Made a service to enable auto-starting.

APDU.hpp

@@ -12,7 +12,7 @@ enum APDU_STATUS : uint16_t
 	SW_NO_ERROR                 = 0x9000,
 	SW_WRONG_LENGTH             = 0x6700,
 	SW_CONDITIONS_NOT_SATISFIED = 0x6985,
-	SW_COMMAND_NOT_ALLOWED      = 0x6986,
 	SW_WRONG_DATA               = 0x6A80,
-	SW_INS_NOT_SUPPORTED        = 0x6D00
+	SW_INS_NOT_SUPPORTED        = 0x6D00,
+	SW_COMMAND_NOT_ALLOWED      = 0x6E00,
 };

Channel.cpp

@@ -27,7 +27,10 @@ void Channel::handle(const shared_ptr<U2FMessage> uMsg)
 	else if (this->lockedState != ChannelLockedState::Unlocked)
 		throw runtime_error{ "Channel in incorrect (locked) state to handle request" };
 
-	return U2F_CMD::get(uMsg)->respond(this->cid);
+	auto cmd = U2F_CMD::get(uMsg);
+
+	if (cmd)
+		return cmd->respond(this->cid);
 }
 
 void Channel::init(const ChannelInitState newInitState)

Makefile

@@ -15,6 +15,8 @@ U2FDevice: $(OBJECTS) libuECC.o libcppb64.o
 
 install: U2FDevice
 	install -m775 -t /usr/bin U2FDevice
+	install -m775 -t /etc/systemd/system U2FDevice.service
+	install -d /usr/share/U2FDevice/
 
 $(OBJ_DIR)/%.o: $(SRC_DIR)/%.cpp
 	g++ $(CPPFLAGS) $(CXXFLAGS) -c -o $@ $<

Readme.txt

@@ -18,7 +18,11 @@ sudo make install
 
 To run
 
-U2FDevice
+sudo systemctl start U2FDevice.service
+
+To run automatically at boot
+
+sudo systmectl enable U2FDevice.service
 
 Debug files at
 

U2FDevice.cpp

@@ -27,7 +27,10 @@ int main(int argc, char **argv)
 	}
 
 	signal(SIGINT, signalCallback);
-	Storage::init();
+
+	string privKeyDir = (argc == 2 ? argv[1] : "/usr/share/U2FDevice/");
+
+	Storage::init(privKeyDir);
 
 	Controller ch{ 0xF1D00000 };
 

U2FDevice.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=An implementation of the U2F device protocol for Raspberry Pi 0
+
+[Service]
+ExecStart=/usr/bin/U2FDevice
+
+[Install]
+WantedBy=multi-user.target

U2F_Authenticate_APDU.cpp

@@ -17,7 +17,7 @@ U2F_Authenticate_APDU::U2F_Authenticate_APDU(const U2F_Msg_CMD &msg, const vecto
 	if (p2 != 0)
 	{
 		//Invalid U2F (APDU) parameter detected
-		throw APDU_STATUS::SW_COMMAND_NOT_ALLOWED;
+		throw APDU_STATUS::SW_CONDITIONS_NOT_SATISFIED;
 	}
 	else if (data.size() < 66)
 	{
@@ -81,7 +81,7 @@ void U2F_Authenticate_APDU::respond(const uint32_t channelID) const
 
 		default:
 			cerr << "Unknown APDU authentication command" << endl;
-			this->error(channelID, APDU_STATUS::SW_COMMAND_NOT_ALLOWED);
+			this->error(channelID, APDU_STATUS::SW_INS_NOT_SUPPORTED);
 			return;
 	}
 

U2F_Msg_CMD.cpp

@@ -172,11 +172,13 @@ shared_ptr<U2F_Msg_CMD> U2F_Msg_CMD::generate(const shared_ptr<U2FMessage> uMsg)
 	{
 		U2F_Msg_CMD::error(uMsg->cid, e);
 		throw runtime_error{ "APDU construction error" };
+		return {};
 	}
 }
 
 void U2F_Msg_CMD::error(const uint32_t channelID, const uint16_t errCode)
 {
+	clog << "U2F_Msg_CMD::error " << errCode << endl;
 	U2FMessage msg{};
 	msg.cid = channelID;
 	msg.cmd = U2FHID_MSG;

U2F_Register_APDU.cpp

@@ -20,10 +20,11 @@ U2F_Register_APDU::U2F_Register_APDU(const U2F_Msg_CMD &msg, const vector<uint8_
 		//Incorrect registration size
 		throw APDU_STATUS::SW_WRONG_LENGTH;
 	}
-	else if (p1 != 0x00 || p2 != 0x00)
+	else if ((p1 != 0x00 && p1 != 0x03) || p2 != 0x00) //According to spec, 0x03 not allowed here
+		//However, browsers seem to do it, so...
 	{
 		//Invalid U2F Message (APDU) parameters detected
-		throw APDU_STATUS::SW_COMMAND_NOT_ALLOWED;
+		throw APDU_STATUS::SW_INS_NOT_SUPPORTED;
 	}
 
 	copy(data.data() + 0,  data.data() + 32, challengeP.begin());

U2F_Version_APDU.cpp

@@ -11,7 +11,7 @@ U2F_Version_APDU::U2F_Version_APDU(const U2F_Msg_CMD &msg, const std::vector<uin
 {
 	//Don't actually respond yet unless invalid
 	if (msg.p1 != 0 || msg.p2 != 0)
-		throw APDU_STATUS::SW_COMMAND_NOT_ALLOWED;
+		throw APDU_STATUS::SW_INS_NOT_SUPPORTED;
 	else if (data.size() != 0)
 		throw APDU_STATUS::SW_WRONG_LENGTH;
 }