X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3962dce565fc63c0190d4570bfaf339ec32b7025..d6e1d482844d6979533250dedc3724ce14f80294:/client/fido/fidocore.c?ds=inline

diff --git a/client/fido/fidocore.c b/client/fido/fidocore.c
index 5498c9d2..6af7671a 100644
--- a/client/fido/fidocore.c
+++ b/client/fido/fidocore.c
@@ -22,7 +22,10 @@
 #include "crypto/libpcrypto.h"
 #include "fido/additional_ca.h"
 #include "fido/cose.h"
+#include "emv/dump.h"
 #include "protocols.h"
+#include "ui.h"
+#include "util.h"
 
 
 typedef struct {
@@ -176,22 +179,22 @@ int FIDOSelect(bool ActivateField, bool LeaveFieldON, uint8_t *Result, size_t Ma
 }
 
 int FIDOExchange(uint8_t* apdu, int apdulen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
-	int res = EMVExchange(ECC_CONTACTLESS, true, apdu, apdulen, Result, MaxResultLen, ResultLen, sw, NULL);
-	if (res == 5) // apdu result (sw) not a 0x9000
-		res = 0;
-	// software chaining
-	while (!res && (*sw >> 8) == 0x61) {
-		uint8_t La = *sw & 0xff;
-		uint8_t get_response_APDU[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La};
-		size_t oldlen = *ResultLen;
-		res = EMVExchange(ECC_CONTACTLESS, true, get_response_APDU, sizeof(get_response_APDU), &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL);
-		if (res == 5) // apdu result (sw) not a 0x9000
-			res = 0;
+	int res = EMVExchangeEx(ECC_CONTACTLESS, false, true, apdu, apdulen, Result, MaxResultLen, ResultLen, sw, NULL);
+	// if (res == 5) // apdu result (sw) not a 0x9000
+		// res = 0;
+	// // software chaining
+	// while (!res && (*sw >> 8) == 0x61) {
+		// uint8_t La = *sw & 0xff;
+		// uint8_t get_response_APDU[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La};
+		// size_t oldlen = *ResultLen;
+		// res = EMVExchange(ECC_CONTACTLESS, true, get_response_APDU, sizeof(get_response_APDU), &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL);
+		// if (res == 5) // apdu result (sw) not a 0x9000
+			// res = 0;
 		
-		*ResultLen += oldlen;
-		if (*ResultLen > MaxResultLen) 
-			return 100;
-	}
+		// *ResultLen += oldlen;
+		// if (*ResultLen > MaxResultLen) 
+			// return 100;
+	// }
 	return res;
 }
 
@@ -264,9 +267,9 @@ int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *pu
 	uint32_t verifyflags = 0;
 	res = mbedtls_x509_crt_verify(&cert, &cacert, NULL, NULL, &verifyflags, NULL, NULL);
 	if (res) {
-		PrintAndLog("ERROR: DER verify returned 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res));
+		PrintAndLog("ERROR: DER verify returned 0x%x - %s\n", (res<0)?-res:res, ecdsa_get_error(res));
 	} else {
-		PrintAndLog("Certificate OK.");
+		PrintAndLog("Certificate OK.\n");
 	}
 	
 	if (verbose) {
@@ -276,7 +279,7 @@ int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *pu
 	}
 	
 	// get public key
-	res = ecdsa_public_key_from_pk(&cert.pk, publicKey, publicKeyMaxLen);
+	res = ecdsa_public_key_from_pk(&cert.pk, MBEDTLS_ECP_DP_SECP256R1, publicKey, publicKeyMaxLen);
 	if (res) {
 		PrintAndLog("ERROR: getting public key from certificate 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res));
 	} else {
@@ -393,9 +396,9 @@ int FIDO2CheckSignature(json_t *root, uint8_t *publickey, uint8_t *sign, size_t
 			clientDataHash, 32,     // Hash of the serialized client data. "$.ClientDataHash" from json
 			NULL, 0);
 		//PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen));
-		res = ecdsa_signature_verify(publickey, xbuf, xbuflen, sign, signLen);
+		res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, publickey, xbuf, xbuflen, sign, signLen, true);
 		if (res) {
-			if (res == -0x4e00) {
+			if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) {
 				PrintAndLog("Signature is NOT VALID.");
 			} else {
 				PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));