solo1/fido2/u2f.c

#include <stdlib.h>
#include "u2f.h"
#include "ctap.h"
#include "crypto.h"
#include "log.h"
#include "device.h"
#include "wallet.h"
#include "app.h"

// void u2f_response_writeback(uint8_t * buf, uint8_t len);
static int16_t u2f_register(struct u2f_register_request * req);
static int16_t u2f_version();
static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control);
int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);
void u2f_reset_response();

static CTAP_RESPONSE * _u2f_resp = NULL;

void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
{
    uint16_t rcode;
    uint64_t t1,t2;
    uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
    uint8_t byte;

    _u2f_resp = resp;

    if (req->cla != 0)
    {
        printf1(TAG_U2F, "CLA not zero\n");
        rcode = U2F_SW_CLASS_NOT_SUPPORTED;
        goto end;
    }
#if defined(BRIDGE_TO_WALLET) || defined(IS_BOOTLOADER)
    struct u2f_authenticate_request * auth = (struct u2f_authenticate_request *) req->payload;


    if (req->ins == U2F_AUTHENTICATE)
    {
        if (req->p1 == U2F_AUTHENTICATE_CHECK)
        {


            if (is_wallet_device((uint8_t *) &auth->kh, auth->khl))     // Pin requests
            {
                rcode =  U2F_SW_CONDITIONS_NOT_SATISFIED;
            }
            else
            {
                rcode =  U2F_SW_WRONG_DATA;
            }
            printf1(TAG_WALLET,"Ignoring U2F request\n");
            goto end;
        }
        else
        {
            if ( ! is_wallet_device((uint8_t *) &auth->kh, auth->khl))     // Pin requests
            {
                rcode = U2F_SW_WRONG_PAYLOAD;
                printf1(TAG_WALLET,"Ignoring U2F request\n");
                goto end;
            }
            rcode = bridge_u2f_to_wallet(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh);
        }
    }
    else if (req->ins == U2F_VERSION)
    {
        printf1(TAG_U2F, "U2F_VERSION\n");
        if (len)
        {
            rcode = U2F_SW_WRONG_LENGTH;
        }
        else
        {
            rcode = u2f_version();
        }
    }
    else
    {
        rcode = U2F_SW_INS_NOT_SUPPORTED;
    }

#else
    switch(req->ins)
    {
        case U2F_REGISTER:
            printf1(TAG_U2F, "U2F_REGISTER\n");
            if (len != 64)
            {
                rcode = U2F_SW_WRONG_LENGTH;
            }
            else
            {
                t1 = millis();
                rcode = u2f_register((struct u2f_register_request*)req->payload);
                t2 = millis();
                printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);
            }
            break;
        case U2F_AUTHENTICATE:
            printf1(TAG_U2F, "U2F_AUTHENTICATE\n");
            t1 = millis();
            rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
            t2 = millis();
            printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);
            break;
        case U2F_VERSION:
            printf1(TAG_U2F, "U2F_VERSION\n");
            if (len)
            {
                rcode = U2F_SW_WRONG_LENGTH;
            }
            else
            {
                rcode = u2f_version();
            }
            break;
        case U2F_VENDOR_FIRST:
        case U2F_VENDOR_LAST:
            printf1(TAG_U2F, "U2F_VENDOR\n");
            rcode = U2F_SW_NO_ERROR;
            break;
        default:
            printf1(TAG_ERR, "Error, unknown U2F command\n");
            rcode = U2F_SW_INS_NOT_SUPPORTED;
            break;
    }
#endif

end:
    if (rcode != U2F_SW_NO_ERROR)
    {
        printf1(TAG_U2F,"U2F Error code %04x\n", rcode);
        ctap_response_init(_u2f_resp);
    }

    byte = (rcode & 0xff00)>>8;
    u2f_response_writeback(&byte,1);
    byte = rcode & 0xff;
    u2f_response_writeback(&byte,1);

    printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length);
}


int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)
{
    if ((_u2f_resp->length + len) > _u2f_resp->data_size)
    {
        printf2(TAG_ERR, "Not enough space for U2F response, writeback\n");
        exit(1);
    }
    memmove(_u2f_resp->data + _u2f_resp->length, buf, len);
    _u2f_resp->length += len;
    return 0;
}

void u2f_reset_response()
{
    ctap_response_init(_u2f_resp);
}


static void dump_signature_der(uint8_t * sig)
{
    uint8_t sigder[72];
    int len;
    len = ctap_encode_der_sig(sig, sigder);
    u2f_response_writeback(sigder, len);
}
static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)
{
    crypto_ecc256_load_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, NULL, 0);
    return 0;
}

static void u2f_make_auth_tag(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * tag)
{
    uint8_t hashbuf[32];
    crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, hashbuf);
    crypto_sha256_update(kh->key, U2F_KEY_HANDLE_KEY_SIZE);
    crypto_sha256_update(appid, U2F_APPLICATION_SIZE);
    crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0,hashbuf);
    memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
}

static int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pubkey)
{
    ctap_generate_rng(kh->key, U2F_KEY_HANDLE_KEY_SIZE);
    u2f_make_auth_tag(kh, appid, kh->tag);

    crypto_ecc256_derive_public_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, pubkey, pubkey+32);
    return 0;
}


static int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid)
{
    uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];
    u2f_make_auth_tag(kh, appid, tag);
    if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)
    {
        return 0;
    }
    else
    {
        printf1(TAG_U2F, "key handle + appid not authentic\n");
        printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);
        printf1(TAG_U2F, "inp  tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);
        return -1;
    }
}


static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
{

    uint8_t up = 1;
    uint32_t count;
    uint8_t hash[32];
    uint8_t * sig = (uint8_t*)req;

    if (control == U2F_AUTHENTICATE_CHECK)
    {
        if (u2f_appid_eq(&req->kh, req->app) == 0)
        {
            return U2F_SW_CONDITIONS_NOT_SATISFIED;
        }
        else
        {
            return U2F_SW_WRONG_DATA;
        }
    }
    if (
            control != U2F_AUTHENTICATE_SIGN ||
            req->khl != U2F_KEY_HANDLE_SIZE  ||
            u2f_appid_eq(&req->kh, req->app) != 0 ||     // Order of checks is important
            u2f_load_key(&req->kh, req->app) != 0

        )
    {
        return U2F_SW_WRONG_PAYLOAD;
    }


    if (ctap_user_presence_test() == 0)
    {
        return U2F_SW_CONDITIONS_NOT_SATISFIED;
    }

    count = ctap_atomic_count(0);

    crypto_sha256_init();

    crypto_sha256_update(req->app,32);
    crypto_sha256_update(&up,1);
    crypto_sha256_update((uint8_t *)&count,4);
    crypto_sha256_update(req->chal,32);

    crypto_sha256_final(hash);

    printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32);
    crypto_ecc256_sign(hash, 32, sig);

    u2f_response_writeback(&up,1);
    u2f_response_writeback((uint8_t *)&count,4);
    dump_signature_der(sig);

    return U2F_SW_NO_ERROR;
}

static int16_t u2f_register(struct u2f_register_request * req)
{
    uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};

    struct u2f_key_handle key_handle;
    uint8_t pubkey[64];
    uint8_t hash[32];
    uint8_t * sig = (uint8_t*)req;


    const uint16_t attest_size = attestation_cert_der_size;

    if ( ! ctap_user_presence_test())
    {
        return U2F_SW_CONDITIONS_NOT_SATISFIED;
    }

    if ( u2f_new_keypair(&key_handle, req->app, pubkey) == -1)
    {
        return U2F_SW_INSUFFICIENT_MEMORY;
    }

    crypto_sha256_init();
    crypto_sha256_update(i,1);
    crypto_sha256_update(req->app,32);

    crypto_sha256_update(req->chal,32);

    crypto_sha256_update((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);
    crypto_sha256_update(i+1,1);
    crypto_sha256_update(pubkey,64);
    crypto_sha256_final(hash);

    crypto_ecc256_load_attestation_key();

    /*printf("check key handle size: %d vs %d\n", U2F_KEY_HANDLE_SIZE, sizeof(struct u2f_key_handle));*/

    printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32);
    crypto_ecc256_sign(hash, 32, sig);

    i[0] = 0x5;
    u2f_response_writeback(i,2);
    u2f_response_writeback(pubkey,64);
    i[0] = U2F_KEY_HANDLE_SIZE;
    u2f_response_writeback(i,1);
    u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);

    u2f_response_writeback(attestation_cert_der,attest_size);

    dump_signature_der(sig);

    /*printf1(TAG_U2F, "dersig: "); dump_hex1(TAG_U2F,sig,74);*/


    return U2F_SW_NO_ERROR;
}

static int16_t u2f_version()
{
    const char version[] = "U2F_V2";
    u2f_response_writeback((uint8_t*)version, sizeof(version)-1);
    return U2F_SW_NO_ERROR;
}
u2f support added 2018-05-26 19:29:37 +00:00			`#include <stdlib.h>`
add u2f shell 2018-05-26 15:36:41 +00:00			`#include "u2f.h"`
			`#include "ctap.h"`
			`#include "crypto.h"`
u2f support added 2018-05-26 19:29:37 +00:00			`#include "log.h"`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`#include "device.h"`
pin requests, check button, version 2018-07-12 03:00:53 +00:00			`#include "wallet.h"`
add wallet channel 2018-07-08 02:43:06 +00:00			`#include "app.h"`
add u2f shell 2018-05-26 15:36:41 +00:00
			`// void u2f_response_writeback(uint8_t * buf, uint8_t len);`
			`static int16_t u2f_register(struct u2f_register_request * req);`
			`static int16_t u2f_version();`
			`static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control);`
add wallet channel 2018-07-08 02:43:06 +00:00			`int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len);`
pin auth working 2018-07-09 02:36:16 +00:00			`void u2f_reset_response();`
add u2f shell 2018-05-26 15:36:41 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`static CTAP_RESPONSE * _u2f_resp = NULL;`

			`void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`uint16_t rcode;`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`uint64_t t1,t2;`
add u2f shell 2018-05-26 15:36:41 +00:00			`uint32_t len = ((req->LC3) \| ((uint32_t)req->LC2 << 8) \| ((uint32_t)req->LC1 << 16));`
u2f support added 2018-05-26 19:29:37 +00:00			`uint8_t byte;`

			`_u2f_resp = resp;`
add u2f shell 2018-05-26 15:36:41 +00:00
			`if (req->cla != 0)`
			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "CLA not zero\n");`
			`rcode = U2F_SW_CLASS_NOT_SUPPORTED;`
add u2f shell 2018-05-26 15:36:41 +00:00			`goto end;`
			`}`
add spacing 2018-09-03 04:23:10 +00:00			`#if defined(BRIDGE_TO_WALLET) \|\| defined(IS_BOOTLOADER)`
pin auth working 2018-07-09 02:36:16 +00:00			`struct u2f_authenticate_request * auth = (struct u2f_authenticate_request *) req->payload;`
finish bootloader 2018-07-15 03:03:25 +00:00

add wallet channel 2018-07-08 02:43:06 +00:00			`if (req->ins == U2F_AUTHENTICATE)`
			`{`
			`if (req->p1 == U2F_AUTHENTICATE_CHECK)`
			`{`
port to device, working 2018-07-14 00:29:14 +00:00

			`if (is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests`
attempt at promises.. 2018-07-12 04:14:39 +00:00			`{`
			`rcode = U2F_SW_CONDITIONS_NOT_SATISFIED;`
			`}`
			`else`
			`{`
			`rcode = U2F_SW_WRONG_DATA;`
			`}`
port to device, working 2018-07-14 00:29:14 +00:00			`printf1(TAG_WALLET,"Ignoring U2F request\n");`
attempt at promises.. 2018-07-12 04:14:39 +00:00			`goto end;`
add wallet channel 2018-07-08 02:43:06 +00:00			`}`
			`else`
			`{`
port to device, working 2018-07-14 00:29:14 +00:00			`if ( ! is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests`
attempt at promises.. 2018-07-12 04:14:39 +00:00			`{`
			`rcode = U2F_SW_WRONG_PAYLOAD;`
port to device, working 2018-07-14 00:29:14 +00:00			`printf1(TAG_WALLET,"Ignoring U2F request\n");`
attempt at promises.. 2018-07-12 04:14:39 +00:00			`goto end;`
			`}`
pin requests, check button, version 2018-07-12 03:00:53 +00:00			`rcode = bridge_u2f_to_wallet(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh);`
add wallet channel 2018-07-08 02:43:06 +00:00			`}`
			`}`
			`else if (req->ins == U2F_VERSION)`
			`{`
			`printf1(TAG_U2F, "U2F_VERSION\n");`
			`if (len)`
			`{`
			`rcode = U2F_SW_WRONG_LENGTH;`
			`}`
			`else`
			`{`
			`rcode = u2f_version();`
			`}`
			`}`
			`else`
			`{`
pin requests, check button, version 2018-07-12 03:00:53 +00:00			`rcode = U2F_SW_INS_NOT_SUPPORTED;`
add wallet channel 2018-07-08 02:43:06 +00:00			`}`
finish bootloader 2018-07-15 03:03:25 +00:00
add wallet channel 2018-07-08 02:43:06 +00:00			`#else`
add u2f shell 2018-05-26 15:36:41 +00:00			`switch(req->ins)`
			`{`
			`case U2F_REGISTER:`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "U2F_REGISTER\n");`
add u2f shell 2018-05-26 15:36:41 +00:00			`if (len != 64)`
			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`rcode = U2F_SW_WRONG_LENGTH;`
add u2f shell 2018-05-26 15:36:41 +00:00			`}`
			`else`
			`{`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`t1 = millis();`
u2f support added 2018-05-26 19:29:37 +00:00			`rcode = u2f_register((struct u2f_register_request*)req->payload);`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`t2 = millis();`
			`printf1(TAG_TIME,"u2f_register time: %d ms\n", t2-t1);`
add u2f shell 2018-05-26 15:36:41 +00:00			`}`
			`break;`
			`case U2F_AUTHENTICATE:`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "U2F_AUTHENTICATE\n");`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`t1 = millis();`
u2f support added 2018-05-26 19:29:37 +00:00			`rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);`
ctap/u2f works on nrf52 2018-06-02 22:30:59 +00:00			`t2 = millis();`
			`printf1(TAG_TIME,"u2f_authenticate time: %d ms\n", t2-t1);`
add u2f shell 2018-05-26 15:36:41 +00:00			`break;`
			`case U2F_VERSION:`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "U2F_VERSION\n");`
add u2f shell 2018-05-26 15:36:41 +00:00			`if (len)`
			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`rcode = U2F_SW_WRONG_LENGTH;`
add u2f shell 2018-05-26 15:36:41 +00:00			`}`
			`else`
			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`rcode = u2f_version();`
add u2f shell 2018-05-26 15:36:41 +00:00			`}`
			`break;`
			`case U2F_VENDOR_FIRST:`
			`case U2F_VENDOR_LAST:`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "U2F_VENDOR\n");`
			`rcode = U2F_SW_NO_ERROR;`
add u2f shell 2018-05-26 15:36:41 +00:00			`break;`
			`default:`
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_ERR, "Error, unknown U2F command\n");`
			`rcode = U2F_SW_INS_NOT_SUPPORTED;`
add u2f shell 2018-05-26 15:36:41 +00:00			`break;`
			`}`
add wallet channel 2018-07-08 02:43:06 +00:00			`#endif`
add u2f shell 2018-05-26 15:36:41 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`end:`
			`if (rcode != U2F_SW_NO_ERROR)`
			`{`
			`printf1(TAG_U2F,"U2F Error code %04x\n", rcode);`
			`ctap_response_init(_u2f_resp);`
			`}`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`byte = (rcode & 0xff00)>>8;`
			`u2f_response_writeback(&byte,1);`
			`byte = rcode & 0xff;`
			`u2f_response_writeback(&byte,1);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`}`


add wallet channel 2018-07-08 02:43:06 +00:00			`int8_t u2f_response_writeback(const uint8_t * buf, uint16_t len)`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`if ((_u2f_resp->length + len) > _u2f_resp->data_size)`
			`{`
			`printf2(TAG_ERR, "Not enough space for U2F response, writeback\n");`
			`exit(1);`
			`}`
			`memmove(_u2f_resp->data + _u2f_resp->length, buf, len);`
			`_u2f_resp->length += len;`
			`return 0;`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`}`

pin auth working 2018-07-09 02:36:16 +00:00			`void u2f_reset_response()`
			`{`
			`ctap_response_init(_u2f_resp);`
			`}`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00

add u2f shell 2018-05-26 15:36:41 +00:00			`static void dump_signature_der(uint8_t * sig)`
			`{`
fix der encoding bug in u2f 2018-05-26 19:35:58 +00:00			`uint8_t sigder[72];`
			`int len;`
			`len = ctap_encode_der_sig(sig, sigder);`
			`u2f_response_writeback(sigder, len);`
add u2f shell 2018-05-26 15:36:41 +00:00			`}`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`static int8_t u2f_load_key(struct u2f_key_handle * kh, uint8_t * appid)`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
u2f support added 2018-05-26 19:29:37 +00:00			`crypto_ecc256_load_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, NULL, 0);`
add u2f shell 2018-05-26 15:36:41 +00:00			`return 0;`
			`}`

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`static void u2f_make_auth_tag(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * tag)`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
			`uint8_t hashbuf[32];`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, hashbuf);`
add u2f shell 2018-05-26 15:36:41 +00:00			`crypto_sha256_update(kh->key, U2F_KEY_HANDLE_KEY_SIZE);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_update(appid, U2F_APPLICATION_SIZE);`
			`crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0,hashbuf);`
add u2f shell 2018-05-26 15:36:41 +00:00			`memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);`
			`}`

u2f support added 2018-05-26 19:29:37 +00:00			`static int8_t u2f_new_keypair(struct u2f_key_handle * kh, uint8_t * appid, uint8_t * pubkey)`
			`{`
			`ctap_generate_rng(kh->key, U2F_KEY_HANDLE_KEY_SIZE);`
			`u2f_make_auth_tag(kh, appid, kh->tag);`

			`crypto_ecc256_derive_public_key((uint8_t*)kh, U2F_KEY_HANDLE_SIZE, pubkey, pubkey+32);`
			`return 0;`
			`}`


add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`static int8_t u2f_appid_eq(struct u2f_key_handle * kh, uint8_t * appid)`
			`{`
			`uint8_t tag[U2F_KEY_HANDLE_TAG_SIZE];`
u2f support added 2018-05-26 19:29:37 +00:00			`u2f_make_auth_tag(kh, appid, tag);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`if (memcmp(kh->tag, tag, U2F_KEY_HANDLE_TAG_SIZE) == 0)`
u2f support added 2018-05-26 19:29:37 +00:00			`{`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`return 0;`
u2f support added 2018-05-26 19:29:37 +00:00			`}`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`else`
u2f support added 2018-05-26 19:29:37 +00:00			`{`
			`printf1(TAG_U2F, "key handle + appid not authentic\n");`
			`printf1(TAG_U2F, "calc tag: \n"); dump_hex1(TAG_U2F,tag, U2F_KEY_HANDLE_TAG_SIZE);`
			`printf1(TAG_U2F, "inp tag: \n"); dump_hex1(TAG_U2F,kh->tag, U2F_KEY_HANDLE_TAG_SIZE);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`return -1;`
u2f support added 2018-05-26 19:29:37 +00:00			`}`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`}`



add u2f shell 2018-05-26 15:36:41 +00:00			`static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)`
			`{`

			`uint8_t up = 1;`
			`uint32_t count;`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`uint8_t hash[32];`
			`uint8_t * sig = (uint8_t*)req;`
add u2f shell 2018-05-26 15:36:41 +00:00
			`if (control == U2F_AUTHENTICATE_CHECK)`
			`{`
			`if (u2f_appid_eq(&req->kh, req->app) == 0)`
			`{`
			`return U2F_SW_CONDITIONS_NOT_SATISFIED;`
			`}`
			`else`
			`{`
			`return U2F_SW_WRONG_DATA;`
			`}`
			`}`
			`if (`
			`control != U2F_AUTHENTICATE_SIGN \|\|`
			`req->khl != U2F_KEY_HANDLE_SIZE \|\|`
			`u2f_appid_eq(&req->kh, req->app) != 0 \|\| // Order of checks is important`
			`u2f_load_key(&req->kh, req->app) != 0`

			`)`
			`{`
			`return U2F_SW_WRONG_PAYLOAD;`
			`}`



u2f support added 2018-05-26 19:29:37 +00:00			`if (ctap_user_presence_test() == 0)`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
			`return U2F_SW_CONDITIONS_NOT_SATISFIED;`
			`}`

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`count = ctap_atomic_count(0);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_init();`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_update(req->app,32);`
			`crypto_sha256_update(&up,1);`
			`crypto_sha256_update((uint8_t *)&count,4);`
			`crypto_sha256_update(req->chal,32);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_final(hash);`

u2f support added 2018-05-26 19:29:37 +00:00			`printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_ecc256_sign(hash, 32, sig);`
add u2f shell 2018-05-26 15:36:41 +00:00
			`u2f_response_writeback(&up,1);`
			`u2f_response_writeback((uint8_t *)&count,4);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`dump_signature_der(sig);`
add u2f shell 2018-05-26 15:36:41 +00:00
			`return U2F_SW_NO_ERROR;`
			`}`

			`static int16_t u2f_register(struct u2f_register_request * req)`
			`{`
			`uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};`

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`struct u2f_key_handle key_handle;`
add u2f shell 2018-05-26 15:36:41 +00:00			`uint8_t pubkey[64];`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`uint8_t hash[32];`
			`uint8_t * sig = (uint8_t*)req;`
add u2f shell 2018-05-26 15:36:41 +00:00

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`const uint16_t attest_size = attestation_cert_der_size;`
add u2f shell 2018-05-26 15:36:41 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`if ( ! ctap_user_presence_test())`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
			`return U2F_SW_CONDITIONS_NOT_SATISFIED;`
			`}`

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`if ( u2f_new_keypair(&key_handle, req->app, pubkey) == -1)`
add u2f shell 2018-05-26 15:36:41 +00:00			`{`
			`return U2F_SW_INSUFFICIENT_MEMORY;`
			`}`

whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_init();`
			`crypto_sha256_update(i,1);`
			`crypto_sha256_update(req->app,32);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_update(req->chal,32);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_sha256_update((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);`
			`crypto_sha256_update(i+1,1);`
			`crypto_sha256_update(pubkey,64);`
			`crypto_sha256_final(hash);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_ecc256_load_attestation_key();`
u2f support added 2018-05-26 19:29:37 +00:00
			`/printf("check key handle size: %d vs %d\n", U2F_KEY_HANDLE_SIZE, sizeof(struct u2f_key_handle));/`

			`printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`crypto_ecc256_sign(hash, 32, sig);`
add u2f shell 2018-05-26 15:36:41 +00:00
			`i[0] = 0x5;`
			`u2f_response_writeback(i,2);`
			`u2f_response_writeback(pubkey,64);`
			`i[0] = U2F_KEY_HANDLE_SIZE;`
			`u2f_response_writeback(i,1);`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);`
add u2f shell 2018-05-26 15:36:41 +00:00
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`u2f_response_writeback(attestation_cert_der,attest_size);`
add u2f shell 2018-05-26 15:36:41 +00:00
u2f support added 2018-05-26 19:29:37 +00:00			`dump_signature_der(sig);`

			`/printf1(TAG_U2F, "dersig: "); dump_hex1(TAG_U2F,sig,74);/`
add u2f shell 2018-05-26 15:36:41 +00:00

			`return U2F_SW_NO_ERROR;`
			`}`

			`static int16_t u2f_version()`
			`{`
whitebox patch u2f not tested 2018-05-26 16:51:56 +00:00			`const char version[] = "U2F_V2";`
compile with no warnings 2018-06-02 19:48:29 +00:00			`u2f_response_writeback((uint8_t*)version, sizeof(version)-1);`
add u2f shell 2018-05-26 15:36:41 +00:00			`return U2F_SW_NO_ERROR;`
			`}`