Merge pull request #290

76b64b5 travis: fix packages (Niklas Claesson)
b2850cd test_api: increase buffer size so that formatted string fits (Niklas Claesson)
b0ed98d u2f: Fix u2f on windows (Niklas Claesson)
560a82c Docker, travis, vagrant: update GCC (Niklas Claesson)

.travis.yml

@@ -26,9 +26,7 @@ matrix:
 
 addons:
   apt_packages:
-    - lib32bz2-1.0
-    - lib32ncurses5
-    - lib32z1
+    - libbz2-1.0
     - valgrind
 
 install:
@@ -40,9 +38,9 @@ install:
           export PATH=$PATH:$PWD/bin/;
           cd ../../..;
     - if [ "$TEST" = "no" ]; then
-          wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2;
-          tar -xf gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2;
-          export PATH=$PATH:$PWD/gcc-arm-none-eabi-8-2018-q4-major/bin;
+          wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2019q3/RC1.1/gcc-arm-none-eabi-8-2019-q3-update-linux.tar.bz2;
+          tar -xf gcc.tar.bz2;
+          export PATH=$PATH:$PWD/gcc-arm-none-eabi-8-2019-q3-update/bin;
       fi;
     - if [ "$TEST" = "yes" ]; then
           sudo apt-get update;

Dockerfile.dev

@@ -27,9 +27,9 @@
 FROM debian:stretch
 
 RUN apt update && apt-get install -y cmake git wget locales python python-pip
-RUN mkdir ~/Downloads && cd ~/Downloads && wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2
+RUN mkdir ~/Downloads && cd ~/Downloads && wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2019q3/RC1.1/gcc-arm-none-eabi-8-2019-q3-update-linux.tar.bz2
 RUN cd ~/Downloads && tar -xjvf gcc.tar.bz2
-RUN cd ~/Downloads && rsync -a gcc-arm-none-eabi-7-2018-q2-update/ /usr/local/
+RUN cd ~/Downloads && rsync -a gcc-arm-none-eabi-8-2019-q3-update/ /usr/local/
 RUN apt install -y libbz2-1.0 libncurses5 libz1 valgrind astyle clang libudev-dev python-urllib3 libssl1.0-dev
 RUN apt install -y libbz2-dev libbz2-dev libbz2-1.0 libncurses5 libz1 valgrind astyle clang libudev-dev python-urllib3
 RUN pip install --prefix /usr/local  cpp-coveralls

Vagrantfile

@@ -7,9 +7,9 @@ Vagrant.configure(2) do |config|
   config.vm.provision "shell", privileged: false, inline: <<-SHELL
     sudo locale-gen UTF-8
     sudo apt update && sudo apt-get install -y cmake git
-    wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2;
+    wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2019q3/RC1.1/gcc-arm-none-eabi-8-2019-q3-update-linux.tar.bz2
     tar -xf gcc.tar.bz2
-    sudo rsync -a gcc-arm-none-eabi-8-2018-q4-major/ /usr/local/
+    sudo rsync -a gcc-arm-none-eabi-8-2019-q3-update/ /usr/local/
   SHELL
 
   config.vm.provision "shell", run: "always", privileged: false, inline: <<-SHELL

dockerdev.sh

@@ -35,7 +35,7 @@ dockerdev () {
 
     # If already running, enter the container.
     if docker ps | grep -q $container_name; then
-        docker exec -it $container_name bash
+        docker exec --user=dockeruser --workdir=/app -it $container_name bash
         return
     fi
 
@@ -52,6 +52,11 @@ dockerdev () {
            -v $repo_path:/app \
            $container_image bash
 
+    # Use same user/group id as on the host, so that files are not created as root in the mounted
+    # volume.
+    docker exec -it $container_name groupadd -g `id -g` dockergroup
+    docker exec -it $container_name useradd -u `id -u` -m -g dockergroup dockeruser
+
     # Call a second time to enter the container.
     dockerdev
 }

src/flags.h

@@ -167,6 +167,7 @@ X(LONG_PAIR)             \
 X(REQUIRE_LONG_TOUCH)    /* placeholder - do not move                */\
 X(TIMEOUT)               /* any touch 'accept'; 3s timeout 'reject'  */\
 X(SHORT)                 /* brief touch 'accept'; hold 3s 'reject'   */\
+X(U2F)                   /* any touch 'accept'; 1.9s timeout 'reject'*/\
 X(REQUIRE_TOUCH)         /* placeholder - do not move                */
 
 // Status and error flags

src/touch.c

@@ -102,6 +102,10 @@ uint8_t touch_button_press(uint8_t touch_type)
             break;
         }
 
+        if (touch_type == TOUCH_U2F && systick_current_time_ms > QTOUCH_TOUCH_TIMEOUT_U2F) {
+            break;
+        }
+
         // Send an intermittent blink indicator for each touch type.
         if (touch_type < TOUCH_REQUIRE_LONG_TOUCH && systick_current_time_ms > qt_led_toggle_ms) {
             if (systick_current_time_ms > qt_led_toggle_ms + QTOUCH_TOUCH_BLINK_OFF) {
@@ -164,7 +168,7 @@ uint8_t touch_button_press(uint8_t touch_type)
                     pushed = DBB_TOUCHED;
                 } else if (touch_type == TOUCH_SHORT) {
                     pushed = DBB_TOUCHED_ABORT;
-                } else if (touch_type == TOUCH_TIMEOUT) {
+                } else if (touch_type == TOUCH_TIMEOUT || touch_type == TOUCH_U2F) {
                     // If touched before exit_time_ms for:
                     //     - TOUCH_TIMEOUT, answer is 'accept'
                     pushed = DBB_TOUCHED;

src/touch.h

@@ -31,6 +31,7 @@
 #include <stdint.h>
 
 #define QTOUCH_TOUCH_TIMEOUT            3000// msec
+#define QTOUCH_TOUCH_TIMEOUT_U2F        1900// msec
 #define QTOUCH_TOUCH_TIMEOUT_HARD       30000
 #define QTOUCH_TOUCH_BLINK_ON           4000
 #define QTOUCH_TOUCH_BLINK_OFF          300

src/u2f_device.c

@@ -199,7 +199,7 @@ static void _register(const USB_APDU *a)
         return;
     }
 
-    if (touch_button_press(TOUCH_TIMEOUT) != DBB_TOUCHED) {
+    if (touch_button_press(TOUCH_U2F) != DBB_TOUCHED) {
         _queue_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
         return;
 
@@ -289,7 +289,7 @@ static void _hijack(const U2F_AUTHENTICATE_REQ *req)
     static char hijack_io_buffer[COMMANDER_REPORT_SIZE] = {0};
     char byte_report[U2F_FRAME_SIZE + 1] = {0};
     uint16_t report_len;
-    int kh_len = MIN(U2F_MAX_KH_SIZE - 2, strlens((const char *)req->keyHandle + 2));
+    int kh_len = MIN(U2F_MAX_KH_SIZE - 2, req->keyHandleLen - 2);
     uint8_t tot = req->keyHandle[0];
     uint8_t cnt = req->keyHandle[1];
     size_t idx = cnt * (U2F_MAX_KH_SIZE - 2);
@@ -362,6 +362,12 @@ static void _authenticate(const USB_APDU *a)
         // As an alternative interface, hijack the U2F AUTH key handle data field.
         // Slower but works in browsers for specified sites without requiring an extension.
         if (MEMEQ(req->appId, U2F_HIJACK_CODE[i], U2F_APPID_SIZE)) {
+            if(a->p1 == U2F_AUTH_CHECK_ONLY) {
+                // Windows first sends a "check-only" command which we must confirm
+                // The error message here indicates that our device is valid for this keyhandle
+                _queue_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
+                return;
+            }
             if (!(memory_report_ext_flags() & MEM_EXT_MASK_U2F_HIJACK)) {
                 // Abort U2F hijack commands if the U2F_hijack bit is not set (== disabled).
                 u2f_queue_error_hid(_cid, U2FHID_ERR_CHANNEL_BUSY);
@@ -396,7 +402,7 @@ static void _authenticate(const USB_APDU *a)
         return;
     }
 
-    if (touch_button_press(TOUCH_TIMEOUT) != DBB_TOUCHED) {
+    if (touch_button_press(TOUCH_U2F) != DBB_TOUCHED) {
         _queue_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
         return;
 

tests/api.h

@@ -346,6 +346,7 @@ static void api_hid_send_len(const char *cmd, int cmdlen)
             a->lc1 = 0;
             a->lc2 = (sizeof(U2F_AUTHENTICATE_REQ) >> 8) & 255;
             a->lc3 = (sizeof(U2F_AUTHENTICATE_REQ) & 255);
+            auth_req->keyHandleLen = MIN(U2F_MAX_KH_SIZE, cmdlen - idx * kh_max_len + 2);
             auth_req->keyHandle[0] = total;
             auth_req->keyHandle[1] = idx;
             memcpy(auth_req->keyHandle + 2, cmd + idx * kh_max_len, MIN(kh_max_len, MAX(0,

tests/tests_api.c

@@ -256,15 +256,15 @@ static void tests_seed_xpub_backup(void)
     api_format_send_cmd(cmd_str(CMD_backup), erase_cmd, KEY_STANDARD);
 
     // test sd list overflow
-    char long_backup_name[SD_FILEBUF_LEN_MAX / 8];
+    char long_backup_name[SD_FILEBUF_LEN_MAX / 8 - 1]; // 1 character number prefix
     char lbn[SD_FILEBUF_LEN_MAX / 8];
     size_t i;
 
     memset(long_backup_name, '-', sizeof(long_backup_name) - 1);
-    long_backup_name[(SD_FILEBUF_LEN_MAX / 8) - 1] = 0;
+    long_backup_name[sizeof(long_backup_name) - 1] = 0;
 
     for (i = 0; i < SD_FILEBUF_LEN_MAX / sizeof(long_backup_name); i++) {
-        snprintf(lbn, sizeof(lbn), "%lu%s", (unsigned long)i, long_backup_name);
+        snprintf(lbn, sizeof(lbn), "%.1lu%s", (unsigned long)i, long_backup_name);
 
         snprintf(erase_file, sizeof(erase_file), "{\"%s\":\"%s\"}", attr_str(ATTR_erase),
                  lbn);
@@ -278,7 +278,7 @@ static void tests_seed_xpub_backup(void)
         ASSERT_REPORT_HAS_NOT(cmd_str(CMD_warning));
     }
 
-    snprintf(lbn, sizeof(lbn), "%lu%s", (unsigned long)i, long_backup_name);
+    snprintf(lbn, sizeof(lbn), "%.1lu%s", (unsigned long)i, long_backup_name);
     snprintf(back, sizeof(back), "{\"filename\":\"%s\", \"key\":\"password\"}", lbn);
     api_format_send_cmd(cmd_str(CMD_backup), back, KEY_STANDARD);
     ASSERT_SUCCESS;
@@ -287,7 +287,7 @@ static void tests_seed_xpub_backup(void)
     ASSERT_REPORT_HAS(cmd_str(CMD_warning));
 
     for (i = 0; i < SD_FILEBUF_LEN_MAX / sizeof(long_backup_name) + 1; i++) {
-        snprintf(lbn, sizeof(lbn), "%lu%s", (unsigned long)i, long_backup_name);
+        snprintf(lbn, sizeof(lbn), "%.1lu%s", (unsigned long)i, long_backup_name);
         snprintf(back, sizeof(back), "{\"filename\":\"%s\", \"key\":\"password\"}", lbn);
 
         snprintf(erase_file, sizeof(erase_file), "{\"%s\":\"%s\"}", attr_str(ATTR_erase),