) != CborBooleanType)
{
printf2(TAG_ERR,"Error, expecting cbor boolean\n");
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_get_boolean(&map, &CP->getKeyAgreement);
check_ret(ret);
break;
case CP_getRetries:
printf1(TAG_CP,"CP_getRetries\n");
if (cbor_value_get_type(&map) != CborBooleanType)
{
printf2(TAG_ERR,"Error, expecting cbor boolean\n");
return CTAP2_ERR_INVALID_CBOR_TYPE;
}
ret = cbor_value_get_boolean(&map, &CP->getRetries);
check_ret(ret);
break;

1
fido2/ctap_parse.h
View File

@ -35,7 +35,6 @@ uint8_t parse_cose_key(CborValue * it, COSE_key * cose);
uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
uint8_t ctap_parse_cred_mgmt(CTAP_credMgmt * CM, uint8_t * request, int length);
uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor * cred);

376
fido2/ctaphid.c
View File

@ -16,7 +16,6 @@
#include "util.h"
#include "log.h"
#include "extensions.h"
#include "version.h"
// move custom SHA512 command out,
// and the following headers too
@ -275,7 +274,7 @@ static void ctaphid_write(CTAPHID_WRITE_BUFFER * wb, void * _data, int len)
if (wb->offset > 0)
{
memset(wb->buf + wb->offset, 0, HID_MESSAGE_SIZE - wb->offset);
usbhid_send(wb->buf);
ctaphid_write_block(wb->buf);
}
return;
}
@ -304,7 +303,7 @@ static void ctaphid_write(CTAPHID_WRITE_BUFFER * wb, void * _data, int len)
wb->bytes_written += 1;
if (wb->offset == HID_MESSAGE_SIZE)
{
usbhid_send(wb->buf);
ctaphid_write_block(wb->buf);
wb->offset = 0;
}
}
@ -539,17 +538,11 @@ extern void _check_ret(CborError ret, int line, const char * filename);
#define check_hardcore(r) _check_ret(r,__LINE__, __FILE__);\
if ((r) != CborNoError) exit(1);
uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb);
extern void solo_lock_if_not_already();
uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
{
uint8_t cmd = 0;
uint8_t cmd;
uint32_t cid;
int len = 0;
int len;
#ifndef DISABLE_CTAPHID_CBOR
int status;
#endif
@ -559,10 +552,6 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
CTAP_RESPONSE ctap_resp;
int bufstatus = ctaphid_buffer_packet(pkt_raw, &cmd, &cid, &len);
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = cmd;
if (bufstatus == HID_IGNORE)
{
@ -598,6 +587,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
case CTAPHID_PING:
printf1(TAG_HID,"CTAPHID_PING\n");
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_PING;
wb.bcnt = len;
timestamp();
ctaphid_write(&wb, ctap_buffer, len);
@ -610,9 +602,13 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
case CTAPHID_WINK:
printf1(TAG_HID,"CTAPHID_WINK\n");
ctaphid_write_buffer_init(&wb);
device_wink();
wb.cid = cid;
wb.cmd = CTAPHID_WINK;
ctaphid_write(&wb,NULL,0);
break;
@ -637,10 +633,10 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
ctap_response_init(&ctap_resp);
status = ctap_request(ctap_buffer, len, &ctap_resp);
wb.bcnt = (ctap_resp.length+1);
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = cmd;
wb.cmd = CTAPHID_CBOR;
wb.bcnt = (ctap_resp.length+1);
timestamp();
@ -670,10 +666,10 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
ctap_response_init(&ctap_resp);
u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp);
wb.bcnt = (ctap_resp.length);
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = cmd;
wb.cmd = CTAPHID_MSG;
wb.bcnt = (ctap_resp.length);
ctaphid_write(&wb, ctap_resp.data, ctap_resp.length);
ctaphid_write(&wb, NULL, 0);
@ -683,14 +679,209 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
printf1(TAG_HID,"CTAPHID_CANCEL\n");
is_busy = 0;
break;
#if defined(IS_BOOTLOADER)
case CTAPHID_BOOT:
printf1(TAG_HID,"CTAPHID_BOOT\n");
ctap_response_init(&ctap_resp);
u2f_set_writeback_buffer(&ctap_resp);
is_busy = bootloader_bridge(len, ctap_buffer);
default:
if (ctaphid_custom_command(len, &ctap_resp, &wb) != 0){
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_BOOT;
wb.bcnt = (ctap_resp.length + 1);
ctaphid_write(&wb, &is_busy, 1);
ctaphid_write(&wb, ctap_resp.data, ctap_resp.length);
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
}else{
printf2(TAG_ERR, "error, unimplemented HID cmd: %02x\r\n", buffer_cmd());
ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND);
break;
#endif
#if defined(SOLO_HACKER)
case CTAPHID_ENTERBOOT:
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
boot_solo_bootloader();
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_ENTERBOOT;
wb.bcnt = 0;
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
break;
case CTAPHID_ENTERSTBOOT:
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
boot_st_bootloader();
break;
#endif
#if !defined(IS_BOOTLOADER)
case CTAPHID_GETRNG:
printf1(TAG_HID,"CTAPHID_GETRNG\n");
ctap_response_init(&ctap_resp);
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_GETRNG;
wb.bcnt = ctap_buffer[0];
if (!wb.bcnt)
wb.bcnt = 57;
memset(ctap_buffer,0,wb.bcnt);
ctap_generate_rng(ctap_buffer, wb.bcnt);
ctaphid_write(&wb, &ctap_buffer, wb.bcnt);
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
break;
#endif
#if defined(SOLO_HACKER) && (DEBUG_LEVEL > 0) && (!IS_BOOTLOADER == 1)
case CTAPHID_PROBE:
/*
* Expects CBOR-serialized data of the form
* {"subcommand": "hash_type", "data": b"the_data"}
* with hash_type in SHA256, SHA512
*/
// some random logging
printf1(TAG_HID,"CTAPHID_PROBE\n");
// initialise CTAP response object
ctap_response_init(&ctap_resp);
// initialise write buffer
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_PROBE;
// prepare parsing (or halt)
int ret;
CborParser parser;
CborValue it, map;
ret = cbor_parser_init(
ctap_buffer, (size_t) buffer_len(),
// strictly speaking, CTAP is not RFC canonical...
CborValidateCanonicalFormat,
&parser, &it);
check_hardcore(ret);
CborType type = cbor_value_get_type(&it);
if (type != CborMapType) exit(1);
ret = cbor_value_enter_container(&it,&map);
check_hardcore(ret);
size_t map_length = 0;
ret = cbor_value_get_map_length(&it, &map_length);
if (map_length != 2) exit(1);
// parse subcommand (or halt)
CborValue val;
ret = cbor_value_map_find_value(&it, "subcommand", &val);
check_hardcore(ret);
if (!cbor_value_is_text_string(&val))
exit(1);
int sha_version = 0;
bool found = false;
if (!found) {
ret = cbor_value_text_string_equals(
&val, "SHA256", &found);
check_hardcore(ret);
if (found)
sha_version = 256;
}
if (!found) {
ret = cbor_value_text_string_equals(
&val, "SHA512", &found);
check_hardcore(ret);
if (found)
sha_version = 512;
}
if (sha_version == 0)
exit(1);
// parse data (or halt)
ret = cbor_value_map_find_value(&it, "data", &val);
check_hardcore(ret);
if (!cbor_value_is_byte_string(&val))
exit(1);
size_t data_length = 0;
ret = cbor_value_calculate_string_length(&val, &data_length);
check_hardcore(ret);
if (data_length > 6*1024)
exit(1);
unsigned char data[6*1024];
ret = cbor_value_copy_byte_string (
&val, &data[0], &data_length, &val);
check_hardcore(ret);
// execute subcommand
if (sha_version == 256) {
// calculate hash
crypto_sha256_init();
crypto_sha256_update(data, data_length);
crypto_sha256_final(ctap_buffer);
// write output
wb.bcnt = CF_SHA256_HASHSZ; // 32 bytes
ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ);
}
if (sha_version == 512) {
// calculate hash
crypto_sha512_init();
crypto_sha512_update(data, data_length);
crypto_sha512_final(ctap_buffer);
// write output
wb.bcnt = CF_SHA512_HASHSZ; // 64 bytes
ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ);
}
// finalize
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
break;
/*
case CTAPHID_SHA256:
// some random logging
printf1(TAG_HID,"CTAPHID_SHA256\n");
// initialise CTAP response object
ctap_response_init(&ctap_resp);
// initialise write buffer
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_SHA256;
wb.bcnt = CF_SHA256_HASHSZ; // 32 bytes
// calculate hash
crypto_sha256_init();
crypto_sha256_update(ctap_buffer, buffer_len());
crypto_sha256_final(ctap_buffer);
// copy to output
ctaphid_write(&wb, &ctap_buffer, CF_SHA256_HASHSZ);
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
break;
case CTAPHID_SHA512:
// some random logging
printf1(TAG_HID,"CTAPHID_SHA512\n");
// initialise CTAP response object
ctap_response_init(&ctap_resp);
// initialise write buffer
ctaphid_write_buffer_init(&wb);
wb.cid = cid;
wb.cmd = CTAPHID_SHA512;
wb.bcnt = CF_SHA512_HASHSZ; // 64 bytes
// calculate hash
crypto_sha512_init();
crypto_sha512_update(ctap_buffer, buffer_len());
crypto_sha512_final(ctap_buffer);
// copy to output
ctaphid_write(&wb, &ctap_buffer, CF_SHA512_HASHSZ);
ctaphid_write(&wb, NULL, 0);
is_busy = 0;
break;
*/
#endif
default:
printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd());
ctaphid_send_error(cid, CTAP1_ERR_INVALID_COMMAND);
break;
}
cid_del(cid);
buffer_reset();
@ -700,136 +891,3 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
else return 0;
}
uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb)
{
ctap_response_init(ctap_resp);
#if !defined(IS_BOOTLOADER) && (defined(SOLO_EXPERIMENTAL))
uint32_t param;
#endif
#if defined(IS_BOOTLOADER)
uint8_t is_busy;
#endif
switch(wb->cmd)
{
#if defined(IS_BOOTLOADER)
case CTAPHID_BOOT:
printf1(TAG_HID,"CTAPHID_BOOT\n");
u2f_set_writeback_buffer(ctap_resp);
is_busy = bootloader_bridge(len, ctap_buffer);
wb->bcnt = 1 + ctap_resp->length;
ctaphid_write(wb, &is_busy, 1);
ctaphid_write(wb, ctap_resp->data, ctap_resp->length);
ctaphid_write(wb, NULL, 0);
return 1;
#endif
#if defined(SOLO)
case CTAPHID_ENTERBOOT:
printf1(TAG_HID,"CTAPHID_ENTERBOOT\n");
boot_solo_bootloader();
wb->bcnt = 0;
ctaphid_write(wb, NULL, 0);
return 1;
#endif
#if defined(SOLO)
case CTAPHID_REBOOT:
device_reboot();
return 1;
#endif
#if !defined(IS_BOOTLOADER)
case CTAPHID_GETRNG:
printf1(TAG_HID,"CTAPHID_GETRNG\n");
wb->bcnt = ctap_buffer[0];
if (!wb->bcnt)
wb->bcnt = 57;
memset(ctap_buffer,0,wb->bcnt);
ctap_generate_rng(ctap_buffer, wb->bcnt);
ctaphid_write(wb, ctap_buffer, wb->bcnt);
ctaphid_write(wb, NULL, 0);
return 1;
break;
#endif
case CTAPHID_GETVERSION:
printf1(TAG_HID,"CTAPHID_GETVERSION\n");
wb->bcnt = 4;
ctap_buffer[0] = SOLO_VERSION_MAJ;
ctap_buffer[1] = SOLO_VERSION_MIN;
ctap_buffer[2] = SOLO_VERSION_PATCH;
#if defined(SOLO)
ctap_buffer[3] = solo_is_locked();
#else
ctap_buffer[3] = 0;
#endif
ctaphid_write(wb, ctap_buffer, 4);
ctaphid_write(wb, NULL, 0);
return 1;
break;
// Remove on next release
#if !defined(IS_BOOTLOADER) && defined(SOLO)
case 0x99:
solo_lock_if_not_already();
wb->bcnt = 0;
ctaphid_write(wb, NULL, 0);
return 1;
break;
#endif
#if !defined(IS_BOOTLOADER) && (defined(SOLO_EXPERIMENTAL))
case CTAPHID_LOADKEY:
/**
* Load external key. Useful for enabling backups.
* bytes: 4 4 96
* payload: version [maj rev patch RFU]| counter_replacement (BE) | master_key |
*
* Counter should be increased by a large amount, e.g. (0x10000000)
* to outdo any previously lost/broken keys.
*/
printf1(TAG_HID,"CTAPHID_LOADKEY\n");
if (len != 104)
{
printf2(TAG_ERR,"Error, invalid length.\n");
ctaphid_send_error(wb->cid, CTAP1_ERR_INVALID_LENGTH);
return 1;
}
param = ctap_buffer[0] << 16;
param |= ctap_buffer[1] << 8;
param |= ctap_buffer[2] << 0;
if (param != 0){
ctaphid_send_error(wb->cid, CTAP2_ERR_UNSUPPORTED_OPTION);
return 1;
}
// Ask for THREE button presses
if (ctap_user_presence_test(8000) > 0)
if (ctap_user_presence_test(2000) > 0)
if (ctap_user_presence_test(2000) > 0)
{
ctap_load_external_keys(ctap_buffer + 8);
param = ctap_buffer[7];
param |= ctap_buffer[6] << 8;
param |= ctap_buffer[5] << 16;
param |= ctap_buffer[4] << 24;
ctap_atomic_count(param);
wb->bcnt = 0;
ctaphid_write(wb, NULL, 0);
return 1;
}
printf2(TAG_ERR, "Error, invalid length.\n");
ctaphid_send_error(wb->cid, CTAP2_ERR_OPERATION_DENIED);
return 1;
#endif
}
return 0;
}

5
fido2/ctaphid.h
View File

@ -27,10 +27,7 @@
#define CTAPHID_BOOT (TYPE_INIT | 0x50)
#define CTAPHID_ENTERBOOT (TYPE_INIT | 0x51)
#define CTAPHID_ENTERSTBOOT (TYPE_INIT | 0x52)
#define CTAPHID_REBOOT (TYPE_INIT | 0x53)
#define CTAPHID_GETRNG (TYPE_INIT | 0x60)
#define CTAPHID_GETVERSION (TYPE_INIT | 0x61)
#define CTAPHID_LOADKEY (TYPE_INIT | 0x62)
// reserved for debug, not implemented except for HACKER and DEBUG_LEVEl > 0
#define CTAPHID_PROBE (TYPE_INIT | 0x70)
@ -60,8 +57,6 @@
#define CTAP_CAPABILITIES (CAPABILITY_WINK | CAPABILITY_CBOR)
#define HID_MESSAGE_SIZE 64
typedef struct
{
uint32_t cid;

90
fido2/data_migration.c
View File

@ -1,90 +0,0 @@
// Copyright 2019 SoloKeys Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
#include "data_migration.h"
#include "log.h"
#include "device.h"
#include "crypto.h"
// TODO move from macro to function/assert for better readability?
#define check(x) assert(state_prev_0xff->x == state_tmp_ptr->x);
#define check_buf(x) assert(memcmp(state_prev_0xff->x, state_tmp_ptr->x, sizeof(state_tmp_ptr->x)) == 0);
bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, AuthenticatorState_0x01* state_tmp_ptr){
// Calculate PIN hash, and replace PIN raw storage with it; add version to structure
// other ingredients do not change
if (state_tmp_ptr->data_version != 0xFF)
return false;
static_assert(sizeof(AuthenticatorState_0xFF) <= sizeof(AuthenticatorState_0x01), "New state structure is smaller, than current one, which is not handled");
if (ctap_generate_rng(state_tmp_ptr->PIN_SALT, sizeof(state_tmp_ptr->PIN_SALT)) != 1) {
printf2(TAG_ERR, "Error, rng failed\n");
return false;
}
if (state_prev_0xff->is_pin_set){
crypto_sha256_init();
crypto_sha256_update(state_prev_0xff->pin_code, state_prev_0xff->pin_code_length);
uint8_t intermediateHash[32];
crypto_sha256_final(intermediateHash);
crypto_sha256_init();
crypto_sha256_update(intermediateHash, 16);
memset(intermediateHash, 0, sizeof(intermediateHash));
crypto_sha256_update(state_tmp_ptr->PIN_SALT, sizeof(state_tmp_ptr->PIN_SALT));
crypto_sha256_final(state_tmp_ptr->PIN_CODE_HASH);
}
assert(state_tmp_ptr->_reserved == state_prev_0xff->pin_code_length);
state_tmp_ptr->_reserved = 0xFF;
state_tmp_ptr->data_version = 1;
check(is_initialized);
check(is_pin_set);
check(remaining_tries);
check(rk_stored);
check_buf(key_lens);
check_buf(key_space);
assert(state_tmp_ptr->data_version != 0xFF);
return true;
}
void save_migrated_state(AuthenticatorState *state_tmp_ptr) {
memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState));
authenticator_write_state(state_tmp_ptr);
}
void do_migration_if_required(AuthenticatorState* state_current){
// Currently handles only state structures with the same size, or bigger
// FIXME rework to raw buffers with fixed size to allow state structure size decrease
if(!state_current->is_initialized)
return;
AuthenticatorState state_tmp;
AuthenticatorState state_previous;
authenticator_read_state(&state_previous);
authenticator_read_state(&state_tmp);
if(state_current->data_version == 0xFF){
printf2(TAG_ERR, "Running migration\n");
bool success = migrate_from_FF_to_01((AuthenticatorState_0xFF *) &state_previous, &state_tmp);
if (!success){
printf2(TAG_ERR, "Failed migration from 0xFF to 1\n");
// FIXME discuss migration failure behavior
goto return_cleanup;
}
dump_hex1(TAG_ERR, (void*)&state_tmp, sizeof(state_tmp));
dump_hex1(TAG_ERR, (void*)&state_previous, sizeof(state_previous));
save_migrated_state(&state_tmp);
}
assert(state_current->data_version == STATE_VERSION);
return_cleanup:
memset(&state_tmp, 0, sizeof(AuthenticatorState));
memset(&state_previous, 0, sizeof(AuthenticatorState));
}

15
fido2/data_migration.h
View File

@ -1,15 +0,0 @@
// Copyright 2019 SoloKeys Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
#ifndef FIDO2_PR_DATA_MIGRATION_H
#define FIDO2_PR_DATA_MIGRATION_H
#include "storage.h"
void do_migration_if_required(AuthenticatorState* state_current);
#endif //FIDO2_PR_DATA_MIGRATION_H

225
fido2/device.c
View File

@ -1,225 +0,0 @@
// Copyright 2019 SoloKeys Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
/** device.c
*
* This contains (weak) implementations
* to get FIDO2 working initially on a device. They probably
* aren't what you want to keep, but are designed to be replaced
* with some other platform specific implementation.
*
* For real examples, see the STM32L4 implementation and the PC implementation of device.c.
*
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "ctaphid.h"
#include "log.h"
#include APP_CONFIG
#define RK_NUM 50
struct ResidentKeyStore {
CTAP_residentKey rks[RK_NUM];
} RK_STORE;
static bool _up_disabled = false;
static uint8_t _attestation_cert_der[] =
"\x30\x82\x01\xfb\x30\x82\x01\xa1\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13"
"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e"
"\x06\x03\x55\x04\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x30\x20\x17\x0d\x31\x38"
"\x30\x35\x31\x30\x30\x33\x30\x36\x32\x30\x5a\x18\x0f\x32\x30\x36\x38\x30\x34\x32"
"\x37\x30\x33\x30\x36\x32\x30\x5a\x30\x7c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13"
"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x0f\x30\x0d"
"\x06\x03\x55\x04\x07\x0c\x06\x4c\x61\x75\x72\x65\x6c\x31\x15\x30\x13\x06\x03\x55"
"\x04\x0a\x0c\x0c\x54\x45\x53\x54\x20\x43\x4f\x4d\x50\x41\x4e\x59\x31\x22\x30\x20"
"\x06\x03\x55\x04\x0b\x0c\x19\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72"
"\x20\x41\x74\x74\x65\x73\x74\x61\x74\x69\x6f\x6e\x31\x14\x30\x12\x06\x03\x55\x04"
"\x03\x0c\x0b\x63\x6f\x6e\x6f\x72\x70\x70\x2e\x63\x6f\x6d\x30\x59\x30\x13\x06\x07"
"\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00"
"\x04\x45\xa9\x02\xc1\x2e\x9c\x0a\x33\xfa\x3e\x84\x50\x4a\xb8\x02\xdc\x4d\xb9\xaf"
"\x15\xb1\xb6\x3a\xea\x8d\x3f\x03\x03\x55\x65\x7d\x70\x3f\xb4\x02\xa4\x97\xf4\x83"
"\xb8\xa6\xf9\x3c\xd0\x18\xad\x92\x0c\xb7\x8a\x5a\x3e\x14\x48\x92\xef\x08\xf8\xca"
"\xea\xfb\x32\xab\x20\xa3\x62\x30\x60\x30\x46\x06\x03\x55\x1d\x23\x04\x3f\x30\x3d"
"\xa1\x30\xa4\x2e\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31"
"\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e\x06\x03\x55\x04"
"\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x82\x09\x00\xf7\xc9\xec\x89\xf2\x63\x94"
"\xd9\x30\x09\x06\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04"
"\x04\x03\x02\x04\xf0\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x02\x03\x48\x00"
"\x30\x45\x02\x20\x18\x38\xb0\x45\x03\x69\xaa\xa7\xb7\x38\x62\x01\xaf\x24\x97\x5e"
"\x7e\x74\x64\x1b\xa3\x7b\xf7\xe6\xd3\xaf\x79\x28\xdb\xdc\xa5\x88\x02\x21\x00\xcd"
"\x06\xf1\xe3\xab\x16\x21\x8e\xd8\xc0\x14\xaf\x09\x4f\x5b\x73\xef\x5e\x9e\x4b\xe7"
"\x35\xeb\xdd\x9b\x6d\x8f\x7d\xf3\xc4\x3a\xd7";
__attribute__((weak)) void device_attestation_read_cert_der(uint8_t * dst){
memmove(dst, _attestation_cert_der, device_attestation_cert_der_get_size());
}
__attribute__((weak)) uint8_t * device_get_attestation_key(){
static uint8_t attestation_key[] =
"\xcd\x67\xaa\x31\x0d\x09\x1e\xd1\x6e\x7e\x98\x92\xaa"
"\x07\x0e\x19\x94\xfc\xd7\x14\xae\x7c\x40\x8f\xb9\x46"
"\xb7\x2e\x5f\xe7\x5d\x30";
return attestation_key;
}
__attribute__((weak)) uint16_t device_attestation_cert_der_get_size(){
return sizeof(_attestation_cert_der)-1;
}
__attribute__((weak)) void device_reboot()
{
printf1(TAG_RED, "REBOOT command recieved!\r\n");
exit(100);
}
__attribute__((weak)) void device_set_status(uint32_t status)
{
static uint32_t __device_status = 0;
if (status != CTAPHID_STATUS_IDLE && __device_status != status)
{
ctaphid_update_status(status);
}
__device_status = status;
}
__attribute__((weak)) void usbhid_close(){/**/}
__attribute__((weak)) void device_init(int argc, char *argv[]){/**/}
__attribute__((weak)) void device_disable_up(bool disable)
{
_up_disabled = disable;
}
__attribute__((weak)) int ctap_user_presence_test(uint32_t d)
{
if (_up_disabled)
{
return 2;
}
return 1;
}
__attribute__((weak)) int ctap_user_verification(uint8_t arg)
{
return 1;
}
__attribute__((weak)) uint32_t ctap_atomic_count(uint32_t amount)
{
static uint32_t counter1 = 25;
counter1 += (amount + 1);
return counter1;
}
__attribute__((weak)) int ctap_generate_rng(uint8_t * dst, size_t num)
{
int i;
printf1(TAG_ERR, "Insecure RNG being used.\r\n");
for (i = 0; i < num; i++){
dst[i] = (uint8_t)rand();
}
}
__attribute__((weak)) int device_is_nfc()
{
return 0;
}
__attribute__((weak)) void device_wink()
{
printf1(TAG_GREEN,"*WINK*\n");
}
__attribute__((weak)) void device_set_clock_rate(DEVICE_CLOCK_RATE param){/**/}
static AuthenticatorState _tmp_state = {0};
__attribute__((weak)) int authenticator_read_state(AuthenticatorState * s){
if (_tmp_state.is_initialized != INITIALIZED_MARKER){
return 0;
}
else {
memmove(s, &_tmp_state, sizeof(AuthenticatorState));
return 1;
}
}
__attribute__((weak)) void authenticator_write_state(AuthenticatorState * s){
memmove(&_tmp_state, s, sizeof(AuthenticatorState));
}
__attribute__((weak)) void ctap_reset_rk()
{
memset(&RK_STORE,0xff,sizeof(RK_STORE));
}
__attribute__((weak)) uint32_t ctap_rk_size()
{
return RK_NUM;
}
__attribute__((weak)) void ctap_store_rk(int index, CTAP_residentKey * rk)
{
if (index < RK_NUM)
{
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
}
else
{
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
}
}
__attribute__((weak)) void ctap_delete_rk(int index)
{
CTAP_residentKey rk;
memset(&rk, 0xff, sizeof(CTAP_residentKey));
if (index < RK_NUM)
{
memmove(RK_STORE.rks + index, &rk, sizeof(CTAP_residentKey));
}
else
{
printf1(TAG_ERR,"Out of bounds for delete_rk\r\n");
}
}
__attribute__((weak)) void ctap_load_rk(int index, CTAP_residentKey * rk)
{
memmove(rk, RK_STORE.rks + index, sizeof(CTAP_residentKey));
}
__attribute__((weak)) void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
{
if (index < RK_NUM)
{
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
}
else
{
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
}
}
__attribute__((weak)) void device_read_aaguid(uint8_t * dst){
uint8_t * aaguid = (uint8_t *)"\x00\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79";
memmove(dst, aaguid, 16);
}

224
fido2/device.h
View File

@ -9,166 +9,81 @@
#include "storage.h"
/** Return a millisecond timestamp. Does not need to be synchronized to anything.
* *Optional* to compile, but will not calculate delays correctly without a correct implementation.
*/
void device_init(int argc, char *argv[]);
uint32_t millis();
void delay(uint32_t ms);
// HID message size in bytes
#define HID_MESSAGE_SIZE 64
void usbhid_init();
int usbhid_recv(uint8_t * msg);
/** Called by HIDUSB layer to write bytes to the USB HID interface endpoint.
* Will write 64 bytes at a time.
*
* @param msg Pointer to a 64 byte buffer containing a payload to be sent via USB HID.
*
* **Required** to compile and work for FIDO application.
*/
void usbhid_send(uint8_t * msg);
void usbhid_close();
/** Reboot / power reset the device.
* **Optional** this is not used for FIDO2, and simply won't do anything if not implemented.
*/
void device_reboot();
void main_loop_delay();
/** Read AuthenticatorState from nonvolatile memory.
* @param s pointer to AuthenticatorState buffer to be overwritten with contents from NV memory.
* @return 0 - state stored is NOT initialized.
* 1 - state stored is initialized.
*
* *Optional* this is required to make persistant updates to FIDO2 State (PIN and device master secret).
* Without it, changes simply won't be persistant.
*/
int authenticator_read_state(AuthenticatorState * s);
void heartbeat();
/** Store changes in the authenticator state to nonvolatile memory.
* @param s pointer to valid Authenticator state to write to NV memory.
*
* *Optional* this is required to make persistant updates to FIDO2 State (PIN and device master secret).
* Without it, changes simply won't be persistant.
*/
void authenticator_write_state(AuthenticatorState * s);
void authenticator_read_state(AuthenticatorState * );
void authenticator_read_backup_state(AuthenticatorState * );
// Return 1 yes backup is init'd, else 0
//void authenticator_initialize()
int authenticator_is_backup_initialized();
void authenticator_write_state(AuthenticatorState *, int backup);
// Called each main loop. Doesn't need to do anything.
void device_manage();
// sets status that's uses for sending status updates ~100ms.
// A timer should be set up to call `ctaphid_update_status`
/** Updates status of the status of the FIDO2 layer application, which
* can be used for polling updates in the USBHID layer.
*
* @param status is one of the following, which can be used appropriately by USB HID layer.
#define CTAPHID_STATUS_IDLE 0
#define CTAPHID_STATUS_PROCESSING 1
#define CTAPHID_STATUS_UPNEEDED 2
*
* *Optional* to compile and run, but will be required to be used for proper FIDO2 operation with some platforms.
*/
void device_set_status(uint32_t status);
/** Returns true if button is currently pressed. Debouncing does not need to be handled. Should not block.
* @return 1 if button is currently pressed.
*
* *Optional* to compile and run, but just returns one by default.
*/
// Returns if button is currently pressed
int device_is_button_pressed();
//
// Return 2 for disabled, 1 for user is present, 0 user not present, -1 if cancel is requested.
/** Test for user presence.
* Perform test that user is present. Returns status on user presence. This is used by FIDO and U2F layer
* to check if an operation should continue, or if the UP flag should be set.
*
* @param delay number of milliseconds to delay waiting for user before timeout.
*
* @return 2 - User presence is disabled. Operation should continue, but UP flag not set.
* 1 - User presence confirmed. Operation should continue, and UP flag is set.
* 0 - User presence is not confirmed. Operation should be denied.
* -1 - Operation was canceled. Do not continue, reset transaction state.
*
* *Optional*, the default implementation will return 1, unless a FIDO2 operation calls for no UP, where this will then return 2.
*/
// Test for user presence
// Return 1 for user is present, 0 user not present, -1 if cancel is requested.
int ctap_user_presence_test(uint32_t delay);
/** Disable the next user presence test. This is called by FIDO2 layer when a transaction
* requests UP to be disabled. The next call to ctap_user_presence_test should return 2,
* and then UP should be enabled again.
*
* @param request_active indicate to activate (true) or disable (false) UP.
*
* *Optional*, the default implementation will provide expected behaviour with the default ctap_user_presence_test(...).
*/
void device_disable_up(bool request_active);
/** Generate random numbers. Random numbers should be good enough quality for
* cryptographic use.
*
* @param dst the buffer to write into.
* @param num the number of bytes to generate and write to dst.
*
* @return 1 if successful, or else the RNG failed.
*
* *Optional*, if not implemented, the random numbers will be from rand() and an error will be logged.
*/
// Generate @num bytes of random numbers to @dest
// return 1 if success, error otherwise
int ctap_generate_rng(uint8_t * dst, size_t num);
/** Increment an atomic (non-volatile) counter and return the value.
*
* @param amount a non-zero amount to increment the counter by.
*
* *Optional*, if not implemented, the counter will not be persistant.
*/
uint32_t ctap_atomic_count(uint32_t amount);
// Increment atomic counter and return it.
// Must support two counters, @sel selects counter0 or counter1.
uint32_t ctap_atomic_count(int sel);
/** Delete all resident keys.
*
* *Optional*, if not implemented, operates on non-persistant RK's.
*/
// Verify the user
// return 1 if user is verified, 0 if not
int ctap_user_verification(uint8_t arg);
// Must be implemented by application
// data is HID_MESSAGE_SIZE long in bytes
void ctaphid_write_block(uint8_t * data);
// Resident key
void ctap_reset_rk();
/** Return the maximum amount of resident keys that can be stored.
* @return max number of resident keys that can be stored, including already stored RK's.
*
* *Optional*, if not implemented, returns 50.
*/
uint32_t ctap_rk_size();
/** Store a resident key into an index between [ 0, ctap_rk_size() ).
* Storage should be in non-volatile memory.
*
* @param index between RK index range.
* @param rk pointer to valid rk structure that should be written to NV memory.
*
* *Optional*, if not implemented, operates on non-persistant RK's.
*/
void ctap_store_rk(int index,CTAP_residentKey * rk);
/** Delete a resident key from an index.
* @param index to delete resident key from. Has no effect if no RK exists at index.
*
* *Optional*, if not implemented, operates on non-persistant RK's.
*/
void ctap_delete_rk(int index);
/** Read a resident key from an index into memory
* @param index to read resident key from.
* @param rk pointer to resident key structure to write into with RK.
*
* *Optional*, if not implemented, operates on non-persistant RK's.
*/
void ctap_load_rk(int index,CTAP_residentKey * rk);
/** Overwrite the RK located in index with a new RK.
* @param index to write resident key to.
* @param rk pointer to valid rk structure that should be written to NV memory, and replace existing RK there.
*
* *Optional*, if not implemented, operates on non-persistant RK's.
*/
void ctap_overwrite_rk(int index,CTAP_residentKey * rk);
// For Solo hacker
void boot_solo_bootloader();
void boot_st_bootloader();
/** Called by HID layer to indicate that a wink behavior should be performed.
* Should not block, and the wink behavior should occur in parallel to FIDO operations.
*
* *Optional*.
*/
// HID wink command
void device_wink();
typedef enum {
@ -177,50 +92,21 @@ typedef enum {
DEVICE_FAST = 2,
} DEVICE_CLOCK_RATE;
/**
* Set the clock rate for the device. This gets called only when the device is running in NFC mode.
* Before Register and authenticate operations, the clock rate will be set to (1), and otherwise back to (0).
* @param param
0: Lowest clock rate for NFC.
1: fastest clock rate supported at a low power setting for NFC FIDO.
2: fastest clock rate. Generally for USB interface.
* *Optional*, by default nothing happens.
*/
// Set the clock rate for the device.
// Three modes are targetted for Solo.
// 0: Lowest clock rate for NFC.
// 1: fastest clock rate supported at a low power setting for NFC FIDO.
// 2: fastest clock rate. Generally for USB interface.
void device_set_clock_rate(DEVICE_CLOCK_RATE param);
// Returns NFC_IS_NA, NFC_IS_ACTIVE, or NFC_IS_AVAILABLE
#define NFC_IS_NA 0
#define NFC_IS_ACTIVE 1
#define NFC_IS_AVAILABLE 2
/** Returns NFC status of the device.
* @return 0 - NFC is not available.
* 1 - NFC is active, and is powering the chip for a transaction.
* 2 - NFC is available, but not currently being used.
*/
int device_is_nfc();
void request_from_nfc(bool request_active);
/** Return pointer to attestation key.
* @return pointer to attestation private key, raw encoded. For P256, this is 32 bytes.
*/
uint8_t * device_get_attestation_key();
/** Read the device's attestation certificate into buffer @dst.
* @param dst the destination to write the certificate.
*
* The size of the certificate can be retrieved using `device_attestation_cert_der_get_size()`.
*/
void device_attestation_read_cert_der(uint8_t * dst);
/** Returns the size in bytes of attestation_cert_der.
* @return number of bytes in attestation_cert_der, not including any C string null byte.
*/
uint16_t device_attestation_cert_der_get_size();
/** Read the device's 16 byte AAGUID into a buffer.
* @param dst buffer to write 16 byte AAGUID into.
* */
void device_read_aaguid(uint8_t * dst);
void device_init_button();
#endif

41
fido2/example_app.h
View File

@ -1,41 +0,0 @@
// Copyright 2019 SoloKeys Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
#ifndef SRC_APP_H_
#define SRC_APP_H_
#include <stdbool.h>
#define USING_DEV_BOARD
#define USING_PC
#define ENABLE_U2F
#define ENABLE_U2F_EXTENSIONS
//#define BRIDGE_TO_WALLET
void printing_init();
extern bool use_udp;
// 0xRRGGBB
#define LED_INIT_VALUE 0x000800
#define LED_WINK_VALUE 0x000008
#define LED_MAX_SCALER 30
#define LED_MIN_SCALER 1
// # of ms between each change in LED
#define HEARTBEAT_PERIOD 100
// Each LED channel will be multiplied by a integer between LED_MAX_SCALER
// and LED_MIN_SCALER to cause the slow pulse. E.g.
// #define LED_INIT_VALUE 0x301000
// #define LED_MAX_SCALER 30
// #define LED_MIN_SCALER 1
// #define HEARTBEAT_PERIOD 8
// Will pulse from 0x301000 to 0x903000 to 0x301000 ...
// Which will take ~8 * (30)*2 ms
#endif /* SRC_APP_H_ */

2
fido2/extensions/wallet.c
View File

@ -95,7 +95,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
if (ret != 0)
return ret;
// printf1(TAG_WALLET,"Success. Pin = %s\n", STATE.pin_code);
printf1(TAG_WALLET,"Success. Pin = %s\n", STATE.pin_code);
break;
case CP_cmdChangePin:

2
fido2/log.c
View File

@ -50,8 +50,6 @@ struct logtag tagtable[] = {
{TAG_EXT,"EXT"},
{TAG_NFC,"NFC"},
{TAG_NFC_APDU, "NAPDU"},
{TAG_CCID, "CCID"},
{TAG_CM, "CRED_MGMT"},
};

7
fido2/log.h
View File

@ -7,10 +7,7 @@
#ifndef _LOG_H
#define _LOG_H
#ifdef APP_CONFIG
#include APP_CONFIG
#endif
#include <stdint.h>
#ifndef DEBUG_LEVEL
@ -47,14 +44,12 @@ typedef enum
TAG_EXT = (1 << 18),
TAG_NFC = (1 << 19),
TAG_NFC_APDU = (1 << 20),
TAG_CCID = (1 << 21),
TAG_CM = (1 << 22),
TAG_NO_TAG = (1UL << 30),
TAG_FILENO = (1UL << 31)
} LOG_TAG;
#if defined(DEBUG_LEVEL) && DEBUG_LEVEL > 0
#if DEBUG_LEVEL > 0
void set_logging_mask(uint32_t mask);
#define printf1(tag,fmt, ...) LOG(tag & ~(TAG_FILENO), NULL, 0, fmt, ##__VA_ARGS__)

33
pc/main.c → fido2/main.c
View File

@ -9,7 +9,6 @@
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
#include <time.h>
#include "cbor.h"
#include "device.h"
@ -18,12 +17,9 @@
#include "util.h"
#include "log.h"
#include "ctap.h"
#include "app.h"
void device_init(int argc, char *argv[]);
int usbhid_recv(uint8_t * msg);
#include APP_CONFIG
#if !defined(TEST)
int main(int argc, char *argv[])
@ -33,25 +29,23 @@ int main(int argc, char *argv[])
set_logging_mask(
/*0*/
// TAG_GEN|
//TAG_GEN|
// TAG_MC |
// TAG_GA |
TAG_WALLET |
TAG_STOR |
//TAG_NFC_APDU |
TAG_NFC |
// TAG_CP |
//TAG_CP |
// TAG_CTAP|
// TAG_HID|
//TAG_HID|
TAG_U2F|
// TAG_PARSE |
//TAG_PARSE |
//TAG_TIME|
// TAG_DUMP|
// TAG_DUMP2|
TAG_GREEN|
TAG_RED|
TAG_EXT|
TAG_CCID|
TAG_ERR
);
@ -62,6 +56,13 @@ int main(int argc, char *argv[])
while(1)
{
if (millis() - t1 > HEARTBEAT_PERIOD)
{
heartbeat();
t1 = millis();
}
device_manage();
if (usbhid_recv(hidmsg) > 0)
{
@ -71,16 +72,14 @@ int main(int argc, char *argv[])
else
{
}
ctaphid_check_timeouts();
struct timespec ts;
ts.tv_sec = 0;
ts.tv_nsec = 1000*1000*10;
nanosleep(&ts,NULL);
}
// Should never get here
usbhid_close();
printf1(TAG_GREEN, "done\n");
return 0;
}
#endif

25
fido2/storage.h
View File

@ -11,9 +11,6 @@
#define KEY_SPACE_BYTES 128
#define MAX_KEYS (1)
#define PIN_SALT_LEN (32)
#define STATE_VERSION (1)
#define BACKUP_MARKER 0x5A
#define INITIALIZED_MARKER 0xA5
@ -35,27 +32,7 @@ typedef struct
uint16_t key_lens[MAX_KEYS];
uint8_t key_space[KEY_SPACE_BYTES];
} AuthenticatorState_0xFF;
typedef struct
{
// Pin information
uint8_t is_initialized;
uint8_t is_pin_set;
uint8_t PIN_CODE_HASH[32];
uint8_t PIN_SALT[PIN_SALT_LEN];
int _reserved;
int8_t remaining_tries;
uint16_t rk_stored;
uint16_t key_lens[MAX_KEYS];
uint8_t key_space[KEY_SPACE_BYTES];
uint8_t data_version;
} AuthenticatorState_0x01;
typedef AuthenticatorState_0x01 AuthenticatorState;
} AuthenticatorState;
typedef struct

56
fido2/u2f.c
View File

@ -26,7 +26,6 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
void u2f_reset_response();
void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t * tag);
static CTAP_RESPONSE * _u2f_resp = NULL;
@ -119,9 +118,9 @@ void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONS
if (!header)
return;
device_disable_up(true); // disable presence test
request_from_nfc(true); // disable presence test
u2f_request_ex((APDU_HEADER *)header, data, datalen, resp);
device_disable_up(false); // enable presence test
request_from_nfc(false); // enable presence test
}
void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
@ -161,9 +160,9 @@ static void dump_signature_der(uint8_t * sig)
len = ctap_encode_der_sig(sig, sigder);
u2f_response_writeback(sigder, len);
}
static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t khl, uint8_t * appid)
static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)
{
crypto_ecc256_load_key((uint8_t*)kh, khl, NULL, 0);
crypto_ecc256_load_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, NULL, 0);
return 0;
}
@ -188,41 +187,21 @@ int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pu
// Return 1 if authenticate, 0 if not.
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid)
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
{
printf1(TAG_U2F, "checked CRED SIZE %d. (FIDO2: %d)\n", key_handle_len, sizeof(CredentialId));
uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
if (key_handle_len == sizeof(CredentialId))
{
printf1(TAG_U2F, "FIDO2 key handle detected.\n");
CredentialId * cred = (CredentialId *) kh;
// FIDO2 credential.
if (memcmp(cred->rpIdHash, appid, 32) != 0)
{
printf1(TAG_U2F, "APPID does not match rpIdHash.\n");
return 0;
}
make_auth_tag(appid, (uint8_t*)&cred->entropy, cred->count, tag);
if (memcmp(cred->tag, tag, CREDENTIAL_TAG_SIZE) == 0){
return 1;
}
}else if (key_handle_len == U2F_KEY_HANDLE_SIZE)
{
u2f_make_auth_tag(kh, appid, tag);
if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
{
return 1;
}
}
else
{
printf1(TAG_U2F, "key handle + appid not authentic\n");
printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
printf1(TAG_U2F, "inp tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
return 0;
}
}
@ -237,7 +216,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
if (control == U2F_AUTHENTICATE_CHECK)
{
printf1(TAG_U2F, "CHECK-ONLY\r\n");
if (u2f_authenticate_credential(&req->kh, req->khl, req->app))
if (u2f_authenticate_credential(&req->kh, req->app))
{
return U2F_SW_CONDITIONS_NOT_SATISFIED;
}
@ -248,8 +227,9 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
}
if (
(control != U2F_AUTHENTICATE_SIGN && control != U2F_AUTHENTICATE_SIGN_NO_USER) ||
(!u2f_authenticate_credential(&req->kh, req->khl, req->app)) || // Order of checks is important
u2f_load_key(&req->kh, req->khl, req->app) != 0
req->khl != U2F_KEY_HANDLE_SIZE ||
(!u2f_authenticate_credential(&req->kh, req->app)) || // Order of checks is important
u2f_load_key(&req->kh, req->app) != 0
)
{
@ -299,19 +279,14 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
static int16_t u2f_register(struct u2f_register_request * req)
{
uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};
uint8_t cert[1024];
struct u2f_key_handle key_handle;
uint8_t pubkey[64];
uint8_t hash[32];
uint8_t * sig = (uint8_t*)req;
const uint16_t attest_size = device_attestation_cert_der_get_size();
if (attest_size > sizeof(cert)){
printf2(TAG_ERR,"Certificate is too large for buffer\r\n");
return U2F_SW_INSUFFICIENT_MEMORY;
}
const uint16_t attest_size = attestation_cert_der_size;
if ( ! ctap_user_presence_test(750))
{
@ -346,8 +321,7 @@ static int16_t u2f_register(struct u2f_register_request * req)
u2f_response_writeback(i,1);
u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);
device_attestation_read_cert_der(cert);
u2f_response_writeback(cert,attest_size);
u2f_response_writeback(attestation_cert_der,attest_size);
dump_signature_der(sig);

2
fido2/u2f.h
View File

@ -103,7 +103,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
// @len data length
void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONSE * resp);
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handle_len, uint8_t * appid);
int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid);
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
void u2f_reset_response();

18
fido2/version.c
View File

@ -1,18 +0,0 @@
#include "version.h"
#include "app.h"
const version_t firmware_version
#ifdef SOLO
__attribute__ ((section (".flag"))) __attribute__ ((__used__))
#endif
= {
.major = SOLO_VERSION_MAJ,
.minor = SOLO_VERSION_MIN,
.patch = SOLO_VERSION_PATCH,
.reserved = 0
};
// from tinycbor, for a quick static_assert
#include <compilersupport_p.h>
cbor_static_assert(sizeof(version_t) == 4);

18
fido2/version.h
View File

@ -17,23 +17,5 @@
#define SOLO_VERSION __STR(SOLO_VERSION_MAJ) "." __STR(SOLO_VERSION_MIN) "." __STR(SOLO_VERSION_PATCH)
#endif
#include <stdint.h>
#include <stdbool.h>
typedef struct {
union{
uint32_t raw;
struct {
uint8_t major;
uint8_t minor;
uint8_t patch;
uint8_t reserved;
};
};
} version_t;
bool is_newer(const version_t* const newer, const version_t* const older);
const version_t firmware_version ;
#endif

9
fido2/version.mk
View File

@ -1,9 +0,0 @@
SOLO_VERSION_FULL?=$(shell git describe)
SOLO_VERSION:=$(shell python -c 'print("$(SOLO_VERSION_FULL)".split("-")[0])')
SOLO_VERSION_MAJ:=$(shell python -c 'print("$(SOLO_VERSION)".split(".")[0])')
SOLO_VERSION_MIN:=$(shell python -c 'print("$(SOLO_VERSION)".split(".")[1])')
SOLO_VERSION_PAT:=$(shell python -c 'print("$(SOLO_VERSION)".split(".")[2])')
SOLO_VERSION_FLAGS := -DSOLO_VERSION_MAJ=$(SOLO_VERSION_MAJ) -DSOLO_VERSION_MIN=$(SOLO_VERSION_MIN) \
-DSOLO_VERSION_PATCH=$(SOLO_VERSION_PAT) -DSOLO_VERSION=\"$(SOLO_VERSION_FULL)\"

46
in-docker-build.sh
View File

@ -1,10 +1,14 @@
#!/bin/bash -xe
version=$1
export PREFIX=/opt/gcc-arm-none-eabi-8-2019-q3-update/bin/
version=${1:-master}
export PREFIX=/opt/gcc-arm-none-eabi-8-2018-q4-major/bin/
cd /solo/targets/stm32l432
ls
git fetch --tags
git checkout ${version}
git submodule update --init --recursive
version=$(git describe)
make cbor
@ -12,12 +16,13 @@ out_dir="/builds"
function build() {
part=${1}
output=${2}
what="${part}"
variant=${2}
output=${3:-${part}}
what="${part}-${variant}"
make full-clean
make ${what} VERSION_FULL=${version}
make ${what}
out_hex="${what}-${version}.hex"
out_sha2="${what}-${version}.sha2"
@ -27,27 +32,24 @@ function build() {
cp ${out_hex} ${out_sha2} ${out_dir}
}
build bootloader-nonverifying bootloader
build bootloader-verifying bootloader
build firmware solo
build firmware-debug-1 solo
build firmware-debug-2 solo
build firmware solo
build bootloader nonverifying
build bootloader verifying
build firmware hacker solo
build firmware hacker-debug-1 solo
build firmware hacker-debug-2 solo
build firmware secure solo
build firmware secure-non-solokeys solo
pip install -U pip
pip install -U solo-python
cd ${out_dir}
bundle="bundle-hacker-${version}"
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-${version}.hex ${bundle}.hex
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-${version}.hex ${bundle}.hex
sha256sum ${bundle}.hex > ${bundle}.sha2
bundle="bundle-hacker-debug-1-${version}"
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-debug-1-${version}.hex ${bundle}.hex
sha256sum ${bundle}.hex > ${bundle}.sha2
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-1-${version}.hex ${bundle}.hex
bundle="bundle-hacker-debug-2-${version}"
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-debug-2-${version}.hex ${bundle}.hex
sha256sum ${bundle}.hex > ${bundle}.sha2
/opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-2-${version}.hex ${bundle}.hex
bundle="bundle-secure-non-solokeys-${version}"
/opt/conda/bin/solo mergehex --lock bootloader-verifying-${version}.hex firmware-${version}.hex ${bundle}.hex
/opt/conda/bin/solo mergehex bootloader-verifying-${version}.hex firmware-secure-non-solokeys-${version}.hex ${bundle}.hex
sha256sum ${bundle}.hex > ${bundle}.sha2

3
metadata/Solo-FIDO2-CTAP2-Authenticator.json
View File

@ -15,7 +15,8 @@
"authenticationAlgorithm": 1,
"publicKeyAlgAndEncoding": 260,
"attestationTypes": [
15879
15879,
15880
],
"userVerificationDetails": [
[

41
metadata/SoloTap-FIDO2-CTAP2-Authenticator.json
View File

File diff suppressed because one or more lines are too long

41
metadata/Somu-FIDO2-CTAP2-Authenticator.json
View File

File diff suppressed because one or more lines are too long

40
mkdocs.yml Executable file → Normal file
View File

@ -1,36 +1,32 @@
site_name: Solo Technical Documentation
site_author: SoloKeys
site_description: 'Documentation for the SoloKeys solo software'
site_url: 'https://docs.solokeys.dev/'
site_url: 'https://docs.solokeys.io/solo/'
repo_url: 'https://github.com/solokeys/solo'
repo_name: 'solokeys/solo'
copyright: 'Copyright &copy; 2018 - 2019 SoloKeys'
nav:
- Home: index.md
- FIDO2 Implementation: fido2-impl.md
- Metadata Statements: metadata-statements.md
- Build instructions: building.md
- Programming instructions: programming.md
- Bootloader mode: bootloader-mode.md
- Customization: customization.md
- Solo Extras: solo-extras.md
- Application Ideas: application-ideas.md
- Running on Nucleo32 board: nucleo32-board.md
- Signed update process: signed-updates.md
- Usage and Porting guide: porting.md
- Tutorial Getting Started: tutorial-getting-started.md
- Tutorial - Writing extensions: tutorial-writing-extensions.md
- Code documentation: code-overview.md
- Contributing Code: contributing.md
- Contributing Docs: documenting.md
- udev Rules: udev.md
- About: repo-readme.md
- Home: solo/index.md
- FIDO2 Implementation: solo/fido2-impl.md
- Metadata Statements: solo/metadata-statements.md
- Build instructions: solo/building.md
- Programming instructions: solo/programming.md
- Bootloader mode: solo/bootloader-mode.md
- Customization: solo/customization.md
- Solo Extras: solo/solo-extras.md
- Running on Nucleo32 board: solo/nucleo32-board.md
- Signed update process: solo/signed-updates.md
- Code documentation: solo/code-overview.md
- Contributing Code: solo/contributing.md
- Contributing Docs: solo/documenting.md
- udev Rules: solo/udev.md
- About: solo/repo-readme.md
theme:
name: material
logo: 'images/logo.svg'
favicon: 'images/favicon.ico'
logo: 'solo/images/logo.svg'
favicon: 'solo/images/favicon.ico'
markdown_extensions:
- markdown_include.include

197
pc/device.c
View File

@ -11,6 +11,7 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <time.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
@ -24,7 +25,7 @@
#define RK_NUM 50
static bool use_udp = true;
bool use_udp = true;
struct ResidentKeyStore {
CTAP_residentKey rks[RK_NUM];
@ -32,6 +33,17 @@ struct ResidentKeyStore {
void authenticator_initialize();
uint32_t __device_status = 0;
void device_set_status(uint32_t status)
{
if (status != CTAPHID_STATUS_IDLE && __device_status != status)
{
ctaphid_update_status(status);
}
__device_status = status;
}
int udp_server()
{
@ -91,7 +103,6 @@ int udp_recv(int fd, uint8_t * buf, int size)
perror( "recvfrom failed" );
exit(1);
}
printf1(TAG_DUMP, ">>"); dump_hex1(TAG_DUMP, buf, length);
return length;
}
@ -108,8 +119,6 @@ void udp_send(int fd, uint8_t * buf, int size)
perror( "sendto failed" );
exit(1);
}
printf1(TAG_DUMP, "<<"); dump_hex1(TAG_DUMP, buf, size);
}
@ -175,6 +184,7 @@ int usbhid_recv(uint8_t * msg)
return l;
}
// Send 64 byte USB HID message
void usbhid_send(uint8_t * msg)
{
if (use_udp)
@ -191,8 +201,6 @@ void usbhid_send(uint8_t * msg)
}
}
void usbhid_close()
{
close(fd);
@ -256,6 +264,14 @@ void device_init(int argc, char *argv[])
}
void main_loop_delay()
{
struct timespec ts;
ts.tv_sec = 0;
ts.tv_nsec = 1000*1000*100;
nanosleep(&ts,NULL);
}
void delay(uint32_t ms)
{
struct timespec ts;
@ -265,6 +281,45 @@ void delay(uint32_t ms)
}
void heartbeat()
{
}
void ctaphid_write_block(uint8_t * data)
{
/*printf("<< "); dump_hex(data, 64);*/
usbhid_send(data);
}
int ctap_user_presence_test(uint32_t d)
{
return 1;
}
int ctap_user_verification(uint8_t arg)
{
return 1;
}
uint32_t ctap_atomic_count(int sel)
{
static uint32_t counter1 = 25;
/*return 713;*/
if (sel == 0)
{
printf1(TAG_RED,"counter1: %d\n", counter1);
return counter1++;
}
else
{
printf2(TAG_ERR,"counter2 not imple\n");
exit(1);
}
}
int ctap_generate_rng(uint8_t * dst, size_t num)
{
int ret;
@ -286,9 +341,10 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
const char * state_file = "authenticator_state.bin";
const char * backup_file = "authenticator_state2.bin";
const char * rk_file = "resident_keys.bin";
int authenticator_read_state(AuthenticatorState * state)
void authenticator_read_state(AuthenticatorState * state)
{
FILE * f;
int ret;
@ -307,19 +363,37 @@ int authenticator_read_state(AuthenticatorState * state)
perror("fwrite");
exit(1);
}
if (state->is_initialized == INITIALIZED_MARKER)
return 1;
else
return 0;
}
void authenticator_write_state(AuthenticatorState * state)
void authenticator_read_backup_state(AuthenticatorState * state )
{
FILE * f;
int ret;
f = fopen(backup_file, "rb");
if (f== NULL)
{
perror("fopen");
exit(1);
}
ret = fread(state, 1, sizeof(AuthenticatorState), f);
fclose(f);
if(ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
}
void authenticator_write_state(AuthenticatorState * state, int backup)
{
FILE * f;
int ret;
if (! backup)
{
f = fopen(state_file, "wb+");
if (f== NULL)
{
@ -333,9 +407,60 @@ void authenticator_write_state(AuthenticatorState * state)
perror("fwrite");
exit(1);
}
}
else
{
f = fopen(backup_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
fclose(f);
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
}
}
// Return 1 yes backup is init'd, else 0
int authenticator_is_backup_initialized()
{
uint8_t header[16];
AuthenticatorState * state = (AuthenticatorState*) header;
FILE * f;
int ret;
printf("state file exists\n");
f = fopen(backup_file, "rb");
if (f== NULL)
{
printf("Warning, backup file doesn't exist\n");
return 0;
}
ret = fread(header, 1, sizeof(header), f);
fclose(f);
if(ret != sizeof(header))
{
perror("fwrite");
exit(1);
}
return state->is_initialized == INITIALIZED_MARKER;
}
// Return 1 yes backup is init'd, else 0
/*int authenticator_is_initialized()*/
/*{*/
/*}*/
static void sync_rk()
{
@ -415,18 +540,44 @@ void authenticator_initialize()
exit(1);
}
f = fopen(backup_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
mem = malloc(sizeof(AuthenticatorState));
memset(mem,0xff,sizeof(AuthenticatorState));
ret = fwrite(mem, 1, sizeof(AuthenticatorState), f);
free(mem);
fclose(f);
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
// resident_keys
memset(&RK_STORE,0xff,sizeof(RK_STORE));
sync_rk();
}
}
void device_manage()
{
}
void ctap_reset_rk()
{
memset(&RK_STORE,0xff,sizeof(RK_STORE));
sync_rk();
}
uint32_t ctap_rk_size()
@ -449,12 +600,6 @@ void ctap_store_rk(int index, CTAP_residentKey * rk)
}
void ctap_delete_rk(int index)
{
CTAP_residentKey rk;
memset(&rk, 0xff, sizeof(CTAP_residentKey));
memmove(RK_STORE.rks + index, &rk, sizeof(CTAP_residentKey));
}
void ctap_load_rk(int index, CTAP_residentKey * rk)
{
@ -474,9 +619,17 @@ void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
}
}
void device_wink()
{
printf("*WINK*\n");
}
int device_is_nfc()
{
return 0;
}
void device_set_clock_rate(DEVICE_CLOCK_RATE param)
{
}

13
shell.nix
View File

@ -1,13 +0,0 @@
let
nixpkgs_tar = fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/20.03.tar.gz"; sha256 = "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq"; };
pkgs = import "${nixpkgs_tar}" {};
pyPackages = (python-packages: with python-packages; ([
solo-python pytest
] ++ (with builtins; map (d: getAttr d python-packages) (filter (d: stringLength d > 0) (pkgs.lib.splitString "\n" (builtins.readFile ./tools/requirements.txt))))));
python-with-my-packages = pkgs.python3.withPackages pyPackages;
in
with pkgs;
stdenv.mkDerivation {
name = "solo";
buildInputs = [ gnumake gcc gcc-arm-embedded-8 python-with-my-packages ];
}

28
targets/stm32l432/Makefile
View File

@ -2,9 +2,8 @@ ifndef DEBUG
DEBUG=0
endif
VERSION_FULL?=$(shell git describe)
APPMAKE=build/application.mk VERSION_FULL=${VERSION_FULL}
BOOTMAKE=build/bootloader.mk VERSION_FULL=${VERSION_FULL}
APPMAKE=build/application.mk
BOOTMAKE=build/bootloader.mk
merge_hex=solo mergehex
@ -13,14 +12,20 @@ merge_hex=solo mergehex
# The following are the main targets for reproducible builds.
# TODO: better explanation
firmware:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0
firmware-hacker:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
firmware-debug-1:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=1
firmware-hacker-debug-1:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=1 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
firmware-debug-2:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=2
firmware-hacker-debug-2:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=2 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
firmware-secure-non-solokeys:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DFLASH_ROP=2'
firmware-secure:
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DUSE_SOLOKEYS_CERT -DFLASH_ROP=2'
bootloader-nonverifying:
$(MAKE) -f $(BOOTMAKE) -j8 bootloader.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DSOLO_HACKER' DEBUG=0
@ -85,12 +90,13 @@ flash_dfu: solo.hex bootloader.hex
# STM32_Programmer_CLI -c port=usb1 -halt -e all --readunprotect
STM32_Programmer_CLI -c port=usb1 -halt -rdu -d all.hex
flashboot: bootloader.hex
flashboot: solo.hex bootloader.hex
$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
STM32_Programmer_CLI -c port=SWD -halt -d bootloader.hex -rst
flash-firmware:
$(SZ) -A solo.elf
arm-none-eabi-size -A solo.elf
solo program aux enter-bootloader
solo program bootloader solo.hex

2
targets/stm32l432/README.md
View File

@ -1,4 +1,4 @@
# STM32L432 Solo
Check out our [official documentation](https://docs.solokeys.dev/building/)
Check out our [official documentation](https://docs.solokeys.io/solo/building/)
for instructions on building and programming!

88
targets/stm32l432/bootloader/bootloader.c
View File

@ -19,12 +19,6 @@
#include "ctap_errors.h"
#include "log.h"
volatile version_t current_firmware_version __attribute__ ((section (".flag2"))) __attribute__ ((__used__)) = {
.major = SOLO_VERSION_MAJ,
.minor = SOLO_VERSION_MIN,
.patch = SOLO_VERSION_PATCH,
.reserved = 0
};
extern uint8_t REBOOT_FLAG;
@ -50,21 +44,20 @@ typedef struct {
uint8_t payload[255 - 10];
} __attribute__((packed)) BootloaderReq;
uint8_t * last_written_app_address = 0;
/**
* Erase all application pages. **APPLICATION_END_PAGE excluded**.
*/
static void erase_application()
{
int page;
last_written_app_address = (uint8_t*) 0;
for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++)
{
flash_erase_page(page);
}
}
#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8)
#define LAST_PAGE (APPLICATION_END_PAGE-1)
static void disable_bootloader()
{
// Clear last 4 bytes of the last application page-1, which is 108th
@ -110,41 +103,6 @@ int is_bootloader_disabled()
return *auth == 0;
}
#include "version.h"
bool is_firmware_version_newer_or_equal()
{
if (last_written_app_address == 0) {
return false;
}
printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
);
volatile version_t * new_version = ((volatile version_t *) (last_written_app_address-8+4));
printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
new_version->major, new_version->minor, new_version->patch, new_version->reserved,
new_version->major, new_version->minor, new_version->patch, new_version->reserved
);
const bool allowed = is_newer((const version_t *)new_version, (const version_t *)&current_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF;
if (allowed){
printf1(TAG_BOOT, "Update allowed, setting new firmware version as current.\r\n");
// current_firmware_version.raw = new_version.raw;
uint8_t page[PAGE_SIZE];
memmove(page, (uint8_t*)BOOT_VERSION_ADDR, PAGE_SIZE);
memmove(page, (version_t *)new_version, 4);
printf1(TAG_BOOT, "Writing\r\n");
flash_erase_page(BOOT_VERSION_PAGE);
flash_write(BOOT_VERSION_ADDR, page, PAGE_SIZE);
printf1(TAG_BOOT, "Finish\r\n");
} else {
printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n");
}
return allowed;
}
/**
* Execute bootloader commands
* @param klen key length - length of the bootloader request
@ -167,7 +125,10 @@ int bootloader_bridge(int klen, uint8_t * keyh)
return CTAP1_ERR_INVALID_LENGTH;
}
#ifndef SOLO_HACKER
extern uint8_t *pubkey_boot;
uint8_t * pubkey = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20"
"\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce"
"\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7"
"\x1f\xa8\x14\xf2";
const struct uECC_Curve_t * curve = NULL;
#endif
@ -176,7 +137,6 @@ int bootloader_bridge(int klen, uint8_t * keyh)
uint32_t addr = ((*((uint32_t*)req->addr)) & 0xffffff) | 0x8000000;
uint32_t * ptr = (uint32_t *)addr;
uint32_t current_address;
switch(req->op){
case BootWrite:
@ -203,20 +163,14 @@ int bootloader_bridge(int klen, uint8_t * keyh)
printf2(TAG_ERR, "Error, boot check bypassed\n");
exit(1);
}
current_address = addr + len;
if (current_address < (uint32_t) last_written_app_address) {
printf2(TAG_ERR, "Error, only ascending writes allowed.\n");
has_erased = 0;
return CTAP2_ERR_NOT_ALLOWED;
}
last_written_app_address = (uint8_t*) current_address;
// Do the actual write
flash_write((uint32_t)ptr,req->payload, len);
break;
case BootDone:
// Writing to flash finished. Request code validation.
printf1(TAG_BOOT, "BootDone: \r\n");
printf1(TAG_BOOT, "BootDone: ");
#ifndef SOLO_HACKER
if (len != 64)
{
@ -231,23 +185,17 @@ int bootloader_bridge(int klen, uint8_t * keyh)
crypto_sha256_final(hash);
curve = uECC_secp256r1();
// Verify incoming signature made over the SHA256 hash
if (
!uECC_verify(pubkey_boot, hash, 32, req->payload, curve)
)
if (! uECC_verify(pubkey,
hash,
32,
req->payload,
curve))
{
printf1(TAG_BOOT, "Signature invalid\r\n");
return CTAP2_ERR_OPERATION_DENIED;
}
if (!is_firmware_version_newer_or_equal()){
printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n");
printf1(TAG_BOOT, "Rebooting...\r\n");
REBOOT_FLAG = 1;
return CTAP2_ERR_OPERATION_DENIED;
}
#endif
// Set the application validated, and mark for reboot.
authorize_application();
REBOOT_FLAG = 1;
break;
case BootCheck:
@ -270,7 +218,6 @@ int bootloader_bridge(int klen, uint8_t * keyh)
break;
case BootReboot:
printf1(TAG_BOOT, "BootReboot.\r\n");
printf1(TAG_BOOT, "Application authorized: %d.\r\n", is_authorized_to_boot());
REBOOT_FLAG = 1;
break;
case BootDisable:
@ -330,10 +277,3 @@ void bootloader_heartbeat()
led_rgb(((val * g)<<8) | ((val*r) << 16) | (val*b));
}
uint32_t ctap_atomic_count(uint32_t amount)
{
static uint32_t count = 1000;
count += (amount + 1);
return count;
}

8
targets/stm32l432/bootloader/bootloader.h
View File

@ -9,7 +9,7 @@
#define _APP_H_
#include <stdint.h>
#include "version.h"
#include "solo.h"
#define DEBUG_UART USART1
#ifndef DEBUG_LEVEL
@ -21,7 +21,6 @@
#define BOOT_TO_DFU 0
#define SOLO 1
#define IS_BOOTLOADER 1
#define ENABLE_U2F_EXTENSIONS
@ -65,9 +64,4 @@ int is_authorized_to_boot();
int is_bootloader_disabled();
void bootloader_heartbeat();
// Return 1 if Solo is secure/locked.
int solo_is_locked();
#endif

15
targets/stm32l432/bootloader/main.c
View File

@ -46,7 +46,9 @@ int main()
{
uint8_t hidmsg[64];
uint32_t t1 = 0;
#ifdef SOLO_HACKER
uint32_t stboot_time = 0;
#endif
uint32_t boot = 1;
set_logging_mask(
@ -96,6 +98,7 @@ int main()
}
#ifdef SOLO_HACKER
if (!is_bootloader_disabled())
{
stboot_time = millis();
@ -105,6 +108,7 @@ int main()
goto start_bootloader;
}
}
#endif
if (is_authorized_to_boot() && (boot || is_bootloader_disabled()))
{
@ -115,8 +119,9 @@ int main()
printf1(TAG_RED,"Not authorized to boot (%08x == %08lx)\r\n", AUTH_WORD_ADDR, *(uint32_t*)AUTH_WORD_ADDR);
}
#ifdef SOLO_HACKER
start_bootloader:
#endif
SystemClock_Config();
init_gpio();
init_millisecond_timer(0);
@ -133,14 +138,6 @@ int main()
printf1(TAG_GEN,"recv'ing hid msg \n");
extern volatile version_t current_firmware_version;
printf1(TAG_BOOT,"Current firmware version address: %p\r\n", &current_firmware_version);
printf1(TAG_BOOT,"Current firmware version: %d.%d.%d.%d (%02x.%02x.%02x.%02x)\r\n",
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
);
dump_hex1(TAG_BOOT, (uint8_t*)(&current_firmware_version) - 16, 32);
while(1)
{

6
targets/stm32l432/bootloader/pubkey_bootloader.c
View File

@ -1,6 +0,0 @@
#include "stdint.h"
uint8_t * pubkey_boot = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20"
"\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce"
"\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7"
"\x1f\xa8\x14\xf2";

8
targets/stm32l432/bootloader/version_check.c
View File

@ -1,8 +0,0 @@
#include "version.h"
// FIXME test version check function
bool is_newer(const version_t* const newer, const version_t* const older){
return (newer->major > older->major) ||
(newer->major == older->major && newer->minor > older->minor) ||
(newer->major == older->major && newer->minor == older->minor && newer->patch >= older->patch);
}

17
targets/stm32l432/build/application.mk
View File

@ -2,16 +2,14 @@ include build/common.mk
# ST related
SRC = src/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
SRC += src/fifo.c src/attestation.c src/nfc.c src/ams.c src/sense.c
SRC += src/fifo.c src/crypto.c src/attestation.c src/nfc.c src/ams.c src/sense.c
SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(DRIVER_LIBS) $(USB_LIB)
# FIDO2 lib
SRC += ../../fido2/apdu.c ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
SRC += ../../fido2/ctap_parse.c ../../fido2/crypto.c
SRC += ../../fido2/version.c
SRC += ../../fido2/data_migration.c
SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c
SRC += ../../fido2/extensions/wallet.c
@ -22,9 +20,7 @@ SRC += ../../crypto/cifra/src/sha512.c ../../crypto/cifra/src/blockwise.c
OBJ1=$(SRC:.c=.o)
OBJ=$(OBJ1:.s=.o)
INC = -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/
INC+= -I../../fido2/ -I../../fido2/extensions
INC = -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
INC += -I../../crypto/tiny-AES-c
INC += -I../../crypto/cifra/src -I../../crypto/cifra/src/ext
@ -68,9 +64,11 @@ all: $(TARGET).elf
../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
$(CC) $^ $(HW) -O3 $(ECC_CFLAGS) -o $@
%.o: %.s
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.elf: $(OBJ)
$(CC) $^ $(HW) $(LDFLAGS) -o $@
@echo "Built version: $(VERSION_FLAGS)"
%.hex: %.elf
$(SZ) $^
@ -84,5 +82,4 @@ cbor:
cd ../../tinycbor/ && make clean
cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
LDFLAGS="$(LDFLAGS_LIB)" \
CFLAGS="$(CFLAGS) -Os -DCBOR_PARSER_MAX_RECURSIONS=3"
CFLAGS="$(CFLAGS) -Os"

5
targets/stm32l432/build/bootloader.mk
View File

@ -2,16 +2,14 @@ include build/common.mk
# ST related
SRC = bootloader/main.c bootloader/bootloader.c
SRC += bootloader/pubkey_bootloader.c bootloader/version_check.c
SRC += src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
SRC += src/fifo.c src/attestation.c src/sense.c
SRC += src/fifo.c src/crypto.c src/attestation.c src/sense.c
SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(DRIVER_LIBS) $(USB_LIB)
# FIDO2 lib
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/extensions/extensions.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
SRC += ../../fido2/crypto.c
# Crypto libs
SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c
@ -67,7 +65,6 @@ all: $(TARGET).elf
%.elf: $(OBJ)
$(CC) $^ $(HW) $(LDFLAGS) -o $@
$(SZ) $@
%.hex: %.elf
$(CP) -O ihex $^ $(TARGET).hex

27
targets/stm32l432/build/common.mk
View File

@ -1,10 +1,7 @@
include ../../fido2/version.mk
CC=$(PREFIX)arm-none-eabi-gcc
CP=$(PREFIX)arm-none-eabi-objcopy
SZ=$(PREFIX)arm-none-eabi-size
AR=$(PREFIX)arm-none-eabi-ar
AS=$(PREFIX)arm-none-eabi-as
DRIVER_LIBS := lib/stm32l4xx_hal_pcd.c lib/stm32l4xx_hal_pcd_ex.c lib/stm32l4xx_ll_gpio.c \
lib/stm32l4xx_ll_rcc.c lib/stm32l4xx_ll_rng.c lib/stm32l4xx_ll_tim.c \
@ -13,23 +10,19 @@ DRIVER_LIBS := lib/stm32l4xx_hal_pcd.c lib/stm32l4xx_hal_pcd_ex.c lib/stm32l4xx_
USB_LIB := lib/usbd/usbd_cdc.c lib/usbd/usbd_cdc_if.c lib/usbd/usbd_composite.c \
lib/usbd/usbd_conf.c lib/usbd/usbd_core.c lib/usbd/usbd_ioreq.c \
lib/usbd/usbd_ctlreq.c lib/usbd/usbd_desc.c lib/usbd/usbd_hid.c \
lib/usbd/usbd_ccid.c
lib/usbd/usbd_ctlreq.c lib/usbd/usbd_desc.c lib/usbd/usbd_hid.c
VERSION_FULL?=$(SOLO_VERSION_FULL)
VERSION:=$(SOLO_VERSION)
VERSION_MAJ:=$(SOLO_VERSION_MAJ)
VERSION_MIN:=$(SOLO_VERSION_MIN)
VERSION_PAT:=$(SOLO_VERSION_PAT)
VERSION:=$(shell git describe --abbrev=0 )
VERSION_FULL:=$(shell git describe)
VERSION_MAJ:=$(shell python -c 'print("$(VERSION)".split(".")[0])')
VERSION_MIN:=$(shell python -c 'print("$(VERSION)".split(".")[1])')
VERSION_PAT:=$(shell python -c 'print("$(VERSION)".split(".")[2])')
VERSION_FLAGS= -DSOLO_VERSION_MAJ=$(VERSION_MAJ) -DSOLO_VERSION_MIN=$(VERSION_MIN) \
-DSOLO_VERSION_PATCH=$(VERSION_PAT) -DSOLO_VERSION=\"$(VERSION_FULL)\"
_all:
echo $(SOLO_VERSION_FULL)
echo $(SOLO_VERSION_MAJ)
echo $(SOLO_VERSION_MIN)
echo $(SOLO_VERSION_PAT)
%.o: %.s
$(AS) -o $@ $^
echo $(VERSION_FULL)
echo $(VERSION_MAJ)
echo $(VERSION_MIN)
echo $(VERSION_PAT)

319
targets/stm32l432/lib/usbd/usbd_ccid.c
View File

@ -1,319 +0,0 @@
#include <stdint.h>
#include "usbd_ccid.h"
#include "usbd_ctlreq.h"
#include "usbd_conf.h"
#include "usbd_core.h"
#include "log.h"
static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev,
uint8_t cfgidx);
static uint8_t USBD_CCID_DeInit (USBD_HandleTypeDef *pdev,
uint8_t cfgidx);
static uint8_t USBD_CCID_Setup (USBD_HandleTypeDef *pdev,
USBD_SetupReqTypedef *req);
static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev,
uint8_t epnum);
static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev,
uint8_t epnum);
static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev);
USBD_ClassTypeDef USBD_CCID =
{
USBD_CCID_Init,
USBD_CCID_DeInit,
USBD_CCID_Setup,
NULL, /* EP0_TxSent, */
USBD_CCID_EP0_RxReady,
USBD_CCID_DataIn,
USBD_CCID_DataOut,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
static uint8_t ccidmsg_buf[CCID_DATA_PACKET_SIZE];
static uint8_t USBD_CCID_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx)
{
uint8_t ret = 0U;
USBD_CCID_HandleTypeDef *hcdc;
//Y
USBD_LL_OpenEP(pdev, CCID_IN_EP, USBD_EP_TYPE_BULK,
CCID_DATA_PACKET_SIZE);
USBD_LL_OpenEP(pdev, CCID_OUT_EP, USBD_EP_TYPE_BULK,
CCID_DATA_PACKET_SIZE);
pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 1U;
pdev->ep_out[CCID_OUT_EP & 0xFU].is_used = 1U;
USBD_LL_OpenEP(pdev, CCID_CMD_EP, USBD_EP_TYPE_INTR, CCID_DATA_PACKET_SIZE);
pdev->ep_in[CCID_CMD_EP & 0xFU].is_used = 1U;
// dump_pma_header("ccid.c");
static USBD_CCID_HandleTypeDef mem;
pdev->pClassData = &mem;
hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData;
// init transfer states
hcdc->TxState = 0U;
hcdc->RxState = 0U;
USBD_LL_PrepareReceive(&Solo_USBD_Device, CCID_OUT_EP, ccidmsg_buf,
CCID_DATA_PACKET_SIZE);
return ret;
}
static uint8_t USBD_CCID_DeInit (USBD_HandleTypeDef *pdev, uint8_t cfgidx)
{
uint8_t ret = 0U;
//N
USBD_LL_CloseEP(pdev, CCID_IN_EP);
pdev->ep_in[CCID_IN_EP & 0xFU].is_used = 0U;
USBD_LL_CloseEP(pdev, CCID_OUT_EP);
pdev->ep_out[CCID_OUT_EP & 0xFU].is_used = 0U;
USBD_LL_CloseEP(pdev, CCID_CMD_EP);
pdev->ep_in[CCID_CMD_EP & 0xFU].is_used = 0U;
/* DeInit physical Interface components */
if(pdev->pClassData != NULL)
{
pdev->pClassData = NULL;
}
return ret;
}
/**
* @brief USBD_CDC_Setup
* Handle the CDC specific requests
* @param pdev: instance
* @param req: usb requests
* @retval status
*/
static uint8_t USBD_CCID_Setup (USBD_HandleTypeDef *pdev,
USBD_SetupReqTypedef *req)
{
USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData;
uint8_t ifalt = 0U;
uint16_t status_info = 0U;
uint8_t ret = USBD_OK;
//N
switch (req->bmRequest & USB_REQ_TYPE_MASK)
{
case USB_REQ_TYPE_CLASS :
if (req->wLength)
{
if (req->bmRequest & 0x80U)
{
USBD_CtlSendData (pdev, (uint8_t *)(void *)hcdc->data, req->wLength);
}
else
{
hcdc->CmdOpCode = req->bRequest;
hcdc->CmdLength = (uint8_t)req->wLength;
USBD_CtlPrepareRx (pdev, (uint8_t *)(void *)hcdc->data, req->wLength);
}
}
else
{
}
break;
case USB_REQ_TYPE_STANDARD:
switch (req->bRequest)
{
case USB_REQ_GET_STATUS:
if (pdev->dev_state == USBD_STATE_CONFIGURED)
{
USBD_CtlSendData (pdev, (uint8_t *)(void *)&status_info, 2U);
}
else
{
USBD_CtlError (pdev, req);
ret = USBD_FAIL;
}
break;
case USB_REQ_GET_INTERFACE:
if (pdev->dev_state == USBD_STATE_CONFIGURED)
{
USBD_CtlSendData (pdev, &ifalt, 1U);
}
else
{
USBD_CtlError (pdev, req);
ret = USBD_FAIL;
}
break;
case USB_REQ_SET_INTERFACE:
if (pdev->dev_state != USBD_STATE_CONFIGURED)
{
USBD_CtlError (pdev, req);
ret = USBD_FAIL;
}
break;
case USB_REQ_GET_DESCRIPTOR:
break;
default:
USBD_CtlError (pdev, req);
ret = USBD_FAIL;
break;
}
break;
default:
USBD_CtlError (pdev, req);
ret = USBD_FAIL;
break;
}
return ret;
}
/**
* @brief USBD_CDC_DataIn
* Data sent on non-control IN endpoint
* @param pdev: device instance
* @param epnum: endpoint number
* @retval status
*/
static uint8_t USBD_CCID_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum)
{
return USBD_OK;
}
static uint8_t USBD_CCID_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum)
{
USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*)pdev->pClassData;
hcdc->TxState = 0U;
return USBD_OK;
}
uint8_t USBD_CCID_TransmitPacket(uint8_t * msg, int len)
{
/* Update the packet total length */
Solo_USBD_Device.ep_in[CCID_IN_EP & 0xFU].total_length = len;
while (PCD_GET_EP_TX_STATUS(USB, CCID_IN_EP & 0x0f) == USB_EP_TX_VALID)
;
/* Transmit next packet */
USBD_LL_Transmit(&Solo_USBD_Device, CCID_IN_EP, msg,
len);
printf1(TAG_CCID,"<< ");
dump_hex1(TAG_CCID, msg, len);
return USBD_OK;
}
void ccid_send_status(CCID_HEADER * c, uint8_t status)
{
uint8_t msg[CCID_HEADER_SIZE];
memset(msg,0,sizeof(msg));
msg[0] = CCID_SLOT_STATUS_RES;
msg[6] = c->seq;
msg[7] = status;
USBD_CCID_TransmitPacket(msg, sizeof(msg));
}
void ccid_send_data_block(CCID_HEADER * c, uint8_t status)
{
uint8_t msg[CCID_HEADER_SIZE];
memset(msg,0,sizeof(msg));
msg[0] = CCID_DATA_BLOCK_RES;
msg[6] = c->seq;
msg[7] = status;
USBD_CCID_TransmitPacket(msg, sizeof(msg));
}
void handle_ccid(uint8_t * msg, int len)
{
CCID_HEADER * h = (CCID_HEADER *) msg;
switch(h->type)
{
case CCID_SLOT_STATUS:
ccid_send_status(h, CCID_STATUS_ON);
break;
case CCID_POWER_ON:
ccid_send_data_block(h, CCID_STATUS_ON);
break;
case CCID_POWER_OFF:
ccid_send_status(h, CCID_STATUS_OFF);
break;
default:
ccid_send_status(h, CCID_STATUS_ON);
break;
}
}
/**
* @brief USBD_CDC_DataOut
* Data received on non-control Out endpoint
* @param pdev: device instance
* @param epnum: endpoint number
* @retval status
*/
uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum)
{
USBD_CCID_HandleTypeDef *hcdc = (USBD_CCID_HandleTypeDef*) pdev->pClassData;
/* Get the received data length */
hcdc->RxLength = USBD_LL_GetRxDataSize (pdev, epnum);
printf1(TAG_CCID, ">> ");
dump_hex1(TAG_CCID, ccidmsg_buf, hcdc->RxLength);
handle_ccid(ccidmsg_buf, hcdc->RxLength);
USBD_LL_PrepareReceive(&Solo_USBD_Device, CCID_OUT_EP, ccidmsg_buf,
CCID_DATA_PACKET_SIZE);
return USBD_OK;
}
/**
* @brief USBD_CDC_EP0_RxReady
* Handle EP0 Rx Ready event
* @param pdev: device instance
* @retval status
*/
static uint8_t USBD_CCID_EP0_RxReady (USBD_HandleTypeDef *pdev)
{
return USBD_OK;
}

58
targets/stm32l432/lib/usbd/usbd_ccid.h
View File

@ -1,58 +0,0 @@
#ifndef _USBD_H_
#define _USBD_H_
#include "usbd_ioreq.h"
#define CCID_HEADER_SIZE 10
typedef struct
{
uint8_t type;
uint32_t len;
uint8_t slot;
uint8_t seq;
uint8_t rsvd;
uint16_t param;
} __attribute__((packed)) CCID_HEADER;
#define CCID_IN_EP 0x86U /* EP1 for data IN */
#define CCID_OUT_EP 0x04U /* EP1 for data OUT */
#define CCID_CMD_EP 0x85U /* EP2 for CDC commands */
#define CCID_DATA_PACKET_SIZE 64
#define CCID_SET_PARAMS 0x61
#define CCID_POWER_ON 0x62
#define CCID_POWER_OFF 0x63
#define CCID_SLOT_STATUS 0x65
#define CCID_SECURE 0x69
#define CCID_GET_PARAMS 0x6C
#define CCID_RESET_PARAMS 0x6D
#define CCID_XFR_BLOCK 0x6F
#define CCID_STATUS_ON 0x00
#define CCID_STATUS_OFF 0x02
#define CCID_DATA_BLOCK_RES 0x80
#define CCID_SLOT_STATUS_RES 0x81
#define CCID_PARAMS_RES 0x82
extern USBD_ClassTypeDef USBD_CCID;
typedef struct
{
uint32_t data[CCID_DATA_PACKET_SIZE / 4U];
uint8_t CmdOpCode;
uint8_t CmdLength;
uint8_t *RxBuffer;
uint8_t *TxBuffer;
uint32_t RxLength;
uint32_t TxLength;
__IO uint32_t TxState;
__IO uint32_t RxState;
}
USBD_CCID_HandleTypeDef;
uint8_t usb_ccid_recieve_callback(USBD_HandleTypeDef *pdev, uint8_t epnum);
#endif

345
targets/stm32l432/lib/usbd/usbd_cdc.c
View File

@ -195,9 +195,302 @@ USBD_ClassTypeDef USBD_CDC =
NULL,
NULL,
NULL,
// USBD_CDC_GetHSCfgDesc,
// USBD_CDC_GetFSCfgDesc,
// USBD_CDC_GetOtherSpeedCfgDesc,
// USBD_CDC_GetDeviceQualifierDescriptor,
};
/* USB CDC device Configuration Descriptor */
__ALIGN_BEGIN uint8_t USBD_CDC_CfgHSDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END =
{
/*Configuration Descriptor*/
0x09, /* bLength: Configuration Descriptor size */
USB_DESC_TYPE_CONFIGURATION, /* bDescriptorType: Configuration */
USB_CDC_CONFIG_DESC_SIZ, /* wTotalLength:no of returned bytes */
0x00,
0x02, /* bNumInterfaces: 2 interface */
0x01, /* bConfigurationValue: Configuration value */
0x00, /* iConfiguration: Index of string descriptor describing the configuration */
0xC0, /* bmAttributes: self powered */
0x32, /* MaxPower 0 mA */
/*---------------------------------------------------------------------------*/
/*Interface Descriptor */
0x09, /* bLength: Interface Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */
/* Interface descriptor type */
0x00, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x01, /* bNumEndpoints: One endpoints used */
0x02, /* bInterfaceClass: Communication Interface Class */
0x02, /* bInterfaceSubClass: Abstract Control Model */
0x01, /* bInterfaceProtocol: Common AT commands */
0x00, /* iInterface: */
/*Header Functional Descriptor*/
0x05, /* bLength: Endpoint Descriptor size */
0x24, /* bDescriptorType: CS_INTERFACE */
0x00, /* bDescriptorSubtype: Header Func Desc */
0x10, /* bcdCDC: spec release number */
0x01,
/*Call Management Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x01, /* bDescriptorSubtype: Call Management Func Desc */
0x00, /* bmCapabilities: D0+D1 */
0x01, /* bDataInterface: 1 */
/*ACM Functional Descriptor*/
0x04, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x02, /* bDescriptorSubtype: Abstract Control Management desc */
0x02, /* bmCapabilities */
/*Union Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x06, /* bDescriptorSubtype: Union func desc */
0x00, /* bMasterInterface: Communication class interface */
0x01, /* bSlaveInterface0: Data Class Interface */
/*Endpoint 2 Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_CMD_EP, /* bEndpointAddress */
0x03, /* bmAttributes: Interrupt */
LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_CMD_PACKET_SIZE),
CDC_HS_BINTERVAL, /* bInterval: */
/*---------------------------------------------------------------------------*/
/*Data class interface descriptor*/
0x09, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */
0x01, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x02, /* bNumEndpoints: Two endpoints used */
0x0A, /* bInterfaceClass: CDC */
0x00, /* bInterfaceSubClass: */
0x00, /* bInterfaceProtocol: */
0x00, /* iInterface: */
/*Endpoint OUT Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_OUT_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
LOBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_DATA_HS_MAX_PACKET_SIZE),
0x00, /* bInterval: ignore for Bulk transfer */
/*Endpoint IN Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_IN_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
LOBYTE(CDC_DATA_HS_MAX_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_DATA_HS_MAX_PACKET_SIZE),
0x00 /* bInterval: ignore for Bulk transfer */
} ;
/* USB CDC device Configuration Descriptor */
__ALIGN_BEGIN uint8_t USBD_CDC_CfgFSDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END =
{
/*Configuration Descriptor*/
0x09, /* bLength: Configuration Descriptor size */
USB_DESC_TYPE_CONFIGURATION, /* bDescriptorType: Configuration */
USB_CDC_CONFIG_DESC_SIZ, /* wTotalLength:no of returned bytes */
0x00,
0x02, /* bNumInterfaces: 2 interface */
0x01, /* bConfigurationValue: Configuration value */
0x00, /* iConfiguration: Index of string descriptor describing the configuration */
0xC0, /* bmAttributes: self powered */
0x32, /* MaxPower 0 mA */
/*---------------------------------------------------------------------------*/
/*Interface Descriptor */
0x09, /* bLength: Interface Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */
/* Interface descriptor type */
0x00, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x01, /* bNumEndpoints: One endpoints used */
0x02, /* bInterfaceClass: Communication Interface Class */
0x02, /* bInterfaceSubClass: Abstract Control Model */
0x01, /* bInterfaceProtocol: Common AT commands */
0x00, /* iInterface: */
/*Header Functional Descriptor*/
0x05, /* bLength: Endpoint Descriptor size */
0x24, /* bDescriptorType: CS_INTERFACE */
0x00, /* bDescriptorSubtype: Header Func Desc */
0x10, /* bcdCDC: spec release number */
0x01,
/*Call Management Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x01, /* bDescriptorSubtype: Call Management Func Desc */
0x00, /* bmCapabilities: D0+D1 */
0x01, /* bDataInterface: 1 */
/*ACM Functional Descriptor*/
0x04, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x02, /* bDescriptorSubtype: Abstract Control Management desc */
0x02, /* bmCapabilities */
/*Union Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x06, /* bDescriptorSubtype: Union func desc */
0x00, /* bMasterInterface: Communication class interface */
0x01, /* bSlaveInterface0: Data Class Interface */
/*Endpoint 2 Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_CMD_EP, /* bEndpointAddress */
0x03, /* bmAttributes: Interrupt */
LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_CMD_PACKET_SIZE),
CDC_FS_BINTERVAL, /* bInterval: */
/*---------------------------------------------------------------------------*/
/*Data class interface descriptor*/
0x09, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */
0x01, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x02, /* bNumEndpoints: Two endpoints used */
0x0A, /* bInterfaceClass: CDC */
0x00, /* bInterfaceSubClass: */
0x00, /* bInterfaceProtocol: */
0x00, /* iInterface: */
/*Endpoint OUT Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_OUT_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
LOBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_DATA_FS_MAX_PACKET_SIZE),
0x00, /* bInterval: ignore for Bulk transfer */
/*Endpoint IN Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_IN_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
LOBYTE(CDC_DATA_FS_MAX_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_DATA_FS_MAX_PACKET_SIZE),
0x00 /* bInterval: ignore for Bulk transfer */
} ;
__ALIGN_BEGIN uint8_t USBD_CDC_OtherSpeedCfgDesc[USB_CDC_CONFIG_DESC_SIZ] __ALIGN_END =
{
0x09, /* bLength: Configuation Descriptor size */
USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION,
USB_CDC_CONFIG_DESC_SIZ,
0x00,
0x02, /* bNumInterfaces: 2 interfaces */
0x01, /* bConfigurationValue: */
0x04, /* iConfiguration: */
0xC0, /* bmAttributes: */
0x32, /* MaxPower 100 mA */
/*Interface Descriptor */
0x09, /* bLength: Interface Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */
/* Interface descriptor type */
0x00, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x01, /* bNumEndpoints: One endpoints used */
0x02, /* bInterfaceClass: Communication Interface Class */
0x02, /* bInterfaceSubClass: Abstract Control Model */
0x01, /* bInterfaceProtocol: Common AT commands */
0x00, /* iInterface: */
/*Header Functional Descriptor*/
0x05, /* bLength: Endpoint Descriptor size */
0x24, /* bDescriptorType: CS_INTERFACE */
0x00, /* bDescriptorSubtype: Header Func Desc */
0x10, /* bcdCDC: spec release number */
0x01,
/*Call Management Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x01, /* bDescriptorSubtype: Call Management Func Desc */
0x00, /* bmCapabilities: D0+D1 */
0x01, /* bDataInterface: 1 */
/*ACM Functional Descriptor*/
0x04, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x02, /* bDescriptorSubtype: Abstract Control Management desc */
0x02, /* bmCapabilities */
/*Union Functional Descriptor*/
0x05, /* bFunctionLength */
0x24, /* bDescriptorType: CS_INTERFACE */
0x06, /* bDescriptorSubtype: Union func desc */
0x00, /* bMasterInterface: Communication class interface */
0x01, /* bSlaveInterface0: Data Class Interface */
/*Endpoint 2 Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT , /* bDescriptorType: Endpoint */
CDC_CMD_EP, /* bEndpointAddress */
0x03, /* bmAttributes: Interrupt */
LOBYTE(CDC_CMD_PACKET_SIZE), /* wMaxPacketSize: */
HIBYTE(CDC_CMD_PACKET_SIZE),
CDC_FS_BINTERVAL, /* bInterval: */
/*---------------------------------------------------------------------------*/
/*Data class interface descriptor*/
0x09, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: */
0x01, /* bInterfaceNumber: Number of Interface */
0x00, /* bAlternateSetting: Alternate setting */
0x02, /* bNumEndpoints: Two endpoints used */
0x0A, /* bInterfaceClass: CDC */
0x00, /* bInterfaceSubClass: */
0x00, /* bInterfaceProtocol: */
0x00, /* iInterface: */
/*Endpoint OUT Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_OUT_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
0x40, /* wMaxPacketSize: */
0x00,
0x00, /* bInterval: ignore for Bulk transfer */
/*Endpoint IN Descriptor*/
0x07, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CDC_IN_EP, /* bEndpointAddress */
0x02, /* bmAttributes: Bulk */
0x40, /* wMaxPacketSize: */
0x00,
0x00 /* bInterval */
};
/**
* @}
*/
/** @defgroup USBD_CDC_Private_Functions
* @{
*/
/**
* @brief USBD_CDC_Init
@ -489,7 +782,45 @@ static uint8_t USBD_CDC_EP0_RxReady (USBD_HandleTypeDef *pdev)
return USBD_OK;
}
/**
* @brief USBD_CDC_GetFSCfgDesc
* Return configuration descriptor
* @param speed : current device speed
* @param length : pointer data length
* @retval pointer to descriptor buffer
*/
/*static uint8_t *USBD_CDC_GetFSCfgDesc (uint16_t *length)
{
*length = sizeof (USBD_CDC_CfgFSDesc);
return USBD_CDC_CfgFSDesc;
}
*/
/**
* @brief USBD_CDC_GetHSCfgDesc
* Return configuration descriptor
* @param speed : current device speed
* @param length : pointer data length
* @retval pointer to descriptor buffer
*/
/*static uint8_t *USBD_CDC_GetHSCfgDesc (uint16_t *length)
{
*length = sizeof (USBD_CDC_CfgHSDesc);
return USBD_CDC_CfgHSDesc;
}
*/
/**
* @brief USBD_CDC_GetCfgDesc
* Return configuration descriptor
* @param speed : current device speed
* @param length : pointer data length
* @retval pointer to descriptor buffer
*/
/*static uint8_t *USBD_CDC_GetOtherSpeedCfgDesc (uint16_t *length)
{
*length = sizeof (USBD_CDC_OtherSpeedCfgDesc);
return USBD_CDC_OtherSpeedCfgDesc;
}
*/
/**
* @brief DeviceQualifierDescriptor
* return Device Qualifier descriptor
@ -608,10 +939,22 @@ uint8_t USBD_CDC_ReceivePacket(USBD_HandleTypeDef *pdev)
/* Suspend or Resume USB Out process */
if(pdev->pClassData != NULL)
{
if(pdev->dev_speed == USBD_SPEED_HIGH )
{
/* Prepare Out endpoint to receive next packet */
USBD_LL_PrepareReceive(pdev,
CDC_OUT_EP,
hcdc->RxBuffer,
CDC_DATA_HS_OUT_PACKET_SIZE);
}
else
{
/* Prepare Out endpoint to receive next packet */
USBD_LL_PrepareReceive(pdev,
CDC_OUT_EP,
hcdc->RxBuffer,
CDC_DATA_FS_OUT_PACKET_SIZE);
}
return USBD_OK;
}
else

146
targets/stm32l432/lib/usbd/usbd_composite.c
View File

@ -2,9 +2,7 @@
#include "usbd_desc.h"
#include "usbd_hid.h"
#include "usbd_cdc.h"
#include "usbd_ccid.h"
#include "usbd_ctlreq.h"
#include "app.h"
static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx);
@ -28,33 +26,18 @@ static uint8_t *USBD_Composite_GetOtherSpeedCfgDesc (uint16_t *length);
static uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length);
#ifdef ENABLE_CCID
#define CCID_SIZE 84
#define CCID_NUM_INTERFACE 1
#define NUM_CLASSES 2
#define NUM_INTERFACES 3
#if NUM_INTERFACES>1
#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (90 + 8+9 + 4)
#else
#define CCID_NUM_INTERFACE 0
#define CCID_SIZE 0
#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (41)
#endif
#if DEBUG_LEVEL > 0
#define CDC_SIZE (49 + 8 + 9 + 4)
#define CDC_NUM_INTERFACE 2
#else
#define CDC_SIZE 0
#define CDC_NUM_INTERFACE 0
#endif
#define HID_SIZE 41
#define COMPOSITE_CDC_HID_DESCRIPTOR_SIZE (HID_SIZE + CDC_SIZE + CCID_SIZE)
#define NUM_INTERFACES (1 + CDC_NUM_INTERFACE + CCID_NUM_INTERFACE)
#define NUM_CLASSES 3
#define HID_INTF_NUM 0
#define CDC_MASTER_INTF_NUM 1
#define CDC_SLAVE_INTF_NUM 2
#define CCID_INTF_NUM 3
__ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_SIZE] __ALIGN_END =
{
/*Configuration Descriptor*/
@ -111,7 +94,7 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_
0x00,
HID_BINTERVAL, /*bInterval: Polling Interval */
#if DEBUG_LEVEL > 0
#if NUM_INTERFACES > 1
/* */
/* CDC */
@ -208,83 +191,6 @@ __ALIGN_BEGIN uint8_t COMPOSITE_CDC_HID_DESCRIPTOR[COMPOSITE_CDC_HID_DESCRIPTOR_
0x09,
0x04,
#endif
#ifdef ENABLE_CCID
/* CCID Interface Descriptor */
9, /* bLength: Interface Descriptor size */
USB_DESC_TYPE_INTERFACE, /* bDescriptorType: Interface */
CCID_INTF_NUM, /* bInterfaceNumber: CCID Interface */
0, /* Alternate setting for this interface */
3, /* bNumEndpoints: Bulk-IN, Bulk-OUT, Intr-IN */
0x0B, /* CCID class */
0x00, /* CCID subclass */
0x00, /* CCID protocol */
0, /* string index for interface */
/* ICC Descriptor */
54, /* bLength: */
0x21, /* bDescriptorType: USBDESCR_ICC */
0x10, 0x01, /* bcdCCID: revision 1.1 (of CCID) */
0, /* bMaxSlotIndex: */
1, /* bVoltageSupport: 5V-only */
0x02, 0, 0, 0, /* dwProtocols: T=1 */
0xa0, 0x0f, 0, 0, /* dwDefaultClock: 4000 */
0xa0, 0x0f, 0, 0, /* dwMaximumClock: 4000 */
0, /* bNumClockSupported: 0x00 */
0x80, 0x25, 0, 0, /* dwDataRate: 9600 */
0x80, 0x25, 0, 0, /* dwMaxDataRate: 9600 */
0, /* bNumDataRateSupported: 0x00 */
0xfe, 0, 0, 0, /* dwMaxIFSD: 254 */
0, 0, 0, 0, /* dwSynchProtocols: 0 */
0, 0, 0, 0, /* dwMechanical: 0 */
0x7a, 0x04, 0x02, 0x00, /* dwFeatures:
* Short and extended APDU level: 0x40000 ----
* Short APDU level : 0x20000 *
* (ICCD?) : 0x00800 ----
* Automatic IFSD : 0x00400 *
* NAD value other than 0x00 : 0x00200
* Can set ICC in clock stop : 0x00100
* Automatic PPS CUR : 0x00080
* Automatic PPS PROP : 0x00040 *
* Auto baud rate change : 0x00020 *
* Auto clock change : 0x00010 *
* Auto voltage selection : 0x00008 *
* Auto activaction of ICC : 0x00004
* Automatic conf. based on ATR : 0x00002 *
*/
0x0f, 0x01, 0, 0, /* dwMaxCCIDMessageLength: 271 */
0xff, /* bClassGetResponse: 0xff */
0x00, /* bClassEnvelope: 0 */
0, 0, /* wLCDLayout: 0 */
0, /* bPinSupport: No PIN pad */
1, /* bMaxCCIDBusySlots: 1 */
/*Endpoint IN1 Descriptor*/
7, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CCID_IN_EP, /* bEndpointAddress: (IN1) */
0x02, /* bmAttributes: Bulk */
CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: */
0x00, /* bInterval */
/*Endpoint OUT1 Descriptor*/
7, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CCID_OUT_EP, /* bEndpointAddress: (OUT1) */
0x02, /* bmAttributes: Bulk */
CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: */
0x00, /* bInterval */
/*Endpoint IN2 Descriptor*/
7, /* bLength: Endpoint Descriptor size */
USB_DESC_TYPE_ENDPOINT, /* bDescriptorType: Endpoint */
CCID_CMD_EP, /* bEndpointAddress: (IN2) */
0x03, /* bmAttributes: Interrupt */
CCID_DATA_PACKET_SIZE, 0x00, /* wMaxPacketSize: 4 */
0xFF, /* bInterval (255ms) */
#endif
};
USBD_ClassTypeDef USBD_Composite =
@ -305,21 +211,15 @@ USBD_ClassTypeDef USBD_Composite =
USBD_Composite_GetDeviceQualifierDescriptor,
};
static USBD_ClassTypeDef * USBD_Classes[MAX_CLASSES];
static USBD_ClassTypeDef *USBD_Classes[MAX_CLASSES];
int in_endpoint_to_class[MAX_ENDPOINTS];
int out_endpoint_to_class[MAX_ENDPOINTS];
void USBD_Composite_Set_Classes(USBD_ClassTypeDef *hid_class, USBD_ClassTypeDef *ccid_class, USBD_ClassTypeDef *cdc_class) {
memset(USBD_Classes, 0 , sizeof(USBD_Classes));
void USBD_Composite_Set_Classes(USBD_ClassTypeDef *hid_class, USBD_ClassTypeDef *cdc_class) {
USBD_Classes[0] = hid_class;
#ifdef ENABLE_CCID
USBD_Classes[1] = ccid_class;
#endif
#if DEBUG_LEVEL > 0
USBD_Classes[2] = cdc_class;
#endif
USBD_Classes[1] = cdc_class;
}
static USBD_ClassTypeDef * getClass(uint8_t index)
@ -328,15 +228,9 @@ static USBD_ClassTypeDef * getClass(uint8_t index)
{
case HID_INTF_NUM:
return USBD_Classes[0];
#ifdef ENABLE_CCID
case CCID_INTF_NUM:
return USBD_Classes[1];
#endif
#if DEBUG_LEVEL > 0
case CDC_MASTER_INTF_NUM:
case CDC_SLAVE_INTF_NUM:
return USBD_Classes[2];
#endif
return USBD_Classes[1];
}
return NULL;
}
@ -344,18 +238,18 @@ static USBD_ClassTypeDef * getClass(uint8_t index)
static uint8_t USBD_Composite_Init (USBD_HandleTypeDef *pdev, uint8_t cfgidx) {
int i;
for(i = 0; i < NUM_CLASSES; i++) {
if (USBD_Classes[i] != NULL && USBD_Classes[i]->Init(pdev, cfgidx) != USBD_OK) {
if (USBD_Classes[i]->Init(pdev, cfgidx) != USBD_OK) {
return USBD_FAIL;
}
}
//N
return USBD_OK;
}
static uint8_t USBD_Composite_DeInit (USBD_HandleTypeDef *pdev, uint8_t cfgidx) {
int i;
for(i = 0; i < NUM_CLASSES; i++) {
if (USBD_Classes[i] != NULL && USBD_Classes[i]->DeInit(pdev, cfgidx) != USBD_OK) {
if (USBD_Classes[i]->DeInit(pdev, cfgidx) != USBD_OK) {
return USBD_FAIL;
}
}
@ -381,7 +275,7 @@ static uint8_t USBD_Composite_Setup (USBD_HandleTypeDef *pdev, USBD_SetupReqType
case USB_REQ_GET_DESCRIPTOR :
for(i = 0; i < NUM_CLASSES; i++) {
if (USBD_Classes[i] != NULL && USBD_Classes[i]->Setup(pdev, req) != USBD_OK) {
if (USBD_Classes[i]->Setup(pdev, req) != USBD_OK) {
return USBD_FAIL;
}
}
@ -404,8 +298,6 @@ static uint8_t USBD_Composite_DataIn (USBD_HandleTypeDef *pdev, uint8_t epnum) {
i = in_endpoint_to_class[epnum];
if (USBD_Classes[i] == NULL) return USBD_FAIL;
return USBD_Classes[i]->DataIn(pdev, epnum);
}
@ -414,8 +306,6 @@ static uint8_t USBD_Composite_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum)
i = out_endpoint_to_class[epnum];
if (USBD_Classes[i] == NULL) return USBD_FAIL;
return USBD_Classes[i]->DataOut(pdev, epnum);
}
@ -423,7 +313,7 @@ static uint8_t USBD_Composite_DataOut (USBD_HandleTypeDef *pdev, uint8_t epnum)
static uint8_t USBD_Composite_EP0_RxReady (USBD_HandleTypeDef *pdev) {
int i;
for(i = 0; i < NUM_CLASSES; i++) {
if (USBD_Classes[i] != NULL && USBD_Classes[i]->EP0_RxReady != NULL) {
if (USBD_Classes[i]->EP0_RxReady != NULL) {
if (USBD_Classes[i]->EP0_RxReady(pdev) != USBD_OK) {
return USBD_FAIL;
}
@ -433,19 +323,16 @@ static uint8_t USBD_Composite_EP0_RxReady (USBD_HandleTypeDef *pdev) {
}
static uint8_t *USBD_Composite_GetFSCfgDesc (uint16_t *length) {
//Y
*length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE;
return COMPOSITE_CDC_HID_DESCRIPTOR;
}
static uint8_t *USBD_Composite_GetHSCfgDesc (uint16_t *length) {
//N
*length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE;
return COMPOSITE_CDC_HID_DESCRIPTOR;
}
static uint8_t *USBD_Composite_GetOtherSpeedCfgDesc (uint16_t *length) {
*length = COMPOSITE_CDC_HID_DESCRIPTOR_SIZE;
return COMPOSITE_CDC_HID_DESCRIPTOR;
}
@ -466,7 +353,6 @@ __ALIGN_BEGIN static uint8_t USBD_Composite_DeviceQualifierDesc[USB_LEN_DEV_QUAL
};
uint8_t *USBD_Composite_GetDeviceQualifierDescriptor (uint16_t *length) {
//N
*length = sizeof (USBD_Composite_DeviceQualifierDesc);
return USBD_Composite_DeviceQualifierDesc;
}

2
targets/stm32l432/lib/usbd/usbd_composite.h
View File

@ -17,7 +17,7 @@ extern int in_endpoint_to_class[MAX_ENDPOINTS];
extern int out_endpoint_to_class[MAX_ENDPOINTS];
void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1, USBD_ClassTypeDef *class2);
void USBD_Composite_Set_Classes(USBD_ClassTypeDef *class0, USBD_ClassTypeDef *class1);
#ifdef __cplusplus
}

28
targets/stm32l432/lib/usbd/usbd_conf.c
View File

@ -50,9 +50,6 @@
#include "stm32l4xx_hal.h"
#include "usbd_core.h"
#include "usbd_hid.h"
#include "usbd_cdc.h"
#include "usbd_ccid.h"
#include "log.h"
void SystemClock_Config(void);
@ -120,14 +117,9 @@ void HAL_PCD_DataOutStageCallback(PCD_HandleTypeDef *hpcd, uint8_t epnum)
USBD_LL_DataOutStage((USBD_HandleTypeDef*)hpcd->pData, epnum, hpcd->OUT_ep[epnum].xfer_buff);
switch(epnum)
{
case HID_EPOUT_ADDR:
case HID_ENDPOINT:
usb_hid_recieve_callback(epnum);
break;
#ifdef ENABLE_CCID
case CCID_OUT_EP:
usb_ccid_recieve_callback((USBD_HandleTypeDef*)hpcd->pData, epnum);
break;
#endif
}
}
@ -226,6 +218,7 @@ void HAL_PCD_DisconnectCallback(PCD_HandleTypeDef *hpcd)
{
USBD_LL_DevDisconnected((USBD_HandleTypeDef*)hpcd->pData);
}
/**
* @brief Initializes the low level portion of the device driver.
* @param pdev: Device handle
@ -259,20 +252,14 @@ USBD_StatusTypeDef USBD_LL_Init(USBD_HandleTypeDef *pdev)
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x80 , PCD_SNG_BUF, 0x58);
// HID
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPOUT_ADDR , PCD_SNG_BUF, 0x98);
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , HID_EPIN_ADDR , PCD_SNG_BUF, 0xd8);
// CCID
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_OUT_EP , PCD_SNG_BUF, 0xd8 + 64); // data OUT
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_IN_EP , PCD_SNG_BUF, 0xd8 + 64*2); // data IN
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CCID_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*3); // commands
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x01 , PCD_SNG_BUF, 0x98);
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x81 , PCD_SNG_BUF, 0xd8);
// CDC / uart
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_CMD_EP , PCD_SNG_BUF, 0xd8 + 64*4); // commands
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_OUT_EP , PCD_SNG_BUF, 0xd8 + 64*5); // data OUT
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , CDC_IN_EP , PCD_SNG_BUF, 0xd8 + 64*6); // data IN
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x02 , PCD_SNG_BUF, 0xd8 + 64); // data OUT
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x82 , PCD_SNG_BUF, 0xd8 + 64*2); // data IN
HAL_PCDEx_PMAConfig((PCD_HandleTypeDef*)pdev->pData , 0x83 , PCD_SNG_BUF, 0xd8 + 64*3); // commands
// dump_pma_header("usbd_conf");
return USBD_OK;
}
@ -323,7 +310,6 @@ USBD_StatusTypeDef USBD_LL_OpenEP(USBD_HandleTypeDef *pdev,
uint8_t ep_type,
uint16_t ep_mps)
{
// printf1(TAG_RED,"LL_Open. ep: %x, %x\r\n", ep_addr, ep_type);
HAL_PCD_EP_Open((PCD_HandleTypeDef*) pdev->pData,
ep_addr,
ep_mps,

13
targets/stm32l432/linker/bootloader_stm32l4xx.ld
View File

@ -12,17 +12,9 @@ _estack = 0x2000c000;
_MIN_STACK_SIZE = 0x400;
/*
flash_cfg is for storing bootloader data, like last used firmware version.
bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin
*/
bootloader_configuration = 0x08000000 + 216*1024+8;
MEMORY
{
flash (rx) : ORIGIN = 0x08000000, LENGTH = 20K
flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
}
@ -47,11 +39,6 @@ SECTIONS
_etext = .;
} >flash
.flag2 bootloader_configuration :
{
KEEP(*(.flag2)) ;
} > flash_cfg
_sidata = LOADADDR(.data);
.data :

13
targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld
View File

@ -12,17 +12,9 @@ _estack = 0x2000c000;
_MIN_STACK_SIZE = 0x400;
/*
flash_cfg is for storing bootloader data, like last used firmware version.
bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin
*/
bootloader_configuration = 0x08000000 + 216*1024+8;
MEMORY
{
flash (rx) : ORIGIN = 0x08000000, LENGTH = 32K
flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
}
@ -47,11 +39,6 @@ SECTIONS
_etext = .;
} >flash
.flag2 bootloader_configuration :
{
KEEP(*(.flag2)) ;
} > flash_cfg
_sidata = LOADADDR(.data);
.data :

23
targets/stm32l432/linker/stm32l4xx.ld
View File

@ -13,21 +13,14 @@ _estack = 0x2000c000;
_MIN_STACK_SIZE = 0x400;
/*
len | 20 KB/10p| 196KB-8-8/98p | 2kB/1p | 38 KB/19p |
pos | 0->20 KB | 20->216KB-8-8 | 216kB -> 218 kB | 218->256 KB |
posp | 0-10 | 10-113 | 113-114 | 113-128 |
desc | bootloader | application | bootloader data | secrets/data |
Last 8 bytes in application space are occupied by bootloader flags - app
authorization and bootloader activation flag.
Memory layout of device:
20 KB 198KB-8 38 KB
| bootloader | application | secrets/data |
*/
/* Current firmware version number is concatenated to the firmware code - see .flag marker */
/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */
MEMORY
{
flash (rx) : ORIGIN = 0x08000000 + 20K, LENGTH = 216K - 20K - 8
flash (rx) : ORIGIN = 0x08005000, LENGTH = 198K - 8
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
}
@ -61,13 +54,7 @@ SECTIONS
*(.data*)
. = ALIGN(8);
_edata = .;
} >sram2 AT> flash
.flag :
{
. = ALIGN(8);
KEEP(*(.flag)) ;
} > flash
} >ram AT> flash
.bss :
{

21
targets/stm32l432/linker/stm32l4xx_extra.ld
View File

@ -12,22 +12,9 @@ _estack = 0x2000c000;
_MIN_STACK_SIZE = 0x400;
/*
len | 32 KB/16p| 184KB-8-8/92p | 2kB/1p | 38 KB/19p |
pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB |
posp | 0-16 | 16-113 | 113-114 | 113-128 |
desc | bootloader | application | bootloader data | secrets/data |
Last 8 bytes in application space are occupied by bootloader flags - app
authorization and bootloader activation flag.
*/
/* Current firmware version number is concatenated to the firmware code - see .flag marker */
/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */
MEMORY
{
flash (rx) : ORIGIN = 0x08000000 + 20K + 12K, LENGTH = 216K - 20K - 12K - 8
flash (rx) : ORIGIN = 0x08008000, LENGTH = 186K - 8
ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K
sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K
}
@ -63,12 +50,6 @@ SECTIONS
_edata = .;
} >ram AT> flash
.flag :
{
. = ALIGN(8);
KEEP(*(.flag)) ;
} > flash
.bss :
{
. = ALIGN(4);

14
targets/stm32l432/src/ams.c
View File

@ -8,25 +8,21 @@
#include "device.h"
#include "nfc.h"
static void flush_rx(void)
static void flush_rx()
{
while(LL_SPI_IsActiveFlag_RXNE(SPI1) != 0)
{
LL_SPI_ReceiveData8(SPI1);
}
}
static void wait_for_tx(void)
static void wait_for_tx()
{
// while (LL_SPI_IsActiveFlag_BSY(SPI1) == 1)
// ;
while(LL_SPI_GetTxFIFOLevel(SPI1) != LL_SPI_TX_FIFO_EMPTY)
;
}
static void wait_for_rx(void)
static void wait_for_rx()
{
while(LL_SPI_IsActiveFlag_RXNE(SPI1) == 0)
;
@ -274,7 +270,7 @@ void ams_print_int1(uint8_t int0)
#endif
}
int ams_init(void)
int ams_init()
{
LL_GPIO_SetPinMode(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN,LL_GPIO_MODE_OUTPUT);
LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN);
@ -296,7 +292,7 @@ int ams_init(void)
return 0;
}
void ams_configure(void)
void ams_configure()
{
// Should not be used during passive operation.
uint8_t block[4];

4
targets/stm32l432/src/ams.h
View File

@ -39,8 +39,8 @@ typedef union
#define SELECT() LL_GPIO_ResetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN)
#define UNSELECT() LL_GPIO_SetOutputPin(SOLO_AMS_CS_PORT,SOLO_AMS_CS_PIN)
int ams_init(void);
void ams_configure(void);
int ams_init();
void ams_configure();
void ams_read_buffer(uint8_t * data, int len);
void ams_write_buffer(uint8_t * data, int len);

10
targets/stm32l432/src/app.h
View File

@ -8,20 +8,13 @@
#define _APP_H_
#include <stdint.h>
#include "version.h"
#include "solo.h"
#define SOLO
#define DEBUG_UART USART1
#ifndef DEBUG_LEVEL
// Enable the CDC ACM USB interface & debug logs (DEBUG_LEVEL > 0)
#define DEBUG_LEVEL 0
#endif
// Enable the CCID USB interface
// #define ENABLE_CCID
#define NON_BLOCK_PRINTING 0
@ -49,9 +42,6 @@
void printing_init();
void hw_init(int lf);
// Return 1 if Solo is secure/locked.
int solo_is_locked();
//#define TEST
//#define TEST_POWER

104
targets/stm32l432/src/attestation.c
View File

@ -5,16 +5,12 @@
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
#include <stdint.h>
#include <string.h>
#include "crypto.h"
#include "memory_layout.h"
#include "device.h"
#include "sense.h"
#include "log.h"
#ifdef USE_SOLOKEYS_CERT
const uint8_t attestation_solo_cert_der[] =
"\x30\x82\x03\x03\x30\x82\x02\xaa\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
const uint8_t attestation_cert_der[] =
"\x30\x82\x02\xe1\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04\x06"
"\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c"
"\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f\x20\x4b"
@ -22,40 +18,42 @@ const uint8_t attestation_solo_cert_der[] =
"\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65\x79\x73"
"\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16"
"\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f\x6d\x30"
"\x20\x17\x0d\x31\x39\x31\x32\x30\x31\x31\x39\x32\x33\x34\x39\x5a\x18\x0f\x32\x30"
"\x36\x39\x31\x31\x31\x38\x31\x39\x32\x33\x34\x39\x5a\x30\x81\x91\x31\x0b\x30\x09"
"\x20\x17\x0d\x31\x38\x31\x31\x31\x31\x31\x32\x35\x32\x30\x30\x5a\x18\x0f\x32\x30"
"\x36\x38\x31\x30\x32\x39\x31\x32\x35\x32\x30\x30\x5a\x30\x81\x92\x31\x0b\x30\x09"
"\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08"
"\x4d\x61\x72\x79\x6c\x61\x6e\x64\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x0c\x08\x53"
"\x6f\x6c\x6f\x4b\x65\x79\x73\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x0c\x19\x41\x75"
"\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72\x20\x41\x74\x74\x65\x73\x74\x61\x74"
"\x69\x6f\x6e\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65"
"\x4d\x61\x72\x79\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53"
"\x6f\x6c\x6f\x20\x4b\x65\x79\x73\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x0c\x19\x41"
"\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72\x20\x41\x74\x74\x65\x73\x74\x61"
"\x74\x69\x6f\x6e\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b"
"\x65\x79\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01"
"\x09\x01\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63"
"\x6f\x6d\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
"\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x22\xfe\x0f\xb5\x2a\x78\xbe\xc6\x45\x37\x1a"
"\x28\xa7\x57\x43\x49\xa4\x6f\x85\x4d\xca\x4e\x25\x1c\x9f\x75\x30\x3d\xbf\x10\xd5"
"\xd2\xd2\x0b\xb9\x69\x2c\xdd\xb2\x5c\x14\xd8\x39\x85\x12\xf6\x23\xee\x91\xba\xc6"
"\xac\xff\x4a\x1a\x27\xef\xe0\xc1\x54\x3f\xd4\xd9\xc5\xa3\x81\xdc\x30\x81\xd9\x30"
"\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3b\xe6\xd2\xc0\x6f\xf2\xe7\xb0\x7c\x9d"
"\x9e\x28\xc0\x20\xb0\x0d\x07\xc8\x15\xc8\x30\x81\x9f\x06\x03\x55\x1d\x23\x04\x81"
"\x97\x30\x81\x94\xa1\x81\x86\xa4\x81\x83\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55"
"\x04\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72"
"\x79\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f"
"\x20\x4b\x65\x79\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x0c\x07\x52\x6f\x6f\x74"
"\x20\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65"
"\x79\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09"
"\x01\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f"
"\x6d\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce"
"\x3d\x03\x01\x07\x03\x42\x00\x04\x22\xfe\x0f\xb5\x2a\x78\xbe\xc6\x45\x37\x1a\x28"
"\xa7\x57\x43\x49\xa4\x6f\x85\x4d\xca\x4e\x25\x1c\x9f\x75\x30\x3d\xbf\x10\xd5\xd2"
"\xd2\x0b\xb9\x69\x2c\xdd\xb2\x5c\x14\xd8\x39\x85\x12\xf6\x23\xee\x91\xba\xc6\xac"
"\xff\x4a\x1a\x27\xef\xe0\xc1\x54\x3f\xd4\xd9\xc5\xa3\x81\xff\x30\x81\xfc\x30\x1d"
"\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3b\xe6\xd2\xc0\x6f\xf2\xe7\xb0\x7c\x9d\x9e"
"\x28\xc0\x20\xb0\x0d\x07\xc8\x15\xc8\x30\x81\x9f\x06\x03\x55\x1d\x23\x04\x81\x97"
"\x30\x81\x94\xa1\x81\x86\xa4\x81\x83\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04"
"\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79"
"\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f\x20"
"\x4b\x65\x79\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x0c\x07\x52\x6f\x6f\x74\x20"
"\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65\x79"
"\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01"
"\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f\x6d"
"\x82\x09\x00\xc4\x47\x63\x92\x8f\xf4\xbe\x8c\x30\x09\x06\x03\x55\x1d\x13\x04\x02"
"\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x04\xf0\x30\x21\x06\x0b\x2b"
"\x06\x01\x04\x01\x82\xe5\x1c\x01\x01\x04\x04\x12\x04\x10\x88\x76\x63\x1b\xd4\xa0"
"\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04"
"\x03\x02\x03\x47\x00\x30\x44\x02\x20\x4d\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d"
"\x87\xc3\xfa\xb6\x6b\x29\x9b\xfb\x8b\x4d\x4d\x29\x77\x5b\xa1\x04\x4c\x7f\x12\x8d"
"\x71\x02\x20\x47\x4c\x3d\xb2\xa1\x74\xe3\x9c\xfe\xe1\x23\xbf\xec\x47\x96\xf4\xe5"
"\x9b\x65\x76\xac\xc8\x69\x1d\xe2\x74\xff\x4e\xa4\xcf\x02\x6d"
"\x6d\x82\x09\x00\xc4\x47\x63\x92\x8f\xf4\xbe\x8c\x30\x09\x06\x03\x55\x1d\x13\x04"
"\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x04\xf0\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x03\x47\x00\x30\x44\x02\x20\x71\x10\x46\x2c\xf5"
"\x16\x18\x97\x55\xca\x64\x50\x3b\x69\xb2\xdf\x17\x71\xab\xad\x8e\xc0\xd6\xa6\x07"
"\x3d\x66\x8a\x3b\xbb\xfe\x61\x02\x20\x1e\x82\xef\xeb\x5e\x4e\x3a\x00\x84\x64\xd2"
"\xf8\x84\xc3\x78\x35\x93\x63\x81\x2e\xbe\xa6\x12\x32\x6e\x29\x90\xc8\x91\x4b\x71"
"\x52"
;
#else
const uint8_t attestation_hacker_cert_der[] =
// For testing/development only
const uint8_t attestation_cert_der[] =
"\x30\x82\x02\xe9\x30\x82\x02\x8e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06"
"\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c"
@ -96,36 +94,8 @@ const uint8_t attestation_hacker_cert_der[] =
"\xf3\x87\x61\x82\xd8\xcd\x48\xfc\x57"
;
#endif
const uint16_t attestation_solo_cert_der_size = sizeof(attestation_solo_cert_der)-1;
const uint16_t attestation_hacker_cert_der_size = sizeof(attestation_hacker_cert_der)-1;
const uint16_t attestation_cert_der_size = sizeof(attestation_cert_der)-1;
uint8_t * device_get_attestation_key(){
flash_attestation_page * page =(flash_attestation_page *)ATTESTATION_PAGE_ADDR;
return page->attestation_key;
}
uint16_t device_attestation_cert_der_get_size(){
uint16_t sz = (uint16_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size;
return sz;
}
void device_attestation_read_cert_der(uint8_t * dst){
const uint8_t * der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
uint16_t sz = device_attestation_cert_der_get_size();
memmove(dst, der, sz);
// Overwrite respective x509 fields if Tap or Somu.
if (memcmp(dst + 0x2c6, "\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d", 10) == 0){
if (device_is_nfc()){
dst[0x2a2] = 0x89;//tap aaguid byte
memmove(dst + 0xac, "\x34\x33\x38\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x34\x33\x38", 20);//tap-id
memmove(dst + 0x2c5, "\x6d\x7b\x41\x2b\xff\x57\xf0\x03\xbd\x5b\x39\x4a\xf7\xa9\x2d\x6d\xcb\x9e\x2d\x88\xbf\xb3\x93\xc5\x66\x3b\xd1\xbc\x34\xfa\x5c\x4c\x02\x20\x59\x01\x49\x39\x1b\xb7\xa9\x1c\xed\x49\x78\x4f\x92\xa9\x61\x14\xa5\x6e\x96\x3f\x29\x02\x93\xe0\x5d\xe2\x75\xd0\x60\xd9\x74\xc2", 66);//tap-sig
} else if (tsc_sensor_exists()) {
dst[0x2a2] = 0x98;//somu aaguid byte
memmove(dst + 0xac, "\x35\x30\x32\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x35\x30\x32", 20);//somu-id
memmove(dst + 0x2c5, "\x4d\x08\xc8\x9d\xc4\x50\x49\x70\x48\x4d\xd0\x12\xd9\x7c\x62\x5e\x6b\xd3\x84\xd5\x36\x42\xfe\x86\x8e\x7a\x23\x59\xa0\x20\xf0\xc5\x02\x20\x5f\x70\x93\x61\x5a\xe4\x20\xcf\xb9\x8a\xf5\xdd\x87\xd0\x48\x6d\x7d\x59\xef\x9e\x0e\x11\xa3\x8e\xf7\xe3\xe2\xf5\x35\x37\x99\x1a", 66);//somu-sig
}
}
}
const uint16_t attestation_key_size = 32;

366
targets/stm32l432/src/crypto.c Normal file
View File

@ -0,0 +1,366 @@
// Copyright 2019 SoloKeys Developers
//
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
/*
* Wrapper for crypto implementation on device
*
* */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "util.h"
#include "crypto.h"
#ifdef USE_SOFTWARE_IMPLEMENTATION
#include "sha256.h"
#include "uECC.h"
#include "aes.h"
#include "ctap.h"
#include "device.h"
// stuff for SHA512
#include "sha2.h"
#include "blockwise.h"
#include APP_CONFIG
#include "log.h"
#include "memory_layout.h"
typedef enum
{
MBEDTLS_ECP_DP_NONE = 0,
MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */
MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */
MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
} mbedtls_ecp_group_id;
static SHA256_CTX sha256_ctx;
static cf_sha512_context sha512_ctx;
static const struct uECC_Curve_t * _es256_curve = NULL;
static const uint8_t * _signing_key = NULL;
static int _key_len = 0;
// Secrets for testing only
static uint8_t master_secret[64];
static uint8_t transport_secret[32];
void crypto_sha256_init()
{
sha256_init(&sha256_ctx);
}
void crypto_sha512_init() {
cf_sha512_init(&sha512_ctx);
}
void crypto_load_master_secret(uint8_t * key)
{
#if KEY_SPACE_BYTES < 96
#error "need more key bytes"
#endif
memmove(master_secret, key, 64);
memmove(transport_secret, key+64, 32);
}
void crypto_reset_master_secret()
{
memset(master_secret, 0, 64);
memset(transport_secret, 0, 32);
ctap_generate_rng(master_secret, 64);
ctap_generate_rng(transport_secret, 32);
}
void crypto_sha256_update(uint8_t * data, size_t len)
{
sha256_update(&sha256_ctx, data, len);
}
void crypto_sha512_update(const uint8_t * data, size_t len) {
cf_sha512_update(&sha512_ctx, data, len);
}
void crypto_sha256_update_secret()
{
sha256_update(&sha256_ctx, master_secret, 32);
}
void crypto_sha256_final(uint8_t * hash)
{
sha256_final(&sha256_ctx, hash);
}
void crypto_sha512_final(uint8_t * hash) {
// NB: there is also cf_sha512_digest
cf_sha512_digest_final(&sha512_ctx, hash);
}
void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
{
uint8_t buf[64];
unsigned int i;
memset(buf, 0, sizeof(buf));
if (key == CRYPTO_MASTER_KEY)
{
key = master_secret;
klen = sizeof(master_secret)/2;
}
else if (key == CRYPTO_TRANSPORT_KEY)
{
key = transport_secret;
klen = 32;
}
if(klen > 64)
{
printf2(TAG_ERR, "Error, key size must be <= 64\n");
exit(1);
}
memmove(buf, key, klen);
for (i = 0; i < sizeof(buf); i++)
{
buf[i] = buf[i] ^ 0x36;
}
crypto_sha256_init();
crypto_sha256_update(buf, 64);
}
void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
{
uint8_t buf[64];
unsigned int i;
crypto_sha256_final(hmac);
memset(buf, 0, sizeof(buf));
if (key == CRYPTO_MASTER_KEY)
{
key = master_secret;
klen = sizeof(master_secret)/2;
}
else if (key == CRYPTO_TRANSPORT_KEY2)
{
key = transport_secret;
klen = 32;
}
if(klen > 64)
{
printf2(TAG_ERR, "Error, key size must be <= 64\n");
exit(1);
}
memmove(buf, key, klen);
for (i = 0; i < sizeof(buf); i++)
{
buf[i] = buf[i] ^ 0x5c;
}
crypto_sha256_init();
crypto_sha256_update(buf, 64);
crypto_sha256_update(hmac, 32);
crypto_sha256_final(hmac);
}
void crypto_ecc256_init()
{
uECC_set_rng((uECC_RNG_Function)ctap_generate_rng);
_es256_curve = uECC_secp256r1();
}
void crypto_ecc256_load_attestation_key()
{
static uint8_t _key [32];
memmove(_key, (uint8_t*)ATTESTATION_KEY_ADDR, 32);
_signing_key = _key;
_key_len = 32;
}
void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
{
if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0)
{
printf2(TAG_ERR, "error, uECC failed\n");
exit(1);
}
}
void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2)
{
static uint8_t privkey[32];
generate_private_key(data,len,data2,len2,privkey);
_signing_key = privkey;
_key_len = 32;
}
void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_ID)
{
const struct uECC_Curve_t * curve = NULL;
switch(MBEDTLS_ECP_ID)
{
case MBEDTLS_ECP_DP_SECP192R1:
curve = uECC_secp192r1();
if (_key_len != 24) goto fail;
break;
case MBEDTLS_ECP_DP_SECP224R1:
curve = uECC_secp224r1();
if (_key_len != 28) goto fail;
break;
case MBEDTLS_ECP_DP_SECP256R1:
curve = uECC_secp256r1();
if (_key_len != 32) goto fail;
break;
case MBEDTLS_ECP_DP_SECP256K1:
curve = uECC_secp256k1();
if (_key_len != 32) goto fail;
break;
default:
printf2(TAG_ERR, "error, invalid ECDSA alg specifier\n");
exit(1);
}
if ( uECC_sign(_signing_key, data, len, sig, curve) == 0)
{
printf2(TAG_ERR, "error, uECC failed\n");
exit(1);
}
return;
fail:
printf2(TAG_ERR, "error, invalid key length\n");
exit(1);
}
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey)
{
crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey);
crypto_sha256_update(data, len);
crypto_sha256_update(data2, len2);
crypto_sha256_update(master_secret, 32); // TODO AES
crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey);
crypto_aes256_init(master_secret + 32, NULL);
crypto_aes256_encrypt(privkey, 32);
}
/*int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve);*/
void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y)
{
uint8_t privkey[32];
uint8_t pubkey[64];
generate_private_key(data,len,NULL,0,privkey);
memset(pubkey,0,sizeof(pubkey));
uECC_compute_public_key(privkey, pubkey, _es256_curve);
memmove(x,pubkey,32);
memmove(y,pubkey+32,32);
}
void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
{
uECC_compute_public_key(privkey, pubkey, _es256_curve);
}
void crypto_load_external_key(uint8_t * key, int len)
{
_signing_key = key;
_key_len = len;
}
void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{
if (uECC_make_key(pubkey, privkey, _es256_curve) != 1)
{
printf2(TAG_ERR, "Error, uECC_make_key failed\n");
exit(1);
}
}
void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret)
{
if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1)
{
printf2(TAG_ERR, "Error, uECC_shared_secret failed\n");
exit(1);
}
}
struct AES_ctx aes_ctx;
void crypto_aes256_init(uint8_t * key, uint8_t * nonce)
{
if (key == CRYPTO_TRANSPORT_KEY)
{
AES_init_ctx(&aes_ctx, transport_secret);
}
else
{
AES_init_ctx(&aes_ctx, key);
}
if (nonce == NULL)
{
memset(aes_ctx.Iv, 0, 16);
}
else
{
memmove(aes_ctx.Iv, nonce, 16);
}
}
// prevent round key recomputation
void crypto_aes256_reset_iv(uint8_t * nonce)
{
if (nonce == NULL)
{
memset(aes_ctx.Iv, 0, 16);
}
else
{
memmove(aes_ctx.Iv, nonce, 16);
}
}
void crypto_aes256_decrypt(uint8_t * buf, int length)
{
AES_CBC_decrypt_buffer(&aes_ctx, buf, length);
}
void crypto_aes256_encrypt(uint8_t * buf, int length)
{
AES_CBC_encrypt_buffer(&aes_ctx, buf, length);
}
#else
#error "No crypto implementation defined"
#endif

350
targets/stm32l432/src/device.c
View File

@ -34,9 +34,7 @@
#define LOW_FREQUENCY 1
#define HIGH_FREQUENCY 0
#define SOLO_FLAG_LOCKED 0x2
void wait_for_usb_tether(void);
void wait_for_usb_tether();
uint32_t __90_ms = 0;
@ -47,60 +45,27 @@ uint32_t __last_update = 0;
extern PCD_HandleTypeDef hpcd;
static int _NFC_status = 0;
static bool isLowFreq = 0;
static bool _up_disabled = false;
static bool _RequestComeFromNFC = false;
// #define IS_BUTTON_PRESSED() (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN))
static int is_physical_button_pressed(void)
static int is_physical_button_pressed()
{
return (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN));
}
static int is_touch_button_pressed(void)
static int is_touch_button_pressed()
{
int is_pressed = (tsc_read_button(0) || tsc_read_button(1));
#ifndef IS_BOOTLOADER
if (is_pressed)
{
// delay for debounce, and longer than polling timer period.
delay(95);
return (tsc_read_button(0) || tsc_read_button(1));
}
#endif
return is_pressed;
return tsc_read_button(0) || tsc_read_button(1);
}
int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;
static void edge_detect_touch_button(void)
{
static uint8_t last_touch = 0;
uint8_t current_touch = 0;
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
{
current_touch = (tsc_read_button(0) || tsc_read_button(1));
// 1 sample per 25 ms
if ((millis() - __last_button_bounce_time) > 25)
{
// Detect "touch / rising edge"
if (!last_touch && current_touch)
{
__last_button_press_time = millis();
}
__last_button_bounce_time = millis();
last_touch = current_touch;
}
}
}
void device_disable_up(bool disable)
{
_up_disabled = disable;
void request_from_nfc(bool request_active) {
_RequestComeFromNFC = request_active;
}
// Timer6 overflow handler. happens every ~90ms.
void TIM6_DAC_IRQHandler(void)
void TIM6_DAC_IRQHandler()
{
// timer is only 16 bits, so roll it over here
TIM6->SR = 0;
@ -113,7 +78,19 @@ void TIM6_DAC_IRQHandler(void)
}
}
edge_detect_touch_button();
if (is_touch_button_pressed == IS_BUTTON_PRESSED)
{
if (IS_BUTTON_PRESSED())
{
// Only allow 1 press per 25 ms.
if ((millis() - __last_button_bounce_time) > 25)
{
__last_button_press_time = millis();
}
__last_button_bounce_time = millis();
}
}
#ifndef IS_BOOTLOADER
// NFC sending WTX if needs
@ -145,7 +122,7 @@ void USB_IRQHandler(void)
HAL_PCD_IRQHandler(&hpcd);
}
uint32_t millis(void)
uint32_t millis()
{
return (((uint32_t)TIM6->CNT) + (__90_ms * 90));
}
@ -163,8 +140,9 @@ void device_set_status(uint32_t status)
__device_status = status;
}
int device_is_button_pressed(void)
int device_is_button_pressed()
{
return IS_BUTTON_PRESSED();
}
@ -174,13 +152,12 @@ void delay(uint32_t ms)
while ((millis() - time) < ms)
;
}
void device_reboot(void)
void device_reboot()
{
NVIC_SystemReset();
}
void device_init_button(void)
void device_init_button()
{
if (tsc_sensor_exists())
{
@ -193,113 +170,7 @@ void device_init_button(void)
}
}
int solo_is_locked(){
uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
uint32_t tag = (uint32_t)(device_settings >> 32ull);
return tag == ATTESTATION_CONFIGURED_TAG && (device_settings & SOLO_FLAG_LOCKED) != 0;
}
// Locks solo flash from debugging. Locks on next reboot.
// This should be removed in next Solo release.
void solo_lock_if_not_already() {
uint8_t buf[2048];
memmove(buf, (uint8_t*)ATTESTATION_PAGE_ADDR, 2048);
((flash_attestation_page *)buf)->device_settings |= SOLO_FLAG_LOCKED;
flash_erase_page(ATTESTATION_PAGE);
flash_write(ATTESTATION_PAGE_ADDR, buf, 2048);
}
/** device_migrate
* Depending on version of device, migrates:
* * Moves attestation certificate to data segment.
* * Creates locked variable and stores in data segment.
*
* Once in place, this allows all devices to accept same firmware,
* rather than using "hacker" and "secure" builds.
*/
static void device_migrate(){
extern const uint16_t attestation_solo_cert_der_size;
extern const uint16_t attestation_hacker_cert_der_size;
extern uint8_t attestation_solo_cert_der[];
extern uint8_t attestation_hacker_cert_der[];
uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
uint32_t configure_tag = (uint32_t)(device_settings >> 32);
if (configure_tag != ATTESTATION_CONFIGURED_TAG)
{
printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
device_settings = ATTESTATION_CONFIGURED_TAG;
device_settings <<= 32;
// Read current device lock level.
uint32_t optr = FLASH->OPTR;
if ((optr & 0xff) != 0xAA){
device_settings |= SOLO_FLAG_LOCKED;
}
uint8_t tmp_attestation_key[32];
memmove(tmp_attestation_key,
((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_key,
32);
flash_erase_page(ATTESTATION_PAGE);
flash_write(
(uint32_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_key,
tmp_attestation_key,
32
);
// Check if this is Solo Hacker attestation (not confidential)
// then write solo or hacker attestation cert to flash page.
uint8_t solo_hacker_attestation_key[32] = "\x1b\x26\x26\xec\xc8\xf6\x9b\x0f\x69\xe3\x4f"
"\xb2\x36\xd7\x64\x66\xba\x12\xac\x16\xc3\xab"
"\x57\x50\xba\x06\x4e\x8b\x90\xe0\x24\x48";
if (memcmp(solo_hacker_attestation_key,
tmp_attestation_key,
32) == 0)
{
printf1(TAG_GREEN,"Updating solo hacker cert\r\n");
flash_write_dword(
(uint32_t)&((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size,
(uint64_t)attestation_hacker_cert_der_size
);
flash_write(
(uint32_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert,
attestation_hacker_cert_der,
attestation_hacker_cert_der_size
);
}
else
{
printf1(TAG_GREEN,"Updating solo secure cert\r\n");
flash_write_dword(
(uint32_t)&((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size,
(uint64_t)attestation_solo_cert_der_size
);
flash_write(
(uint32_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert,
attestation_solo_cert_der,
attestation_solo_cert_der_size
);
}
// Save / done.
flash_write_dword(
(uint32_t) & ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings,
(uint64_t)device_settings);
}
}
void device_init()
void device_init(int argc, char *argv[])
{
hw_init(LOW_FREQUENCY);
@ -327,8 +198,6 @@ void device_init()
ctaphid_init();
ctap_init();
device_migrate();
#if BOOT_TO_DFU
flash_option_bytes_init(1);
#else
@ -338,12 +207,12 @@ void device_init()
}
int device_is_nfc(void)
int device_is_nfc()
{
return _NFC_status;
}
void wait_for_usb_tether(void)
void wait_for_usb_tether()
{
while (USBD_OK != CDC_Transmit_FS((uint8_t*)"tethered\r\n", 10) )
;
@ -354,7 +223,7 @@ void wait_for_usb_tether(void)
;
}
void usbhid_init(void)
void usbhid_init()
{
if (!isLowFreq)
{
@ -404,12 +273,12 @@ void ctaphid_write_block(uint8_t * data)
}
void usbhid_close(void)
void usbhid_close()
{
}
void main_loop_delay(void)
void main_loop_delay()
{
}
@ -419,14 +288,13 @@ static uint32_t winkt1 = 0;
#ifdef LED_WINK_VALUE
static uint32_t winkt2 = 0;
#endif
void device_wink(void)
void device_wink()
{
wink_time = 10;
winkt1 = 0;
}
void heartbeat(void)
void heartbeat()
{
static int state = 0;
static uint32_t val = (LED_MAX_SCALER - LED_MIN_SCALER)/2;
@ -482,8 +350,20 @@ void heartbeat(void)
}
void authenticator_read_state(AuthenticatorState * a)
{
uint32_t * ptr = (uint32_t *)flash_addr(STATE1_PAGE);
memmove(a,ptr,sizeof(AuthenticatorState));
}
static int authenticator_is_backup_initialized(void)
void authenticator_read_backup_state(AuthenticatorState * a)
{
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
memmove(a,ptr,sizeof(AuthenticatorState));
}
// Return 1 yes backup is init'd, else 0
int authenticator_is_backup_initialized()
{
uint8_t header[16];
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
@ -492,39 +372,23 @@ static int authenticator_is_backup_initialized(void)
return state->is_initialized == INITIALIZED_MARKER;
}
int authenticator_read_state(AuthenticatorState * a)
{
uint32_t * ptr = (uint32_t *) flash_addr(STATE1_PAGE);
memmove(a, ptr, sizeof(AuthenticatorState));
if (a->is_initialized != INITIALIZED_MARKER){
if (authenticator_is_backup_initialized()){
printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n");
ptr = (uint32_t *) flash_addr(STATE2_PAGE);
memmove(a, ptr, sizeof(AuthenticatorState));
authenticator_write_state(a);
return 1;
}
return 0;
}
return 1;
}
void authenticator_write_state(AuthenticatorState * a)
void authenticator_write_state(AuthenticatorState * a, int backup)
{
if (! backup)
{
flash_erase_page(STATE1_PAGE);
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
}
else
{
flash_erase_page(STATE2_PAGE);
flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
}
}
#if !defined(IS_BOOTLOADER)
uint32_t ctap_atomic_count(uint32_t amount)
uint32_t ctap_atomic_count(int sel)
{
int offset = 0;
uint32_t * ptr = (uint32_t *)flash_addr(COUNTER1_PAGE);
@ -539,12 +403,10 @@ uint32_t ctap_atomic_count(uint32_t amount)
uint32_t lastc = 0;
if (amount == 0)
if (sel != 0)
{
// Use a random count [1-16].
uint8_t rng[1];
ctap_generate_rng(rng, 1);
amount = (rng[0] & 0x0f) + 1;
printf2(TAG_ERR,"counter2 not imple\n");
exit(1);
}
for (offset = 0; offset < PAGE_SIZE/4; offset += 2) // wear-level the flash
@ -577,11 +439,7 @@ uint32_t ctap_atomic_count(uint32_t amount)
return lastc;
}
if (amount > 256){
lastc = amount;
} else {
lastc += amount;
}
lastc++;
if (lastc/256 > erases)
{
@ -619,10 +477,10 @@ uint32_t ctap_atomic_count(uint32_t amount)
return lastc;
}
#endif
void device_manage(void)
void device_manage()
{
#if NON_BLOCK_PRINTING
int i = 10;
@ -648,7 +506,7 @@ void device_manage(void)
#endif
}
static int handle_packets(void)
static int handle_packets()
{
static uint8_t hidmsg[HID_PACKET_SIZE];
memset(hidmsg,0, sizeof(hidmsg));
@ -684,7 +542,6 @@ static int wait_for_button_activate(uint32_t wait)
} while (!IS_BUTTON_PRESSED());
return 0;
}
static int wait_for_button_release(uint32_t wait)
{
int ret;
@ -706,17 +563,11 @@ static int wait_for_button_release(uint32_t wait)
int ctap_user_presence_test(uint32_t up_delay)
{
int ret;
if (device_is_nfc() == NFC_IS_ACTIVE)
if (device_is_nfc() == NFC_IS_ACTIVE || _RequestComeFromNFC)
{
return 1;
}
if (_up_disabled)
{
return 2;
}
#if SKIP_BUTTON_CHECK_WITH_DELAY
int i=500;
while(i--)
@ -773,7 +624,12 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
}
void ctap_reset_rk(void)
int ctap_user_verification(uint8_t arg)
{
return 1;
}
void ctap_reset_rk()
{
int i;
printf1(TAG_GREEN, "resetting RK \r\n");
@ -783,35 +639,40 @@ void ctap_reset_rk(void)
}
}
uint32_t ctap_rk_size(void)
uint32_t ctap_rk_size()
{
return RK_NUM_PAGES * (PAGE_SIZE / sizeof(CTAP_residentKey));
}
void ctap_store_rk(int index,CTAP_residentKey * rk)
{
ctap_overwrite_rk(index, rk);
}
int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + ((sizeof(CTAP_residentKey)*index) % PAGE_SIZE);
void ctap_delete_rk(int index)
{
CTAP_residentKey rk;
memset(&rk, 0xff, sizeof(CTAP_residentKey));
ctap_overwrite_rk(index, &rk);
printf1(TAG_GREEN, "storing RK %d @ %04x\r\n", index,addr);
if (page_offset < RK_NUM_PAGES)
{
flash_write(addr, (uint8_t*)rk, sizeof(CTAP_residentKey));
//dump_hex1(TAG_GREEN,rk,sizeof(CTAP_residentKey));
}
else
{
printf2(TAG_ERR,"Out of bounds reading index %d for rk\n", index);
}
}
void ctap_load_rk(int index,CTAP_residentKey * rk)
{
int byte_offset_into_page = (sizeof(CTAP_residentKey) * (index % (PAGE_SIZE/sizeof(CTAP_residentKey))));
int page_offset = (index)/(PAGE_SIZE/sizeof(CTAP_residentKey));
uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + byte_offset_into_page;
int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + ((sizeof(CTAP_residentKey)*index) % PAGE_SIZE);
printf1(TAG_GREEN, "reading RK %d @ %04x\r\n", index, addr);
if (page_offset < RK_NUM_PAGES)
{
uint32_t * ptr = (uint32_t *)addr;
memmove((uint8_t*)rk,ptr,sizeof(CTAP_residentKey));
//dump_hex1(TAG_GREEN,rk,sizeof(CTAP_residentKey));
}
else
{
@ -822,31 +683,25 @@ void ctap_load_rk(int index,CTAP_residentKey * rk)
void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
{
uint8_t tmppage[PAGE_SIZE];
int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
int page = page_offset + RK_START_PAGE;
int byte_offset_into_page = (sizeof(CTAP_residentKey) * (index % (PAGE_SIZE/sizeof(CTAP_residentKey))));
int page_offset = (index)/(PAGE_SIZE/sizeof(CTAP_residentKey));
printf1(TAG_GREEN, "overwriting RK %d @ page %d @ addr 0x%08x-0x%08x\r\n",
index, RK_START_PAGE + page_offset,
flash_addr(RK_START_PAGE + page_offset) + byte_offset_into_page,
flash_addr(RK_START_PAGE + page_offset) + byte_offset_into_page + sizeof(CTAP_residentKey)
);
printf1(TAG_GREEN, "overwriting RK %d\r\n", index);
if (page_offset < RK_NUM_PAGES)
{
memmove(tmppage, (uint8_t*)flash_addr(RK_START_PAGE + page_offset), PAGE_SIZE);
memmove(tmppage, (uint8_t*)flash_addr(page), PAGE_SIZE);
memmove(tmppage + byte_offset_into_page, rk, sizeof(CTAP_residentKey));
flash_erase_page(RK_START_PAGE + page_offset);
flash_write(flash_addr(RK_START_PAGE + page_offset), tmppage, PAGE_SIZE);
memmove(tmppage + (sizeof(CTAP_residentKey) * index) % PAGE_SIZE, rk, sizeof(CTAP_residentKey));
flash_erase_page(page);
flash_write(flash_addr(page), tmppage, PAGE_SIZE);
}
else
{
printf2(TAG_ERR,"Out of bounds reading index %d for rk\n", index);
}
printf1(TAG_GREEN, "4\r\n");
}
void boot_st_bootloader(void)
void boot_st_bootloader()
{
__disable_irq();
@ -858,7 +713,7 @@ void boot_st_bootloader(void)
;
}
void boot_solo_bootloader(void)
void boot_solo_bootloader()
{
LL_IWDG_Enable(IWDG);
@ -878,17 +733,6 @@ void boot_solo_bootloader(void)
}
void device_read_aaguid(uint8_t * dst){
uint8_t * aaguid = (uint8_t *)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79";
memmove(dst, aaguid, 16);
if (device_is_nfc()){
dst[0] = 0x89;
}
else if (tsc_sensor_exists()){
dst[0] = 0x98;
}
dump_hex1(TAG_GREEN,dst, 16);
}
void _Error_Handler(char *file, int line)

23
targets/stm32l432/src/flash.c
View File

@ -14,12 +14,12 @@
#include "log.h"
#include "device.h"
static void flash_lock(void)
static void flash_lock()
{
FLASH->CR |= (1U<<31);
}
static void flash_unlock(void)
static void flash_unlock()
{
if (FLASH->CR & FLASH_CR_LOCK)
{
@ -31,18 +31,21 @@ static void flash_unlock(void)
// Locks flash and turns off DFU
void flash_option_bytes_init(int boot_from_dfu)
{
#ifndef FLASH_ROP
#define FLASH_ROP 0
#endif
#if FLASH_ROP == 0
uint32_t val = 0xfffff8aa;
#elif FLASH_ROP == 2
uint32_t val = 0xfffff8cc;
#else
uint32_t val = 0xfffff8b9;
#endif
if (boot_from_dfu){
if (boot_from_dfu)
{
val &= ~(1<<27); // nBOOT0 = 0 (boot from system rom)
}
else {
if (solo_is_locked())
{
val = 0xfffff8cc;
}
}
val &= ~(1<<26); // nSWBOOT0 = 0 (boot from nBoot0)
val &= ~(1<<25); // SRAM2_RST = 1 (erase sram on reset)
val &= ~(1<<24); // SRAM2_PE = 1 (parity check en)

23
targets/stm32l432/src/init.c
View File

@ -28,7 +28,6 @@
#include "usbd_desc.h"
#include "usbd_hid.h"
#include "usbd_cdc.h"
#include "usbd_ccid.h"
#include "usbd_composite.h"
#include "usbd_cdc_if.h"
#include "device.h"
@ -146,14 +145,12 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param)
case DEVICE_LOW_POWER_IDLE:
SET_CLOCK_RATE0();
break;
#if !defined(IS_BOOTLOADER)
case DEVICE_LOW_POWER_FAST:
SET_CLOCK_RATE1();
break;
case DEVICE_FAST:
SET_CLOCK_RATE2();
break;
#endif
}
}
@ -701,33 +698,33 @@ void SystemClock_Config_LF20(void)
SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_PWREN);
}
void init_usb(void)
void init_usb()
{
// enable USB power
SET_BIT(PWR->CR2, PWR_CR2_USV);
// Enable USB Clock
SET_BIT(RCC->APB1ENR1, RCC_APB1ENR1_USBFSEN);
#ifndef IS_BOOTLOADER
USBD_Composite_Set_Classes(&USBD_HID, &USBD_CCID, &USBD_CDC);
#if DEBUG_LEVEL > 0
USBD_Composite_Set_Classes(&USBD_HID, &USBD_CDC);
in_endpoint_to_class[HID_EPIN_ADDR & 0x7F] = 0;
out_endpoint_to_class[HID_EPOUT_ADDR & 0x7F] = 0;
in_endpoint_to_class[CCID_IN_EP & 0x7F] = 1;
out_endpoint_to_class[CCID_OUT_EP & 0x7F] = 1;
in_endpoint_to_class[CDC_IN_EP & 0x7F] = 2;
out_endpoint_to_class[CDC_OUT_EP & 0x7F] = 2;
in_endpoint_to_class[CDC_IN_EP & 0x7F] = 1;
out_endpoint_to_class[CDC_OUT_EP & 0x7F] = 1;
USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0);
USBD_RegisterClass(&Solo_USBD_Device, &USBD_Composite);
#if DEBUG_LEVEL > 0
// USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID);
//
// USBD_RegisterClass(&Solo_USBD_Device, &USBD_CDC);
USBD_CDC_RegisterInterface(&Solo_USBD_Device, &USBD_Interface_fops_FS);
#endif
#else
USBD_Init(&Solo_USBD_Device, &Solo_Desc, 0);
USBD_RegisterClass(&Solo_USBD_Device, &USBD_HID);
#endif
USBD_Start(&Solo_USBD_Device);
}

2
targets/stm32l432/src/init.h
View File

@ -22,7 +22,7 @@
#ifndef _INIT_H_
#define _INIT_H_
void init_usb(void);
void init_usb();
void init_gpio(void);
void init_debug_uart(void);
void init_pwm(void);

135
targets/stm32l432/src/main.c
View File

@ -4,83 +4,104 @@
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include "stm32l4xx.h"
#include "stm32l4xx_ll_gpio.h"
#include "stm32l4xx_ll_rcc.h"
#include "stm32l4xx_ll_system.h"
#include "stm32l4xx_ll_pwr.h"
#include "stm32l4xx_ll_utils.h"
#include "stm32l4xx_ll_cortex.h"
#include "stm32l4xx_ll_gpio.h"
#include "stm32l4xx_ll_usart.h"
#include "stm32l4xx_ll_bus.h"
#include "stm32l4xx_ll_usb.h"
#include "stm32l4xx_hal_pcd.h"
#include "usbd_core.h"
#include "usbd_desc.h"
#include "usbd_hid.h"
/*#include "usbd_hid.h"*/
#include "cbor.h"
#include "device.h"
#include "ctaphid.h"
//#include "bsp.h"
#include "util.h"
#include "log.h"
#include "ctap.h"
#include APP_CONFIG
#include "flash.h"
#include "rng.h"
#include "led.h"
#include "device.h"
#include "util.h"
#include "fifo.h"
#include "log.h"
#if !defined(TEST)
#ifdef TEST_SOLO_STM32
#define Error_Handler() _Error_Handler(__FILE__,__LINE__)
#define PAGE_SIZE 2048
#define PAGES 128
// Pages 119-127 are data
#define COUNTER2_PAGE (PAGES - 4)
#define COUNTER1_PAGE (PAGES - 3)
#define STATE2_PAGE (PAGES - 2)
#define STATE1_PAGE (PAGES - 1)
int main(int argc, char *argv[])
uint32_t __90_ms = 0;
#define IS_BUTTON_PRESSED() (0 == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN))
// Timer6 overflow handler. happens every ~90ms.
void TIM6_DAC_IRQHandler()
{
uint8_t hidmsg[64];
uint32_t t1 = 0;
set_logging_mask(
/*0*/
//TAG_GEN|
// TAG_MC |
// TAG_GA |
TAG_WALLET |
TAG_STOR |
//TAG_NFC_APDU |
TAG_NFC |
//TAG_CP |
// TAG_CTAP|
//TAG_HID|
TAG_U2F|
//TAG_PARSE |
//TAG_TIME|
// TAG_DUMP|
TAG_GREEN|
TAG_RED|
TAG_EXT|
TAG_CCID|
TAG_ERR
);
device_init(argc, argv);
memset(hidmsg,0,sizeof(hidmsg));
// timer is only 16 bits, so roll it over here
TIM6->SR = 0;
__90_ms += 1;
}
uint32_t millis()
{
return (((uint32_t)TIM6->CNT) + (__90_ms * 90));
}
void _Error_Handler(char *file, int line)
{
while(1)
{
if (millis() - t1 > HEARTBEAT_PERIOD)
{
heartbeat();
t1 = millis();
}
}
device_manage();
int main(void)
{
uint32_t i = 5;
if (usbhid_recv(hidmsg) > 0)
hw_init();
LL_GPIO_SetPinMode(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_MODE_INPUT);
LL_GPIO_SetPinPull(SOLO_BUTTON_PORT,SOLO_BUTTON_PIN,LL_GPIO_PULL_UP);
flash_option_bytes_init(1);
while (1)
{
ctaphid_handle_packet(hidmsg);
memset(hidmsg, 0, sizeof(hidmsg));
uint32_t t0 = millis() % 750;
if (! IS_BUTTON_PRESSED())
{
if (t0 < 750*1/3)
{
led_rgb(0 | (0 << 8) | (i << 17));
}
else if (t0 < 750*2/3)
{
led_rgb(0 | (i << 8) | (0 << 16));
}
else
{
led_rgb(i | (0 << 8) | (0 << 16));
}
ctaphid_check_timeouts();
}
else
{
led_rgb(0x151515);
}
// Should never get here
usbhid_close();
printf1(TAG_GREEN, "done\n");
return 0;
}
}
#endif

45
targets/stm32l432/src/memory_layout.h
View File

@ -20,9 +20,6 @@
#define STATE2_PAGE (PAGES - 2)
#define STATE1_PAGE (PAGES - 1)
#define STATE1_PAGE_ADDR (0x08000000 + ((STATE1_PAGE)*PAGE_SIZE))
#define STATE2_PAGE_ADDR (0x08000000 + ((STATE2_PAGE)*PAGE_SIZE))
// Storage of FIDO2 resident keys
#define RK_NUM_PAGES 10
#define RK_START_PAGE (PAGES - 14)
@ -35,51 +32,15 @@
#define APPLICATION_START_ADDR (0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE))
// where attestation key is located
#define ATTESTATION_PAGE (PAGES - 15)
#define ATTESTATION_PAGE_ADDR (0x08000000 + ATTESTATION_PAGE*PAGE_SIZE)
#define ATTESTATION_KEY_PAGE (PAGES - 15)
#define ATTESTATION_KEY_ADDR (0x08000000 + ATTESTATION_KEY_PAGE*PAGE_SIZE)
// End of application code. Leave some extra room for future data storage.
// NOT included in application
#define APPLICATION_END_PAGE ((PAGES - 20))
#define APPLICATION_END_PAGE ((PAGES - 19))
#define APPLICATION_END_ADDR ((0x08000000 + ((APPLICATION_END_PAGE)*PAGE_SIZE))-8)
// Bootloader state.
#define AUTH_WORD_ADDR (APPLICATION_END_ADDR)
#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8)
#define BOOT_VERSION_PAGE (APPLICATION_END_PAGE)
#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8)
#define LAST_PAGE (APPLICATION_END_PAGE-1)
struct flash_memory_st{
uint8_t bootloader[APPLICATION_START_PAGE*2*1024];
uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-8];
uint8_t auth_word[4];
uint8_t bootloader_disabled[4];
// place for more user data
uint8_t _reserved_application_end_mark[8];
uint8_t bootloader_data[2*1024-8];
uint8_t user_data[38*1024];
} __attribute__((packed));
typedef struct flash_memory_st flash_memory_st;
#include <assert.h>
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
#define ATTESTATION_CONFIGURED_TAG 0xaa551e79
struct flash_attestation_page{
uint8_t attestation_key[32];
// DWORD padded.
uint64_t device_settings;
uint64_t attestation_cert_size;
uint8_t attestation_cert[2048 - 32 - 8 - 8];
} __attribute__((packed));
typedef struct flash_attestation_page flash_attestation_page;
static_assert(sizeof(flash_attestation_page) == 2048, "Data structure doesn't match flash size");
#endif

248
targets/stm32l432/src/nfc.c
View File

@ -18,18 +18,6 @@
static uint8_t chain_buffer[2048] = {0};
static size_t chain_buffer_len = 0;
static bool chain_buffer_tx = false;
static uint8_t current_cid = 0;
// forward declarations
void rblock_acknowledge(uint8_t req0, bool ack);
uint8_t p14443_have_cid(uint8_t pcb) {
// CID
if (pcb & 0x08)
return true;
else
return false;
}
uint8_t p14443_block_offset(uint8_t pcb) {
uint8_t offset = 1;
@ -203,7 +191,7 @@ bool nfc_write_response_ex(uint8_t req0, uint8_t * data, uint8_t len, uint16_t r
return false;
res[0] = NFC_CMD_IBLOCK | (req0 & 0x0f);
res[1] = current_cid;
res[1] = 0;
res[2] = 0;
uint8_t block_offset = p14443_block_offset(req0);
@ -240,8 +228,6 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len)
{
uint8_t res[32] = {0};
res[0] = iBlock;
res[1] = current_cid;
res[2] = 0;
if (len && data)
memcpy(&res[block_offset], data, len);
nfc_write_frame(res, len + block_offset);
@ -251,7 +237,7 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len)
// transmit I block
int vlen = MIN(32 - block_offset, len - sendlen);
res[0] = iBlock;
res[1] = current_cid;
res[1] = 0;
res[2] = 0;
memcpy(&res[block_offset], &data[sendlen], vlen);
@ -283,20 +269,6 @@ void nfc_write_response_chaining_plain(uint8_t req0, uint8_t * data, int len)
break;
}
if (!IS_RBLOCK(recbuf[0]))
{
printf1(TAG_NFC, "R block RX error. Not a R block(0x%02x) %d/%d.\r\n", recbuf[0], sendlen, len);
break;
}
// NAK check
if (recbuf[0] & NFC_CMD_RBLOCK_ACK)
{
rblock_acknowledge(recbuf[0], true);
printf1(TAG_NFC, "R block RX error. NAK received. %d/%d.\r\n", recbuf[0], sendlen, len);
break;
}
uint8_t rblock_offset = p14443_block_offset(recbuf[0]);
if (reclen != rblock_offset)
{
@ -359,7 +331,7 @@ static uint32_t WTX_timer;
bool WTX_process(int read_timeout);
void WTX_clear(void)
void WTX_clear()
{
WTX_sent = false;
WTX_fail = false;
@ -374,7 +346,7 @@ bool WTX_on(int WTX_time)
return true;
}
bool WTX_off(void)
bool WTX_off()
{
WTX_timer = 0;
@ -398,7 +370,7 @@ bool WTX_off(void)
return true;
}
void WTX_timer_exec(void)
void WTX_timer_exec()
{
// condition: (timer on) or (not expired[300ms])
if ((WTX_timer == 0) || WTX_timer + 300 > millis())
@ -494,9 +466,7 @@ void rblock_acknowledge(uint8_t req0, bool ack)
NFC_STATE.block_num = !NFC_STATE.block_num;
buf[0] = NFC_CMD_RBLOCK | (req0 & 0x0f);
buf[1] = current_cid;
// iso14443-4:2001 page 16. ACK, if bit is set to 0, NAK, if bit is set to 1
if (!ack)
if (ack)
buf[0] |= NFC_CMD_RBLOCK_ACK;
nfc_write_frame(buf, block_offset);
@ -550,39 +520,81 @@ int select_applet(uint8_t * aid, int len)
return APP_NOTHING;
}
void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
void nfc_process_iblock(uint8_t * buf, int len)
{
int selected;
CTAP_RESPONSE ctap_resp;
int status;
uint16_t reslen;
uint8_t block_offset = p14443_block_offset(buf[0]);
// clear tx chain buffer if we have some other command than GET RESPONSE
if (chain_buffer_tx && buf[block_offset + 1] != APDU_GET_RESPONSE) {
chain_buffer_len = 0;
chain_buffer_tx = false;
}
APDU_STRUCT apdu;
if (apdu_decode(buf + block_offset, len - block_offset, &apdu)) {
printf1(TAG_NFC,"apdu decode error\r\n");
nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED);
return;
}
printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n",
apdu.extended_apdu ? "[e]":"", apdu.case_type, apdu.cla, apdu.ins, apdu.p1, apdu.p2, apdu.lc, apdu.le);
// APDU level chaining. ISO7816-4, 5.1.1. class byte
if (!chain_buffer_tx && buf[block_offset] & 0x10) {
if (chain_buffer_len + len > sizeof(chain_buffer)) {
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc);
chain_buffer_len += apdu.lc;
delay(1);
nfc_write_response(buf[0], SW_SUCCESS);
printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len);
return;
}
// if we have ISO 7816 APDU chain - move there all the data
if (!chain_buffer_tx && chain_buffer_len > 0) {
delay(1);
memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc);
memmove(apdu.data, chain_buffer, chain_buffer_len);
apdu.lc += chain_buffer_len; // here apdu struct does not match with memory!
printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc);
}
// check CLA
if (apdu->cla != 0x00 && apdu->cla != 0x80) {
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu->cla);
nfc_write_response(buf0, SW_CLA_INVALID);
if (apdu.cla != 0x00 && apdu.cla != 0x80) {
printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla);
nfc_write_response(buf[0], SW_CLA_INVALID);
return;
}
// TODO this needs to be organized better
switch(apdu->ins)
switch(apdu.ins)
{
// ISO 7816. 7.1 GET RESPONSE command
case APDU_GET_RESPONSE:
if (apdu->p1 != 0x00 || apdu->p2 != 0x00)
if (apdu.p1 != 0x00 || apdu.p2 != 0x00)
{
nfc_write_response(buf0, SW_INCORRECT_P1P2);
nfc_write_response(buf[0], SW_INCORRECT_P1P2);
printf1(TAG_NFC, "P1 or P2 error\r\n");
return;
}
// too many bytes needs. 0x00 and 0x100 - any length
if (apdu->le != 0 && apdu->le != 0x100 && apdu->le > chain_buffer_len)
if (apdu.le != 0 && apdu.le != 0x100 && apdu.le > chain_buffer_len)
{
uint16_t wlresp = SW_WRONG_LENGTH; // here can be 6700, 6C00, 6FXX. but the most standard way - 67XX or 6700
if (chain_buffer_len <= 0xff)
wlresp += chain_buffer_len & 0xff;
nfc_write_response(buf0, wlresp);
nfc_write_response(buf[0], wlresp);
printf1(TAG_NFC, "buffer length less than requesteds\r\n");
return;
}
@ -590,8 +602,8 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
// create temporary packet
uint8_t pck[255] = {0};
size_t pcklen = 253;
if (apdu->le)
pcklen = apdu->le;
if (apdu.le)
pcklen = apdu.le;
if (pcklen > chain_buffer_len)
pcklen = chain_buffer_len;
@ -607,7 +619,7 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
}
// send
nfc_write_response_chaining_plain(buf0, pck, pcklen + dlen); // dlen for 61XX
nfc_write_response_chaining_plain(buf[0], pck, pcklen + dlen); // dlen for 61XX
// shift the buffer
chain_buffer_len -= pcklen;
@ -629,49 +641,49 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
// }
// else
{
selected = select_applet(apdu->data, apdu->lc);
selected = select_applet(apdu.data, apdu.lc);
if (selected == APP_FIDO)
{
nfc_write_response_ex(buf0, (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
printf1(TAG_NFC, "FIDO applet selected.\r\n");
}
else if (selected != APP_NOTHING)
{
nfc_write_response(buf0, SW_SUCCESS);
nfc_write_response(buf[0], SW_SUCCESS);
printf1(TAG_NFC, "SELECTED %d\r\n", selected);
}
else
{
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu->data, apdu->lc);
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu.data, apdu.lc);
}
}
break;
case APDU_FIDO_U2F_VERSION:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F GetVersion command.\r\n");
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
break;
case APDU_FIDO_U2F_REGISTER:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Register command.\r\n");
if (apdu->lc != 64)
if (apdu.lc != 64)
{
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu->lc);
nfc_write_response(buf0, SW_WRONG_LENGTH);
printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu.lc);
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
@ -682,59 +694,62 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
// SystemClock_Config_LF32();
// delay(300);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_FIDO_U2F_AUTHENTICATE:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
printf1(TAG_NFC, "U2F Authenticate command.\r\n");
if (apdu->lc != 64 + 1 + apdu->data[64])
if (apdu.lc != 64 + 1 + apdu.data[64])
{
delay(5);
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu->lc, apdu->data[64]);
nfc_write_response(buf0, SW_WRONG_LENGTH);
printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu.lc, apdu.data[64]);
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
timestamp();
// WTX_on(WTX_TIME_DEFAULT);
u2f_request_nfc(apduptr, apdu->data, apdu->lc, &ctap_resp);
u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
// if (!WTX_off())
// return;
printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
printf1(TAG_NFC,"U2F Authenticate processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"U2F Authenticate answered %d (took %d)\r\n", millis(), timestamp);
break;
case APDU_FIDO_NFCCTAP_MSG:
if (NFC_STATE.selected_applet != APP_FIDO) {
nfc_write_response(buf0, SW_INS_INVALID);
nfc_write_response(buf[0], SW_INS_INVALID);
return;
}
printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
// WTX_on(WTX_TIME_DEFAULT);
device_disable_up(true);
request_from_nfc(true);
ctap_response_init(&ctap_resp);
status = ctap_request(apdu->data, apdu->lc, &ctap_resp);
device_disable_up(false);
delay(1);
printf1(TAG_NFC,"[%d] ", apdu.lc);
dump_hex1(TAG_NFC,apdu.data, apdu.lc);
status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
request_from_nfc(false);
// if (!WTX_off())
// return;
@ -752,102 +767,42 @@ void apdu_process(uint8_t buf0, uint8_t *apduptr, APDU_STRUCT *apdu)
ctap_resp.data[ctap_resp.length - 1] = SW_SUCCESS & 0xff;
printf1(TAG_NFC,"CTAP processing %d (took %d)\r\n", millis(), timestamp());
nfc_write_response_chaining(buf0, ctap_resp.data, ctap_resp.length, apdu->extended_apdu);
nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length, apdu.extended_apdu);
printf1(TAG_NFC,"CTAP answered %d (took %d)\r\n", millis(), timestamp());
break;
case APDU_INS_READ_BINARY:
// response length
reslen = apdu->le & 0xffff;
reslen = apdu.le & 0xffff;
switch(NFC_STATE.selected_applet)
{
case APP_CAPABILITY_CONTAINER:
printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
if (reslen == 0 || reslen > sizeof(NFC_CC))
reslen = sizeof(NFC_CC);
nfc_write_response_ex(buf0, (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
case APP_NDEF_TAG:
printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
reslen = sizeof(NDEF_SAMPLE) - 1;
nfc_write_response_ex(buf0, NDEF_SAMPLE, reslen, SW_SUCCESS);
nfc_write_response_ex(buf[0], NDEF_SAMPLE, reslen, SW_SUCCESS);
ams_wait_for_tx(10);
break;
default:
nfc_write_response(buf0, SW_FILE_NOT_FOUND);
nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
printf1(TAG_ERR, "No binary applet selected!\r\n");
return;
break;
}
break;
case APDU_SOLO_RESET:
if (apdu->lc == 4 && !memcmp(apdu->data, "\x12\x56\xab\xf0", 4)) {
printf1(TAG_NFC, "Reset...\r\n");
nfc_write_response(buf0, SW_SUCCESS);
delay(20);
device_reboot();
while(1);
} else {
printf1(TAG_NFC, "Reset FAIL\r\n");
nfc_write_response(buf0, SW_INS_INVALID);
}
break;
default:
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins);
nfc_write_response(buf0, SW_INS_INVALID);
printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu.ins);
nfc_write_response(buf[0], SW_INS_INVALID);
break;
}
}
void nfc_process_iblock(uint8_t * buf, int len)
{
uint8_t block_offset = p14443_block_offset(buf[0]);
// clear tx chain buffer if we have some other command than GET RESPONSE
if (chain_buffer_tx && buf[block_offset + 1] != APDU_GET_RESPONSE) {
chain_buffer_len = 0;
chain_buffer_tx = false;
}
APDU_STRUCT apdu;
uint16_t ret = apdu_decode(buf + block_offset, len - block_offset, &apdu);
if (ret != 0) {
printf1(TAG_NFC,"apdu decode error\r\n");
nfc_write_response(buf[0], ret);
return;
}
printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n",
apdu.extended_apdu ? "[e]":"", apdu.case_type, apdu.cla, apdu.ins, apdu.p1, apdu.p2, apdu.lc, apdu.le);
// APDU level chaining. ISO7816-4, 5.1.1. class byte
if (!chain_buffer_tx && buf[block_offset] & 0x10) {
if (chain_buffer_len + len > sizeof(chain_buffer)) {
nfc_write_response(buf[0], SW_WRONG_LENGTH);
return;
}
memmove(&chain_buffer[chain_buffer_len], apdu.data, apdu.lc);
chain_buffer_len += apdu.lc;
nfc_write_response(buf[0], SW_SUCCESS);
printf1(TAG_NFC, "APDU chaining ok. %d/%d\r\n", apdu.lc, chain_buffer_len);
return;
}
// if we have ISO 7816 APDU chain - move there all the data
if (!chain_buffer_tx && chain_buffer_len > 0) {
memmove(&apdu.data[chain_buffer_len], apdu.data, apdu.lc);
memmove(apdu.data, chain_buffer, chain_buffer_len);
apdu.lc += chain_buffer_len; // here apdu struct does not match with memory!
printf1(TAG_NFC, "APDU chaining merge. %d/%d\r\n", chain_buffer_len, apdu.lc);
}
apdu_process(buf[0], &buf[block_offset], &apdu);
printf1(TAG_NFC,"prev.Iblock: ");
dump_hex1(TAG_NFC, buf, len);
@ -856,7 +811,7 @@ void nfc_process_iblock(uint8_t * buf, int len)
static uint8_t ibuf[1024];
static int ibuflen = 0;
void clear_ibuf(void)
void clear_ibuf()
{
ibuflen = 0;
memset(ibuf, 0, sizeof(ibuf));
@ -882,8 +837,6 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
else if (IS_IBLOCK(buf[0]))
{
uint8_t block_offset = p14443_block_offset(buf[0]);
if (p14443_have_cid(buf[0]))
current_cid = buf[1];
if (buf[0] & 0x10)
{
printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d offs=%d\r\n", ibuflen, len, block_offset);
@ -934,9 +887,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
}
else if (IS_RBLOCK(buf[0]))
{
if (p14443_have_cid(buf[0]))
current_cid = buf[1];
rblock_acknowledge(buf[0], true);
rblock_acknowledge(buf[0], false);
printf1(TAG_NFC, "NFC_CMD_RBLOCK\r\n");
}
else if (IS_SBLOCK(buf[0]))
@ -945,10 +896,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
if ((buf[0] & NFC_SBLOCK_DESELECT) == 0)
{
printf1(TAG_NFC, "NFC_CMD_SBLOCK, DESELECTED\r\n");
uint8_t block_offset = p14443_block_offset(buf[0]);
if (p14443_have_cid(buf[0]))
current_cid = buf[1];
nfc_write_frame(buf, block_offset);
nfc_write_frame(buf, 1);
ams_wait_for_tx(2);
ams_write_command(AMS_CMD_SLEEP);
nfc_state_init();
@ -969,7 +917,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
}
}
int nfc_loop(void)
int nfc_loop()
{
uint8_t buf[32];
AMS_DEVICE ams;

Some files were not shown because too many files have changed in this diff Show More