Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
  • Loading branch information
@polhenarejos
polhenarejos committed Jul 20, 2024
2 parents 7e2ecdb + f21e203 commit 6eb6cd3
Show file tree
Hide file tree
Showing 16 changed files with 186 additions and 180 deletions.
2 changes: 1 addition & 1 deletion pico-keys-sdk
Submodule pico-keys-sdk updated 38 files
+15 −2 CMakeLists.txt
+3 −1 config/mbedtls_config.h
+1 −1 mbedtls
+7 −0 partitions.csv
+211 −111 pico_keys_sdk_import.cmake
+13 −0 sdkconfig.defaults
+5 −0 src/CMakeLists.txt
+61 −26 src/apdu.c
+11 −9 src/apdu.h
+54 −30 src/asn1.c
+17 −10 src/asn1.h
+50 −0 src/compat.h
+8 −10 src/crypto_utils.c
+2 −6 src/crypto_utils.h
+44 −37 src/eac.c
+3 −7 src/eac.h
+56 −0 src/esp_compat.h
+66 −42 src/fs/file.c
+32 −7 src/fs/file.h
+17 −9 src/fs/flash.c
+51 −20 src/fs/low_flash.c
+184 −0 src/fs/mman.c
+55 −0 src/fs/mman.h
+5 −0 src/idf_component.yml
+156 −55 src/main.c
+34 −6 src/pico_keys.h
+1 −1 src/pico_keys_version.h
+26 −12 src/rng/hwrng.c
+1 −1 src/rng/hwrng.h
+3 −15 src/rng/random.c
+0 −6 src/rng/random.h
+117 −137 src/usb/ccid/ccid.c
+64 −32 src/usb/emulation/emulation.c
+7 −13 src/usb/hid/hid.c
+17 −13 src/usb/tusb_config.h
+50 −34 src/usb/usb.c
+28 −22 src/usb/usb.h
+184 −137 src/usb/usb_descriptors.c
16 changes: 8 additions & 8 deletions src/fido/cbor_client_pin.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) {
int resetPinUvAuthToken() {
uint8_t t[32];
random_gen(NULL, t, sizeof(t));
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
file_put_data(ef_authtoken, t, sizeof(t));
paut.permissions = 0;
paut.data = file_get_data(ef_authtoken);
paut.len = file_get_size(ef_authtoken);
Expand Down Expand Up @@ -417,7 +417,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
hsh[0] = MAX_PIN_RETRIES;
hsh[1] = pin_len;
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 2);
flash_write_data_to_file(ef_pin, hsh, 2 + 16);
file_put_data(ef_pin, hsh, 2 + 16);
low_flash_available();
goto err; //No return
}
Expand Down Expand Up @@ -464,7 +464,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
uint8_t pin_data[18];
memcpy(pin_data, file_get_data(ef_pin), 18);
pin_data[0] -= 1;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64];
Expand All @@ -489,7 +489,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
}
}
pin_data[0] = MAX_PIN_RETRIES;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
new_pin_mismatches = 0;
ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin);
Expand Down Expand Up @@ -520,12 +520,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
memcmp(hsh + 2, file_get_data(ef_pin) + 2, 16) == 0) {
CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION);
}
flash_write_data_to_file(ef_pin, hsh, 2 + 16);
file_put_data(ef_pin, hsh, 2 + 16);
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(ef_minpin));
memcpy(tmp, file_get_data(ef_minpin), file_get_size(ef_minpin));
tmp[1] = 0;
flash_write_data_to_file(ef_minpin, tmp, file_get_size(ef_minpin));
file_put_data(ef_minpin, tmp, file_get_size(ef_minpin));
free(tmp);
}
low_flash_available();
Expand Down Expand Up @@ -573,7 +573,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
uint8_t pin_data[18];
memcpy(pin_data, file_get_data(ef_pin), 18);
pin_data[0] -= 1;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
uint8_t retries = pin_data[0];
uint8_t paddedNewPin[64], poff = (pinUvAuthProtocol - 1) * IV_SIZE;
Expand All @@ -599,7 +599,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
}
pin_data[0] = MAX_PIN_RETRIES;
new_pin_mismatches = 0;
flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data));
file_put_data(ef_pin, pin_data, sizeof(pin_data));
low_flash_available();
file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) {
Expand Down
12 changes: 6 additions & 6 deletions src/fido/cbor_config.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,9 @@ int cbor_config(const uint8_t *data, size_t len) {
if (has_keydev_dec == false) {
CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
}
flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec));
file_put_data(ef_keydev, keydev_dec, sizeof(keydev_dec));
mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec));
flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
low_flash_available();
}
else if (vendorCommandId == CTAP_CONFIG_AUT_ENABLE) {
Expand Down Expand Up @@ -178,10 +178,10 @@ int cbor_config(const uint8_t *data, size_t len) {
CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
}

flash_write_data_to_file(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
file_put_data(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
mbedtls_platform_zeroize(key_dev_enc, sizeof(key_dev_enc));
flash_write_data_to_file(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes
low_flash_available();
}
else {
Expand Down Expand Up @@ -216,7 +216,7 @@ int cbor_config(const uint8_t *data, size_t len) {
data + 2 + m * 32,
0);
}
flash_write_data_to_file(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32);
file_put_data(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32);
low_flash_available();
goto err; //No return
}
Expand Down
2 changes: 1 addition & 1 deletion src/fido/cbor_cred_mgmt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
delete_file(rp_ef);
}
else {
flash_write_data_to_file(rp_ef, rp_data, file_get_size(rp_ef));
file_put_data(rp_ef, rp_data, file_get_size(rp_ef));
}
free(rp_data);
break;
Expand Down
2 changes: 1 addition & 1 deletion src/fido/cbor_get_assertion.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -640,7 +640,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
err:
CBOR_FREE_BYTE_STRING(clientDataHash);
Expand Down
2 changes: 1 addition & 1 deletion src/fido/cbor_large_blobs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) {
if (expectedLength > 17 && memcmp(sha, temp_lba + expectedLength - 16, 16) != 0) {
CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
}
flash_write_data_to_file(ef_largeblob, temp_lba, expectedLength);
file_put_data(ef_largeblob, temp_lba, expectedLength);
low_flash_available();
}
goto err;
Expand Down
16 changes: 9 additions & 7 deletions src/fido/cbor_make_credential.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,9 +225,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
else if (pubKeyCredParams[i].alg <= FIDO2_ALG_RS256 && pubKeyCredParams[i].alg >= FIDO2_ALG_RS512) {
// pass
}
else {
CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
}
//else {
// CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
//}
if (curve > 0 && alg == 0) {
alg = pubKeyCredParams[i].alg;
}
Expand Down Expand Up @@ -313,9 +313,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
}
}
flags |= FIDO2_AUT_FLAG_UP;
clearUserPresentFlag();
clearUserVerifiedFlag();
clearPinUvAuthTokenPermissionsExceptLbw();
if (options.up == ptrue) {
clearUserPresentFlag();
clearUserVerifiedFlag();
clearPinUvAuthTokenPermissionsExceptLbw();
}
}

const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash);
Expand Down Expand Up @@ -518,7 +520,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
}
}
ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
err:
CBOR_FREE_BYTE_STRING(clientDataHash);
Expand Down
8 changes: 4 additions & 4 deletions src/fido/cbor_vendor.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,9 +121,9 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
}
uint8_t zeros[32];
memset(zeros, 0, sizeof(zeros));
flash_write_data_to_file(ef_keydev_enc, vendorParam.data, vendorParam.len);
flash_write_data_to_file(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0
flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
file_put_data(ef_keydev_enc, vendorParam.data, vendorParam.len);
file_put_data(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0
file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes
low_flash_available();
goto err;
}
Expand Down Expand Up @@ -306,7 +306,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
}
file_t *ef_ee_ea = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF);
if (ef_ee_ea) {
flash_write_data_to_file(ef_ee_ea, vendorParam.data, vendorParam.len);
file_put_data(ef_ee_ea, vendorParam.data, vendorParam.len);
}
low_flash_available();
goto err;
Expand Down
2 changes: 1 addition & 1 deletion src/fido/cmd_authenticate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ int cmd_authenticate() {
res_APDU_size = 1 + 4 + olen;

ctr++;
flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr));
low_flash_available();
return SW_OK();
}
6 changes: 3 additions & 3 deletions src/fido/credential.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
memcpy(data, rp_id_hash, 32);
memcpy(data + 32, cred_id, cred_id_len);
file_t *ef = file_new(EF_CRED + sloti);
flash_write_data_to_file(ef, data, cred_id_len + 32);
file_put_data(ef, data, cred_id_len + 32);
free(data);

if (new_record == true) { //increase rps
Expand All @@ -332,7 +332,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
data = (uint8_t *) calloc(1, file_get_size(ef));
memcpy(data, file_get_data(ef), file_get_size(ef));
data[0] += 1;
flash_write_data_to_file(ef, data, file_get_size(ef));
file_put_data(ef, data, file_get_size(ef));
free(data);
}
else {
Expand All @@ -341,7 +341,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *
data[0] = 1;
memcpy(data + 1, rp_id_hash, 32);
memcpy(data + 1 + 32, cred.rpId.data, cred.rpId.len);
flash_write_data_to_file(ef, data, 1 + 32 + cred.rpId.len);
file_put_data(ef, data, 1 + 32 + cred.rpId.len);
free(data);
}
}
Expand Down
15 changes: 8 additions & 7 deletions src/fido/fido.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,8 @@ int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_con
}
}
uint8_t hmac[32], d[32];
int ret = mbedtls_ecp_write_key(key, d, sizeof(d));
size_t olen = 0;
int ret = mbedtls_ecp_write_key_ext(key, &olen, d, sizeof(d));
if (key == NULL) {
mbedtls_ecdsa_free(&ctx);
}
Expand Down Expand Up @@ -317,7 +318,7 @@ int scan_files() {
uint8_t kdata[32];
int key_size = mbedtls_mpi_size(&ecdsa.d);
mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size);
ret = flash_write_data_to_file(ef_keydev, kdata, key_size);
ret = file_put_data(ef_keydev, kdata, key_size);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
Expand Down Expand Up @@ -353,7 +354,7 @@ int scan_files() {
if (ret <= 0) {
return ret;
}
flash_write_data_to_file(ef_certdev, cert + sizeof(cert) - ret, ret);
file_put_data(ef_certdev, cert + sizeof(cert) - ret, ret);
}
}
else {
Expand All @@ -363,7 +364,7 @@ int scan_files() {
if (ef_counter) {
if (!file_has_data(ef_counter)) {
uint32_t v = 0;
flash_write_data_to_file(ef_counter, (uint8_t *) &v, sizeof(v));
file_put_data(ef_counter, (uint8_t *) &v, sizeof(v));
}
}
else {
Expand All @@ -375,7 +376,7 @@ int scan_files() {
if (!file_has_data(ef_authtoken)) {
uint8_t t[32];
random_gen(NULL, t, sizeof(t));
flash_write_data_to_file(ef_authtoken, t, sizeof(t));
file_put_data(ef_authtoken, t, sizeof(t));
}
paut.data = file_get_data(ef_authtoken);
paut.len = file_get_size(ef_authtoken);
Expand All @@ -385,7 +386,7 @@ int scan_files() {
}
ef_largeblob = search_by_fid(EF_LARGEBLOB, NULL, SPECIFY_EF);
if (!file_has_data(ef_largeblob)) {
flash_write_data_to_file(ef_largeblob,
file_put_data(ef_largeblob,
(const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c",
17);
}
Expand Down Expand Up @@ -447,7 +448,7 @@ uint8_t get_opts() {

void set_opts(uint8_t opts) {
file_t *ef = search_by_fid(EF_OPTS, NULL, SPECIFY_EF);
flash_write_data_to_file(ef, &opts, sizeof(uint8_t));
file_put_data(ef, &opts, sizeof(uint8_t));
low_flash_available();
}

Expand Down
2 changes: 1 addition & 1 deletion src/fido/files.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ file_t file_entries[] = {
{ .fid = EF_OTP_PIN, .parent = 0, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } },
{ .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL,
{ .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL,
.ef_structure = 0, .acl = { 0 } } //end
};

Expand Down
12 changes: 7 additions & 5 deletions src/fido/management.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,12 @@ int man_unload() {
bool cap_supported(uint16_t cap) {
file_t *ef = search_dynamic_file(EF_DEV_CONF);
if (file_has_data(ef)) {
uint16_t tag = 0x0, data_len = file_get_size(ef);
uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
size_t tag_len = 0;
while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
uint16_t tag_len = 0;
asn1_ctx_t ctxi;
asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == TAG_USB_ENABLED) {
uint16_t ecaps = tag_data[0];
if (tag_len == 2) {
Expand Down Expand Up @@ -128,7 +130,7 @@ int cmd_write_config() {
return SW_WRONG_DATA();
}
file_t *ef = file_new(EF_DEV_CONF);
flash_write_data_to_file(ef, apdu.data + 1, apdu.nc - 1);
file_put_data(ef, apdu.data + 1, apdu.nc - 1);
low_flash_available();
return SW_OK();
}
Expand Down
Loading

0 comments on commit 6eb6cd3

Please sign in to comment.