]>
Commit | Line | Data |
---|---|---|
39cc1c87 OM |
1 | //----------------------------------------------------------------------------- |
2 | // Copyright (C) 2018 Merlok | |
3 | // | |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
5 | // at your option, any later version. See the LICENSE.txt file for the text of | |
6 | // the license. | |
7 | //----------------------------------------------------------------------------- | |
8 | // High frequency MIFARE Plus commands | |
9 | //----------------------------------------------------------------------------- | |
10 | // | |
11 | // Documentation here: | |
12 | // | |
13 | // FIDO Alliance specifications | |
14 | // https://fidoalliance.org/download/ | |
15 | // FIDO NFC Protocol Specification v1.0 | |
16 | // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-nfc-protocol-v1.2-ps-20170411.html | |
17 | // FIDO U2F Raw Message Formats | |
18 | // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html | |
19 | //----------------------------------------------------------------------------- | |
20 | ||
21 | ||
22 | #include "cmdhffido.h" | |
23 | ||
24 | #include <inttypes.h> | |
25 | #include <string.h> | |
26 | #include <stdio.h> | |
27 | #include <stdlib.h> | |
28 | #include <ctype.h> | |
29 | #include <unistd.h> | |
30 | #include <jansson.h> | |
0bb51450 OM |
31 | #include <mbedtls/x509_crt.h> |
32 | #include <mbedtls/x509.h> | |
33 | #include <mbedtls/pk.h> | |
39cc1c87 OM |
34 | #include "comms.h" |
35 | #include "cmdmain.h" | |
36 | #include "util.h" | |
37 | #include "ui.h" | |
38 | #include "proxmark3.h" | |
39cc1c87 OM |
39 | #include "mifare.h" |
40 | #include "emv/emvcore.h" | |
41 | #include "emv/emvjson.h" | |
42 | #include "emv/dump.h" | |
41bdfce3 | 43 | #include "emv/apduinfo.h" |
39cc1c87 | 44 | #include "cliparser/cliparser.h" |
6b882a39 OM |
45 | #include "crypto/asn1utils.h" |
46 | #include "crypto/libpcrypto.h" | |
0bb51450 OM |
47 | #include "fido/cbortools.h" |
48 | #include "fido/fidocore.h" | |
49 | #include "fido/cose.h" | |
39cc1c87 OM |
50 | |
51 | static int CmdHelp(const char *Cmd); | |
52 | ||
39cc1c87 OM |
53 | int CmdHFFidoInfo(const char *cmd) { |
54 | ||
55 | if (cmd && strlen(cmd) > 0) | |
56 | PrintAndLog("WARNING: command don't have any parameters.\n"); | |
57 | ||
58 | // info about 14a part | |
59 | CmdHF14AInfo(""); | |
60 | ||
61 | // FIDO info | |
62 | PrintAndLog("--------------------------------------------"); | |
63 | SetAPDULogging(false); | |
64 | ||
6b5105be | 65 | uint8_t buf[APDU_RESPONSE_LEN] = {0}; |
39cc1c87 OM |
66 | size_t len = 0; |
67 | uint16_t sw = 0; | |
68 | int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); | |
69 | ||
70 | if (res) { | |
71 | DropField(); | |
72 | return res; | |
73 | } | |
74 | ||
75 | if (sw != 0x9000) { | |
76 | if (sw) | |
77 | PrintAndLog("Not a FIDO card! APDU response: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
78 | else | |
79 | PrintAndLog("APDU exchange error. Card returns 0x0000."); | |
80 | ||
81 | DropField(); | |
82 | return 0; | |
83 | } | |
84 | ||
85 | if (!strncmp((char *)buf, "U2F_V2", 7)) { | |
86 | if (!strncmp((char *)buf, "FIDO_2_0", 8)) { | |
87 | PrintAndLog("FIDO2 authenricator detected. Version: %.*s", len, buf); | |
88 | } else { | |
89 | PrintAndLog("FIDO authenricator detected (not standard U2F)."); | |
90 | PrintAndLog("Non U2F authenticator version:"); | |
91 | dump_buffer((const unsigned char *)buf, len, NULL, 0); | |
92 | } | |
93 | } else { | |
94 | PrintAndLog("FIDO U2F authenricator detected. Version: %.*s", len, buf); | |
95 | } | |
96 | ||
97 | res = FIDO2GetInfo(buf, sizeof(buf), &len, &sw); | |
98 | DropField(); | |
99 | if (res) { | |
100 | return res; | |
101 | } | |
102 | if (sw != 0x9000) { | |
103 | PrintAndLog("FIDO2 version not exists (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
104 | ||
105 | return 0; | |
106 | } | |
0bb51450 OM |
107 | |
108 | if(buf[0]) { | |
109 | PrintAndLog("FIDO2 ger version error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); | |
110 | return 0; | |
111 | } | |
39cc1c87 | 112 | |
0bb51450 OM |
113 | if (len > 1) { |
114 | // if (false) { | |
115 | // PrintAndLog("FIDO2 version: (len=%d)", len); | |
116 | // dump_buffer((const unsigned char *)buf, len, NULL, 0); | |
117 | // } | |
118 | ||
119 | PrintAndLog("FIDO2 version CBOR decoded:"); | |
120 | TinyCborPrintFIDOPackage(fido2CmdGetInfo, true, &buf[1], len - 1); | |
121 | } else { | |
122 | PrintAndLog("FIDO2 version length error"); | |
123 | } | |
39cc1c87 OM |
124 | |
125 | return 0; | |
126 | } | |
127 | ||
128 | json_t *OpenJson(int paramnum, char *fname, void* argtable[], bool *err) { | |
129 | json_t *root = NULL; | |
130 | json_error_t error; | |
131 | *err = false; | |
132 | ||
133 | uint8_t jsonname[250] ={0}; | |
134 | char *cjsonname = (char *)jsonname; | |
135 | int jsonnamelen = 0; | |
136 | ||
137 | // CLIGetStrWithReturn(paramnum, jsonname, &jsonnamelen); | |
138 | if (CLIParamStrToBuf(arg_get_str(paramnum), jsonname, sizeof(jsonname), &jsonnamelen)) { | |
139 | CLIParserFree(); | |
140 | return NULL; | |
141 | } | |
142 | ||
143 | // current path + file name | |
144 | if (!strstr(cjsonname, ".json")) | |
145 | strcat(cjsonname, ".json"); | |
146 | ||
147 | if (jsonnamelen) { | |
148 | strcpy(fname, get_my_executable_directory()); | |
149 | strcat(fname, cjsonname); | |
150 | if (access(fname, F_OK) != -1) { | |
151 | root = json_load_file(fname, 0, &error); | |
152 | if (!root) { | |
153 | PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); | |
154 | *err = true; | |
155 | return NULL; | |
156 | } | |
157 | ||
158 | if (!json_is_object(root)) { | |
159 | PrintAndLog("ERROR: Invalid json format. root must be an object."); | |
160 | json_decref(root); | |
161 | *err = true; | |
162 | return NULL; | |
163 | } | |
164 | ||
165 | } else { | |
166 | root = json_object(); | |
167 | } | |
168 | } | |
169 | return root; | |
170 | } | |
171 | ||
172 | int CmdHFFidoRegister(const char *cmd) { | |
173 | uint8_t data[64] = {0}; | |
174 | int chlen = 0; | |
175 | uint8_t cdata[250] = {0}; | |
176 | int applen = 0; | |
177 | uint8_t adata[250] = {0}; | |
178 | json_t *root = NULL; | |
179 | ||
180 | CLIParserInit("hf fido reg", | |
181 | "Initiate a U2F token registration. Needs two 32-byte hash number. \nchallenge parameter (32b) and application parameter (32b).", | |
182 | "Usage:\n\thf fido reg -> execute command with 2 parameters, filled 0x00\n" | |
183 | "\thf fido reg 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters" | |
184 | "\thf fido reg -p s0 s1 -> execute command with plain parameters"); | |
185 | ||
186 | void* argtable[] = { | |
187 | arg_param_begin, | |
188 | arg_lit0("aA", "apdu", "show APDU reqests and responses"), | |
6b882a39 | 189 | arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), |
39cc1c87 | 190 | arg_lit0("pP", "plain", "send plain ASCII to challenge and application parameters instead of HEX"), |
6b882a39 | 191 | arg_lit0("tT", "tlv", "Show DER certificate contents in TLV representation"), |
39cc1c87 OM |
192 | arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), |
193 | arg_str0(NULL, NULL, "<HEX/ASCII challenge parameter (32b HEX/1..16 chars)>", NULL), | |
194 | arg_str0(NULL, NULL, "<HEX/ASCII application parameter (32b HEX/1..16 chars)>", NULL), | |
195 | arg_param_end | |
196 | }; | |
197 | CLIExecWithReturn(cmd, argtable, true); | |
198 | ||
199 | bool APDULogging = arg_get_lit(1); | |
200 | bool verbose = arg_get_lit(2); | |
6b882a39 | 201 | bool verbose2 = arg_get_lit(2) > 1; |
39cc1c87 | 202 | bool paramsPlain = arg_get_lit(3); |
6b882a39 | 203 | bool showDERTLV = arg_get_lit(4); |
39cc1c87 OM |
204 | |
205 | char fname[250] = {0}; | |
206 | bool err; | |
6b882a39 | 207 | root = OpenJson(5, fname, argtable, &err); |
39cc1c87 OM |
208 | if(err) |
209 | return 1; | |
210 | if (root) { | |
211 | size_t jlen; | |
212 | JsonLoadBufAsHex(root, "$.ChallengeParam", data, 32, &jlen); | |
213 | JsonLoadBufAsHex(root, "$.ApplicationParam", &data[32], 32, &jlen); | |
214 | } | |
215 | ||
216 | if (paramsPlain) { | |
217 | memset(cdata, 0x00, 32); | |
6b882a39 | 218 | CLIGetStrWithReturn(6, cdata, &chlen); |
39cc1c87 OM |
219 | if (chlen && chlen > 16) { |
220 | PrintAndLog("ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", chlen); | |
221 | return 1; | |
222 | } | |
223 | } else { | |
6b882a39 | 224 | CLIGetHexWithReturn(6, cdata, &chlen); |
39cc1c87 OM |
225 | if (chlen && chlen != 32) { |
226 | PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); | |
227 | return 1; | |
228 | } | |
229 | } | |
230 | if (chlen) | |
231 | memmove(data, cdata, 32); | |
232 | ||
233 | ||
234 | if (paramsPlain) { | |
235 | memset(adata, 0x00, 32); | |
6b882a39 | 236 | CLIGetStrWithReturn(7, adata, &applen); |
39cc1c87 OM |
237 | if (applen && applen > 16) { |
238 | PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", applen); | |
239 | return 1; | |
240 | } | |
241 | } else { | |
6b882a39 | 242 | CLIGetHexWithReturn(7, adata, &applen); |
39cc1c87 OM |
243 | if (applen && applen != 32) { |
244 | PrintAndLog("ERROR: application parameter length must be 32 bytes only."); | |
245 | return 1; | |
246 | } | |
247 | } | |
248 | if (applen) | |
249 | memmove(&data[32], adata, 32); | |
250 | ||
251 | CLIParserFree(); | |
252 | ||
253 | SetAPDULogging(APDULogging); | |
254 | ||
255 | // challenge parameter [32 bytes] - The challenge parameter is the SHA-256 hash of the Client Data, a stringified JSON data structure that the FIDO Client prepares | |
256 | // application parameter [32 bytes] - The application parameter is the SHA-256 hash of the UTF-8 encoding of the application identity | |
257 | ||
258 | uint8_t buf[2048] = {0}; | |
259 | size_t len = 0; | |
260 | uint16_t sw = 0; | |
261 | ||
262 | DropField(); | |
263 | int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); | |
264 | ||
265 | if (res) { | |
266 | PrintAndLog("Can't select authenticator. res=%x. Exit...", res); | |
267 | DropField(); | |
268 | return res; | |
269 | } | |
270 | ||
271 | if (sw != 0x9000) { | |
272 | PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
273 | DropField(); | |
274 | return 2; | |
275 | } | |
276 | ||
277 | res = FIDORegister(data, buf, sizeof(buf), &len, &sw); | |
278 | DropField(); | |
279 | if (res) { | |
280 | PrintAndLog("Can't execute register command. res=%x. Exit...", res); | |
281 | return res; | |
282 | } | |
283 | ||
284 | if (sw != 0x9000) { | |
285 | PrintAndLog("ERROR execute register command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
286 | return 3; | |
287 | } | |
288 | ||
289 | PrintAndLog(""); | |
290 | if (APDULogging) | |
291 | PrintAndLog("---------------------------------------------------------------"); | |
292 | PrintAndLog("data len: %d", len); | |
6b882a39 | 293 | if (verbose2) { |
39cc1c87 OM |
294 | PrintAndLog("--------------data----------------------"); |
295 | dump_buffer((const unsigned char *)buf, len, NULL, 0); | |
296 | PrintAndLog("--------------data----------------------"); | |
297 | } | |
298 | ||
299 | if (buf[0] != 0x05) { | |
300 | PrintAndLog("ERROR: First byte must be 0x05, but it %2x", buf[0]); | |
301 | return 5; | |
302 | } | |
303 | PrintAndLog("User public key: %s", sprint_hex(&buf[1], 65)); | |
304 | ||
305 | uint8_t keyHandleLen = buf[66]; | |
306 | PrintAndLog("Key handle[%d]: %s", keyHandleLen, sprint_hex(&buf[67], keyHandleLen)); | |
307 | ||
308 | int derp = 67 + keyHandleLen; | |
309 | int derLen = (buf[derp + 2] << 8) + buf[derp + 3] + 4; | |
6b882a39 OM |
310 | if (verbose2) { |
311 | PrintAndLog("DER certificate[%d]:\n------------------DER-------------------", derLen); | |
312 | dump_buffer_simple((const unsigned char *)&buf[derp], derLen, NULL); | |
39cc1c87 OM |
313 | PrintAndLog("\n----------------DER---------------------"); |
314 | } else { | |
6b882a39 OM |
315 | if (verbose) |
316 | PrintAndLog("------------------DER-------------------"); | |
39cc1c87 OM |
317 | PrintAndLog("DER certificate[%d]: %s...", derLen, sprint_hex(&buf[derp], 20)); |
318 | } | |
319 | ||
6b882a39 OM |
320 | // check and print DER certificate |
321 | uint8_t public_key[65] = {0}; | |
322 | ||
323 | // print DER certificate in TLV view | |
324 | if (showDERTLV) { | |
325 | PrintAndLog("----------------DER TLV-----------------"); | |
326 | asn1_print(&buf[derp], derLen, " "); | |
327 | PrintAndLog("----------------DER TLV-----------------"); | |
328 | } | |
329 | ||
0bb51450 | 330 | FIDOCheckDERAndGetKey(&buf[derp], derLen, verbose, public_key, sizeof(public_key)); |
39cc1c87 | 331 | |
6b882a39 | 332 | // get hash |
39cc1c87 OM |
333 | int hashp = 1 + 65 + 1 + keyHandleLen + derLen; |
334 | PrintAndLog("Hash[%d]: %s", len - hashp, sprint_hex(&buf[hashp], len - hashp)); | |
6b882a39 | 335 | |
39cc1c87 | 336 | // check ANSI X9.62 format ECDSA signature (on P-256) |
6b882a39 OM |
337 | uint8_t rval[300] = {0}; |
338 | uint8_t sval[300] = {0}; | |
339 | res = ecdsa_asn1_get_signature(&buf[hashp], len - hashp, rval, sval); | |
340 | if (!res) { | |
341 | if (verbose) { | |
342 | PrintAndLog(" r: %s", sprint_hex(rval, 32)); | |
343 | PrintAndLog(" s: %s", sprint_hex(sval, 32)); | |
344 | } | |
345 | ||
346 | uint8_t xbuf[4096] = {0}; | |
347 | size_t xbuflen = 0; | |
348 | res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, | |
349 | "\x00", 1, | |
350 | &data[32], 32, // application parameter | |
351 | &data[0], 32, // challenge parameter | |
352 | &buf[67], keyHandleLen, // keyHandle | |
353 | &buf[1], 65, // user public key | |
354 | NULL, 0); | |
355 | //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); | |
3a5ffba7 | 356 | res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[hashp], len - hashp, true); |
6b882a39 | 357 | if (res) { |
3a5ffba7 | 358 | if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { |
6b882a39 OM |
359 | PrintAndLog("Signature is NOT VALID."); |
360 | } else { | |
361 | PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); | |
362 | } | |
363 | } else { | |
364 | PrintAndLog("Signature is OK."); | |
365 | } | |
366 | ||
367 | } else { | |
368 | PrintAndLog("Invalid signature. res=%d.", res); | |
369 | } | |
39cc1c87 OM |
370 | |
371 | PrintAndLog("\nauth command: "); | |
372 | printf("hf fido auth %s%s", paramsPlain?"-p ":"", sprint_hex_inrow(&buf[67], keyHandleLen)); | |
373 | if(chlen || applen) | |
374 | printf(" %s", paramsPlain?(char *)cdata:sprint_hex_inrow(cdata, 32)); | |
375 | if(applen) | |
376 | printf(" %s", paramsPlain?(char *)adata:sprint_hex_inrow(adata, 32)); | |
377 | printf("\n"); | |
378 | ||
379 | if (root) { | |
380 | JsonSaveBufAsHex(root, "ChallengeParam", data, 32); | |
381 | JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); | |
6b882a39 | 382 | JsonSaveBufAsHexCompact(root, "PublicKey", &buf[1], 65); |
39cc1c87 OM |
383 | JsonSaveInt(root, "KeyHandleLen", keyHandleLen); |
384 | JsonSaveBufAsHexCompact(root, "KeyHandle", &buf[67], keyHandleLen); | |
385 | JsonSaveBufAsHexCompact(root, "DER", &buf[67 + keyHandleLen], derLen); | |
386 | ||
387 | res = json_dump_file(root, fname, JSON_INDENT(2)); | |
388 | if (res) { | |
389 | PrintAndLog("ERROR: can't save the file: %s", fname); | |
390 | return 200; | |
391 | } | |
392 | PrintAndLog("File `%s` saved.", fname); | |
393 | ||
394 | // free json object | |
395 | json_decref(root); | |
396 | } | |
397 | ||
398 | return 0; | |
399 | }; | |
400 | ||
401 | int CmdHFFidoAuthenticate(const char *cmd) { | |
402 | uint8_t data[512] = {0}; | |
403 | uint8_t hdata[250] = {0}; | |
6b882a39 OM |
404 | bool public_key_loaded = false; |
405 | uint8_t public_key[65] = {0}; | |
39cc1c87 OM |
406 | int hdatalen = 0; |
407 | uint8_t keyHandleLen = 0; | |
408 | json_t *root = NULL; | |
409 | ||
410 | CLIParserInit("hf fido auth", | |
411 | "Initiate a U2F token authentication. Needs key handle and two 32-byte hash number. \nkey handle(var 0..255), challenge parameter (32b) and application parameter (32b).", | |
412 | "Usage:\n\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with 2 parameters, filled 0x00 and key handle\n" | |
413 | "\thf fido auth 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f " | |
414 | "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with parameters"); | |
415 | ||
416 | void* argtable[] = { | |
417 | arg_param_begin, | |
418 | arg_lit0("aA", "apdu", "show APDU reqests and responses"), | |
419 | arg_lit0("vV", "verbose", "show technical data"), | |
420 | arg_lit0("pP", "plain", "send plain ASCII to challenge and application parameters instead of HEX"), | |
421 | arg_rem("default mode:", "dont-enforce-user-presence-and-sign"), | |
422 | arg_lit0("uU", "user", "mode: enforce-user-presence-and-sign"), | |
423 | arg_lit0("cC", "check", "mode: check-only"), | |
424 | arg_str0("jJ", "json", "fido.json", "JSON input / output file name for parameters."), | |
6b882a39 | 425 | arg_str0("kK", "key", "public key to verify signature", NULL), |
39cc1c87 OM |
426 | arg_str0(NULL, NULL, "<HEX key handle (var 0..255b)>", NULL), |
427 | arg_str0(NULL, NULL, "<HEX/ASCII challenge parameter (32b HEX/1..16 chars)>", NULL), | |
428 | arg_str0(NULL, NULL, "<HEX/ASCII application parameter (32b HEX/1..16 chars)>", NULL), | |
429 | arg_param_end | |
430 | }; | |
431 | CLIExecWithReturn(cmd, argtable, true); | |
432 | ||
433 | bool APDULogging = arg_get_lit(1); | |
6b882a39 | 434 | bool verbose = arg_get_lit(2); |
39cc1c87 OM |
435 | bool paramsPlain = arg_get_lit(3); |
436 | uint8_t controlByte = 0x08; | |
437 | if (arg_get_lit(5)) | |
438 | controlByte = 0x03; | |
439 | if (arg_get_lit(6)) | |
440 | controlByte = 0x07; | |
441 | ||
442 | char fname[250] = {0}; | |
443 | bool err; | |
444 | root = OpenJson(7, fname, argtable, &err); | |
445 | if(err) | |
446 | return 1; | |
447 | if (root) { | |
448 | size_t jlen; | |
449 | JsonLoadBufAsHex(root, "$.ChallengeParam", data, 32, &jlen); | |
450 | JsonLoadBufAsHex(root, "$.ApplicationParam", &data[32], 32, &jlen); | |
451 | JsonLoadBufAsHex(root, "$.KeyHandle", &data[65], 512 - 67, &jlen); | |
452 | keyHandleLen = jlen & 0xff; | |
453 | data[64] = keyHandleLen; | |
6b882a39 OM |
454 | JsonLoadBufAsHex(root, "$.PublicKey", public_key, 65, &jlen); |
455 | public_key_loaded = (jlen > 0); | |
39cc1c87 OM |
456 | } |
457 | ||
6b882a39 | 458 | // public key |
39cc1c87 | 459 | CLIGetHexWithReturn(8, hdata, &hdatalen); |
9c87879e | 460 | if (hdatalen && hdatalen != 65) { |
6b882a39 OM |
461 | PrintAndLog("ERROR: public key length must be 65 bytes only."); |
462 | return 1; | |
463 | } | |
464 | if (hdatalen) { | |
465 | memmove(public_key, hdata, hdatalen); | |
466 | public_key_loaded = true; | |
467 | } | |
468 | ||
469 | CLIGetHexWithReturn(9, hdata, &hdatalen); | |
39cc1c87 OM |
470 | if (hdatalen > 255) { |
471 | PrintAndLog("ERROR: application parameter length must be less than 255."); | |
472 | return 1; | |
473 | } | |
474 | if (hdatalen) { | |
475 | keyHandleLen = hdatalen; | |
476 | data[64] = keyHandleLen; | |
477 | memmove(&data[65], hdata, keyHandleLen); | |
478 | } | |
479 | ||
480 | if (paramsPlain) { | |
481 | memset(hdata, 0x00, 32); | |
482 | CLIGetStrWithReturn(9, hdata, &hdatalen); | |
483 | if (hdatalen && hdatalen > 16) { | |
484 | PrintAndLog("ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); | |
485 | return 1; | |
486 | } | |
487 | } else { | |
6b882a39 | 488 | CLIGetHexWithReturn(10, hdata, &hdatalen); |
39cc1c87 OM |
489 | if (hdatalen && hdatalen != 32) { |
490 | PrintAndLog("ERROR: challenge parameter length must be 32 bytes only."); | |
491 | return 1; | |
492 | } | |
493 | } | |
494 | if (hdatalen) | |
495 | memmove(data, hdata, 32); | |
496 | ||
497 | if (paramsPlain) { | |
498 | memset(hdata, 0x00, 32); | |
6b882a39 | 499 | CLIGetStrWithReturn(11, hdata, &hdatalen); |
39cc1c87 OM |
500 | if (hdatalen && hdatalen > 16) { |
501 | PrintAndLog("ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); | |
502 | return 1; | |
503 | } | |
504 | } else { | |
505 | CLIGetHexWithReturn(10, hdata, &hdatalen); | |
506 | if (hdatalen && hdatalen != 32) { | |
507 | PrintAndLog("ERROR: application parameter length must be 32 bytes only."); | |
508 | return 1; | |
509 | } | |
510 | } | |
511 | if (hdatalen) | |
512 | memmove(&data[32], hdata, 32); | |
513 | ||
514 | CLIParserFree(); | |
515 | ||
516 | SetAPDULogging(APDULogging); | |
517 | ||
518 | // (in parameter) conrtol byte 0x07 - check only, 0x03 - user presense + cign. 0x08 - sign only | |
519 | // challenge parameter [32 bytes] | |
520 | // application parameter [32 bytes] | |
521 | // key handle length [1b] = N | |
522 | // key handle [N] | |
523 | ||
524 | uint8_t datalen = 32 + 32 + 1 + keyHandleLen; | |
525 | ||
526 | uint8_t buf[2048] = {0}; | |
527 | size_t len = 0; | |
528 | uint16_t sw = 0; | |
529 | ||
530 | DropField(); | |
531 | int res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); | |
532 | ||
533 | if (res) { | |
534 | PrintAndLog("Can't select authenticator. res=%x. Exit...", res); | |
535 | DropField(); | |
536 | return res; | |
537 | } | |
538 | ||
539 | if (sw != 0x9000) { | |
540 | PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
541 | DropField(); | |
542 | return 2; | |
543 | } | |
544 | ||
545 | res = FIDOAuthentication(data, datalen, controlByte, buf, sizeof(buf), &len, &sw); | |
546 | DropField(); | |
547 | if (res) { | |
548 | PrintAndLog("Can't execute authentication command. res=%x. Exit...", res); | |
549 | return res; | |
550 | } | |
551 | ||
552 | if (sw != 0x9000) { | |
553 | PrintAndLog("ERROR execute authentication command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
554 | return 3; | |
555 | } | |
556 | ||
557 | PrintAndLog("---------------------------------------------------------------"); | |
558 | PrintAndLog("User presence: %s", (buf[0]?"verified":"not verified")); | |
559 | uint32_t cntr = (uint32_t)bytes_to_num(&buf[1], 4); | |
560 | PrintAndLog("Counter: %d", cntr); | |
561 | PrintAndLog("Hash[%d]: %s", len - 5, sprint_hex(&buf[5], len - 5)); | |
562 | ||
6b882a39 OM |
563 | // check ANSI X9.62 format ECDSA signature (on P-256) |
564 | uint8_t rval[300] = {0}; | |
565 | uint8_t sval[300] = {0}; | |
566 | res = ecdsa_asn1_get_signature(&buf[5], len - 5, rval, sval); | |
567 | if (!res) { | |
568 | if (verbose) { | |
569 | PrintAndLog(" r: %s", sprint_hex(rval, 32)); | |
570 | PrintAndLog(" s: %s", sprint_hex(sval, 32)); | |
571 | } | |
572 | if (public_key_loaded) { | |
573 | uint8_t xbuf[4096] = {0}; | |
574 | size_t xbuflen = 0; | |
575 | res = FillBuffer(xbuf, sizeof(xbuf), &xbuflen, | |
576 | &data[32], 32, // application parameter | |
577 | &buf[0], 1, // user presence | |
578 | &buf[1], 4, // counter | |
579 | data, 32, // challenge parameter | |
580 | NULL, 0); | |
581 | //PrintAndLog("--xbuf(%d)[%d]: %s", res, xbuflen, sprint_hex(xbuf, xbuflen)); | |
3a5ffba7 | 582 | res = ecdsa_signature_verify(MBEDTLS_ECP_DP_SECP256R1, public_key, xbuf, xbuflen, &buf[5], len - 5, true); |
6b882a39 | 583 | if (res) { |
3a5ffba7 | 584 | if (res == MBEDTLS_ERR_ECP_VERIFY_FAILED) { |
6b882a39 OM |
585 | PrintAndLog("Signature is NOT VALID."); |
586 | } else { | |
587 | PrintAndLog("Other signature check error: %x %s", (res<0)?-res:res, ecdsa_get_error(res)); | |
588 | } | |
589 | } else { | |
590 | PrintAndLog("Signature is OK."); | |
591 | } | |
592 | } else { | |
593 | PrintAndLog("No public key provided. can't check signature."); | |
594 | } | |
595 | } else { | |
596 | PrintAndLog("Invalid signature. res=%d.", res); | |
597 | } | |
598 | ||
39cc1c87 OM |
599 | if (root) { |
600 | JsonSaveBufAsHex(root, "ChallengeParam", data, 32); | |
601 | JsonSaveBufAsHex(root, "ApplicationParam", &data[32], 32); | |
602 | JsonSaveInt(root, "KeyHandleLen", keyHandleLen); | |
603 | JsonSaveBufAsHexCompact(root, "KeyHandle", &data[65], keyHandleLen); | |
604 | JsonSaveInt(root, "Counter", cntr); | |
605 | ||
606 | res = json_dump_file(root, fname, JSON_INDENT(2)); | |
607 | if (res) { | |
608 | PrintAndLog("ERROR: can't save the file: %s", fname); | |
609 | return 200; | |
610 | } | |
611 | PrintAndLog("File `%s` saved.", fname); | |
612 | ||
613 | // free json object | |
614 | json_decref(root); | |
615 | } | |
616 | return 0; | |
617 | }; | |
618 | ||
0bb51450 OM |
619 | void CheckSlash(char *fileName) { |
620 | if ((fileName[strlen(fileName) - 1] != '/') && | |
621 | (fileName[strlen(fileName) - 1] != '\\')) | |
622 | strcat(fileName, "/"); | |
623 | } | |
624 | ||
625 | int GetExistsFileNameJson(char *prefixDir, char *reqestedFileName, char *fileName) { | |
626 | fileName[0] = 0x00; | |
627 | strcpy(fileName, get_my_executable_directory()); | |
628 | CheckSlash(fileName); | |
629 | ||
630 | strcat(fileName, prefixDir); | |
631 | CheckSlash(fileName); | |
632 | ||
633 | strcat(fileName, reqestedFileName); | |
634 | if (!strstr(fileName, ".json")) | |
635 | strcat(fileName, ".json"); | |
636 | ||
637 | if (access(fileName, F_OK) < 0) { | |
638 | strcpy(fileName, get_my_executable_directory()); | |
639 | CheckSlash(fileName); | |
640 | ||
641 | strcat(fileName, reqestedFileName); | |
642 | if (!strstr(fileName, ".json")) | |
643 | strcat(fileName, ".json"); | |
644 | ||
645 | if (access(fileName, F_OK) < 0) { | |
646 | return 1; // file not found | |
647 | } | |
648 | } | |
649 | return 0; | |
650 | } | |
651 | ||
652 | int CmdHFFido2MakeCredential(const char *cmd) { | |
653 | json_error_t error; | |
654 | json_t *root = NULL; | |
655 | char fname[300] = {0}; | |
656 | ||
657 | CLIParserInit("hf fido make", | |
658 | "Execute a FIDO2 Make Credentional command. Needs json file with parameters. Sample file `fido2.json`. File can be placed in proxmark directory or in `proxmark/fido` directory.", | |
659 | "Usage:\n\thf fido make -> execute command default parameters file `fido2.json`\n" | |
660 | "\thf fido make test.json -> execute command with parameters file `text.json`"); | |
661 | ||
662 | void* argtable[] = { | |
663 | arg_param_begin, | |
664 | arg_lit0("aA", "apdu", "show APDU reqests and responses"), | |
665 | arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), | |
666 | arg_lit0("tT", "tlv", "Show DER certificate contents in TLV representation"), | |
667 | arg_lit0("cC", "cbor", "show CBOR decoded data"), | |
668 | arg_str0(NULL, NULL, "<json file name>", "JSON input / output file name for parameters. Default `fido2.json`"), | |
669 | arg_param_end | |
670 | }; | |
671 | CLIExecWithReturn(cmd, argtable, true); | |
672 | ||
673 | bool APDULogging = arg_get_lit(1); | |
674 | bool verbose = arg_get_lit(2); | |
675 | bool verbose2 = arg_get_lit(2) > 1; | |
676 | bool showDERTLV = arg_get_lit(3); | |
677 | bool showCBOR = arg_get_lit(4); | |
678 | ||
679 | uint8_t jsonname[250] ={0}; | |
680 | char *cjsonname = (char *)jsonname; | |
681 | int jsonnamelen = 0; | |
682 | CLIGetStrWithReturn(5, jsonname, &jsonnamelen); | |
683 | ||
684 | if (!jsonnamelen) { | |
685 | strcat(cjsonname, "fido2"); | |
686 | jsonnamelen = strlen(cjsonname); | |
687 | } | |
688 | ||
689 | CLIParserFree(); | |
690 | ||
691 | SetAPDULogging(APDULogging); | |
692 | ||
693 | int res = GetExistsFileNameJson("fido", cjsonname, fname); | |
694 | if(res) { | |
695 | PrintAndLog("ERROR: Can't found the json file."); | |
696 | return res; | |
697 | } | |
698 | PrintAndLog("fname: %s\n", fname); | |
699 | root = json_load_file(fname, 0, &error); | |
700 | if (!root) { | |
701 | PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); | |
702 | return 1; | |
703 | } | |
704 | ||
705 | uint8_t data[2048] = {0}; | |
706 | size_t datalen = 0; | |
707 | uint8_t buf[2048] = {0}; | |
708 | size_t len = 0; | |
709 | uint16_t sw = 0; | |
710 | ||
711 | DropField(); | |
712 | res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); | |
713 | ||
714 | if (res) { | |
715 | PrintAndLog("Can't select authenticator. res=%x. Exit...", res); | |
716 | DropField(); | |
717 | return res; | |
718 | } | |
719 | ||
720 | if (sw != 0x9000) { | |
721 | PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
722 | DropField(); | |
723 | return 2; | |
724 | } | |
725 | ||
726 | res = FIDO2CreateMakeCredentionalReq(root, data, sizeof(data), &datalen); | |
727 | if (res) | |
728 | return res; | |
729 | ||
730 | if (showCBOR) { | |
731 | PrintAndLog("CBOR make credentional request:"); | |
732 | PrintAndLog("---------------- CBOR ------------------"); | |
733 | TinyCborPrintFIDOPackage(fido2CmdMakeCredential, false, data, datalen); | |
734 | PrintAndLog("---------------- CBOR ------------------"); | |
735 | } | |
736 | ||
737 | res = FIDO2MakeCredential(data, datalen, buf, sizeof(buf), &len, &sw); | |
738 | DropField(); | |
739 | if (res) { | |
740 | PrintAndLog("Can't execute make credential command. res=%x. Exit...", res); | |
741 | return res; | |
742 | } | |
743 | ||
744 | if (sw != 0x9000) { | |
745 | PrintAndLog("ERROR execute make credential command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
746 | return 3; | |
747 | } | |
748 | ||
749 | if(buf[0]) { | |
750 | PrintAndLog("FIDO2 make credential error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); | |
751 | return 0; | |
752 | } | |
753 | ||
754 | PrintAndLog("MakeCredential result (%d b) OK.", len); | |
755 | if (showCBOR) { | |
756 | PrintAndLog("CBOR make credentional response:"); | |
757 | PrintAndLog("---------------- CBOR ------------------"); | |
758 | TinyCborPrintFIDOPackage(fido2CmdMakeCredential, true, &buf[1], len - 1); | |
759 | PrintAndLog("---------------- CBOR ------------------"); | |
760 | } | |
761 | ||
762 | // parse returned cbor | |
763 | FIDO2MakeCredentionalParseRes(root, &buf[1], len - 1, verbose, verbose2, showCBOR, showDERTLV); | |
764 | ||
765 | if (root) { | |
766 | res = json_dump_file(root, fname, JSON_INDENT(2)); | |
767 | if (res) { | |
768 | PrintAndLog("ERROR: can't save the file: %s", fname); | |
769 | return 200; | |
770 | } | |
771 | PrintAndLog("File `%s` saved.", fname); | |
772 | } | |
773 | ||
774 | json_decref(root); | |
775 | ||
776 | return 0; | |
777 | }; | |
778 | ||
779 | int CmdHFFido2GetAssertion(const char *cmd) { | |
780 | json_error_t error; | |
781 | json_t *root = NULL; | |
782 | char fname[300] = {0}; | |
783 | ||
784 | CLIParserInit("hf fido assert", | |
785 | "Execute a FIDO2 Get Assertion command. Needs json file with parameters. Sample file `fido2.json`. File can be placed in proxmark directory or in `proxmark/fido` directory.", | |
786 | "Usage:\n\thf fido assert -> execute command default parameters file `fido2.json`\n" | |
787 | "\thf fido assert test.json -l -> execute command with parameters file `text.json` and add to request CredentialId"); | |
788 | ||
789 | void* argtable[] = { | |
790 | arg_param_begin, | |
791 | arg_lit0("aA", "apdu", "show APDU reqests and responses"), | |
792 | arg_litn("vV", "verbose", 0, 2, "show technical data. vv - show full certificates data"), | |
793 | arg_lit0("cC", "cbor", "show CBOR decoded data"), | |
794 | arg_lit0("lL", "list", "add CredentialId from json to allowList. Needs if `rk` option is `false` (authenticator don't store credential to its memory)"), | |
795 | arg_str0(NULL, NULL, "<json file name>", "JSON input / output file name for parameters. Default `fido2.json`"), | |
796 | arg_param_end | |
797 | }; | |
798 | CLIExecWithReturn(cmd, argtable, true); | |
799 | ||
800 | bool APDULogging = arg_get_lit(1); | |
801 | bool verbose = arg_get_lit(2); | |
802 | bool verbose2 = arg_get_lit(2) > 1; | |
803 | bool showCBOR = arg_get_lit(3); | |
804 | bool createAllowList = arg_get_lit(4); | |
805 | ||
806 | uint8_t jsonname[250] ={0}; | |
807 | char *cjsonname = (char *)jsonname; | |
808 | int jsonnamelen = 0; | |
809 | CLIGetStrWithReturn(5, jsonname, &jsonnamelen); | |
810 | ||
811 | if (!jsonnamelen) { | |
812 | strcat(cjsonname, "fido2"); | |
813 | jsonnamelen = strlen(cjsonname); | |
814 | } | |
815 | ||
816 | CLIParserFree(); | |
817 | ||
818 | SetAPDULogging(APDULogging); | |
819 | ||
820 | int res = GetExistsFileNameJson("fido", "fido2", fname); | |
821 | if(res) { | |
822 | PrintAndLog("ERROR: Can't found the json file."); | |
823 | return res; | |
824 | } | |
825 | PrintAndLog("fname: %s\n", fname); | |
826 | root = json_load_file(fname, 0, &error); | |
827 | if (!root) { | |
828 | PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text); | |
829 | return 1; | |
830 | } | |
831 | ||
832 | uint8_t data[2048] = {0}; | |
833 | size_t datalen = 0; | |
834 | uint8_t buf[2048] = {0}; | |
835 | size_t len = 0; | |
836 | uint16_t sw = 0; | |
837 | ||
838 | DropField(); | |
839 | res = FIDOSelect(true, true, buf, sizeof(buf), &len, &sw); | |
840 | ||
841 | if (res) { | |
842 | PrintAndLog("Can't select authenticator. res=%x. Exit...", res); | |
843 | DropField(); | |
844 | return res; | |
845 | } | |
846 | ||
847 | if (sw != 0x9000) { | |
848 | PrintAndLog("Can't select FIDO application. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
849 | DropField(); | |
850 | return 2; | |
851 | } | |
852 | ||
853 | res = FIDO2CreateGetAssertionReq(root, data, sizeof(data), &datalen, createAllowList); | |
854 | if (res) | |
855 | return res; | |
856 | ||
857 | if (showCBOR) { | |
858 | PrintAndLog("CBOR get assertion request:"); | |
859 | PrintAndLog("---------------- CBOR ------------------"); | |
860 | TinyCborPrintFIDOPackage(fido2CmdGetAssertion, false, data, datalen); | |
861 | PrintAndLog("---------------- CBOR ------------------"); | |
862 | } | |
863 | ||
864 | res = FIDO2GetAssertion(data, datalen, buf, sizeof(buf), &len, &sw); | |
865 | DropField(); | |
866 | if (res) { | |
867 | PrintAndLog("Can't execute get assertion command. res=%x. Exit...", res); | |
868 | return res; | |
869 | } | |
870 | ||
871 | if (sw != 0x9000) { | |
872 | PrintAndLog("ERROR execute get assertion command. APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); | |
873 | return 3; | |
874 | } | |
875 | ||
876 | if(buf[0]) { | |
877 | PrintAndLog("FIDO2 get assertion error: %d - %s", buf[0], fido2GetCmdErrorDescription(buf[0])); | |
878 | return 0; | |
879 | } | |
880 | ||
881 | PrintAndLog("GetAssertion result (%d b) OK.", len); | |
882 | if (showCBOR) { | |
883 | PrintAndLog("CBOR get assertion response:"); | |
884 | PrintAndLog("---------------- CBOR ------------------"); | |
885 | TinyCborPrintFIDOPackage(fido2CmdGetAssertion, true, &buf[1], len - 1); | |
886 | PrintAndLog("---------------- CBOR ------------------"); | |
887 | } | |
888 | ||
889 | // parse returned cbor | |
890 | FIDO2GetAssertionParseRes(root, &buf[1], len - 1, verbose, verbose2, showCBOR); | |
891 | ||
892 | if (root) { | |
893 | res = json_dump_file(root, fname, JSON_INDENT(2)); | |
894 | if (res) { | |
895 | PrintAndLog("ERROR: can't save the file: %s", fname); | |
896 | return 200; | |
897 | } | |
898 | PrintAndLog("File `%s` saved.", fname); | |
899 | } | |
900 | ||
901 | json_decref(root); | |
902 | ||
903 | return 0; | |
904 | }; | |
905 | ||
39cc1c87 OM |
906 | static command_t CommandTable[] = |
907 | { | |
908 | {"help", CmdHelp, 1, "This help."}, | |
909 | {"info", CmdHFFidoInfo, 0, "Info about FIDO tag."}, | |
910 | {"reg", CmdHFFidoRegister, 0, "FIDO U2F Registration Message."}, | |
911 | {"auth", CmdHFFidoAuthenticate, 0, "FIDO U2F Authentication Message."}, | |
0bb51450 OM |
912 | {"make", CmdHFFido2MakeCredential, 0, "FIDO2 MakeCredential command."}, |
913 | {"assert", CmdHFFido2GetAssertion, 0, "FIDO2 GetAssertion command."}, | |
39cc1c87 OM |
914 | {NULL, NULL, 0, NULL} |
915 | }; | |
916 | ||
917 | int CmdHFFido(const char *Cmd) { | |
918 | (void)WaitForResponseTimeout(CMD_ACK,NULL,100); | |
919 | CmdsParse(CommandTable, Cmd); | |
920 | return 0; | |
921 | } | |
922 | ||
923 | int CmdHelp(const char *Cmd) { | |
924 | CmdsHelp(CommandTable); | |
925 | return 0; | |
926 | } |