add more debug information

canokeys · Oct 13, 2023 · 427e45f · 427e45f
1 parent 7e48c17
commit 427e45f
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 1 deletion.
diff --git a/FIDO2 Conformance Testing.json b/FIDO2 Conformance Testing.json
@@ -0,0 +1,84 @@
+{
+    "description": "CanoKey Authenticator",
+    "aaguid": "244eb29e-e090-4e49-81fe-1f20f8d3b8f4",
+    "authenticatorVersion": 201,
+    "protocolFamily": "fido2",
+    "schema": 3,
+    "upv": [
+        {
+            "major": 1,
+            "minor": 1
+        }
+    ],
+    "authenticationAlgorithms": ["secp256r1_ecdsa_sha256_raw", "ed25519_eddsa_sha512_raw"],
+    "publicKeyAlgAndEncodings": ["cose"],
+    "attestationTypes": ["basic_full"],
+    "userVerificationDetails": [
+        [
+            { "userVerificationMethod": "none" }
+        ],
+        [
+            { "userVerificationMethod": "presence_internal" }
+        ],
+        [
+            { "userVerificationMethod": "passcode_external" }
+        ],
+        [
+            { "userVerificationMethod": "passcode_external" },
+            { "userVerificationMethod": "presence_internal" }
+        ]
+    ],
+    "keyProtection": ["hardware", "secure_element"],
+    "matcherProtection": ["on_chip"],
+    "tcDisplay": [],
+    "attestationRootCertificates": [
+        "MIIDMjCCAhqgAwIBAgIUAvaAGy8lEWimeNJniABYTEpv1GowDQYJKoZIhvcNAQELBQAwMTEvMC0GA1UEAwwmQ2Fub0tleXMgRklETyBBdHRlc3RhdGlvbiBSb290IENBIE5vLjEwHhcNMjAwNzA4MTEzNzMzWhcNNDAwMTA1MTEzNzMzWjAxMS8wLQYDVQQDDCZDYW5vS2V5cyBGSURPIEF0dGVzdGF0aW9uIFJvb3QgQ0EgTm8uMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7eBQHp4sJBXOEM9JivpoQvS/neBPCdp2h36PGDzx6wZ5AP8UZOw5a+VFeresLm00qo5qWOJ2ajFlupjmXVpfsYnao1DDbI3ZDZkbIePj0NmnTProHr4N73gBGGaErKW+IURVGsvXAZcPz/qeGclo4ZFH4th6RZT4nJzOUd5rwB5ZNnqgxmhAziyz8MUb3dmYJpB/PC+5SRaCcW7hzKoxy9Wv4SJkCrf3V7YOix9VKqut4hIHDObHgzeoUDpw1makeRDD+I0ImKCxErVydSNXhcKF+8TDAM6S+ucD2Nj/xmrSB3P59ZIBYlGlrEZG5tbXs+KWXP5GH28jDlCzqzrMMCAwEAAaNCMEAwHQYDVR0OBBYEFLH58IKZ6u2YsgCKQdfbKILv3W1AMA8GA1UdEwQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBoIU1j9srZqey3e1i3Ntu0Sa/co4ltDhHrl2FqZNAsVSjqD6sbDFjOO2gPWh/RhkbV0KYlFPqA7MC4KwIwBekWwZ0W5ZH+a4uEGjZqGAxym4Bae+qyHrsnBmKnwhKmQTbGmCrHWxObi8dq+cImBN/LmzWk7ImriNbTf/g/DwYLA/9FxD7O90KCW7yghXOsZhka8Z6o/5dqnIagMXeSimkPzwIdB53v4AObsguiD9aV5b1P62wymEFp1wImJoJsXQxls1AhTdAG2Yez0PjeN4l5im+px6owhDA3bcGbccdwLGj+5FClWa+Bi3Ekt5Sx9DQ8V7AnzQzpizcHkDr4tpmB"
+    ],
+    "icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAACXBIWXMAAC4jAAAuIwF4pT92AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAthJREFUeNrslt9Lk1EYx7/vNte0vXOk7yS7qyWBYvnjIktGU0vDCwktV4KXpv3wB/4BBiIa/QC1wjkVUxNsUuuuzd1k6iBLCxIFzcDXOTZwY8r2sr1rp4uXZuoggryJfS8eeL6c53w45+E5HIoQgoOUCAesGCAGiAEAyX6LZdn19XWGYdRq9T8gkN1qa20VDlVZcZUQYpuZKS0tHTca9ywz6Hurq6s/zs6SP2kXwGI2AzjKqHQ63ft3k4SQpoYGAMWFRXvKLmoLAAwODPwdoLdHD2BkaOh3843J5HK59pTV1dwE8Gp8fP+OS4tL5rfmH6GQkO70oLuzc2jwuSop2dBrOCynk5KO9PX3Z2ZkMCkpqyvfGIYBcL+9w2qdKCoqCgQCAHieF2ofP3xkMr1W0IraulptQYHP7wNF7e2BNl8DIO34CQANd+u7u7oASEABqKupJYRU6a4DoGXxqaoUpZwWA9aJCUJI4QUtgFPqkwnSQwD69ProVxQMBtvb2iiKetDRwfN8KBTiOO7Zk6cA+noNLMsCyMo8zfn9HMflnMkCsLS4OD01DUB39RohxOl0yhMS4iiR3W6PbLszB3FxcbRCQQhRJCZKJBKxWCyTyeRyGoBUKv0y/xmATlcpi4+XyWQajQaAz+ebmpwEUF5RDkClUhVqC3gSnp+biz4HnN8PwO/3R5xAgMvNzk5mkkWUCMDq6nfBdzg2BDCtUABwOl2/fIdAig4IBoORKIjneQVNb3m3ii+XiEHp+wzpGelut/ul0QggEAiUXSm7def2vZaWtLS0hYWvH+Y+5Z/Ny8nNjf5USCSSSIw44XDY4dhQKpXDw8NiiqpvbBwdeVF1owoAu7aWmnrM0KPf3t6+VFLc1Nx8Pu/c6NiYSCSKPsket2d5ednj8UQcr9drX7e73ZtCyrJrVqs1HA4TQpZXVrxer+C7N90Wi8Vms+0fCyr2q4gBYoD/APBzAI6VNqGQPUqnAAAAAElFTkSuQmCC",
+    "authenticatorGetInfo": {
+        "versions": [
+            "U2F_V2",
+            "FIDO_2_0",
+            "FIDO_2_1"
+        ],
+        "extensions": [
+            "credBlob",
+            "credProtect",
+            "hmac-secret",
+            "largeBlobKey"
+        ],
+        "aaguid": "244eb29ee0904e4981fe1f20f8d3b8f4",
+        "options": {
+            "rk": true,
+            "credMgmt": true,
+            "clientPin": false,
+            "largeBlobs": true,
+            "pinUvAuthToken": true,
+            "makeCredUvNotRqd": true
+        },
+        "maxMsgSize": 1300,
+        "pinUvAuthProtocols": [
+            1,
+            2
+        ],
+        "maxCredentialCountInList": 8,
+        "maxCredentialIdLength": 70,
+        "transports": [
+            "nfc",
+            "usb"
+        ],
+        "algorithms": [
+            {
+                "alg": -7,
+                "type": "public-key"
+            },
+            {
+                "alg": -8,
+                "type": "public-key"
+            }
+        ],
+        "maxSerializedLargeBlobArray": 4096,
+        "firmwareVersion": 201,
+        "maxCredBlobLength": 32
+    }
+}
diff --git a/applets/ctap/ctap-parser.c b/applets/ctap/ctap-parser.c
@@ -928,6 +928,8 @@ uint8_t parse_client_pin(CborParser *parser, CTAP_client_pin *cp, const uint8_t
         if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
         ret = cbor_value_copy_byte_string(&map, cp->pin_uv_auth_param, &len, NULL);
         CHECK_CBOR_RET(ret);
+        DBG_MSG("pin_uv_auth_param: ");
+        PRINT_HEX(cp->pin_uv_auth_param, len);
         cp->parsed_params |= PARAM_PIN_UV_AUTH_PARAM;
         break;
 

diff --git a/applets/ctap/ctap.c b/applets/ctap/ctap.c
@@ -1364,6 +1364,7 @@ static uint8_t ctap_client_pin(CborEncoder *encoder, const uint8_t *params, size
   int err, retries;
   switch (cp.sub_command) {
     case CP_CMD_GET_PIN_RETRIES:
+    DBG_MSG("Subcommand Get Pin Retries\n");
       ret = cbor_encoder_create_map(encoder, &map, 1);
       CHECK_CBOR_RET(ret);
       ret = cbor_encode_int(&map, CP_RESP_PIN_RETRIES);
@@ -1375,6 +1376,7 @@ static uint8_t ctap_client_pin(CborEncoder *encoder, const uint8_t *params, size
       break;
 
     case CP_CMD_GET_KEY_AGREEMENT:
+      DBG_MSG("Subcommand Get Key Agreement\n");
       ret = cbor_encoder_create_map(encoder, &map, 1);
       CHECK_CBOR_RET(ret);
       ret = cbor_encode_int(&map, CP_RESP_KEY_AGREEMENT);
@@ -1393,13 +1395,14 @@ static uint8_t ctap_client_pin(CborEncoder *encoder, const uint8_t *params, size
       break;
 
     case CP_CMD_SET_PIN:
+      DBG_MSG("Subcommand Set Pin\n");
       err = has_pin();
       if (err < 0) return CTAP2_ERR_UNHANDLED_REQUEST;
       if (err > 0) return CTAP2_ERR_PIN_AUTH_INVALID;
       ret = cp_decapsulate(cp.key_agreement, cp.pin_uv_auth_protocol);
       CHECK_PARSER_RET(ret);
       DBG_MSG("Shared Secret: ");
-      PRINT_HEX(cp.key_agreement, PUB_KEY_SIZE);
+      PRINT_HEX(cp.key_agreement, SHARED_SECRET_SIZE);
       if (!cp_verify(cp.key_agreement, SHARED_SECRET_SIZE, cp.new_pin_enc,
                      cp.pin_uv_auth_protocol == 1 ? PIN_ENC_SIZE_P1 : PIN_ENC_SIZE_P2, cp.pin_uv_auth_param,
                      cp.pin_uv_auth_protocol)) {
@@ -1423,6 +1426,7 @@ static uint8_t ctap_client_pin(CborEncoder *encoder, const uint8_t *params, size
       break;
 
     case CP_CMD_CHANGE_PIN:
+      DBG_MSG("Subcommand Change Pin\n");
       err = has_pin();
       if (err < 0) return CTAP2_ERR_UNHANDLED_REQUEST;
       if (err == 0) return CTAP2_ERR_PIN_NOT_SET;
@@ -1486,6 +1490,7 @@ static uint8_t ctap_client_pin(CborEncoder *encoder, const uint8_t *params, size
 
     case CP_CMD_GET_PIN_TOKEN:
     case CP_CMD_GET_PIN_UV_AUTH_TOKEN_USING_PIN_WITH_PERMISSIONS:
+      DBG_MSG("Subcommand Get Pin Token\n");
       // https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#getPinToken
       // https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#getPinUvAuthTokenUsingPinWithPermissions
       err = has_pin();

diff --git a/applets/ctap/secret.c b/applets/ctap/secret.c
@@ -110,6 +110,8 @@ void cp_get_public_key(uint8_t *buf) {
 
 int cp_decapsulate(uint8_t *buf, int pin_protocol) {
   int ret = ecdh(SECP256R1, ka_key.pri, buf, buf);
+  DBG_MSG("ECDH: ");
+  PRINT_HEX(buf, PUBLIC_KEY_LENGTH[SECP256R1]);
   if (ret < 0) return 1;
   if (pin_protocol == 1)
     sha256_raw(buf, PRI_KEY_SIZE, buf);