X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/8d7d7b618777fddcde8897945f2ec42eb85095e2..f31b4cd888d69e87f2eaa749fe7a626dbf7dd239:/client/fido/fidocore.c?ds=sidebyside diff --git a/client/fido/fidocore.c b/client/fido/fidocore.c index ee39fbbe..6af7671a 100644 --- a/client/fido/fidocore.c +++ b/client/fido/fidocore.c @@ -22,6 +22,11 @@ #include "crypto/libpcrypto.h" #include "fido/additional_ca.h" #include "fido/cose.h" +#include "emv/dump.h" +#include "protocols.h" +#include "ui.h" +#include "util.h" + typedef struct { uint8_t ErrorCode; @@ -173,49 +178,61 @@ int FIDOSelect(bool ActivateField, bool LeaveFieldON, uint8_t *Result, size_t Ma return EMVSelect(ECC_CONTACTLESS, ActivateField, LeaveFieldON, data, sizeof(data), Result, MaxResultLen, ResultLen, sw, NULL); } -int FIDOExchange(sAPDU apdu, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - int res = EMVExchange(ECC_CONTACTLESS, true, apdu, Result, MaxResultLen, ResultLen, sw, NULL); - if (res == 5) // apdu result (sw) not a 0x9000 - res = 0; - // software chaining - while (!res && (*sw >> 8) == 0x61) { - size_t oldlen = *ResultLen; - res = EMVExchange(ECC_CONTACTLESS, true, (sAPDU){0x00, 0xC0, 0x00, 0x00, 0x00, NULL}, &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL); - if (res == 5) // apdu result (sw) not a 0x9000 - res = 0; +int FIDOExchange(uint8_t* apdu, int apdulen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { + int res = EMVExchangeEx(ECC_CONTACTLESS, false, true, apdu, apdulen, Result, MaxResultLen, ResultLen, sw, NULL); + // if (res == 5) // apdu result (sw) not a 0x9000 + // res = 0; + // // software chaining + // while (!res && (*sw >> 8) == 0x61) { + // uint8_t La = *sw & 0xff; + // uint8_t get_response_APDU[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La}; + // size_t oldlen = *ResultLen; + // res = EMVExchange(ECC_CONTACTLESS, true, get_response_APDU, sizeof(get_response_APDU), &Result[oldlen], MaxResultLen - oldlen, ResultLen, sw, NULL); + // if (res == 5) // apdu result (sw) not a 0x9000 + // res = 0; - *ResultLen += oldlen; - if (*ResultLen > MaxResultLen) - return 100; - } + // *ResultLen += oldlen; + // if (*ResultLen > MaxResultLen) + // return 100; + // } return res; } -int FIDORegister(uint8_t *params, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - return FIDOExchange((sAPDU){0x00, 0x01, 0x03, 0x00, 64, params}, Result, MaxResultLen, ResultLen, sw); +int FIDORegister(uint8_t *params, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) +{ + uint8_t APDU[5 + 64] = {0x00, 0x01, 0x03, 0x00, 64, 0x00}; + memcpy(APDU + 5, params, 64); + return FIDOExchange(APDU, 5 + 64, Result, MaxResultLen, ResultLen, sw); } -int FIDOAuthentication(uint8_t *params, uint8_t paramslen, uint8_t controlb, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - return FIDOExchange((sAPDU){0x00, 0x02, controlb, 0x00, paramslen, params}, Result, MaxResultLen, ResultLen, sw); +int FIDOAuthentication(uint8_t *params, uint8_t paramslen, uint8_t controlb, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) +{ + uint8_t APDU[APDU_COMMAND_LEN] = {0x00, 0x02, controlb, 0x00, paramslen, 0x00}; + memcpy(APDU + 5, params, paramslen); + int apdu_len = 5 + paramslen; + return FIDOExchange(APDU, apdu_len, Result, MaxResultLen, ResultLen, sw); } -int FIDO2GetInfo(uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - uint8_t data[] = {fido2CmdGetInfo}; - return FIDOExchange((sAPDU){0x80, 0x10, 0x00, 0x00, sizeof(data), data}, Result, MaxResultLen, ResultLen, sw); +int FIDO2GetInfo(uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) +{ + uint8_t APDU[6] = {0x80, 0x10, 0x00, 0x00, 0x01, fido2CmdGetInfo}; + return FIDOExchange(APDU, sizeof(APDU), Result, MaxResultLen, ResultLen, sw); } -int FIDO2MakeCredential(uint8_t *params, uint8_t paramslen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - uint8_t data[paramslen + 1]; - data[0] = fido2CmdMakeCredential; - memcpy(&data[1], params, paramslen); - return FIDOExchange((sAPDU){0x80, 0x10, 0x00, 0x00, sizeof(data), data}, Result, MaxResultLen, ResultLen, sw); +int FIDO2MakeCredential(uint8_t *params, uint8_t paramslen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) +{ + uint8_t APDU[APDU_COMMAND_LEN] = {0x80, 0x10, 0x00, 0x00, paramslen + 1, fido2CmdMakeCredential, 0x00}; + memcpy(APDU+6, params, paramslen); + int apdu_len = 5 + paramslen + 1; + return FIDOExchange(APDU, apdu_len, Result, MaxResultLen, ResultLen, sw); } -int FIDO2GetAssertion(uint8_t *params, uint8_t paramslen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) { - uint8_t data[paramslen + 1]; - data[0] = fido2CmdGetAssertion; - memcpy(&data[1], params, paramslen); - return FIDOExchange((sAPDU){0x80, 0x10, 0x00, 0x00, sizeof(data), data}, Result, MaxResultLen, ResultLen, sw); +int FIDO2GetAssertion(uint8_t *params, uint8_t paramslen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) +{ + uint8_t APDU[APDU_COMMAND_LEN] = {0x80, 0x10, 0x00, 0x00, paramslen + 1, fido2CmdGetAssertion, 0x00}; + memcpy(APDU+6, params, paramslen); + int apdu_len = 5 + paramslen + 1; + return FIDOExchange(APDU, apdu_len, Result, MaxResultLen, ResultLen, sw); } int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *publicKey, size_t publicKeyMaxLen) { @@ -250,9 +267,9 @@ int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *pu uint32_t verifyflags = 0; res = mbedtls_x509_crt_verify(&cert, &cacert, NULL, NULL, &verifyflags, NULL, NULL); if (res) { - PrintAndLog("ERROR: DER verify returned 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res)); + PrintAndLog("ERROR: DER verify returned 0x%x - %s\n", (res<0)?-res:res, ecdsa_get_error(res)); } else { - PrintAndLog("Certificate OK."); + PrintAndLog("Certificate OK.\n"); } if (verbose) { @@ -262,7 +279,7 @@ int FIDOCheckDERAndGetKey(uint8_t *der, size_t derLen, bool verbose, uint8_t *pu } // get public key - res = ecdsa_public_key_from_pk(&cert.pk, publicKey, publicKeyMaxLen); + res = ecdsa_public_key_from_pk(&cert.pk, MBEDTLS_ECP_DP_SECP256R1, publicKey, publicKeyMaxLen); if (res) { PrintAndLog("ERROR: getting public key from certificate 0x%x - %s", (res<0)?-res:res, ecdsa_get_error(res)); } else { @@ -379,9 +396,9 @@ int FIDO2CheckSignature(json_t *root, uint8_t *publickey, uint8_t *sign, size_t clientDataHash, 32, // Hash of the serialized client data. "$.ClientDataHash" from json NULL, 0); //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); - res = ecdsa_signature_verify(publickey, xbuf, xbuflen, sign, signLen); + res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, publickey, xbuf, xbuflen, sign, signLen, true); if (res) { - if (res == -0x4e00) { + if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { PrintAndLog("Signature is NOT VALID."); } else { PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res));