Arduino/pico-fido
1
0
Fork 1
mirror of https://github.com/polhenarejos/pico-fido.git synced 2025-12-18 18:16:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use latest Pico Keys SDK.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-05-05 00:58:51 +02:00
parent f3f34cf66b
commit 1f0e1fb8f4
14 changed files with 49 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pico-keys-sdk

Submodule pico-keys-sdk updated: 151ae5fae4...88071e1172

16
src/fido/cbor_client_pin.c
View File

@@ -169,7 +169,7 @@ int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
int resetPinUvAuthToken() {
uint8_t t[32];
random_gen(NULL, t, sizeof(t));
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
file_put_data(ef_authtoken, t, sizeof(t));
paut.permissions = 0;
paut.data = file_get_data(ef_authtoken);
paut.len = file_get_size(ef_authtoken);
@@ -417,7 +417,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
hsh[0] = MAX_PIN_RETRIES;
hsh[1] = pin_len;
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 2);
flash_write_data_to_file(ef_pin, hsh, 2 + 16);
file_put_data(ef_pin, hsh, 2 + 16);
low_flash_available();
goto err; //No return
}
@@ -464,7 +464,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
uint8_t pin_data[18];
memcpy(pin_data, file_get_data(ef_pin), 18);
pin_data[0] -= 1;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64];
@@ -489,7 +489,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
}
}
pin_data[0] = MAX_PIN_RETRIES;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
new_pin_mismatches = 0;
ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin);
@@ -520,12 +520,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
memcmp(hsh + 2, file_get_data(ef_pin) + 2, 16) == 0) {
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
}
flash_write_data_to_file(ef_pin, hsh, 2 + 16);
file_put_data(ef_pin, hsh, 2 + 16);
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(ef_minpin));
memcpy(tmp, file_get_data(ef_minpin), file_get_size(ef_minpin));
tmp[1] = 0;
flash_write_data_to_file(ef_minpin, tmp, file_get_size(ef_minpin));
file_put_data(ef_minpin, tmp, file_get_size(ef_minpin));
free(tmp);
}
low_flash_available();
@@ -573,7 +573,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
uint8_t pin_data[18];
memcpy(pin_data, file_get_data(ef_pin), 18);
pin_data[0] -= 1;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64], poff = (pinUvAuthProtocol - 1) * IV_SIZE;
@@ -599,7 +599,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
}
pin_data[0] = MAX_PIN_RETRIES;
new_pin_mismatches = 0;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {

12
src/fido/cbor_config.c
View File

@@ -142,9 +142,9 @@ int cbor_config(const uint8_t *data, size_t len) {
if (has_keydev_dec == false) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec));
file_put_data(ef_keydev, keydev_dec, sizeof(keydev_dec));
mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec));
flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
low_flash_available();
}
else if (vendorCommandId == CTAP_CONFIG_AUT_ENABLE) {
@@ -178,10 +178,10 @@ int cbor_config(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}
flash_write_data_to_file(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
file_put_data(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
mbedtls_platform_zeroize(key_dev_enc, sizeof(key_dev_enc));
flash_write_data_to_file(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes
low_flash_available();
}
else {
@@ -216,7 +216,7 @@ int cbor_config(const uint8_t *data, size_t len) {
data + 2 + m * 32,
0);
}
flash_write_data_to_file(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32);
file_put_data(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32);
low_flash_available();
goto err; //No return
}

2
src/fido/cbor_cred_mgmt.c
View File

@@ -380,7 +380,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
delete_file(rp_ef);
}
else {
flash_write_data_to_file(rp_ef, rp_data, file_get_size(rp_ef));
file_put_data(rp_ef, rp_data, file_get_size(rp_ef));
}
free(rp_data);
break;

2
src/fido/cbor_get_assertion.c
View File

@@ -640,7 +640,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
err:
CBOR_FREE_BYTE_STRING(clientDataHash);

2
src/fido/cbor_large_blobs.c
View File

@@ -155,7 +155,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) {
if (expectedLength > 17 && memcmp(sha, temp_lba + expectedLength - 16, 16) != 0) {
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
}
flash_write_data_to_file(ef_largeblob, temp_lba, expectedLength);
file_put_data(ef_largeblob, temp_lba, expectedLength);
low_flash_available();
}
goto err;

2
src/fido/cbor_make_credential.c
View File

@@ -518,7 +518,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
}
}
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
err:
CBOR_FREE_BYTE_STRING(clientDataHash);

8
src/fido/cbor_vendor.c
View File

@@ -121,9 +121,9 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
}
uint8_t zeros[32];
memset(zeros, 0, sizeof(zeros));
flash_write_data_to_file(ef_keydev_enc, vendorParam.data, vendorParam.len);
flash_write_data_to_file(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0
flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev_enc, vendorParam.data, vendorParam.len);
file_put_data(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0
file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes
low_flash_available();
goto err;
}
@@ -306,7 +306,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
}
file_t *ef_ee_ea = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF);
if (ef_ee_ea) {
flash_write_data_to_file(ef_ee_ea, vendorParam.data, vendorParam.len);
file_put_data(ef_ee_ea, vendorParam.data, vendorParam.len);
}
low_flash_available();
goto err;

2
src/fido/cmd_authenticate.c
View File

@@ -97,7 +97,7 @@ int cmd_authenticate() {
res_APDU_size = 1 + 4 + olen;
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
return SW_OK();
}

6
src/fido/credential.c
View File

@@ -306,7 +306,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
memcpy(data, rp_id_hash, 32);
memcpy(data + 32, cred_id, cred_id_len);
file_t *ef = file_new(EF_CRED + sloti);
flash_write_data_to_file(ef, data, cred_id_len + 32);
file_put_data(ef, data, cred_id_len + 32);
free(data);
if (new_record == true) { //increase rps
@@ -332,7 +332,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
data = (uint8_t *) calloc(1, file_get_size(ef));
memcpy(data, file_get_data(ef), file_get_size(ef));
data[0] += 1;
flash_write_data_to_file(ef, data, file_get_size(ef));
file_put_data(ef, data, file_get_size(ef));
free(data);
}
else {
@@ -341,7 +341,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
data[0] = 1;
memcpy(data + 1, rp_id_hash, 32);
memcpy(data + 1 + 32, cred.rpId.data, cred.rpId.len);
flash_write_data_to_file(ef, data, 1 + 32 + cred.rpId.len);
file_put_data(ef, data, 1 + 32 + cred.rpId.len);
free(data);
}
}

12
src/fido/fido.c
View File

@@ -317,7 +317,7 @@ int scan_files() {
uint8_t kdata[32];
int key_size = mbedtls_mpi_size(&ecdsa.d);
mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size);
ret = flash_write_data_to_file(ef_keydev, kdata, key_size);
ret = file_put_data(ef_keydev, kdata, key_size);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
@@ -353,7 +353,7 @@ int scan_files() {
if (ret <= 0) {
return ret;
}
flash_write_data_to_file(ef_certdev, cert + sizeof(cert) - ret, ret);
file_put_data(ef_certdev, cert + sizeof(cert) - ret, ret);
}
}
else {
@@ -363,7 +363,7 @@ int scan_files() {
if (ef_counter) {
if (!file_has_data(ef_counter)) {
uint32_t v = 0;
flash_write_data_to_file(ef_counter, (uint8_t *) &v, sizeof(v));
file_put_data(ef_counter, (uint8_t *) &v, sizeof(v));
}
}
else {
@@ -375,7 +375,7 @@ int scan_files() {
if (!file_has_data(ef_authtoken)) {
uint8_t t[32];
random_gen(NULL, t, sizeof(t));
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
file_put_data(ef_authtoken, t, sizeof(t));
}
paut.data = file_get_data(ef_authtoken);
paut.len = file_get_size(ef_authtoken);
@@ -385,7 +385,7 @@ int scan_files() {
}
ef_largeblob = search_by_fid(EF_LARGEBLOB, NULL, SPECIFY_EF);
if (!file_has_data(ef_largeblob)) {
flash_write_data_to_file(ef_largeblob,
file_put_data(ef_largeblob,
(const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c",
17);
}
@@ -447,7 +447,7 @@ uint8_t get_opts() {
void set_opts(uint8_t opts) {
file_t *ef = search_by_fid(EF_OPTS, NULL, SPECIFY_EF);
flash_write_data_to_file(ef, &opts, sizeof(uint8_t));
file_put_data(ef, &opts, sizeof(uint8_t));
low_flash_available();
}

2
src/fido/management.c
View File

@@ -130,7 +130,7 @@ int cmd_write_config() {
return SW_WRONG_DATA();
}
file_t *ef = file_new(EF_DEV_CONF);
flash_write_data_to_file(ef, apdu.data + 1, apdu.nc - 1);
file_put_data(ef, apdu.data + 1, apdu.nc - 1);
low_flash_available();
return SW_OK();
}

16
src/fido/oath.c
View File

@@ -158,7 +158,7 @@ int cmd_put() {
}
file_t *ef = find_oath_cred(name.data, name.len);
if (file_has_data(ef)) {
flash_write_data_to_file(ef, apdu.data, apdu.nc);
file_put_data(ef, apdu.data, apdu.nc);
low_flash_available();
}
else {
@@ -166,7 +166,7 @@ int cmd_put() {
file_t *ef = search_dynamic_file(EF_OATH_CRED + i);
if (!file_has_data(ef)) {
ef = file_new(EF_OATH_CRED + i);
flash_write_data_to_file(ef, apdu.data, apdu.nc);
file_put_data(ef, apdu.data, apdu.nc);
low_flash_available();
return SW_OK();
}
@@ -247,7 +247,7 @@ int cmd_set_code() {
}
random_gen(NULL, challenge, sizeof(challenge));
file_t *ef = file_new(EF_OATH_CODE);
flash_write_data_to_file(ef, key.data, key.len);
file_put_data(ef, key.data, key.len);
low_flash_available();
validated = false;
return SW_OK();
@@ -429,7 +429,7 @@ int cmd_calculate() {
chal.data[5] = v >> 16;
chal.data[6] = v >> 8;
chal.data[7] = v & 0xff;
flash_write_data_to_file(ef, tmp, ef_size);
file_put_data(ef, tmp, ef_size);
low_flash_available();
free(tmp);
}
@@ -504,7 +504,7 @@ int cmd_set_otp_pin() {
}
hsh[0] = MAX_OTP_COUNTER;
double_hash_pin(pw.data, pw.len, hsh + 1);
flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh));
file_put_data(ef_otp_pin, hsh, sizeof(hsh));
low_flash_available();
return SW_OK();
}
@@ -529,7 +529,7 @@ int cmd_change_otp_pin() {
}
hsh[0] = MAX_OTP_COUNTER;
double_hash_pin(new_pw.data, new_pw.len, hsh + 1);
flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh));
file_put_data(ef_otp_pin, hsh, sizeof(hsh));
low_flash_available();
return SW_OK();
}
@@ -551,13 +551,13 @@ int cmd_verify_otp_pin() {
if (data_hsh[0] > 0) {
data_hsh[0] -= 1;
}
flash_write_data_to_file(ef_otp_pin, data_hsh, sizeof(data_hsh));
file_put_data(ef_otp_pin, data_hsh, sizeof(data_hsh));
low_flash_available();
validated = false;
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
data_hsh[0] = MAX_OTP_COUNTER;
flash_write_data_to_file(ef_otp_pin, data_hsh, sizeof(data_hsh));
file_put_data(ef_otp_pin, data_hsh, sizeof(data_hsh));
low_flash_available();
validated = true;
return SW_OK();

14
src/fido/otp.c
View File

@@ -169,7 +169,7 @@ void init_otp() {
memcpy(new_data, data, sizeof(new_data));
new_data[otp_config_size] = counter >> 8;
new_data[otp_config_size + 1] = counter & 0xff;
flash_write_data_to_file(ef, new_data, sizeof(new_data));
file_put_data(ef, new_data, sizeof(new_data));
}
}
}
@@ -258,7 +258,7 @@ int otp_button_pressed(uint8_t slot) {
uint8_t new_otp_config[otp_config_size + sizeof(new_chal)];
memcpy(new_otp_config, otp_config, otp_config_size);
memcpy(new_otp_config + otp_config_size, new_chal, sizeof(new_chal));
flash_write_data_to_file(ef, new_otp_config, sizeof(new_otp_config));
file_put_data(ef, new_otp_config, sizeof(new_otp_config));
low_flash_available();
}
if (otp_config->tkt_flags & APPEND_CR) {
@@ -322,7 +322,7 @@ int otp_button_pressed(uint8_t slot) {
memcpy(new_data, data, sizeof(new_data));
new_data[otp_config_size] = counter >> 8;
new_data[otp_config_size + 1] = counter & 0xff;
flash_write_data_to_file(ef, new_data, sizeof(new_data));
file_put_data(ef, new_data, sizeof(new_data));
low_flash_available();
}
}
@@ -387,7 +387,7 @@ int cmd_otp() {
return SW_WRONG_DATA();
}
memset(apdu.data + otp_config_size, 0, 8); // Add 8 bytes extra
flash_write_data_to_file(ef, apdu.data, otp_config_size + 8);
file_put_data(ef, apdu.data, otp_config_size + 8);
low_flash_available();
config_seq++;
return otp_status();
@@ -420,7 +420,7 @@ int cmd_otp() {
(odata->tkt_flags & TKTFLAG_UPDATE_MASK);
odata->cfg_flags = (otpc->cfg_flags & ~CFGFLAG_UPDATE_MASK) |
(odata->cfg_flags & CFGFLAG_UPDATE_MASK);
flash_write_data_to_file(ef, apdu.data, otp_config_size);
file_put_data(ef, apdu.data, otp_config_size);
low_flash_available();
}
}
@@ -434,13 +434,13 @@ int cmd_otp() {
ef1_data = true;
}
if (file_has_data(ef2)) {
flash_write_data_to_file(ef1, file_get_data(ef2), file_get_size(ef2));
file_put_data(ef1, file_get_data(ef2), file_get_size(ef2));
}
else {
delete_file(ef1);
}
if (ef1_data) {
flash_write_data_to_file(ef2, tmp, sizeof(tmp));
file_put_data(ef2, tmp, sizeof(tmp));
}
else {
delete_file(ef2);