From 73f88b6882f94bf0a7e15e900fad2e6823f419e9 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 8 Sep 2022 17:35:56 +0200 Subject: [PATCH] Moving from U2F to CTAP1. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- src/fido/cmd_authenticate.c | 30 +++++++++++++++--------------- src/fido/cmd_register.c | 28 ++++++++++++++-------------- src/fido/cmd_version.c | 2 +- src/fido/fido.c | 14 +++++++------- src/fido/fido.h | 2 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 7491021..867d463 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 7491021102e00d7133800347a2da09a41bcdb134 +Subproject commit 867d4637eee53073ca1883782c5d73291721c53b diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 86b9757..0ee3724 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -18,19 +18,19 @@ #include "fido.h" #include "hsm.h" #include "apdu.h" -#include "u2f.h" +#include "ctap.h" #include "mbedtls/ecdsa.h" #include "random.h" #include "files.h" int cmd_authenticate() { - U2F_AUTHENTICATE_REQ *req = (U2F_AUTHENTICATE_REQ *)apdu.data; - U2F_AUTHENTICATE_RESP *resp = (U2F_AUTHENTICATE_RESP *)res_APDU; + CTAP_AUTHENTICATE_REQ *req = (CTAP_AUTHENTICATE_REQ *)apdu.data; + CTAP_AUTHENTICATE_RESP *resp = (CTAP_AUTHENTICATE_RESP *)res_APDU; if (scan_files() != CCID_OK) return SW_EXEC_ERROR(); if (req->keyHandleLen != KEY_HANDLE_LEN) return SW_WRONG_DATA(); - if (P1(apdu) == U2F_AUTH_ENFORCE && wait_button_pressed() == true) + if (P1(apdu) == CTAP_AUTH_ENFORCE && wait_button_pressed() == true) return SW_CONDITIONS_NOT_SATISFIED(); mbedtls_ecdsa_context key; @@ -40,7 +40,7 @@ int cmd_authenticate() { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } - if (P1(apdu) == U2F_AUTH_CHECK_ONLY) { + if (P1(apdu) == CTAP_AUTH_CHECK_ONLY) { for (int i = 0; i < KEY_PATH_ENTRIES; i++) { uint32_t k = *(uint32_t *)&req->keyHandle[i*sizeof(uint32_t)]; if (!(k & 0x80000000)) { @@ -53,9 +53,9 @@ int cmd_authenticate() { mbedtls_ecdsa_free(&key); if (ret != 0) return SW_WRONG_DATA(); - uint8_t key_base[U2F_APPID_SIZE + KEY_PATH_LEN]; - memcpy(key_base, req->appId, U2F_APPID_SIZE); - memcpy(key_base + U2F_APPID_SIZE, req->keyHandle, KEY_PATH_LEN); + uint8_t key_base[CTAP_APPID_SIZE + KEY_PATH_LEN]; + memcpy(key_base, req->appId, CTAP_APPID_SIZE); + memcpy(key_base + CTAP_APPID_SIZE, req->keyHandle, KEY_PATH_LEN); ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, key_base, sizeof(key_base), hmac); mbedtls_platform_zeroize(d, sizeof(d)); if (memcmp(req->keyHandle + KEY_PATH_LEN, hmac, sizeof(hmac)) != 0) @@ -63,24 +63,24 @@ int cmd_authenticate() { return SW_CONDITIONS_NOT_SATISFIED(); } resp->flags = 0; - resp->flags |= P1(apdu) == U2F_AUTH_ENFORCE ? U2F_AUTH_FLAG_TUP : 0x0; + resp->flags |= P1(apdu) == CTAP_AUTH_ENFORCE ? CTAP_AUTH_FLAG_TUP : 0x0; uint32_t ctr = *(uint32_t *)file_get_data(ef_counter); resp->ctr[0] = ctr >> 24; resp->ctr[1] = ctr >> 16; resp->ctr[2] = ctr >> 8; resp->ctr[3] = ctr & 0xff; - uint8_t hash[32], sig_base[U2F_APPID_SIZE + 1 + 4 + U2F_CHAL_SIZE]; - memcpy(sig_base, req->appId, U2F_APPID_SIZE); - memcpy(sig_base+U2F_APPID_SIZE, &resp->flags, sizeof(uint8_t)); - memcpy(sig_base + U2F_APPID_SIZE + 1, resp->ctr, 4); - memcpy(sig_base + U2F_APPID_SIZE + 1 + 4, req->chal, U2F_CHAL_SIZE); + uint8_t hash[32], sig_base[CTAP_APPID_SIZE + 1 + 4 + CTAP_CHAL_SIZE]; + memcpy(sig_base, req->appId, CTAP_APPID_SIZE); + memcpy(sig_base+CTAP_APPID_SIZE, &resp->flags, sizeof(uint8_t)); + memcpy(sig_base + CTAP_APPID_SIZE + 1, resp->ctr, 4); + memcpy(sig_base + CTAP_APPID_SIZE + 1 + 4, req->chal, CTAP_CHAL_SIZE); ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sig_base, sizeof(sig_base), hash); if (ret != 0) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } size_t olen = 0; - ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *)resp->sig, U2F_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); + ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *)resp->sig, CTAP_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); mbedtls_ecdsa_free(&key); if (ret != 0) return SW_EXEC_ERROR(); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 880526f..ae04173 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -18,19 +18,19 @@ #include "fido.h" #include "hsm.h" #include "apdu.h" -#include "u2f.h" +#include "ctap.h" #include "mbedtls/ecdsa.h" #include "random.h" #include "files.h" int cmd_register() { - U2F_REGISTER_REQ *req = (U2F_REGISTER_REQ *)apdu.data; - U2F_REGISTER_RESP *resp = (U2F_REGISTER_RESP *)res_APDU; - resp->registerId = U2F_REGISTER_ID; + CTAP_REGISTER_REQ *req = (CTAP_REGISTER_REQ *)apdu.data; + CTAP_REGISTER_RESP *resp = (CTAP_REGISTER_RESP *)res_APDU; + resp->registerId = CTAP_REGISTER_ID; resp->keyHandleLen = KEY_HANDLE_LEN; if (scan_files() != CCID_OK) return SW_EXEC_ERROR(); - if (apdu.nc != U2F_APPID_SIZE + U2F_CHAL_SIZE) + if (apdu.nc != CTAP_APPID_SIZE + CTAP_CHAL_SIZE) return SW_WRONG_LENGTH(); if (wait_button_pressed() == true) return SW_CONDITIONS_NOT_SATISFIED(); @@ -42,19 +42,19 @@ int cmd_register() { return SW_EXEC_ERROR(); } size_t olen = 0; - ret = mbedtls_ecp_point_write_binary(&key.grp, &key.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, (uint8_t *)&resp->pubKey, U2F_EC_POINT_SIZE); + ret = mbedtls_ecp_point_write_binary(&key.grp, &key.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, (uint8_t *)&resp->pubKey, CTAP_EC_POINT_SIZE); mbedtls_ecdsa_free(&key); if (ret != 0) { return SW_EXEC_ERROR(); } size_t ef_certdev_size = file_get_size(ef_certdev); memcpy(resp->keyHandleCertSig + KEY_HANDLE_LEN, file_get_data(ef_certdev), ef_certdev_size); - uint8_t hash[32], sign_base[1 + U2F_APPID_SIZE + U2F_CHAL_SIZE + KEY_HANDLE_LEN + U2F_EC_POINT_SIZE]; - sign_base[0] = U2F_REGISTER_HASH_ID; - memcpy(sign_base + 1, req->appId, U2F_APPID_SIZE); - memcpy(sign_base + 1 + U2F_APPID_SIZE, req->chal, U2F_CHAL_SIZE); - memcpy(sign_base + 1 + U2F_APPID_SIZE + U2F_CHAL_SIZE, resp->keyHandleCertSig, KEY_HANDLE_LEN); - memcpy(sign_base + 1 + U2F_APPID_SIZE + U2F_CHAL_SIZE + KEY_HANDLE_LEN, (uint8_t *)&resp->pubKey, U2F_EC_POINT_SIZE); + uint8_t hash[32], sign_base[1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN + CTAP_EC_POINT_SIZE]; + sign_base[0] = CTAP_REGISTER_HASH_ID; + memcpy(sign_base + 1, req->appId, CTAP_APPID_SIZE); + memcpy(sign_base + 1 + CTAP_APPID_SIZE, req->chal, CTAP_CHAL_SIZE); + memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE, resp->keyHandleCertSig, KEY_HANDLE_LEN); + memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN, (uint8_t *)&resp->pubKey, CTAP_EC_POINT_SIZE); ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sign_base, sizeof(sign_base), hash); if (ret != 0) return SW_EXEC_ERROR(); @@ -64,11 +64,11 @@ int cmd_register() { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } - ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *)resp->keyHandleCertSig + KEY_HANDLE_LEN + ef_certdev_size, U2F_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); + ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *)resp->keyHandleCertSig + KEY_HANDLE_LEN + ef_certdev_size, CTAP_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); mbedtls_ecdsa_free(&key); if (ret != 0) return SW_EXEC_ERROR(); - res_APDU_size = sizeof(U2F_REGISTER_RESP) - sizeof(resp->keyHandleCertSig) + KEY_HANDLE_LEN + ef_certdev_size + olen; + res_APDU_size = sizeof(CTAP_REGISTER_RESP) - sizeof(resp->keyHandleCertSig) + KEY_HANDLE_LEN + ef_certdev_size + olen; DEBUG_PAYLOAD(res_APDU, res_APDU_size); return SW_OK(); } diff --git a/src/fido/cmd_version.c b/src/fido/cmd_version.c index 5bff13d..4f4a626 100644 --- a/src/fido/cmd_version.c +++ b/src/fido/cmd_version.c @@ -20,7 +20,7 @@ #include "hsm.h" int cmd_version() { - memcpy(res_APDU, "U2F_V2", strlen("U2F_V2")); + memcpy(res_APDU, "CTAP_V2", strlen("U2F_V2")); res_APDU_size = strlen("U2F_V2"); return SW_OK(); } diff --git a/src/fido/fido.c b/src/fido/fido.c index 433e4ee..eb4ab4a 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -19,7 +19,7 @@ #include "fido.h" #include "hsm.h" #include "apdu.h" -#include "u2f.h" +#include "ctap.h" #include "files.h" #include "file.h" #include "usb.h" @@ -112,9 +112,9 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls } } if (new_key == true) { - uint8_t key_base[U2F_APPID_SIZE + KEY_PATH_LEN]; - memcpy(key_base, app_id, U2F_APPID_SIZE); - memcpy(key_base + U2F_APPID_SIZE, key_handle, KEY_PATH_LEN); + uint8_t key_base[CTAP_APPID_SIZE + KEY_PATH_LEN]; + memcpy(key_base, app_id, CTAP_APPID_SIZE); + memcpy(key_base + CTAP_APPID_SIZE, key_handle, KEY_PATH_LEN); if ((r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, key_base, sizeof(key_base), key_handle + 32)) != 0) { mbedtls_platform_zeroize(outk, sizeof(outk)); @@ -225,9 +225,9 @@ extern int cmd_authenticate(); extern int cmd_version(); static const cmd_t cmds[] = { - { U2F_REGISTER, cmd_register }, - { U2F_AUTHENTICATE, cmd_authenticate }, - { U2F_VERSION, cmd_version }, + { CTAP_REGISTER, cmd_register }, + { CTAP_AUTHENTICATE, cmd_authenticate }, + { CTAP_VERSION, cmd_version }, { 0x00, 0x0} }; diff --git a/src/fido/fido.h b/src/fido/fido.h index 00784b8..ee2408f 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -23,7 +23,7 @@ #include "common.h" #include "mbedtls/ecdsa.h" -#define U2F_PUBKEY_LEN (65) +#define CTAP_PUBKEY_LEN (65) #define KEY_PATH_LEN (32) #define KEY_PATH_ENTRIES (KEY_PATH_LEN / sizeof(uint32_t)) #define SHA256_DIGEST_LENGTH (32)