kopia lustrzana https://github.com/conorpp/u2f-zero
265 wiersze
6.8 KiB
C
265 wiersze
6.8 KiB
C
/*
|
|
* Copyright (c) 2016, Conor Patrick
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright notice, this
|
|
* list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
|
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
|
* u2f.c
|
|
* Cross platform implementation of U2F. See API docs in u2f.h.
|
|
*
|
|
* U2F spec: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html
|
|
*
|
|
*/
|
|
|
|
#include "app.h"
|
|
|
|
|
|
#ifndef U2F_DISABLE
|
|
|
|
#include "bsp.h"
|
|
#include "u2f.h"
|
|
|
|
|
|
// void u2f_response_writeback(uint8_t * buf, uint8_t len);
|
|
static int16_t u2f_register(struct u2f_register_request * req);
|
|
static int16_t u2f_version();
|
|
static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control);
|
|
|
|
void u2f_request(struct u2f_request_apdu * req)
|
|
{
|
|
uint16_t * rcode = (uint16_t *)req;
|
|
uint32_t len = ((req->LC3) | ((uint32_t)req->LC2 << 8) | ((uint32_t)req->LC1 << 16));
|
|
|
|
u2f_response_start();
|
|
|
|
if (req->cla != 0)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
*rcode = U2F_SW_CLASS_NOT_SUPPORTED;
|
|
goto end;
|
|
}
|
|
|
|
switch(req->ins)
|
|
{
|
|
case U2F_REGISTER:
|
|
if (len != 64)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
*rcode = U2F_SW_WRONG_LENGTH;
|
|
}
|
|
else
|
|
{
|
|
*rcode = u2f_register((struct u2f_register_request*)req->payload);
|
|
}
|
|
break;
|
|
case U2F_AUTHENTICATE:
|
|
*rcode = u2f_authenticate((struct u2f_authenticate_request*)req->payload, req->p1);
|
|
break;
|
|
case U2F_VERSION:
|
|
if (len)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
*rcode = U2F_SW_WRONG_LENGTH;
|
|
}
|
|
else
|
|
{
|
|
*rcode = u2f_version();
|
|
}
|
|
break;
|
|
case U2F_VENDOR_FIRST:
|
|
case U2F_VENDOR_LAST:
|
|
*rcode = U2F_SW_NO_ERROR;
|
|
break;
|
|
default:
|
|
u2f_hid_set_len(2);
|
|
*rcode = U2F_SW_INS_NOT_SUPPORTED;
|
|
break;
|
|
}
|
|
|
|
end:
|
|
u2f_response_writeback((uint8_t*)rcode,2);
|
|
u2f_response_flush();
|
|
}
|
|
|
|
static uint8_t get_signature_length(uint8_t * sig)
|
|
{
|
|
return 0x46 + ((sig[32] & 0x80) == 0x80) + ((sig[0] & 0x80) == 0x80);
|
|
}
|
|
|
|
static void dump_signature_der(uint8_t * sig)
|
|
{
|
|
uint8_t pad_s = (sig[32] & 0x80) == 0x80;
|
|
uint8_t pad_r = (sig[0] & 0x80) == 0x80;
|
|
uint8_t i[] = {0x30, 0x44};
|
|
i[1] += (pad_s + pad_r);
|
|
|
|
|
|
// DER encoded signature
|
|
// write der sequence
|
|
// has to be minimum distance and padded with 0x00 if MSB is a 1.
|
|
u2f_response_writeback(i,2);
|
|
i[1] = 0;
|
|
|
|
// length of R value plus 0x00 pad if necessary
|
|
u2f_response_writeback("\x02",1);
|
|
i[0] = 0x20 + pad_r;
|
|
u2f_response_writeback(i,1 + pad_r);
|
|
|
|
// R value
|
|
u2f_response_writeback(sig, 32);
|
|
|
|
// length of S value plus 0x00 pad if necessary
|
|
u2f_response_writeback("\x02",1);
|
|
i[0] = 0x20 + pad_s;
|
|
u2f_response_writeback(i,1 + pad_s);
|
|
|
|
// S value
|
|
u2f_response_writeback(sig+32, 32);
|
|
}
|
|
|
|
|
|
static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
|
|
{
|
|
|
|
uint8_t up = 1;
|
|
uint32_t count;
|
|
|
|
if (control == U2F_AUTHENTICATE_CHECK)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
if (u2f_appid_eq(req->kh, req->app) == 0)
|
|
{
|
|
return U2F_SW_CONDITIONS_NOT_SATISFIED;
|
|
}
|
|
else
|
|
{
|
|
return U2F_SW_WRONG_DATA;
|
|
}
|
|
}
|
|
if (
|
|
control != U2F_AUTHENTICATE_SIGN ||
|
|
req->khl != U2F_KEY_HANDLE_SIZE ||
|
|
u2f_appid_eq(req->kh, req->app) != 0 || // Order of checks is important
|
|
u2f_load_key(req->kh, req->app) != 0
|
|
|
|
)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
return U2F_SW_WRONG_PAYLOAD;
|
|
}
|
|
|
|
|
|
|
|
if (u2f_get_user_feedback())
|
|
{
|
|
u2f_hid_set_len(2);
|
|
return U2F_SW_CONDITIONS_NOT_SATISFIED;
|
|
}
|
|
|
|
count = u2f_count();
|
|
|
|
u2f_sha256_start();
|
|
u2f_sha256_update(req->app,32);
|
|
u2f_sha256_update(&up,1);
|
|
u2f_sha256_update((uint8_t *)&count,4);
|
|
u2f_sha256_update(req->chal,32);
|
|
|
|
u2f_sha256_finish();
|
|
|
|
if (u2f_ecdsa_sign((uint8_t*)req, req->kh, req->app) == -1)
|
|
{
|
|
return U2F_SW_WRONG_DATA+0x20;
|
|
}
|
|
|
|
u2f_hid_set_len(7 + get_signature_length((uint8_t*)req));
|
|
|
|
u2f_response_writeback(&up,1);
|
|
u2f_response_writeback((uint8_t *)&count,4);
|
|
dump_signature_der((uint8_t*)req);
|
|
|
|
return U2F_SW_NO_ERROR;
|
|
}
|
|
|
|
static int16_t u2f_register(struct u2f_register_request * req)
|
|
{
|
|
uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};
|
|
|
|
uint8_t key_handle[U2F_KEY_HANDLE_SIZE];
|
|
uint8_t pubkey[64];
|
|
|
|
|
|
const uint16_t attest_size = u2f_attestation_cert_size();
|
|
|
|
if (u2f_get_user_feedback())
|
|
{
|
|
u2f_hid_set_len(2);
|
|
return U2F_SW_CONDITIONS_NOT_SATISFIED;
|
|
}
|
|
|
|
if ( u2f_new_keypair(key_handle, req->app, pubkey) == -1)
|
|
{
|
|
u2f_hid_set_len(2);
|
|
return U2F_SW_INSUFFICIENT_MEMORY;
|
|
}
|
|
|
|
u2f_sha256_start();
|
|
u2f_sha256_update(i,1);
|
|
u2f_sha256_update(req->app,32);
|
|
|
|
u2f_sha256_update(req->chal,32);
|
|
|
|
u2f_sha256_update(key_handle,U2F_KEY_HANDLE_SIZE);
|
|
u2f_sha256_update(i+1,1);
|
|
u2f_sha256_update(pubkey,64);
|
|
u2f_sha256_finish();
|
|
|
|
if (u2f_ecdsa_sign((uint8_t*)req, U2F_ATTESTATION_HANDLE, req->app) == -1)
|
|
{
|
|
return U2F_SW_WRONG_DATA;
|
|
}
|
|
|
|
u2f_hid_set_len(69 + get_signature_length((uint8_t*)req) + U2F_KEY_HANDLE_SIZE + u2f_attestation_cert_size());
|
|
i[0] = 0x5;
|
|
u2f_response_writeback(i,2);
|
|
u2f_response_writeback(pubkey,64);
|
|
i[0] = U2F_KEY_HANDLE_SIZE;
|
|
u2f_response_writeback(i,1);
|
|
u2f_response_writeback(key_handle,U2F_KEY_HANDLE_SIZE);
|
|
|
|
u2f_response_writeback(u2f_get_attestation_cert(),u2f_attestation_cert_size());
|
|
|
|
dump_signature_der((uint8_t*)req);
|
|
|
|
|
|
return U2F_SW_NO_ERROR;
|
|
}
|
|
|
|
static int16_t u2f_version()
|
|
{
|
|
code const char version[] = "U2F_V2";
|
|
u2f_hid_set_len(2 + sizeof(version)-1);
|
|
u2f_response_writeback(version, sizeof(version)-1);
|
|
return U2F_SW_NO_ERROR;
|
|
}
|
|
|
|
#endif
|