add config commands for pass

canokeys · Jan 1, 2024 · 38314bb · 38314bb
1 parent 8af54da
commit 38314bb
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 23 deletions.
diff --git a/applets/admin/admin.c b/applets/admin/admin.c
@@ -7,6 +7,7 @@
 #include <ndef.h>
 #include <oath.h>
 #include <openpgp.h>
+#include <pass.h>
 #include <pin.h>
 #include <piv.h>
 
@@ -180,6 +181,8 @@ static int admin_factory_reset(const CAPDU *capdu, RAPDU *rapdu) {
   if (ret < 0) return ret;
   ret = ndef_install(1);
   if (ret < 0) return ret;
+  ret = pass_install(1);
+  if (ret < 0) return ret;
   ret = admin_install(1);
   if (ret < 0) return ret;
   return 0;
@@ -254,6 +257,9 @@ int admin_process_apdu(const CAPDU *capdu, RAPDU *rapdu) {
   case ADMIN_INS_TOGGLE_NDEF_READ_ONLY:
     ret = ndef_toggle_read_only(capdu, rapdu);
     break;
+  case ADMIN_INS_RESET_PASS:
+    ret = pass_install(1);
+    break;
   case ADMIN_INS_CHANGE_PIN:
     ret = admin_change_pin(capdu, rapdu);
     break;
@@ -269,6 +275,12 @@ int admin_process_apdu(const CAPDU *capdu, RAPDU *rapdu) {
   case ADMIN_INS_READ_CONFIG:
     ret = admin_read_config(capdu, rapdu);
     break;
+  case ADMIN_INS_READ_PASS_CONFIG:
+    ret = pass_read_config(capdu, rapdu);
+    break;
+  case ADMIN_INS_WRITE_PASS_CONFIG:
+    ret = pass_write_config(capdu, rapdu);
+    break;
   case ADMIN_INS_VENDOR_SPECIFIC:
     ret = admin_vendor_specific(capdu, rapdu);
     break;

diff --git a/applets/pass/pass.c b/applets/pass/pass.c
@@ -9,6 +9,21 @@
 #define SLOT_SHORT 0
 #define SLOT_LONG  1
 
+typedef enum {
+  PASS_SLOT_OFF,
+  PASS_SLOT_OATH,
+  PASS_SLOT_STATIC,
+} slot_type_t;
+
+typedef struct {
+  slot_type_t type;
+  union {
+    uint8_t password[33]; // 1-byte length + at most 32-byte content
+    uint32_t oath_offset;
+  };
+  uint8_t with_enter;
+} __packed pass_slot_t;
+
 static pass_slot_t slots[2];
 
 int pass_install(const uint8_t reset) {
@@ -32,17 +47,18 @@ static int dump_slot(const pass_slot_t *slot, uint8_t *buffer) {
 
   switch (slot->type) {
   case PASS_SLOT_OFF:
+    break;
+
   case PASS_SLOT_STATIC:
-    // For OFF and STATIC, the second byte is with_enter
-    buffer[1] = slot->with_enter;
-    length++;
+    // For STATIC, the second byte is with_enter
+    buffer[length++] = slot->with_enter;
     break;
 
   case PASS_SLOT_OATH:
     // For OATH, the next 4 bytes are oath_offset
-    memcpy(&buffer[1], &slot->oath_offset, sizeof(slot->oath_offset));
-    buffer[5] = slot->with_enter;
-    length += 5;
+    memcpy(&buffer[length], &slot->oath_offset, sizeof(slot->oath_offset));
+    length += sizeof(slot->oath_offset);
+    buffer[length++] = slot->with_enter;
     break;
   }
 
@@ -81,8 +97,8 @@ int pass_write_config(const CAPDU *capdu, RAPDU *rapdu) {
         EXCEPT(SW_WRONG_DATA);
       }
       slots[i].type = type;
-      memcpy(slots[i].password, &DATA[index], sizeof(slots[0].password));
-      index += sizeof(slots[0].password);
+      memcpy(slots[i].password, &DATA[index], DATA[index]);
+      index += DATA[index];
       slots[i].with_enter = DATA[index++];
       break;
 

diff --git a/include/admin.h b/include/admin.h
@@ -11,6 +11,7 @@
 #define ADMIN_INS_RESET_OATH 0x05
 #define ADMIN_INS_RESET_NDEF 0x07
 #define ADMIN_INS_TOGGLE_NDEF_READ_ONLY 0x08
+#define ADMIN_INS_RESET_PASS 0x13
 #define ADMIN_INS_VERIFY 0x20
 #define ADMIN_INS_CHANGE_PIN 0x21
 #define ADMIN_INS_WRITE_SN 0x30
@@ -19,6 +20,8 @@
 #define ADMIN_INS_CONFIG 0x40
 #define ADMIN_INS_FLASH_USAGE 0x41
 #define ADMIN_INS_READ_CONFIG 0x42
+#define ADMIN_INS_READ_PASS_CONFIG 0x43
+#define ADMIN_INS_WRITE_PASS_CONFIG 0x44
 #define ADMIN_INS_FACTORY_RESET 0x50
 #define ADMIN_INS_SELECT 0xA4
 #define ADMIN_INS_VENDOR_SPECIFIC 0xFF

diff --git a/include/pass.h b/include/pass.h
@@ -6,21 +6,6 @@
 
 #define PASS_MAX_PASSWORD_LENGTH 32
 
-typedef enum {
-  PASS_SLOT_OFF,
-  PASS_SLOT_OATH,
-  PASS_SLOT_STATIC,
-} slot_type_t;
-
-typedef struct {
-  slot_type_t type;
-  union {
-    uint8_t password[33]; // 1-byte length + at most 32-byte content
-    uint32_t oath_offset;
-  };
-  uint8_t with_enter;
-} __packed pass_slot_t;
-
 int pass_install(uint8_t reset);
 int pass_read_config(const CAPDU *capdu, RAPDU *rapdu);
 int pass_write_config(const CAPDU *capdu, RAPDU *rapdu);

diff --git a/src/applets.c b/src/applets.c
@@ -5,6 +5,7 @@
 #include <ndef.h>
 #include <oath.h>
 #include <openpgp.h>
+#include <pass.h>
 #include <piv.h>
 
 void applets_install(void) {
@@ -14,6 +15,7 @@ void applets_install(void) {
   ctap_install(0);
   admin_install(0);
   ndef_install(0);
+  pass_install(0);
 }
 
 void applets_poweroff(void) {