webadmin/pico-keys-sdk
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-keys-sdk synced 2026-06-15 15:20:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: webadmin:v1.1
Branches Tags
webadmin:main
webadmin:v8.5 webadmin:v8.4 webadmin:v8.0 webadmin:v7.0 webadmin:v5.0 webadmin:v3.4 webadmin:v3.2 webadmin:v3.0 webadmin:v2.0 webadmin:v1.1 webadmin:v1.0
..
compare: webadmin:v3.0
Branches Tags
webadmin:main
webadmin:v8.5 webadmin:v8.4 webadmin:v8.0 webadmin:v7.0 webadmin:v5.0 webadmin:v3.4 webadmin:v3.2 webadmin:v3.0 webadmin:v2.0 webadmin:v1.1 webadmin:v1.0

62 Commits
v1.1 ... v3.0

Author SHA1 Message Date
Pol Henarejos
1d2a461086 Adding missing file. 2022-08-31 14:18:14 +02:00
Pol Henarejos
8075352fab Upgrading version to v3.0 2022-08-31 13:55:29 +02:00
Pol Henarejos
cd3812ecca Creating a cmake library to be added by other projects. 2022-08-31 13:55:14 +02:00
Pol Henarejos
2f565f23e0 Small debug fix 2022-08-30 17:48:25 +02:00
Pol Henarejos
93ac6c2128 Fix addressing apdu. 2022-08-30 16:57:37 +02:00
Pol Henarejos
13983bdd68 Fix compiling with disabled debug apdu. 2022-08-30 16:57:12 +02:00
Pol Henarejos
b42e2b5493 Fix processing apdu. 2022-08-30 16:57:01 +02:00
Pol Henarejos
b75e5a6619 Not used anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-30 13:22:21 +02:00
Pol Henarejos
40288a85f1 It's a major reorganization. 
In order to add FIDO2 support, we need to reorganize some USB/CCID calls to specific area (named driver).
Thus, pico-hsm-sdk has two drivers:
- CCID driver implements APDU over USB/CCID ISO-7816 standard procedures.
- HID driver implements APDU over HID.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-30 02:00:11 +02:00
Pol Henarejos
2236501d20 Upgrading pico-ccid to version 2.2 2022-08-29 11:31:48 +02:00
Pol Henarejos
61536fa41a Adding extern to random_gen() 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 13:37:34 +02:00
Pol Henarejos
8e5d33c4ba Removing trailing spaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-19 01:44:03 +02:00
Pol Henarejos
33b33fdbba neug_get() does not have any argument. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:54:10 +02:00
Pol Henarejos
7738c1902e Added permanent memory region to store data that remains persistent even after an initialization. To delete it, the device must be fully wiped. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 19:48:13 +02:00
Pol Henarejos
2df878232b File new should return file_t pointer if it exists in the file table. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 11:57:01 +02:00
Pol Henarejos
be86197b0b Added macro to disable APDU debug. 
It will speed up the device notably.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-14 19:12:17 +02:00
Pol Henarejos
d1b52d9521 PUK AUT may return 0x9001. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-12 18:07:13 +02:00
Pol Henarejos
3397f25bf0 Simply generic_hash() 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 16:37:06 +02:00
Pol Henarejos
9ea71fb45b Fix DEBUG_PAYLOAD(). 
It might overlap variables.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-09 17:28:27 +02:00
Pol Henarejos
fe53f9a729 Another fix with RAPDU in C0. 
A STATUS_SLOT may be sent in between of consecutive C0. Thus, RAPDU shall be reset on every answer, even if it is partial.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 02:18:32 +02:00
Pol Henarejos
f44658eb63 Fix preparing next RAPDU in C0 response. 2022-06-06 01:44:41 +02:00
Pol Henarejos
2b8c23f593 Upgrading to version 2.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 00:11:24 +02:00
Pol Henarejos
9cfe762043 low_flash_available() should be called outside. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:11:14 +02:00
Pol Henarejos
07305e6fd7 Fix returning error message. 
If return code is not 0x9000, RAPDU is cleared.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 16:04:31 +02:00
Pol Henarejos
8bdcfa1041 Replacing with asn1 tag len function. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:16:25 +02:00
Pol Henarejos
7249fb129b Using custom mbedtls configuration file. 
We disable lots of unwanted algorithms and suites and we only keep those are used.
 2022-06-01 12:57:24 +02:00
Pol Henarejos
199095c204 Moving some ASN1 procedures to a separate file. 2022-06-01 09:45:27 +02:00
Pol Henarejos
67efd73a96 Not used anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 20:38:43 +02:00
Pol Henarejos
fa4ecf658f Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
8d409023bf Fix Ne value for legacy apdu. 2022-05-31 00:04:46 +02:00
Pol Henarejos
950e276ee8 Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
ef52ae37d3 Reorganizing usb layer. 2022-05-30 12:20:42 +02:00
Pol Henarejos
58e9e67ee5 Fix with data and extended length. 2022-05-30 00:51:36 +02:00
Pol Henarejos
acde4c54d5 Fix timeout. 2022-05-30 00:14:44 +02:00
Pol Henarejos
46603fa390 If the he packet is multiple 64 bytes, we trunk it. 
It is a weird bug that affects PHY of rp2040.
 2022-05-29 03:34:22 +02:00
Pol Henarejos
8bb47e7979 Compilation fixes in debug mode 2022-05-29 03:33:40 +02:00
Pol Henarejos
e0bff38384 Moving again to TinyUSB 2022-05-29 01:52:44 +02:00
Pol Henarejos
152a2fa031 Fix warnings 2022-05-27 20:58:28 +02:00
Pol Henarejos
79878a76c2 More fixes 2022-05-27 09:04:08 +02:00
Pol Henarejos
da871e695e More and more fixes. 2022-05-27 00:36:44 +02:00
Pol Henarejos
d4b0978d50 More fixes 2022-05-26 14:15:16 +02:00
Pol Henarejos
77ce276b59 First attempt to run away from tinyUSB to our code. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-26 00:03:38 +02:00
Pol Henarejos
56453b60d6 Added fmd flag to wrap FCP to include later the FMD. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:30:01 +02:00
Pol Henarejos
bd178c86e4 Added check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:52:31 +02:00
Pol Henarejos
cd6a2dd4b5 Fix for new meta data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:52:01 +02:00
Pol Henarejos
24502966ce Fix finding meta_data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 20:41:04 +02:00
Pol Henarejos
3431293d43 Optimized special case when new meta data length is the same. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 15:54:07 +02:00
Pol Henarejos
21f70601b4 Avoid unnecessary memcpy 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 15:20:59 +02:00
Pol Henarejos
c4e781103f Fix with write offsets. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:43:08 +02:00
Pol Henarejos
6c90ce3361 Add meta functions for manipulating meta data. 
Added meta_add(), meta_delete() and meta_find().
It conveys this meta data throught tag A5 of FCP.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:42:54 +02:00
Pol Henarejos
1a58422cd8 flash_write_data_to_file() now accepts offset argument. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:28:30 +02:00
Pol Henarejos
5a30c7cbdc format_tlv_len() accepts NULL argument. 
In that case, it returns the length of the length in bytes.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 14:27:49 +02:00
Pol Henarejos
5e2fc081f1 Added high level functions for reading file and returning file size. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:18:43 +02:00
Pol Henarejos
d19429cb84 Fix handling dynamic files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 19:56:26 +02:00
Pol Henarejos
7ed4cb912e These fids are propertary. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:43:09 +02:00
Pol Henarejos
efb6c8d8cd Adding Life-cycle status to FCP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:49:30 +02:00
Pol Henarejos
f7d30d7f4d Adding FCP tag template. Some apps could require FMD tag. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:37:57 +02:00
Pol Henarejos
de39035d9f FCI name (tag 84) has 16 bytes max length. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:34:00 +02:00
Pol Henarejos
ae935d19f8 Fix sending FCI name tag. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-15 18:33:14 +02:00
Pol Henarejos
de04dd6121 Should be with this values. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:27:01 +02:00
Pol Henarejos
9c5250f6ca Adding timeout for press button of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:03:17 +02:00
Pol Henarejos
cddc3b2dec Adding name to FCP 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-20 14:13:43 +02:00
38 changed files with 6282 additions and 2175 deletions
Expand all files Collapse all files

66
CMakeLists.txt
View File

@@ -1,17 +1,17 @@
# #
# This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). # This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
# Copyright (c) 2022 Pol Henarejos. # Copyright (c) 2022 Pol Henarejos.
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3. # the Free Software Foundation, version 3.
# #
# This program is distributed in the hope that it will be useful, but # This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of # WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details. # General Public License for more details.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# #
@@ -19,52 +19,22 @@ cmake_minimum_required(VERSION 3.13)
include(pico_sdk_import.cmake) include(pico_sdk_import.cmake)
project(pico_ccid C CXX ASM) project(pico_hsm_sdk C CXX ASM)
set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_STANDARD 17)
pico_sdk_init() pico_sdk_init()
add_executable(pico_ccid) add_executable(pico_hsm_sdk_exe)
if (NOT DEFINED USB_VID) include(pico_hsm_sdk.cmake)
set(USB_VID 0xFEFF)
endif()
add_definitions(-DUSB_VID=${USB_VID})
if (NOT DEFINED USB_PID)
set(USB_PID 0xFCFD)
endif()
add_definitions(-DUSB_PID=${USB_PID})
set_source_files_properties( target_compile_options(pico_hsm_sdk_exe PUBLIC
${CMAKE_CURRENT_LIST_DIR}/OpenSC/src/libopensc/ctx.c -Wall
PROPERTIES COMPILE_DEFINITIONS "PACKAGE_VERSION=\"0.22.0\";OPENSC_CONF_PATH=\".\"" -Werror
) )
target_sources(pico_ccid PUBLIC
${CMAKE_CURRENT_LIST_DIR}/src/ccid/ccid2040.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/file.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/flash.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/low_flash.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/random.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/neug.c
${CMAKE_CURRENT_LIST_DIR}/src/ccid/eac.c
${CMAKE_CURRENT_LIST_DIR}/src/ccid/crypto_utils.c
)
target_include_directories(pico_ccid PUBLIC pico_add_extra_outputs(pico_hsm_sdk_exe)
${CMAKE_CURRENT_LIST_DIR}/src/fs
${CMAKE_CURRENT_LIST_DIR}/src/ccid
${CMAKE_CURRENT_LIST_DIR}/src/rng
${CMAKE_CURRENT_LIST_DIR}/src/usb
${CMAKE_CURRENT_LIST_DIR}/mbedtls/include
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library
)
pico_add_extra_outputs(pico_ccid)
#target_compile_definitions(pico_ccid PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1) target_link_libraries(pico_hsm_sdk_exe PRIVATE pico_hsm_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
target_link_libraries(pico_ccid PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)

3322
config/mbedtls_config.h Normal file
View File

File diff suppressed because it is too large Load Diff

114
pico_hsm_sdk_import.cmake Normal file
View File

@@ -0,0 +1,114 @@
#
# This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
if (NOT DEFINED USB_VID)
set(USB_VID 0xFEFF)
endif()
add_definitions(-DUSB_VID=${USB_VID})
if (NOT DEFINED USB_PID)
set(USB_PID 0xFCFD)
endif()
add_definitions(-DUSB_PID=${USB_PID})
if (NOT DEFINED DEBUG_APDU)
set(DEBUG_APDU 0)
endif()
if (NOT DEFINED HSM_DRIVER)
set(HSM_DRIVER "ccid")
endif()
add_definitions(-DDEBUG_APDU=${DEBUG_APDU})
configure_file(${CMAKE_CURRENT_LIST_DIR}/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include/mbedtls COPYONLY)
message(STATUS "HSM driver: ${HSM_DRIVER}")
message(STATUS "USB VID/PID: ${USB_VID}:${USB_PID}")
configure_file(${CMAKE_CURRENT_LIST_DIR}/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include/mbedtls COPYONLY)
if (NOT TARGET pico_hsm_sdk)
pico_add_impl_library(pico_hsm_sdk)
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/main.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/usb.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/file.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/flash.c
${CMAKE_CURRENT_LIST_DIR}/src/fs/low_flash.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/random.c
${CMAKE_CURRENT_LIST_DIR}/src/rng/hwrng.c
${CMAKE_CURRENT_LIST_DIR}/src/eac.c
${CMAKE_CURRENT_LIST_DIR}/src/crypto_utils.c
${CMAKE_CURRENT_LIST_DIR}/src/asn1.c
${CMAKE_CURRENT_LIST_DIR}/src/apdu.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/aes.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1parse.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1write.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/bignum.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cmac.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cipher.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/cipher_wrap.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/constant_time.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdsa.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdh.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp_curves.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/hkdf.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md5.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/oid.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/platform_util.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ripemd160.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/rsa.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/rsa_alt_helpers.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha1.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha256.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha512.c
)
if (${HSM_DRIVER} STREQUAL "ccid")
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid/ccid.c
)
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/ccid
)
elseif (${HSM_DRIVER} STREQUAL "hid")
target_sources(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid/hid.c
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid/usb_descriptors.c
)
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src/usb/hid
)
endif()
target_include_directories(pico_hsm_sdk INTERFACE
${CMAKE_CURRENT_LIST_DIR}/src
${CMAKE_CURRENT_LIST_DIR}/src/usb
${CMAKE_CURRENT_LIST_DIR}/src/fs
${CMAKE_CURRENT_LIST_DIR}/src/rng
${CMAKE_CURRENT_LIST_DIR}/mbedtls/include
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library
)
target_link_libraries(pico_hsm_sdk INTERFACE pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
endif()

153
src/apdu.c Normal file
View File

@@ -0,0 +1,153 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "apdu.h"
#include "hsm.h"
#include "usb.h"
#include <stdio.h>
uint8_t *rdata_gr = NULL;
uint16_t rdata_bk = 0x0;
extern uint32_t timeout;
int process_apdu() {
led_set_blink(BLINK_PROCESSING);
if (!current_app)
{
if (INS(apdu) == 0xA4 && P1(apdu) == 0x04 && (P2(apdu) == 0x00 || P2(apdu) == 0x4)) { //select by AID
for (int a = 0; a < num_apps; a++) {
if ((current_app = apps[a].select_aid(&apps[a]))) {
return set_res_sw(0x90,0x00);
}
}
}
return set_res_sw(0x6a, 0x82);
}
if (current_app->process_apdu)
return current_app->process_apdu();
return set_res_sw(0x6D, 0x00);
}
size_t apdu_process(const uint8_t *buffer, size_t buffer_size) {
apdu.header = (uint8_t *)buffer;
apdu.nc = apdu.ne = 0;
if (buffer_size == 4) {
apdu.nc = apdu.ne = 0;
if (apdu.ne == 0)
apdu.ne = 256;
}
else if (buffer_size == 5) {
apdu.nc = 0;
apdu.ne = apdu.header[4];
if (apdu.ne == 0)
apdu.ne = 256;
}
else if (apdu.header[4] == 0x0 && buffer_size >= 7) {
if (buffer_size == 7) {
apdu.ne = (apdu.header[5] << 8) | apdu.header[6];
if (apdu.ne == 0)
apdu.ne = 65536;
}
else {
apdu.ne = 0;
apdu.nc = (apdu.header[5] << 8) | apdu.header[6];
apdu.data = apdu.header+7;
if (apdu.nc+7+2 == buffer_size) {
apdu.ne = (apdu.header[buffer_size-2] << 8) | apdu.header[buffer_size-1];
if (apdu.ne == 0)
apdu.ne = 65536;
}
}
}
else {
apdu.nc = apdu.header[4];
apdu.data = apdu.header+5;
apdu.ne = 0;
if (apdu.nc+5+1 == buffer_size) {
apdu.ne = apdu.header[buffer_size-1];
if (apdu.ne == 0)
apdu.ne = 256;
}
}
//printf("apdu.nc %ld, apdu.ne %ld\r\n",apdu.nc,apdu.ne);
if (apdu.header[1] == 0xc0) {
//printf("apdu.ne %ld, apdu.rlen %d, bk %x\r\n",apdu.ne,apdu.rlen,rdata_bk);
timeout_stop();
*(uint16_t *)rdata_gr = rdata_bk;
if (apdu.rlen <= apdu.ne) {
driver_exec_finished_cont(apdu.rlen+2, rdata_gr-usb_get_tx());
}
else {
rdata_gr += apdu.ne;
rdata_bk = *rdata_gr;
rdata_gr[0] = 0x61;
if (apdu.rlen - apdu.ne >= 256)
rdata_gr[1] = 0;
else
rdata_gr[1] = apdu.rlen - apdu.ne;
driver_exec_finished_cont(apdu.ne+2, rdata_gr-apdu.ne-usb_get_tx());
apdu.rlen -= apdu.ne;
}
//Prepare next RAPDU
apdu.sw = 0;
apdu.rlen = 0;
usb_prepare_response();
return 0;
}
else {
apdu.sw = 0;
apdu.rlen = 0;
apdu.rdata = usb_prepare_response();
rdata_gr = apdu.rdata;
return 1;
}
return 0;
}
uint16_t set_res_sw(uint8_t sw1, uint8_t sw2) {
apdu.sw = (sw1 << 8) | sw2;
if (sw1 != 0x90)
res_APDU_size = 0;
return make_uint16_t(sw1, sw2);
}
void apdu_finish() {
apdu.rdata[apdu.rlen] = apdu.sw >> 8;
apdu.rdata[apdu.rlen+1] = apdu.sw & 0xff;
timeout_stop();
if ((apdu.rlen + 2 + 10) % 64 == 0)
{ // FIX for strange behaviour with PSCS and multiple of 64
apdu.ne = apdu.rlen - 2;
}
}
size_t apdu_next() {
if (apdu.rlen <= apdu.ne)
return apdu.rlen + 2;
else {
rdata_gr = apdu.rdata+apdu.ne;
rdata_bk = *(uint16_t *)rdata_gr;
rdata_gr[0] = 0x61;
if (apdu.rlen - apdu.ne >= 256)
rdata_gr[1] = 0;
else
rdata_gr[1] = apdu.rlen - apdu.ne;
apdu.rlen -= apdu.ne;
}
return apdu.ne + 2;
}

84
src/apdu.h Normal file
View File

@@ -0,0 +1,84 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _APDU_H_
#define _APDU_H_
#include <stdlib.h>
#include "pico/stdlib.h"
typedef struct app {
const uint8_t *aid;
int (*process_apdu)();
struct app* (*select_aid)();
int (*unload)();
} app_t;
extern int register_app(app_t * (*)());
#if defined(DEBUG_APDU) && DEBUG_APDU == 1
#define DEBUG_PAYLOAD(_p,_s) { \
printf("Payload %s (%d bytes):\r\n", #_p,_s);\
for (int _i = 0; _i < _s; _i += 16) {\
printf("%07Xh : ",(unsigned int)(_i+_p));\
for (int _j = 0; _j < 16; _j++) {\
if (_j < _s-_i) printf("%02X ",(_p)[_i+_j]);\
else printf(" ");\
if (_j == 7) printf(" ");\
} printf(": "); \
for (int _j = 0; _j < MIN(16,_s-_i); _j++) {\
printf("%c",(_p)[_i+_j] == 0x0a || (_p)[_i+_j] == 0x0d ? '\\' : (_p)[_i+_j]);\
if (_j == 7) printf(" ");\
}\
printf("\r\n");\
} printf("\r\n"); \
}
#else
#define DEBUG_PAYLOAD(_p,_s)
#endif
extern uint8_t num_apps;
extern app_t apps[4];
extern app_t *current_app;
struct apdu {
uint8_t *header;
uint32_t nc;
uint32_t ne;
uint8_t *data;
uint16_t sw;
uint8_t *rdata;
uint16_t rlen;
} __packed;
#define CLA(a) a.header[0]
#define INS(a) a.header[1]
#define P1(a) a.header[2]
#define P2(a) a.header[3]
#define res_APDU apdu.rdata
#define res_APDU_size apdu.rlen
extern struct apdu apdu;
extern uint16_t set_res_sw (uint8_t sw1, uint8_t sw2);
extern int process_apdu();
extern size_t apdu_process(const uint8_t *buffer, size_t buffer_size);
extern void apdu_finish();
extern size_t apdu_next();
#endif

91
src/asn1.c Normal file
View File

@@ -0,0 +1,91 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "asn1.h"
size_t asn1_len_tag(uint16_t tag, size_t len) {
size_t ret = 1+format_tlv_len(len, NULL)+len;
if (tag > 0x00ff)
return ret+1;
return ret;
}
int format_tlv_len(size_t len, uint8_t *out) {
if (len < 128) {
if (out)
*out = len;
return 1;
}
else if (len < 256) {
if (out) {
*out++ = 0x81;
*out++ = len;
}
return 2;
}
else {
if (out) {
*out++ = 0x82;
*out++ = (len >> 8) & 0xff;
*out++ = len & 0xff;
}
return 3;
}
return 0;
}
int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data) {
if (!p)
return 0;
if (!*p)
*p = (uint8_t *)cdata;
if (*p-cdata >= cdata_len)
return 0;
uint16_t tg = 0x0;
size_t tgl = 0;
tg = *(*p)++;
if ((tg & 0x1f) == 0x1f) {
tg <<= 8;
tg |= *(*p)++;
}
tgl = *(*p)++;
if (tgl == 0x82) {
tgl = *(*p)++ << 8;
tgl |= *(*p)++;
}
else if (tgl == 0x81) {
tgl = *(*p)++;
}
if (tag)
*tag = tg;
if (tag_len)
*tag_len = tgl;
if (data)
*data = *p;
*p = *p+tgl;
return 1;
}
bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data) {
uint16_t tag = 0x0;
uint8_t *p = NULL;
while (walk_tlv(data, data_len, &p, &tag, tag_len, tag_data)) {
if (itag == tag)
return true;
}
return false;
}

29
src/asn1.h Normal file
View File

@@ -0,0 +1,29 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ASN1_H_
#define _ASN1_H_
#include <stdlib.h>
#include "pico/stdlib.h"
extern int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data);
extern int format_tlv_len(size_t len, uint8_t *out);
extern bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data);
extern size_t asn1_len_tag(uint16_t tag, size_t len);
#endif

1596
src/ccid/ccid2040.c
View File

File diff suppressed because it is too large Load Diff

37
src/ccid/crypto_utils.c → src/crypto_utils.c
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -20,7 +20,7 @@
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "crypto_utils.h" #include "crypto_utils.h"
#include "ccid2040.h" #include "hsm.h"
void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) { void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) {
uint8_t o1[32]; uint8_t o1[32];
@@ -35,12 +35,12 @@ void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]) {
mbedtls_sha256_init(&ctx); mbedtls_sha256_init(&ctx);
int iters = 256; int iters = 256;
pico_unique_board_id_t unique_id; pico_unique_board_id_t unique_id;
pico_get_unique_board_id(&unique_id); pico_get_unique_board_id(&unique_id);
mbedtls_sha256_starts (&ctx, 0); mbedtls_sha256_starts (&ctx, 0);
mbedtls_sha256_update (&ctx, unique_id.id, sizeof(unique_id.id)); mbedtls_sha256_update (&ctx, unique_id.id, sizeof(unique_id.id));
while (iters > len) while (iters > len)
{ {
mbedtls_sha256_update (&ctx, input, len); mbedtls_sha256_update (&ctx, input, len);
@@ -55,7 +55,7 @@ void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]) {
void hash256(const uint8_t *input, size_t len, uint8_t output[32]) { void hash256(const uint8_t *input, size_t len, uint8_t output[32]) {
mbedtls_sha256_context ctx; mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx); mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts (&ctx, 0); mbedtls_sha256_starts (&ctx, 0);
mbedtls_sha256_update (&ctx, input, len); mbedtls_sha256_update (&ctx, input, len);
@@ -64,14 +64,7 @@ void hash256(const uint8_t *input, size_t len, uint8_t output[32]) {
} }
void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output) { void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output) {
mbedtls_md_context_t ctx; mbedtls_md(mbedtls_md_info_from_type(md), input, len, output);
mbedtls_md_init(&ctx);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
mbedtls_md_setup(&ctx, md_info, 0);
mbedtls_md_starts(&ctx);
mbedtls_md_update(&ctx, input, len);
mbedtls_md_finish(&ctx, output);
mbedtls_md_free(&ctx);
} }
int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) { int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) {

18
src/ccid/crypto_utils.h → src/crypto_utils.h
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */

58
src/ccid/eac.c → src/eac.c
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -19,9 +19,10 @@
#include "crypto_utils.h" #include "crypto_utils.h"
#include "random.h" #include "random.h"
#include "mbedtls/cmac.h" #include "mbedtls/cmac.h"
#include "asn1.h"
#include "apdu.h"
static uint8_t nonce[8]; static uint8_t nonce[8];
static uint8_t auth_token[8];
static uint8_t sm_kmac[16]; static uint8_t sm_kmac[16];
static uint8_t sm_kenc[16]; static uint8_t sm_kenc[16];
static MSE_protocol sm_protocol = MSE_NONE; static MSE_protocol sm_protocol = MSE_NONE;
@@ -88,13 +89,14 @@ int sm_unwrap() {
return r; return r;
int le = sm_get_le(); int le = sm_get_le();
if (le >= 0) if (le >= 0)
apdu.expected_res_size = le; apdu.ne = le;
uint8_t *body = NULL; uint8_t *body = NULL;
size_t body_size = 0; size_t body_size = 0;
bool is87 = false; bool is87 = false;
uint8_t tag = 0x0, *tag_data = NULL, *p = NULL; uint16_t tag = 0x0;
size_t tag_len = 0; uint8_t *tag_data = NULL, *p = NULL;
while (walk_tlv(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, &p, &tag, &tag_len, &tag_data)) { size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x87 || tag == 0x85) { if (tag == 0x87 || tag == 0x85) {
body = tag_data; body = tag_data;
body_size = tag_len; body_size = tag_len;
@@ -111,9 +113,9 @@ int sm_unwrap() {
} }
sm_update_iv(); sm_update_iv();
aes_decrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, body, body_size); aes_decrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, body, body_size);
memmove(apdu.cmd_apdu_data, body, body_size); memmove(apdu.data, body, body_size);
apdu.cmd_apdu_data_len = sm_remove_padding(apdu.cmd_apdu_data, body_size); apdu.nc = sm_remove_padding(apdu.data, body_size);
DEBUG_PAYLOAD(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); DEBUG_PAYLOAD(apdu.data, (int)apdu.nc);
return CCID_OK; return CCID_OK;
} }
@@ -129,6 +131,8 @@ int sm_wrap() {
mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1); mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1);
mbedtls_mpi_copy(&sm_mSSC, &ssc); mbedtls_mpi_copy(&sm_mSSC, &ssc);
int r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize); int r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize);
if (r != 0)
return CCID_EXEC_ERROR;
input_len += sm_blocksize; input_len += sm_blocksize;
mbedtls_mpi_free(&ssc); mbedtls_mpi_free(&ssc);
if (res_APDU_size > 0) { if (res_APDU_size > 0) {
@@ -173,15 +177,16 @@ int sm_wrap() {
res_APDU[res_APDU_size++] = 0x8E; res_APDU[res_APDU_size++] = 0x8E;
res_APDU[res_APDU_size++] = 8; res_APDU[res_APDU_size++] = 8;
res_APDU_size += 8; res_APDU_size += 8;
if (apdu.expected_res_size > 0) if (apdu.ne > 0)
apdu.expected_res_size = res_APDU_size; apdu.ne = res_APDU_size;
return CCID_OK; return CCID_OK;
} }
int sm_get_le() { int sm_get_le() {
uint8_t tag = 0x0, *tag_data = NULL, *p = NULL; uint16_t tag = 0x0;
size_t tag_len = 0; uint8_t *tag_data = NULL, *p = NULL;
while (walk_tlv(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, &p, &tag, &tag_len, &tag_data)) { size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x97) { if (tag == 0x97) {
uint32_t le = 0; uint32_t le = 0;
for (int t = 1; t <= tag_len; t++) for (int t = 1; t <= tag_len; t++)
@@ -205,7 +210,7 @@ int sm_verify() {
memset(input, 0, sizeof(input)); memset(input, 0, sizeof(input));
int input_len = 0, r = 0; int input_len = 0, r = 0;
bool add_header = (CLA(apdu) & 0xC) == 0xC; bool add_header = (CLA(apdu) & 0xC) == 0xC;
int data_len = (int)(apdu.cmd_apdu_data_len/sm_blocksize)*sm_blocksize; int data_len = (int)(apdu.nc/sm_blocksize)*sm_blocksize;
if (data_len % sm_blocksize) if (data_len % sm_blocksize)
data_len += sm_blocksize; data_len += sm_blocksize;
if (data_len+(add_header ? sm_blocksize : 0) > 1024) if (data_len+(add_header ? sm_blocksize : 0) > 1024)
@@ -230,9 +235,10 @@ int sm_verify() {
bool some_added = false; bool some_added = false;
const uint8_t *mac = NULL; const uint8_t *mac = NULL;
size_t mac_len = 0; size_t mac_len = 0;
uint8_t tag = 0x0, *tag_data = NULL, *p = NULL; uint16_t tag = 0x0;
size_t tag_len = 0; uint8_t *tag_data = NULL, *p = NULL;
while (walk_tlv(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, &p, &tag, &tag_len, &tag_data)) { size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag & 0x1) { if (tag & 0x1) {
input[input_len++] = tag; input[input_len++] = tag;
int tlen = format_tlv_len(tag_len, input+input_len); int tlen = format_tlv_len(tag_len, input+input_len);

20
src/ccid/eac.h → src/eac.h
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -20,7 +20,7 @@
#include <stdlib.h> #include <stdlib.h>
#include "pico/stdlib.h" #include "pico/stdlib.h"
#include "ccid2040.h" #include "hsm.h"
typedef enum MSE_protocol { typedef enum MSE_protocol {
MSE_AES = 0, MSE_AES = 0,

267
src/fs/file.c
View File

@@ -1,28 +1,33 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "file.h" #include "file.h"
#include "tusb.h" #include "hsm.h"
#include "ccid2040.h"
#include <string.h> #include <string.h>
#include <stdio.h>
#include "asn1.h"
#include "apdu.h"
extern const uintptr_t end_data_pool; extern const uintptr_t end_data_pool;
extern const uintptr_t start_data_pool; extern const uintptr_t start_data_pool;
extern const uintptr_t end_rom_pool;
extern const uintptr_t start_rom_pool;
extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len); extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len);
extern int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset);
extern int flash_program_halfword (uintptr_t addr, uint16_t data); extern int flash_program_halfword (uintptr_t addr, uint16_t data);
extern int flash_program_word (uintptr_t addr, uint32_t data); extern int flash_program_word (uintptr_t addr, uint32_t data);
extern int flash_program_uintptr (uintptr_t addr, uintptr_t data); extern int flash_program_uintptr (uintptr_t addr, uintptr_t data);
@@ -34,13 +39,16 @@ extern uint8_t *flash_read(uintptr_t addr);
extern void low_flash_available(); extern void low_flash_available();
//puts FCI in the RAPDU //puts FCI in the RAPDU
void process_fci(const file_t *pe) { void process_fci(const file_t *pe, int fmd) {
uint8_t *p = res_APDU;
uint8_t buf[64];
res_APDU_size = 0; res_APDU_size = 0;
res_APDU[res_APDU_size++] = 0x6f; if (fmd) {
res_APDU[res_APDU_size++] = 0x6f;
res_APDU[res_APDU_size++] = 0x00; //computed later
}
res_APDU[res_APDU_size++] = 0x62;
res_APDU[res_APDU_size++] = 0x00; //computed later res_APDU[res_APDU_size++] = 0x00; //computed later
res_APDU[res_APDU_size++] = 0x81; res_APDU[res_APDU_size++] = 0x81;
res_APDU[res_APDU_size++] = 2; res_APDU[res_APDU_size++] = 2;
if (pe->data) { if (pe->data) {
@@ -58,7 +66,7 @@ void process_fci(const file_t *pe) {
memset(res_APDU+res_APDU_size, 0, 2); memset(res_APDU+res_APDU_size, 0, 2);
res_APDU_size += 2; res_APDU_size += 2;
} }
res_APDU[res_APDU_size++] = 0x82; res_APDU[res_APDU_size++] = 0x82;
res_APDU[res_APDU_size++] = 1; res_APDU[res_APDU_size++] = 1;
res_APDU[res_APDU_size] = 0; res_APDU[res_APDU_size] = 0;
@@ -68,15 +76,34 @@ void process_fci(const file_t *pe) {
res_APDU[res_APDU_size++] |= pe->ef_structure & 0x7; res_APDU[res_APDU_size++] |= pe->ef_structure & 0x7;
else if (pe->type == FILE_TYPE_DF) else if (pe->type == FILE_TYPE_DF)
res_APDU[res_APDU_size++] |= 0x38; res_APDU[res_APDU_size++] |= 0x38;
res_APDU[res_APDU_size++] = 0x83; res_APDU[res_APDU_size++] = 0x83;
res_APDU[res_APDU_size++] = 2; res_APDU[res_APDU_size++] = 2;
put_uint16_t(pe->fid, res_APDU+res_APDU_size); put_uint16_t(pe->fid, res_APDU+res_APDU_size);
res_APDU_size += 2; res_APDU_size += 2;
if (pe->name) {
res_APDU[res_APDU_size++] = 0x84;
res_APDU[res_APDU_size++] = MIN(pe->name[0],16);
memcpy(res_APDU+res_APDU_size, pe->name+2, MIN(pe->name[0],16));
res_APDU_size += MIN(pe->name[0],16);
}
memcpy(res_APDU+res_APDU_size, "\x8A\x01\x05", 3); //life-cycle (5 -> activated)
res_APDU_size += 3;
uint8_t *meta_data = NULL;
uint8_t meta_size = meta_find(pe->fid, &meta_data);
if (meta_size > 0 && meta_data != NULL) {
res_APDU[res_APDU_size++] = 0xA5;
res_APDU[res_APDU_size++] = 0x81;
res_APDU[res_APDU_size++] = meta_size;
memcpy(res_APDU+res_APDU_size,meta_data,meta_size);
res_APDU_size += meta_size;
}
res_APDU[1] = res_APDU_size-2; res_APDU[1] = res_APDU_size-2;
if (fmd)
res_APDU[3] = res_APDU_size-4;
} }
#define MAX_DYNAMIC_FILES 64 #define MAX_DYNAMIC_FILES 128
uint16_t dynamic_files = 0; uint16_t dynamic_files = 0;
file_t dynamic_file[MAX_DYNAMIC_FILES]; file_t dynamic_file[MAX_DYNAMIC_FILES];
@@ -96,7 +123,7 @@ file_t *get_parent(file_t *f) {
file_t *search_by_name(uint8_t *name, uint16_t namelen) { file_t *search_by_name(uint8_t *name, uint16_t namelen) {
for (file_t *p = file_entries; p != file_last; p++) { for (file_t *p = file_entries; p != file_last; p++) {
if (p->name && *p->name == apdu.cmd_apdu_data_len && memcmp(p->name+1, name, namelen) == 0) { if (p->name && *p->name == apdu.nc && memcmp(p->name+1, name, namelen) == 0) {
return p; return p;
} }
} }
@@ -104,7 +131,7 @@ file_t *search_by_name(uint8_t *name, uint16_t namelen) {
} }
file_t *search_by_fid(const uint16_t fid, const file_t *parent, const uint8_t sp) { file_t *search_by_fid(const uint16_t fid, const file_t *parent, const uint8_t sp) {
for (file_t *p = file_entries; p != file_last; p++) { for (file_t *p = file_entries; p != file_last; p++) {
if (p->fid != 0x0000 && p->fid == fid) { if (p->fid != 0x0000 && p->fid == fid) {
if (!parent || (parent && is_parent(p, parent))) { if (!parent || (parent && is_parent(p, parent))) {
@@ -160,11 +187,11 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
return true; return true;
else if (acl == 0xff) else if (acl == 0xff)
return false; return false;
else if (acl == 0x90 || acl & 0x9F == 0x10) { else if (acl == 0x90 || (acl & 0x9F) == 0x10) {
// PIN required. // PIN required.
if(isUserAuthenticated) { if (isUserAuthenticated) {
return true; return true;
} }
else { else {
return false; return false;
} }
@@ -172,15 +199,6 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
return false; return false;
} }
void initialize_chain(file_chain_t **chain) {
file_chain_t *next;
for (file_chain_t *f = *chain; f; f = next) {
next = f->next;
free(f);
}
*chain = NULL;
}
void initialize_flash(bool hard) { void initialize_flash(bool hard) {
if (hard) { if (hard) {
const uint8_t empty[8] = { 0 }; const uint8_t empty[8] = { 0 };
@@ -194,27 +212,23 @@ void initialize_flash(bool hard) {
dynamic_files = 0; dynamic_files = 0;
} }
void scan_flash() { void scan_region(bool persistent) {
initialize_flash(false); //soft initialization uintptr_t endp = end_data_pool, startp = start_data_pool;
if (*(uintptr_t *)end_data_pool == 0xffffffff && *(uintptr_t *)(end_data_pool+sizeof(uintptr_t)) == 0xffffffff) if (persistent) {
{ endp = end_rom_pool;
printf("First initialization (or corrupted!)\r\n"); startp = start_rom_pool;
const uint8_t empty[8] = { 0 };
flash_program_block(end_data_pool, empty, sizeof(empty));
//low_flash_available();
//wait_flash_finish();
} }
printf("SCAN\r\n"); for (uintptr_t base = flash_read_uintptr(endp); base >= startp; base = flash_read_uintptr(base)) {
uintptr_t base = flash_read_uintptr(end_data_pool);
for (uintptr_t base = flash_read_uintptr(end_data_pool); base >= start_data_pool; base = flash_read_uintptr(base)) {
if (base == 0x0) //all is empty if (base == 0x0) //all is empty
break; break;
uint16_t fid = flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t)); uint16_t fid = flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t));
printf("[%x] scan fid %x, len %d\r\n",base,fid,flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))); printf("[%x] scan fid %x, len %d\r\n",base,fid,flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t)));
file_t *file = (file_t *)search_by_fid(fid, NULL, SPECIFY_EF); file_t *file = (file_t *)search_by_fid(fid, NULL, SPECIFY_EF);
if (file) if (!file) {
file = file_new(fid);
}
if (file)
file->data = (uint8_t *)(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t)); file->data = (uint8_t *)(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t));
if (flash_read_uintptr(base) == 0x0) { if (flash_read_uintptr(base) == 0x0) {
break; break;
@@ -222,6 +236,23 @@ void scan_flash() {
} }
} }
void scan_flash() {
initialize_flash(false); //soft initialization
if (*(uintptr_t *)end_data_pool == 0xffffffff && *(uintptr_t *)(end_data_pool+sizeof(uintptr_t)) == 0xffffffff)
{
printf("First initialization (or corrupted!)\r\n");
uint8_t empty[sizeof(uintptr_t)*2+sizeof(uint32_t)];
memset(empty, 0, sizeof(empty));
flash_program_block(end_data_pool, empty, sizeof(empty));
flash_program_block(end_rom_pool, empty, sizeof(empty));
//low_flash_available();
//wait_flash_finish();
}
printf("SCAN\r\n");
scan_region(true);
scan_region(false);
}
uint8_t *file_read(const uint8_t *addr) { uint8_t *file_read(const uint8_t *addr) {
return flash_read((uintptr_t)addr); return flash_read((uintptr_t)addr);
} }
@@ -232,6 +263,18 @@ uint8_t file_read_uint8(const uint8_t *addr) {
return flash_read_uint8((uintptr_t)addr); return flash_read_uint8((uintptr_t)addr);
} }
uint8_t *file_get_data(const file_t *tf) {
if (!tf || !tf->data)
return NULL;
return file_read(tf->data+sizeof(uint16_t));
}
uint16_t file_get_size(const file_t *tf) {
if (!tf || !tf->data)
return 0;
return file_read_uint16(tf->data);
}
file_t *search_dynamic_file(uint16_t fid) { file_t *search_dynamic_file(uint16_t fid) {
for (int i = 0; i < dynamic_files; i++) { for (int i = 0; i < dynamic_files; i++) {
if (dynamic_file[i].fid == fid) if (dynamic_file[i].fid == fid)
@@ -254,7 +297,7 @@ int delete_dynamic_file(file_t *f) {
file_t *file_new(uint16_t fid) { file_t *file_new(uint16_t fid) {
file_t *f; file_t *f;
if ((f = search_dynamic_file(fid))) if ((f = search_dynamic_file(fid)) || (f = search_by_fid(fid, NULL, SPECIFY_EF)))
return f; return f;
if (dynamic_files == MAX_DYNAMIC_FILES) if (dynamic_files == MAX_DYNAMIC_FILES)
return NULL; return NULL;
@@ -273,22 +316,114 @@ file_t *file_new(uint16_t fid) {
//memset((uint8_t *)f->acl, 0x90, sizeof(f->acl)); //memset((uint8_t *)f->acl, 0x90, sizeof(f->acl));
return f; return f;
} }
int meta_find(uint16_t fid, uint8_t **out) {
file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain) { file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (search_file_chain(file->fid, *chain)) if (!ef)
return NULL; return CCID_ERR_FILE_NOT_FOUND;
file_chain_t *fc = (file_chain_t *)malloc(sizeof(file_chain_t)); uint16_t tag = 0x0;
fc->file = file; uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
fc->next = *chain; size_t tag_len = 0, data_len = file_get_size(ef);
*chain = fc; while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
return fc; if (tag_len < 2)
} continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
file_t *search_file_chain(uint16_t fid, file_chain_t *chain) { if (cfid == fid) {
for (file_chain_t *fc = chain; fc; fc = fc->next) { if (out)
if (fid == fc->file->fid) { *out = tag_data+2;
return fc->file; return tag_len-2;
} }
} }
return NULL; return 0;
} }
int meta_delete(uint16_t fid) {
file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (!ef)
return CCID_ERR_FILE_NOT_FOUND;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
size_t tag_len = 0, data_len = file_get_size(ef);
uint8_t *fdata = NULL;
while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
uint8_t *tpos = p-tag_len-format_tlv_len(tag_len, NULL)-1;
if (tag_len < 2)
continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
if (cfid == fid) {
size_t new_len = data_len-1-tag_len-format_tlv_len(tag_len, NULL);
fdata = (uint8_t *)calloc(1, new_len);
if (tpos > data) {
memcpy(fdata, data, tpos-data);
}
if (data+data_len > p) {
memcpy(fdata+(tpos-data), p, data+data_len-p);
}
int r = flash_write_data_to_file(ef, fdata, new_len);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
low_flash_available();
break;
}
}
return CCID_OK;
}
int meta_add(uint16_t fid, const uint8_t *data, uint16_t len) {
int r;
file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
if (!ef)
return CCID_ERR_FILE_NOT_FOUND;
uint16_t ef_size = file_get_size(ef);
uint8_t *fdata = (uint8_t *)calloc(1, ef_size);
memcpy(fdata, file_get_data(ef), ef_size);
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(fdata, ef_size, &p, &tag, &tag_len, &tag_data)) {
if (tag_len < 2)
continue;
uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
if (cfid == fid) {
if (tag_len-2 == len) { //an update
memcpy(p-tag_len+2, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}
else { //needs reallocation
uint8_t *tpos = p-asn1_len_tag(tag, tag_len);
memmove(tpos, p, fdata+ef_size-p);
tpos += fdata+ef_size-p;
uintptr_t meta_offset = tpos-fdata;
ef_size += len - (tag_len-2);
if (len > tag_len-2)
fdata = (uint8_t *)realloc(fdata, ef_size);
uint8_t *f = fdata+meta_offset;
*f++ = fid & 0xff;
f += format_tlv_len(len+2, f);
*f++ = fid >> 8;
*f++ = fid & 0xff;
memcpy(f, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size);
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}
}
}
fdata = (uint8_t *)realloc(fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
uint8_t *f = fdata+ef_size;
*f++ = fid & 0x1f;
f += format_tlv_len(len+2, f);
*f++ = fid >> 8;
*f++ = fid & 0xff;
memcpy(f, data, len);
r = flash_write_data_to_file(ef, fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
free(fdata);
if (r != CCID_OK)
return CCID_EXEC_ERROR;
return CCID_OK;
}

37
src/fs/file.h
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -53,14 +53,13 @@
#define SPECIFY_DF 0x2 #define SPECIFY_DF 0x2
#define SPECIFY_ANY 0x3 #define SPECIFY_ANY 0x3
#define EF_DKEK 0x108F
#define EF_PRKDFS 0x6040 #define EF_PRKDFS 0x6040
#define EF_PUKDFS 0x6041 #define EF_PUKDFS 0x6041
#define EF_CDFS 0x6042 #define EF_CDFS 0x6042
#define EF_AODFS 0x6043 #define EF_AODFS 0x6043
#define EF_DODFS 0x6044 #define EF_DODFS 0x6044
#define EF_SKDFS 0x6045 #define EF_SKDFS 0x6045
#define EF_DEVOPS 0x100E #define EF_META 0xE010
#define MAX_DEPTH 4 #define MAX_DEPTH 4
@@ -75,12 +74,6 @@ typedef struct file
const uint8_t acl[7]; const uint8_t acl[7];
} __attribute__((packed)) file_t; } __attribute__((packed)) file_t;
typedef struct file_chain
{
file_t *file;
struct file_chain *next;
} file_chain_t;
extern file_t *currentEF; extern file_t *currentEF;
extern file_t *currentDF; extern file_t *currentDF;
extern const file_t *selected_applet; extern const file_t *selected_applet;
@@ -99,7 +92,7 @@ extern file_t *search_by_fid(const uint16_t fid, const file_t *parent, const uin
extern file_t *search_by_name(uint8_t *name, uint16_t namelen); extern file_t *search_by_name(uint8_t *name, uint16_t namelen);
extern file_t *search_by_path(const uint8_t *pe_path, uint8_t pathlen, const file_t *parent); extern file_t *search_by_path(const uint8_t *pe_path, uint8_t pathlen, const file_t *parent);
extern bool authenticate_action(const file_t *ef, uint8_t op); extern bool authenticate_action(const file_t *ef, uint8_t op);
extern void process_fci(const file_t *pe); extern void process_fci(const file_t *pe, int fmd);
extern void scan_flash(); extern void scan_flash();
extern void initialize_flash(bool); extern void initialize_flash(bool);
@@ -108,6 +101,8 @@ extern file_t file_entries[];
extern uint8_t *file_read(const uint8_t *addr); extern uint8_t *file_read(const uint8_t *addr);
extern uint16_t file_read_uint16(const uint8_t *addr); extern uint16_t file_read_uint16(const uint8_t *addr);
extern uint8_t file_read_uint8(const uint8_t *addr); extern uint8_t file_read_uint8(const uint8_t *addr);
extern uint8_t *file_get_data(const file_t *tf);
extern uint16_t file_get_size(const file_t *tf);
extern file_t *file_new(uint16_t); extern file_t *file_new(uint16_t);
file_t *get_parent(file_t *f); file_t *get_parent(file_t *f);
@@ -116,9 +111,11 @@ extern file_t dynamic_file[];
extern file_t *search_dynamic_file(uint16_t); extern file_t *search_dynamic_file(uint16_t);
extern int delete_dynamic_file(file_t *f); extern int delete_dynamic_file(file_t *f);
extern file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain);
extern file_t *search_file_chain(uint16_t fid, file_chain_t *chain);
extern bool isUserAuthenticated; extern bool isUserAuthenticated;
extern int meta_find(uint16_t, uint8_t **out);
extern int meta_delete(uint16_t fid);
extern int meta_add(uint16_t fid, const uint8_t *data, uint16_t len);
#endif #endif

70
src/fs/flash.c
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -21,8 +21,7 @@
#include "pico/stdlib.h" #include "pico/stdlib.h"
#include "hardware/flash.h" #include "hardware/flash.h"
#include "ccid2040.h" #include "hsm.h"
#include "tusb.h"
#include "file.h" #include "file.h"
/* /*
@@ -39,8 +38,9 @@
//To avoid possible future allocations, data region starts at the end of flash and goes upwards to the center region //To avoid possible future allocations, data region starts at the end of flash and goes upwards to the center region
const uintptr_t start_data_pool = (XIP_BASE + FLASH_TARGET_OFFSET); const uintptr_t start_data_pool = (XIP_BASE + FLASH_TARGET_OFFSET);
const uintptr_t end_data_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION; //This is a fixed value. DO NOT CHANGE const uintptr_t end_data_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION-FLASH_DATA_HEADER_SIZE-4; //This is a fixed value. DO NOT CHANGE
#define FLASH_ADDR_DATA_STORAGE_START start_data_pool const uintptr_t end_rom_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-4; //This is a fixed value. DO NOT CHANGE
const uintptr_t start_rom_pool = (XIP_BASE + PICO_FLASH_SIZE_BYTES)-FLASH_DATA_HEADER_SIZE-FLASH_PERMANENT_REGION; //This is a fixed value. DO NOT CHANGE
extern int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len); extern int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len);
extern int flash_program_halfword (uintptr_t addr, uint16_t data); extern int flash_program_halfword (uintptr_t addr, uint16_t data);
@@ -50,12 +50,16 @@ extern uint16_t flash_read_uint16(uintptr_t addr);
extern void low_flash_available(); extern void low_flash_available();
uintptr_t allocate_free_addr(uint16_t size) { uintptr_t allocate_free_addr(uint16_t size, bool persistent) {
if (size > FLASH_SECTOR_SIZE) if (size > FLASH_SECTOR_SIZE)
return 0x0; //ERROR return 0x0; //ERROR
size_t real_size = size+sizeof(uint16_t)+sizeof(uintptr_t)+sizeof(uint16_t)+sizeof(uintptr_t); //len+len size+next address+fid+prev_addr size size_t real_size = size+sizeof(uint16_t)+sizeof(uintptr_t)+sizeof(uint16_t)+sizeof(uintptr_t); //len+len size+next address+fid+prev_addr size
uintptr_t next_base = 0x0; uintptr_t next_base = 0x0, endp = end_data_pool, startp = start_data_pool;
for (uintptr_t base = end_data_pool; base >= start_data_pool; base = next_base) { if (persistent) {
endp = end_rom_pool;
startp = start_rom_pool;
}
for (uintptr_t base = endp; base >= startp; base = next_base) {
uintptr_t addr_alg = base & -FLASH_SECTOR_SIZE; //start address of sector uintptr_t addr_alg = base & -FLASH_SECTOR_SIZE; //start address of sector
uintptr_t potential_addr = base-real_size; uintptr_t potential_addr = base-real_size;
next_base = flash_read_uintptr(base); next_base = flash_read_uintptr(base);
@@ -70,7 +74,7 @@ uintptr_t allocate_free_addr(uint16_t size) {
flash_program_uintptr(base, potential_addr); flash_program_uintptr(base, potential_addr);
return potential_addr; return potential_addr;
} }
else if (addr_alg-FLASH_SECTOR_SIZE >= start_data_pool) { //check whether it fits in the next sector, so we take addr_aligned as the base else if (addr_alg-FLASH_SECTOR_SIZE >= startp) { //check whether it fits in the next sector, so we take addr_aligned as the base
potential_addr = addr_alg-real_size; potential_addr = addr_alg-real_size;
flash_program_uintptr(potential_addr, 0x0); flash_program_uintptr(potential_addr, 0x0);
flash_program_uintptr(potential_addr+sizeof(uintptr_t), base); flash_program_uintptr(potential_addr+sizeof(uintptr_t), base);
@@ -80,7 +84,7 @@ uintptr_t allocate_free_addr(uint16_t size) {
return 0x0; return 0x0;
} }
//we check if |base-(next_addr+size_next_addr)| > |base-potential_addr| only if fid != 1xxx (not size blocked) //we check if |base-(next_addr+size_next_addr)| > |base-potential_addr| only if fid != 1xxx (not size blocked)
else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000 != 0x1000) { else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && (flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000) != 0x1000) {
flash_program_uintptr(potential_addr, next_base); flash_program_uintptr(potential_addr, next_base);
flash_program_uintptr(potential_addr+sizeof(uintptr_t), base); flash_program_uintptr(potential_addr+sizeof(uintptr_t), base);
flash_program_uintptr(base, potential_addr); flash_program_uintptr(base, potential_addr);
@@ -103,31 +107,45 @@ int flash_clear_file(file_t *file) {
return CCID_OK; return CCID_OK;
} }
int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) { int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset) {
if (!file) if (!file)
return CCID_ERR_NULL_PARAM; return CCID_ERR_NULL_PARAM;
if (len > FLASH_SECTOR_SIZE) uint16_t size_file_flash = file->data ? flash_read_uint16((uintptr_t)file->data) : 0;
uint8_t *old_data = NULL;
if (offset+len > FLASH_SECTOR_SIZE || offset > size_file_flash)
return CCID_ERR_NO_MEMORY; return CCID_ERR_NO_MEMORY;
if (file->data) { //already in flash if (file->data) { //already in flash
uint16_t size_file_flash = flash_read_uint16((uintptr_t)file->data); if (offset+len <= size_file_flash) { //it fits, no need to move it
if (len <= size_file_flash) { //it fits, no need to move it flash_program_halfword((uintptr_t)file->data, offset+len);
flash_program_halfword((uintptr_t)file->data, len);
if (data) if (data)
flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len); flash_program_block((uintptr_t)file->data+sizeof(uint16_t)+offset, data, len);
return CCID_OK; return CCID_OK;
} }
else { //we clear the old file else { //we clear the old file
flash_clear_file(file); flash_clear_file(file);
if (offset > 0) {
old_data = (uint8_t *)calloc(1, offset+len);
memcpy(old_data, file->data+sizeof(uint16_t), offset);
memcpy(old_data+offset, data, len);
len = offset+len;
data = old_data;
}
} }
} }
uintptr_t new_addr = allocate_free_addr(len);
uintptr_t new_addr = allocate_free_addr(len, (file->type & FILE_PERSISTENT) == FILE_PERSISTENT);
//printf("na %x\r\n",new_addr); //printf("na %x\r\n",new_addr);
if (new_addr == 0x0) if (new_addr == 0x0)
return CCID_ERR_NO_MEMORY; return CCID_ERR_NO_MEMORY;
file->data = (uint8_t *)new_addr+sizeof(uintptr_t)+sizeof(uint16_t)+sizeof(uintptr_t); //next addr+fid+prev addr file->data = (uint8_t *)new_addr+sizeof(uintptr_t)+sizeof(uint16_t)+sizeof(uintptr_t); //next addr+fid+prev addr
flash_program_halfword(new_addr+sizeof(uintptr_t)+sizeof(uintptr_t), file->fid); flash_program_halfword(new_addr+sizeof(uintptr_t)+sizeof(uintptr_t), file->fid);
flash_program_halfword((uintptr_t)file->data, len); flash_program_halfword((uintptr_t)file->data, len);
if (data) if (data)
flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len); flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len);
if (old_data)
free(old_data);
return CCID_OK; return CCID_OK;
} }
int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
return flash_write_data_to_file_offset(file, data, len, 0);
}

46
src/fs/low_flash.c
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -26,7 +26,7 @@
#include "pico/mutex.h" #include "pico/mutex.h"
#include "pico/sem.h" #include "pico/sem.h"
#include "pico/multicore.h" #include "pico/multicore.h"
#include "ccid2040.h" #include "hsm.h"
#include <string.h> #include <string.h>
#define TOTAL_FLASH_PAGES 4 #define TOTAL_FLASH_PAGES 4
@@ -66,8 +66,8 @@ void do_flash()
flash_range_program(flash_pages[r].address-XIP_BASE, flash_pages[r].page, FLASH_SECTOR_SIZE); flash_range_program(flash_pages[r].address-XIP_BASE, flash_pages[r].page, FLASH_SECTOR_SIZE);
restore_interrupts (ints); restore_interrupts (ints);
while (multicore_lockout_end_timeout_us(1000) == false); while (multicore_lockout_end_timeout_us(1000) == false);
//printf("WRITEN %X !\r\n",flash_pages[r].address); //printf("WRITEN %X !\r\n",flash_pages[r].address);
flash_pages[r].ready = false; flash_pages[r].ready = false;
ready_pages--; ready_pages--;
} }
@@ -82,7 +82,7 @@ void do_flash()
} }
flash_available = false; flash_available = false;
if (ready_pages != 0) { if (ready_pages != 0) {
DEBUG_INFO("ERROR: DO FLASH DOES NOT HAVE ZERO PAGES"); printf("ERROR: DO FLASH DOES NOT HAVE ZERO PAGES\n");
} }
} }
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
@@ -138,22 +138,21 @@ page_flash_t *find_free_page(uintptr_t addr) {
} }
int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len) { int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len) {
uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
page_flash_t *p = NULL; page_flash_t *p = NULL;
if (!data || len == 0) if (!data || len == 0)
return CCID_ERR_NULL_PARAM; return CCID_ERR_NULL_PARAM;
mutex_enter_blocking(&mtx_flash); mutex_enter_blocking(&mtx_flash);
if (ready_pages == TOTAL_FLASH_PAGES) { if (ready_pages == TOTAL_FLASH_PAGES) {
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: ALL FLASH PAGES CACHED\r\n"); printf("ERROR: ALL FLASH PAGES CACHED\r\n");
return CCID_ERR_NO_MEMORY; return CCID_ERR_NO_MEMORY;
} }
if (!(p = find_free_page(addr))) if (!(p = find_free_page(addr)))
{ {
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n"); printf("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
return CCID_ERR_MEMORY_FATAL; return CCID_ERR_MEMORY_FATAL;
} }
memcpy(&p->page[addr&(FLASH_SECTOR_SIZE-1)], data, len); memcpy(&p->page[addr&(FLASH_SECTOR_SIZE-1)], data, len);
@@ -175,7 +174,7 @@ int flash_program_uintptr (uintptr_t addr, uintptr_t data) {
} }
uint8_t *flash_read(uintptr_t addr) { uint8_t *flash_read(uintptr_t addr) {
uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE; uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
mutex_enter_blocking(&mtx_flash); mutex_enter_blocking(&mtx_flash);
if (ready_pages > 0) { if (ready_pages > 0) {
for (int r = 0; r < TOTAL_FLASH_PAGES; r++) for (int r = 0; r < TOTAL_FLASH_PAGES; r++)
@@ -213,17 +212,16 @@ uint8_t flash_read_uint8(uintptr_t addr) {
} }
int flash_erase_page (uintptr_t addr, size_t page_size) { int flash_erase_page (uintptr_t addr, size_t page_size) {
uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
page_flash_t *p = NULL; page_flash_t *p = NULL;
mutex_enter_blocking(&mtx_flash); mutex_enter_blocking(&mtx_flash);
if (ready_pages == TOTAL_FLASH_PAGES) { if (ready_pages == TOTAL_FLASH_PAGES) {
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
DEBUG_INFO("ERROR: ALL FLASH PAGES CACHED\r\n"); printf("ERROR: ALL FLASH PAGES CACHED\r\n");
return CCID_ERR_NO_MEMORY; return CCID_ERR_NO_MEMORY;
} }
if (!(p = find_free_page(addr))) { if (!(p = find_free_page(addr))) {
DEBUG_INFO("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n"); printf("ERROR: FLASH CANNOT FIND A PAGE (rare error)\r\n");
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
return CCID_ERR_MEMORY_FATAL; return CCID_ERR_MEMORY_FATAL;
} }
@@ -231,7 +229,7 @@ int flash_erase_page (uintptr_t addr, size_t page_size) {
p->ready = false; p->ready = false;
p->page_size = page_size; p->page_size = page_size;
mutex_exit(&mtx_flash); mutex_exit(&mtx_flash);
return CCID_OK; return CCID_OK;
} }

160
src/ccid/ccid2040.h → src/hsm.h
View File

@@ -1,123 +1,37 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#ifndef _CCID2040_H_ #ifndef _HSM_H_
#define _CCID2040_H_ #define _HSM_H_
#include "ccid.h"
#include "tusb.h"
#include "file.h" #include "file.h"
#include "pico/unique_id.h" #include "pico/unique_id.h"
#include "pico/util/queue.h" #include <string.h>
#define USB_REQ_CCID 0xA1
typedef struct app { extern int driver_init();
const uint8_t *aid; extern void driver_task();
int (*process_apdu)(); extern bool wait_button();
struct app* (*select_aid)();
int (*unload)();
} app_t;
extern int register_app(app_t * (*)()); extern void low_flash_init_core1();
extern const uint8_t historical_bytes[];
#define DEBUG_PAYLOAD(p,s) { \
printf("Payload %s (%d bytes):\r\n", #p,s);\
for (int i = 0; i < s; i += 16) {\
printf("%07Xh : ",i+p);\
for (int j = 0; j < 16; j++) {\
if (j < s-i) printf("%02X ",(p)[i+j]);\
else printf(" ");\
if (j == 7) printf(" ");\
} printf(": "); \
for (int j = 0; j < MIN(16,s-i); j++) {\
printf("%c",(p)[i+j] == 0x0a || (p)[i+j] == 0x0d ? '\\' : (p)[i+j]);\
if (j == 7) printf(" ");\
}\
printf("\r\n");\
} printf("\r\n"); \
}
struct apdu {
uint8_t seq;
/* command APDU */
uint8_t *cmd_apdu_head; /* CLS INS P1 P2 [ internal Lc ] */
uint8_t *cmd_apdu_data;
size_t cmd_apdu_data_len; /* Nc, calculated by Lc field */
size_t expected_res_size; /* Ne, calculated by Le field */
/* response APDU */
uint16_t sw;
uint16_t res_apdu_data_len;
uint8_t *res_apdu_data;
};
#define MAX_CMD_APDU_DATA_SIZE (24+4+512*4)
#define MAX_RES_APDU_DATA_SIZE (5+9+512*4)
#define CCID_MSG_HEADER_SIZE 10
#define USB_LL_BUF_SIZE 64
/* CCID thread */
#define EV_CARD_CHANGE 1
#define EV_TX_FINISHED 2 /* CCID Tx finished */
#define EV_EXEC_ACK_REQUIRED 4 /* OpenPGPcard Execution ACK required */
#define EV_EXEC_FINISHED 8 /* OpenPGPcard Execution finished */
#define EV_RX_DATA_READY 16 /* USB Rx data available */
#define EV_PRESS_BUTTON 32
/* SC HSM thread */
#define EV_MODIFY_CMD_AVAILABLE 1
#define EV_VERIFY_CMD_AVAILABLE 2
#define EV_CMD_AVAILABLE 4
#define EV_EXIT 8
#define EV_BUTTON_PRESSED 16
//Variables set by core1
extern queue_t *ccid_comm;
extern queue_t *card_comm;
enum ccid_state {
CCID_STATE_NOCARD, /* No card available */
CCID_STATE_START, /* Initial */
CCID_STATE_WAIT, /* Waiting APDU */
CCID_STATE_EXECUTE, /* Executing command */
CCID_STATE_ACK_REQUIRED_0, /* Ack required (executing)*/
CCID_STATE_ACK_REQUIRED_1, /* Waiting user's ACK (execution finished) */
CCID_STATE_EXITED, /* CCID Thread Terminated */
CCID_STATE_EXEC_REQUESTED, /* Exec requested */
};
#define CLA(a) a.cmd_apdu_head[0]
#define INS(a) a.cmd_apdu_head[1]
#define P1(a) a.cmd_apdu_head[2]
#define P2(a) a.cmd_apdu_head[3]
#define res_APDU apdu.res_apdu_data
#define res_APDU_size apdu.res_apdu_data_len
extern struct apdu apdu;
uint16_t set_res_sw (uint8_t sw1, uint8_t sw2);
extern int driver_write(const uint8_t *, size_t);
extern size_t driver_read(uint8_t *, size_t);
extern size_t usb_rx(const uint8_t *buffer, size_t len);
static inline const uint16_t make_uint16_t(uint8_t b1, uint8_t b2) { static inline const uint16_t make_uint16_t(uint8_t b1, uint8_t b2) {
return (b1 << 8) | b2; return (b1 << 8) | b2;
@@ -130,36 +44,6 @@ static inline const void put_uint16_t(uint16_t n, uint8_t *b) {
*b = n & 0xff; *b = n & 0xff;
} }
extern const uint8_t *ccid_atr;
#ifdef DEBUG
void stdout_init (void);
#define DEBUG_MORE 1
/*
* Debug functions in debug.c
*/
void put_byte (uint8_t b);
void put_byte_with_no_nl (uint8_t b);
void put_short (uint16_t x);
void put_word (uint32_t x);
void put_int (uint32_t x);
void put_string (const char *s);
void put_binary (const char *s, int len);
#define DEBUG_INFO(msg) put_string (msg)
#define DEBUG_WORD(w) put_word (w)
#define DEBUG_SHORT(h) put_short (h)
#define DEBUG_BYTE(b) put_byte (b)
#define DEBUG_BINARY(s,len) put_binary ((const char *)s,len)
#else
#define DEBUG_INFO(msg)
#define DEBUG_WORD(w)
#define DEBUG_SHORT(h)
#define DEBUG_BYTE(b)
#define DEBUG_BINARY(s,len)
#endif
extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len); extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len);
extern void low_flash_available(); extern void low_flash_available();
extern int flash_clear_file(file_t *file); extern int flash_clear_file(file_t *file);
@@ -177,7 +61,6 @@ enum {
}; };
extern void led_set_blink(uint32_t mode); extern void led_set_blink(uint32_t mode);
#define SW_BYTES_REMAINING_00() set_res_sw (0x61, 0x00) #define SW_BYTES_REMAINING_00() set_res_sw (0x61, 0x00)
#define SW_WARNING_STATE_UNCHANGED() set_res_sw (0x62, 0x00) #define SW_WARNING_STATE_UNCHANGED() set_res_sw (0x62, 0x00)
#define SW_WARNING_CORRUPTED() set_res_sw (0x62, 0x81) #define SW_WARNING_CORRUPTED() set_res_sw (0x62, 0x81)
@@ -249,7 +132,4 @@ extern void led_set_blink(uint32_t mode);
#define CCID_WRONG_PADDING -1011 #define CCID_WRONG_PADDING -1011
#define CCID_VERIFICATION_FAILED -1012 #define CCID_VERIFICATION_FAILED -1012
extern int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint8_t *tag, size_t *tag_len, uint8_t **data); #endif
extern int format_tlv_len(size_t len, uint8_t *out);
#endif

24
src/ccid/ccid_version.h → src/hsm_version.h
View File

@@ -1,27 +1,27 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#ifndef __VERSION_H_ #ifndef __VERSION_H_
#define __VERSION_H_ #define __VERSION_H_
#define CCID_VERSION 0x0101 #define HSM_SDK_VERSION 0x0300
#define CCID_VERSION_MAJOR ((CCID_VERSION >> 8) & 0xff) #define HSM_SDK_VERSION_MAJOR ((HSM_SDK_VERSION >> 8) & 0xff)
#define CCID_VERSION_MINOR (CCID_VERSION & 0xff) #define HSM_SDK_VERSION_MINOR (HSM_SDK_VERSION & 0xff)
#endif #endif

199
src/main.c Normal file
View File

@@ -0,0 +1,199 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
// For memcpy
#include <string.h>
// Include descriptor struct definitions
//#include "usb_common.h"
// USB register definitions from pico-sdk
#include "hardware/regs/usb.h"
// USB hardware struct definitions from pico-sdk
#include "hardware/structs/usb.h"
// For interrupt enable and numbers
#include "hardware/irq.h"
// For resetting the USB controller
#include "hardware/resets.h"
#include "pico/multicore.h"
#include "random.h"
#include "hsm.h"
#include "apdu.h"
#include "usb.h"
#include "hardware/rtc.h"
#include "bsp/board.h"
extern void do_flash();
extern void low_flash_init();
app_t apps[4];
uint8_t num_apps = 0;
app_t *current_app = NULL;
int register_app(app_t * (*select_aid)()) {
if (num_apps < sizeof(apps)/sizeof(app_t)) {
apps[num_apps].select_aid = select_aid;
num_apps++;
return 1;
}
return 0;
}
static uint32_t blink_interval_ms = BLINK_NOT_MOUNTED;
void led_set_blink(uint32_t mode) {
blink_interval_ms = mode;
}
void execute_tasks();
bool wait_button() {
uint32_t start_button = board_millis();
bool timeout = false;
led_set_blink((1000 << 16) | 100);
while (board_button_read() == false) {
execute_tasks();
//sleep_ms(10);
if (start_button + 15000 < board_millis()) { /* timeout */
timeout = true;
break;
}
}
if (!timeout) {
while (board_button_read() == true) {
execute_tasks();
//sleep_ms(10);
if (start_button + 15000 < board_millis()) { /* timeout */
timeout = true;
break;
}
}
}
led_set_blink(BLINK_PROCESSING);
return timeout;
}
struct apdu apdu;
void led_blinking_task() {
#ifdef PICO_DEFAULT_LED_PIN
static uint32_t start_ms = 0;
static uint8_t led_state = false;
static uint8_t led_color = PICO_DEFAULT_LED_PIN;
#ifdef PICO_DEFAULT_LED_PIN_INVERTED
uint32_t interval = !led_state ? blink_interval_ms & 0xffff : blink_interval_ms >> 16;
#else
uint32_t interval = led_state ? blink_interval_ms & 0xffff : blink_interval_ms >> 16;
#endif
// Blink every interval ms
if (board_millis() - start_ms < interval)
return; // not enough time
start_ms += interval;
gpio_put(led_color, led_state);
led_state ^= 1; // toggle
#endif
}
void led_off_all() {
#ifdef PIMORONI_TINY2040
gpio_put(TINY2040_LED_R_PIN, 1);
gpio_put(TINY2040_LED_G_PIN, 1);
gpio_put(TINY2040_LED_B_PIN, 1);
#else
#ifdef PICO_DEFAULT_LED_PIN
gpio_put(PICO_DEFAULT_LED_PIN, 0);
#endif
#endif
}
void init_rtc() {
rtc_init();
datetime_t dt = {
.year = 2020,
.month = 1,
.day = 1,
.dotw = 3, // 0 is Sunday, so 5 is Friday
.hour = 00,
.min = 00,
.sec = 00
};
rtc_set_datetime(&dt);
}
extern void neug_task();
pico_unique_board_id_t unique_id;
void execute_tasks() {
usb_task();
tud_task(); // tinyusb device task
led_blinking_task();
}
int main(void) {
usb_init();
board_init();
stdio_init_all();
#ifdef PIMORONI_TINY2040
gpio_init(TINY2040_LED_R_PIN);
gpio_set_dir(TINY2040_LED_R_PIN, GPIO_OUT);
gpio_init(TINY2040_LED_G_PIN);
gpio_set_dir(TINY2040_LED_G_PIN, GPIO_OUT);
gpio_init(TINY2040_LED_B_PIN);
gpio_set_dir(TINY2040_LED_B_PIN, GPIO_OUT);
#else
#ifdef PICO_DEFAULT_LED_PIN
gpio_init(PICO_DEFAULT_LED_PIN);
gpio_set_dir(PICO_DEFAULT_LED_PIN, GPIO_OUT);
#endif
#endif
led_off_all();
tusb_init();
//prepare_ccid();
random_init();
low_flash_init();
init_rtc();
//ccid_prepare_receive(&ccid);
while (1) {
execute_tasks();
neug_task();
do_flash();
}
return 0;
}

46
src/rng/neug.c → src/rng/hwrng.c
View File

@@ -1,35 +1,37 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
//Part of the code is taken from GnuK (GPLv3)
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include "pico/stdlib.h" #include "pico/stdlib.h"
#include "neug.h" #include "hwrng.h"
#include "hardware/structs/rosc.h" #include "hardware/structs/rosc.h"
#include "hardware/gpio.h" #include "hardware/gpio.h"
#include "hardware/adc.h" #include "hardware/adc.h"
#include "bsp/board.h"
#include "pico/unique_id.h" #include "pico/unique_id.h"
#include "pico/time.h"
static inline uint32_t board_millis(void)
{
return to_ms_since_boot(get_absolute_time());
}
void adc_start() { void adc_start() {
adc_init(); adc_init();
adc_gpio_init(27); adc_gpio_init(27);
@@ -67,7 +69,7 @@ static int ep_process () {
random_word *= 0x00000100000001B3; random_word *= 0x00000100000001B3;
if (++ep_round == 8) { if (++ep_round == 8) {
ep_round = 0; ep_round = 0;
return 2; //2 words return 2; //2 words
} }
return 0; return 0;
} }
@@ -117,7 +119,7 @@ static struct rng_rb the_ring_buffer;
void *neug_task() { void *neug_task() {
struct rng_rb *rb = &the_ring_buffer; struct rng_rb *rb = &the_ring_buffer;
int n; int n;
if ((n = ep_process())) { if ((n = ep_process())) {
@@ -139,25 +141,23 @@ void *neug_task() {
void neug_init(uint32_t *buf, uint8_t size) { void neug_init(uint32_t *buf, uint8_t size) {
pico_unique_board_id_t unique_id; pico_unique_board_id_t unique_id;
pico_get_unique_board_id(&unique_id); pico_get_unique_board_id(&unique_id);
const uint32_t *u = (const uint32_t *)unique_id.id;
struct rng_rb *rb = &the_ring_buffer; struct rng_rb *rb = &the_ring_buffer;
int i;
rb_init(rb, buf, size); rb_init(rb, buf, size);
adc_start(); adc_start();
ep_init(); ep_init();
} }
void neug_flush(void) { void neug_flush(void) {
struct rng_rb *rb = &the_ring_buffer; struct rng_rb *rb = &the_ring_buffer;
while (!rb->empty) while (!rb->empty)
rb_del (rb); rb_del (rb);
} }
uint32_t neug_get(int kick) { uint32_t neug_get() {
struct rng_rb *rb = &the_ring_buffer; struct rng_rb *rb = &the_ring_buffer;
uint32_t v; uint32_t v;
@@ -177,6 +177,6 @@ void neug_wait_full(void) { //should be called only on core1
} }
void neug_fini(void) { void neug_fini(void) {
neug_get(1); neug_get();
} }

18
src/rng/neug.h → src/rng/hwrng.h
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */

20
src/rng/random.c
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -19,7 +19,7 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include "neug.h" #include "hwrng.h"
#define RANDOM_BYTES_LENGTH 32 #define RANDOM_BYTES_LENGTH 32
static uint32_t random_word[RANDOM_BYTES_LENGTH/sizeof (uint32_t)]; static uint32_t random_word[RANDOM_BYTES_LENGTH/sizeof (uint32_t)];

22
src/rng/random.h
View File

@@ -1,17 +1,17 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
@@ -33,6 +33,6 @@ void random_bytes_free (const uint8_t *p);
void random_get_salt (uint8_t *p); void random_get_salt (uint8_t *p);
/* iterator returning a byta at a time */ /* iterator returning a byta at a time */
int random_gen (void *arg, unsigned char *output, size_t output_len); extern int random_gen (void *arg, unsigned char *output, size_t output_len);
#endif #endif

73
src/usb/ccid.h
View File

@@ -1,73 +0,0 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CCID_H_
#define _CCID_H_
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
static const struct ccid_class_descriptor desc_ccid = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
#endif

347
src/usb/ccid/ccid.c Normal file
View File

@@ -0,0 +1,347 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
// For memcpy
#include <string.h>
// Include descriptor struct definitions
//#include "usb_common.h"
// USB register definitions from pico-sdk
#include "hardware/regs/usb.h"
// USB hardware struct definitions from pico-sdk
#include "hardware/structs/usb.h"
// For interrupt enable and numbers
#include "hardware/irq.h"
// For resetting the USB controller
#include "hardware/resets.h"
#include "random.h"
#include "hsm.h"
#include "hardware/rtc.h"
#include "tusb.h"
#include "ccid.h"
#include "device/usbd_pvt.h"
#include "usb_descriptors.h"
#include "apdu.h"
#include "usb.h"
const uint8_t *ccid_atr = NULL;
#if MAX_RES_APDU_DATA_SIZE > MAX_CMD_APDU_DATA_SIZE
#define USB_BUF_SIZE (MAX_RES_APDU_DATA_SIZE+20+9)
#else
#define USB_BUF_SIZE (MAX_CMD_APDU_DATA_SIZE+20+9)
#endif
#define CCID_SET_PARAMS 0x61 /* non-ICCD command */
#define CCID_POWER_ON 0x62
#define CCID_POWER_OFF 0x63
#define CCID_SLOT_STATUS 0x65 /* non-ICCD command */
#define CCID_SECURE 0x69 /* non-ICCD command */
#define CCID_GET_PARAMS 0x6C /* non-ICCD command */
#define CCID_RESET_PARAMS 0x6D /* non-ICCD command */
#define CCID_XFR_BLOCK 0x6F
#define CCID_DATA_BLOCK_RET 0x80
#define CCID_SLOT_STATUS_RET 0x81 /* non-ICCD result */
#define CCID_PARAMS_RET 0x82 /* non-ICCD result */
#define CCID_MSG_SEQ_OFFSET 6
#define CCID_MSG_STATUS_OFFSET 7
#define CCID_MSG_ERROR_OFFSET 8
#define CCID_MSG_CHAIN_OFFSET 9
#define CCID_MSG_DATA_OFFSET 10 /* == CCID_MSG_HEADER_SIZE */
#define CCID_MAX_MSG_DATA_SIZE USB_BUF_SIZE
#define CCID_STATUS_RUN 0x00
#define CCID_STATUS_PRESENT 0x01
#define CCID_STATUS_NOTPRESENT 0x02
#define CCID_CMD_STATUS_OK 0x00
#define CCID_CMD_STATUS_ERROR 0x40
#define CCID_CMD_STATUS_TIMEEXT 0x80
#define CCID_ERROR_XFR_OVERRUN 0xFC
/*
* Since command-byte is at offset 0,
* error with offset 0 means "command not supported".
*/
#define CCID_OFFSET_CMD_NOT_SUPPORTED 0
#define CCID_OFFSET_DATA_LEN 1
#define CCID_OFFSET_PARAM 8
#define CCID_THREAD_TERMINATED 0xffff
#define CCID_ACK_TIMEOUT 0x6600
struct ccid_header {
uint8_t bMessageType;
uint32_t dwLength;
uint8_t bSlot;
uint8_t bSeq;
uint8_t abRFU0;
uint16_t abRFU1;
uint8_t apdu; //Actually it is an array
} __packed;
uint8_t ccid_status = 1;
static uint8_t itf_num;
void ccid_write_offset(uint16_t size, uint16_t offset) {
if (*usb_get_tx()+offset != 0x81)
DEBUG_PAYLOAD(usb_get_tx()+offset,size+10);
usb_write_offset(size+10, offset);
}
void ccid_write(uint16_t size) {
ccid_write_offset(size, 0);
}
struct ccid_header *ccid_response;
struct ccid_header *ccid_header;
int driver_init() {
ccid_header = (struct ccid_header *)usb_get_rx();
apdu.header = &ccid_header->apdu;
ccid_response = (struct ccid_header *)usb_get_tx();
apdu.rdata = &ccid_response->apdu;
return CCID_OK;
}
void tud_vendor_rx_cb(uint8_t itf) {
(void) itf;
uint32_t len = tud_vendor_available();
usb_rx(NULL, len);
}
void tud_vendor_tx_cb(uint8_t itf, uint32_t sent_bytes) {
printf("written %ld\n",sent_bytes);
usb_write_flush();
}
int driver_write(const uint8_t *buffer, size_t buffer_size) {
return tud_vendor_write(buffer, buffer_size);
}
size_t driver_read(uint8_t *buffer, size_t buffer_size) {
return tud_vendor_read(buffer, buffer_size);
}
int driver_process_usb_packet(uint16_t rx_read) {
if (rx_read >= 10)
{
//printf("%d %d %x\r\n",tccid->dwLength,rx_read-10,tccid->bMessageType);
if (ccid_header->dwLength <= rx_read-10) {
size_t apdu_sent = 0;
if (ccid_header->bMessageType != 0x65)
DEBUG_PAYLOAD(usb_get_rx(),usb_read_available());
if (ccid_header->bMessageType == 0x65) {
ccid_response->bMessageType = CCID_SLOT_STATUS_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write(0);
}
else if (ccid_header->bMessageType == 0x62) {
size_t size_atr = (ccid_atr ? ccid_atr[0] : 0);
ccid_response->bMessageType = 0x80;
ccid_response->dwLength = size_atr;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = 0;
ccid_response->abRFU1 = 0;
//printf("1 %x %x %x || %x %x %x\r\n",ccid_response->apdu,apdu.rdata,ccid_response,ccid_header,ccid_header->apdu,apdu.data);
memcpy(apdu.rdata, ccid_atr+1, size_atr);
card_start();
ccid_status = 0;
ccid_write(size_atr);
}
else if (ccid_header->bMessageType == 0x63) {
ccid_status = 1;
ccid_response->bMessageType = CCID_SLOT_STATUS_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
card_exit();
ccid_write(0);
}
else if (ccid_header->bMessageType == 0x6F) {
apdu_sent = apdu_process(&ccid_header->apdu, ccid_header->dwLength);
}
usb_clear_rx();
return apdu_sent;
}
}
/*
if (usb_read_available() && c->epo->ready) {
if ()
uint32_t count = usb_read(endp1_rx_buf, sizeof(endp1_rx_buf));
//if (endp1_rx_buf[0] != 0x65)
DEBUG_PAYLOAD(endp1_rx_buf, count);
//DEBUG_PAYLOAD(endp1_rx_buf, count);
ccid_rx_ready(count);
}
*/
return 0;
}
bool driver_mounted() {
return tud_vendor_mounted();
}
void driver_exec_timeout() {
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = 0;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = CCID_CMD_STATUS_TIMEEXT;
ccid_response->abRFU1 = 0;
ccid_write(0);
}
void driver_exec_finished(size_t size_next) {
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = size_next;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write(size_next);
}
void driver_exec_finished_cont(size_t size_next, size_t offset) {
ccid_response = (struct ccid_header *)(usb_get_tx()+offset-10);
ccid_response->bMessageType = CCID_DATA_BLOCK_RET;
ccid_response->dwLength = size_next;
ccid_response->bSlot = 0;
ccid_response->bSeq = ccid_header->bSeq;
ccid_response->abRFU0 = ccid_status;
ccid_response->abRFU1 = 0;
ccid_write_offset(size_next, offset-10);
}
uint8_t *driver_prepare_response() {
ccid_response = (struct ccid_header *)usb_get_tx();
return &ccid_response->apdu;
}
#define USB_CONFIG_ATT_ONE TU_BIT(7)
#define MAX_USB_POWER 1
static void ccid_init_cb(void) {
TU_LOG1("-------- CCID INIT\r\n");
vendord_init();
//ccid_notify_slot_change(c);
}
static void ccid_reset_cb(uint8_t rhport) {
TU_LOG1("-------- CCID RESET\r\n");
itf_num = 0;
vendord_reset(rhport);
}
static uint16_t ccid_open(uint8_t rhport, tusb_desc_interface_t const *itf_desc, uint16_t max_len) {
uint8_t *itf_vendor = (uint8_t *)malloc(sizeof(uint8_t)*max_len);
TU_LOG1("-------- CCID OPEN\r\n");
TU_VERIFY(itf_desc->bInterfaceClass == TUSB_CLASS_SMART_CARD && itf_desc->bInterfaceSubClass == 0 && itf_desc->bInterfaceProtocol == 0, 0);
//vendord_open expects a CLASS_VENDOR interface class
memcpy(itf_vendor, itf_desc, sizeof(uint8_t)*max_len);
((tusb_desc_interface_t *)itf_vendor)->bInterfaceClass = TUSB_CLASS_VENDOR_SPECIFIC;
vendord_open(rhport, (tusb_desc_interface_t *)itf_vendor, max_len);
free(itf_vendor);
uint16_t const drv_len = sizeof(tusb_desc_interface_t) + sizeof(struct ccid_class_descriptor) + 2*sizeof(tusb_desc_endpoint_t);
TU_VERIFY(max_len >= drv_len, 0);
itf_num = itf_desc->bInterfaceNumber;
return drv_len;
}
// Support for parameterized reset via vendor interface control request
static bool ccid_control_xfer_cb(uint8_t __unused rhport, uint8_t stage, tusb_control_request_t const * request) {
// nothing to do with DATA & ACK stage
TU_LOG2("-------- CCID CTRL XFER\r\n");
if (stage != CONTROL_STAGE_SETUP) return true;
if (request->wIndex == itf_num)
{
TU_LOG2("-------- bmRequestType %x, bRequest %x, wValue %x, wLength %x\r\n",request->bmRequestType,request->bRequest, request->wValue, request->wLength);
/*
#if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_BOOTSEL
if (request->bRequest == RESET_REQUEST_BOOTSEL) {
#ifdef PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED
uint gpio_mask = 1u << PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED;
#else
uint gpio_mask = 0u;
#endif
#if !PICO_STDIO_USB_RESET_BOOTSEL_FIXED_ACTIVITY_LED
if (request->wValue & 0x100) {
gpio_mask = 1u << (request->wValue >> 9u);
}
#endif
reset_usb_boot(gpio_mask, (request->wValue & 0x7f) | PICO_STDIO_USB_RESET_BOOTSEL_INTERFACE_DISABLE_MASK);
// does not return, otherwise we'd return true
}
#endif
#if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_FLASH_BOOT
if (request->bRequest == RESET_REQUEST_FLASH) {
watchdog_reboot(0, 0, PICO_STDIO_USB_RESET_RESET_TO_FLASH_DELAY_MS);
return true;
}
#endif
*/
return true;
}
return false;
}
static bool ccid_xfer_cb(uint8_t rhport, uint8_t ep_addr, xfer_result_t result, uint32_t xferred_bytes) {
//printf("------ CALLED XFER_CB\r\n");
return vendord_xfer_cb(rhport, ep_addr, result, xferred_bytes);
//return true;
}
static const usbd_class_driver_t ccid_driver = {
#if CFG_TUSB_DEBUG >= 2
.name = "CCID",
#endif
.init = ccid_init_cb,
.reset = ccid_reset_cb,
.open = ccid_open,
.control_xfer_cb = ccid_control_xfer_cb,
.xfer_cb = ccid_xfer_cb,
.sof = NULL
};
// Implement callback to add our custom driver
usbd_class_driver_t const *usbd_app_driver_get_cb(uint8_t *driver_count) {
*driver_count = 1;
return &ccid_driver;
}

49
src/usb/ccid/ccid.h Normal file
View File

@@ -0,0 +1,49 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _CCID_H_
#define _CCID_H_
extern const uint8_t historical_bytes[];
#define MAX_CMD_APDU_DATA_SIZE (24+4+512*4)
#define MAX_RES_APDU_DATA_SIZE (5+9+512*4)
#define CCID_MSG_HEADER_SIZE 10
#define USB_LL_BUF_SIZE 64
enum ccid_state {
CCID_STATE_NOCARD, /* No card available */
CCID_STATE_START, /* Initial */
CCID_STATE_WAIT, /* Waiting APDU */
CCID_STATE_EXECUTE, /* Executing command */
CCID_STATE_ACK_REQUIRED_0, /* Ack required (executing)*/
CCID_STATE_ACK_REQUIRED_1, /* Waiting user's ACK (execution finished) */
CCID_STATE_EXITED, /* CCID Thread Terminated */
CCID_STATE_EXEC_REQUESTED, /* Exec requested */
};
extern const uint8_t *ccid_atr;
extern uint8_t *usb_get_rx();
extern uint8_t *usb_get_tx();
extern uint32_t usb_write_offset(uint16_t len, uint16_t offset);
extern uint16_t usb_read_available();
extern void usb_clear_rx();
extern uint32_t usb_write_flush();
#endif //_CCID_H_

2
src/usb/tusb_config.h → src/usb/ccid/tusb_config.h
View File

@@ -108,7 +108,6 @@
#define CFG_TUD_VENDOR_TX_BUFSIZE (TUD_OPT_HIGH_SPEED ? 512 : 64) #define CFG_TUD_VENDOR_TX_BUFSIZE (TUD_OPT_HIGH_SPEED ? 512 : 64)
#include "pico/types.h" #include "pico/types.h"
static inline uint16_t tu_u32_high16(uint32_t ui32) { return (uint16_t) (ui32 >> 16); } static inline uint16_t tu_u32_high16(uint32_t ui32) { return (uint16_t) (ui32 >> 16); }
static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 & 0x0000ffffu); } static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 & 0x0000ffffu); }
@@ -117,3 +116,4 @@ static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 &
#endif #endif
#endif /* _TUSB_CONFIG_H_ */ #endif /* _TUSB_CONFIG_H_ */

325
src/usb/ccid/usb_common.h.notused Normal file
View File

@@ -0,0 +1,325 @@
/*
* Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _USB_COMMON_H
#define _USB_COMMON_H
#include "pico/types.h"
#include "hardware/structs/usb.h"
// bmRequestType bit definitions
#define USB_REQ_TYPE_STANDARD 0x00u
#define USB_REQ_TYPE_TYPE_MASK 0x60u
#define USB_REQ_TYPE_TYPE_CLASS 0x20u
#define USB_REQ_TYPE_TYPE_VENDOR 0x40u
#define USB_REQ_TYPE_RECIPIENT_MASK 0x1fu
#define USB_REQ_TYPE_RECIPIENT_DEVICE 0x00u
#define USB_REQ_TYPE_RECIPIENT_INTERFACE 0x01u
#define USB_REQ_TYPE_RECIPIENT_ENDPOINT 0x02u
#define USB_DIR_OUT 0x00u
#define USB_DIR_IN 0x80u
#define USB_TRANSFER_TYPE_CONTROL 0x0
#define USB_TRANSFER_TYPE_ISOCHRONOUS 0x1
#define USB_TRANSFER_TYPE_BULK 0x2
#define USB_TRANSFER_TYPE_INTERRUPT 0x3
#define USB_TRANSFER_TYPE_BITS 0x3
// Descriptor types
#define USB_DT_DEVICE 0x01
#define USB_DT_CONFIG 0x02
#define USB_DT_STRING 0x03
#define USB_DT_INTERFACE 0x04
#define USB_DT_ENDPOINT 0x05
#define USB_REQUEST_GET_STATUS 0x0
#define USB_REQUEST_CLEAR_FEATURE 0x01
#define USB_REQUEST_SET_FEATURE 0x03
#define USB_REQUEST_SET_ADDRESS 0x05
#define USB_REQUEST_GET_DESCRIPTOR 0x06
#define USB_REQUEST_SET_DESCRIPTOR 0x07
#define USB_REQUEST_GET_CONFIGURATION 0x08
#define USB_REQUEST_SET_CONFIGURATION 0x09
#define USB_REQUEST_GET_INTERFACE 0x0a
#define USB_REQUEST_SET_INTERFACE 0x0b
#define USB_REQUEST_SYNC_FRAME 0x0c
#define USB_REQUEST_MSC_GET_MAX_LUN 0xfe
#define USB_REQUEST_MSC_RESET 0xff
#define USB_FEAT_ENDPOINT_HALT 0x00
#define USB_FEAT_DEVICE_REMOTE_WAKEUP 0x01
#define USB_FEAT_TEST_MODE 0x02
#define USB_DESCRIPTOR_TYPE_ENDPOINT 0x05
struct usb_setup_packet {
uint8_t bmRequestType;
uint8_t bRequest;
uint16_t wValue;
uint16_t wIndex;
uint16_t wLength;
} __packed;
struct usb_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
};
struct usb_device_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdUSB;
uint8_t bDeviceClass;
uint8_t bDeviceSubClass;
uint8_t bDeviceProtocol;
uint8_t bMaxPacketSize0;
uint16_t idVendor;
uint16_t idProduct;
uint16_t bcdDevice;
uint8_t iManufacturer;
uint8_t iProduct;
uint8_t iSerialNumber;
uint8_t bNumConfigurations;
} __packed;
struct usb_configuration_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t wTotalLength;
uint8_t bNumInterfaces;
uint8_t bConfigurationValue;
uint8_t iConfiguration;
uint8_t bmAttributes;
uint8_t bMaxPower;
} __packed;
struct usb_interface_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bInterfaceNumber;
uint8_t bAlternateSetting;
uint8_t bNumEndpoints;
uint8_t bInterfaceClass;
uint8_t bInterfaceSubClass;
uint8_t bInterfaceProtocol;
uint8_t iInterface;
} __packed;
struct usb_endpoint_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bEndpointAddress;
uint8_t bmAttributes;
uint16_t wMaxPacketSize;
uint8_t bInterval;
} __packed;
struct usb_endpoint_descriptor_long {
uint8_t bLength;
uint8_t bDescriptorType;
uint8_t bEndpointAddress;
uint8_t bmAttributes;
uint16_t wMaxPacketSize;
uint8_t bInterval;
uint8_t bRefresh;
uint8_t bSyncAddr;
} __attribute__((packed));
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
static const struct ccid_class_descriptor ccid_desc = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
// Struct in which we keep the endpoint configuration
typedef void (*usb_ep_handler)(uint8_t *buf, uint16_t len);
struct usb_endpoint_configuration {
const struct usb_endpoint_descriptor *descriptor;
usb_ep_handler handler;
// Pointers to endpoint + buffer control registers
// in the USB controller DPSRAM
volatile uint32_t *endpoint_control;
volatile uint32_t *buffer_control;
volatile uint8_t *data_buffer;
// Toggle after each packet (unless replying to a SETUP)
uint8_t next_pid;
};
// Struct in which we keep the device configuration
struct usb_device_configuration {
const struct usb_device_descriptor *device_descriptor;
const struct usb_interface_descriptor *interface_descriptor;
const struct usb_configuration_descriptor *config_descriptor;
const struct ccid_class_descriptor *ccid_descriptor;
const unsigned char *lang_descriptor;
const unsigned char **descriptor_strings;
// USB num endpoints is 16
struct usb_endpoint_configuration endpoints[USB_NUM_ENDPOINTS];
};
#define EP0_IN_ADDR (USB_DIR_IN | 0)
#define EP0_OUT_ADDR (USB_DIR_OUT | 0)
#define EP1_OUT_ADDR (USB_DIR_OUT | 1)
#define EP2_IN_ADDR (USB_DIR_IN | 2)
// EP0 IN and OUT
static const struct usb_endpoint_descriptor ep0_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP0_OUT_ADDR, // EP number 0, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_CONTROL,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_endpoint_descriptor ep0_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP0_IN_ADDR, // EP number 0, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_CONTROL,
.wMaxPacketSize = 64,
.bInterval = 0
};
// Descriptors
static const struct usb_device_descriptor device_descriptor = {
.bLength = sizeof(struct usb_device_descriptor),
.bDescriptorType = USB_DT_DEVICE,
.bcdUSB = 0x0200, // USB 1.1 device
.bDeviceClass = 0, // Specified in interface descriptor
.bDeviceSubClass = 0, // No subclass
.bDeviceProtocol = 0, // No protocol
.bMaxPacketSize0 = 64, // Max packet size for ep0
.idVendor = 0x20a0, // Your vendor id
.idProduct = 0x4230, // Your product ID
.bcdDevice = 0x0101, // No device revision number
.iManufacturer = 1, // Manufacturer string index
.iProduct = 2, // Product string index
.iSerialNumber = 3, // No serial number
.bNumConfigurations = 1 // One configuration
};
static const struct usb_interface_descriptor interface_descriptor = {
.bLength = sizeof(struct usb_interface_descriptor),
.bDescriptorType = USB_DT_INTERFACE,
.bInterfaceNumber = 0,
.bAlternateSetting = 0,
.bNumEndpoints = 2, // Interface has 2 endpoints
.bInterfaceClass = 0x0b, // Vendor specific endpoint
.bInterfaceSubClass = 0,
.bInterfaceProtocol = 0,
.iInterface = 5
};
static const struct usb_endpoint_descriptor ep1_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP1_OUT_ADDR, // EP number 1, OUT from host (rx to device)
.bmAttributes = USB_TRANSFER_TYPE_BULK,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_endpoint_descriptor ep2_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = EP2_IN_ADDR, // EP number 2, IN from host (tx from device)
.bmAttributes = USB_TRANSFER_TYPE_BULK,
.wMaxPacketSize = 64,
.bInterval = 0
};
static const struct usb_configuration_descriptor config_descriptor = {
.bLength = sizeof(struct usb_configuration_descriptor),
.bDescriptorType = USB_DT_CONFIG,
.wTotalLength = (sizeof(config_descriptor) +
sizeof(interface_descriptor) +
sizeof(ccid_desc) +
sizeof(ep1_out) +
sizeof(ep2_in)),
.bNumInterfaces = 1,
.bConfigurationValue = 1, // Configuration 1
.iConfiguration = 4, // No string
.bmAttributes = 0xa0, // attributes: self powered, no remote wakeup
.bMaxPower = 0x32 // 100ma
};
static const unsigned char lang_descriptor[] = {
4, // bLength
0x03, // bDescriptorType == String Descriptor
0x09, 0x04 // language id = us english
};
#define USB_REQ_CCID 0xA1
extern uint16_t usb_read(uint8_t *buffer, size_t buffer_size);
extern uint16_t usb_read_available();
extern uint32_t usb_write_offset(uint16_t size, uint16_t offset);
extern uint32_t usb_write(uint16_t size);
extern bool usb_is_configured();
extern void usb_init();
extern uint8_t *usb_get_rx();
extern uint32_t usb_send_tx_buffer();
extern uint8_t *usb_get_tx();
extern void usb_clear_rx();
extern bool usb_write_available();
extern uint32_t usb_write_flush();
#endif

64
src/usb/usb_descriptors.c → src/usb/ccid/usb_descriptors.c
View File

@@ -1,26 +1,24 @@
/* /*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid). * This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos. * Copyright (c) 2022 Pol Henarejos.
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3. * the Free Software Foundation, version 3.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of * WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "tusb.h" #include "tusb.h"
#include "usb_descriptors.h" #include "usb_descriptors.h"
#include "ccid.h"
#include "pico/unique_id.h" #include "pico/unique_id.h"
#include "ccid_version.h" #include "hsm_version.h"
#ifndef USB_VID #ifndef USB_VID
#define USB_VID 0xFEFF #define USB_VID 0xFEFF
@@ -35,6 +33,32 @@
#define MAX_USB_POWER 1 #define MAX_USB_POWER 1
static const struct ccid_class_descriptor desc_ccid = {
.bLength = sizeof(struct ccid_class_descriptor),
.bDescriptorType = 0x21,
.bcdCCID = (0x0110),
.bMaxSlotIndex = 0,
.bVoltageSupport = 0x01, // 5.0V
.dwProtocols = (
0x01| // T=0
0x02), // T=1
.dwDefaultClock = (0xDFC),
.dwMaximumClock = (0xDFC),
.bNumClockSupport = 0,
.dwDataRate = (0x2580),
.dwMaxDataRate = (0x2580),
.bNumDataRatesSupported = 0,
.dwMaxIFSD = (0xFE), // IFSD is handled by the real reader driver
.dwSynchProtocols = (0),
.dwMechanical = (0),
.dwFeatures = 0x40840, //USB-ICC, short & extended APDU
.dwMaxCCIDMessageLength = 65544+10,
.bClassGetResponse = 0xFF,
.bclassEnvelope = 0xFF,
.wLcdLayout = 0x0,
.bPINSupport = 0x0,
.bMaxCCIDBusySlots = 0x01,
};
//--------------------------------------------------------------------+ //--------------------------------------------------------------------+
// Device Descriptors // Device Descriptors
@@ -52,7 +76,7 @@ tusb_desc_device_t const desc_device =
.idVendor = (USB_VID), .idVendor = (USB_VID),
.idProduct = (USB_PID), .idProduct = (USB_PID),
.bcdDevice = CCID_VERSION, .bcdDevice = HSM_SDK_VERSION,
.iManufacturer = 1, .iManufacturer = 1,
.iProduct = 2, .iProduct = 2,
@@ -66,7 +90,7 @@ uint8_t const * tud_descriptor_device_cb(void)
return (uint8_t const *) &desc_device; return (uint8_t const *) &desc_device;
} }
tusb_desc_interface_t const desc_interface = tusb_desc_interface_t const desc_interface =
{ {
.bLength = sizeof(tusb_desc_interface_t), .bLength = sizeof(tusb_desc_interface_t),
.bDescriptorType = TUSB_DESC_INTERFACE, .bDescriptorType = TUSB_DESC_INTERFACE,
@@ -83,7 +107,7 @@ tusb_desc_interface_t const desc_interface =
// Configuration Descriptor // Configuration Descriptor
//--------------------------------------------------------------------+ //--------------------------------------------------------------------+
tusb_desc_configuration_t const desc_config = tusb_desc_configuration_t const desc_config =
{ {
.bLength = sizeof(tusb_desc_configuration_t), .bLength = sizeof(tusb_desc_configuration_t),
.bDescriptorType = TUSB_DESC_CONFIGURATION, .bDescriptorType = TUSB_DESC_CONFIGURATION,
@@ -95,7 +119,7 @@ tusb_desc_configuration_t const desc_config =
.bMaxPower = TUSB_DESC_CONFIG_POWER_MA(MAX_USB_POWER+1), .bMaxPower = TUSB_DESC_CONFIG_POWER_MA(MAX_USB_POWER+1),
}; };
tusb_desc_endpoint_t const desc_ep1 = tusb_desc_endpoint_t const desc_ep1 =
{ {
.bLength = sizeof(tusb_desc_endpoint_t), .bLength = sizeof(tusb_desc_endpoint_t),
.bDescriptorType = TUSB_DESC_ENDPOINT, .bDescriptorType = TUSB_DESC_ENDPOINT,
@@ -105,7 +129,7 @@ tusb_desc_endpoint_t const desc_ep1 =
.bInterval = 0 .bInterval = 0
}; };
tusb_desc_endpoint_t const desc_ep2 = tusb_desc_endpoint_t const desc_ep2 =
{ {
.bLength = sizeof(tusb_desc_endpoint_t), .bLength = sizeof(tusb_desc_endpoint_t),
.bDescriptorType = TUSB_DESC_ENDPOINT, .bDescriptorType = TUSB_DESC_ENDPOINT,
@@ -120,7 +144,7 @@ static uint8_t desc_config_extended[sizeof(tusb_desc_configuration_t) + sizeof(t
uint8_t const * tud_descriptor_configuration_cb(uint8_t index) uint8_t const * tud_descriptor_configuration_cb(uint8_t index)
{ {
(void) index; // for multiple configurations (void) index; // for multiple configurations
static uint8_t initd = 0; static uint8_t initd = 0;
if (initd == 0) if (initd == 0)
{ {
@@ -181,7 +205,7 @@ uint16_t const* tud_descriptor_string_cb(uint8_t index, uint16_t langid)
// Note: the 0xEE index string is a Microsoft OS 1.0 Descriptors. // Note: the 0xEE index string is a Microsoft OS 1.0 Descriptors.
// https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/microsoft-defined-usb-descriptors // https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/microsoft-defined-usb-descriptors
if ( !(index < sizeof(string_desc_arr)/sizeof(string_desc_arr[0])) ) if ( !(index < sizeof(string_desc_arr)/sizeof(string_desc_arr[0])) )
return NULL; return NULL;
const char* str = string_desc_arr[index]; const char* str = string_desc_arr[index];
@@ -194,7 +218,7 @@ uint16_t const* tud_descriptor_string_cb(uint8_t index, uint16_t langid)
} }
chr_count = strlen(str); chr_count = strlen(str);
if ( chr_count > 31 ) if ( chr_count > 31 )
chr_count = 31; chr_count = 31;
// Convert ASCII string into UTF-16 // Convert ASCII string into UTF-16

46
src/usb/ccid/usb_descriptors.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef USB_DESCRIPTORS_H_
#define USB_DESCRIPTORS_H_
struct ccid_class_descriptor {
uint8_t bLength;
uint8_t bDescriptorType;
uint16_t bcdCCID;
uint8_t bMaxSlotIndex;
uint8_t bVoltageSupport;
uint32_t dwProtocols;
uint32_t dwDefaultClock;
uint32_t dwMaximumClock;
uint8_t bNumClockSupport;
uint32_t dwDataRate;
uint32_t dwMaxDataRate;
uint8_t bNumDataRatesSupported;
uint32_t dwMaxIFSD;
uint32_t dwSynchProtocols;
uint32_t dwMechanical;
uint32_t dwFeatures;
uint32_t dwMaxCCIDMessageLength;
uint8_t bClassGetResponse;
uint8_t bclassEnvelope;
uint16_t wLcdLayout;
uint8_t bPINSupport;
uint8_t bMaxCCIDBusySlots;
} __attribute__ ((__packed__));
#endif /* USB_DESCRIPTORS_H_ */

141
src/usb/hid/hid.c Normal file
View File

@@ -0,0 +1,141 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "tusb.h"
#include "u2f_hid.h"
#include "hsm.h"
#include "hsm_version.h"
#include "apdu.h"
#include "usb.h"
static bool mounted = false;
void tud_mount_cb()
{
mounted = true;
}
bool driver_mounted() {
return mounted;
}
U2FHID_FRAME *u2f_req, *u2f_resp;
int driver_init() {
tud_init(BOARD_TUD_RHPORT);
u2f_req = (U2FHID_FRAME *)usb_get_rx();
apdu.header = u2f_req->init.data;
u2f_resp = (U2FHID_FRAME *)usb_get_tx();
apdu.rdata = u2f_resp->init.data;
return 0;
}
void driver_task() {
tud_task(); // tinyusb device task
}
//--------------------------------------------------------------------+
// USB HID
//--------------------------------------------------------------------+
// Invoked when received GET_REPORT control request
// Application must fill buffer report's content and return its length.
// Return zero will cause the stack to STALL request
uint16_t tud_hid_get_report_cb(uint8_t itf, uint8_t report_id, hid_report_type_t report_type, uint8_t* buffer, uint16_t reqlen)
{
// TODO not Implemented
(void) itf;
(void) report_id;
(void) report_type;
(void) buffer;
(void) reqlen;
printf("get_report\n");
DEBUG_PAYLOAD(buffer, reqlen);
return 0;
}
int driver_write(const uint8_t *buffer, size_t buffer_size) {
return tud_hid_report(0, buffer, buffer_size);
}
size_t driver_read(uint8_t *buffer, size_t buffer_size) {
return 0;
}
// Invoked when received SET_REPORT control request or
// received data on OUT endpoint ( Report ID = 0, Type = 0 )
void tud_hid_set_report_cb(uint8_t itf, uint8_t report_id, hid_report_type_t report_type, uint8_t const* buffer, uint16_t bufsize)
{
// This example doesn't use multiple report and report ID
(void) itf;
(void) report_id;
(void) report_type;
printf("set report\n");
usb_rx(buffer, bufsize);
}
void hid_write_offset(uint16_t size, uint16_t offset) {
if (*usb_get_tx() != 0x81)
DEBUG_PAYLOAD(usb_get_tx()+offset,size+10);
usb_write_offset(size, offset);
}
void hid_write(uint16_t size) {
hid_write_offset(size, 0);
}
int driver_process_usb_packet(uint16_t read) {
if (read >= 10)
{
if (FRAME_TYPE(u2f_req) == TYPE_INIT) {
printf("command %x\n", FRAME_CMD(u2f_req));
printf("len %d\n", MSG_LEN(u2f_req));
DEBUG_PAYLOAD(u2f_req->init.data, MSG_LEN(u2f_req));
}
if (u2f_req->init.cmd == U2FHID_INIT) {
U2FHID_INIT_REQ *req = (U2FHID_INIT_REQ *)u2f_req->init.data;
U2FHID_INIT_RESP *resp = (U2FHID_INIT_RESP *)u2f_resp->init.data;
memcpy(resp->nonce, req->nonce, sizeof(resp->nonce));
resp->cid = 0x01000000;
resp->versionInterface = U2FHID_IF_VERSION;
resp->versionMajor = HSM_SDK_VERSION_MAJOR;
resp->versionMinor = HSM_SDK_VERSION_MINOR;
resp->capFlags = CAPFLAG_WINK;
u2f_resp->cid = CID_BROADCAST;
u2f_resp->init.cmd = U2FHID_INIT;
u2f_resp->init.bcntl = 17;
u2f_resp->init.bcnth = 0;
hid_write(64);
DEBUG_PAYLOAD((uint8_t *)u2f_resp, u2f_resp->init.bcntl+7);
}
// echo back anything we received from host
//tud_hid_report(0, buffer, bufsize);
printf("END\n");
usb_clear_rx();
}
return 0;
}
void driver_exec_timeout() {
}
void driver_exec_finished(size_t size_next) {
}

115
src/usb/hid/tusb_config.h Normal file
View File

@@ -0,0 +1,115 @@
/*
* The MIT License (MIT)
*
* Copyright (c) 2019 Ha Thach (tinyusb.org)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/
#ifndef _TUSB_CONFIG_H_
#define _TUSB_CONFIG_H_
#ifdef __cplusplus
extern "C" {
#endif
//--------------------------------------------------------------------+
// Board Specific Configuration
//--------------------------------------------------------------------+
// RHPort number used for device can be defined by board.mk, default to port 0
#ifndef BOARD_TUD_RHPORT
#define BOARD_TUD_RHPORT 0
#endif
// RHPort max operational speed can defined by board.mk
#ifndef BOARD_TUD_MAX_SPEED
#define BOARD_TUD_MAX_SPEED OPT_MODE_DEFAULT_SPEED
#endif
//--------------------------------------------------------------------
// COMMON CONFIGURATION
//--------------------------------------------------------------------
// defined by compiler flags for flexibility
#ifndef CFG_TUSB_MCU
#error CFG_TUSB_MCU must be defined
#endif
#if CFG_TUSB_MCU == OPT_MCU_LPC18XX || CFG_TUSB_MCU == OPT_MCU_LPC43XX || CFG_TUSB_MCU == OPT_MCU_MIMXRT10XX || \
CFG_TUSB_MCU == OPT_MCU_NUC505 || CFG_TUSB_MCU == OPT_MCU_CXD56
#define CFG_TUSB_RHPORT0_MODE (OPT_MODE_DEVICE | OPT_MODE_HIGH_SPEED)
#else
#define CFG_TUSB_RHPORT0_MODE OPT_MODE_DEVICE
#endif
#ifndef CFG_TUSB_OS
#define CFG_TUSB_OS OPT_OS_PICO
#endif
#ifndef CFG_TUSB_DEBUG
#define CFG_TUSB_DEBUG 1
#endif
// Enable Device stack
#define CFG_TUD_ENABLED 1
// Default is max speed that hardware controller could support with on-chip PHY
#define CFG_TUD_MAX_SPEED BOARD_TUD_MAX_SPEED
/* USB DMA on some MCUs can only access a specific SRAM region with restriction on alignment.
* Tinyusb use follows macros to declare transferring memory so that they can be put
* into those specific section.
* e.g
* - CFG_TUSB_MEM SECTION : __attribute__ (( section(".usb_ram") ))
* - CFG_TUSB_MEM_ALIGN : __attribute__ ((aligned(4)))
*/
#ifndef CFG_TUSB_MEM_SECTION
#define CFG_TUSB_MEM_SECTION
#endif
#ifndef CFG_TUSB_MEM_ALIGN
#define CFG_TUSB_MEM_ALIGN __attribute__ ((aligned(4)))
#endif
//--------------------------------------------------------------------
// DEVICE CONFIGURATION
//--------------------------------------------------------------------
#ifndef CFG_TUD_ENDPOINT0_SIZE
#define CFG_TUD_ENDPOINT0_SIZE 64
#endif
//------------- CLASS -------------//
#define CFG_TUD_CDC 0
#define CFG_TUD_MSC 0
#define CFG_TUD_HID 1
#define CFG_TUD_MIDI 0
#define CFG_TUD_VENDOR 0
// HID buffer size Should be sufficient to hold ID (if any) + Data
#define CFG_TUD_HID_EP_BUFSIZE 64
#ifdef __cplusplus
}
#endif
#endif /* _TUSB_CONFIG_H_ */

107
src/usb/hid/u2f.h Normal file
View File

@@ -0,0 +1,107 @@
// Common U2F raw message format header - Review Draft
// 2014-10-08
// Editor: Jakob Ehrensvard, Yubico, jakob@yubico.com
#ifndef __U2F_H_INCLUDED__
#define __U2F_H_INCLUDED__
#ifdef _MSC_VER // Windows
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
typedef unsigned long int uint64_t;
#else
#include <stdint.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
// General constants
#define U2F_EC_KEY_SIZE 32 // EC key size in bytes
#define U2F_EC_POINT_SIZE ((U2F_EC_KEY_SIZE * 2) + 1) // Size of EC point
#define U2F_MAX_KH_SIZE 128 // Max size of key handle
#define U2F_MAX_ATT_CERT_SIZE 2048 // Max size of attestation certificate
#define U2F_MAX_EC_SIG_SIZE 72 // Max size of DER coded EC signature
#define U2F_CTR_SIZE 4 // Size of counter field
#define U2F_APPID_SIZE 32 // Size of application id
#define U2F_CHAL_SIZE 32 // Size of challenge
#define ENC_SIZE(x) ((x + 7) & 0xfff8)
// EC (uncompressed) point
#define U2F_POINT_UNCOMPRESSED 0x04 // Uncompressed point format
typedef struct {
uint8_t pointFormat; // Point type
uint8_t x[U2F_EC_KEY_SIZE]; // X-value
uint8_t y[U2F_EC_KEY_SIZE]; // Y-value
} U2F_EC_POINT;
// U2F native commands
#define U2F_REGISTER 0x01 // Registration command
#define U2F_AUTHENTICATE 0x02 // Authenticate/sign command
#define U2F_VERSION 0x03 // Read version string command
#define U2F_VENDOR_FIRST 0x40 // First vendor defined command
#define U2F_VENDOR_LAST 0xbf // Last vendor defined command
// U2F_CMD_REGISTER command defines
#define U2F_REGISTER_ID 0x05 // Version 2 registration identifier
#define U2F_REGISTER_HASH_ID 0x00 // Version 2 hash identintifier
typedef struct {
uint8_t chal[U2F_CHAL_SIZE]; // Challenge
uint8_t appId[U2F_APPID_SIZE]; // Application id
} U2F_REGISTER_REQ;
typedef struct {
uint8_t registerId; // Registration identifier (U2F_REGISTER_ID_V2)
U2F_EC_POINT pubKey; // Generated public key
uint8_t keyHandleLen; // Length of key handle
uint8_t keyHandleCertSig[
U2F_MAX_KH_SIZE + // Key handle
U2F_MAX_ATT_CERT_SIZE + // Attestation certificate
U2F_MAX_EC_SIG_SIZE]; // Registration signature
} U2F_REGISTER_RESP;
// U2F_CMD_AUTHENTICATE command defines
// Authentication control byte
#define U2F_AUTH_ENFORCE 0x03 // Enforce user presence and sign
#define U2F_AUTH_CHECK_ONLY 0x07 // Check only
#define U2F_AUTH_FLAG_TUP 0x01 // Test of user presence set
typedef struct {
uint8_t chal[U2F_CHAL_SIZE]; // Challenge
uint8_t appId[U2F_APPID_SIZE]; // Application id
uint8_t keyHandleLen; // Length of key handle
uint8_t keyHandle[U2F_MAX_KH_SIZE]; // Key handle
} U2F_AUTHENTICATE_REQ;
typedef struct {
uint8_t flags; // U2F_AUTH_FLAG_ values
uint8_t ctr[U2F_CTR_SIZE]; // Counter field (big-endian)
uint8_t sig[U2F_MAX_EC_SIG_SIZE]; // Signature
} U2F_AUTHENTICATE_RESP;
// Command status responses
#define U2F_SW_NO_ERROR 0x9000 // SW_NO_ERROR
#define U2F_SW_WRONG_DATA 0x6A80 // SW_WRONG_DATA
#define U2F_SW_CONDITIONS_NOT_SATISFIED 0x6985 // SW_CONDITIONS_NOT_SATISFIED
#define U2F_SW_COMMAND_NOT_ALLOWED 0x6986 // SW_COMMAND_NOT_ALLOWED
#define U2F_SW_INS_NOT_SUPPORTED 0x6D00 // SW_INS_NOT_SUPPORTED
#ifdef __cplusplus
}
#endif
#endif // __U2F_H_INCLUDED__

127
src/usb/hid/u2f_hid.h Normal file
View File

@@ -0,0 +1,127 @@
// Common U2F HID transport header - Review Draft
// 2014-10-08
// Editor: Jakob Ehrensvard, Yubico, jakob@yubico.com
#ifndef __U2FHID_H_INCLUDED__
#define __U2FHID_H_INCLUDED__
#ifdef _MSC_VER // Windows
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
typedef unsigned long int uint64_t;
#else
#include <stdint.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
// Size of HID reports
#define HID_RPT_SIZE 64 // Default size of raw HID report
// Frame layout - command- and continuation frames
#define CID_BROADCAST 0xffffffff // Broadcast channel id
#define TYPE_MASK 0x80 // Frame type mask
#define TYPE_INIT 0x80 // Initial frame identifier
#define TYPE_CONT 0x00 // Continuation frame identifier
typedef struct {
uint32_t cid; // Channel identifier
union {
uint8_t type; // Frame type - b7 defines type
struct {
uint8_t cmd; // Command - b7 set
uint8_t bcnth; // Message byte count - high part
uint8_t bcntl; // Message byte count - low part
uint8_t data[HID_RPT_SIZE - 7]; // Data payload
} init;
struct {
uint8_t seq; // Sequence number - b7 cleared
uint8_t data[HID_RPT_SIZE - 5]; // Data payload
} cont;
};
}__packed U2FHID_FRAME;
#define FRAME_TYPE(f) ((f)->type & TYPE_MASK)
#define FRAME_CMD(f) ((f)->init.cmd & ~TYPE_MASK)
#define MSG_LEN(f) ((f)->init.bcnth*256 + (f)->init.bcntl)
#define FRAME_SEQ(f) ((f)->cont.seq & ~TYPE_MASK)
// HID usage- and usage-page definitions
#define FIDO_USAGE_PAGE 0xf1d0 // FIDO alliance HID usage page
#define FIDO_USAGE_U2FHID 0x01 // U2FHID usage for top-level collection
#define FIDO_USAGE_DATA_IN 0x20 // Raw IN data report
#define FIDO_USAGE_DATA_OUT 0x21 // Raw OUT data report
// General constants
#define U2FHID_IF_VERSION 2 // Current interface implementation version
#define U2FHID_TRANS_TIMEOUT 3000 // Default message timeout in ms
// U2FHID native commands
#define U2FHID_PING (TYPE_INIT | 0x01) // Echo data through local processor only
#define U2FHID_MSG (TYPE_INIT | 0x03) // Send U2F message frame
#define U2FHID_LOCK (TYPE_INIT | 0x04) // Send lock channel command
#define U2FHID_INIT (TYPE_INIT | 0x06) // Channel initialization
#define U2FHID_WINK (TYPE_INIT | 0x08) // Send device identification wink
#define U2FHID_SYNC (TYPE_INIT | 0x3c) // Protocol resync command
#define U2FHID_ERROR (TYPE_INIT | 0x3f) // Error response
#define U2FHID_VENDOR_FIRST (TYPE_INIT | 0x40) // First vendor defined command
#define U2FHID_VENDOR_LAST (TYPE_INIT | 0x7f) // Last vendor defined command
// U2FHID_INIT command defines
#define INIT_NONCE_SIZE 8 // Size of channel initialization challenge
#define CAPFLAG_WINK 0x01 // Device supports WINK command
typedef struct {
uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce
}__packed U2FHID_INIT_REQ;
typedef struct {
uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce
uint32_t cid; // Channel identifier
uint8_t versionInterface; // Interface version
uint8_t versionMajor; // Major version number
uint8_t versionMinor; // Minor version number
uint8_t versionBuild; // Build version number
uint8_t capFlags; // Capabilities flags
}__packed U2FHID_INIT_RESP;
// U2FHID_SYNC command defines
typedef struct {
uint8_t nonce; // Client application nonce
} U2FHID_SYNC_REQ;
typedef struct {
uint8_t nonce; // Client application nonce
} U2FHID_SYNC_RESP;
// Low-level error codes. Return as negatives.
#define ERR_NONE 0x00 // No error
#define ERR_INVALID_CMD 0x01 // Invalid command
#define ERR_INVALID_PAR 0x02 // Invalid parameter
#define ERR_INVALID_LEN 0x03 // Invalid message length
#define ERR_INVALID_SEQ 0x04 // Invalid message sequencing
#define ERR_MSG_TIMEOUT 0x05 // Message has timed out
#define ERR_CHANNEL_BUSY 0x06 // Channel busy
#define ERR_LOCK_REQUIRED 0x0a // Command requires channel lock
#define ERR_SYNC_FAIL 0x0b // SYNC command failed
#define ERR_OTHER 0x7f // Other unspecified error
#ifdef __cplusplus
}
#endif
#endif // __U2FHID_H_INCLUDED__

192
src/usb/hid/usb_descriptors.c Normal file
View File

@@ -0,0 +1,192 @@
/*
* The MIT License (MIT)
*
* Copyright (c) 2019 Ha Thach (tinyusb.org)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/
#include "tusb.h"
#include "u2f_hid.h"
/* A combination of interfaces must have a unique product id, since PC will save device driver after the first plug.
* Same VID/PID with different interface e.g MSC (first), then CDC (later) will possibly cause system error on PC.
*
* Auto ProductID layout's Bitmap:
* [MSB] HID | MSC | CDC [LSB]
*/
//--------------------------------------------------------------------+
// Device Descriptors
//--------------------------------------------------------------------+
tusb_desc_device_t const desc_device =
{
.bLength = sizeof(tusb_desc_device_t),
.bDescriptorType = TUSB_DESC_DEVICE,
.bcdUSB = 0x0200,
.bDeviceClass = 0x00,
.bDeviceSubClass = 0x00,
.bDeviceProtocol = 0x00,
.bMaxPacketSize0 = CFG_TUD_ENDPOINT0_SIZE,
.idVendor = 0xCafe,
.idProduct = 0x4231,
.bcdDevice = 0x0100,
.iManufacturer = 0x01,
.iProduct = 0x02,
.iSerialNumber = 0x03,
.bNumConfigurations = 0x01
};
// Invoked when received GET DEVICE DESCRIPTOR
// Application return pointer to descriptor
uint8_t const * tud_descriptor_device_cb(void)
{
return (uint8_t const *) &desc_device;
}
//--------------------------------------------------------------------+
// HID Report Descriptor
//--------------------------------------------------------------------+
#define TUD_HID_REPORT_DESC_U2F(report_size, ...) \
HID_USAGE_PAGE_N ( FIDO_USAGE_PAGE, 2 ),\
HID_USAGE ( FIDO_USAGE_U2FHID ),\
HID_COLLECTION ( HID_COLLECTION_APPLICATION ),\
/* Report ID if any */\
__VA_ARGS__ \
/* Input */ \
HID_USAGE ( FIDO_USAGE_DATA_IN ),\
HID_LOGICAL_MIN ( 0x00 ),\
HID_LOGICAL_MAX_N ( 0xff, 2 ),\
HID_REPORT_SIZE ( 8 ),\
HID_REPORT_COUNT( report_size ),\
HID_INPUT ( HID_DATA | HID_VARIABLE | HID_ABSOLUTE ),\
/* Output */ \
HID_USAGE ( FIDO_USAGE_DATA_OUT ),\
HID_LOGICAL_MIN ( 0x00 ),\
HID_LOGICAL_MAX_N ( 0xff, 2 ),\
HID_REPORT_SIZE ( 8 ),\
HID_REPORT_COUNT( report_size ),\
HID_OUTPUT ( HID_DATA | HID_VARIABLE | HID_ABSOLUTE ),\
HID_COLLECTION_END \
uint8_t const desc_hid_report[] =
{
TUD_HID_REPORT_DESC_U2F(CFG_TUD_HID_EP_BUFSIZE)
};
// Invoked when received GET HID REPORT DESCRIPTOR
// Application return pointer to descriptor
// Descriptor contents must exist long enough for transfer to complete
uint8_t const * tud_hid_descriptor_report_cb(uint8_t itf)
{
printf("report_cb %d\n", itf);
return desc_hid_report;
}
//--------------------------------------------------------------------+
// Configuration Descriptor
//--------------------------------------------------------------------+
enum
{
ITF_NUM_HID,
ITF_NUM_TOTAL
};
#define CONFIG_TOTAL_LEN (TUD_CONFIG_DESC_LEN + TUD_HID_INOUT_DESC_LEN)
#define EPNUM_HID 0x01
uint8_t const desc_configuration[] =
{
// Config number, interface count, string index, total length, attribute, power in mA
TUD_CONFIG_DESCRIPTOR(1, ITF_NUM_TOTAL, 0, CONFIG_TOTAL_LEN, 0x00, 100),
// Interface number, string index, protocol, report descriptor len, EP In & Out address, size & polling interval
TUD_HID_INOUT_DESCRIPTOR(ITF_NUM_HID, 0, HID_ITF_PROTOCOL_NONE, sizeof(desc_hid_report), EPNUM_HID, 0x80 | EPNUM_HID, CFG_TUD_HID_EP_BUFSIZE, 10)
};
// Invoked when received GET CONFIGURATION DESCRIPTOR
// Application return pointer to descriptor
// Descriptor contents must exist long enough for transfer to complete
uint8_t const * tud_descriptor_configuration_cb(uint8_t index)
{
(void) index; // for multiple configurations
return desc_configuration;
}
//--------------------------------------------------------------------+
// String Descriptors
//--------------------------------------------------------------------+
// array of pointer to string descriptors
char const* string_desc_arr [] =
{
(const char[]) { 0x09, 0x04 }, // 0: is supported language is English (0x0409)
"TinyUSB", // 1: Manufacturer
"TinyUSB Device", // 2: Product
"123456", // 3: Serials, should use chip ID
};
static uint16_t _desc_str[32];
// Invoked when received GET STRING DESCRIPTOR request
// Application return pointer to descriptor, whose contents must exist long enough for transfer to complete
uint16_t const* tud_descriptor_string_cb(uint8_t index, uint16_t langid)
{
(void) langid;
uint8_t chr_count;
if ( index == 0)
{
memcpy(&_desc_str[1], string_desc_arr[0], 2);
chr_count = 1;
}else
{
// Note: the 0xEE index string is a Microsoft OS 1.0 Descriptors.
// https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/microsoft-defined-usb-descriptors
if ( !(index < sizeof(string_desc_arr)/sizeof(string_desc_arr[0])) ) return NULL;
const char* str = string_desc_arr[index];
// Cap at max char
chr_count = (uint8_t) strlen(str);
if ( chr_count > 31 ) chr_count = 31;
// Convert ASCII string into UTF-16
for(uint8_t i=0; i<chr_count; i++)
{
_desc_str[1+i] = str[i];
}
}
// first byte is length (including header), second byte is string type
_desc_str[0] = (uint16_t) ((TUSB_DESC_STRING << 8 ) | (2*chr_count + 2));
return _desc_str;
}

284
src/usb/usb.c Normal file
View File

@@ -0,0 +1,284 @@
/*
* This file is part of the Pico HSM SDK distribution (https://github.com/polhenarejos/pico-hsm-sdk).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "pico/unique_id.h"
#include <stdio.h>
// Pico
#include "pico/stdlib.h"
#include "pico/multicore.h"
#include "tusb.h"
#include "hsm.h"
#include "usb.h"
#include "apdu.h"
#include "bsp/board.h"
// For memcpy
#include <string.h>
#include <stdlib.h>
// Device specific functions
static uint8_t rx_buffer[4096], tx_buffer[4096];
static uint16_t w_offset = 0, r_offset = 0;
static uint16_t w_len = 0, tx_r_offset = 0;
uint32_t usb_write_offset(uint16_t len, uint16_t offset) {
uint8_t pkt_max = 64;
if (len > sizeof(tx_buffer))
len = sizeof(tx_buffer);
w_len = len;
tx_r_offset = offset;
driver_write(tx_buffer+offset, MIN(len, pkt_max));
w_len -= MIN(len, pkt_max);
tx_r_offset += MIN(len, pkt_max);
return MIN(w_len, pkt_max);
}
size_t usb_rx(const uint8_t *buffer, size_t len) {
uint16_t size = MIN(sizeof(rx_buffer) - w_offset, len);
if (size > 0) {
if (buffer == NULL)
size = driver_read(rx_buffer + w_offset, size);
else
memcpy(rx_buffer + w_offset, buffer, size);
w_offset += size;
}
return size;
}
uint32_t usb_write_flush() {
if (w_len > 0) {
driver_write(tx_buffer+tx_r_offset, MIN(w_len, 64));
tx_r_offset += MIN(w_len, 64);
w_len -= MIN(w_len, 64);
}
return w_len;
}
uint32_t usb_write(uint16_t len) {
return usb_write_offset(len, 0);
}
uint16_t usb_read_available() {
return w_offset - r_offset;
}
uint16_t usb_write_available() {
return w_len > 0;
}
uint8_t *usb_get_rx() {
return rx_buffer;
}
uint8_t *usb_get_tx() {
return tx_buffer;
}
void usb_clear_rx() {
w_offset = r_offset = 0;
}
uint16_t usb_read(uint8_t *buffer, size_t buffer_size) {
uint16_t size = MIN(buffer_size, w_offset-r_offset);
if (size > 0) {
memcpy(buffer, rx_buffer+r_offset, size);
r_offset += size;
if (r_offset == w_offset) {
r_offset = w_offset = 0;
}
return size;
}
return 0;
}
#ifndef USB_VID
#define USB_VID 0xFEFF
#endif
#ifndef USB_PID
#define USB_PID 0xFCFD
#endif
#define USB_BCD 0x0200
uint32_t timeout = 0;
queue_t usb_to_card_q;
queue_t card_to_usb_q;
void usb_init() {
queue_init(&card_to_usb_q, sizeof(uint32_t), 64);
queue_init(&usb_to_card_q, sizeof(uint32_t), 64);
driver_init();
}
static int usb_event_handle() {
uint16_t rx_read = usb_read_available();
if (driver_process_usb_packet(rx_read) > 0) {
uint32_t flag = EV_CMD_AVAILABLE;
queue_add_blocking(&usb_to_card_q, &flag);
timeout_start();
}
return 0;
}
static void card_init_core1(void) {
//gpg_data_scan (flash_do_start, flash_do_end);
low_flash_init_core1();
}
void card_thread() {
card_init_core1();
while (1) {
uint32_t m;
queue_remove_blocking(&usb_to_card_q, &m);
if (m == EV_VERIFY_CMD_AVAILABLE || m == EV_MODIFY_CMD_AVAILABLE)
{
set_res_sw (0x6f, 0x00);
goto done;
}
else if (m == EV_EXIT) {
if (current_app && current_app->unload) {
current_app->unload();
}
break;
}
process_apdu();
done:;
uint32_t flag = EV_EXEC_FINISHED;
queue_add_blocking(&card_to_usb_q, &flag);
}
//printf("EXIT !!!!!!\r\n");
if (current_app && current_app->unload)
current_app->unload();
}
void card_thread();
void card_start()
{
multicore_reset_core1();
multicore_launch_core1(card_thread);
led_set_blink(BLINK_MOUNTED);
}
void card_exit() {
uint32_t flag = EV_EXIT;
queue_try_add(&usb_to_card_q, &flag);
led_set_blink(BLINK_SUSPENDED);
}
void usb_task() {
if (driver_mounted()) {
if (usb_event_handle() != 0) {
}
usb_write_flush();
uint32_t m = 0x0;
bool has_m = queue_try_remove(&card_to_usb_q, &m);
//if (m != 0)
// printf("\r\n ------ M = %lu\r\n",m);
if (has_m) {
if (m == EV_EXEC_FINISHED) {
apdu_finish();
size_t size_next = apdu_next();
driver_exec_finished(size_next);
led_set_blink(BLINK_MOUNTED);
}
else if (m == EV_PRESS_BUTTON) {
uint32_t flag = wait_button() ? EV_BUTTON_TIMEOUT : EV_BUTTON_PRESSED;
queue_try_add(&usb_to_card_q, &flag);
}
/*
if (m == EV_RX_DATA_READY) {
c->ccid_state = ccid_handle_data(c);
timeout = 0;
c->timeout_cnt = 0;
}
else if (m == EV_EXEC_FINISHED) {
if (c->ccid_state == CCID_STATE_EXECUTE) {
exec_done:
if (c->a->sw == CCID_THREAD_TERMINATED) {
c->sw1sw2[0] = 0x90;
c->sw1sw2[1] = 0x00;
c->state = APDU_STATE_RESULT;
ccid_send_data_block(c);
c->ccid_state = CCID_STATE_EXITED;
c->application = 0;
return;
}
c->a->cmd_apdu_data_len = 0;
c->sw1sw2[0] = c->a->sw >> 8;
c->sw1sw2[1] = c->a->sw & 0xff;
if (c->a->res_apdu_data_len <= c->a->expected_res_size) {
c->state = APDU_STATE_RESULT;
ccid_send_data_block(c);
c->ccid_state = CCID_STATE_WAIT;
}
else {
c->state = APDU_STATE_RESULT_GET_RESPONSE;
c->p = c->a->res_apdu_data;
c->len = c->a->res_apdu_data_len;
ccid_send_data_block_gr(c, c->a->expected_res_size);
c->ccid_state = CCID_STATE_WAIT;
}
}
else {
DEBUG_INFO ("ERR05\r\n");
}
led_set_blink(BLINK_MOUNTED);
}
else if (m == EV_TX_FINISHED){
if (c->state == APDU_STATE_RESULT)
ccid_reset(c);
else
c->tx_busy = 0;
if (c->state == APDU_STATE_WAIT_COMMAND || c->state == APDU_STATE_COMMAND_CHAINING || c->state == APDU_STATE_RESULT_GET_RESPONSE)
ccid_prepare_receive(c);
}
*/
}
else {
if (timeout > 0) {
if (timeout + 1500 < board_millis()) {
driver_exec_timeout();
timeout = board_millis();
}
}
}
}
}
void timeout_stop() {
timeout = 0;
}
void timeout_start() {
timeout = board_millis();
}
uint8_t *usb_prepare_response() {
return driver_prepare_response();
}

59
src/usb/usb.h Normal file
View File

@@ -0,0 +1,59 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _USB_H_
#define _USB_H_
#include "pico/util/queue.h"
/* USB thread */
#define EV_CARD_CHANGE 1
#define EV_TX_FINISHED 2
#define EV_EXEC_ACK_REQUIRED 4
#define EV_EXEC_FINISHED 8
#define EV_RX_DATA_READY 16
#define EV_PRESS_BUTTON 32
/* Card thread */
#define EV_MODIFY_CMD_AVAILABLE 1
#define EV_VERIFY_CMD_AVAILABLE 2
#define EV_CMD_AVAILABLE 4
#define EV_EXIT 8
#define EV_BUTTON_TIMEOUT 16
#define EV_BUTTON_PRESSED 32
extern void usb_task();
extern queue_t usb_to_card_q;
extern queue_t card_to_usb_q;
extern int driver_process_usb_packet(uint16_t rx_read);
extern void driver_exec_finished(size_t size_next);
extern void driver_exec_finished_cont(size_t size_next, size_t offset);
extern void driver_exec_timeout();
extern bool driver_mounted();
extern uint8_t *driver_prepare_response();
extern void card_start();
extern void card_exit();
extern void usb_init();
extern uint8_t *usb_prepare_response();
extern void timeout_stop();
extern void timeout_start();
extern uint8_t *usb_get_rx();
extern uint8_t *usb_get_tx();
extern uint32_t usb_write_offset(uint16_t len, uint16_t offset);
extern void usb_clear_rx();
#endif

29
src/usb/usb_descriptors.h
View File

@@ -1,29 +0,0 @@
/*
* This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef USB_DESCRIPTORS_H_
#define USB_DESCRIPTORS_H_
enum
{
VENDOR_REQUEST_WEBUSB = 1,
VENDOR_REQUEST_MICROSOFT = 2
};
extern uint8_t const desc_ms_os_20[];
#endif /* USB_DESCRIPTORS_H_ */