#include "crypto/libpcrypto.h"
#include "fido/additional_ca.h"
#include "fido/cose.h"
+#include "emv/dump.h"
#include "protocols.h"
+#include "ui.h"
+#include "util.h"
typedef struct {
}
int FIDOExchange(uint8_t* apdu, int apdulen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
- int res = EMVExchange(ECC_CONTACTLESS, true, apdu, apdulen, Result, MaxResultLen, ResultLen, sw, NULL);
- if (res == 5) // apdu result (sw) not a 0x9000
- res = 0;
- // software chaining
- while (!res && (*sw >> 8) == 0x61) {
- uint8_t La = *sw & 0xff;
- uint8_t get_response_APDU[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La};
- size_t oldlen = *ResultLen;
- res = EMVExchange(ECC_CONTACTLESS, true, get_response_APDU, sizeof(get_response_APDU), &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL);
- if (res == 5) // apdu result (sw) not a 0x9000
- res = 0;
+ int res = EMVExchangeEx(ECC_CONTACTLESS, false, true, apdu, apdulen, Result, MaxResultLen, ResultLen, sw, NULL);
+ // if (res == 5) // apdu result (sw) not a 0x9000
+ // res = 0;
+ // // software chaining
+ // while (!res && (*sw >> 8) == 0x61) {
+ // uint8_t La = *sw & 0xff;
+ // uint8_t get_response_APDU[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La};
+ // size_t oldlen = *ResultLen;
+ // res = EMVExchange(ECC_CONTACTLESS, true, get_response_APDU, sizeof(get_response_APDU), &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL);
+ // if (res == 5) // apdu result (sw) not a 0x9000
+ // res = 0;
- *ResultLen += oldlen;
- if (*ResultLen > MaxResultLen)
- return 100;
- }
+ // *ResultLen += oldlen;
+ // if (*ResultLen > MaxResultLen)
+ // return 100;
+ // }
return res;
}
int FIDORegister(uint8_t *params, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw)
{
- uint8_t APDU[4 + 64] = {0x00, 0x01, 0x03, 0x00, 64, 0x00};
- memcpy(APDU, params, 64);
- return FIDOExchange(APDU, 4 + 64, Result, MaxResultLen, ResultLen, sw);
+ uint8_t APDU[5 + 64] = {0x00, 0x01, 0x03, 0x00, 64, 0x00};
+ memcpy(APDU + 5, params, 64);
+ return FIDOExchange(APDU, 5 + 64, Result, MaxResultLen, ResultLen, sw);
}
int FIDOAuthentication(uint8_t *params, uint8_t paramslen, uint8_t controlb, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw)
{
uint8_t APDU[APDU_COMMAND_LEN] = {0x00, 0x02, controlb, 0x00, paramslen, 0x00};
- memcpy(APDU+5, params, paramslen);
+ memcpy(APDU + 5, params, paramslen);
int apdu_len = 5 + paramslen;
return FIDOExchange(APDU, apdu_len, Result, MaxResultLen, ResultLen, sw);
}
int FIDO2GetInfo(uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw)
{
- uint8_t APDU[5] = {0x80, 0x10, 0x00, 0x00, fido2CmdGetInfo};
+ uint8_t APDU[6] = {0x80, 0x10, 0x00, 0x00, 0x01, fido2CmdGetInfo};
return FIDOExchange(APDU, sizeof(APDU), Result, MaxResultLen, ResultLen, sw);
}
uint32_t verifyflags = 0;
res = mbedtls_x509_crt_verify(&cert, &cacert, NULL, NULL, &verifyflags, NULL, NULL);
if (res) {
- PrintAndLog("ERROR: DER verify returned 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res));
+ PrintAndLog("ERROR: DER verify returned 0x%x - %s\n", (res<0)?-res:res, ecdsa_get_error(res));
} else {
- PrintAndLog("Certificate OK.");
+ PrintAndLog("Certificate OK.\n");
}
if (verbose) {
}
// get public key
- res = ecdsa_public_key_from_pk(&cert.pk, publicKey, publicKeyMaxLen);
+ res = ecdsa_public_key_from_pk(&cert.pk, MBEDTLS_ECP_DP_SECP256R1, publicKey, publicKeyMaxLen);
if (res) {
PrintAndLog("ERROR: getting public key from certificate 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res));
} else {
clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json
NULL, 0);
//PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
- res = ecdsa_signature_verify(publickey, xbuf, xbuflen, sign, signLen);
+ res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, publickey, xbuf, xbuflen, sign, signLen, true);
if (res) {
- if (res == -0x4e00) {
+ if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) {
PrintAndLog("Signature is NOT VALID.");
} else {
PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));