diff --git a/APDU.hpp b/APDU.hpp index 8981047..1285963 100644 --- a/APDU.hpp +++ b/APDU.hpp @@ -12,7 +12,7 @@ enum APDU_STATUS : uint16_t SW_NO_ERROR = 0x9000, SW_WRONG_LENGTH = 0x6700, SW_CONDITIONS_NOT_SATISFIED = 0x6985, - SW_COMMAND_NOT_ALLOWED = 0x6986, SW_WRONG_DATA = 0x6A80, - SW_INS_NOT_SUPPORTED = 0x6D00 + SW_INS_NOT_SUPPORTED = 0x6D00, + SW_COMMAND_NOT_ALLOWED = 0x6E00, }; diff --git a/Channel.cpp b/Channel.cpp index 05ada7c..b3eb0de 100644 --- a/Channel.cpp +++ b/Channel.cpp @@ -27,7 +27,10 @@ void Channel::handle(const shared_ptr uMsg) else if (this->lockedState != ChannelLockedState::Unlocked) throw runtime_error{ "Channel in incorrect (locked) state to handle request" }; - return U2F_CMD::get(uMsg)->respond(this->cid); + auto cmd = U2F_CMD::get(uMsg); + + if (cmd) + return cmd->respond(this->cid); } void Channel::init(const ChannelInitState newInitState) diff --git a/Makefile b/Makefile index 4c41286..97ed485 100755 --- a/Makefile +++ b/Makefile @@ -15,6 +15,8 @@ U2FDevice: $(OBJECTS) libuECC.o libcppb64.o install: U2FDevice install -m775 -t /usr/bin U2FDevice + install -m775 -t /etc/systemd/system U2FDevice.service + install -d /usr/share/U2FDevice/ $(OBJ_DIR)/%.o: $(SRC_DIR)/%.cpp g++ $(CPPFLAGS) $(CXXFLAGS) -c -o $@ $< diff --git a/Readme.txt b/Readme.txt index da05735..8c31bdd 100644 --- a/Readme.txt +++ b/Readme.txt @@ -18,7 +18,11 @@ sudo make install To run -U2FDevice +sudo systemctl start U2FDevice.service + +To run automatically at boot + +sudo systmectl enable U2FDevice.service Debug files at diff --git a/U2FDevice.cpp b/U2FDevice.cpp index f2a4d79..d6c808c 100644 --- a/U2FDevice.cpp +++ b/U2FDevice.cpp @@ -27,7 +27,10 @@ int main(int argc, char **argv) } signal(SIGINT, signalCallback); - Storage::init(); + + string privKeyDir = (argc == 2 ? argv[1] : "/usr/share/U2FDevice/"); + + Storage::init(privKeyDir); Controller ch{ 0xF1D00000 }; diff --git a/U2FDevice.service b/U2FDevice.service new file mode 100755 index 0000000..90ddc15 --- /dev/null +++ b/U2FDevice.service @@ -0,0 +1,8 @@ +[Unit] +Description=An implementation of the U2F device protocol for Raspberry Pi 0 + +[Service] +ExecStart=/usr/bin/U2FDevice + +[Install] +WantedBy=multi-user.target diff --git a/U2F_Authenticate_APDU.cpp b/U2F_Authenticate_APDU.cpp index 3a66f41..b9dc017 100644 --- a/U2F_Authenticate_APDU.cpp +++ b/U2F_Authenticate_APDU.cpp @@ -17,7 +17,7 @@ U2F_Authenticate_APDU::U2F_Authenticate_APDU(const U2F_Msg_CMD &msg, const vecto if (p2 != 0) { //Invalid U2F (APDU) parameter detected - throw APDU_STATUS::SW_COMMAND_NOT_ALLOWED; + throw APDU_STATUS::SW_CONDITIONS_NOT_SATISFIED; } else if (data.size() < 66) { @@ -81,7 +81,7 @@ void U2F_Authenticate_APDU::respond(const uint32_t channelID) const default: cerr << "Unknown APDU authentication command" << endl; - this->error(channelID, APDU_STATUS::SW_COMMAND_NOT_ALLOWED); + this->error(channelID, APDU_STATUS::SW_INS_NOT_SUPPORTED); return; } diff --git a/U2F_Msg_CMD.cpp b/U2F_Msg_CMD.cpp index bce2508..b2925b0 100644 --- a/U2F_Msg_CMD.cpp +++ b/U2F_Msg_CMD.cpp @@ -172,11 +172,13 @@ shared_ptr U2F_Msg_CMD::generate(const shared_ptr uMsg) { U2F_Msg_CMD::error(uMsg->cid, e); throw runtime_error{ "APDU construction error" }; + return {}; } } void U2F_Msg_CMD::error(const uint32_t channelID, const uint16_t errCode) { + clog << "U2F_Msg_CMD::error " << errCode << endl; U2FMessage msg{}; msg.cid = channelID; msg.cmd = U2FHID_MSG; diff --git a/U2F_Register_APDU.cpp b/U2F_Register_APDU.cpp index dd095fb..559dfd3 100644 --- a/U2F_Register_APDU.cpp +++ b/U2F_Register_APDU.cpp @@ -20,10 +20,11 @@ U2F_Register_APDU::U2F_Register_APDU(const U2F_Msg_CMD &msg, const vector