passes inspection

conorpp · Nov 5, 2017 · c04163b · c04163b
1 parent aafd053
commit c04163b
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 20 deletions.
diff --git a/firmware/inc/app.h b/firmware/inc/app.h
@@ -44,6 +44,9 @@
 #define U2F_SUPPORT_RNG_CUSTOM
 #define U2F_SUPPORT_SEED_CUSTOM
 
+// comment out this if using bootloader
+//#define U2F_USING_BOOTLOADER
+
 // Uncomment this to make configuration firmware
 //#define ATECC_SETUP_DEVICE
 
@@ -129,8 +132,6 @@ struct config_msg
 	uint8_t buf[HID_PACKET_SIZE-1];
 };
 
-
-
 extern uint8_t hidmsgbuf[64];
 extern data struct APP_DATA appdata;
 extern code uint8_t WMASK[];

diff --git a/firmware/src/custom.c b/firmware/src/custom.c
@@ -78,6 +78,7 @@ uint8_t custom_command(struct u2f_hid_msg * msg)
 
 			break;
 #endif
+#ifdef U2F_USING_BOOTLOADER
 		case U2F_CONFIG_BOOTLOADER:
 
 			atecc_send_recv(ATECC_CMD_READ,
@@ -101,6 +102,7 @@ uint8_t custom_command(struct u2f_hid_msg * msg)
 					appdata.tmp, sizeof(appdata.tmp), &res);
 
 			break;
+#endif
 		default:
 			return 0;
 	}

diff --git a/firmware/src/main.c b/firmware/src/main.c
@@ -156,12 +156,14 @@ int16_t main(void) {
 	IE_EA = 1;
 	watchdog();
 
-	u2f_prints("U2F ZERO\r\n");
+
 
 	if (RSTSRC & RSTSRC_WDTRSF__SET)
 	{
 		//error = ERROR_DAMN_WATCHDOG;
+		u2f_prints("r");
 	}
+	u2f_prints("U2F ZERO\r\n");
 
 	run_tests();
 

diff --git a/firmware/src/u2f_atecc.c b/firmware/src/u2f_atecc.c
@@ -40,7 +40,7 @@
 #include "atecc508a.h"
 
 
-static void gen_u2f_zero_tag(uint8_t * dst, uint8_t * appid);
+static void gen_u2f_zero_tag(uint8_t * dst, uint8_t * appid, uint8_t * handle);
 
 static struct u2f_hid_msg res;
 static uint8_t* resbuf = (uint8_t*)&res;
@@ -155,14 +155,14 @@ static int atecc_prep_encryption()
 								appdata.tmp, 32,
 								appdata.tmp, 40, &res) != 0 )
 	{
-//		u2f_prints("pass through to tempkey failed\r\n");
+		u2f_prints("pass through to tempkey failed\r\n");
 		return -1;
 	}
 	if( atecc_send_recv(ATECC_CMD_GENDIG,
 			ATECC_RW_DATA, U2F_MASTER_KEY_SLOT, NULL, 0,
 			appdata.tmp, 40, &res) != 0)
 	{
-//		u2f_prints("GENDIG failed\r\n");
+		u2f_prints("GENDIG failed\r\n");
 		return -1;
 	}
 
@@ -244,8 +244,6 @@ int8_t u2f_new_keypair(uint8_t * handle, uint8_t * appid, uint8_t * pubkey)
 	int i;
 
 	watchdog();
-//	u2f_prints("new key appid,khandle\r\n");
-//	dump_hex(appid,32);
 
 	if (atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,ATECC_RNG_P2,
 		NULL, 0,
@@ -294,8 +292,7 @@ int8_t u2f_new_keypair(uint8_t * handle, uint8_t * appid, uint8_t * pubkey)
 	memmove(pubkey, res.buf, 64);
 
 	// the + 8
-	gen_u2f_zero_tag(handle + U2F_KEY_HANDLE_KEY_SIZE, appid);
-	//dump_hex(handle,U2F_KEY_HANDLE_SIZE);
+	gen_u2f_zero_tag(handle + U2F_KEY_HANDLE_KEY_SIZE, appid, handle);
 
 	return 0;
 }
@@ -305,9 +302,7 @@ int8_t u2f_load_key(uint8_t * handle, uint8_t * appid)
 	uint8_t private_key[36];
 	int i;
 
-//	u2f_prints("load key appid,rnum\r\n");
-//	dump_hex(appid,32);
-//	dump_hex(handle,4);
+	watchdog();
 	SHA_HMAC_KEY = U2F_MASTER_KEY_SLOT;
 	SHA_FLAGS = ATECC_SHA_HMACSTART;
 	u2f_sha256_start();
@@ -322,18 +317,20 @@ int8_t u2f_load_key(uint8_t * handle, uint8_t * appid)
 	{
 		private_key[i] ^= RMASK[i];
 	}
-
 	return atecc_privwrite(U2F_TEMP_KEY_SLOT, private_key, WMASK, handle+4);
 }
 
-static void gen_u2f_zero_tag(uint8_t * dst, uint8_t * appid)
+static void gen_u2f_zero_tag(uint8_t * dst, uint8_t * appid, uint8_t * handle)
 {
 	const char * u2f_zero_const = "\xc1\xff\x67\x0d\x66\xe5\x55\xbb\xdc\x56\xaf\x7b\x41\x27\x4a\x21";
 	SHA_HMAC_KEY = U2F_MASTER_KEY_SLOT;
 	SHA_FLAGS = ATECC_SHA_HMACSTART;
 	u2f_sha256_start();
-	u2f_sha256_update(appid,32);
+
+	u2f_sha256_update(handle,U2F_KEY_HANDLE_KEY_SIZE);
 	u2f_sha256_update(u2f_zero_const,16);
+	u2f_sha256_update(appid,32);
+
 	SHA_FLAGS = ATECC_SHA_HMACEND;
 	u2f_sha256_finish();
 
@@ -342,7 +339,7 @@ static void gen_u2f_zero_tag(uint8_t * dst, uint8_t * appid)
 
 int8_t u2f_appid_eq(uint8_t * handle, uint8_t * appid)
 {
-	gen_u2f_zero_tag(NULL,appid);
+	gen_u2f_zero_tag(NULL,appid, handle);
 	return memcmp(handle+U2F_KEY_HANDLE_KEY_SIZE, res_digest.buf, U2F_KEY_HANDLE_ID_SIZE);
 }
 

diff --git a/firmware/src/u2f_hid.c b/firmware/src/u2f_hid.c
@@ -77,7 +77,7 @@ static struct hid_layer_param
 	// total length of response in bytes
 	uint16_t res_len;
 
-	#define BUFFER_SIZE (270 - 70)
+	#define BUFFER_SIZE (270)
 	uint8_t buffer[BUFFER_SIZE];
 
 } hid_layer;
@@ -461,7 +461,7 @@ static uint8_t hid_u2f_parse(struct u2f_hid_msg* req)
 			break;
 #endif
 		default:
-			set_app_error(ERROR_HID_INVALID_CMD);
+			//set_app_error(ERROR_HID_INVALID_CMD);
 			stamp_error(hid_layer.current_cid, ERR_INVALID_CMD);
 			u2f_printb("invalid cmd: ",1,hid_layer.current_cmd);
 	}
@@ -496,13 +496,13 @@ void u2f_hid_request(struct u2f_hid_msg* req)
 	struct CID* cid = NULL;
 
 	cid = get_cid(req->cid);
-
 	// Error checking
 	if ((U2FHID_IS_INIT(req->pkt.init.cmd)))
 	{
 		if (U2FHID_LEN(req) > 7609)
 		{
 			stamp_error(req->cid, ERR_INVALID_LEN);
+
 			return;
 		}
 		if (req->pkt.init.cmd != U2FHID_INIT && req->cid != hid_layer.current_cid && u2f_hid_busy())
@@ -517,6 +517,7 @@ void u2f_hid_request(struct u2f_hid_msg* req)
 		return;
 	}
 
+
 	if (!req->cid)
 	{
 		stamp_error(req->cid, ERR_SYNC_FAIL);