Merge pull request #192 from solokeys/cap

Capacitive touch sensing
solokeys · May 13, 2019 · 1564df5 · 1564df5
2 parents 1f3db3f + 36876e1
commit 1564df5
Show file tree

Hide file tree

Showing 18 changed files with 1,103 additions and 57 deletions.
diff --git a/fido2/ctap.c b/fido2/ctap.c
@@ -458,7 +458,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
 
     int but;
 
-    but = ctap_user_presence_test();
+    but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
 
     if (!but)
     {
@@ -696,7 +696,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
     }
     if (MC.pinAuthEmpty)
     {
-        if (!ctap_user_presence_test())
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
         {
                 return CTAP2_ERR_OPERATION_DENIED;
         }
@@ -1132,7 +1132,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
 
     if (GA.pinAuthEmpty)
     {
-        if (!ctap_user_presence_test())
+        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
         {
                 return CTAP2_ERR_OPERATION_DENIED;
         }
@@ -1641,7 +1641,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
             break;
         case CTAP_RESET:
             printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
             {
                 ctap_reset();
             }
@@ -1759,7 +1759,7 @@ void ctap_init()
         exit(1);
     }
 
-    if (! device_is_nfc())
+    if (device_is_nfc() != NFC_IS_ACTIVE)
     {
         ctap_reset_key_agreement();
     }

diff --git a/fido2/ctap.h b/fido2/ctap.h
@@ -131,6 +131,8 @@
 #define PIN_LOCKOUT_ATTEMPTS        8       // Number of attempts total
 #define PIN_BOOT_ATTEMPTS           3       // number of attempts per boot
 
+#define CTAP2_UP_DELAY_MS           5000
+
 typedef struct
 {
     uint8_t id[USER_ID_MAX_SIZE];

diff --git a/fido2/device.h b/fido2/device.h
@@ -53,23 +53,23 @@ int device_is_button_pressed();
 
 // Test for user presence
 // Return 1 for user is present, 0 user not present, -1 if cancel is requested.
-extern int ctap_user_presence_test();
+int ctap_user_presence_test(uint32_t delay);
 
 // Generate @num bytes of random numbers to @dest
 // return 1 if success, error otherwise
-extern int ctap_generate_rng(uint8_t * dst, size_t num);
+int ctap_generate_rng(uint8_t * dst, size_t num);
 
 // Increment atomic counter and return it.
 // Must support two counters, @sel selects counter0 or counter1.
 uint32_t ctap_atomic_count(int sel);
 
 // Verify the user
 // return 1 if user is verified, 0 if not
-extern int ctap_user_verification(uint8_t arg);
+int ctap_user_verification(uint8_t arg);
 
 // Must be implemented by application
 // data is HID_MESSAGE_SIZE long in bytes
-extern void ctaphid_write_block(uint8_t * data);
+void ctaphid_write_block(uint8_t * data);
 
 
 // Resident key
@@ -99,9 +99,12 @@ typedef enum {
 // 2: fastest clock rate.  Generally for USB interface.
 void device_set_clock_rate(DEVICE_CLOCK_RATE param);
 
-// Returns 1 if operating in NFC mode.
-// 0 otherwise.
-bool device_is_nfc();
+// Returns NFC_IS_NA, NFC_IS_ACTIVE, or NFC_IS_AVAILABLE
+#define NFC_IS_NA        0
+#define NFC_IS_ACTIVE    1
+#define NFC_IS_AVAILABLE 2
+int device_is_nfc();
 
+void device_init_button();
 
 #endif
diff --git a/fido2/extensions/wallet.c b/fido2/extensions/wallet.c
@@ -85,7 +85,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -111,7 +111,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -133,7 +133,7 @@ int8_t wallet_pin(uint8_t subcmd, uint8_t * pinAuth, uint8_t * arg1, uint8_t * a
                 return CTAP2_ERR_NOT_ALLOWED;
             }
 
-            if (!ctap_user_presence_test())
+            if (!ctap_user_presence_test(5000))
             {
                 return CTAP2_ERR_OPERATION_DENIED;
             }
@@ -359,7 +359,7 @@ int16_t bridge_to_wallet(uint8_t * keyh, uint8_t klen)
                 }
             }
 
-            if (ctap_user_presence_test())
+            if (ctap_user_presence_test(5000))
             {
                 printf1(TAG_WALLET,"Reseting device!\n");
                 ctap_reset();

diff --git a/fido2/u2f.c b/fido2/u2f.c
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include "u2f.h"
 #include "ctap.h"
+#include "ctaphid.h"
 #include "crypto.h"
 #include "log.h"
 #include "device.h"
@@ -95,6 +96,8 @@ void u2f_request_ex(APDU_HEADER *req, uint8_t *payload, uint32_t len, CTAP_RESPO
 #endif
     }
 
+    device_set_status(CTAPHID_STATUS_IDLE);
+
 end:
     if (rcode != U2F_SW_NO_ERROR)
     {
@@ -202,7 +205,6 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid)
 }
 
 
-
 static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t control)
 {
 
@@ -238,9 +240,9 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
 	if (control == U2F_AUTHENTICATE_SIGN_NO_USER)
 		up = 0;
 
-	if(!device_is_nfc() && up)
+	if(up)
 	{
-		if (ctap_user_presence_test() == 0)
+		if (ctap_user_presence_test(750) == 0)
 		{
 			return U2F_SW_CONDITIONS_NOT_SATISFIED;
 		}
@@ -286,12 +288,9 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     const uint16_t attest_size = attestation_cert_der_size;
 
-	if(!device_is_nfc())
+	if ( ! ctap_user_presence_test(750))
 	{
-		if ( ! ctap_user_presence_test())
-		{
-			return U2F_SW_CONDITIONS_NOT_SATISFIED;
-		}
+		return U2F_SW_CONDITIONS_NOT_SATISFIED;
 	}
 
     if ( u2f_new_keypair(&key_handle, req->app, pubkey) == -1)
@@ -326,8 +325,6 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     dump_signature_der(sig);
 
-    /*printf1(TAG_U2F, "dersig: "); dump_hex1(TAG_U2F,sig,74);*/
-
 
     return U2F_SW_NO_ERROR;
 }

diff --git a/pc/device.c b/pc/device.c
@@ -293,7 +293,7 @@ void ctaphid_write_block(uint8_t * data)
 }
 
 
-int ctap_user_presence_test()
+int ctap_user_presence_test(uint32_t d)
 {
     return 1;
 }
@@ -624,7 +624,7 @@ void device_wink()
     printf("*WINK*\n");
 }
 
-bool device_is_nfc()
+int device_is_nfc()
 {
     return 0;
 }
diff --git a/targets/stm32l432/bootloader/main.c b/targets/stm32l432/bootloader/main.c
@@ -83,6 +83,8 @@ int main()
     init_debug_uart();
 #endif
 
+    device_init_button();
+
     printf1(TAG_GEN,"init device\n");
 
     t1 = millis();

diff --git a/targets/stm32l432/build/application.mk b/targets/stm32l432/build/application.mk
@@ -2,7 +2,7 @@ include build/common.mk
 
 # ST related
 SRC = src/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
-SRC += src/fifo.c src/crypto.c src/attestation.c src/nfc.c src/ams.c
+SRC += src/fifo.c src/crypto.c src/attestation.c src/nfc.c src/ams.c src/sense.c
 SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
 SRC += $(DRIVER_LIBS) $(USB_LIB)
 

diff --git a/targets/stm32l432/build/bootloader.mk b/targets/stm32l432/build/bootloader.mk
@@ -3,7 +3,7 @@ include build/common.mk
 # ST related
 SRC = bootloader/main.c bootloader/bootloader.c
 SRC += src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
-SRC += src/fifo.c src/crypto.c src/attestation.c
+SRC += src/fifo.c src/crypto.c src/attestation.c src/sense.c
 SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
 SRC += $(DRIVER_LIBS) $(USB_LIB)