clone/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido synced 2026-06-04 20:09:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply strict build.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2026-03-08 19:27:32 +01:00
parent 1795f5c330
commit 24978a5476
23 changed files with 179 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/fido/fido.c
View File

@@ -34,12 +34,12 @@
#include <math.h>
#include "management.h"
#include "hid/ctap_hid.h"
#include "ctap2_cbor.h"
#include "version.h"
#include "crypto_utils.h"
#include "otp.h"
int fido_process_apdu();
int fido_unload();
static int fido_unload(void);
pinUvAuthToken_t paut = { 0 };
persistentPinUvAuthToken_t ppaut = { 0 };
@@ -64,14 +64,14 @@ const uint8_t atr_fido[] = {
0x75, 0x62, 0x69, 0x4b, 0x65, 0x79, 0x40
};
uint8_t fido_get_version_major() {
static uint8_t fido_get_version_major(void) {
return PICO_FIDO_VERSION_MAJOR;
}
uint8_t fido_get_version_minor() {
static uint8_t fido_get_version_minor(void) {
return PICO_FIDO_VERSION_MINOR;
}
int fido_select(app_t *a, uint8_t force) {
static int fido_select(app_t *a, uint8_t force) {
(void) force;
if (cap_supported(CAP_FIDO2)) {
a->process_apdu = fido_process_apdu;
@@ -81,8 +81,8 @@ int fido_select(app_t *a, uint8_t force) {
return PICOKEY_ERR_FILE_NOT_FOUND;
}
extern uint8_t (*get_version_major)();
extern uint8_t (*get_version_minor)();
extern uint8_t (*get_version_major)(void);
extern uint8_t (*get_version_minor)(void);
INITIALIZER ( fido_ctor ) {
#if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION)
@@ -94,7 +94,7 @@ INITIALIZER ( fido_ctor ) {
register_app(fido_select, fido_aid_backup);
}
int fido_unload() {
static int fido_unload(void) {
return PICOKEY_OK;
}
@@ -173,14 +173,18 @@ int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecp_keypair *key) {
}
uint8_t key_path[KEY_PATH_LEN];
memcpy(key_path, cred_id, KEY_PATH_LEN);
*(uint32_t *) key_path = 0x80000000 | 10022;
uint32_t key_path_first = 0x80000000u | 10022u;
memcpy(key_path, &key_path_first, sizeof(key_path_first));
for (size_t i = 1; i < KEY_PATH_ENTRIES; i++) {
*(uint32_t *) (key_path + i * sizeof(uint32_t)) |= 0x80000000;
uint32_t part = 0;
memcpy(&part, key_path + i * sizeof(uint32_t), sizeof(part));
part |= 0x80000000u;
memcpy(key_path + i * sizeof(uint32_t), &part, sizeof(part));
}
return derive_key(NULL, false, key_path, mbedtls_curve, key);
}
int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffer_size) {
static int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffer_size) {
mbedtls_x509write_cert ctx;
mbedtls_x509write_crt_init(&ctx);
mbedtls_x509write_crt_set_version(&ctx, MBEDTLS_X509_CRT_VERSION_3);
@@ -260,7 +264,8 @@ int load_keydev(uint8_t key[32]) {
int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecp_keypair *key) {
for (size_t i = 0; i < KEY_PATH_ENTRIES; i++) {
uint32_t k = *(uint32_t *) &keyHandle[i * sizeof(uint32_t)];
uint32_t k = 0;
memcpy(&k, &keyHandle[i * sizeof(uint32_t)], sizeof(k));
if (!(k & 0x80000000)) {
return -1;
}
@@ -331,7 +336,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur
if (cinfo->bit_size % 8 != 0) {
outk[0] >>= 8 - (cinfo->bit_size % 8);
}
r = mbedtls_ecp_read_key(curve, key, outk, (size_t)ceil((float) cinfo->bit_size / 8));
r = mbedtls_ecp_read_key(curve, key, outk, (size_t)((cinfo->bit_size + 7) / 8));
mbedtls_platform_zeroize(outk, sizeof(outk));
if (r != 0) {
return r;
@@ -364,7 +369,7 @@ int encrypt_keydev_f1(const uint8_t keydev[32]) {
return ret;
}
int scan_files_fido() {
int scan_files_fido(void) {
ef_keydev = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
ef_keydev_enc = search_by_fid(EF_KEY_DEV_ENC, NULL, SPECIFY_EF);
ef_mkek = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
@@ -478,14 +483,13 @@ int scan_files_fido() {
return PICOKEY_OK;
}
void scan_all() {
void scan_all(void) {
scan_flash();
scan_files_fido();
}
extern void init_otp();
extern bool needs_power_cycle;
void init_fido() {
void init_fido(void) {
scan_all();
#ifdef ENABLE_OTP_APP
init_otp();
@@ -493,7 +497,7 @@ void init_fido() {
needs_power_cycle = false;
}
bool wait_button_pressed() {
bool wait_button_pressed(void) {
uint32_t val = EV_PRESS_BUTTON;
#if defined(PICO_PLATFORM) || defined(ESP_PLATFORM)
queue_try_add(&card_to_usb_q, &val);
@@ -506,7 +510,7 @@ bool wait_button_pressed() {
uint32_t user_present_time_limit = 0;
bool check_user_presence() {
bool check_user_presence(void) {
if (user_present_time_limit == 0 || user_present_time_limit + TRANSPORT_TIME_LIMIT < board_millis()) {
if (wait_button_pressed() == true) { //timeout
return false;
@@ -516,12 +520,12 @@ bool check_user_presence() {
return true;
}
uint32_t get_sign_counter() {
uint32_t get_sign_counter(void) {
uint8_t *caddr = file_get_data(ef_counter);
return get_uint32_t_le(caddr);
}
uint8_t get_opts() {
uint8_t get_opts(void) {
file_t *ef = search_by_fid(EF_OPTS, NULL, SPECIFY_EF);
if (file_has_data(ef)) {
return *file_get_data(ef);
@@ -535,16 +539,9 @@ void set_opts(uint8_t opts) {
low_flash_available();
}
extern int cmd_register();
extern int cmd_authenticate();
extern int cmd_version();
extern int cbor_parse(int, uint8_t *, size_t);
extern int cbor_vendor(const uint8_t *data, size_t len);
extern void driver_init_hid();
#define CTAP_CBOR 0x10
int cmd_vendor() {
static int cmd_vendor(void) {
uint8_t *old_buf = res_APDU;
driver_init_hid();
int ret = cbor_vendor(apdu.data, apdu.nc);
@@ -557,7 +554,7 @@ int cmd_vendor() {
return SW_OK();
}
int cmd_cbor() {
static int cmd_cbor(void) {
uint8_t *old_buf = res_APDU;
driver_init_hid();
int ret = cbor_parse(0x90, apdu.data, apdu.nc);
@@ -579,7 +576,7 @@ static const cmd_t cmds[] = {
{ 0x00, 0x0 }
};
int fido_process_apdu() {
int fido_process_apdu(void) {
if (CLA(apdu) != 0x00 && CLA(apdu) != 0x80) {
return SW_CLA_NOT_SUPPORTED();
}