diff --git a/pico-keys-sdk b/pico-keys-sdk index 242e357..6625678 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 242e357a7482573b565330356351b87811949c45 +Subproject commit 6625678c3059554ef9fc38c1fd0ff16fa4dbad3e diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index ede79a3..cc44cfc 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -258,7 +258,7 @@ int cbor_config(const uint8_t *data, size_t len) { uint8_t tmp[PHY_MAX_SIZE]; uint16_t tmp_len = 0; memset(tmp, 0, sizeof(tmp)); - if (phy_serialize_data(&phy_data, tmp, &tmp_len) != CCID_OK) { + if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) { CBOR_ERROR(CTAP2_ERR_PROCESSING); } file_put_data(ef_phy, tmp, tmp_len); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index ed1fddd..5640b2f 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -458,7 +458,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { uint8_t *p = (uint8_t *)user.parent.name.data + 5; if (memcmp(p, "CommissionProfile", 17) == 0) { ret = phy_unserialize_data(user.id.data, user.id.len, &phy_data); - if (ret == CCID_OK) { + if (ret == PICOKEY_OK) { file_put_data(ef_phy, user.id.data, user.id.len); } } diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 81e71a4..aecf75b 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -26,7 +26,7 @@ int cmd_authenticate() { CTAP_AUTHENTICATE_REQ *req = (CTAP_AUTHENTICATE_REQ *) apdu.data; CTAP_AUTHENTICATE_RESP *resp = (CTAP_AUTHENTICATE_RESP *) res_APDU; - //if (scan_files(true) != CCID_OK) + //if (scan_files(true) != PICOKEY_OK) // return SW_EXEC_ERROR(); if (apdu.nc < CTAP_CHAL_SIZE + CTAP_APPID_SIZE + 1 + 1) { return SW_WRONG_DATA(); @@ -55,7 +55,7 @@ int cmd_authenticate() { } } free(tmp_kh); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index e06df87..f62bf72 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -37,9 +37,9 @@ int u2f_select(app_t *a, uint8_t force) { if (cap_supported(CAP_U2F)) { a->process_apdu = u2f_process_apdu; a->unload = u2f_unload; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } INITIALIZER ( u2f_ctor ) { @@ -47,7 +47,7 @@ INITIALIZER ( u2f_ctor ) { } int u2f_unload() { - return CCID_OK; + return PICOKEY_OK; } const uint8_t *bogus_firefox = (const uint8_t *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; @@ -59,7 +59,7 @@ int cmd_register() { CTAP_REGISTER_RESP *resp = (CTAP_REGISTER_RESP *) res_APDU; resp->registerId = CTAP_REGISTER_ID; resp->keyHandleLen = KEY_HANDLE_LEN; - //if (scan_files(true) != CCID_OK) + //if (scan_files(true) != PICOKEY_OK) // return SW_EXEC_ERROR(); if (apdu.nc != CTAP_APPID_SIZE + CTAP_CHAL_SIZE) { return SW_WRONG_LENGTH(); @@ -77,7 +77,7 @@ int cmd_register() { mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); int ret = derive_key(req->appId, true, resp->keyHandleCertSig, MBEDTLS_ECP_DP_SECP256R1, &key); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } @@ -102,12 +102,12 @@ int cmd_register() { mbedtls_ecdsa_init(&key); uint8_t key_dev[32] = {0}; ret = load_keydev(key_dev); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, key_dev, 32); mbedtls_platform_zeroize(key_dev, sizeof(key_dev)); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } diff --git a/src/fido/fido.c b/src/fido/fido.c index cac3d3e..a929ae4 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -68,9 +68,9 @@ int fido_select(app_t *a, uint8_t force) { if (cap_supported(CAP_FIDO2)) { a->process_apdu = fido_process_apdu; a->unload = fido_unload; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } extern uint8_t (*get_version_major)(); @@ -86,7 +86,7 @@ INITIALIZER ( fido_ctor ) { } int fido_unload() { - return CCID_OK; + return PICOKEY_OK; } mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { @@ -178,7 +178,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe int load_keydev(uint8_t *key) { if (has_keydev_dec == false && !file_has_data(ef_keydev)) { - return CCID_ERR_MEMORY_FATAL; + return PICOKEY_ERR_MEMORY_FATAL; } if (has_keydev_dec == true) { @@ -187,14 +187,14 @@ int load_keydev(uint8_t *key) { else { memcpy(key, file_get_data(ef_keydev), file_get_size(ef_keydev)); #ifdef PICO_RP2350 - if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != CCID_OK) { - return CCID_EXEC_ERROR; + if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != PICOKEY_OK) { + return PICOKEY_EXEC_ERROR; } #endif } //return mkek_decrypt(key, file_get_size(ef_keydev)); - return CCID_OK; + return PICOKEY_OK; } int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_context *key) { @@ -234,7 +234,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur uint8_t outk[67] = { 0 }; //SECP521R1 key is 66 bytes length int r = 0; memset(outk, 0, sizeof(outk)); - if ((r = load_keydev(outk)) != CCID_OK) { + if ((r = load_keydev(outk)) != PICOKEY_OK) { printf("Error loading keydev: %d\n", r); return r; } @@ -298,7 +298,7 @@ int scan_files() { uint8_t kdata[64]; size_t key_size = 0; ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata)); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return ret; } #ifdef PICO_RP2350 @@ -307,7 +307,7 @@ int scan_files() { ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return ret; } printf(" done!\n"); @@ -372,7 +372,7 @@ int scan_files() { file_put_data(ef_largeblob, (const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", 17); } low_flash_available(); - return CCID_OK; + return PICOKEY_OK; } void scan_all() { diff --git a/src/fido/management.c b/src/fido/management.c index 57cd47c..1141658 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -42,7 +42,7 @@ int man_select(app_t *a, uint8_t force) { scan_all(); init_otp(); } - return CCID_OK; + return PICOKEY_OK; } INITIALIZER ( man_ctor ) { @@ -50,7 +50,7 @@ INITIALIZER ( man_ctor ) { } int man_unload() { - return CCID_OK; + return PICOKEY_OK; } bool cap_supported(uint16_t cap) { diff --git a/src/fido/oath.c b/src/fido/oath.c index b0c7cc4..8e396d1 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -100,9 +100,9 @@ int oath_select(app_t *a, uint8_t force) { res_APDU[res_APDU_size++] = 1; res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } INITIALIZER ( oath_ctor ) { @@ -110,7 +110,7 @@ INITIALIZER ( oath_ctor ) { } int oath_unload() { - return CCID_OK; + return PICOKEY_OK; } file_t *find_oath_cred(const uint8_t *name, size_t name_len) { @@ -337,7 +337,7 @@ int calculate_oath(uint8_t truncate, const uint8_t *key, size_t key_len, const u int r = mbedtls_md_hmac(md_info, key + 2, key_len - 2, chal, chal_len, hmac); size_t hmac_size = mbedtls_md_get_size(md_info); if (r != 0) { - return CCID_EXEC_ERROR; + return PICOKEY_EXEC_ERROR; } if (truncate == 0x01) { res_APDU[res_APDU_size++] = 4 + 1; @@ -354,7 +354,7 @@ int calculate_oath(uint8_t truncate, const uint8_t *key, size_t key_len, const u memcpy(res_APDU + res_APDU_size, hmac, hmac_size); res_APDU_size += (uint16_t)hmac_size; } apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } int cmd_calculate() { @@ -391,7 +391,7 @@ int cmd_calculate() { res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { @@ -466,7 +466,7 @@ int cmd_calculate_all() { else { res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { res_APDU[res_APDU_size++] = 1; res_APDU[res_APDU_size++] = key.data[1]; } @@ -581,7 +581,7 @@ int cmd_verify_hotp() { } int ret = calculate_oath(0x01, key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } uint32_t res_int = (res_APDU[2] << 24) | (res_APDU[3] << 16) | (res_APDU[4] << 8) | res_APDU[5]; diff --git a/src/fido/otp.c b/src/fido/otp.c index 67089b5..2970aeb 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -144,9 +144,9 @@ int otp_select(app_t *a, uint8_t force) { memmove(res_APDU, res_APDU + 1, 6); res_APDU_size = 6; apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } uint8_t modhex_tab[] = @@ -243,7 +243,7 @@ int otp_button_pressed(uint8_t slot) { { imf >> 56, imf >> 48, imf >> 40, imf >> 32, imf >> 24, imf >> 16, imf >> 8, imf & 0xff }; res_APDU_size = 0; int ret = calculate_oath(1, tmp_key, sizeof(tmp_key), chal, sizeof(chal)); - if (ret == CCID_OK) { + if (ret == PICOKEY_OK) { uint32_t base = otp_config->cfg_flags & OATH_HOTP8 ? 1e8 : 1e6; uint32_t number = (res_APDU[2] << 24) | (res_APDU[3] << 16) | (res_APDU[4] << 8) | res_APDU[5]; @@ -348,7 +348,7 @@ INITIALIZER( otp_ctor ) { } int otp_unload() { - return CCID_OK; + return PICOKEY_OK; } uint16_t otp_status() {