dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Adding msg authenticate.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-09-05 16:48:18 +02:00
parent 888a1c92c5
commit cf68a6b61f
4 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/fido/cmd_authenticate.c Normal file
View File

@@ -0,0 +1,55 @@
/*
* This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "fido.h"
#include "hsm.h"
#include "apdu.h"
#include "u2f.h"
#include "mbedtls/ecdsa.h"
#include "random.h"
#include "files.h"
int cmd_authenticate() {
U2F_AUTHENTICATE_REQ *req = (U2F_AUTHENTICATE_REQ *)apdu.data;
U2F_AUTHENTICATE_RESP *resp = (U2F_AUTHENTICATE_RESP *)res_APDU;
if (scan_files() != CCID_OK)
return SW_EXEC_ERROR();
resp->flags = 0x1;
resp->ctr[0] = 0;
uint8_t hash[32], sig_base[U2F_APPID_SIZE+1+4+U2F_CHAL_SIZE];
memcpy(sig_base, req->appId, U2F_APPID_SIZE);
memcpy(sig_base+U2F_APPID_SIZE, &resp->flags, sizeof(uint8_t));
memcpy(sig_base + U2F_APPID_SIZE + 1, resp->ctr, 4);
memcpy(sig_base + U2F_APPID_SIZE + 1 + 4, req->chal, U2F_CHAL_SIZE);
int ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sig_base, sizeof(sig_base), hash);
if (ret != 0)
return SW_EXEC_ERROR();
mbedtls_ecdsa_context key;
mbedtls_ecdsa_init(&key);
ret = derive_key(req->appId, false, req->keyHandle, &key);
if (ret != CCID_OK) {
mbedtls_ecdsa_free(&key);
return SW_EXEC_ERROR();
}
size_t olen = 0;
ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *)resp->sig, U2F_MAX_EC_SIG_SIZE, &olen, random_gen, NULL);
mbedtls_ecdsa_free(&key);
if (ret != 0)
return SW_EXEC_ERROR();
res_APDU_size = 1 + 4 + olen;
return SW_OK();
}