Skip to content

Commit

Permalink
src: Stop using G_io_apdu_buffer for response creation
Browse files Browse the repository at this point in the history
  • Loading branch information
Xavier Chapron committed May 2, 2024
1 parent aaa8e6d commit 0fcedc8
Show file tree
Hide file tree
Showing 10 changed files with 39 additions and 22 deletions.
7 changes: 7 additions & 0 deletions include/globals.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,13 @@ extern char rpID[65];

extern u2f_service_t G_io_u2f;

#ifdef TARGET_NANOS
// Spare RAM on Nanos
#define responseBuffer G_io_apdu_buffer
#else
extern uint8_t responseBuffer[IO_APDU_BUFFER_SIZE];
#endif

typedef struct ctap2_data_t {
union ctap2_data_u {
ctap2_register_data_t ctap2RegisterData;
Expand Down
1 change: 1 addition & 0 deletions include/u2f_process.h
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
#define __U2F_PROCESS_H__

typedef struct u2f_data_t {
uint8_t ins;
uint8_t challenge_param[32];
uint8_t application_param[32];
uint8_t nonce[CREDENTIAL_NONCE_SIZE];
Expand Down
14 changes: 7 additions & 7 deletions src/ctap2_client_pin.c
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,7 @@ static void handle_store_pin(u2f_service_t *service,
// Invalidate previous token and force the user to issue a GET_PIN_TOKEN command
authTokeninUse = false;

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(&G_io_u2f, 1);
}

Expand Down Expand Up @@ -444,12 +444,12 @@ static void ctap2_handle_get_pin_retries(u2f_service_t *service,
PRINTF("ctap2_handle_get_pin_retries\n");
CHECK_PIN_SET();

cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_add_map_header(&encoder, 1);
cbip_add_int(&encoder, TAG_RESP_RETRIES);
cbip_add_int(&encoder, N_u2f.pinRetries);

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(&G_io_u2f, 1 + encoder.offset);
}

Expand All @@ -473,7 +473,7 @@ static void ctap2_handle_get_key_agreement(u2f_service_t *service,
return;
}

cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_add_map_header(&encoder, 1);
cbip_add_int(&encoder, TAG_RESP_KEY_AGREEMENT);
status = encode_cose_key(&encoder, &publicKey, true);
Expand All @@ -482,7 +482,7 @@ static void ctap2_handle_get_key_agreement(u2f_service_t *service,
return;
}

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(&G_io_u2f, 1 + encoder.offset);
}

Expand Down Expand Up @@ -658,12 +658,12 @@ static void ctap2_handle_get_pin_token(u2f_service_t *service,
&encryptedLength);

// Generate the response
cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_add_map_header(&encoder, 1);
cbip_add_int(&encoder, TAG_RESP_PIN_TOKEN);
cbip_add_byte_string(&encoder, tokenEnc, encryptedLength);

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(&G_io_u2f, 1 + encoder.offset);
}

Expand Down
4 changes: 2 additions & 2 deletions src/ctap2_get_assertion.c
Original file line number Diff line number Diff line change
Expand Up @@ -881,7 +881,7 @@ void ctap2_get_assertion_confirm(uint16_t idx) {
// Build the response
status = sign_and_build_getAssert_authData(shared_ctx.sharedBuffer,
dataLen,
G_io_apdu_buffer + 1,
responseBuffer + 1,
CUSTOM_IO_APDU_BUFFER_SIZE - 1,
&credData);
if (status < 0) {
Expand All @@ -890,7 +890,7 @@ void ctap2_get_assertion_confirm(uint16_t idx) {
dataLen = status;
status = 0;

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;

exit:
if (status == 0) {
Expand Down
5 changes: 3 additions & 2 deletions src/ctap2_get_info.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include "ctap2.h"
#include "cbip_encode.h"
#include "config.h"
#include "globals.h"

#define CTAP_HEADER_SIZE 7

Expand All @@ -45,7 +46,7 @@ void ctap2_get_info_handle(u2f_service_t *service, uint8_t *buffer, uint16_t len

PRINTF("ctap2_get_info_handle\n");

cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);

cbip_add_map_header(&encoder, 6);

Expand Down Expand Up @@ -95,6 +96,6 @@ void ctap2_get_info_handle(u2f_service_t *service, uint8_t *buffer, uint16_t len
cbip_add_array_header(&encoder, 1);
cbip_add_int(&encoder, PIN_PROTOCOL_VERSION_V1);

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(service, 1 + encoder.offset);
}
4 changes: 2 additions & 2 deletions src/ctap2_make_credential.c
Original file line number Diff line number Diff line change
Expand Up @@ -692,7 +692,7 @@ void ctap2_make_credential_confirm() {
// Compute standard attestation then build CBOR response
status = sign_and_build_makeCred_response(shared_ctx.sharedBuffer,
dataLen,
G_io_apdu_buffer + 1,
responseBuffer + 1,
CUSTOM_IO_APDU_BUFFER_SIZE - 1);
if (status < 0) {
status = ERROR_OTHER;
Expand All @@ -701,7 +701,7 @@ void ctap2_make_credential_confirm() {
dataLen = status;
status = 0;

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;

exit:
if (status == 0) {
Expand Down
4 changes: 2 additions & 2 deletions src/ctap2_processing.c
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,9 @@ void send_cbor_error(u2f_service_t *service, uint8_t error) {

void send_cbor_response(u2f_service_t *service, uint32_t length) {
if (CMD_IS_OVER_U2F_CMD) {
io_send_response_pointer(G_io_apdu_buffer, length, SW_NO_ERROR);
io_send_response_pointer(responseBuffer, length, SW_NO_ERROR);
} else {
u2f_message_reply(service, CTAP2_CMD_CBOR, G_io_apdu_buffer, length);
u2f_message_reply(service, CTAP2_CMD_CBOR, responseBuffer, length);
}
}

Expand Down
2 changes: 1 addition & 1 deletion src/ctap2_reset.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ void ctap2_reset_handle(u2f_service_t *service, uint8_t *buffer, uint16_t length
void ctap2_reset_confirm() {
config_process_ctap2_reset();

G_io_apdu_buffer[0] = ERROR_NONE;
responseBuffer[0] = ERROR_NONE;
send_cbor_response(&G_io_u2f, 1);
}

Expand Down
6 changes: 6 additions & 0 deletions src/globals.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,9 @@ char rpID[65];

shared_ctx_t shared_ctx;
ctap2_ux_state_t ctap2UxState;

#ifdef TARGET_NANOS
// Spare RAM on Nanos
#else
uint8_t responseBuffer[IO_APDU_BUFFER_SIZE];
#endif
14 changes: 8 additions & 6 deletions src/u2f_processing.c
Original file line number Diff line number Diff line change
Expand Up @@ -425,19 +425,19 @@ static int u2f_process_user_presence_confirmed(void) {
uint16_t sw = SW_PROPRIETARY_INTERNAL;
uint16_t length = 0;

switch (G_io_apdu_buffer[OFFSET_INS]) {
switch (globals_get_u2f_data()->ins) {
case FIDO_INS_ENROLL:
sw = u2f_prepare_enroll_response(G_io_apdu_buffer, &length);
sw = u2f_prepare_enroll_response(responseBuffer, &length);
break;

case FIDO_INS_SIGN:
sw = u2f_prepare_sign_response(G_io_apdu_buffer, &length);
sw = u2f_prepare_sign_response(responseBuffer, &length);
break;

default:
break;
}
return io_send_response_pointer(G_io_apdu_buffer, length, sw);
return io_send_response_pointer(responseBuffer, length, sw);
}

/******************************************/
Expand Down Expand Up @@ -607,7 +607,8 @@ static int u2f_handle_apdu_enroll(const uint8_t *rx, uint32_t data_length, const
return io_send_sw(SW_INCORRECT_P1P2);
}

// Backup challenge and application parameters to be used if user accept the request
// Backup ins, challenge and application parameters to be used if user accept the request
globals_get_u2f_data()->ins = FIDO_INS_ENROLL;
memmove(globals_get_u2f_data()->challenge_param,
reg_req->challenge_param,
sizeof(reg_req->challenge_param));
Expand Down Expand Up @@ -670,7 +671,8 @@ static int u2f_handle_apdu_sign(const uint8_t *rx, uint32_t data_length, uint8_t
return io_send_sw(SW_CONDITIONS_NOT_SATISFIED);
}

// Backup nonce, challenge and application parameters to be used if user accept the request
// Backup ins, nonce, challenge and application parameters to be used if user accept the request
globals_get_u2f_data()->ins = FIDO_INS_SIGN;
memmove(globals_get_u2f_data()->nonce, nonce, CREDENTIAL_NONCE_SIZE);
memmove(globals_get_u2f_data()->challenge_param,
auth_req_base->challenge_param,
Expand Down

0 comments on commit 0fcedc8

Please sign in to comment.