WIP: Fixup debian building for solokey hacker

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "mbedtls"]
+	path = mbedtls
+	url = [email protected]:ARMmbed/mbedtls.git

Makefile

@@ -5,8 +5,7 @@ RM = rm -rf
 rwildcard=$(wildcard $1$2) $(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2))
 
 OBJ_DIR := ./obj
-SRC_DIRS := ./pc \
-            ./src \
+SRC_DIRS := ./src \
             ./src/applications \
             ./src/applications/openpgp \
             ./libs/stm32fs

src/apdu.h

@@ -0,0 +1,63 @@
+#ifndef _APDU_H_
+#define _APDU_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+
+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint8_t lc;
+} __attribute__((packed)) APDU_HEADER;
+
+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint8_t lc[3];
+} __attribute__((packed)) EXT_APDU_HEADER;
+
+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint16_t lc;
+    uint8_t *data;
+    uint32_t le;
+    bool extended_apdu;
+    uint8_t case_type;
+} __attribute__((packed)) APDU_STRUCT;
+
+extern uint16_t apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
+
+#define APDU_FIDO_U2F_REGISTER        0x01
+#define APDU_FIDO_U2F_AUTHENTICATE    0x02
+#define APDU_FIDO_U2F_VERSION         0x03
+#define APDU_FIDO_NFCCTAP_MSG         0x10
+#define APDU_FIDO_U2F_VENDOR_FIRST    0xc0    // First vendor defined command
+#define APDU_FIDO_U2F_VENDOR_LAST     0xff    // Last vendor defined command
+#define APDU_SOLO_RESET               0xee
+
+#define APDU_INS_SELECT               0xA4
+#define APDU_INS_READ_BINARY          0xB0
+#define APDU_GET_RESPONSE             0xC0
+
+#define SW_SUCCESS                    0x9000
+#define SW_GET_RESPONSE               0x6100  // Command successfully executed; 'XX' bytes of data are available and can be requested using GET RESPONSE.
+#define SW_WRONG_LENGTH               0x6700
+#define SW_COND_USE_NOT_SATISFIED     0x6985
+#define SW_FILE_NOT_FOUND             0x6a82
+#define SW_INCORRECT_P1P2             0x6a86
+#define SW_INS_INVALID                0x6d00  // Instruction code not supported or invalid
+#define SW_CLA_INVALID                0x6e00  
+#define SW_INTERNAL_EXCEPTION         0x6f00
+
+#endif //_APDU_H_

src/cose_key.h

@@ -0,0 +1,22 @@
+// Copyright 2019 SoloKeys Developers
+//
+// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
+// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
+// http://opensource.org/licenses/MIT>, at your option. This file may not be
+// copied, modified, or distributed except according to those terms.
+#ifndef _COSE_KEY_H
+#define _COSE_KEY_H
+
+#define COSE_KEY_LABEL_KTY      1
+#define COSE_KEY_LABEL_ALG      3
+#define COSE_KEY_LABEL_CRV      -1
+#define COSE_KEY_LABEL_X        -2
+#define COSE_KEY_LABEL_Y        -3
+
+#define COSE_KEY_KTY_EC2        2
+#define COSE_KEY_CRV_P256       1
+
+#define COSE_ALG_ES256            -7
+#define COSE_ALG_ECDH_ES_HKDF_256 -25
+
+#endif

src/crypto.h

@@ -0,0 +1,54 @@
+// Copyright 2019 SoloKeys Developers
+//
+// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
+// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
+// http://opensource.org/licenses/MIT>, at your option. This file may not be
+// copied, modified, or distributed except according to those terms.
+#ifndef _CRYPTO_H
+#define _CRYPTO_H
+
+#include <stddef.h>
+
+void crypto_sha256_init();
+void crypto_sha256_update(uint8_t * data, size_t len);
+void crypto_sha256_update_secret();
+void crypto_sha256_final(uint8_t * hash);
+
+void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac);
+void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac);
+
+void crypto_sha512_init();
+void crypto_sha512_update(const uint8_t * data, size_t len);
+void crypto_sha512_final(uint8_t * hash);
+
+void crypto_ecc256_init();
+void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey);
+
+void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2);
+void crypto_ecc256_load_attestation_key();
+void crypto_load_external_key(uint8_t * key, int len);
+void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig);
+void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_ID);
+
+
+void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey);
+void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
+void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret);
+
+#define CRYPTO_TRANSPORT_KEY2            ((uint8_t*)2)
+#define CRYPTO_TRANSPORT_KEY            ((uint8_t*)1)
+#define CRYPTO_MASTER_KEY               ((uint8_t*)0)
+
+void crypto_aes256_init(uint8_t * key, uint8_t * nonce);
+void crypto_aes256_reset_iv(uint8_t * nonce);
+
+// buf length must be multiple of 16 bytes
+void crypto_aes256_decrypt(uint8_t * buf, int lenth);
+void crypto_aes256_encrypt(uint8_t * buf, int lenth);
+
+void crypto_reset_master_secret();
+void crypto_load_master_secret(uint8_t * key);
+
+
+#endif