// bad if this gets interrupted
int8_t u2f_new_keypair(uint8_t * handle, uint8_t * pubkey)
{
struct atecc_response res;
struct key_handle k;
uint8_t keyslot = key_store.num_issued;
if (keyslot > U2F_NUM_KEYS-1)
{
//app_wink(U2F_DEFAULT_COLOR_WINK_OUT_OF_SPACE);
return -1;
}
//watchdog();
atecc_send_recv(ATECC_CMD_GENKEY,
ATECC_GENKEY_PRIVATE, keyslot, NULL, 0,
appdata.tmp, sizeof(appdata.tmp), &res);
memmove(pubkey, res.buf, 64);
eeprom_read(U2F_KEY_ADDR(keyslot), (uint8_t* )&k, U2F_KEY_HANDLE_SIZE);
if (k.index-1 != keyslot)
{
k.index = keyslot;
set_app_error(ERROR_BAD_KEY_STORE);
}
memmove(handle, &k, U2F_KEY_HANDLE_SIZE);
key_store.num_issued++;
flush_key_store();
return 0;
}
static int buffer_request(struct u2f_hid_msg* req)
{
if (hid_layer.bytes_buffered + U2FHID_CONT_PAYLOAD_SIZE > BUFFER_SIZE)
{
set_app_error(ERROR_HID_BUFFER_FULL);
stamp_error(req->cid, ERR_OTHER);
return -1;
}
memmove(hid_layer.buffer + hid_layer.bytes_buffered, req->pkt.cont.payload, U2FHID_CONT_PAYLOAD_SIZE);
hid_layer.bytes_buffered += U2FHID_CONT_PAYLOAD_SIZE;
return 0;
}
// Buffers data to a 64 byte buffer before writing it while
// handling U2F HID sequencing
void u2f_hid_writeback(uint8_t * payload, uint16_t len)
{
struct u2f_hid_msg * r = (struct u2f_hid_response *) _hid_pkt;
_hid_in_session = 1;
if (_hid_offset == 0)
{
r->cid = hid_layer.current_cid;
if (!_hid_seq)
{
r->pkt.init.cmd = hid_layer.current_cmd;
U2FHID_SET_LEN(r, hid_layer.res_len);
_hid_offset = 7;
}
else
{
r->pkt.cont.seq = _hid_seq - 1;
_hid_offset = 5;
if (_hid_seq-1 > 127)
{
set_app_error(ERROR_SEQ_EXCEEDED);
return;
}
}
}
while(len--)
{
_hid_pkt[_hid_offset++] = *payload++;
hid_layer.bytes_written++;
if (_hid_offset == HID_PACKET_SIZE)
{
_hid_offset = 0;
_hid_seq++;
usb_write(_hid_pkt, HID_PACKET_SIZE);
memset(_hid_pkt, 0, HID_PACKET_SIZE);
if (len)
{
u2f_hid_writeback(payload, len);
return;
}
else break;
}
}
}
static void hid_u2f_parse(struct u2f_hid_msg* req)
{
uint16_t len = 0;
uint8_t secs;
struct u2f_hid_init_response * init_res = appdata.tmp;
switch(hid_layer.current_cmd)
{
case U2FHID_INIT:
if (U2FHID_LEN(req) != 8)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
goto fail;
}
u2f_hid_set_len(17);
if (hid_layer.current_cid == 0)
{
u2f_prints("out of cid's\r\n");
set_app_error(ERROR_OUT_OF_CIDS);
goto fail;
}
init_res->cid = get_new_cid();
init_res->version_id = 1;
init_res->version_major = 1;
init_res->version_minor = 0;
init_res->version_build = 0;
init_res->cflags = 0;
// write back the same data nonce
u2f_hid_writeback(req->pkt.init.payload, 8);
u2f_hid_writeback((uint8_t *)init_res, 9);
u2f_hid_flush();
hid_layer.current_cid = init_res->cid;
break;
case U2FHID_MSG:
if (U2FHID_LEN(req) < 4)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
u2f_prints("invalid len msg\r\n");
goto fail;
}
// buffer 2 payloads (120 bytes) to get full U2F message
// assuming key handle is < 45 bytes
// 7 bytes for apdu header
// 7 + 66 bytes + key handle for authenticate message
// 7 + 64 for register message
if (hid_layer.bytes_buffered == 0)
{
start_buffering(req);
if (hid_layer.bytes_buffered >= U2FHID_LEN(req))
{
u2f_request((struct u2f_request_apdu *)hid_layer.buffer);
}
}
else
{
buffer_request(req);
if (hid_layer.bytes_buffered >= hid_layer.req_len)
{
u2f_request((struct u2f_request_apdu *)hid_layer.buffer);
}
}
break;
case U2FHID_PING:
//u2f_prints("U2F PING\r\n");
if (!u2f_hid_busy())
{
u2f_hid_set_len(U2FHID_LEN(req));
u2f_hid_writeback(req->pkt.init.payload, MIN(hid_layer.res_len, U2FHID_INIT_PAYLOAD_SIZE));
}
else
{
u2f_hid_writeback(req->pkt.cont.payload, MIN(hid_layer.res_len - hid_layer.bytes_written, U2FHID_CONT_PAYLOAD_SIZE));
}
if (hid_layer.res_len == hid_layer.bytes_written) u2f_hid_flush();
break;
case U2FHID_WINK:
if (U2FHID_LEN(req) != 0)
{
// this one is safe
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
}
u2f_hid_set_len(0);
u2f_hid_writeback(NULL, 0);
u2f_hid_flush();
app_wink(U2F_COLOR_WINK);
break;
case U2FHID_LOCK:
secs = req->pkt.init.payload[0];
if (secs > 10)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_PAR);
}
else
{
_hid_lock_cid = hid_layer.current_cid;
_hid_lockt = get_ms() + 1000 * secs;
u2f_hid_set_len(0);
u2f_hid_writeback(NULL, 0);
u2f_hid_flush();
}
break;
default:
set_app_error(ERROR_HID_INVALID_CMD);
stamp_error(hid_layer.current_cid, ERR_INVALID_CMD);
}
return;
fail:
u2f_prints("U2F HID FAIL\r\n");
return;
}
// return 0 if finished
// return 1 if expecting more cont packets
static uint8_t hid_u2f_parse(struct u2f_hid_msg* req)
{
uint16_t len = 0;
uint8_t secs;
struct u2f_hid_init_response * init_res = appdata.tmp;
switch(hid_layer.current_cmd)
{
case U2FHID_INIT:
if (U2FHID_LEN(req) != 8)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
goto fail;
}
u2f_hid_set_len(17);
if (hid_layer.current_cid == U2FHID_BROADCAST)
{
if (hid_layer.current_cid == 0)
{
set_app_error(ERROR_OUT_OF_CIDS);
goto fail;
}
init_res->cid = get_new_cid();
}
else
{
init_res->cid = hid_layer.current_cid;
}
init_res->version_id = 2;
init_res->version_major = 2;
init_res->version_minor = 0;
init_res->version_build = 0;
#ifdef U2F_SUPPORT_WINK && CAPABILITY_LOCK
init_res->cflags = CAPABILITY_WINK | CAPABILITY_LOCK;
#elif U2F_SUPPORT_WINK
init_res->cflags = CAPABILITY_WINK;
#elif CAPABILITY_LOCK
init_res->cflags = CAPABILITY_LOCK;
#else
init_res->cflags = 0;
#endif
// write back the same data nonce
u2f_hid_writeback(req->pkt.init.payload, 8);
u2f_hid_writeback((uint8_t *)init_res, 9);
u2f_hid_flush();
hid_layer.current_cid = init_res->cid;
break;
case U2FHID_MSG:
if (U2FHID_LEN(req) < 4)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
goto fail;
}
// buffer 2 payloads (120 bytes) to get full U2F message
// assuming key handle is < 45 bytes
// 7 bytes for apdu header
// 7 + 66 bytes + key handle for authenticate message
// 7 + 64 for register message
if (hid_layer.bytes_buffered == 0)
{
start_buffering(req);
if (hid_layer.bytes_buffered >= U2FHID_LEN(req))
{
u2f_request((struct u2f_request_apdu *)hid_layer.buffer);
}
}
else
{
buffer_request(req);
if (hid_layer.bytes_buffered >= hid_layer.req_len)
{
u2f_request((struct u2f_request_apdu *)hid_layer.buffer);
}
}
break;
case U2FHID_PING:
if (hid_layer.bytes_buffered == 0)
{
start_buffering(req);
u2f_hid_set_len(U2FHID_LEN(req));
if (hid_layer.bytes_buffered >= U2FHID_LEN(req))
{
u2f_hid_writeback(hid_layer.buffer,hid_layer.bytes_buffered);
u2f_hid_flush();
}
else
{
return 1;
}
}
else
{
if (hid_layer.bytes_buffered + U2FHID_CONT_PAYLOAD_SIZE > BUFFER_SIZE)
{
u2f_hid_writeback(hid_layer.buffer,hid_layer.bytes_buffered);
hid_layer.bytes_buffered = 0;
}
buffer_request(req);
if (hid_layer.bytes_buffered + hid_layer.bytes_written >= hid_layer.req_len)
{
u2f_hid_writeback(hid_layer.buffer,hid_layer.bytes_buffered);
u2f_hid_flush();
}
else
{
return 1;
}
}
break;
#ifdef U2F_SUPPORT_WINK
case U2FHID_WINK:
if (U2FHID_LEN(req) != 0)
{
// this one is safe
stamp_error(hid_layer.current_cid, ERR_INVALID_LEN);
}
u2f_hid_set_len(0);
u2f_hid_writeback(NULL, 0);
u2f_hid_flush();
app_wink(U2F_COLOR_WINK);
break;
#endif
#ifdef U2F_SUPPORT_HID_LOCK
case U2FHID_LOCK:
secs = req->pkt.init.payload[0];
if (secs > 10)
{
stamp_error(hid_layer.current_cid, ERR_INVALID_PAR);
}
else
{
if (secs)
{
_hid_lock_cid = hid_layer.current_cid;
_hid_lockt = get_ms() + 1000 * secs;
}
else
{
_hid_lockt = get_ms();
_hid_lock_cid = 0;
}
hid_layer.current_cmd = U2FHID_LOCK;
u2f_hid_set_len(0);
u2f_hid_writeback(NULL, 0);
u2f_hid_flush();
}
break;
#endif
default:
set_app_error(ERROR_HID_INVALID_CMD);
stamp_error(hid_layer.current_cid, ERR_INVALID_CMD);
u2f_printb("invalid cmd: ",1,hid_layer.current_cmd);
}
return u2f_hid_busy();
fail:
u2f_prints("U2F HID FAIL\r\n");
return 0;
}