[clean] Moving BAGL/BGL management from u2f_processing to a dedicated…

… module

include/credential.h

@@ -19,6 +19,8 @@
 #ifndef __CREDENTIAL_H__
 #define __CREDENTIAL_H__
 
+#include "lcx_aes_siv.h"
+
 #define STATUS_RK_CREDENTIAL 0x01
 
 #define CREDENTIAL_VERSION_U2F   0x01

include/globals.h

@@ -24,6 +24,49 @@
 #include "u2f_process.h"
 #include "ctap2.h"
 
+#define U2F_VERSION      "U2F_V2"
+#define U2F_VERSION_SIZE (sizeof(U2F_VERSION) - 1)
+
+#define FIDO2_VERSION      "FIDO_2_0"
+#define FIDO2_VERSION_SIZE (sizeof(FIDO2_VERSION) - 1)
+
+#define FIDO_AID_SIZE 8
+static const uint8_t FIDO_AID[FIDO_AID_SIZE] = {0xA0, 0x00, 0x00, 0x06, 0x47, 0x2F, 0x00, 0x01};
+
+#define OFFSET_CLA 0
+#define OFFSET_INS 1
+#define OFFSET_P1  2
+#define OFFSET_P2  3
+
+#define FIDO_CLA               0x00
+#define FIDO_INS_ENROLL        0x01
+#define FIDO_INS_SIGN          0x02
+#define FIDO_INS_GET_VERSION   0x03
+#define FIDO_INS_CTAP2_PROXY   0x10
+#define FIDO_INS_APPLET_SELECT 0xA4
+
+#define FIDO2_NFC_CLA                 0x80
+#define FIDO2_NFC_CHAINING_CLA        0x90
+#define FIDO2_NFC_INS_CTAP2_PROXY     0x10
+#define FIDO2_NFC_INS_APPLET_DESELECT 0x12
+
+#define P1_U2F_CHECK_IS_REGISTERED    0x07
+#define P1_U2F_REQUEST_USER_PRESENCE  0x03
+#define P1_U2F_OPTIONAL_USER_PRESENCE 0x08
+
+#define APDU_MIN_HEADER       4
+#define LC_FIRST_BYTE_OFFSET  4
+#define SHORT_ENC_LC_SIZE     1
+#define SHORT_ENC_LE_SIZE     1
+#define EXT_ENC_LC_SIZE       3
+#define EXT_ENC_LE_SIZE       2  // considering only scenarios where Lc is present
+#define SHORT_ENC_DATA_OFFSET 5
+#define EXT_ENC_DATA_OFFSET   7
+
+#define SHORT_ENC_DEFAULT_LE \
+    253  // Should be 256, stax-rc4 MCU only support 255, so use 253 + 2 for now here
+#define EXT_ENC_DEFAULT_LE 65536
+
 typedef struct global_s {
     char verifyHash[65];
     char buffer_20[20];

include/u2f_processing_flow.h

@@ -0,0 +1,101 @@
+/*
+*******************************************************************************
+*   Ledger App Security Key
+*   (c) 2022 Ledger
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*   Unless required by applicable law or agreed to in writing, software
+*   distributed under the License is distributed on an "AS IS" BASIS,
+*   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*   limitations under the License.
+********************************************************************************/
+
+#pragma once
+
+#include <unistd.h>
+
+#include "credential.h"
+
+#define U2F_ENROLL_RESERVED 0x05
+static const uint8_t DUMMY_ZERO[] = {0x00};
+#define SIGN_USER_PRESENCE_MASK 0x01
+static const uint8_t DUMMY_USER_PRESENCE[] = {SIGN_USER_PRESENCE_MASK};
+
+#define U2F_ENROLL_USER_KEY_SIZE 65
+
+/******************************************/
+/*     U2F message payload structures     */
+/******************************************/
+
+/* Registration Request Message
+ *
+ * +-------------------------+
+ * | Challenge | Application |
+ * +-------------------------+
+ * | 32 bytes  |  32 bytes   |
+ * +-------------------------+
+ */
+// __attribute__((__packed__)) not necessary as we use only uint8_t
+typedef struct u2f_reg_req_t {
+    uint8_t challenge_param[32];
+    uint8_t application_param[32];
+} u2f_reg_req_t;
+
+/* Registration Response Message: Success
+ *
+ * +----------+----------+----------------+------------+-------------+-----------*
+ * | Reserved | User key | Key handle len | Key handle | Attestation | Signature |
+ * +----------+----------+----------------+------------+-------------+-----------*
+ * |  1 byte  | 65 bytes |    1 byte      |  L bytes   |             |           |
+ * +----------+----------+----------------+------------+-------------+-----------*
+ */
+// __attribute__((__packed__)) not necessary as we use only uint8_t
+typedef struct u2f_reg_resp_base_t {
+    uint8_t reserved_byte;
+    uint8_t user_key[U2F_ENROLL_USER_KEY_SIZE];
+    uint8_t key_handle_length;
+    uint8_t key_handle[CREDENTIAL_MINIMAL_SIZE];  // We generate fix size key handles
+    // attestation certificate: not in this base struct due to not const length
+    // signature: not in this base struct due to not const offset nor length
+} u2f_reg_resp_base_t;
+
+/* Authentication Request Message
+ *
+ * +-------------------------+----------------+------------+
+ * | Challenge | Application | Key handle len | Key handle |
+ * +-------------------------+----------------+------------+
+ * | 32 bytes  |  32 bytes   |    1 byte      |  L bytes   |
+ * +-------------------------+----------------+------------+
+ */
+// __attribute__((__packed__)) not necessary as we use only uint8_t
+typedef struct u2f_auth_req_base_t {
+    uint8_t challenge_param[32];
+    uint8_t application_param[32];
+    uint8_t key_handle_length;
+    // key handle: not in this base struct due to not const length
+} u2f_auth_req_base_t;
+
+/* Authentication Response Message: Success
+ *
+ * +---------------+---------+-----------*
+ * | User presence | Counter | Signature |
+ * +---------------+---------+-----------*
+ * |  1 byte       | 4 bytes |           |
+ * +---------------+---------+-----------*
+ */
+// __attribute__((__packed__)) not necessary as we use only uint8_t
+typedef struct u2f_auth_resp_base_t {
+    uint8_t user_presence;
+    uint8_t counter[4];
+    // signature: not in this base struct due to not const length
+} u2f_auth_resp_base_t;
+
+uint16_t u2f_prepare_enroll_response(uint8_t *buffer, uint16_t *length);
+uint16_t u2f_prepare_sign_response(uint8_t *buffer, uint16_t *length);
+void u2f_prompt_user_presence(bool enroll, uint8_t *applicationParameter);