webadmin/pico-keys-sdk
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-keys-sdk synced 2026-05-31 10:31:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: webadmin:v1.0
Branches Tags
webadmin:main
webadmin:v8.5 webadmin:v8.4 webadmin:v8.0 webadmin:v7.0 webadmin:v5.0 webadmin:v3.4 webadmin:v3.2 webadmin:v3.0 webadmin:v2.0 webadmin:v1.1 webadmin:v1.0
..
compare: webadmin:v3.4
Branches Tags
webadmin:main
webadmin:v8.5 webadmin:v8.4 webadmin:v8.0 webadmin:v7.0 webadmin:v5.0 webadmin:v3.4 webadmin:v3.2 webadmin:v3.0 webadmin:v2.0 webadmin:v1.1 webadmin:v1.0

117 Commits
v1.0 ... v3.4

Author SHA1 Message Date
Pol Henarejos
657913d29a Upgrading version 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-25 18:14:18 +02:00
Pol Henarejos
18fa1d7f37 Reseting previous command if new arrives. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-25 18:09:37 +02:00
Pol Henarejos
f123108c3e Added variable to cancel button press. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-23 18:07:38 +02:00
Pol Henarejos
f8590ba8c7 Added CTAPHID_CANCEL support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-23 18:07:27 +02:00
Pol Henarejos
4d7101b802 Fix send_keepalive with auxiliary buffer. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 23:53:55 +02:00
Pol Henarejos
7fded7234b Adding extra buffer to tx. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 22:52:56 +02:00
Pol Henarejos
988d4e23c2 Fix combining APDU MSG and keepalive. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 22:52:41 +02:00
Pol Henarejos
c23f17107a Random functions shall be called for each core, otherwise it will hung. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 20:18:05 +02:00
Pol Henarejos
91e2b7f643 Fix reading corrupted memory. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:24:17 +02:00
Pol Henarejos
3092da23ed card_init_core1() shall be called from every thread launched on core1. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:24:07 +02:00
Pol Henarejos
e29521fcf6 Multiple bug fixes to pass HID tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:23:39 +02:00
Pol Henarejos
d2e54b04db Adding variable button timeout. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:22:44 +02:00
Pol Henarejos
4ab68cc822 HID fixes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 14:05:39 +02:00
Pol Henarejos
e1914556ec Fix debug_data 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 09:59:02 +02:00
Pol Henarejos
287be74921 Adding macro for easy debug. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 09:29:43 +02:00
Pol Henarejos
5a4aff7008 Adding KEEP_ALIVE response. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-20 15:31:34 +02:00
Pol Henarejos
8b97791d8f Reorganizing core0/core1 split. 
Now CBOR and APDU (i.e., intensive processing) areas are executed on core1, while core0 is dedicated for hardware tasks (usb, button, led, etc.).
 2022-09-20 14:39:59 +02:00
Pol Henarejos
847005d94f Adding support for clientPIN. 
It does not pass the tests yet.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-19 17:20:52 +02:00
Pol Henarejos
68f43f3cb2 Adding functions for calling random in core0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-16 00:49:10 +02:00
Pol Henarejos
4c49e59edc Major CTAP refactoring. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-15 14:16:40 +02:00
Pol Henarejos
633593aae3 Adding chacha sources. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-15 14:16:30 +02:00
Pol Henarejos
42f3c67c61 Adding Credentials structure. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-14 17:27:00 +02:00
Pol Henarejos
493a88538a Adding support for ChaCha20 with Poly1305. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-14 17:26:45 +02:00
Pol Henarejos
607f7c50d4 Adding some macros for CBOR parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-14 00:08:05 +02:00
Pol Henarejos
2cb59d57d2 Adding first attempt of adding make_credential. 
It requires lot of efforts to parse CBOR incoming data.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-13 20:37:15 +02:00
Pol Henarejos
a8e1fe5842 Adding CBOR parser routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-13 20:36:27 +02:00
Pol Henarejos
d1530733a2 Lots of fixes with CBOR encoding cbor_get_info(). 
- Numeric fields shall be encoded with uint and NOT with simple, despite are < 24.
- maxCredentialCountInList and maxCredentialIdLength only accept uint values.
- up shall not be present (assumed True always).
- Also added cbor_reset(). It does nothing but ok.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-12 00:50:38 +02:00
Pol Henarejos
4538d6ef14 Add TinyCBOR library compile. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-09 20:43:18 +02:00
Pol Henarejos
4a1bddb3d5 Adding cbor_get_info(). 
This is the first funciont that uses TinyCBOR to encode the cbor message.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-09 20:35:11 +02:00
Pol Henarejos
c6a129b6ad Add TinyCBOR for CBOR encoding/decoding. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-09 20:33:42 +02:00
Pol Henarejos
abd52c34ba Added CBOR processing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 20:37:21 +02:00
Pol Henarejos
7aeac46eef Adding CTAP2 commands. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 17:49:56 +02:00
Pol Henarejos
867d4637ee Moving from U2F to CTAP1. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 17:35:40 +02:00
Pol Henarejos
7491021102 Fix initializing variables. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 16:38:13 +02:00
Pol Henarejos
9b137f6f08 Moved to FIDO. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 13:50:28 +02:00
Pol Henarejos
3f492b9272 Upgrade version to v3.2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 13:45:30 +02:00
Pol Henarejos
799733203b Added SYNC command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 13:24:03 +02:00
Pol Henarejos
0be497e713 Added LOCK command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 13:12:17 +02:00
Pol Henarejos
e23dead31d Add PING command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 12:56:32 +02:00
Pol Henarejos
4d9faccedb Added some sanity checks. 
Also fix u2f_error report.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 12:13:34 +02:00
Pol Henarejos
f47df94dfb Added some string descriptors. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 10:45:25 +02:00
Pol Henarejos
c0123aa669 Adding blink in 1 second on WINK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-06 16:09:02 +02:00
Pol Henarejos
43dfb0cde5 Fix APDU processing for small packets. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 17:30:05 +02:00
Pol Henarejos
f14e029094 Adding x509 routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 17:05:51 +02:00
Pol Henarejos
f14cc8dba5 Clearing tx buffer for every transmission. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 16:47:07 +02:00
Pol Henarejos
16a1981dc3 When a packet > 57 bytes is sent, it must be chunked. 
Once the packet is sent, a callback is triggered to send the next chunk.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 11:29:04 +02:00
Pol Henarejos
9ccd10fcea Adding x509 functions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-02 19:08:45 +02:00
Pol Henarejos
a6506e6c95 Adding missing headers. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-02 19:08:33 +02:00
Pol Henarejos
3e73d6569b Disabling MbedTLS with FS. 2022-09-02 19:08:25 +02:00
Pol Henarejos
214ec2b9ae Adding support for U2F_MSG 2022-09-02 18:02:31 +02:00
Pol Henarejos
1d2a461086 Adding missing file. 2022-08-31 14:18:14 +02:00
Pol Henarejos
8075352fab Upgrading version to v3.0 2022-08-31 13:55:29 +02:00
Pol Henarejos
cd3812ecca Creating a cmake library to be added by other projects. 2022-08-31 13:55:14 +02:00
Pol Henarejos
2f565f23e0 Small debug fix 2022-08-30 17:48:25 +02:00
Pol Henarejos
93ac6c2128 Fix addressing apdu. 2022-08-30 16:57:37 +02:00
Pol Henarejos
13983bdd68 Fix compiling with disabled debug apdu. 2022-08-30 16:57:12 +02:00
Pol Henarejos
b42e2b5493 Fix processing apdu. 2022-08-30 16:57:01 +02:00
Pol Henarejos
b75e5a6619 Not used anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-30 13:22:21 +02:00
Pol Henarejos
40288a85f1 It's a major reorganization. 
In order to add FIDO2 support, we need to reorganize some USB/CCID calls to specific area (named driver).
Thus, pico-hsm-sdk has two drivers:
- CCID driver implements APDU over USB/CCID ISO-7816 standard procedures.
- HID driver implements APDU over HID.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-30 02:00:11 +02:00
Pol Henarejos
2236501d20 Upgrading pico-ccid to version 2.2 2022-08-29 11:31:48 +02:00
Pol Henarejos
61536fa41a Adding extern to random_gen() 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 13:37:34 +02:00
Pol Henarejos
8e5d33c4ba Removing trailing spaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-19 01:44:03 +02:00
Pol Henarejos
33b33fdbba neug_get() does not have any argument. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:54:10 +02:00
Pol Henarejos
7738c1902e Added permanent memory region to store data that remains persistent even after an initialization. To delete it, the device must be fully wiped. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 19:48:13 +02:00
Pol Henarejos
2df878232b File new should return file_t pointer if it exists in the file table. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 11:57:01 +02:00
Pol Henarejos
be86197b0b Added macro to disable APDU debug. 
It will speed up the device notably.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-14 19:12:17 +02:00
Pol Henarejos
d1b52d9521 PUK AUT may return 0x9001. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-12 18:07:13 +02:00
Pol Henarejos
3397f25bf0 Simply generic_hash() 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 16:37:06 +02:00
Pol Henarejos
9ea71fb45b Fix DEBUG_PAYLOAD(). 
It might overlap variables.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-09 17:28:27 +02:00
Pol Henarejos
fe53f9a729 Another fix with RAPDU in C0. 
A STATUS_SLOT may be sent in between of consecutive C0. Thus, RAPDU shall be reset on every answer, even if it is partial.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 02:18:32 +02:00
Pol Henarejos
f44658eb63 Fix preparing next RAPDU in C0 response. 2022-06-06 01:44:41 +02:00
Pol Henarejos
2b8c23f593 Upgrading to version 2.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 00:11:24 +02:00
Pol Henarejos
9cfe762043 low_flash_available() should be called outside. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:11:14 +02:00
Pol Henarejos
07305e6fd7 Fix returning error message. 
If return code is not 0x9000, RAPDU is cleared.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 16:04:31 +02:00
Pol Henarejos
8bdcfa1041 Replacing with asn1 tag len function. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:16:25 +02:00
Pol Henarejos
7249fb129b Using custom mbedtls configuration file. 
We disable lots of unwanted algorithms and suites and we only keep those are used.
 2022-06-01 12:57:24 +02:00
Pol Henarejos
199095c204 Moving some ASN1 procedures to a separate file. 2022-06-01 09:45:27 +02:00
Pol Henarejos
67efd73a96 Not used anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 20:38:43 +02:00
Pol Henarejos
fa4ecf658f Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
8d409023bf Fix Ne value for legacy apdu. 2022-05-31 00:04:46 +02:00
Pol Henarejos
950e276ee8 Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
ef52ae37d3 Reorganizing usb layer. 2022-05-30 12:20:42 +02:00
Pol Henarejos
58e9e67ee5 Fix with data and extended length. 2022-05-30 00:51:36 +02:00
Pol Henarejos
acde4c54d5 Fix timeout. 2022-05-30 00:14:44 +02:00
Pol Henarejos
46603fa390 If the he packet is multiple 64 bytes, we trunk it. 
It is a weird bug that affects PHY of rp2040.
 2022-05-29 03:34:22 +02:00
Pol Henarejos
8bb47e7979 Compilation fixes in debug mode 2022-05-29 03:33:40 +02:00
Pol Henarejos
e0bff38384 Moving again to TinyUSB 2022-05-29 01:52:44 +02:00
Pol Henarejos
152a2fa031 Fix warnings 2022-05-27 20:58:28 +02:00
Pol Henarejos
79878a76c2 More fixes 2022-05-27 09:04:08 +02:00
Pol Henarejos
da871e695e More and more fixes. 2022-05-27 00:36:44 +02:00
Pol Henarejos
d4b0978d50 More fixes 2022-05-26 14:15:16 +02:00
Pol Henarejos
77ce276b59 First attempt to run away from tinyUSB to our code. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-26 00:03:38 +02:00
Pol Henarejos
56453b60d6 Added fmd flag to wrap FCP to include later the FMD. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:30:01 +02:00
Pol Henarejos
bd178c86e4 Added check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:52:31 +02:00
Pol Henarejos
cd6a2dd4b5 Fix for new meta data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:52:01 +02:00
Pol Henarejos
24502966ce Fix finding meta_data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:41:04 +02:00
Pol Henarejos
3431293d43 Optimized special case when new meta data length is the same. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 15:54:07 +02:00
Pol Henarejos
21f70601b4 Avoid unnecessary memcpy 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 15:20:59 +02:00
Pol Henarejos
c4e781103f Fix with write offsets. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:43:08 +02:00
Pol Henarejos
6c90ce3361 Add meta functions for manipulating meta data. 
Added meta_add(), meta_delete() and meta_find().
It conveys this meta data throught tag A5 of FCP.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:42:54 +02:00
Pol Henarejos
1a58422cd8 flash_write_data_to_file() now accepts offset argument. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:28:30 +02:00
Pol Henarejos
5a30c7cbdc format_tlv_len() accepts NULL argument. 
In that case, it returns the length of the length in bytes.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:27:49 +02:00
Pol Henarejos
5e2fc081f1 Added high level functions for reading file and returning file size. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:18:43 +02:00
Pol Henarejos
d19429cb84 Fix handling dynamic files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 19:56:26 +02:00
Pol Henarejos
7ed4cb912e These fids are propertary. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:43:09 +02:00
Pol Henarejos
efb6c8d8cd Adding Life-cycle status to FCP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:49:30 +02:00
Pol Henarejos
f7d30d7f4d Adding FCP tag template. Some apps could require FMD tag. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:37:57 +02:00
Pol Henarejos
de39035d9f FCI name (tag 84) has 16 bytes max length. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:34:00 +02:00
Pol Henarejos
ae935d19f8 Fix sending FCI name tag. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:33:14 +02:00
Pol Henarejos
de04dd6121 Should be with this values. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:27:01 +02:00
Pol Henarejos
9c5250f6ca Adding timeout for press button of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:03:17 +02:00
Pol Henarejos
cddc3b2dec Adding name to FCP 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-20 14:13:43 +02:00
Pol Henarejos
16f23dfa6c Upgrading to v1.1. 2022-04-19 19:22:22 +02:00
Pol Henarejos
5e51c9a072 Renaming version file. 2022-04-19 19:13:58 +02:00
Pol Henarejos
7d4f9e4f1f Adding EAC and some crypto functions. 
Adding MBEDTLS submodule to core.
 2022-04-19 19:09:38 +02:00
Pol Henarejos
39efd9b170 Setting version of CCID core module. 2022-04-19 18:55:43 +02:00
Pol Henarejos
cffee4264a Defining ATR not in the core. 2022-04-19 18:37:42 +02:00
40 changed files with 6971 additions and 2080 deletions
Expand all files Collapse all files

6
.gitmodules vendored Normal file
View File

@@ -0,0 +1,6 @@
[submodule "mbedtls"]
path = mbedtls
url = https://github.com/ARMmbed/mbedtls
[submodule "tinycbor"]
path = tinycbor
url = https://github.com/intel/tinycbor.git

46
CMakeLists.txt
View File

@@ -1,5 +1,5 @@
#
# This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
# This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
@@ -19,48 +19,22 @@ cmake_minimum_required(VERSION 3.13)
include(pico_sdk_import.cmake)
project(pico_ccid C CXX ASM)
project(pico_hsm_sdk C CXX ASM)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
pico_sdk_init()
add_executable(pico_ccid)
add_executable(pico_hsm_sdk_exe)
if (NOT DEFINED USB_VID)
set(USB_VID 0xFEFF)
endif()
add_definitions(-DUSB_VID=${USB_VID})
if (NOT DEFINED USB_PID)
set(USB_PID 0xFCFD)
endif()
add_definitions(-DUSB_PID=${USB_PID})
include(pico_hsm_sdk.cmake)
set_source_files_properties(
${CMAKE_CURRENT_LIST_DIR}/OpenSC/src/libopensc/ctx.c
PROPERTIES COMPILE_DEFINITIONS "PACKAGE_VERSION=\"0.22.0\";OPENSC_CONF_PATH=\".\""
)
target_compile_options(pico_hsm_sdk_exe PUBLIC
-Wall
-Werror
)
target_sources(pico_ccid PUBLIC
${CMAKE_CURRENT_LIST_DIR}/src/ccid/ccid2040.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/file.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/flash.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/low_flash.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/random.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/neug.c
)
pico_add_extra_outputs(pico_hsm_sdk_exe)
target_include_directories(pico_ccid PUBLIC
${CMAKE_CURRENT_LIST_DIR}/src/fs
${CMAKE_CURRENT_LIST_DIR}/src/ccid
${CMAKE_CURRENT_LIST_DIR}/src/rng
${CMAKE_CURRENT_LIST_DIR}/src/usb
)
pico_add_extra_outputs(pico_ccid)
#target_compile_definitions(pico_ccid PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
target_link_libraries(pico_ccid PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
target_link_libraries(pico_hsm_sdk_exe PRIVATE pico_hsm_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)

3322
config/mbedtls_config.h Normal file
View File

File diff suppressed because it is too large Load Diff

1
mbedtls Submodule

Submodule mbedtls added at d65aeb3734

127
pico_hsm_sdk_import.cmake Normal file
View File

@@ -0,0 +1,127 @@
#
# This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
if (NOT DEFINED USB_VID)
set(USB_VID 0xFEFF)
endif()
add_definitions(-DUSB_VID=${USB_VID})
if (NOT DEFINED USB_PID)
set(USB_PID 0xFCFD)
endif()
add_definitions(-DUSB_PID=${USB_PID})
if (NOT DEFINED DEBUG_APDU)
set(DEBUG_APDU 0)
endif()
if (NOT DEFINED HSM_DRIVER)
set(HSM_DRIVER "ccid")
endif()
add_definitions(-DDEBUG_APDU=${DEBUG_APDU})
configure_file(${CMAKE_CURRENT_LIST_DIR}/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include/mbedtls COPYONLY)
message(STATUS "HSM driver: ${HSM_DRIVER}")
message(STATUS "USB VID/PID: ${USB_VID}:${USB_PID}")
configure_file(${CMAKE_CURRENT_LIST_DIR}/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include/mbedtls COPYONLY)
if (NOT TARGET pico_hsm_sdk)
pico_add_impl_library(pico_hsm_sdk)
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/main.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/usb.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/file.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/flash.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/low_flash.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/random.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/hwrng.c
${CMAKE_CURRENT_LIST_DIR}/src/eac.c
${CMAKE_CURRENT_LIST_DIR}/src/crypto_utils.c
${CMAKE_CURRENT_LIST_DIR}/src/asn1.c
${CMAKE_CURRENT_LIST_DIR}/src/apdu.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/aes.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1parse.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1write.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/bignum.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cmac.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cipher.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cipher_wrap.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/constant_time.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdsa.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdh.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp_curves.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/hkdf.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md5.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/oid.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/platform_util.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ripemd160.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/rsa.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/rsa_alt_helpers.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha1.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha256.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha512.c
)
if (${HSM_DRIVER} STREQUAL "ccid")
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid/ccid.c
)
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid
)
elseif (${HSM_DRIVER} STREQUAL "hid")
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid/hid.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/tinycbor/src/cborencoder.c
${CMAKE_CURRENT_LIST_DIR}/tinycbor/src/cborparser.c
${CMAKE_CURRENT_LIST_DIR}/tinycbor/src/cborparser_dup_string.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/x509write_crt.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/x509_create.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/pk.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/pk_wrap.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/pkwrite.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/pkwrite.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/chachapoly.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/chacha20.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/poly1305.c
)
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid
${CMAKE_CURRENT_LIST_DIR}/tinycbor/src
)
endif()
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src
${CMAKE_CURRENT_LIST_DIR}/src/usb
${CMAKE_CURRENT_LIST_DIR}/src/fs
${CMAKE_CURRENT_LIST_DIR}/src/rng
${CMAKE_CURRENT_LIST_DIR}/mbedtls/include
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library
)
target_link_libraries(pico_hsm_sdk INTERFACE pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
endif()

186
src/apdu.c Normal file
View File

@@ -0,0 +1,186 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "apdu.h"
#include "hsm.h"
#include "usb.h"
#include <stdio.h>
uint8_t *rdata_gr = NULL;
uint16_t rdata_bk = 0x0;
extern uint32_t timeout;
int process_apdu() {
led_set_blink(BLINK_PROCESSING);
if (!current_app)
{
if (INS(apdu) == 0xA4 && P1(apdu) == 0x04 && (P2(apdu) == 0x00 || P2(apdu) == 0x4)) { //select by AID
for (int a = 0; a < num_apps; a++) {
if ((current_app = apps[a].select_aid(&apps[a]))) {
return set_res_sw(0x90,0x00);
}
}
}
return set_res_sw(0x6a, 0x82);
}
if (current_app->process_apdu)
return current_app->process_apdu();
return set_res_sw(0x6D, 0x00);
}
size_t apdu_process(const uint8_t *buffer, size_t buffer_size) {
apdu.header = (uint8_t *)buffer;
apdu.nc = apdu.ne = 0;
if (buffer_size == 4) {
apdu.nc = apdu.ne = 0;
if (apdu.ne == 0)
apdu.ne = 256;
}
else if (buffer_size == 5) {
apdu.nc = 0;
apdu.ne = apdu.header[4];
if (apdu.ne == 0)
apdu.ne = 256;
}
else if (apdu.header[4] == 0x0 && buffer_size >= 7) {
if (buffer_size == 7) {
apdu.ne = (apdu.header[5] << 8) | apdu.header[6];
if (apdu.ne == 0)
apdu.ne = 65536;
}
else {
apdu.ne = 0;
apdu.nc = (apdu.header[5] << 8) | apdu.header[6];
apdu.data = apdu.header+7;
if (apdu.nc+7+2 == buffer_size) {
apdu.ne = (apdu.header[buffer_size-2] << 8) | apdu.header[buffer_size-1];
if (apdu.ne == 0)
apdu.ne = 65536;
}
}
}
else {
apdu.nc = apdu.header[4];
apdu.data = apdu.header+5;
apdu.ne = 0;
if (apdu.nc+5+1 == buffer_size) {
apdu.ne = apdu.header[buffer_size-1];
if (apdu.ne == 0)
apdu.ne = 256;
}
}
//printf("apdu.nc %ld, apdu.ne %ld\r\n",apdu.nc,apdu.ne);
if (apdu.header[1] == 0xc0) {
//printf("apdu.ne %ld, apdu.rlen %d, bk %x\r\n",apdu.ne,apdu.rlen,rdata_bk);
timeout_stop();
*(uint16_t *)rdata_gr = rdata_bk;
if (apdu.rlen <= apdu.ne) {
driver_exec_finished_cont(apdu.rlen+2, rdata_gr-usb_get_tx());
}
else {
rdata_gr += apdu.ne;
rdata_bk = *rdata_gr;
rdata_gr[0] = 0x61;
if (apdu.rlen - apdu.ne >= 256)
rdata_gr[1] = 0;
else
rdata_gr[1] = apdu.rlen - apdu.ne;
driver_exec_finished_cont(apdu.ne+2, rdata_gr-apdu.ne-usb_get_tx());
apdu.rlen -= apdu.ne;
}
//Prepare next RAPDU
apdu.sw = 0;
apdu.rlen = 0;
usb_prepare_response();
return 0;
}
else {
apdu.sw = 0;
apdu.rlen = 0;
apdu.rdata = usb_prepare_response();
rdata_gr = apdu.rdata;
return 1;
}
return 0;
}
uint16_t set_res_sw(uint8_t sw1, uint8_t sw2) {
apdu.sw = (sw1 << 8) | sw2;
if (sw1 != 0x90)
res_APDU_size = 0;
return make_uint16_t(sw1, sw2);
}
void apdu_thread() {
card_init_core1();
while (1) {
uint32_t m;
queue_remove_blocking(&usb_to_card_q, &m);
if (m == EV_VERIFY_CMD_AVAILABLE || m == EV_MODIFY_CMD_AVAILABLE)
{
set_res_sw (0x6f, 0x00);
goto done;
}
else if (m == EV_EXIT) {
if (current_app && current_app->unload) {
current_app->unload();
}
break;
}
process_apdu();
done:;
apdu_finish();
finished_data_size = apdu_next();
uint32_t flag = EV_EXEC_FINISHED;
queue_add_blocking(&card_to_usb_q, &flag);
}
//printf("EXIT !!!!!!\r\n");
if (current_app && current_app->unload)
current_app->unload();
}
void apdu_finish() {
apdu.rdata[apdu.rlen] = apdu.sw >> 8;
apdu.rdata[apdu.rlen+1] = apdu.sw & 0xff;
timeout_stop();
if ((apdu.rlen + 2 + 10) % 64 == 0)
{ // FIX for strange behaviour with PSCS and multiple of 64
apdu.ne = apdu.rlen - 2;
}
}
size_t apdu_next() {
if (apdu.rlen <= apdu.ne)
return apdu.rlen + 2;
else {
rdata_gr = apdu.rdata+apdu.ne;
rdata_bk = *(uint16_t *)rdata_gr;
rdata_gr[0] = 0x61;
if (apdu.rlen - apdu.ne >= 256)
rdata_gr[1] = 0;
else
rdata_gr[1] = apdu.rlen - apdu.ne;
apdu.rlen -= apdu.ne;
}
return apdu.ne + 2;
}

97
src/apdu.h Normal file
View File

@@ -0,0 +1,97 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _APDU_H_
#define _APDU_H_
#include <stdlib.h>
#include "pico/stdlib.h"
#include <stdio.h>
typedef struct app {
const uint8_t *aid;
int (*process_apdu)();
struct app* (*select_aid)();
int (*unload)();
} app_t;
extern int register_app(app_t * (*)());
#if defined(DEBUG_APDU) && DEBUG_APDU == 1
#define DEBUG_PAYLOAD(_p,_s) { \
printf("Payload %s (%d bytes):\r\n", #_p,_s);\
for (int _i = 0; _i < _s; _i += 16) {\
printf("%07Xh : ",(unsigned int)(_i+_p));\
for (int _j = 0; _j < 16; _j++) {\
if (_j < _s-_i) printf("%02X ",(_p)[_i+_j]);\
else printf(" ");\
if (_j == 7) printf(" ");\
} printf(": "); \
for (int _j = 0; _j < MIN(16,_s-_i); _j++) {\
printf("%c",(_p)[_i+_j] == 0x0a || (_p)[_i+_j] == 0x0d ? '\\' : (_p)[_i+_j]);\
if (_j == 7) printf(" ");\
}\
printf("\r\n");\
} printf("\r\n"); \
}
#define DEBUG_DATA(_p, _s) \
{ \
printf("Data %s (%d bytes):\r\n", #_p, _s); \
for (int _i = 0; _i < _s; _i++) \
{ \
printf("%02X", (_p)[_i]); \
} \
printf("\n"); \
}
#else
#define DEBUG_PAYLOAD(_p,_s)
#define DEBUG_DATA(_p,_s)
#endif
extern uint8_t num_apps;
extern app_t apps[4];
extern app_t *current_app;
struct apdu {
uint8_t *header;
uint32_t nc;
uint32_t ne;
uint8_t *data;
uint16_t sw;
uint8_t *rdata;
uint16_t rlen;
} __packed;
#define CLA(a) a.header[0]
#define INS(a) a.header[1]
#define P1(a) a.header[2]
#define P2(a) a.header[3]
#define res_APDU apdu.rdata
#define res_APDU_size apdu.rlen
extern struct apdu apdu;
extern uint16_t set_res_sw (uint8_t sw1, uint8_t sw2);
extern int process_apdu();
extern size_t apdu_process(const uint8_t *buffer, size_t buffer_size);
extern void apdu_finish();
extern size_t apdu_next();
extern void apdu_thread();
#endif

91
src/asn1.c Normal file
View File

@@ -0,0 +1,91 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "asn1.h"
size_t asn1_len_tag(uint16_t tag, size_t len) {
size_t ret = 1+format_tlv_len(len, NULL)+len;
if (tag > 0x00ff)
return ret+1;
return ret;
}
int format_tlv_len(size_t len, uint8_t *out) {
if (len < 128) {
if (out)
*out = len;
return 1;
}
else if (len < 256) {
if (out) {
*out++ = 0x81;
*out++ = len;
}
return 2;
}
else {
if (out) {
*out++ = 0x82;
*out++ = (len >> 8) & 0xff;
*out++ = len & 0xff;
}
return 3;
}
return 0;
}
int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data) {
if (!p)
return 0;
if (!*p)
*p = (uint8_t *)cdata;
if (*p-cdata >= cdata_len)
return 0;
uint16_t tg = 0x0;
size_t tgl = 0;
tg = *(*p)++;
if ((tg & 0x1f) == 0x1f) {
tg <<= 8;
tg |= *(*p)++;
}
tgl = *(*p)++;
if (tgl == 0x82) {
tgl = *(*p)++ << 8;
tgl |= *(*p)++;
}
else if (tgl == 0x81) {
tgl = *(*p)++;
}
if (tag)
*tag = tg;
if (tag_len)
*tag_len = tgl;
if (data)
*data = *p;
*p = *p+tgl;
return 1;
}
bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data) {
uint16_t tag = 0x0;
uint8_t *p = NULL;
while (walk_tlv(data, data_len, &p, &tag, tag_len, tag_data)) {
if (itag == tag)
return true;
}
return false;
}

29
src/asn1.h Normal file
View File

@@ -0,0 +1,29 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ASN1_H_
#define _ASN1_H_
#include <stdlib.h>
#include "pico/stdlib.h"
extern int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data);
extern int format_tlv_len(size_t len, uint8_t *out);
extern bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data);
extern size_t asn1_len_tag(uint16_t tag, size_t len);
#endif

1575
src/ccid/ccid2040.c
View File

File diff suppressed because it is too large Load Diff

139
src/crypto_utils.c Normal file
View File

@@ -0,0 +1,139 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <pico/unique_id.h>
#include "mbedtls/md.h"
#include "mbedtls/sha256.h"
#include "mbedtls/aes.h"
#include "crypto_utils.h"
#include "hsm.h"
void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) {
uint8_t o1[32];
hash_multi(pin, len, o1);
for (int i = 0; i < sizeof(o1); i++)
o1[i] ^= pin[i%len];
hash_multi(o1, sizeof(o1), output);
}
void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]) {
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
int iters = 256;
pico_unique_board_id_t unique_id;
pico_get_unique_board_id(&unique_id);
mbedtls_sha256_starts (&ctx, 0);
mbedtls_sha256_update (&ctx, unique_id.id, sizeof(unique_id.id));
while (iters > len)
{
mbedtls_sha256_update (&ctx, input, len);
iters -= len;
}
if (iters > 0) // remaining iterations
mbedtls_sha256_update (&ctx, input, iters);
mbedtls_sha256_finish (&ctx, output);
mbedtls_sha256_free (&ctx);
}
void hash256(const uint8_t *input, size_t len, uint8_t output[32]) {
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts (&ctx, 0);
mbedtls_sha256_update (&ctx, input, len);
mbedtls_sha256_finish (&ctx, output);
mbedtls_sha256_free (&ctx);
}
void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output) {
mbedtls_md(mbedtls_md_info_from_type(md), input, len, output);
}
int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) {
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
uint8_t tmp_iv[IV_SIZE];
size_t iv_offset = 0;
memset(tmp_iv, 0, IV_SIZE);
if (iv)
memcpy(tmp_iv, iv, IV_SIZE);
int r = mbedtls_aes_setkey_enc(&aes, key, key_size);
if (r != 0)
return CCID_EXEC_ERROR;
if (mode == HSM_AES_MODE_CBC)
return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, len, tmp_iv, data, data);
return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, len, &iv_offset, tmp_iv, data, data);
}
int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) {
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
uint8_t tmp_iv[IV_SIZE];
size_t iv_offset = 0;
memset(tmp_iv, 0, IV_SIZE);
if (iv)
memcpy(tmp_iv, iv, IV_SIZE);
int r = mbedtls_aes_setkey_dec(&aes, key, key_size);
if (r != 0)
return CCID_EXEC_ERROR;
if (mode == HSM_AES_MODE_CBC)
return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
}
int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
return aes_encrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
}
int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
return aes_decrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
}
struct lv_data {
unsigned char *value;
uint8_t len;
};
struct ec_curve_mbed_id {
struct lv_data curve;
mbedtls_ecp_group_id id;
};
struct ec_curve_mbed_id ec_curves_mbed[] = {
{ { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 24}, MBEDTLS_ECP_DP_SECP192R1 },
{ { (unsigned char *) "\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 32}, MBEDTLS_ECP_DP_SECP256R1 },
{ { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF", 48}, MBEDTLS_ECP_DP_SECP384R1 },
{ { (unsigned char *) "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 66}, MBEDTLS_ECP_DP_SECP521R1 },
{ { (unsigned char *) "\xA9\xFB\x57\xDB\xA1\xEE\xA9\xBC\x3E\x66\x0A\x90\x9D\x83\x8D\x72\x6E\x3B\xF6\x23\xD5\x26\x20\x28\x20\x13\x48\x1D\x1F\x6E\x53\x77", 32}, MBEDTLS_ECP_DP_BP256R1 },
{ { (unsigned char *) "\x8C\xB9\x1E\x82\xA3\x38\x6D\x28\x0F\x5D\x6F\x7E\x50\xE6\x41\xDF\x15\x2F\x71\x09\xED\x54\x56\xB4\x12\xB1\xDA\x19\x7F\xB7\x11\x23\xAC\xD3\xA7\x29\x90\x1D\x1A\x71\x87\x47\x00\x13\x31\x07\xEC\x53", 48}, MBEDTLS_ECP_DP_BP384R1 },
{ { (unsigned char *) "\xAA\xDD\x9D\xB8\xDB\xE9\xC4\x8B\x3F\xD4\xE6\xAE\x33\xC9\xFC\x07\xCB\x30\x8D\xB3\xB3\xC9\xD2\x0E\xD6\x63\x9C\xCA\x70\x33\x08\x71\x7D\x4D\x9B\x00\x9B\xC6\x68\x42\xAE\xCD\xA1\x2A\xE6\xA3\x80\xE6\x28\x81\xFF\x2F\x2D\x82\xC6\x85\x28\xAA\x60\x56\x58\x3A\x48\xF3", 64}, MBEDTLS_ECP_DP_BP512R1 },
{ { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xEE\x37", 24}, MBEDTLS_ECP_DP_SECP192K1 },
{ { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFC\x2F", 32}, MBEDTLS_ECP_DP_SECP256K1 },
{ { NULL, 0 }, MBEDTLS_ECP_DP_NONE }
};
mbedtls_ecp_group_id ec_get_curve_from_prime(const uint8_t *prime, size_t prime_len) {
for (struct ec_curve_mbed_id *ec = ec_curves_mbed; ec->id != MBEDTLS_ECP_DP_NONE; ec++) {
if (prime_len == ec->curve.len && memcmp(prime, ec->curve.value, prime_len) == 0) {
return ec->id;
}
}
return MBEDTLS_ECP_DP_NONE;
}

48
src/crypto_utils.h Normal file
View File

@@ -0,0 +1,48 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CRYPTO_UTILS_H_
#define _CRYPTO_UTILS_H_
#include "stdlib.h"
#include "pico/stdlib.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
#define HSM_KEY_RSA 0x1
#define HSM_KEY_EC 0x10
#define HSM_KEY_AES 0x100
#define HSM_KEY_AES_128 0x300
#define HSM_KEY_AES_192 0x500
#define HSM_KEY_AES_256 0x900
#define HSM_AES_MODE_CBC 1
#define HSM_AES_MODE_CFB 2
#define IV_SIZE 16
extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]);
extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]);
extern void hash256(const uint8_t *input, size_t len, uint8_t output[32]);
extern void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output);
extern int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len);
extern int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len);
extern int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len);
extern int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len);
extern mbedtls_ecp_group_id ec_get_curve_from_prime(const uint8_t *prime, size_t prime_len);
#endif

276
src/eac.c Normal file
View File

@@ -0,0 +1,276 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "eac.h"
#include "crypto_utils.h"
#include "random.h"
#include "mbedtls/cmac.h"
#include "asn1.h"
#include "apdu.h"
static uint8_t nonce[8];
static uint8_t sm_kmac[16];
static uint8_t sm_kenc[16];
static MSE_protocol sm_protocol = MSE_NONE;
static mbedtls_mpi sm_mSSC;
static uint8_t sm_blocksize = 0;
static uint8_t sm_iv[16];
size_t sm_session_pin_len = 0;
uint8_t sm_session_pin[16];
bool is_secured_apdu() {
return (CLA(apdu) & 0xC);
}
void sm_derive_key(const uint8_t *input, size_t input_len, uint8_t counter, const uint8_t *nonce, size_t nonce_len, uint8_t *out) {
uint8_t *b = (uint8_t *)calloc(1, input_len+nonce_len+4);
if (input)
memcpy(b, input, input_len);
if (nonce)
memcpy(b+input_len, nonce, nonce_len);
b[input_len+nonce_len+3] = counter;
uint8_t digest[20];
generic_hash(MBEDTLS_MD_SHA1, b, input_len+nonce_len+4, digest);
memcpy(out, digest, 16);
free(b);
}
void sm_derive_all_keys(const uint8_t *derived, size_t derived_len) {
memcpy(nonce, random_bytes_get(8), 8);
sm_derive_key(derived, derived_len, 1, nonce, sizeof(nonce), sm_kenc);
sm_derive_key(derived, derived_len, 2, nonce, sizeof(nonce), sm_kmac);
mbedtls_mpi_init(&sm_mSSC);
mbedtls_mpi_grow(&sm_mSSC, sm_blocksize);
mbedtls_mpi_lset(&sm_mSSC, 0);
memset(sm_iv, 0, sizeof(sm_iv));
sm_session_pin_len = 0;
}
void sm_set_protocol(MSE_protocol proto) {
sm_protocol = proto;
if (proto == MSE_AES)
sm_blocksize = 16;
else if (proto == MSE_3DES)
sm_blocksize = 8;
}
MSE_protocol sm_get_protocol() {
return sm_protocol;
}
uint8_t *sm_get_nonce() {
return nonce;
}
int sm_sign(uint8_t *in, size_t in_len, uint8_t *out) {
return mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), sm_kmac, 128, in, in_len, out);
}
int sm_unwrap() {
uint8_t sm_indicator = (CLA(apdu) >> 2) & 0x3;
if (sm_indicator == 0)
return CCID_OK;
int r = sm_verify();
if (r != CCID_OK)
return r;
int le = sm_get_le();
if (le >= 0)
apdu.ne = le;
uint8_t *body = NULL;
size_t body_size = 0;
bool is87 = false;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x87 || tag == 0x85) {
body = tag_data;
body_size = tag_len;
if (tag == 0x87) {
is87 = true;
body_size--;
}
}
}
if (!body)
return CCID_WRONG_DATA;
if (is87 && *body++ != 0x1) {
return CCID_WRONG_PADDING;
}
sm_update_iv();
aes_decrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, body, body_size);
memmove(apdu.data, body, body_size);
apdu.nc = sm_remove_padding(apdu.data, body_size);
DEBUG_PAYLOAD(apdu.data, (int)apdu.nc);
return CCID_OK;
}
int sm_wrap() {
uint8_t sm_indicator = (CLA(apdu) >> 2) & 0x3;
if (sm_indicator == 0)
return CCID_OK;
uint8_t input[1024];
size_t input_len = 0;
memset(input, 0, sizeof(input));
mbedtls_mpi ssc;
mbedtls_mpi_init(&ssc);
mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1);
mbedtls_mpi_copy(&sm_mSSC, &ssc);
int r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize);
if (r != 0)
return CCID_EXEC_ERROR;
input_len += sm_blocksize;
mbedtls_mpi_free(&ssc);
if (res_APDU_size > 0) {
res_APDU[res_APDU_size++] = 0x80;
memset(res_APDU+res_APDU_size, 0, (sm_blocksize - (res_APDU_size%sm_blocksize)));
res_APDU_size += (sm_blocksize - (res_APDU_size%sm_blocksize));
DEBUG_PAYLOAD(res_APDU, res_APDU_size);
sm_update_iv();
aes_encrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, res_APDU, res_APDU_size);
memmove(res_APDU+1, res_APDU, res_APDU_size);
res_APDU[0] = 0x1;
res_APDU_size++;
if (res_APDU_size < 128) {
memmove(res_APDU+2, res_APDU, res_APDU_size);
res_APDU[1] = res_APDU_size;
res_APDU_size += 2;
}
else if (res_APDU_size < 256) {
memmove(res_APDU+3, res_APDU, res_APDU_size);
res_APDU[1] = 0x81;
res_APDU[2] = res_APDU_size;
res_APDU_size += 3;
}
else {
memmove(res_APDU+4, res_APDU, res_APDU_size);
res_APDU[1] = 0x82;
res_APDU[2] = res_APDU_size >> 8;
res_APDU[3] = res_APDU_size & 0xff;
res_APDU_size += 4;
}
res_APDU[0] = 0x87;
}
res_APDU[res_APDU_size++] = 0x99;
res_APDU[res_APDU_size++] = 2;
res_APDU[res_APDU_size++] = apdu.sw >> 8;
res_APDU[res_APDU_size++] = apdu.sw & 0xff;
memcpy(input+input_len, res_APDU, res_APDU_size);
input_len += res_APDU_size;
input[input_len++] = 0x80;
input_len += (sm_blocksize - (input_len%sm_blocksize));
r = sm_sign(input, input_len, res_APDU+res_APDU_size+2);
res_APDU[res_APDU_size++] = 0x8E;
res_APDU[res_APDU_size++] = 8;
res_APDU_size += 8;
if (apdu.ne > 0)
apdu.ne = res_APDU_size;
return CCID_OK;
}
int sm_get_le() {
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x97) {
uint32_t le = 0;
for (int t = 1; t <= tag_len; t++)
le |= (*tag_data++) << (tag_len-t);
return le;
}
}
return -1;
}
void sm_update_iv() {
uint8_t tmp_iv[16], sc_counter[16];
memset(tmp_iv, 0, sizeof(tmp_iv)); //IV is always 0 for encryption of IV based on counter
mbedtls_mpi_write_binary(&sm_mSSC, sc_counter, sizeof(sc_counter));
aes_encrypt(sm_kenc, tmp_iv, 128, HSM_AES_MODE_CBC, sc_counter, sizeof(sc_counter));
memcpy(sm_iv, sc_counter, sizeof(sc_counter));
}
int sm_verify() {
uint8_t input[1024];
memset(input, 0, sizeof(input));
int input_len = 0, r = 0;
bool add_header = (CLA(apdu) & 0xC) == 0xC;
int data_len = (int)(apdu.nc/sm_blocksize)*sm_blocksize;
if (data_len % sm_blocksize)
data_len += sm_blocksize;
if (data_len+(add_header ? sm_blocksize : 0) > 1024)
return CCID_WRONG_LENGTH;
mbedtls_mpi ssc;
mbedtls_mpi_init(&ssc);
mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1);
mbedtls_mpi_copy(&sm_mSSC, &ssc);
r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize);
input_len += sm_blocksize;
mbedtls_mpi_free(&ssc);
if (r != 0)
return CCID_EXEC_ERROR;
if (add_header) {
input[input_len++] = CLA(apdu);
input[input_len++] = INS(apdu);
input[input_len++] = P1(apdu);
input[input_len++] = P2(apdu);
input[input_len++] = 0x80;
input_len += sm_blocksize-5;
}
bool some_added = false;
const uint8_t *mac = NULL;
size_t mac_len = 0;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag & 0x1) {
input[input_len++] = tag;
int tlen = format_tlv_len(tag_len, input+input_len);
input_len += tlen;
memcpy(input+input_len, tag_data, tag_len);
input_len += tag_len;
some_added = true;
}
if (tag == 0x8E) {
mac = tag_data;
mac_len = tag_len;
}
}
if (!mac)
return CCID_WRONG_DATA;
if (some_added) {
input[input_len++] = 0x80;
input_len += (sm_blocksize - (input_len%sm_blocksize));
}
uint8_t signature[16];
r = sm_sign(input, input_len, signature);
if (r != 0)
return CCID_EXEC_ERROR;
if (memcmp(signature, mac, mac_len) == 0)
return CCID_OK;
return CCID_VERIFICATION_FAILED;
}
int sm_remove_padding(const uint8_t *data, size_t data_len) {
int i = data_len-1;
for (; i >= 0 && data[i] == 0; i--);
if (i < 0 || data[i] != 0x80)
return -1;
return i;
}

46
src/eac.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _EAC_H_
#define _EAC_H_
#include <stdlib.h>
#include "pico/stdlib.h"
#include "hsm.h"
typedef enum MSE_protocol {
MSE_AES = 0,
MSE_3DES,
MSE_NONE
}MSE_protocol;
extern void sm_derive_all_keys(const uint8_t *input, size_t input_len);
extern void sm_set_protocol(MSE_protocol proto);
extern MSE_protocol sm_get_protocol();
extern uint8_t *sm_get_nonce();
extern int sm_sign(uint8_t *in, size_t in_len, uint8_t *out);
int sm_verify();
void sm_update_iv();
int sm_get_le();
extern int sm_unwrap();
int sm_remove_padding(const uint8_t *data, size_t data_len);
extern int sm_wrap();
extern bool is_secured_apdu();
extern uint8_t sm_session_pin[16];
extern size_t sm_session_pin_len;
#endif

236
src/fs/file.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -16,13 +16,18 @@
*/
#include "file.h"
#include "tusb.h"
#include "ccid2040.h"
#include "hsm.h"
#include <string.h>
#include <stdio.h>
#include "asn1.h"
#include "apdu.h"
extern const uintptr_t end_data_pool;
extern const uintptr_t start_data_pool;
extern const uintptr_t end_rom_pool;
extern const uintptr_t start_rom_pool;
extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len);
extern int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset);
extern int flash_program_halfword (uintptr_t addr, uint16_t data);
extern int flash_program_word (uintptr_t addr, uint32_t data);
extern int flash_program_uintptr (uintptr_t addr, uintptr_t data);
@@ -34,12 +39,15 @@ extern uint8_t *flash_read(uintptr_t addr);
extern void low_flash_available();
//puts FCI in the RAPDU
void process_fci(const file_t *pe) {
uint8_t *p = res_APDU;
uint8_t buf[64];
void process_fci(const file_t *pe, int fmd) {
res_APDU_size = 0;
if (fmd) {
res_APDU[res_APDU_size++] = 0x6f;
res_APDU[res_APDU_size++] = 0x00; //computed later
}
res_APDU[res_APDU_size++] = 0x62;
res_APDU[res_APDU_size++] = 0x00; //computed later
res_APDU[res_APDU_size++] = 0x81;
res_APDU[res_APDU_size++] = 2;
@@ -73,10 +81,29 @@ void process_fci(const file_t *pe) {
res_APDU[res_APDU_size++] = 2;
put_uint16_t(pe->fid, res_APDU+res_APDU_size);
res_APDU_size += 2;
if (pe->name) {
res_APDU[res_APDU_size++] = 0x84;
res_APDU[res_APDU_size++] = MIN(pe->name[0],16);
memcpy(res_APDU+res_APDU_size, pe->name+2, MIN(pe->name[0],16));
res_APDU_size += MIN(pe->name[0],16);
}
memcpy(res_APDU+res_APDU_size, "\x8A\x01\x05", 3); //life-cycle (5 -> activated)
res_APDU_size += 3;
uint8_t *meta_data = NULL;
uint8_t meta_size = meta_find(pe->fid, &meta_data);
if (meta_size > 0 && meta_data != NULL) {
res_APDU[res_APDU_size++] = 0xA5;
res_APDU[res_APDU_size++] = 0x81;
res_APDU[res_APDU_size++] = meta_size;
memcpy(res_APDU+res_APDU_size,meta_data,meta_size);
res_APDU_size += meta_size;
}
res_APDU[1] = res_APDU_size-2;
if (fmd)
res_APDU[3] = res_APDU_size-4;
}
#define MAX_DYNAMIC_FILES 64
#define MAX_DYNAMIC_FILES 128
uint16_t dynamic_files = 0;
file_t dynamic_file[MAX_DYNAMIC_FILES];
@@ -96,7 +123,7 @@ file_t *get_parent(file_t *f) {
file_t *search_by_name(uint8_t *name, uint16_t namelen) {
for (file_t *p = file_entries; p != file_last; p++) {
if (p->name && *p->name == apdu.cmd_apdu_data_len && memcmp(p->name+1, name, namelen) == 0) {
if (p->name && *p->name == apdu.nc && memcmp(p->name+1, name, namelen) == 0) {
return p;
}
}
@@ -160,9 +187,9 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
return true;
else if (acl == 0xff)
return false;
else if (acl == 0x90 || acl & 0x9F == 0x10) {
else if (acl == 0x90 || (acl & 0x9F) == 0x10) {
// PIN required.
if(isUserAuthenticated) {
if (isUserAuthenticated) {
return true;
}
else {
@@ -172,15 +199,6 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
return false;
}
void initialize_chain(file_chain_t **chain) {
file_chain_t *next;
for (file_chain_t *f = *chain; f; f = next) {
next = f->next;
free(f);
}
*chain = NULL;
}
void initialize_flash(bool hard) {
if (hard) {
const uint8_t empty[8] = { 0 };
@@ -194,26 +212,22 @@ void initialize_flash(bool hard) {
dynamic_files = 0;
}
void scan_flash() {
initialize_flash(false); //soft initialization
if (*(uintptr_t *)end_data_pool == 0xffffffff && *(uintptr_t *)(end_data_pool+sizeof(uintptr_t)) == 0xffffffff)
{
printf("First initialization (or corrupted!)\r\n");
const uint8_t empty[8] = { 0 };
flash_program_block(end_data_pool, empty, sizeof(empty));
//low_flash_available();
//wait_flash_finish();
void scan_region(bool persistent) {
uintptr_t endp = end_data_pool, startp = start_data_pool;
if (persistent) {
endp = end_rom_pool;
startp = start_rom_pool;
}
printf("SCAN\r\n");
uintptr_t base = flash_read_uintptr(end_data_pool);
for (uintptr_t base = flash_read_uintptr(end_data_pool); base >= start_data_pool; base = flash_read_uintptr(base)) {
for (uintptr_t base = flash_read_uintptr(endp); base >= startp; base = flash_read_uintptr(base)) {
if (base == 0x0) //all is empty
break;
uint16_t fid = flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t));
printf("[%x] scan fid %x, len %d\r\n",base,fid,flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t)));
file_t *file = (file_t *)search_by_fid(fid, NULL, SPECIFY_EF);
if (!file) {
file = file_new(fid);
}
if (file)
file->data = (uint8_t *)(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t));
if (flash_read_uintptr(base) == 0x0) {
@@ -221,6 +235,23 @@ void scan_flash() {
}
}
}
void wait_flash_finish();
void scan_flash() {
initialize_flash(false); //soft initialization
if (*(uintptr_t *)flash_read(end_rom_pool) == 0xffffffff && *(uintptr_t *)flash_read(end_rom_pool+sizeof(uintptr_t)) == 0xffffffff)
{
printf("First initialization (or corrupted!)\r\n");
uint8_t empty[sizeof(uintptr_t)*2+sizeof(uint32_t)];
memset(empty, 0, sizeof(empty));
flash_program_block(end_data_pool, empty, sizeof(empty));
flash_program_block(end_rom_pool, empty, sizeof(empty));
//low_flash_available();
//wait_flash_finish();
}
printf("SCAN\r\n");
scan_region(true);
scan_region(false);
}
uint8_t *file_read(const uint8_t *addr) {
return flash_read((uintptr_t)addr);
@@ -232,6 +263,18 @@ uint8_t file_read_uint8(const uint8_t *addr) {
return flash_read_uint8((uintptr_t)addr);
}
uint8_t *file_get_data(const file_t *tf) {
if (!tf || !tf->data)
return NULL;
return file_read(tf->data+sizeof(uint16_t));
}
uint16_t file_get_size(const file_t *tf) {
if (!tf || !tf->data)
return 0;
return file_read_uint16(tf->data);
}
file_t *search_dynamic_file(uint16_t fid) {
for (int i = 0; i < dynamic_files; i++) {
if (dynamic_file[i].fid == fid)
@@ -254,7 +297,7 @@ int delete_dynamic_file(file_t *f) {
file_t *file_new(uint16_t fid) {
file_t *f;
if ((f = search_dynamic_file(fid)))
if ((f = search_dynamic_file(fid)) || (f = search_by_fid(fid, NULL, SPECIFY_EF)))
return f;
if (dynamic_files == MAX_DYNAMIC_FILES)
return NULL;
@@ -273,22 +316,117 @@ file_t *file_new(uint16_t fid) {
//memset((uint8_t *)f->acl, 0x90, sizeof(f->acl));
return f;
}
file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain) {
if (search_file_chain(file->fid, *chain))
return NULL;
file_chain_t *fc = (file_chain_t *)malloc(sizeof(file_chain_t));
fc->file = file;
fc->next = *chain;
*chain = fc;
return fc;
}
file_t *search_file_chain(uint16_t fid, file_chain_t *chain) {
for (file_chain_t *fc = chain; fc; fc = fc->next) {
if (fid == fc->file->fid) {
return fc->file;
int meta_find(uint16_t fid, uint8_t **out) {
file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (!ef)
return CCID_ERR_FILE_NOT_FOUND;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
size_t tag_len = 0, data_len = file_get_size(ef);
while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
if (tag_len < 2)
continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
if (cfid == fid) {
if (out)
*out = tag_data+2;
return tag_len-2;
}
}
return NULL;
return 0;
}
int meta_delete(uint16_t fid) {
file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (!ef)
return CCID_ERR_FILE_NOT_FOUND;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
size_t tag_len = 0, data_len = file_get_size(ef);
uint8_t *fdata = NULL;
while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
uint8_t *tpos = p-tag_len-format_tlv_len(tag_len, NULL)-1;
if (tag_len < 2)
continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
if (cfid == fid) {
size_t new_len = data_len-1-tag_len-format_tlv_len(tag_len, NULL);
fdata = (uint8_t *)calloc(1, new_len);
if (tpos > data) {
memcpy(fdata, data, tpos-data);
}
if (data+data_len > p) {
memcpy(fdata+(tpos-data), p, data+data_len-p);
}
int r = flash_write_data_to_file(ef, fdata, new_len);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
low_flash_available();
break;
}
}
return CCID_OK;
}
int meta_add(uint16_t fid, const uint8_t *data, uint16_t len) {
int r;
file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (!ef)
return CCID_ERR_FILE_NOT_FOUND;
uint16_t ef_size = file_get_size(ef);
uint8_t *fdata = (uint8_t *)calloc(1, ef_size);
memcpy(fdata, file_get_data(ef), ef_size);
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(fdata, ef_size, &p, &tag, &tag_len, &tag_data)) {
if (tag_len < 2)
continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
if (cfid == fid) {
if (tag_len-2 == len) { //an update
memcpy(p-tag_len+2, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}
else { //needs reallocation
uint8_t *tpos = p-asn1_len_tag(tag, tag_len);
memmove(tpos, p, fdata+ef_size-p);
tpos += fdata+ef_size-p;
uintptr_t meta_offset = tpos-fdata;
ef_size += len - (tag_len-2);
if (len > tag_len-2)
fdata = (uint8_t *)realloc(fdata, ef_size);
uint8_t *f = fdata+meta_offset;
*f++ = fid & 0xff;
f += format_tlv_len(len+2, f);
*f++ = fid >> 8;
*f++ = fid & 0xff;
memcpy(f, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}
}
}
fdata = (uint8_t *)realloc(fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
uint8_t *f = fdata+ef_size;
*f++ = fid & 0x1f;
f += format_tlv_len(len+2, f);
*f++ = fid >> 8;
*f++ = fid & 0xff;
memcpy(f, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}
bool file_has_data(file_t *f) {
return (f != NULL && f->data != NULL && file_get_size(f) > 0);
}

21
src/fs/file.h
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -53,14 +53,13 @@
#define SPECIFY_DF 0x2
#define SPECIFY_ANY 0x3
#define EF_DKEK 0x108F
#define EF_PRKDFS 0x6040
#define EF_PUKDFS 0x6041
#define EF_CDFS 0x6042
#define EF_AODFS 0x6043
#define EF_DODFS 0x6044
#define EF_SKDFS 0x6045
#define EF_DEVOPS 0x100E
#define EF_META 0xE010
#define MAX_DEPTH 4
@@ -75,11 +74,7 @@ typedef struct file
const uint8_t acl[7];
} __attribute__((packed)) file_t;
typedef struct file_chain
{
file_t *file;
struct file_chain *next;
} file_chain_t;
extern bool file_has_data(file_t *);
extern file_t *currentEF;
extern file_t *currentDF;
@@ -99,7 +94,7 @@ extern file_t *search_by_fid(const uint16_t fid, const file_t *parent, const uin
extern file_t *search_by_name(uint8_t *name, uint16_t namelen);
extern file_t *search_by_path(const uint8_t *pe_path, uint8_t pathlen, const file_t *parent);
extern bool authenticate_action(const file_t *ef, uint8_t op);
extern void process_fci(const file_t *pe);
extern void process_fci(const file_t *pe, int fmd);
extern void scan_flash();
extern void initialize_flash(bool);
@@ -108,6 +103,8 @@ extern file_t file_entries[];
extern uint8_t *file_read(const uint8_t *addr);
extern uint16_t file_read_uint16(const uint8_t *addr);
extern uint8_t file_read_uint8(const uint8_t *addr);
extern uint8_t *file_get_data(const file_t *tf);
extern uint16_t file_get_size(const file_t *tf);
extern file_t *file_new(uint16_t);
file_t *get_parent(file_t *f);
@@ -116,9 +113,11 @@ extern file_t dynamic_file[];
extern file_t *search_dynamic_file(uint16_t);
extern int delete_dynamic_file(file_t *f);
extern file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain);
extern file_t *search_file_chain(uint16_t fid, file_chain_t *chain);
extern bool isUserAuthenticated;
extern int meta_find(uint16_t, uint8_t **out);
extern int meta_delete(uint16_t fid);
extern int meta_add(uint16_t fid, const uint8_t *data, uint16_t len);
#endif

52
src/fs/flash.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -21,8 +21,7 @@
#include "pico/stdlib.h"
#include "hardware/flash.h"
#include "ccid2040.h"
#include "tusb.h"
#include "hsm.h"
#include "file.h"
/*
@@ -39,8 +38,9 @@
//To avoid possible future allocations, data region starts at the end of flash and goes upwards to the center region
const uintptr_t start_data_pool = (XIP_BASE + FLASH_TARGET_OFFSET);
const uintptr_t end_data_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION; //This is a fixed value. DO NOT CHANGE
#define FLASH_ADDR_DATA_STORAGE_START start_data_pool
const uintptr_t end_data_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION-FLASH_DATA_HEADER_SIZE-4; //This is a fixed value. DO NOT CHANGE
const uintptr_t end_rom_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-4; //This is a fixed value. DO NOT CHANGE
const uintptr_t start_rom_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION; //This is a fixed value. DO NOT CHANGE
extern int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len);
extern int flash_program_halfword (uintptr_t addr, uint16_t data);
@@ -50,12 +50,16 @@ extern uint16_t flash_read_uint16(uintptr_t addr);
extern void low_flash_available();
uintptr_t allocate_free_addr(uint16_t size) {
uintptr_t allocate_free_addr(uint16_t size, bool persistent) {
if (size > FLASH_SECTOR_SIZE)
return 0x0; //ERROR
size_t real_size = size+sizeof(uint16_t)+sizeof(uintptr_t)+sizeof(uint16_t)+sizeof(uintptr_t); //len+len size+next address+fid+prev_addr size
uintptr_t next_base = 0x0;
for (uintptr_t base = end_data_pool; base >= start_data_pool; base = next_base) {
uintptr_t next_base = 0x0, endp = end_data_pool, startp = start_data_pool;
if (persistent) {
endp = end_rom_pool;
startp = start_rom_pool;
}
for (uintptr_t base = endp; base >= startp; base = next_base) {
uintptr_t addr_alg = base & -FLASH_SECTOR_SIZE; //start address of sector
uintptr_t potential_addr = base-real_size;
next_base = flash_read_uintptr(base);
@@ -70,7 +74,7 @@ uintptr_t allocate_free_addr(uint16_t size) {
flash_program_uintptr(base, potential_addr);
return potential_addr;
}
else if (addr_alg-FLASH_SECTOR_SIZE >= start_data_pool) { //check whether it fits in the next sector, so we take addr_aligned as the base
else if (addr_alg-FLASH_SECTOR_SIZE >= startp) { //check whether it fits in the next sector, so we take addr_aligned as the base
potential_addr = addr_alg-real_size;
flash_program_uintptr(potential_addr, 0x0);
flash_program_uintptr(potential_addr+sizeof(uintptr_t), base);
@@ -80,7 +84,7 @@ uintptr_t allocate_free_addr(uint16_t size) {
return 0x0;
}
//we check if |base-(next_addr+size_next_addr)| > |base-potential_addr| only if fid != 1xxx (not size blocked)
else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000 != 0x1000) {
else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && (flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000) != 0x1000) {
flash_program_uintptr(potential_addr, next_base);
flash_program_uintptr(potential_addr+sizeof(uintptr_t), base);
flash_program_uintptr(base, potential_addr);
@@ -103,24 +107,33 @@ int flash_clear_file(file_t *file) {
return CCID_OK;
}
int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset) {
if (!file)
return CCID_ERR_NULL_PARAM;
if (len > FLASH_SECTOR_SIZE)
uint16_t size_file_flash = file->data ? flash_read_uint16((uintptr_t)file->data) : 0;
uint8_t *old_data = NULL;
if (offset+len > FLASH_SECTOR_SIZE || offset > size_file_flash)
return CCID_ERR_NO_MEMORY;
if (file->data) { //already in flash
uint16_t size_file_flash = flash_read_uint16((uintptr_t)file->data);
if (len <= size_file_flash) { //it fits, no need to move it
flash_program_halfword((uintptr_t)file->data, len);
if (offset+len <= size_file_flash) { //it fits, no need to move it
flash_program_halfword((uintptr_t)file->data, offset+len);
if (data)
flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len);
flash_program_block((uintptr_t)file->data+sizeof(uint16_t)+offset, data, len);
return CCID_OK;
}
else { //we clear the old file
flash_clear_file(file);
if (offset > 0) {
old_data = (uint8_t *)calloc(1, offset+len);
memcpy(old_data, file->data+sizeof(uint16_t), offset);
memcpy(old_data+offset, data, len);
len = offset+len;
data = old_data;
}
}
uintptr_t new_addr = allocate_free_addr(len);
}
uintptr_t new_addr = allocate_free_addr(len, (file->type & FILE_PERSISTENT) == FILE_PERSISTENT);
//printf("na %x\r\n",new_addr);
if (new_addr == 0x0)
return CCID_ERR_NO_MEMORY;
@@ -129,5 +142,10 @@ int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
flash_program_halfword((uintptr_t)file->data, len);
if (data)
flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len);
if (old_data)
free(old_data);
return CCID_OK;
}
int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
return flash_write_data_to_file_offset(file, data, len, 0);
}

16
src/fs/low_flash.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -26,7 +26,7 @@
#include "pico/mutex.h"
#include "pico/sem.h"
#include "pico/multicore.h"
#include "ccid2040.h"
#include "hsm.h"
#include <string.h>
#define TOTAL_FLASH_PAGES 4
@@ -82,7 +82,7 @@ void do_flash()
}
flash_available = false;
if (ready_pages != 0) {
DEBUG_INFO("ERROR: DO FLASH DOES NOT HAVE ZERO PAGES");
printf("ERROR: DO FLASH DOES NOT HAVE ZERO PAGES\n");
}
}
mutex_exit(&mtx_flash);
@@ -138,7 +138,6 @@ page_flash_t *find_free_page(uintptr_t addr) {
}
int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len) {
uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
page_flash_t *p = NULL;
if (!data || len == 0)
@@ -147,13 +146,13 @@ int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len) {
mutex_enter_blocking(&mtx_flash);
if (ready_pages == TOTAL_FLASH_PAGES) {
mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: ALL FLASH PAGES CACHED\r\n");
printf("ERROR: ALL FLASH PAGES CACHED\r\n");
return CCID_ERR_NO_MEMORY;
}
if (!(p = find_free_page(addr)))
{
mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
printf("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
return CCID_ERR_MEMORY_FATAL;
}
memcpy(&p->page[addr&(FLASH_SECTOR_SIZE-1)], data, len);
@@ -213,17 +212,16 @@ uint8_t flash_read_uint8(uintptr_t addr) {
}
int flash_erase_page (uintptr_t addr, size_t page_size) {
uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
page_flash_t *p = NULL;
mutex_enter_blocking(&mtx_flash);
if (ready_pages == TOTAL_FLASH_PAGES) {
mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: ALL FLASH PAGES CACHED\r\n");
printf("ERROR: ALL FLASH PAGES CACHED\r\n");
return CCID_ERR_NO_MEMORY;
}
if (!(p = find_free_page(addr))) {
DEBUG_INFO("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
printf("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
mutex_exit(&mtx_flash);
return CCID_ERR_MEMORY_FATAL;
}

138
src/ccid/ccid2040.h → src/hsm.h
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -15,109 +15,23 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CCID2040_H_
#define _CCID2040_H_
#ifndef _HSM_H_
#define _HSM_H_
#include "ccid.h"
#include "tusb.h"
#include "file.h"
#include "pico/unique_id.h"
#include "pico/util/queue.h"
#include <string.h>
#define USB_REQ_CCID 0xA1
typedef struct app {
const uint8_t *aid;
int (*process_apdu)();
struct app* (*select_aid)();
int (*unload)();
} app_t;
extern int driver_init();
extern void driver_task();
extern bool wait_button();
extern int register_app(app_t * (*)());
extern const uint8_t historical_bytes[];
#define DEBUG_PAYLOAD(p,s) { \
printf("Payload %s (%d bytes):\r\n", #p,s);\
for (int i = 0; i < s; i += 16) {\
printf("%07Xh : ",i+p);\
for (int j = 0; j < 16; j++) {\
if (j < s-i) printf("%02X ",(p)[i+j]);\
else printf(" ");\
if (j == 7) printf(" ");\
} printf(": "); \
for (int j = 0; j < MIN(16,s-i); j++) {\
printf("%c",(p)[i+j] == 0x0a || (p)[i+j] == 0x0d ? '\\' : (p)[i+j]);\
if (j == 7) printf(" ");\
}\
printf("\r\n");\
} printf("\r\n"); \
}
struct apdu {
uint8_t seq;
/* command APDU */
uint8_t *cmd_apdu_head; /* CLS INS P1 P2 [ internal Lc ] */
uint8_t *cmd_apdu_data;
size_t cmd_apdu_data_len; /* Nc, calculated by Lc field */
size_t expected_res_size; /* Ne, calculated by Le field */
/* response APDU */
uint16_t sw;
uint16_t res_apdu_data_len;
uint8_t *res_apdu_data;
};
#define MAX_CMD_APDU_DATA_SIZE (24+4+512*4)
#define MAX_RES_APDU_DATA_SIZE (5+9+512*4)
#define CCID_MSG_HEADER_SIZE 10
#define USB_LL_BUF_SIZE 64
/* CCID thread */
#define EV_CARD_CHANGE 1
#define EV_TX_FINISHED 2 /* CCID Tx finished */
#define EV_EXEC_ACK_REQUIRED 4 /* OpenPGPcard Execution ACK required */
#define EV_EXEC_FINISHED 8 /* OpenPGPcard Execution finished */
#define EV_RX_DATA_READY 16 /* USB Rx data available */
#define EV_PRESS_BUTTON 32
/* SC HSM thread */
#define EV_MODIFY_CMD_AVAILABLE 1
#define EV_VERIFY_CMD_AVAILABLE 2
#define EV_CMD_AVAILABLE 4
#define EV_EXIT 8
#define EV_BUTTON_PRESSED 16
//Variables set by core1
extern queue_t *ccid_comm;
extern queue_t *card_comm;
enum ccid_state {
CCID_STATE_NOCARD, /* No card available */
CCID_STATE_START, /* Initial */
CCID_STATE_WAIT, /* Waiting APDU */
CCID_STATE_EXECUTE, /* Executing command */
CCID_STATE_ACK_REQUIRED_0, /* Ack required (executing)*/
CCID_STATE_ACK_REQUIRED_1, /* Waiting user's ACK (execution finished) */
CCID_STATE_EXITED, /* CCID Thread Terminated */
CCID_STATE_EXEC_REQUESTED, /* Exec requested */
};
#define CLA(a) a.cmd_apdu_head[0]
#define INS(a) a.cmd_apdu_head[1]
#define P1(a) a.cmd_apdu_head[2]
#define P2(a) a.cmd_apdu_head[3]
#define res_APDU apdu.res_apdu_data
#define res_APDU_size apdu.res_apdu_data_len
extern struct apdu apdu;
uint16_t set_res_sw (uint8_t sw1, uint8_t sw2);
extern void low_flash_init_core1();
extern int driver_write(const uint8_t *, size_t);
extern size_t driver_read(uint8_t *, size_t);
extern size_t usb_rx(const uint8_t *buffer, size_t len);
static inline const uint16_t make_uint16_t(uint8_t b1, uint8_t b2) {
return (b1 << 8) | b2;
@@ -130,34 +44,6 @@ static inline const void put_uint16_t(uint16_t n, uint8_t *b) {
*b = n & 0xff;
}
#ifdef DEBUG
void stdout_init (void);
#define DEBUG_MORE 1
/*
* Debug functions in debug.c
*/
void put_byte (uint8_t b);
void put_byte_with_no_nl (uint8_t b);
void put_short (uint16_t x);
void put_word (uint32_t x);
void put_int (uint32_t x);
void put_string (const char *s);
void put_binary (const char *s, int len);
#define DEBUG_INFO(msg) put_string (msg)
#define DEBUG_WORD(w) put_word (w)
#define DEBUG_SHORT(h) put_short (h)
#define DEBUG_BYTE(b) put_byte (b)
#define DEBUG_BINARY(s,len) put_binary ((const char *)s,len)
#else
#define DEBUG_INFO(msg)
#define DEBUG_WORD(w)
#define DEBUG_SHORT(h)
#define DEBUG_BYTE(b)
#define DEBUG_BINARY(s,len)
#endif
extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len);
extern void low_flash_available();
extern int flash_clear_file(file_t *file);
@@ -175,6 +61,8 @@ enum {
};
extern void led_set_blink(uint32_t mode);
extern bool is_req_button_pending();
extern uint32_t button_timeout;
#define SW_BYTES_REMAINING_00() set_res_sw (0x61, 0x00)
#define SW_WARNING_STATE_UNCHANGED() set_res_sw (0x62, 0x00)

8
src/ccid/version.h → src/hsm_version.h
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -18,10 +18,10 @@
#ifndef __VERSION_H_
#define __VERSION_H_
#define HSM_VERSION 0x010C
#define HSM_SDK_VERSION 0x0304
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)
#define HSM_SDK_VERSION_MAJOR ((HSM_SDK_VERSION >> 8) & 0xff)
#define HSM_SDK_VERSION_MINOR (HSM_SDK_VERSION & 0xff)
#endif

210
src/main.c Normal file
View File

@@ -0,0 +1,210 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
// For memcpy
#include <string.h>
// Include descriptor struct definitions
//#include "usb_common.h"
// USB register definitions from pico-sdk
#include "hardware/regs/usb.h"
// USB hardware struct definitions from pico-sdk
#include "hardware/structs/usb.h"
// For interrupt enable and numbers
#include "hardware/irq.h"
// For resetting the USB controller
#include "hardware/resets.h"
#include "pico/multicore.h"
#include "random.h"
#include "hsm.h"
#include "apdu.h"
#include "usb.h"
#include "hardware/rtc.h"
#include "bsp/board.h"
extern void do_flash();
extern void low_flash_init();
app_t apps[4];
uint8_t num_apps = 0;
app_t *current_app = NULL;
int register_app(app_t * (*select_aid)()) {
if (num_apps < sizeof(apps)/sizeof(app_t)) {
apps[num_apps].select_aid = select_aid;
num_apps++;
return 1;
}
return 0;
}
static uint32_t blink_interval_ms = BLINK_NOT_MOUNTED;
void led_set_blink(uint32_t mode) {
blink_interval_ms = mode;
}
void execute_tasks();
static bool req_button_pending = false;
bool is_req_button_pending() {
return req_button_pending;
}
uint32_t button_timeout = 15000;
bool cancel_button = false;
bool wait_button() {
uint32_t start_button = board_millis();
bool timeout = false;
cancel_button = false;
led_set_blink((1000 << 16) | 100);
req_button_pending = true;
while (board_button_read() == false && cancel_button == false) {
execute_tasks();
//sleep_ms(10);
if (start_button + button_timeout < board_millis()) { /* timeout */
timeout = true;
break;
}
}
if (!timeout) {
while (board_button_read() == true && cancel_button == false) {
execute_tasks();
//sleep_ms(10);
if (start_button + 15000 < board_millis()) { /* timeout */
timeout = true;
break;
}
}
}
led_set_blink(BLINK_PROCESSING);
req_button_pending = false;
return timeout || cancel_button;
}
struct apdu apdu;
void led_blinking_task() {
#ifdef PICO_DEFAULT_LED_PIN
static uint32_t start_ms = 0;
static uint8_t led_state = false;
static uint8_t led_color = PICO_DEFAULT_LED_PIN;
#ifdef PICO_DEFAULT_LED_PIN_INVERTED
uint32_t interval = !led_state ? blink_interval_ms & 0xffff : blink_interval_ms >> 16;
#else
uint32_t interval = led_state ? blink_interval_ms & 0xffff : blink_interval_ms >> 16;
#endif
// Blink every interval ms
if (board_millis() - start_ms < interval)
return; // not enough time
start_ms += interval;
gpio_put(led_color, led_state);
led_state ^= 1; // toggle
#endif
}
void led_off_all() {
#ifdef PIMORONI_TINY2040
gpio_put(TINY2040_LED_R_PIN, 1);
gpio_put(TINY2040_LED_G_PIN, 1);
gpio_put(TINY2040_LED_B_PIN, 1);
#else
#ifdef PICO_DEFAULT_LED_PIN
gpio_put(PICO_DEFAULT_LED_PIN, 0);
#endif
#endif
}
void init_rtc() {
rtc_init();
datetime_t dt = {
.year = 2020,
.month = 1,
.day = 1,
.dotw = 3, // 0 is Sunday, so 5 is Friday
.hour = 00,
.min = 00,
.sec = 00
};
rtc_set_datetime(&dt);
}
extern void neug_task();
pico_unique_board_id_t unique_id;
void execute_tasks() {
usb_task();
tud_task(); // tinyusb device task
led_blinking_task();
}
int main(void) {
usb_init();
board_init();
stdio_init_all();
#ifdef PIMORONI_TINY2040
gpio_init(TINY2040_LED_R_PIN);
gpio_set_dir(TINY2040_LED_R_PIN, GPIO_OUT);
gpio_init(TINY2040_LED_G_PIN);
gpio_set_dir(TINY2040_LED_G_PIN, GPIO_OUT);
gpio_init(TINY2040_LED_B_PIN);
gpio_set_dir(TINY2040_LED_B_PIN, GPIO_OUT);
#else
#ifdef PICO_DEFAULT_LED_PIN
gpio_init(PICO_DEFAULT_LED_PIN);
gpio_set_dir(PICO_DEFAULT_LED_PIN, GPIO_OUT);
#endif
#endif
led_off_all();
tusb_init();
//prepare_ccid();
random_init();
low_flash_init();
init_rtc();
//ccid_prepare_receive(&ccid);
while (1) {
execute_tasks();
neug_task();
do_flash();
}
return 0;
}

33
src/rng/neug.c → src/rng/hwrng.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -15,21 +15,23 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//Part of the code is taken from GnuK (GPLv3)
#include <stdint.h>
#include <string.h>
#include <stdio.h>
#include "pico/stdlib.h"
#include "neug.h"
#include "hwrng.h"
#include "hardware/structs/rosc.h"
#include "hardware/gpio.h"
#include "hardware/adc.h"
#include "bsp/board.h"
#include "pico/unique_id.h"
#include "pico/time.h"
static inline uint32_t board_millis(void)
{
return to_ms_since_boot(get_absolute_time());
}
void adc_start() {
adc_init();
adc_gpio_init(27);
@@ -139,9 +141,7 @@ void *neug_task() {
void neug_init(uint32_t *buf, uint8_t size) {
pico_unique_board_id_t unique_id;
pico_get_unique_board_id(&unique_id);
const uint32_t *u = (const uint32_t *)unique_id.id;
struct rng_rb *rb = &the_ring_buffer;
int i;
rb_init(rb, buf, size);
@@ -157,7 +157,7 @@ void neug_flush(void) {
rb_del (rb);
}
uint32_t neug_get(int kick) {
uint32_t neug_get() {
struct rng_rb *rb = &the_ring_buffer;
uint32_t v;
@@ -176,7 +176,18 @@ void neug_wait_full(void) { //should be called only on core1
}
}
void neug_fini(void) {
neug_get(1);
void neug_wait_full_ext(bool blocking) {
struct rng_rb *rb = &the_ring_buffer;
while (!rb->full) {
if (blocking == true)
sleep_ms(1);
else
neug_task();
}
}
void neug_fini(void) {
neug_get();
}

6
src/rng/neug.h → src/rng/hwrng.h
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -20,10 +20,14 @@
#define NEUG_PRE_LOOP 32
#include <stdlib.h>
#include "pico/stdlib.h"
void neug_init(uint32_t *buf, uint8_t size);
uint32_t neug_get();
void neug_flush(void);
void neug_wait_full(void);
void neug_wait_full_ext(bool);
void neug_fini(void);
#endif

16
src/rng/random.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -19,7 +19,7 @@
#include <stdint.h>
#include <string.h>
#include "neug.h"
#include "hwrng.h"
#define RANDOM_BYTES_LENGTH 32
static uint32_t random_word[RANDOM_BYTES_LENGTH/sizeof (uint32_t)];
@@ -79,13 +79,13 @@ void random_get_salt(uint8_t *p) {
/*
* Random byte iterator
*/
int random_gen(void *arg, unsigned char *out, size_t out_len) {
int random_gen_ext(void *arg, unsigned char *out, size_t out_len, bool blocking) {
uint8_t *index_p = (uint8_t *)arg;
uint8_t index = index_p ? *index_p : 0;
size_t n;
while (out_len) {
neug_wait_full();
neug_wait_full_ext(blocking);
n = RANDOM_BYTES_LENGTH - index;
if (n > out_len)
@@ -107,3 +107,11 @@ int random_gen(void *arg, unsigned char *out, size_t out_len) {
return 0;
}
int random_gen(void *arg, unsigned char *out, size_t out_len) {
return random_gen_ext(arg, out, out_len, true);
}
int random_gen_core0(void *arg, unsigned char *out, size_t out_len) {
return random_gen_ext(arg, out, out_len, false);
}

5
src/rng/random.h
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -33,6 +33,7 @@ void random_bytes_free (const uint8_t *p);
void random_get_salt (uint8_t *p);
/* iterator returning a byta at a time */
int random_gen (void *arg, unsigned char *output, size_t output_len);
extern int random_gen (void *arg, unsigned char *output, size_t output_len);
extern int random_gen_core0(void *arg, unsigned char *out, size_t out_len);
#endif

73
src/usb/ccid.h
View File

@@ -1,73 +0,0 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CCID_H_
#define _CCID_H_
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
static const struct ccid_class_descriptor desc_ccid = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
#endif

349
src/usb/ccid/ccid.c Normal file
View File

@@ -0,0 +1,349 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
// For memcpy
#include <string.h>
// Include descriptor struct definitions
//#include "usb_common.h"
// USB register definitions from pico-sdk
#include "hardware/regs/usb.h"
// USB hardware struct definitions from pico-sdk
#include "hardware/structs/usb.h"
// For interrupt enable and numbers
#include "hardware/irq.h"
// For resetting the USB controller
#include "hardware/resets.h"
#include "random.h"
#include "hsm.h"
#include "hardware/rtc.h"
#include "tusb.h"
#include "ccid.h"
#include "device/usbd_pvt.h"
#include "usb_descriptors.h"
#include "apdu.h"
#include "usb.h"
const uint8_t *ccid_atr = NULL;
#if MAX_RES_APDU_DATA_SIZE > MAX_CMD_APDU_DATA_SIZE
#define USB_BUF_SIZE (MAX_RES_APDU_DATA_SIZE+20+9)
#else
#define USB_BUF_SIZE (MAX_CMD_APDU_DATA_SIZE+20+9)
#endif
#define CCID_SET_PARAMS 0x61 /* non-ICCD command */
#define CCID_POWER_ON 0x62
#define CCID_POWER_OFF 0x63
#define CCID_SLOT_STATUS 0x65 /* non-ICCD command */
#define CCID_SECURE 0x69 /* non-ICCD command */
#define CCID_GET_PARAMS 0x6C /* non-ICCD command */
#define CCID_RESET_PARAMS 0x6D /* non-ICCD command */
#define CCID_XFR_BLOCK 0x6F
#define CCID_DATA_BLOCK_RET 0x80
#define CCID_SLOT_STATUS_RET 0x81 /* non-ICCD result */
#define CCID_PARAMS_RET 0x82 /* non-ICCD result */
#define CCID_MSG_SEQ_OFFSET 6
#define CCID_MSG_STATUS_OFFSET 7
#define CCID_MSG_ERROR_OFFSET 8
#define CCID_MSG_CHAIN_OFFSET 9
#define CCID_MSG_DATA_OFFSET 10 /* == CCID_MSG_HEADER_SIZE */
#define CCID_MAX_MSG_DATA_SIZE USB_BUF_SIZE
#define CCID_STATUS_RUN 0x00
#define CCID_STATUS_PRESENT 0x01
#define CCID_STATUS_NOTPRESENT 0x02
#define CCID_CMD_STATUS_OK 0x00
#define CCID_CMD_STATUS_ERROR 0x40
#define CCID_CMD_STATUS_TIMEEXT 0x80
#define CCID_ERROR_XFR_OVERRUN 0xFC
/*
* Since command-byte is at offset 0,
* error with offset 0 means "command not supported".
*/
#define CCID_OFFSET_CMD_NOT_SUPPORTED 0
#define CCID_OFFSET_DATA_LEN 1
#define CCID_OFFSET_PARAM 8
#define CCID_THREAD_TERMINATED 0xffff
#define CCID_ACK_TIMEOUT 0x6600
struct ccid_header {
uint8_t bMessageType;
uint32_t dwLength;
uint8_t bSlot;
uint8_t bSeq;
uint8_t abRFU0;
uint16_t abRFU1;
uint8_t apdu; //Actually it is an array
} __packed;
uint8_t ccid_status = 1;
static uint8_t itf_num;
void ccid_write_offset(uint16_t size, uint16_t offset) {
if (*usb_get_tx()+offset != 0x81)
DEBUG_PAYLOAD(usb_get_tx()+offset,size+10);
usb_write_offset(size+10, offset);
}
void ccid_write(uint16_t size) {
ccid_write_offset(size, 0);
}
struct ccid_header *ccid_response;
struct ccid_header *ccid_header;
int driver_init() {
ccid_header = (struct ccid_header *)usb_get_rx();
apdu.header = &ccid_header->apdu;
ccid_response = (struct ccid_header *)usb_get_tx();
apdu.rdata = &ccid_response->apdu;
usb_set_timeout_counter(1500);
return CCID_OK;
}
void tud_vendor_rx_cb(uint8_t itf) {
(void) itf;
uint32_t len = tud_vendor_available();
usb_rx(NULL, len);
}
void tud_vendor_tx_cb(uint8_t itf, uint32_t sent_bytes) {
printf("written %ld\n",sent_bytes);
usb_write_flush();
}
int driver_write(const uint8_t *buffer, size_t buffer_size) {
return tud_vendor_write(buffer, buffer_size);
}
size_t driver_read(uint8_t *buffer, size_t buffer_size) {
return tud_vendor_read(buffer, buffer_size);
}
int driver_process_usb_packet(uint16_t rx_read) {
if (rx_read >= 10)
{
//printf("%d %d %x\r\n",tccid->dwLength,rx_read-10,tccid->bMessageType);
if (ccid_header->dwLength <= rx_read-10) {
size_t apdu_sent = 0;
if (ccid_header->bMessageType != 0x65)
DEBUG_PAYLOAD(usb_get_rx(),usb_read_available());
if (ccid_header->bMessageType == 0x65) {
ccid_response->bMessageType = CCID_SLOT_STATUS_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write(0);
}
else if (ccid_header->bMessageType == 0x62) {
size_t size_atr = (ccid_atr ? ccid_atr[0] : 0);
ccid_response->bMessageType = 0x80;
ccid_response->dwLength = size_atr;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = 0;
ccid_response->abRFU1 = 0;
//printf("1 %x %x %x || %x %x %x\r\n",ccid_response->apdu,apdu.rdata,ccid_response,ccid_header,ccid_header->apdu,apdu.data);
memcpy(apdu.rdata, ccid_atr+1, size_atr);
card_start(apdu_thread);
ccid_status = 0;
ccid_write(size_atr);
}
else if (ccid_header->bMessageType == 0x63) {
ccid_status = 1;
ccid_response->bMessageType = CCID_SLOT_STATUS_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
card_exit();
ccid_write(0);
}
else if (ccid_header->bMessageType == 0x6F) {
apdu_sent = apdu_process(&ccid_header->apdu, ccid_header->dwLength);
}
usb_clear_rx();
return apdu_sent;
}
}
/*
if (usb_read_available() && c->epo->ready) {
if ()
uint32_t count = usb_read(endp1_rx_buf, sizeof(endp1_rx_buf));
//if (endp1_rx_buf[0] != 0x65)
DEBUG_PAYLOAD(endp1_rx_buf, count);
//DEBUG_PAYLOAD(endp1_rx_buf, count);
ccid_rx_ready(count);
}
*/
return 0;
}
bool driver_mounted() {
return tud_vendor_mounted();
}
void driver_exec_timeout() {
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = CCID_CMD_STATUS_TIMEEXT;
ccid_response->abRFU1 = 0;
ccid_write(0);
}
void driver_exec_finished(size_t size_next) {
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = size_next;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write(size_next);
}
void driver_exec_finished_cont(size_t size_next, size_t offset) {
ccid_response = (struct ccid_header *)(usb_get_tx()+offset-10);
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = size_next;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write_offset(size_next, offset-10);
}
uint8_t *driver_prepare_response() {
ccid_response = (struct ccid_header *)usb_get_tx();
return &ccid_response->apdu;
}
#define USB_CONFIG_ATT_ONE TU_BIT(7)
#define MAX_USB_POWER 1
static void ccid_init_cb(void) {
TU_LOG1("-------- CCID INIT\r\n");
vendord_init();
//ccid_notify_slot_change(c);
}
static void ccid_reset_cb(uint8_t rhport) {
TU_LOG1("-------- CCID RESET\r\n");
itf_num = 0;
vendord_reset(rhport);
}
static uint16_t ccid_open(uint8_t rhport, tusb_desc_interface_t const *itf_desc, uint16_t max_len) {
uint8_t *itf_vendor = (uint8_t *)malloc(sizeof(uint8_t)*max_len);
TU_LOG1("-------- CCID OPEN\r\n");
TU_VERIFY(itf_desc->bInterfaceClass == TUSB_CLASS_SMART_CARD && itf_desc->bInterfaceSubClass == 0 && itf_desc->bInterfaceProtocol == 0, 0);
//vendord_open expects a CLASS_VENDOR interface class
memcpy(itf_vendor, itf_desc, sizeof(uint8_t)*max_len);
((tusb_desc_interface_t *)itf_vendor)->bInterfaceClass = TUSB_CLASS_VENDOR_SPECIFIC;
vendord_open(rhport, (tusb_desc_interface_t *)itf_vendor, max_len);
free(itf_vendor);
uint16_t const drv_len = sizeof(tusb_desc_interface_t) + sizeof(struct ccid_class_descriptor) + 2*sizeof(tusb_desc_endpoint_t);
TU_VERIFY(max_len >= drv_len, 0);
itf_num = itf_desc->bInterfaceNumber;
return drv_len;
}
// Support for parameterized reset via vendor interface control request
static bool ccid_control_xfer_cb(uint8_t __unused rhport, uint8_t stage, tusb_control_request_t const * request) {
// nothing to do with DATA & ACK stage
TU_LOG2("-------- CCID CTRL XFER\r\n");
if (stage != CONTROL_STAGE_SETUP) return true;
if (request->wIndex == itf_num)
{
TU_LOG2("-------- bmRequestType %x, bRequest %x, wValue %x, wLength %x\r\n",request->bmRequestType,request->bRequest, request->wValue, request->wLength);
/*
#if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_BOOTSEL
if (request->bRequest == RESET_REQUEST_BOOTSEL) {
#ifdef PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED
uint gpio_mask = 1u << PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED;
#else
uint gpio_mask = 0u;
#endif
#if !PICO_STDIO_USB_RESET_BOOTSEL_FIXED_ACTIVITY_LED
if (request->wValue & 0x100) {
gpio_mask = 1u << (request->wValue >> 9u);
}
#endif
reset_usb_boot(gpio_mask, (request->wValue & 0x7f) | PICO_STDIO_USB_RESET_BOOTSEL_INTERFACE_DISABLE_MASK);
// does not return, otherwise we'd return true
}
#endif
#if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_FLASH_BOOT
if (request->bRequest == RESET_REQUEST_FLASH) {
watchdog_reboot(0, 0, PICO_STDIO_USB_RESET_RESET_TO_FLASH_DELAY_MS);
return true;
}
#endif
*/
return true;
}
return false;
}
static bool ccid_xfer_cb(uint8_t rhport, uint8_t ep_addr, xfer_result_t result, uint32_t xferred_bytes) {
//printf("------ CALLED XFER_CB\r\n");
return vendord_xfer_cb(rhport, ep_addr, result, xferred_bytes);
//return true;
}
static const usbd_class_driver_t ccid_driver = {
#if CFG_TUSB_DEBUG >= 2
.name = "CCID",
#endif
.init = ccid_init_cb,
.reset = ccid_reset_cb,
.open = ccid_open,
.control_xfer_cb = ccid_control_xfer_cb,
.xfer_cb = ccid_xfer_cb,
.sof = NULL
};
// Implement callback to add our custom driver
usbd_class_driver_t const *usbd_app_driver_get_cb(uint8_t *driver_count) {
*driver_count = 1;
return &ccid_driver;
}

49
src/usb/ccid/ccid.h Normal file
View File

@@ -0,0 +1,49 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CCID_H_
#define _CCID_H_
extern const uint8_t historical_bytes[];
#define MAX_CMD_APDU_DATA_SIZE (24+4+512*4)
#define MAX_RES_APDU_DATA_SIZE (5+9+512*4)
#define CCID_MSG_HEADER_SIZE 10
#define USB_LL_BUF_SIZE 64
enum ccid_state {
CCID_STATE_NOCARD, /* No card available */
CCID_STATE_START, /* Initial */
CCID_STATE_WAIT, /* Waiting APDU */
CCID_STATE_EXECUTE, /* Executing command */
CCID_STATE_ACK_REQUIRED_0, /* Ack required (executing)*/
CCID_STATE_ACK_REQUIRED_1, /* Waiting user's ACK (execution finished) */
CCID_STATE_EXITED, /* CCID Thread Terminated */
CCID_STATE_EXEC_REQUESTED, /* Exec requested */
};
extern const uint8_t *ccid_atr;
extern uint8_t *usb_get_rx();
extern uint8_t *usb_get_tx();
extern uint32_t usb_write_offset(uint16_t len, uint16_t offset);
extern uint16_t usb_read_available();
extern void usb_clear_rx();
extern uint32_t usb_write_flush();
#endif //_CCID_H_

2
src/usb/tusb_config.h → src/usb/ccid/tusb_config.h
View File

@@ -108,7 +108,6 @@
#define CFG_TUD_VENDOR_TX_BUFSIZE (TUD_OPT_HIGH_SPEED ? 512 : 64)
#include "pico/types.h"
static inline uint16_t tu_u32_high16(uint32_t ui32) { return (uint16_t) (ui32 >> 16); }
static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 & 0x0000ffffu); }
@@ -117,3 +116,4 @@ static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 &
#endif
#endif /* _TUSB_CONFIG_H_ */

325
src/usb/ccid/usb_common.h.notused Normal file
View File

@@ -0,0 +1,325 @@
/*
* Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _USB_COMMON_H
#define _USB_COMMON_H
#include "pico/types.h"
#include "hardware/structs/usb.h"
// bmRequestType bit definitions
#define USB_REQ_TYPE_STANDARD 0x00u
#define USB_REQ_TYPE_TYPE_MASK 0x60u
#define USB_REQ_TYPE_TYPE_CLASS 0x20u
#define USB_REQ_TYPE_TYPE_VENDOR 0x40u
#define USB_REQ_TYPE_RECIPIENT_MASK 0x1fu
#define USB_REQ_TYPE_RECIPIENT_DEVICE 0x00u
#define USB_REQ_TYPE_RECIPIENT_INTERFACE 0x01u
#define USB_REQ_TYPE_RECIPIENT_ENDPOINT 0x02u
#define USB_DIR_OUT 0x00u
#define USB_DIR_IN 0x80u
#define USB_TRANSFER_TYPE_CONTROL 0x0
#define USB_TRANSFER_TYPE_ISOCHRONOUS 0x1
#define USB_TRANSFER_TYPE_BULK 0x2
#define USB_TRANSFER_TYPE_INTERRUPT 0x3
#define USB_TRANSFER_TYPE_BITS 0x3
// Descriptor types
#define USB_DT_DEVICE 0x01
#define USB_DT_CONFIG 0x02
#define USB_DT_STRING 0x03
#define USB_DT_INTERFACE 0x04
#define USB_DT_ENDPOINT 0x05
#define USB_REQUEST_GET_STATUS 0x0
#define USB_REQUEST_CLEAR_FEATURE 0x01
#define USB_REQUEST_SET_FEATURE 0x03
#define USB_REQUEST_SET_ADDRESS 0x05
#define USB_REQUEST_GET_DESCRIPTOR 0x06
#define USB_REQUEST_SET_DESCRIPTOR 0x07
#define USB_REQUEST_GET_CONFIGURATION 0x08
#define USB_REQUEST_SET_CONFIGURATION 0x09
#define USB_REQUEST_GET_INTERFACE 0x0a
#define USB_REQUEST_SET_INTERFACE 0x0b
#define USB_REQUEST_SYNC_FRAME 0x0c
#define USB_REQUEST_MSC_GET_MAX_LUN 0xfe
#define USB_REQUEST_MSC_RESET 0xff
#define USB_FEAT_ENDPOINT_HALT 0x00
#define USB_FEAT_DEVICE_REMOTE_WAKEUP 0x01
#define USB_FEAT_TEST_MODE 0x02
#define USB_DESCRIPTOR_TYPE_ENDPOINT 0x05
struct usb_setup_packet {
uint8_t bmRequestType;
uint8_t bRequest;
uint16_t wValue;
uint16_t wIndex;
uint16_t wLength;
} __packed;
struct usb_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
};
struct usb_device_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdUSB;
uint8_t bDeviceClass;
uint8_t bDeviceSubClass;
uint8_t bDeviceProtocol;
uint8_t bMaxPacketSize0;
uint16_t idVendor;
uint16_t idProduct;
uint16_t bcdDevice;
uint8_t iManufacturer;
uint8_t iProduct;
uint8_t iSerialNumber;
uint8_t bNumConfigurations;
} __packed;
struct usb_configuration_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t wTotalLength;
uint8_t bNumInterfaces;
uint8_t bConfigurationValue;
uint8_t iConfiguration;
uint8_t bmAttributes;
uint8_t bMaxPower;
} __packed;
struct usb_interface_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bInterfaceNumber;
uint8_t bAlternateSetting;
uint8_t bNumEndpoints;
uint8_t bInterfaceClass;
uint8_t bInterfaceSubClass;
uint8_t bInterfaceProtocol;
uint8_t iInterface;
} __packed;
struct usb_endpoint_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bEndpointAddress;
uint8_t bmAttributes;
uint16_t wMaxPacketSize;
uint8_t bInterval;
} __packed;
struct usb_endpoint_descriptor_long {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bEndpointAddress;
uint8_t bmAttributes;
uint16_t wMaxPacketSize;
uint8_t bInterval;
uint8_t bRefresh;
uint8_t bSyncAddr;
} __attribute__((packed));
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
static const struct ccid_class_descriptor ccid_desc = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
// Struct in which we keep the endpoint configuration
typedef void (*usb_ep_handler)(uint8_t *buf, uint16_t len);
struct usb_endpoint_configuration {
const struct usb_endpoint_descriptor *descriptor;
usb_ep_handler handler;
// Pointers to endpoint + buffer control registers
// in the USB controller DPSRAM
volatile uint32_t *endpoint_control;
volatile uint32_t *buffer_control;
volatile uint8_t *data_buffer;
// Toggle after each packet (unless replying to a SETUP)
uint8_t next_pid;
};
// Struct in which we keep the device configuration
struct usb_device_configuration {
const struct usb_device_descriptor *device_descriptor;
const struct usb_interface_descriptor *interface_descriptor;
const struct usb_configuration_descriptor *config_descriptor;
const struct ccid_class_descriptor *ccid_descriptor;
const unsigned char *lang_descriptor;
const unsigned char **descriptor_strings;
// USB num endpoints is 16
struct usb_endpoint_configuration endpoints[USB_NUM_ENDPOINTS];
};
#define EP0_IN_ADDR (USB_DIR_IN | 0)
#define EP0_OUT_ADDR (USB_DIR_OUT | 0)
#define EP1_OUT_ADDR (USB_DIR_OUT | 1)
#define EP2_IN_ADDR (USB_DIR_IN | 2)
// EP0 IN and OUT
static const struct usb_endpoint_descriptor ep0_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP0_OUT_ADDR, // EP number 0, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_CONTROL,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_endpoint_descriptor ep0_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP0_IN_ADDR, // EP number 0, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_CONTROL,
.wMaxPacketSize = 64,
.bInterval = 0
};
// Descriptors
static const struct usb_device_descriptor device_descriptor = {
.bLength = sizeof(struct usb_device_descriptor),
.bDescriptorType = USB_DT_DEVICE,
.bcdUSB = 0x0200, // USB 1.1 device
.bDeviceClass = 0, // Specified in interface descriptor
.bDeviceSubClass = 0, // No subclass
.bDeviceProtocol = 0, // No protocol
.bMaxPacketSize0 = 64, // Max packet size for ep0
.idVendor = 0x20a0, // Your vendor id
.idProduct = 0x4230, // Your product ID
.bcdDevice = 0x0101, // No device revision number
.iManufacturer = 1, // Manufacturer string index
.iProduct = 2, // Product string index
.iSerialNumber = 3, // No serial number
.bNumConfigurations = 1 // One configuration
};
static const struct usb_interface_descriptor interface_descriptor = {
.bLength = sizeof(struct usb_interface_descriptor),
.bDescriptorType = USB_DT_INTERFACE,
.bInterfaceNumber = 0,
.bAlternateSetting = 0,
.bNumEndpoints = 2, // Interface has 2 endpoints
.bInterfaceClass = 0x0b, // Vendor specific endpoint
.bInterfaceSubClass = 0,
.bInterfaceProtocol = 0,
.iInterface = 5
};
static const struct usb_endpoint_descriptor ep1_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP1_OUT_ADDR, // EP number 1, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_BULK,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_endpoint_descriptor ep2_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP2_IN_ADDR, // EP number 2, IN from host (tx from device)
.bmAttributes = USB_TRANSFER_TYPE_BULK,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_configuration_descriptor config_descriptor = {
.bLength = sizeof(struct usb_configuration_descriptor),
.bDescriptorType = USB_DT_CONFIG,
.wTotalLength = (sizeof(config_descriptor) +
sizeof(interface_descriptor) +
sizeof(ccid_desc) +
sizeof(ep1_out) +
sizeof(ep2_in)),
.bNumInterfaces = 1,
.bConfigurationValue = 1, // Configuration 1
.iConfiguration = 4, // No string
.bmAttributes = 0xa0, // attributes: self powered, no remote wakeup
.bMaxPower = 0x32 // 100ma
};
static const unsigned char lang_descriptor[] = {
4, // bLength
0x03, // bDescriptorType == String Descriptor
0x09, 0x04 // language id = us english
};
#define USB_REQ_CCID 0xA1
extern uint16_t usb_read(uint8_t *buffer, size_t buffer_size);
extern uint16_t usb_read_available();
extern uint32_t usb_write_offset(uint16_t size, uint16_t offset);
extern uint32_t usb_write(uint16_t size);
extern bool usb_is_configured();
extern void usb_init();
extern uint8_t *usb_get_rx();
extern uint32_t usb_send_tx_buffer();
extern uint8_t *usb_get_tx();
extern void usb_clear_rx();
extern bool usb_write_available();
extern uint32_t usb_write_flush();
#endif

36
src/usb/usb_descriptors.c → src/usb/ccid/usb_descriptors.c
View File

@@ -1,5 +1,5 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
@@ -17,10 +17,8 @@
#include "tusb.h"
#include "usb_descriptors.h"
#include "ccid.h"
#include "pico/unique_id.h"
#include "version.h"
#include "hsm_version.h"
#ifndef USB_VID
#define USB_VID 0xFEFF
@@ -35,6 +33,32 @@
#define MAX_USB_POWER 1
static const struct ccid_class_descriptor desc_ccid = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
//--------------------------------------------------------------------+
// Device Descriptors
@@ -52,7 +76,7 @@ tusb_desc_device_t const desc_device =
.idVendor = (USB_VID),
.idProduct = (USB_PID),
.bcdDevice = HSM_VERSION,
.bcdDevice = HSM_SDK_VERSION,
.iManufacturer = 1,
.iProduct = 2,
@@ -159,7 +183,7 @@ char const* string_desc_arr [] =
{
(const char[]) { 0x09, 0x04 }, // 0: is supported language is English (0x0409)
"Pol Henarejos", // 1: Manufacturer
"Pico HSM", // 2: Product
"Pico HSM CCID", // 2: Product
"11223344", // 3: Serials, should use chip ID
"Pico HSM Config", // 4: Vendor Interface
"Pico HSM Interface"

46
src/usb/ccid/usb_descriptors.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef USB_DESCRIPTORS_H_
#define USB_DESCRIPTORS_H_
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
#endif /* USB_DESCRIPTORS_H_ */

159
src/usb/hid/ctap_hid.h Normal file
View File

@@ -0,0 +1,159 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CTAP_HID_H_
#define _CTAP_HID_H_
#ifdef _MSC_VER // Windows
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
typedef unsigned long int uint64_t;
#else
#include <stdint.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
// Size of HID reports
#define HID_RPT_SIZE 64 // Default size of raw HID report
// Frame layout - command- and continuation frames
#define CID_BROADCAST 0xffffffff // Broadcast channel id
#define TYPE_MASK 0x80 // Frame type mask
#define TYPE_INIT 0x80 // Initial frame identifier
#define TYPE_CONT 0x00 // Continuation frame identifier
typedef struct {
uint32_t cid; // Channel identifier
union {
uint8_t type; // Frame type - b7 defines type
struct {
uint8_t cmd; // Command - b7 set
uint8_t bcnth; // Message byte count - high part
uint8_t bcntl; // Message byte count - low part
uint8_t data[HID_RPT_SIZE - 7]; // Data payload
} init;
struct {
uint8_t seq; // Sequence number - b7 cleared
uint8_t data[HID_RPT_SIZE - 5]; // Data payload
} cont;
};
}__packed CTAPHID_FRAME;
#define FRAME_TYPE(f) ((f)->type & TYPE_MASK)
#define FRAME_CMD(f) ((f)->init.cmd & ~TYPE_MASK)
#define MSG_LEN(f) ((f)->init.bcnth*256 + (f)->init.bcntl)
#define FRAME_SEQ(f) ((f)->cont.seq & ~TYPE_MASK)
// HID usage- and usage-page definitions
#define FIDO_USAGE_PAGE 0xf1d0 // FIDO alliance HID usage page
#define FIDO_USAGE_CTAPHID 0x01 // CTAPHID usage for top-level collection
#define FIDO_USAGE_DATA_IN 0x20 // Raw IN data report
#define FIDO_USAGE_DATA_OUT 0x21 // Raw OUT data report
// General constants
#define CTAPHID_IF_VERSION 2 // Current interface implementation version
#define CTAPHID_TRANS_TIMEOUT 3000 // Default message timeout in ms
// CTAPHID native commands
#define CTAPHID_PING (TYPE_INIT | 0x01) // Echo data through local processor only
#define CTAPHID_MSG (TYPE_INIT | 0x03) // Send CTAP message frame
#define CTAPHID_LOCK (TYPE_INIT | 0x04) // Send lock channel command
#define CTAPHID_INIT (TYPE_INIT | 0x06) // Channel initialization
#define CTAPHID_WINK (TYPE_INIT | 0x08) // Send device identification wink
#define CTAPHID_CBOR (TYPE_INIT | 0x10) // CBOR
#define CTAPHID_CANCEL (TYPE_INIT | 0x11) // Cancel any request
#define CTAPHID_KEEPALIVE (TYPE_INIT | 0x3B) // Keepalive command
#define CTAPHID_SYNC (TYPE_INIT | 0x3C) // Protocol resync command
#define CTAPHID_ERROR (TYPE_INIT | 0x3F) // Error response
#define CTAPHID_VENDOR_FIRST (TYPE_INIT | 0x40) // First vendor defined command
#define CTAPHID_VENDOR_LAST (TYPE_INIT | 0x7F) // Last vendor defined command
// CTAP CBOR commands
#define CTAP_MAKE_CREDENTIAL 0x01
#define CTAP_GET_ASSERTION 0x02
#define CTAP_GET_INFO 0x04
#define CTAP_CLIENT_PIN 0x06
#define CTAP_RESET 0x07
#define CTAP_GET_NEXT_ASSERTION 0x08
// CTAP_KEEPALIVE command defines
#define KEEPALIVE_STATUS_PROCESSING 0x1
#define KEEPALIVE_STATUS_UPNEEDED 0x2
// CTAPHID_INIT command defines
#define INIT_NONCE_SIZE 8 // Size of channel initialization challenge
#define CAPFLAG_WINK 0x01 // Device supports WINK command
#define CAPFLAG_CBOR 0x04 // Device supports CBOR command
typedef struct {
uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce
}__packed CTAPHID_INIT_REQ;
typedef struct {
uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce
uint32_t cid; // Channel identifier
uint8_t versionInterface; // Interface version
uint8_t versionMajor; // Major version number
uint8_t versionMinor; // Minor version number
uint8_t versionBuild; // Build version number
uint8_t capFlags; // Capabilities flags
}__packed CTAPHID_INIT_RESP;
// CTAPHID_SYNC command defines
typedef struct {
uint8_t nonce; // Client application nonce
} CTAPHID_SYNC_REQ;
typedef struct {
uint8_t nonce; // Client application nonce
} CTAPHID_SYNC_RESP;
// Low-level error codes. Return as negatives.
#define CTAP_MAX_PACKET_SIZE (64 - 7 + 128 * (64 - 5))
#define CTAP1_ERR_NONE 0x00 // No error
#define CTAP1_ERR_INVALID_CMD 0x01 // Invalid command
#define CTAP1_ERR_INVALID_PARAMETER 0x02 // Invalid parameter
#define CTAP1_ERR_INVALID_LEN 0x03 // Invalid message length
#define CTAP1_ERR_INVALID_SEQ 0x04 // Invalid message sequencing
#define CTAP1_ERR_MSG_TIMEOUT 0x05 // Message has timed out
#define CTAP1_ERR_CHANNEL_BUSY 0x06 // Channel busy
#define CTAP1_ERR_LOCK_REQUIRED 0x0a // Command requires channel lock
#define CTAP1_ERR_INVALID_CHANNEL 0x0b // CID not valid
#define CTAP1_ERR_OTHER 0x7f // Other unspecified error
#ifdef __cplusplus
}
#endif
#endif // _CTAP_HID_H_

360
src/usb/hid/hid.c Normal file
View File

@@ -0,0 +1,360 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "tusb.h"
#include "ctap_hid.h"
#include "hsm.h"
#include "hsm_version.h"
#include "apdu.h"
#include "usb.h"
#include "bsp/board.h"
static bool mounted = false;
extern int cbor_process(const uint8_t *, size_t);
extern void init_fido(bool);
typedef struct msg_packet {
uint16_t len;
uint16_t current_len;
uint8_t data[CTAP_MAX_PACKET_SIZE];
} __packed msg_packet_t;
msg_packet_t msg_packet = { 0 };
void tud_mount_cb()
{
mounted = true;
}
bool driver_mounted() {
return mounted;
}
CTAPHID_FRAME *ctap_req = NULL, *ctap_resp = NULL;
int driver_init() {
tud_init(BOARD_TUD_RHPORT);
ctap_req = (CTAPHID_FRAME *)usb_get_rx();
apdu.header = ctap_req->init.data;
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
apdu.rdata = ctap_resp->init.data;
usb_set_timeout_counter(200);
return 0;
}
void driver_task() {
tud_task(); // tinyusb device task
}
//--------------------------------------------------------------------+
// USB HID
//--------------------------------------------------------------------+
// Invoked when received GET_REPORT control request
// Application must fill buffer report's content and return its length.
// Return zero will cause the stack to STALL request
uint16_t tud_hid_get_report_cb(uint8_t itf, uint8_t report_id, hid_report_type_t report_type, uint8_t* buffer, uint16_t reqlen)
{
// TODO not Implemented
(void) itf;
(void) report_id;
(void) report_type;
(void) buffer;
(void) reqlen;
printf("get_report\n");
DEBUG_PAYLOAD(buffer, reqlen);
return 0;
}
void hid_write_offset(uint16_t size, uint16_t offset) {
if (*usb_get_tx() != 0x81)
DEBUG_PAYLOAD(usb_get_tx()+offset, size);
usb_write_offset(size, offset);
}
void hid_write(uint16_t size) {
hid_write_offset(size, 0);
}
uint16_t send_buffer_size = 0;
void tud_hid_report_complete_cb(uint8_t instance, uint8_t const* report, /*uint16_t*/ uint8_t len) {
uint8_t seq = report[4] & TYPE_MASK ? 0 : report[4]+1;
if (send_buffer_size > 0) {
ctap_resp->cid = ctap_req->cid;
ctap_resp->cont.seq = seq;
hid_write_offset(64, (uint8_t *)ctap_resp - (usb_get_tx()));
send_buffer_size -= MIN(64 - 5, send_buffer_size);
ctap_resp = (CTAPHID_FRAME *)((uint8_t *)ctap_resp + 64 - 5);
}
}
int driver_write(const uint8_t *buffer, size_t buffer_size) {
int ret = tud_hid_report(0, buffer, buffer_size);
return ret;
}
size_t driver_read(uint8_t *buffer, size_t buffer_size) {
return 0;
}
// Invoked when received SET_REPORT control request or
// received data on OUT endpoint ( Report ID = 0, Type = 0 )
void tud_hid_set_report_cb(uint8_t itf, uint8_t report_id, hid_report_type_t report_type, uint8_t const* buffer, uint16_t bufsize)
{
// This example doesn't use multiple report and report ID
(void) itf;
(void) report_id;
(void) report_type;
usb_rx(buffer, bufsize);
}
uint32_t last_cmd_time = 0, last_packet_time = 0;
int ctap_error(uint8_t error) {
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
memset(ctap_resp, 0, sizeof(CTAPHID_FRAME));
ctap_resp->cid = ctap_req->cid;
ctap_resp->init.cmd = CTAPHID_ERROR;
ctap_resp->init.bcntl = 1;
ctap_resp->init.data[0] = error;
hid_write(64);
usb_clear_rx();
last_packet_time = 0;
return 0;
}
uint8_t last_cmd = 0;
uint8_t last_seq = 0;
CTAPHID_FRAME last_req = { 0 };
uint32_t lock = 0;
uint8_t thread_type = 0; //1 is APDU, 2 is CBOR
extern void cbor_thread();
extern bool cancel_button;
int driver_process_usb_nopacket() {
if (last_packet_time > 0 && last_packet_time+500 < board_millis()) {
ctap_error(CTAP1_ERR_MSG_TIMEOUT);
last_packet_time = 0;
msg_packet.len = msg_packet.current_len = 0;
}
return 0;
}
int driver_process_usb_packet(uint16_t read) {
int apdu_sent = 0;
if (read >= 5)
{
last_packet_time = board_millis();
DEBUG_PAYLOAD(usb_get_rx(),64);
memset(ctap_resp, 0, sizeof(CTAPHID_FRAME));
if (ctap_req->cid == 0x0 || (ctap_req->cid == CID_BROADCAST && ctap_req->init.cmd != CTAPHID_INIT))
return ctap_error(CTAP1_ERR_INVALID_CHANNEL);
if (board_millis() < lock && ctap_req->cid != last_req.cid && last_cmd_time+100 > board_millis())
return ctap_error(CTAP1_ERR_CHANNEL_BUSY);
if (FRAME_TYPE(ctap_req) == TYPE_INIT)
{
if (MSG_LEN(ctap_req) > CTAP_MAX_PACKET_SIZE)
return ctap_error(CTAP1_ERR_INVALID_LEN);
if (msg_packet.len > 0 && last_cmd_time+100 > board_millis() && ctap_req->init.cmd != CTAPHID_INIT) {
if (last_req.cid != ctap_req->cid) //We are in a transaction
return ctap_error(CTAP1_ERR_CHANNEL_BUSY);
else
return ctap_error(CTAP1_ERR_INVALID_SEQ);
}
printf("command %x\n", FRAME_CMD(ctap_req));
printf("len %d\n", MSG_LEN(ctap_req));
msg_packet.len = msg_packet.current_len = 0;
if (MSG_LEN(ctap_req) > 64 - 7)
{
msg_packet.len = MSG_LEN(ctap_req);
memcpy(msg_packet.data + msg_packet.current_len, ctap_req->init.data, 64-7);
msg_packet.current_len += 64 - 7;
}
memcpy(&last_req, ctap_req, sizeof(CTAPHID_FRAME));
last_cmd = ctap_req->init.cmd;
last_seq = 0;
last_cmd_time = board_millis();
}
else {
if (msg_packet.len == 0) //Received a cont with a prior init pkt
return 0;
if (last_seq != ctap_req->cont.seq)
return ctap_error(CTAP1_ERR_INVALID_SEQ);
if (last_req.cid == ctap_req->cid) {
memcpy(msg_packet.data + msg_packet.current_len, ctap_req->cont.data, MIN(64 - 5, msg_packet.len - msg_packet.current_len));
msg_packet.current_len += MIN(64 - 5, msg_packet.len - msg_packet.current_len);
memcpy(&last_req, ctap_req, sizeof(CTAPHID_FRAME));
last_seq++;
}
else if (last_cmd_time+100 > board_millis())
return ctap_error(CTAP1_ERR_CHANNEL_BUSY);
}
if (ctap_req->init.cmd == CTAPHID_INIT) {
init_fido(false);
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
memset(ctap_resp, 0, 64);
CTAPHID_INIT_REQ *req = (CTAPHID_INIT_REQ *)ctap_req->init.data;
CTAPHID_INIT_RESP *resp = (CTAPHID_INIT_RESP *)ctap_resp->init.data;
memcpy(resp->nonce, req->nonce, sizeof(resp->nonce));
resp->cid = 0x01000000;
resp->versionInterface = CTAPHID_IF_VERSION;
resp->versionMajor = HSM_SDK_VERSION_MAJOR;
resp->versionMinor = HSM_SDK_VERSION_MINOR;
resp->capFlags = CAPFLAG_WINK | CAPFLAG_CBOR;
ctap_resp->cid = CID_BROADCAST;
ctap_resp->init.cmd = CTAPHID_INIT;
ctap_resp->init.bcntl = 17;
ctap_resp->init.bcnth = 0;
driver_exec_finished(17);
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
}
else if (ctap_req->init.cmd == CTAPHID_WINK) {
if (MSG_LEN(ctap_req) != 0) {
return ctap_error(CTAP1_ERR_INVALID_LEN);
}
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
memcpy(ctap_resp, ctap_req, sizeof(CTAPHID_FRAME));
sleep_ms(1000); //For blinking the device during 1 seg
hid_write(64);
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
}
else if ((last_cmd == CTAPHID_PING || last_cmd == CTAPHID_SYNC) && (msg_packet.len == 0 || (msg_packet.len == msg_packet.current_len && msg_packet.len > 0))) {
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
if (msg_packet.current_len == msg_packet.len && msg_packet.len > 0) {
memcpy(ctap_resp->init.data, msg_packet.data, msg_packet.len);
driver_exec_finished(msg_packet.len);
}
else {
memcpy(ctap_resp->init.data, ctap_req->init.data, MSG_LEN(ctap_req));
driver_exec_finished(MSG_LEN(ctap_req));
}
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
}
else if (ctap_req->init.cmd == CTAPHID_LOCK) {
if (MSG_LEN(ctap_req) != 1)
return ctap_error(CTAP1_ERR_INVALID_LEN);
if (ctap_req->init.data[0] > 10)
return ctap_error(CTAP1_ERR_INVALID_PARAMETER);
lock = board_millis() + ctap_req->init.data[0] * 1000;
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
memset(ctap_resp, 0, 64);
ctap_resp->cid = ctap_req->cid;
ctap_resp->init.cmd = ctap_req->init.cmd;
hid_write(64);
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
}
else if (last_cmd == CTAPHID_MSG && (msg_packet.len == 0 || (msg_packet.len == msg_packet.current_len && msg_packet.len > 0))) {
current_app = apps[0].select_aid(&apps[0]);
if (thread_type != 1)
card_start(apdu_thread);
thread_type = 1;
if (msg_packet.current_len == msg_packet.len && msg_packet.len > 0)
apdu_sent = apdu_process(msg_packet.data, msg_packet.len);
else
apdu_sent = apdu_process(ctap_req->init.data, MSG_LEN(ctap_req));
DEBUG_PAYLOAD(apdu.data, (int)apdu.nc);
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
}
else if (last_cmd == CTAPHID_CBOR && (msg_packet.len == 0 || (msg_packet.len == msg_packet.current_len && msg_packet.len > 0))) {
if (thread_type != 2)
card_start(cbor_thread);
thread_type = 2;
if (msg_packet.current_len == msg_packet.len && msg_packet.len > 0)
apdu_sent = cbor_process(msg_packet.data, msg_packet.len);
else
apdu_sent = cbor_process(ctap_req->init.data, MSG_LEN(ctap_req));
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
if (apdu_sent < 0)
return ctap_error(-apdu_sent);
}
else if (ctap_req->init.cmd == CTAPHID_CANCEL) {
ctap_error(0x2D);
msg_packet.len = msg_packet.current_len = 0;
last_packet_time = 0;
cancel_button = true;
}
else {
if (msg_packet.len == 0)
return ctap_error(CTAP1_ERR_INVALID_CMD);
}
// echo back anything we received from host
//tud_hid_report(0, buffer, bufsize);
//printf("END\n");
usb_clear_rx();
}
return apdu_sent;
}
void send_keepalive() {
CTAPHID_FRAME *resp = (CTAPHID_FRAME *)(usb_get_tx() + 4096);
//memset(ctap_resp, 0, sizeof(CTAPHID_FRAME));
resp->cid = ctap_req->cid;
resp->init.cmd = CTAPHID_KEEPALIVE;
resp->init.bcntl = 1;
resp->init.data[0] = is_req_button_pending() ? 2 : 1;
send_buffer_size = 0;
hid_write_offset(64, 4096);
}
void driver_exec_timeout() {
send_keepalive();
}
uint8_t *driver_prepare_response() {
ctap_resp = (CTAPHID_FRAME *)usb_get_tx();
apdu.rdata = ctap_resp->init.data;
send_buffer_size = 0;
memset(usb_get_tx(), 0, 4096);
return ctap_resp->init.data;
}
void driver_exec_finished(size_t size_next) {
if (thread_type == 2 && apdu.sw != 0)
ctap_error(apdu.sw & 0xff);
else
driver_exec_finished_cont(size_next, 7);
apdu.sw = 0;
}
void driver_exec_finished_cont(size_t size_next, size_t offset) {
offset -= 7;
ctap_resp = (CTAPHID_FRAME *)(usb_get_tx() + offset);
ctap_resp->cid = ctap_req->cid;
ctap_resp->init.cmd = last_cmd;
ctap_resp->init.bcnth = size_next >> 8;
ctap_resp->init.bcntl = size_next & 0xff;
hid_write_offset(64, offset);
ctap_resp = (CTAPHID_FRAME *)((uint8_t *)ctap_resp + 64 - 5);
send_buffer_size = size_next;
send_buffer_size -= MIN(64-7, send_buffer_size);
}

115
src/usb/hid/tusb_config.h Normal file
View File

@@ -0,0 +1,115 @@
/*
* The MIT License (MIT)
*
* Copyright (c) 2019 Ha Thach (tinyusb.org)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/
#ifndef _TUSB_CONFIG_H_
#define _TUSB_CONFIG_H_
#ifdef __cplusplus
extern "C" {
#endif
//--------------------------------------------------------------------+
// Board Specific Configuration
//--------------------------------------------------------------------+
// RHPort number used for device can be defined by board.mk, default to port 0
#ifndef BOARD_TUD_RHPORT
#define BOARD_TUD_RHPORT 0
#endif
// RHPort max operational speed can defined by board.mk
#ifndef BOARD_TUD_MAX_SPEED
#define BOARD_TUD_MAX_SPEED OPT_MODE_DEFAULT_SPEED
#endif
//--------------------------------------------------------------------
// COMMON CONFIGURATION
//--------------------------------------------------------------------
// defined by compiler flags for flexibility
#ifndef CFG_TUSB_MCU
#error CFG_TUSB_MCU must be defined
#endif
#if CFG_TUSB_MCU == OPT_MCU_LPC18XX || CFG_TUSB_MCU == OPT_MCU_LPC43XX || CFG_TUSB_MCU == OPT_MCU_MIMXRT10XX || \
CFG_TUSB_MCU == OPT_MCU_NUC505 || CFG_TUSB_MCU == OPT_MCU_CXD56
#define CFG_TUSB_RHPORT0_MODE (OPT_MODE_DEVICE | OPT_MODE_HIGH_SPEED)
#else
#define CFG_TUSB_RHPORT0_MODE OPT_MODE_DEVICE
#endif
#ifndef CFG_TUSB_OS
#define CFG_TUSB_OS OPT_OS_PICO
#endif
#ifndef CFG_TUSB_DEBUG
#define CFG_TUSB_DEBUG 1
#endif
// Enable Device stack
#define CFG_TUD_ENABLED 1
// Default is max speed that hardware controller could support with on-chip PHY
#define CFG_TUD_MAX_SPEED BOARD_TUD_MAX_SPEED
/* USB DMA on some MCUs can only access a specific SRAM region with restriction on alignment.
* Tinyusb use follows macros to declare transferring memory so that they can be put
* into those specific section.
* e.g
* - CFG_TUSB_MEM SECTION : __attribute__ (( section(".usb_ram") ))
* - CFG_TUSB_MEM_ALIGN : __attribute__ ((aligned(4)))
*/
#ifndef CFG_TUSB_MEM_SECTION
#define CFG_TUSB_MEM_SECTION
#endif
#ifndef CFG_TUSB_MEM_ALIGN
#define CFG_TUSB_MEM_ALIGN __attribute__ ((aligned(4)))
#endif
//--------------------------------------------------------------------
// DEVICE CONFIGURATION
//--------------------------------------------------------------------
#ifndef CFG_TUD_ENDPOINT0_SIZE
#define CFG_TUD_ENDPOINT0_SIZE 64
#endif
//------------- CLASS -------------//
#define CFG_TUD_CDC 0
#define CFG_TUD_MSC 0
#define CFG_TUD_HID 1
#define CFG_TUD_MIDI 0
#define CFG_TUD_VENDOR 0
// HID buffer size Should be sufficient to hold ID (if any) + Data
#define CFG_TUD_HID_EP_BUFSIZE 64
#ifdef __cplusplus
}
#endif
#endif /* _TUSB_CONFIG_H_ */

198
src/usb/hid/usb_descriptors.c Normal file
View File

@@ -0,0 +1,198 @@
/*
* The MIT License (MIT)
*
* Copyright (c) 2019 Ha Thach (tinyusb.org)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/
#include "tusb.h"
#include "ctap_hid.h"
#include "pico/unique_id.h"
#include "hsm_version.h"
/* A combination of interfaces must have a unique product id, since PC will save device driver after the first plug.
* Same VID/PID with different interface e.g MSC (first), then CDC (later) will possibly cause system error on PC.
*
* Auto ProductID layout's Bitmap:
* [MSB] HID | MSC | CDC [LSB]
*/
//--------------------------------------------------------------------+
// Device Descriptors
//--------------------------------------------------------------------+
tusb_desc_device_t const desc_device =
{
.bLength = sizeof(tusb_desc_device_t),
.bDescriptorType = TUSB_DESC_DEVICE,
.bcdUSB = 0x0200,
.bDeviceClass = 0x00,
.bDeviceSubClass = 0x00,
.bDeviceProtocol = 0x00,
.bMaxPacketSize0 = CFG_TUD_ENDPOINT0_SIZE,
.idVendor = 0xCafe,
.idProduct = 0x4231,
.bcdDevice = HSM_SDK_VERSION,
.iManufacturer = 0x01,
.iProduct = 0x02,
.iSerialNumber = 0x03,
.bNumConfigurations = 0x01
};
// Invoked when received GET DEVICE DESCRIPTOR
// Application return pointer to descriptor
uint8_t const * tud_descriptor_device_cb(void)
{
return (uint8_t const *) &desc_device;
}
//--------------------------------------------------------------------+
// HID Report Descriptor
//--------------------------------------------------------------------+
#define TUD_HID_REPORT_DESC_CTAP(report_size, ...) \
HID_USAGE_PAGE_N ( FIDO_USAGE_PAGE, 2 ),\
HID_USAGE ( FIDO_USAGE_CTAPHID ),\
HID_COLLECTION ( HID_COLLECTION_APPLICATION ),\
/* Report ID if any */\
__VA_ARGS__ \
/* Input */ \
HID_USAGE ( FIDO_USAGE_DATA_IN ),\
HID_LOGICAL_MIN ( 0x00 ),\
HID_LOGICAL_MAX_N ( 0xff, 2 ),\
HID_REPORT_SIZE ( 8 ),\
HID_REPORT_COUNT( report_size ),\
HID_INPUT ( HID_DATA | HID_VARIABLE | HID_ABSOLUTE ),\
/* Output */ \
HID_USAGE ( FIDO_USAGE_DATA_OUT ),\
HID_LOGICAL_MIN ( 0x00 ),\
HID_LOGICAL_MAX_N ( 0xff, 2 ),\
HID_REPORT_SIZE ( 8 ),\
HID_REPORT_COUNT( report_size ),\
HID_OUTPUT ( HID_DATA | HID_VARIABLE | HID_ABSOLUTE ),\
HID_COLLECTION_END \
uint8_t const desc_hid_report[] =
{
TUD_HID_REPORT_DESC_CTAP(CFG_TUD_HID_EP_BUFSIZE)
};
// Invoked when received GET HID REPORT DESCRIPTOR
// Application return pointer to descriptor
// Descriptor contents must exist long enough for transfer to complete
uint8_t const * tud_hid_descriptor_report_cb(uint8_t itf)
{
printf("report_cb %d\n", itf);
return desc_hid_report;
}
//--------------------------------------------------------------------+
// Configuration Descriptor
//--------------------------------------------------------------------+
enum
{
ITF_NUM_HID,
ITF_NUM_TOTAL
};
#define CONFIG_TOTAL_LEN (TUD_CONFIG_DESC_LEN + TUD_HID_INOUT_DESC_LEN)
#define EPNUM_HID 0x01
uint8_t const desc_configuration[] =
{
// Config number, interface count, string index, total length, attribute, power in mA
TUD_CONFIG_DESCRIPTOR(1, ITF_NUM_TOTAL, 0, CONFIG_TOTAL_LEN, 0x00, 100),
// Interface number, string index, protocol, report descriptor len, EP In & Out address, size & polling interval
TUD_HID_INOUT_DESCRIPTOR(ITF_NUM_HID, 0, HID_ITF_PROTOCOL_NONE, sizeof(desc_hid_report), EPNUM_HID, 0x80 | EPNUM_HID, CFG_TUD_HID_EP_BUFSIZE, 10)
};
// Invoked when received GET CONFIGURATION DESCRIPTOR
// Application return pointer to descriptor
// Descriptor contents must exist long enough for transfer to complete
uint8_t const * tud_descriptor_configuration_cb(uint8_t index)
{
(void) index; // for multiple configurations
return desc_configuration;
}
//--------------------------------------------------------------------+
// String Descriptors
//--------------------------------------------------------------------+
// array of pointer to string descriptors
char const* string_desc_arr [] =
{
(const char[]) { 0x09, 0x04 }, // 0: is supported language is English (0x0409)
"Pol Henarejos", // 1: Manufacturer
"Pico HSM HID", // 2: Product
"123456", // 3: Serials, should use chip ID
};
static uint16_t _desc_str[32];
// Invoked when received GET STRING DESCRIPTOR request
// Application return pointer to descriptor, whose contents must exist long enough for transfer to complete
uint16_t const* tud_descriptor_string_cb(uint8_t index, uint16_t langid)
{
(void) langid;
uint8_t chr_count;
if (index == 0) {
memcpy(&_desc_str[1], string_desc_arr[0], 2);
chr_count = 1;
}
else {
// Note: the 0xEE index string is a Microsoft OS 1.0 Descriptors.
// https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/microsoft-defined-usb-descriptors
if ( !(index < sizeof(string_desc_arr)/sizeof(string_desc_arr[0])) )
return NULL;
const char* str = string_desc_arr[index];
char unique_id_str[2 * PICO_UNIQUE_BOARD_ID_SIZE_BYTES + 1];
if (index == 3) {
pico_unique_board_id_t unique_id;
pico_get_unique_board_id(&unique_id);
pico_get_unique_board_id_string(unique_id_str, 2 * PICO_UNIQUE_BOARD_ID_SIZE_BYTES + 1);
str = unique_id_str;
}
chr_count = strlen(str);
if ( chr_count > 31 )
chr_count = 31;
// Convert ASCII string into UTF-16
for(uint8_t i=0; i<chr_count; i++) {
_desc_str[1+i] = str[i];
}
}
_desc_str[0] = (TUSB_DESC_STRING << 8 ) | (2*chr_count + 2);
return _desc_str;
}

262
src/usb/usb.c Normal file
View File

@@ -0,0 +1,262 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "pico/unique_id.h"
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
#include "pico/multicore.h"
#include "tusb.h"
#include "hsm.h"
#include "usb.h"
#include "apdu.h"
#include "bsp/board.h"
// For memcpy
#include <string.h>
#include <stdlib.h>
// Device specific functions
static uint8_t rx_buffer[4096], tx_buffer[4096+64];
static uint16_t w_offset = 0, r_offset = 0;
static uint16_t w_len = 0, tx_r_offset = 0;
static uint32_t timeout_counter = 0;
void usb_set_timeout_counter(uint32_t v) {
timeout_counter = v;
}
uint32_t usb_write_offset(uint16_t len, uint16_t offset) {
uint8_t pkt_max = 64;
if (len > sizeof(tx_buffer))
len = sizeof(tx_buffer);
w_len = len;
tx_r_offset = offset;
driver_write(tx_buffer+offset, MIN(len, pkt_max));
w_len -= MIN(len, pkt_max);
tx_r_offset += MIN(len, pkt_max);
return MIN(w_len, pkt_max);
}
size_t usb_rx(const uint8_t *buffer, size_t len) {
uint16_t size = MIN(sizeof(rx_buffer) - w_offset, len);
if (size > 0) {
if (buffer == NULL)
size = driver_read(rx_buffer + w_offset, size);
else
memcpy(rx_buffer + w_offset, buffer, size);
w_offset += size;
}
return size;
}
uint32_t usb_write_flush() {
if (w_len > 0) {
driver_write(tx_buffer+tx_r_offset, MIN(w_len, 64));
tx_r_offset += MIN(w_len, 64);
w_len -= MIN(w_len, 64);
}
return w_len;
}
uint32_t usb_write(uint16_t len) {
return usb_write_offset(len, 0);
}
uint16_t usb_read_available() {
return w_offset - r_offset;
}
uint16_t usb_write_available() {
return w_len > 0;
}
uint8_t *usb_get_rx() {
return rx_buffer;
}
uint8_t *usb_get_tx() {
return tx_buffer;
}
void usb_clear_rx() {
w_offset = r_offset = 0;
}
uint16_t usb_read(uint8_t *buffer, size_t buffer_size) {
uint16_t size = MIN(buffer_size, w_offset-r_offset);
if (size > 0) {
memcpy(buffer, rx_buffer+r_offset, size);
r_offset += size;
if (r_offset == w_offset) {
r_offset = w_offset = 0;
}
return size;
}
return 0;
}
#ifndef USB_VID
#define USB_VID 0xFEFF
#endif
#ifndef USB_PID
#define USB_PID 0xFCFD
#endif
#define USB_BCD 0x0200
uint32_t timeout = 0;
queue_t usb_to_card_q;
queue_t card_to_usb_q;
void usb_init() {
queue_init(&card_to_usb_q, sizeof(uint32_t), 64);
queue_init(&usb_to_card_q, sizeof(uint32_t), 64);
driver_init();
}
extern int driver_process_usb_nopacket();
static int usb_event_handle() {
uint16_t rx_read = usb_read_available();
if (driver_process_usb_packet(rx_read) > 0) {
uint32_t flag = EV_CMD_AVAILABLE;
queue_add_blocking(&usb_to_card_q, &flag);
timeout_start();
}
else
driver_process_usb_nopacket();
return 0;
}
extern void low_flash_init();
void card_init_core1() {
low_flash_init_core1();
}
size_t finished_data_size = 0;
void card_start(void (*func)(void)) {
multicore_reset_core1();
multicore_launch_core1(func);
led_set_blink(BLINK_MOUNTED);
}
void card_exit() {
uint32_t flag = EV_EXIT;
queue_try_add(&usb_to_card_q, &flag);
led_set_blink(BLINK_SUSPENDED);
}
void usb_task() {
if (driver_mounted()) {
if (usb_event_handle() != 0) {
}
usb_write_flush();
uint32_t m = 0x0;
bool has_m = queue_try_remove(&card_to_usb_q, &m);
//if (m != 0)
// printf("\r\n ------ M = %lu\r\n",m);
if (has_m) {
if (m == EV_EXEC_FINISHED) {
driver_exec_finished(finished_data_size);
led_set_blink(BLINK_MOUNTED);
timeout_stop();
}
else if (m == EV_PRESS_BUTTON) {
uint32_t flag = wait_button() ? EV_BUTTON_TIMEOUT : EV_BUTTON_PRESSED;
queue_try_add(&usb_to_card_q, &flag);
}
/*
if (m == EV_RX_DATA_READY) {
c->ccid_state = ccid_handle_data(c);
timeout = 0;
c->timeout_cnt = 0;
}
else if (m == EV_EXEC_FINISHED) {
if (c->ccid_state == CCID_STATE_EXECUTE) {
exec_done:
if (c->a->sw == CCID_THREAD_TERMINATED) {
c->sw1sw2[0] = 0x90;
c->sw1sw2[1] = 0x00;
c->state = APDU_STATE_RESULT;
ccid_send_data_block(c);
c->ccid_state = CCID_STATE_EXITED;
c->application = 0;
return;
}
c->a->cmd_apdu_data_len = 0;
c->sw1sw2[0] = c->a->sw >> 8;
c->sw1sw2[1] = c->a->sw & 0xff;
if (c->a->res_apdu_data_len <= c->a->expected_res_size) {
c->state = APDU_STATE_RESULT;
ccid_send_data_block(c);
c->ccid_state = CCID_STATE_WAIT;
}
else {
c->state = APDU_STATE_RESULT_GET_RESPONSE;
c->p = c->a->res_apdu_data;
c->len = c->a->res_apdu_data_len;
ccid_send_data_block_gr(c, c->a->expected_res_size);
c->ccid_state = CCID_STATE_WAIT;
}
}
else {
DEBUG_INFO ("ERR05\r\n");
}
led_set_blink(BLINK_MOUNTED);
}
else if (m == EV_TX_FINISHED){
if (c->state == APDU_STATE_RESULT)
ccid_reset(c);
else
c->tx_busy = 0;
if (c->state == APDU_STATE_WAIT_COMMAND || c->state == APDU_STATE_COMMAND_CHAINING || c->state == APDU_STATE_RESULT_GET_RESPONSE)
ccid_prepare_receive(c);
}
*/
}
else {
if (timeout > 0) {
if (timeout + timeout_counter < board_millis()) {
driver_exec_timeout();
timeout = board_millis();
}
}
}
}
}
void timeout_stop() {
timeout = 0;
}
void timeout_start() {
timeout = board_millis();
}
uint8_t *usb_prepare_response() {
return driver_prepare_response();
}

63
src/usb/usb.h Normal file
View File

@@ -0,0 +1,63 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _USB_H_
#define _USB_H_
#include "pico/util/queue.h"
/* USB thread */
#define EV_CARD_CHANGE 1
#define EV_TX_FINISHED 2
#define EV_EXEC_ACK_REQUIRED 4
#define EV_EXEC_FINISHED 8
#define EV_RX_DATA_READY 16
#define EV_PRESS_BUTTON 32
/* Card thread */
#define EV_MODIFY_CMD_AVAILABLE 1
#define EV_VERIFY_CMD_AVAILABLE 2
#define EV_CMD_AVAILABLE 4
#define EV_EXIT 8
#define EV_BUTTON_TIMEOUT 16
#define EV_BUTTON_PRESSED 32
extern void usb_task();
extern queue_t usb_to_card_q;
extern queue_t card_to_usb_q;
extern int driver_process_usb_packet(uint16_t rx_read);
extern void driver_exec_finished(size_t size_next);
extern void driver_exec_finished_cont(size_t size_next, size_t offset);
extern void driver_exec_timeout();
extern bool driver_mounted();
extern uint8_t *driver_prepare_response();
extern void card_start(void (*func)(void));
extern void card_exit();
extern void usb_init();
extern uint8_t *usb_prepare_response();
extern void timeout_stop();
extern void timeout_start();
extern uint8_t *usb_get_rx();
extern uint8_t *usb_get_tx();
extern uint32_t usb_write_offset(uint16_t len, uint16_t offset);
extern void usb_clear_rx();
extern size_t finished_data_size;
extern void usb_set_timeout_counter(uint32_t v);
extern void card_init_core1();
#endif

29
src/usb/usb_descriptors.h
View File

@@ -1,29 +0,0 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef USB_DESCRIPTORS_H_
#define USB_DESCRIPTORS_H_
enum
{
VENDOR_REQUEST_WEBUSB = 1,
VENDOR_REQUEST_MICROSOFT = 2
};
extern uint8_t const desc_ms_os_20[];
#endif /* USB_DESCRIPTORS_H_ */

1
tinycbor Submodule

Submodule tinycbor added at e27261ed5e