works

2025-08-21 05:43:23 -07:00 · 2018-10-18 18:34:38 +03:00 · 2018-10-18 18:34:38 +03:00 · 9b4edaab6a
commit 9b4edaab6a
parent 7aac07be8e
1 changed files with 123 additions and 24 deletions
--- a/client/cmdhffido.c
+++ b/client/cmdhffido.c
@ -34,6 +34,7 @@
 #include "mifare.h"
 #include "emv/emvcore.h"
 #include "emv/dump.h"
 #include "cliparser/cliparser.h"
 static int CmdHelp(const char *Cmd);
@ -112,23 +113,54 @@ int CmdHFFidoInfo(const char *cmd) {
 	return 0;
 }
 // test only!!!
 static uint8_t GkeyHandle[512] = {0};
 int CmdHFFidoRegister(const char *cmd) {
 	uint8_t data[64] = {0};
 	uint8_t hdata[32] = {0};
 	int datalen = 0;
 	CLIParserInit("hf fido reg", 
 		"Initiate a U2F token registration. Needs two 32-byte hash number. \nchallenge parameter (32b) and application parameter (32b).", 
 		"Usage:\n\thf fido reg -> execute command with 2 parameters, filled 0x00\n"
 			"\thf fido reg 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters");
 	void* argtable[] = {
 		arg_param_begin,
 		arg_lit0("aA",  "apdu",     "show APDU reqests and responses"),
 		arg_lit0("vV",  "verbose",  "show technical data"),
 		arg_str0(NULL,  NULL,       "<HEX challenge parameter (32b)>", NULL),
 		arg_str0(NULL,  NULL,       "<HEX application parameter (32b)>", NULL),
 		arg_param_end
 	};
 	CLIExecWithReturn(cmd, argtable, true);
 	bool APDULogging = arg_get_lit(1);
 	bool verbose = arg_get_lit(2);
 	CLIGetStrWithReturn(3, hdata, &datalen);
 	if (datalen && datalen != 32) {
 		PrintAndLog("ERROR: challenge parameter length must be 32 bytes only.");
 		return 1;
 	}
 	if (datalen)
 		memmove(data, hdata, 32);
 	CLIGetStrWithReturn(4, hdata, &datalen);
 	if (datalen && datalen != 32) {
 		PrintAndLog("ERROR: application parameter length must be 32 bytes only.");
 		return 1;
 	}
 	if (datalen)
 		memmove(&data[32], hdata, 32);
 	CLIParserFree();	
 	SetAPDULogging(APDULogging);
 	// here will be command extraction
 	// challenge parameter [32 bytes] - The challenge parameter is the SHA-256 hash of the Client Data, a stringified JSON data structure that the FIDO Client prepares
 	// application parameter [32 bytes] - The application parameter is the SHA-256 hash of the UTF-8 encoding of the application identity
 	uint8_t data[64] = {0};
 	SetAPDULogging(true);
 	DropField();
 	uint8_t buf[2048] = {0};
 	size_t len = 0;
 	uint16_t sw = 0;
 	DropField();
 	int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw);
 	if (res) {
@ -152,9 +184,15 @@ int CmdHFFidoRegister(const char *cmd) {
 		return 3;
 	}
 	PrintAndLog("");
 	if (APDULogging)
 		PrintAndLog("---------------------------------------------------------------");
 	PrintAndLog("data len: %d", len);
 	if (verbose) {
 		PrintAndLog("--------------data----------------------");
 		dump_buffer((const unsigned char *)buf, len, NULL, 0);
 		PrintAndLog("--------------data----------------------");
 	}
 	if (buf[0] != 0x05) {
 		PrintAndLog("ERROR: First byte must be 0x05, but it %2x", buf[0]);
@ -164,14 +202,17 @@ int CmdHFFidoRegister(const char *cmd) {
 	uint8_t keyHandleLen = buf[66];
 	PrintAndLog("Key handle[%d]: %s", keyHandleLen, sprint_hex(&buf[67], keyHandleLen));
 	memmove(GkeyHandle, &buf[67], keyHandleLen);
 	int derp = 67 + keyHandleLen;
 	int derLen = (buf[derp + 2] << 8) + buf[derp + 3] + 4;
 	// needs to decode DER certificate
-	PrintAndLog("DER certificate[%d]: %s...", derLen, sprint_hex(&buf[derp], 20));
+	if (verbose) {
 		PrintAndLog("DER certificate[%d]:------------------DER-------------------", derLen);
 		dump_buffer_simple((const unsigned char *)&buf[67 + keyHandleLen], derLen, NULL);
-	PrintAndLog("---------------------------------------------------------------");
+		PrintAndLog("\n----------------DER---------------------");
 	} else {
 		PrintAndLog("DER certificate[%d]: %s...", derLen, sprint_hex(&buf[derp], 20));
 	}
 	int hashp = 1 + 65 + 1 + keyHandleLen + derLen;
@ -179,32 +220,90 @@ int CmdHFFidoRegister(const char *cmd) {
 	// check ANSI X9.62 format ECDSA signature (on P-256)
 	PrintAndLog("\nauth command: hf fido auth %s", sprint_hex_inrow(&buf[67], keyHandleLen));
 	DropField();
 	return 0;
 };
 int CmdHFFidoAuthenticate(const char *cmd) {
 	uint8_t data[512] = {0};
 	uint8_t hdata[128] = {0};
 	int hdatalen = 0;
 	uint8_t keyHandleLen = 0;
 	CLIParserInit("hf fido auth", 
 		"Initiate a U2F token authentication. Needs key handle and two 32-byte hash number. \nkey handle(var 0..255), challenge parameter (32b) and application parameter (32b).", 
 		"Usage:\n\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with 2 parameters, filled 0x00 and key handle\n"
 			"\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f "
 				"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters");
 	void* argtable[] = {
 		arg_param_begin,
 		arg_lit0("aA",  "apdu",     "show APDU reqests and responses"),
 		arg_lit0("vV",  "verbose",  "show technical data"),
 		arg_rem("default mode:",    "dont-enforce-user-presence-and-sign"),
 		arg_lit0("pP",  "presence", "mode: enforce-user-presence-and-sign"),
 		arg_lit0("cC",  "check",    "mode: check-only"),
 		arg_str1(NULL,  NULL,       "<HEX key handle (var 0..255b)>", NULL),
 		arg_str0(NULL,  NULL,       "<HEX challenge parameter (32b)>", NULL),
 		arg_str0(NULL,  NULL,       "<HEX application parameter (32b)>", NULL),
 		arg_param_end
 	};
 	CLIExecWithReturn(cmd, argtable, true);
 	bool APDULogging = arg_get_lit(1);
 	//bool verbose = arg_get_lit(2);
 	uint8_t controlByte = 0x08;
 	if (arg_get_lit(4))
 		controlByte = 0x03;
 	if (arg_get_lit(5))
 		controlByte = 0x07;
 	CLIGetStrWithReturn(6, hdata, &hdatalen);
 	if (hdatalen > 255) {
 		PrintAndLog("ERROR: application parameter length must be less than 255.");
 		return 1;
 	}
 	if (hdatalen) {
 		keyHandleLen = hdatalen;
 		data[64] = keyHandleLen;
 		memmove(&data[65], hdata, keyHandleLen);
 	}
 	CLIGetStrWithReturn(7, hdata, &hdatalen);
 	if (hdatalen && hdatalen != 32) {
 		PrintAndLog("ERROR: challenge parameter length must be 32 bytes only.");
 		return 1;
 	}
 	if (hdatalen)
 		memmove(data, hdata, 32);
 	CLIGetStrWithReturn(8, hdata, &hdatalen);
 	if (hdatalen && hdatalen != 32) {
 		PrintAndLog("ERROR: application parameter length must be 32 bytes only.");
 		return 1;
 	}
 	if (hdatalen)
 		memmove(&data[32], hdata, 32);
 	CLIParserFree();	
 	SetAPDULogging(APDULogging);
 	// here will be command extraction
 	// (in parameter) conrtol byte 0x07 - check only, 0x03 - user presense + cign. 0x08 - sign only
 	// challenge parameter [32 bytes]
 	// application parameter [32 bytes]
 	// key handle length [1b] = N
 	// key handle [N]
 	uint8_t keyHandleLen = 64;
 	uint8_t data[512] = {0};
 	uint8_t datalen = 32 + 32 + 1 + keyHandleLen;
 	uint8_t controlByte = 0x08;
 	data[64] = keyHandleLen;
 	memmove(&data[65], GkeyHandle, keyHandleLen);
 	SetAPDULogging(true);
 	DropField();
 	uint8_t buf[2048] = {0};
 	size_t len = 0;
 	uint16_t sw = 0;
 	DropField();
 	int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw);
 	if (res) {