src: Stop using G_io_apdu_buffer for response creation

LedgerHQ · May 29, 2024 · 40a3a95 · 40a3a95
1 parent 1a599d2
commit 40a3a95
Show file tree

Hide file tree

Showing 10 changed files with 39 additions and 22 deletions.
diff --git a/include/globals.h b/include/globals.h
@@ -31,6 +31,13 @@ extern char rpID[65];
 
 extern u2f_service_t G_io_u2f;
 
+#ifdef TARGET_NANOS
+// Spare RAM on Nanos
+#define responseBuffer G_io_apdu_buffer
+#else
+extern uint8_t responseBuffer[IO_APDU_BUFFER_SIZE];
+#endif
+
 typedef struct ctap2_data_t {
     union ctap2_data_u {
         ctap2_register_data_t ctap2RegisterData;

diff --git a/include/u2f_process.h b/include/u2f_process.h
@@ -22,6 +22,7 @@
 #include "credential.h"
 
 typedef struct u2f_data_t {
+    uint8_t ins;
     uint8_t challenge_param[32];
     uint8_t application_param[32];
     uint8_t nonce[CREDENTIAL_NONCE_SIZE];

diff --git a/src/ctap2_client_pin.c b/src/ctap2_client_pin.c
@@ -382,7 +382,7 @@ static void handle_store_pin(u2f_service_t *service,
     // Invalidate previous token and force the user to issue a GET_PIN_TOKEN command
     authTokeninUse = false;
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(&G_io_u2f, 1);
 }
 
@@ -444,12 +444,12 @@ static void ctap2_handle_get_pin_retries(u2f_service_t *service,
     PRINTF("ctap2_handle_get_pin_retries\n");
     CHECK_PIN_SET();
 
-    cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
+    cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
     cbip_add_map_header(&encoder, 1);
     cbip_add_int(&encoder, TAG_RESP_RETRIES);
     cbip_add_int(&encoder, N_u2f.pinRetries);
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(&G_io_u2f, 1 + encoder.offset);
 }
 
@@ -473,7 +473,7 @@ static void ctap2_handle_get_key_agreement(u2f_service_t *service,
         return;
     }
 
-    cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
+    cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
     cbip_add_map_header(&encoder, 1);
     cbip_add_int(&encoder, TAG_RESP_KEY_AGREEMENT);
     status = encode_cose_key(&encoder, &publicKey, true);
@@ -482,7 +482,7 @@ static void ctap2_handle_get_key_agreement(u2f_service_t *service,
         return;
     }
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(&G_io_u2f, 1 + encoder.offset);
 }
 
@@ -658,12 +658,12 @@ static void ctap2_handle_get_pin_token(u2f_service_t *service,
                              &encryptedLength);
 
     // Generate the response
-    cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
+    cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
     cbip_add_map_header(&encoder, 1);
     cbip_add_int(&encoder, TAG_RESP_PIN_TOKEN);
     cbip_add_byte_string(&encoder, tokenEnc, encryptedLength);
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(&G_io_u2f, 1 + encoder.offset);
 }
 

diff --git a/src/ctap2_get_assertion.c b/src/ctap2_get_assertion.c
@@ -881,7 +881,7 @@ void ctap2_get_assertion_confirm(uint16_t idx) {
     // Build the response
     status = sign_and_build_getAssert_authData(shared_ctx.sharedBuffer,
                                                dataLen,
-                                               G_io_apdu_buffer + 1,
+                                               responseBuffer + 1,
                                                CUSTOM_IO_APDU_BUFFER_SIZE - 1,
                                                &credData);
     if (status < 0) {
@@ -890,7 +890,7 @@ void ctap2_get_assertion_confirm(uint16_t idx) {
     dataLen = status;
     status = 0;
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
 
 exit:
     if (status == 0) {

diff --git a/src/ctap2_get_info.c b/src/ctap2_get_info.c
@@ -22,6 +22,7 @@
 #include "ctap2.h"
 #include "cbip_encode.h"
 #include "config.h"
+#include "globals.h"
 
 #define CTAP_HEADER_SIZE 7
 
@@ -45,7 +46,7 @@ void ctap2_get_info_handle(u2f_service_t *service, uint8_t *buffer, uint16_t len
 
     PRINTF("ctap2_get_info_handle\n");
 
-    cbip_encoder_init(&encoder, G_io_apdu_buffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
+    cbip_encoder_init(&encoder, responseBuffer + 1, CUSTOM_IO_APDU_BUFFER_SIZE - 1);
 
     cbip_add_map_header(&encoder, 6);
 
@@ -95,6 +96,6 @@ void ctap2_get_info_handle(u2f_service_t *service, uint8_t *buffer, uint16_t len
     cbip_add_array_header(&encoder, 1);
     cbip_add_int(&encoder, PIN_PROTOCOL_VERSION_V1);
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(service, 1 + encoder.offset);
 }
diff --git a/src/ctap2_make_credential.c b/src/ctap2_make_credential.c
@@ -694,7 +694,7 @@ void ctap2_make_credential_confirm() {
     // Compute standard attestation then build CBOR response
     status = sign_and_build_makeCred_response(shared_ctx.sharedBuffer,
                                               dataLen,
-                                              G_io_apdu_buffer + 1,
+                                              responseBuffer + 1,
                                               CUSTOM_IO_APDU_BUFFER_SIZE - 1);
     if (status < 0) {
         status = ERROR_OTHER;
@@ -703,7 +703,7 @@ void ctap2_make_credential_confirm() {
     dataLen = status;
     status = 0;
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
 
 exit:
     if (status == 0) {

diff --git a/src/ctap2_processing.c b/src/ctap2_processing.c
@@ -51,9 +51,9 @@ void send_cbor_error(u2f_service_t *service, uint8_t error) {
 
 void send_cbor_response(u2f_service_t *service, uint32_t length) {
     if (CMD_IS_OVER_U2F_CMD) {
-        io_send_response_pointer(G_io_apdu_buffer, length, SW_NO_ERROR);
+        io_send_response_pointer(responseBuffer, length, SW_NO_ERROR);
     } else {
-        u2f_message_reply(service, CTAP2_CMD_CBOR, G_io_apdu_buffer, length);
+        u2f_message_reply(service, CTAP2_CMD_CBOR, responseBuffer, length);
     }
 }
 

diff --git a/src/ctap2_reset.c b/src/ctap2_reset.c
@@ -35,7 +35,7 @@ void ctap2_reset_handle(u2f_service_t *service, uint8_t *buffer, uint16_t length
 void ctap2_reset_confirm() {
     config_process_ctap2_reset();
 
-    G_io_apdu_buffer[0] = ERROR_NONE;
+    responseBuffer[0] = ERROR_NONE;
     send_cbor_response(&G_io_u2f, 1);
 }
 

diff --git a/src/globals.c b/src/globals.c
@@ -26,3 +26,9 @@ char rpID[65];
 
 shared_ctx_t shared_ctx;
 ctap2_ux_state_t ctap2UxState;
+
+#ifdef TARGET_NANOS
+// Spare RAM on Nanos
+#else
+uint8_t responseBuffer[IO_APDU_BUFFER_SIZE];
+#endif
diff --git a/src/u2f_processing.c b/src/u2f_processing.c
@@ -426,19 +426,19 @@ static int u2f_process_user_presence_confirmed(void) {
     uint16_t sw = SW_PROPRIETARY_INTERNAL;
     uint16_t length = 0;
 
-    switch (G_io_apdu_buffer[OFFSET_INS]) {
+    switch (globals_get_u2f_data()->ins) {
         case FIDO_INS_ENROLL:
-            sw = u2f_prepare_enroll_response(G_io_apdu_buffer, &length);
+            sw = u2f_prepare_enroll_response(responseBuffer, &length);
             break;
 
         case FIDO_INS_SIGN:
-            sw = u2f_prepare_sign_response(G_io_apdu_buffer, &length);
+            sw = u2f_prepare_sign_response(responseBuffer, &length);
             break;
 
         default:
             break;
     }
-    return io_send_response_pointer(G_io_apdu_buffer, length, sw);
+    return io_send_response_pointer(responseBuffer, length, sw);
 }
 
 /******************************************/
@@ -608,7 +608,8 @@ static int u2f_handle_apdu_enroll(const uint8_t *rx, uint32_t data_length, const
         return io_send_sw(SW_INCORRECT_P1P2);
     }
 
-    // Backup challenge and application parameters to be used if user accept the request
+    // Backup ins, challenge and application parameters to be used if user accept the request
+    globals_get_u2f_data()->ins = FIDO_INS_ENROLL;
     memmove(globals_get_u2f_data()->challenge_param,
             reg_req->challenge_param,
             sizeof(reg_req->challenge_param));
@@ -671,7 +672,8 @@ static int u2f_handle_apdu_sign(const uint8_t *rx, uint32_t data_length, uint8_t
         return io_send_sw(SW_CONDITIONS_NOT_SATISFIED);
     }
 
-    // Backup nonce, challenge and application parameters to be used if user accept the request
+    // Backup ins, nonce, challenge and application parameters to be used if user accept the request
+    globals_get_u2f_data()->ins = FIDO_INS_SIGN;
     memmove(globals_get_u2f_data()->nonce, nonce, CREDENTIAL_NONCE_SIZE);
     memmove(globals_get_u2f_data()->challenge_param,
             auth_req_base->challenge_param,