├── .gitignore ├── CCIDU2F.xcodeproj ├── project.pbxproj └── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ └── IDEWorkspaceChecks.plist ├── CCIDU2F ├── APDU.h ├── APDU.m ├── CCIDU2F-Bridging-Header.h ├── CCIDU2F.entitlements ├── CCIDU2FService.h ├── CCIDU2FService.m └── main.m ├── LICENSE ├── README.md └── ThirdParty └── SoftU2FDriverLib ├── LICENSE.md ├── README.md ├── U2FHID.swift ├── UserKernelShared.h ├── internal.h ├── softu2f.c ├── softu2f.h └── u2f_hid.h /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | xcuserdata 3 | /build 4 | *.xcuserdatad 5 | 6 | -------------------------------------------------------------------------------- /CCIDU2F.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 50; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | A65D6F0D2432703900A2EACF /* APDU.m in Sources */ = {isa = PBXBuildFile; fileRef = A65D6F0C2432703900A2EACF /* APDU.m */; }; 11 | A66C7D0D242320F200A99DB8 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = A66C7D0C242320F200A99DB8 /* main.m */; }; 12 | A66C7D38242325D800A99DB8 /* softu2f.c in Sources */ = {isa = PBXBuildFile; fileRef = A66C7D29242323C900A99DB8 /* softu2f.c */; }; 13 | A66C7D392423261000A99DB8 /* softu2f.h in Headers */ = {isa = PBXBuildFile; fileRef = A66C7D28242323C900A99DB8 /* softu2f.h */; settings = {ATTRIBUTES = (Public, ); }; }; 14 | A66C7D3A2423261800A99DB8 /* internal.h in Headers */ = {isa = PBXBuildFile; fileRef = A66C7D27242323C900A99DB8 /* internal.h */; }; 15 | A66C7D3C2423284500A99DB8 /* UserKernelShared.h in Headers */ = {isa = PBXBuildFile; fileRef = A66C7D3B2423284500A99DB8 /* UserKernelShared.h */; }; 16 | A66C7D3E24232A6200A99DB8 /* libSoftU2FDriverLib.a in Frameworks */ = {isa = PBXBuildFile; fileRef = A66C7D2F2423252D00A99DB8 /* libSoftU2FDriverLib.a */; }; 17 | A66C7D4024232DAF00A99DB8 /* CryptoTokenKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = A66C7D3F24232DAF00A99DB8 /* CryptoTokenKit.framework */; }; 18 | A66C7D432429904400A99DB8 /* CCIDU2FService.m in Sources */ = {isa = PBXBuildFile; fileRef = A66C7D422429904400A99DB8 /* CCIDU2FService.m */; }; 19 | A66C7D47242AB5ED00A99DB8 /* U2FHID.swift in Sources */ = {isa = PBXBuildFile; fileRef = A66C7D46242AB5ED00A99DB8 /* U2FHID.swift */; }; 20 | A66C7D49242AB69C00A99DB8 /* u2f_hid.h in Headers */ = {isa = PBXBuildFile; fileRef = A66C7D48242AB69C00A99DB8 /* u2f_hid.h */; }; 21 | /* End PBXBuildFile section */ 22 | 23 | /* Begin PBXCopyFilesBuildPhase section */ 24 | A66C7D07242320F200A99DB8 /* CopyFiles */ = { 25 | isa = PBXCopyFilesBuildPhase; 26 | buildActionMask = 2147483647; 27 | dstPath = /usr/share/man/man1/; 28 | dstSubfolderSpec = 0; 29 | files = ( 30 | ); 31 | runOnlyForDeploymentPostprocessing = 1; 32 | }; 33 | /* End PBXCopyFilesBuildPhase section */ 34 | 35 | /* Begin PBXFileReference section */ 36 | A65D6F0B2432703900A2EACF /* APDU.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = APDU.h; sourceTree = ""; }; 37 | A65D6F0C2432703900A2EACF /* APDU.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = APDU.m; sourceTree = ""; }; 38 | A66C7D09242320F200A99DB8 /* CCIDU2F */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = CCIDU2F; sourceTree = BUILT_PRODUCTS_DIR; }; 39 | A66C7D0C242320F200A99DB8 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 40 | A66C7D27242323C900A99DB8 /* internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = internal.h; sourceTree = ""; }; 41 | A66C7D28242323C900A99DB8 /* softu2f.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = softu2f.h; sourceTree = ""; }; 42 | A66C7D29242323C900A99DB8 /* softu2f.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = softu2f.c; sourceTree = ""; }; 43 | A66C7D2F2423252D00A99DB8 /* libSoftU2FDriverLib.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSoftU2FDriverLib.a; sourceTree = BUILT_PRODUCTS_DIR; }; 44 | A66C7D3B2423284500A99DB8 /* UserKernelShared.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UserKernelShared.h; sourceTree = ""; }; 45 | A66C7D3F24232DAF00A99DB8 /* CryptoTokenKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CryptoTokenKit.framework; path = System/Library/Frameworks/CryptoTokenKit.framework; sourceTree = SDKROOT; }; 46 | A66C7D412429904400A99DB8 /* CCIDU2FService.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CCIDU2FService.h; sourceTree = ""; }; 47 | A66C7D422429904400A99DB8 /* CCIDU2FService.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = CCIDU2FService.m; sourceTree = ""; }; 48 | A66C7D442429936300A99DB8 /* CCIDU2F.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = CCIDU2F.entitlements; sourceTree = ""; }; 49 | A66C7D45242AB5EC00A99DB8 /* CCIDU2F-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "CCIDU2F-Bridging-Header.h"; sourceTree = ""; }; 50 | A66C7D46242AB5ED00A99DB8 /* U2FHID.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = U2FHID.swift; path = ThirdParty/SoftU2FDriverLib/U2FHID.swift; sourceTree = SOURCE_ROOT; }; 51 | A66C7D48242AB69C00A99DB8 /* u2f_hid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = u2f_hid.h; sourceTree = ""; }; 52 | /* End PBXFileReference section */ 53 | 54 | /* Begin PBXFrameworksBuildPhase section */ 55 | A66C7D06242320F200A99DB8 /* Frameworks */ = { 56 | isa = PBXFrameworksBuildPhase; 57 | buildActionMask = 2147483647; 58 | files = ( 59 | A66C7D4024232DAF00A99DB8 /* CryptoTokenKit.framework in Frameworks */, 60 | A66C7D3E24232A6200A99DB8 /* libSoftU2FDriverLib.a in Frameworks */, 61 | ); 62 | runOnlyForDeploymentPostprocessing = 0; 63 | }; 64 | A66C7D2D2423252D00A99DB8 /* Frameworks */ = { 65 | isa = PBXFrameworksBuildPhase; 66 | buildActionMask = 2147483647; 67 | files = ( 68 | ); 69 | runOnlyForDeploymentPostprocessing = 0; 70 | }; 71 | /* End PBXFrameworksBuildPhase section */ 72 | 73 | /* Begin PBXGroup section */ 74 | A66C7D00242320F200A99DB8 = { 75 | isa = PBXGroup; 76 | children = ( 77 | A66C7D26242323C900A99DB8 /* SoftU2FDriverLib */, 78 | A66C7D0B242320F200A99DB8 /* CCIDU2F */, 79 | A66C7D0A242320F200A99DB8 /* Products */, 80 | A66C7D3D24232A6200A99DB8 /* Frameworks */, 81 | ); 82 | sourceTree = ""; 83 | }; 84 | A66C7D0A242320F200A99DB8 /* Products */ = { 85 | isa = PBXGroup; 86 | children = ( 87 | A66C7D09242320F200A99DB8 /* CCIDU2F */, 88 | A66C7D2F2423252D00A99DB8 /* libSoftU2FDriverLib.a */, 89 | ); 90 | name = Products; 91 | sourceTree = ""; 92 | }; 93 | A66C7D0B242320F200A99DB8 /* CCIDU2F */ = { 94 | isa = PBXGroup; 95 | children = ( 96 | A66C7D0C242320F200A99DB8 /* main.m */, 97 | A66C7D442429936300A99DB8 /* CCIDU2F.entitlements */, 98 | A66C7D412429904400A99DB8 /* CCIDU2FService.h */, 99 | A66C7D46242AB5ED00A99DB8 /* U2FHID.swift */, 100 | A66C7D422429904400A99DB8 /* CCIDU2FService.m */, 101 | A65D6F0B2432703900A2EACF /* APDU.h */, 102 | A65D6F0C2432703900A2EACF /* APDU.m */, 103 | A66C7D45242AB5EC00A99DB8 /* CCIDU2F-Bridging-Header.h */, 104 | ); 105 | path = CCIDU2F; 106 | sourceTree = ""; 107 | }; 108 | A66C7D26242323C900A99DB8 /* SoftU2FDriverLib */ = { 109 | isa = PBXGroup; 110 | children = ( 111 | A66C7D27242323C900A99DB8 /* internal.h */, 112 | A66C7D48242AB69C00A99DB8 /* u2f_hid.h */, 113 | A66C7D3B2423284500A99DB8 /* UserKernelShared.h */, 114 | A66C7D28242323C900A99DB8 /* softu2f.h */, 115 | A66C7D29242323C900A99DB8 /* softu2f.c */, 116 | ); 117 | name = SoftU2FDriverLib; 118 | path = ThirdParty/SoftU2FDriverLib; 119 | sourceTree = ""; 120 | }; 121 | A66C7D3D24232A6200A99DB8 /* Frameworks */ = { 122 | isa = PBXGroup; 123 | children = ( 124 | A66C7D3F24232DAF00A99DB8 /* CryptoTokenKit.framework */, 125 | ); 126 | name = Frameworks; 127 | sourceTree = ""; 128 | }; 129 | /* End PBXGroup section */ 130 | 131 | /* Begin PBXHeadersBuildPhase section */ 132 | A66C7D2B2423252D00A99DB8 /* Headers */ = { 133 | isa = PBXHeadersBuildPhase; 134 | buildActionMask = 2147483647; 135 | files = ( 136 | A66C7D49242AB69C00A99DB8 /* u2f_hid.h in Headers */, 137 | A66C7D392423261000A99DB8 /* softu2f.h in Headers */, 138 | A66C7D3C2423284500A99DB8 /* UserKernelShared.h in Headers */, 139 | A66C7D3A2423261800A99DB8 /* internal.h in Headers */, 140 | ); 141 | runOnlyForDeploymentPostprocessing = 0; 142 | }; 143 | /* End PBXHeadersBuildPhase section */ 144 | 145 | /* Begin PBXNativeTarget section */ 146 | A66C7D08242320F200A99DB8 /* CCIDU2F */ = { 147 | isa = PBXNativeTarget; 148 | buildConfigurationList = A66C7D10242320F200A99DB8 /* Build configuration list for PBXNativeTarget "CCIDU2F" */; 149 | buildPhases = ( 150 | A66C7D05242320F200A99DB8 /* Sources */, 151 | A66C7D06242320F200A99DB8 /* Frameworks */, 152 | A66C7D07242320F200A99DB8 /* CopyFiles */, 153 | ); 154 | buildRules = ( 155 | ); 156 | dependencies = ( 157 | ); 158 | name = CCIDU2F; 159 | productName = CCIDU2F; 160 | productReference = A66C7D09242320F200A99DB8 /* CCIDU2F */; 161 | productType = "com.apple.product-type.tool"; 162 | }; 163 | A66C7D2E2423252D00A99DB8 /* SoftU2FDriverLib */ = { 164 | isa = PBXNativeTarget; 165 | buildConfigurationList = A66C7D352423252D00A99DB8 /* Build configuration list for PBXNativeTarget "SoftU2FDriverLib" */; 166 | buildPhases = ( 167 | A66C7D2B2423252D00A99DB8 /* Headers */, 168 | A66C7D2C2423252D00A99DB8 /* Sources */, 169 | A66C7D2D2423252D00A99DB8 /* Frameworks */, 170 | ); 171 | buildRules = ( 172 | ); 173 | dependencies = ( 174 | ); 175 | name = SoftU2FDriverLib; 176 | productName = SoftU2FDriverLib; 177 | productReference = A66C7D2F2423252D00A99DB8 /* libSoftU2FDriverLib.a */; 178 | productType = "com.apple.product-type.library.static"; 179 | }; 180 | /* End PBXNativeTarget section */ 181 | 182 | /* Begin PBXProject section */ 183 | A66C7D01242320F200A99DB8 /* Project object */ = { 184 | isa = PBXProject; 185 | attributes = { 186 | LastUpgradeCheck = 1140; 187 | ORGANIZATIONNAME = "Robert Quattlebaum"; 188 | TargetAttributes = { 189 | A66C7D08242320F200A99DB8 = { 190 | CreatedOnToolsVersion = 11.3.1; 191 | LastSwiftMigration = 1130; 192 | }; 193 | A66C7D2E2423252D00A99DB8 = { 194 | CreatedOnToolsVersion = 11.3.1; 195 | }; 196 | }; 197 | }; 198 | buildConfigurationList = A66C7D04242320F200A99DB8 /* Build configuration list for PBXProject "CCIDU2F" */; 199 | compatibilityVersion = "Xcode 9.3"; 200 | developmentRegion = en; 201 | hasScannedForEncodings = 0; 202 | knownRegions = ( 203 | en, 204 | Base, 205 | ); 206 | mainGroup = A66C7D00242320F200A99DB8; 207 | productRefGroup = A66C7D0A242320F200A99DB8 /* Products */; 208 | projectDirPath = ""; 209 | projectRoot = ""; 210 | targets = ( 211 | A66C7D08242320F200A99DB8 /* CCIDU2F */, 212 | A66C7D2E2423252D00A99DB8 /* SoftU2FDriverLib */, 213 | ); 214 | }; 215 | /* End PBXProject section */ 216 | 217 | /* Begin PBXSourcesBuildPhase section */ 218 | A66C7D05242320F200A99DB8 /* Sources */ = { 219 | isa = PBXSourcesBuildPhase; 220 | buildActionMask = 2147483647; 221 | files = ( 222 | A66C7D0D242320F200A99DB8 /* main.m in Sources */, 223 | A66C7D432429904400A99DB8 /* CCIDU2FService.m in Sources */, 224 | A66C7D47242AB5ED00A99DB8 /* U2FHID.swift in Sources */, 225 | A65D6F0D2432703900A2EACF /* APDU.m in Sources */, 226 | ); 227 | runOnlyForDeploymentPostprocessing = 0; 228 | }; 229 | A66C7D2C2423252D00A99DB8 /* Sources */ = { 230 | isa = PBXSourcesBuildPhase; 231 | buildActionMask = 2147483647; 232 | files = ( 233 | A66C7D38242325D800A99DB8 /* softu2f.c in Sources */, 234 | ); 235 | runOnlyForDeploymentPostprocessing = 0; 236 | }; 237 | /* End PBXSourcesBuildPhase section */ 238 | 239 | /* Begin XCBuildConfiguration section */ 240 | A66C7D0E242320F200A99DB8 /* Debug */ = { 241 | isa = XCBuildConfiguration; 242 | buildSettings = { 243 | ALWAYS_SEARCH_USER_PATHS = NO; 244 | CLANG_ANALYZER_NONNULL = YES; 245 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 246 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 247 | CLANG_CXX_LIBRARY = "libc++"; 248 | CLANG_ENABLE_MODULES = YES; 249 | CLANG_ENABLE_OBJC_ARC = YES; 250 | CLANG_ENABLE_OBJC_WEAK = YES; 251 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 252 | CLANG_WARN_BOOL_CONVERSION = YES; 253 | CLANG_WARN_COMMA = YES; 254 | CLANG_WARN_CONSTANT_CONVERSION = YES; 255 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 256 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 257 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 258 | CLANG_WARN_EMPTY_BODY = YES; 259 | CLANG_WARN_ENUM_CONVERSION = YES; 260 | CLANG_WARN_INFINITE_RECURSION = YES; 261 | CLANG_WARN_INT_CONVERSION = YES; 262 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 263 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 264 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 265 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 266 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 267 | CLANG_WARN_STRICT_PROTOTYPES = YES; 268 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 269 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 270 | CLANG_WARN_UNREACHABLE_CODE = YES; 271 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 272 | COPY_PHASE_STRIP = NO; 273 | DEBUG_INFORMATION_FORMAT = dwarf; 274 | ENABLE_STRICT_OBJC_MSGSEND = YES; 275 | ENABLE_TESTABILITY = YES; 276 | GCC_C_LANGUAGE_STANDARD = gnu11; 277 | GCC_DYNAMIC_NO_PIC = NO; 278 | GCC_NO_COMMON_BLOCKS = YES; 279 | GCC_OPTIMIZATION_LEVEL = 0; 280 | GCC_PREPROCESSOR_DEFINITIONS = ( 281 | "DEBUG=1", 282 | "$(inherited)", 283 | ); 284 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 285 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 286 | GCC_WARN_UNDECLARED_SELECTOR = YES; 287 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 288 | GCC_WARN_UNUSED_FUNCTION = YES; 289 | GCC_WARN_UNUSED_VARIABLE = YES; 290 | MACOSX_DEPLOYMENT_TARGET = 10.15; 291 | MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; 292 | MTL_FAST_MATH = YES; 293 | ONLY_ACTIVE_ARCH = YES; 294 | SDKROOT = macosx; 295 | }; 296 | name = Debug; 297 | }; 298 | A66C7D0F242320F200A99DB8 /* Release */ = { 299 | isa = XCBuildConfiguration; 300 | buildSettings = { 301 | ALWAYS_SEARCH_USER_PATHS = NO; 302 | CLANG_ANALYZER_NONNULL = YES; 303 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 304 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 305 | CLANG_CXX_LIBRARY = "libc++"; 306 | CLANG_ENABLE_MODULES = YES; 307 | CLANG_ENABLE_OBJC_ARC = YES; 308 | CLANG_ENABLE_OBJC_WEAK = YES; 309 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 310 | CLANG_WARN_BOOL_CONVERSION = YES; 311 | CLANG_WARN_COMMA = YES; 312 | CLANG_WARN_CONSTANT_CONVERSION = YES; 313 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 314 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 315 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 316 | CLANG_WARN_EMPTY_BODY = YES; 317 | CLANG_WARN_ENUM_CONVERSION = YES; 318 | CLANG_WARN_INFINITE_RECURSION = YES; 319 | CLANG_WARN_INT_CONVERSION = YES; 320 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 321 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 322 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 323 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 324 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 325 | CLANG_WARN_STRICT_PROTOTYPES = YES; 326 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 327 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 328 | CLANG_WARN_UNREACHABLE_CODE = YES; 329 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 330 | COPY_PHASE_STRIP = NO; 331 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 332 | ENABLE_NS_ASSERTIONS = NO; 333 | ENABLE_STRICT_OBJC_MSGSEND = YES; 334 | GCC_C_LANGUAGE_STANDARD = gnu11; 335 | GCC_NO_COMMON_BLOCKS = YES; 336 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 337 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 338 | GCC_WARN_UNDECLARED_SELECTOR = YES; 339 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 340 | GCC_WARN_UNUSED_FUNCTION = YES; 341 | GCC_WARN_UNUSED_VARIABLE = YES; 342 | MACOSX_DEPLOYMENT_TARGET = 10.15; 343 | MTL_ENABLE_DEBUG_INFO = NO; 344 | MTL_FAST_MATH = YES; 345 | SDKROOT = macosx; 346 | SWIFT_COMPILATION_MODE = wholemodule; 347 | }; 348 | name = Release; 349 | }; 350 | A66C7D11242320F200A99DB8 /* Debug */ = { 351 | isa = XCBuildConfiguration; 352 | buildSettings = { 353 | CLANG_ENABLE_MODULES = YES; 354 | CODE_SIGN_ENTITLEMENTS = CCIDU2F/CCIDU2F.entitlements; 355 | CODE_SIGN_IDENTITY = "-"; 356 | CODE_SIGN_STYLE = Automatic; 357 | LD_RUNPATH_SEARCH_PATHS = ( 358 | "$(inherited)", 359 | "@executable_path/../Frameworks", 360 | "@loader_path/../Frameworks", 361 | ); 362 | PRODUCT_NAME = "$(TARGET_NAME)"; 363 | SWIFT_OBJC_BRIDGING_HEADER = "CCIDU2F/CCIDU2F-Bridging-Header.h"; 364 | SWIFT_OPTIMIZATION_LEVEL = "-Onone"; 365 | SWIFT_VERSION = 5.0; 366 | }; 367 | name = Debug; 368 | }; 369 | A66C7D12242320F200A99DB8 /* Release */ = { 370 | isa = XCBuildConfiguration; 371 | buildSettings = { 372 | CLANG_ENABLE_MODULES = YES; 373 | CODE_SIGN_ENTITLEMENTS = CCIDU2F/CCIDU2F.entitlements; 374 | CODE_SIGN_IDENTITY = "-"; 375 | CODE_SIGN_STYLE = Automatic; 376 | LD_RUNPATH_SEARCH_PATHS = ( 377 | "$(inherited)", 378 | "@executable_path/../Frameworks", 379 | "@loader_path/../Frameworks", 380 | ); 381 | PRODUCT_NAME = "$(TARGET_NAME)"; 382 | SWIFT_OBJC_BRIDGING_HEADER = "CCIDU2F/CCIDU2F-Bridging-Header.h"; 383 | SWIFT_VERSION = 5.0; 384 | }; 385 | name = Release; 386 | }; 387 | A66C7D362423252D00A99DB8 /* Debug */ = { 388 | isa = XCBuildConfiguration; 389 | buildSettings = { 390 | CODE_SIGN_STYLE = Automatic; 391 | EXECUTABLE_PREFIX = lib; 392 | PRODUCT_NAME = "$(TARGET_NAME)"; 393 | SKIP_INSTALL = YES; 394 | }; 395 | name = Debug; 396 | }; 397 | A66C7D372423252D00A99DB8 /* Release */ = { 398 | isa = XCBuildConfiguration; 399 | buildSettings = { 400 | CODE_SIGN_STYLE = Automatic; 401 | EXECUTABLE_PREFIX = lib; 402 | PRODUCT_NAME = "$(TARGET_NAME)"; 403 | SKIP_INSTALL = YES; 404 | }; 405 | name = Release; 406 | }; 407 | /* End XCBuildConfiguration section */ 408 | 409 | /* Begin XCConfigurationList section */ 410 | A66C7D04242320F200A99DB8 /* Build configuration list for PBXProject "CCIDU2F" */ = { 411 | isa = XCConfigurationList; 412 | buildConfigurations = ( 413 | A66C7D0E242320F200A99DB8 /* Debug */, 414 | A66C7D0F242320F200A99DB8 /* Release */, 415 | ); 416 | defaultConfigurationIsVisible = 0; 417 | defaultConfigurationName = Release; 418 | }; 419 | A66C7D10242320F200A99DB8 /* Build configuration list for PBXNativeTarget "CCIDU2F" */ = { 420 | isa = XCConfigurationList; 421 | buildConfigurations = ( 422 | A66C7D11242320F200A99DB8 /* Debug */, 423 | A66C7D12242320F200A99DB8 /* Release */, 424 | ); 425 | defaultConfigurationIsVisible = 0; 426 | defaultConfigurationName = Release; 427 | }; 428 | A66C7D352423252D00A99DB8 /* Build configuration list for PBXNativeTarget "SoftU2FDriverLib" */ = { 429 | isa = XCConfigurationList; 430 | buildConfigurations = ( 431 | A66C7D362423252D00A99DB8 /* Debug */, 432 | A66C7D372423252D00A99DB8 /* Release */, 433 | ); 434 | defaultConfigurationIsVisible = 0; 435 | defaultConfigurationName = Release; 436 | }; 437 | /* End XCConfigurationList section */ 438 | }; 439 | rootObject = A66C7D01242320F200A99DB8 /* Project object */; 440 | } 441 | -------------------------------------------------------------------------------- /CCIDU2F.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /CCIDU2F.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | IDEDidComputeMac32BitWarning 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /CCIDU2F/APDU.h: -------------------------------------------------------------------------------- 1 | // 2 | // APDU.h 3 | // CCIDU2F 4 | // 5 | 6 | #import 7 | 8 | NS_ASSUME_NONNULL_BEGIN 9 | 10 | @interface APDU : NSObject 11 | @property NSData* rawData; 12 | 13 | -(APDU*)initWithRawData:(NSData*)data; 14 | 15 | +(APDU*)APDUFromRawData:(NSData*)data; 16 | 17 | -(BOOL)isValid; 18 | -(BOOL)isExtended; 19 | 20 | -(uint8_t)cla; 21 | -(uint8_t)ins; 22 | -(uint8_t)p1; 23 | -(uint8_t)p2; 24 | -(uint16_t)lc; 25 | -(int)le; 26 | -(NSData* _Nullable)data; 27 | 28 | -(uint16_t)claIns; 29 | -(uint16_t)p1P2; 30 | 31 | @end 32 | 33 | NS_ASSUME_NONNULL_END 34 | -------------------------------------------------------------------------------- /CCIDU2F/APDU.m: -------------------------------------------------------------------------------- 1 | // 2 | // APDU.m 3 | // CCIDU2F 4 | // 5 | 6 | #import "APDU.h" 7 | 8 | @implementation APDU 9 | -(APDU*)initWithRawData:(NSData*)data { 10 | if (nil != (self = [self init])) { 11 | self.rawData = data; 12 | } 13 | return self; 14 | } 15 | 16 | +(APDU*)APDUFromRawData:(NSData*)data { 17 | return [[APDU alloc] initWithRawData:data]; 18 | } 19 | 20 | -(const uint8_t*)bytes { 21 | return (const uint8_t*)[self.rawData bytes]; 22 | } 23 | 24 | -(BOOL)isValid { 25 | if (self.rawData.length < 4) { 26 | return false; 27 | } 28 | 29 | uint16_t dataLength = [self lc]; 30 | if ([self isExtended]) { 31 | if (self.rawData.length != 7+dataLength+2 32 | && self.rawData.length != 7+dataLength 33 | ) { 34 | return false; 35 | } 36 | } else { 37 | if (self.rawData.length != 5+dataLength+1 38 | && self.rawData.length != 5+dataLength 39 | ) { 40 | return false; 41 | } 42 | } 43 | 44 | return true; 45 | } 46 | 47 | -(uint8_t)cla { 48 | return [self bytes][0]; 49 | } 50 | 51 | -(uint8_t)ins { 52 | return [self bytes][1]; 53 | } 54 | 55 | -(uint8_t)p1 { 56 | return [self bytes][2]; 57 | } 58 | 59 | -(uint8_t)p2 { 60 | return [self bytes][3]; 61 | } 62 | 63 | -(uint16_t)claIns { 64 | return (self.cla<<8) + self.ins; 65 | } 66 | 67 | -(uint16_t)p1P2 { 68 | return (self.p1<<8) + self.p2; 69 | } 70 | 71 | -(BOOL)isExtended { 72 | if (self.rawData.length < 7) { 73 | return false; 74 | } 75 | if ([self bytes][4] != 0) { 76 | return false; 77 | } 78 | return true; 79 | } 80 | 81 | -(uint16_t)lc { 82 | if ([self isExtended]) { 83 | return ([self bytes][5]<<8) + [self bytes][6]; 84 | } else if (self.rawData.length < 5) { 85 | return 0; 86 | } 87 | return [self bytes][4]; 88 | } 89 | 90 | -(NSData*)data { 91 | if (self.isValid == false) { 92 | return nil; 93 | } 94 | 95 | uint16_t dataLength = [self lc]; 96 | if (dataLength == 0) { 97 | return nil; 98 | } else if ([self isExtended]) { 99 | return [self.rawData subdataWithRange:NSMakeRange(7, dataLength)]; 100 | } else { 101 | return [self.rawData subdataWithRange:NSMakeRange(5, dataLength)]; 102 | } 103 | } 104 | 105 | -(int)le { 106 | uint16_t dataLength = [self lc]; 107 | if ([self isExtended]) { 108 | if (self.rawData.length == 7+dataLength+2) { 109 | uint16_t len = ([self bytes][7+dataLength]<<8) + [self bytes][7+dataLength+1]; 110 | return len; 111 | } else if (self.rawData.length == 7+dataLength) { 112 | return 0; 113 | } else { 114 | return -1; 115 | } 116 | } else { 117 | if (self.rawData.length == 5+dataLength+1) { 118 | uint16_t len = [self bytes][5+dataLength]; 119 | return len; 120 | } else if (self.rawData.length == 5+dataLength) { 121 | return 0; 122 | } else { 123 | return -1; 124 | } 125 | } 126 | } 127 | 128 | @end 129 | -------------------------------------------------------------------------------- /CCIDU2F/CCIDU2F-Bridging-Header.h: -------------------------------------------------------------------------------- 1 | // 2 | // Use this file to import your target's public headers that you would like to expose to Swift. 3 | // 4 | 5 | #import "softu2f.h" 6 | #import "u2f_hid.h" 7 | #import 8 | #import 9 | #import 10 | -------------------------------------------------------------------------------- /CCIDU2F/CCIDU2F.entitlements: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | com.apple.security.get-task-allow 6 | 7 | com.apple.security.smartcard 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /CCIDU2F/CCIDU2FService.h: -------------------------------------------------------------------------------- 1 | // 2 | // CCIDU2FService.h 3 | // CCIDU2F 4 | // 5 | 6 | #import 7 | #import 8 | #import "CCIDU2F-Swift.h" 9 | 10 | NS_ASSUME_NONNULL_BEGIN 11 | 12 | @interface CCIDU2FService : NSObject 13 | @property TKSmartCardSlotManager* slotManager; 14 | @property NSMutableDictionary* slots; 15 | @property NSMutableSet* cards; 16 | @property U2FHID* _Nullable hid; 17 | 18 | - (CCIDU2FService *)init; 19 | - (void)start; 20 | - (void)stop; 21 | 22 | @end 23 | 24 | NS_ASSUME_NONNULL_END 25 | -------------------------------------------------------------------------------- /CCIDU2F/CCIDU2FService.m: -------------------------------------------------------------------------------- 1 | // 2 | // CCIDU2FService.m 3 | // CCIDU2F 4 | // 5 | 6 | #import 7 | #import "CCIDU2FService.h" 8 | #import "APDU.h" 9 | 10 | static const char kAPDUSelectU2FResponse[] = { 11 | 'U','2','F','_','V','2' 12 | }; 13 | 14 | static const char kU2FLegacyAID[] = { 15 | 0xA0, 0x00, 0x00, 0x05, 0x27, 0x10, 0x02 16 | }; 17 | 18 | static const char kU2FAID[] = { 19 | 0xA0, 0x00, 0x00, 0x06, 0x47, 20 | 0x2F, 0x00, 0x01 21 | }; 22 | 23 | 24 | @implementation CCIDU2FService 25 | - (CCIDU2FService *)init { 26 | self = [super init]; 27 | self.slotManager = [TKSmartCardSlotManager defaultManager]; 28 | 29 | self.slots = [[NSMutableDictionary alloc] init]; 30 | self.cards = [[NSMutableSet alloc] init]; 31 | 32 | return self; 33 | } 34 | 35 | - (void)start { 36 | [self.slotManager 37 | addObserver:self 38 | forKeyPath:@"slotNames" 39 | options:NSKeyValueObservingOptionInitial 40 | context:NULL 41 | ]; 42 | NSLog(@"Waiting for smart cards..."); 43 | 44 | } 45 | 46 | - (void)stop { 47 | [self.slotManager 48 | removeObserver:self 49 | forKeyPath:@"slotNames" 50 | ]; 51 | } 52 | 53 | - (void)observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context 54 | { 55 | if (object == self.slotManager && [keyPath isEqual:@"slotNames"]) { 56 | for (NSString* name in self.slotManager.slotNames) { 57 | if ([name containsString:@"Yubico"]) { 58 | // Ignore yubikeys, they already do U2F. 59 | NSLog(@"Ignoring Yubico devices, they already support U2F."); 60 | continue; 61 | } 62 | 63 | [self.slotManager 64 | getSlotWithName:name 65 | reply:^(TKSmartCardSlot * _Nullable slot) { 66 | if (slot != nil) { 67 | dispatch_async( 68 | dispatch_get_main_queue(), 69 | ^(void) { 70 | if ([self.slots objectForKey:name] == nil) { 71 | [self onNewSmartCardSlot:slot]; 72 | } 73 | } 74 | ); 75 | } 76 | } 77 | ]; 78 | } 79 | } else if([object isKindOfClass:TKSmartCardSlot.class] && [keyPath isEqual:@"state"]) { 80 | switch ([(TKSmartCardSlot*)object state]) { 81 | case TKSmartCardSlotStateMissing: 82 | { 83 | TKSmartCardSlot* slot = (TKSmartCardSlot*)object; 84 | dispatch_async( 85 | dispatch_get_main_queue(), 86 | ^(void) { 87 | if ([slot isEqual:[self.slots valueForKey:slot.name]]) { 88 | [self.slots removeObjectForKey:slot.name]; 89 | } 90 | [slot removeObserver:self forKeyPath:@"state"]; 91 | } 92 | ); 93 | } 94 | break; 95 | case TKSmartCardSlotStateEmpty: 96 | case TKSmartCardSlotStateProbing: 97 | case TKSmartCardSlotStateMuteCard: 98 | break; 99 | case TKSmartCardSlotStateValidCard: 100 | { 101 | TKSmartCardSlot* slot = (TKSmartCardSlot*)object; 102 | dispatch_async( 103 | dispatch_get_main_queue(), 104 | ^(void) { 105 | [self onSmartCardAdded:[slot makeSmartCard]]; 106 | } 107 | ); 108 | } 109 | break; 110 | } 111 | } else if([object isKindOfClass:TKSmartCard.class] && [keyPath isEqual:@"valid"]) { 112 | TKSmartCard* card = (TKSmartCard*)object; 113 | if (!card.valid) { 114 | [self onSmartCardRemoved:card]; 115 | } 116 | } 117 | } 118 | 119 | - (void)onNewSmartCardSlot: (TKSmartCardSlot*)slot { 120 | [self.slots setObject:slot forKey:slot.name]; 121 | 122 | [slot 123 | addObserver:self 124 | forKeyPath:@"state" 125 | options:NSKeyValueObservingOptionInitial 126 | context:NULL 127 | ]; 128 | } 129 | 130 | - (void)onSmartCardAdded: (TKSmartCard*)card { 131 | NSLog(@"Smart card added to \"%@\": %@", card.slot.name, card.slot.ATR); 132 | 133 | // Check to see if it supports U2F. 134 | BOOL supportsU2F = [card 135 | inSessionWithError:nil 136 | executeBlock:^BOOL(NSError *__autoreleasing _Nullable * _Nullable error) { 137 | UInt16 sw; 138 | NSLog(@"U2F check"); 139 | 140 | if (error != nil) { 141 | NSLog(@"Error on U2F check"); 142 | return NO; 143 | } 144 | 145 | // Select the applet. 146 | NSData* response = [card 147 | sendIns:0xa4 148 | p1:0x04 149 | p2:0x00 150 | data:[NSData dataWithBytes:kU2FAID length:sizeof(kU2FAID)] 151 | le:@0 152 | sw:&sw 153 | error:nil 154 | ]; 155 | 156 | if (sw != 0x9000) { 157 | UInt16 sw2; 158 | response = [card 159 | sendIns:0xa4 160 | p1:0x04 161 | p2:0x00 162 | data:[NSData dataWithBytes:kU2FLegacyAID length:sizeof(kU2FLegacyAID)] 163 | le:@0 164 | sw:&sw2 165 | error:nil 166 | ]; 167 | if (sw2 == 0x9000) { 168 | NSLog(@"Legacy U2F AID detected: %@", response); 169 | } 170 | return sw2 == 0x9000; 171 | } 172 | 173 | BOOL has_u2f = [response 174 | isEqual:[NSData 175 | dataWithBytes:kAPDUSelectU2FResponse 176 | length:sizeof(kAPDUSelectU2FResponse) 177 | ] 178 | ]; 179 | 180 | if (!has_u2f) { 181 | NSLog(@"Card is not U2F compatible. SW = 0x%04X; DATA = %@", sw, response); 182 | } 183 | 184 | return has_u2f; 185 | } 186 | ]; 187 | 188 | if (supportsU2F) { 189 | [self onU2FSmartCardAdded:card]; 190 | } else { 191 | NSLog(@"Not U2F Compatible"); 192 | } 193 | } 194 | 195 | - (void)sendError:(uint16_t)err forCid:(uint32_t)cid { 196 | U2FHID* hid = self.hid; 197 | if (hid == nil) { 198 | return; 199 | } 200 | uint8_t err_data[2] = {(uint8_t)(err>>8), (uint8_t)err}; 201 | if (![hid sendMsgWithCid:cid data:[NSData dataWithBytes:err_data length:2]]) { 202 | NSLog(@"Unable to send error MSG for CID %u", cid); 203 | } 204 | } 205 | 206 | #define FLAG_FINAL_RED_SET ((1<<0)|(1<<2)) 207 | #define FLAG_FINAL_RED_CLEAR (1<<2) 208 | #define FLAG_FINAL_GREEN_SET ((1<<1)|(1<<3)) 209 | #define FLAG_FINAL_GREEN_CLEAR (1<<3) 210 | #define FLAG_BLINK_RED_INIT_SET ((1<<4)|(1<<6)) 211 | #define FLAG_BLINK_RED_INIT_CLEAR (1<<6) 212 | #define FLAG_BLINK_GREEN_INIT_SET ((1<<5)|(1<<7)) 213 | #define FLAG_BLINK_GREEN_INIT_CLEAR (1<<7) 214 | 215 | -(void)acr122ReaderFeedback:(TKSmartCard*)card flags:(uint8_t)flags t1dur:(uint8_t)t1dur t2dur:(uint8_t)t2dur count:(uint8_t)count buzzer:(uint8_t)buzz 216 | { 217 | uint16_t ignore; 218 | uint8_t blink[4] = { t1dur, t2dur, count, buzz}; 219 | uint8_t cla = card.cla; 220 | card.cla = 0xFF; 221 | [card 222 | sendIns:0x00 223 | p1:0x40 224 | p2:flags 225 | data:[NSData dataWithBytes:blink length:sizeof(blink)] 226 | le:@0 227 | sw:&ignore 228 | error:nil 229 | ]; 230 | card.cla = cla; 231 | } 232 | 233 | -(void)winkCard:(TKSmartCard*)card { 234 | if ([card.slot.name containsString:@"ACR122U"]) { 235 | // The ACR122U supports the ability to blink the LED. 236 | [self 237 | acr122ReaderFeedback:card 238 | flags:FLAG_BLINK_GREEN_INIT_SET|FLAG_BLINK_RED_INIT_CLEAR 239 | t1dur:1 240 | t2dur:1 241 | count:4 242 | buzzer:0 243 | ]; 244 | } 245 | } 246 | 247 | - (void)handleMsg:(NSData*)data withCid:(uint32_t)cid { 248 | NSLog(@"Got U2FHID MSG %@, CID: %u", data, cid); 249 | TKSmartCard* card = self.cards.anyObject; 250 | 251 | [card 252 | inSessionWithError:nil 253 | executeBlock:^BOOL(NSError *__autoreleasing _Nullable * _Nullable error) { 254 | UInt16 sw; 255 | 256 | if (error != nil) { 257 | NSLog(@"Error: %@", *error); 258 | [self sendError:0x6F00 forCid:cid]; 259 | return NO; 260 | } 261 | 262 | APDU* apdu = [APDU APDUFromRawData:data]; 263 | 264 | if (![apdu isValid]) { 265 | NSLog(@"Invalid APDU"); 266 | [self sendError:0x6F00 forCid:cid]; 267 | return NO; 268 | } 269 | 270 | // Class sanity check, U2F is always CLA 0x00 271 | if (apdu.cla != 0x00) { 272 | NSLog(@"Invalid CLA 0x%02X", apdu.cla); 273 | [self sendError:0x6E00 forCid:cid]; 274 | return NO; 275 | } 276 | 277 | card.cla = 0x00; 278 | 279 | uint8_t ins = apdu.ins; 280 | 281 | // Instruction sanity check 282 | if (!((ins>=1 && ins<=0x3) || (ins>=0x40 && ins<=0xbf))) { 283 | NSLog(@"Invalid INS 0x%02X", ins); 284 | [self sendError:0x6D00 forCid:cid]; 285 | return NO; 286 | } 287 | 288 | // Select the applet. 289 | [card 290 | sendIns:0xa4 291 | p1:0x04 292 | p2:0x00 293 | data:[NSData dataWithBytes:kU2FAID length:sizeof(kU2FAID)] 294 | le:@0 295 | sw:&sw 296 | error:nil 297 | ]; 298 | 299 | if (sw != 0x9000) { 300 | // Select the legacy applet. 301 | [card 302 | sendIns:0xa4 303 | p1:0x04 304 | p2:0x00 305 | data:[NSData dataWithBytes:kU2FLegacyAID length:sizeof(kU2FLegacyAID)] 306 | le:@0 307 | sw:&sw 308 | error:nil 309 | ]; 310 | } 311 | 312 | if (sw != 0x9000) { 313 | [self sendError:sw forCid:cid]; 314 | return NO; 315 | } 316 | 317 | NSMutableData* result = [[card 318 | sendIns:apdu.ins 319 | p1:apdu.p1 320 | p2:apdu.p2 321 | data:apdu.data 322 | le:@0 323 | sw:&sw 324 | error:nil 325 | ] mutableCopy]; 326 | 327 | if (result == nil) { 328 | [self sendError:0x6F00 forCid:cid]; 329 | return NO; 330 | } 331 | 332 | uint8_t byte = (sw>>8); 333 | [result appendBytes:&byte length:1]; 334 | byte = sw; 335 | [result appendBytes:&byte length:1]; 336 | 337 | NSLog(@"Sending U2FHID Response %@, CID: %u, %04X", result, cid, sw); 338 | (void)[self.hid sendMsgWithCid:cid data:result]; 339 | 340 | switch ((apdu.claIns<<16)+sw) { 341 | case 0x00016985: 342 | case 0x00026985: 343 | [self winkCard:card]; 344 | return NO; 345 | break; 346 | default: 347 | break; 348 | } 349 | 350 | return YES; 351 | } 352 | ]; 353 | } 354 | 355 | - (void)enableU2FHID { 356 | NSLog(@"Enabling Fake U2F HID Device"); 357 | if (self.hid == nil) { 358 | self.hid = [[U2FHID alloc] init]; 359 | 360 | [self.hid handle:MessageTypeMsg with:^BOOL(softu2f_hid_message hid_msg) { 361 | NSData* data = (__bridge NSData *)(hid_msg.data); 362 | 363 | dispatch_async( 364 | dispatch_get_main_queue(), 365 | ^(void) { 366 | [self handleMsg:data withCid:hid_msg.cid]; 367 | } 368 | ); 369 | 370 | return true; 371 | }]; 372 | 373 | if (![self.hid run]) { 374 | NSLog(@"Unable to start U2FHID thread"); 375 | } 376 | } 377 | } 378 | 379 | - (void)disableU2FHID { 380 | NSLog(@"Disabling Fake U2F HID Device"); 381 | if (self.hid != nil) { 382 | [self.hid handle:MessageTypeMsg with:^BOOL(softu2f_hid_message hid_msg) { return false; }]; 383 | if (![self.hid stop]) { 384 | NSLog(@"Unable to stop U2FHID thread"); 385 | } 386 | self.hid = nil; 387 | } 388 | } 389 | 390 | - (void)onU2FSmartCardAdded: (TKSmartCard*)card { 391 | NSLog(@"Card supports U2F!"); 392 | [self.cards addObject:card]; 393 | [card 394 | addObserver:self 395 | forKeyPath:@"valid" 396 | options:NSKeyValueObservingOptionInitial 397 | context:NULL 398 | ]; 399 | if ([self.cards count] == 1) { 400 | [self enableU2FHID]; 401 | } 402 | } 403 | 404 | - (void)onSmartCardRemoved: (TKSmartCard*)card { 405 | [card removeObserver:self forKeyPath:@"valid"]; 406 | [self.cards removeObject:card]; 407 | if ([self.cards count] == 0) { 408 | [self disableU2FHID]; 409 | } 410 | } 411 | 412 | @end 413 | -------------------------------------------------------------------------------- /CCIDU2F/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // CCIDU2F 4 | // 5 | 6 | #import 7 | #import "softu2f.h" 8 | #import "CCIDU2FService.h" 9 | 10 | int main(int argc, const char * argv[]) { 11 | @autoreleasepool { 12 | CCIDU2FService* service = [[CCIDU2FService alloc] init]; 13 | 14 | [service start]; 15 | [[NSRunLoop currentRunLoop] run]; 16 | } 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016, The OpenThread Authors. 2 | All rights reserved. 3 | 4 | 5 | Apache License 6 | Version 2.0, January 2004 7 | http://www.apache.org/licenses/ 8 | 9 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 10 | 11 | 1. Definitions. 12 | 13 | "License" shall mean the terms and conditions for use, reproduction, 14 | and distribution as defined by Sections 1 through 9 of this document. 15 | 16 | "Licensor" shall mean the copyright owner or entity authorized by 17 | the copyright owner that is granting the License. 18 | 19 | "Legal Entity" shall mean the union of the acting entity and all 20 | other entities that control, are controlled by, or are under common 21 | control with that entity. For the purposes of this definition, 22 | "control" means (i) the power, direct or indirect, to cause the 23 | direction or management of such entity, whether by contract or 24 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 25 | outstanding shares, or (iii) beneficial ownership of such entity. 26 | 27 | "You" (or "Your") shall mean an individual or Legal Entity 28 | exercising permissions granted by this License. 29 | 30 | "Source" form shall mean the preferred form for making modifications, 31 | including but not limited to software source code, documentation 32 | source, and configuration files. 33 | 34 | "Object" form shall mean any form resulting from mechanical 35 | transformation or translation of a Source form, including but 36 | not limited to compiled object code, generated documentation, 37 | and conversions to other media types. 38 | 39 | "Work" shall mean the work of authorship, whether in Source or 40 | Object form, made available under the License, as indicated by a 41 | copyright notice that is included in or attached to the work 42 | (an example is provided in the Appendix below). 43 | 44 | "Derivative Works" shall mean any work, whether in Source or Object 45 | form, that is based on (or derived from) the Work and for which the 46 | editorial revisions, annotations, elaborations, or other modifications 47 | represent, as a whole, an original work of authorship. For the purposes 48 | of this License, Derivative Works shall not include works that remain 49 | separable from, or merely link (or bind by name) to the interfaces of, 50 | the Work and Derivative Works thereof. 51 | 52 | "Contribution" shall mean any work of authorship, including 53 | the original version of the Work and any modifications or additions 54 | to that Work or Derivative Works thereof, that is intentionally 55 | submitted to Licensor for inclusion in the Work by the copyright owner 56 | or by an individual or Legal Entity authorized to submit on behalf of 57 | the copyright owner. For the purposes of this definition, "submitted" 58 | means any form of electronic, verbal, or written communication sent 59 | to the Licensor or its representatives, including but not limited to 60 | communication on electronic mailing lists, source code control systems, 61 | and issue tracking systems that are managed by, or on behalf of, the 62 | Licensor for the purpose of discussing and improving the Work, but 63 | excluding communication that is conspicuously marked or otherwise 64 | designated in writing by the copyright owner as "Not a Contribution." 65 | 66 | "Contributor" shall mean Licensor and any individual or Legal Entity 67 | on behalf of whom a Contribution has been received by Licensor and 68 | subsequently incorporated within the Work. 69 | 70 | 2. Grant of Copyright License. Subject to the terms and conditions of 71 | this License, each Contributor hereby grants to You a perpetual, 72 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 73 | copyright license to reproduce, prepare Derivative Works of, 74 | publicly display, publicly perform, sublicense, and distribute the 75 | Work and such Derivative Works in Source or Object form. 76 | 77 | 3. Grant of Patent License. Subject to the terms and conditions of 78 | this License, each Contributor hereby grants to You a perpetual, 79 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 80 | (except as stated in this section) patent license to make, have made, 81 | use, offer to sell, sell, import, and otherwise transfer the Work, 82 | where such license applies only to those patent claims licensable 83 | by such Contributor that are necessarily infringed by their 84 | Contribution(s) alone or by combination of their Contribution(s) 85 | with the Work to which such Contribution(s) was submitted. If You 86 | institute patent litigation against any entity (including a 87 | cross-claim or counterclaim in a lawsuit) alleging that the Work 88 | or a Contribution incorporated within the Work constitutes direct 89 | or contributory patent infringement, then any patent licenses 90 | granted to You under this License for that Work shall terminate 91 | as of the date such litigation is filed. 92 | 93 | 4. Redistribution. You may reproduce and distribute copies of the 94 | Work or Derivative Works thereof in any medium, with or without 95 | modifications, and in Source or Object form, provided that You 96 | meet the following conditions: 97 | 98 | (a) You must give any other recipients of the Work or 99 | Derivative Works a copy of this License; and 100 | 101 | (b) You must cause any modified files to carry prominent notices 102 | stating that You changed the files; and 103 | 104 | (c) You must retain, in the Source form of any Derivative Works 105 | that You distribute, all copyright, patent, trademark, and 106 | attribution notices from the Source form of the Work, 107 | excluding those notices that do not pertain to any part of 108 | the Derivative Works; and 109 | 110 | (d) If the Work includes a "NOTICE" text file as part of its 111 | distribution, then any Derivative Works that You distribute must 112 | include a readable copy of the attribution notices contained 113 | within such NOTICE file, excluding those notices that do not 114 | pertain to any part of the Derivative Works, in at least one 115 | of the following places: within a NOTICE text file distributed 116 | as part of the Derivative Works; within the Source form or 117 | documentation, if provided along with the Derivative Works; or, 118 | within a display generated by the Derivative Works, if and 119 | wherever such third-party notices normally appear. The contents 120 | of the NOTICE file are for informational purposes only and 121 | do not modify the License. You may add Your own attribution 122 | notices within Derivative Works that You distribute, alongside 123 | or as an addendum to the NOTICE text from the Work, provided 124 | that such additional attribution notices cannot be construed 125 | as modifying the License. 126 | 127 | You may add Your own copyright statement to Your modifications and 128 | may provide additional or different license terms and conditions 129 | for use, reproduction, or distribution of Your modifications, or 130 | for any such Derivative Works as a whole, provided Your use, 131 | reproduction, and distribution of the Work otherwise complies with 132 | the conditions stated in this License. 133 | 134 | 5. Submission of Contributions. Unless You explicitly state otherwise, 135 | any Contribution intentionally submitted for inclusion in the Work 136 | by You to the Licensor shall be under the terms and conditions of 137 | this License, without any additional terms or conditions. 138 | Notwithstanding the above, nothing herein shall supersede or modify 139 | the terms of any separate license agreement you may have executed 140 | with Licensor regarding such Contributions. 141 | 142 | 6. Trademarks. This License does not grant permission to use the trade 143 | names, trademarks, service marks, or product names of the Licensor, 144 | except as required for reasonable and customary use in describing the 145 | origin of the Work and reproducing the content of the NOTICE file. 146 | 147 | 7. Disclaimer of Warranty. Unless required by applicable law or 148 | agreed to in writing, Licensor provides the Work (and each 149 | Contributor provides its Contributions) on an "AS IS" BASIS, 150 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 151 | implied, including, without limitation, any warranties or conditions 152 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 153 | PARTICULAR PURPOSE. You are solely responsible for determining the 154 | appropriateness of using or redistributing the Work and assume any 155 | risks associated with Your exercise of permissions under this License. 156 | 157 | 8. Limitation of Liability. In no event and under no legal theory, 158 | whether in tort (including negligence), contract, or otherwise, 159 | unless required by applicable law (such as deliberate and grossly 160 | negligent acts) or agreed to in writing, shall any Contributor be 161 | liable to You for damages, including any direct, indirect, special, 162 | incidental, or consequential damages of any character arising as a 163 | result of this License or out of the use or inability to use the 164 | Work (including but not limited to damages for loss of goodwill, 165 | work stoppage, computer failure or malfunction, or any and all 166 | other commercial damages or losses), even if such Contributor 167 | has been advised of the possibility of such damages. 168 | 169 | 9. Accepting Warranty or Additional Liability. While redistributing 170 | the Work or Derivative Works thereof, You may choose to offer, 171 | and charge a fee for, acceptance of support, warranty, indemnity, 172 | or other liability obligations and/or rights consistent with this 173 | License. However, in accepting such obligations, You may act only 174 | on Your own behalf and on Your sole responsibility, not on behalf 175 | of any other Contributor, and only if You agree to indemnify, 176 | defend, and hold each Contributor harmless for any liability 177 | incurred by, or claims asserted against, such Contributor by reason 178 | of your accepting any such warranty or additional liability. 179 | 180 | END OF TERMS AND CONDITIONS -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | SmartCard U2F Adapter for macOS 2 | =============================== 3 | 4 | This is a tool for using FIDO U2F applets on smart cards and NFC 5 | tokens as if they were first-class U2F HID devices on macOS. You would 6 | use this if you want to, say, pair your NFC-only U2F token with your 7 | Google account (Google won't let you set up security tokens on your 8 | phone for some reason). It's also particularly useful if you are 9 | developing a U2F token on a smart card. 10 | 11 | This program was a quick hack to get my own tokens paired to my Google 12 | account, but I figured others might find it useful. At the moment it 13 | isn't pretty and it isn't easy-to-install, either. If you read the 14 | code, keep in mind I haven't written Objective-C code in about 7 15 | years, so I was a little rusty. But hey, it works. Forks and pull 16 | requests are welcome. 17 | 18 | This project is based on [SoftU2F](https://github.com/github/SoftU2F). 19 | Without that project, this project would not exist. All hail SoftU2F. 20 | 21 | ## Limitations ## 22 | 23 | * Only handles one U2F smart card at a time. 24 | * Only supports tokens that can speak U2F/CTAP1. CTAP2-only tokens 25 | are not supported. 26 | * Only supports the U2F flow. If you are using a CTAP1/CTAP2 token, 27 | you will only be able to use CTAP1 features. 28 | 29 | ## Requirements ## 30 | 31 | It might go without saying, but in order to use this project you are 32 | going to need a smart card reader or some USB device that looks like a 33 | smart card reader to the computer (like an ACR122U, if you are doing 34 | NFC stuff). And a Mac. 35 | 36 | ## Building ## 37 | 38 | Build it in Xcode. 39 | 40 | ## Installing ## 41 | 42 | First, install [SoftU2F](https://github.com/github/SoftU2F#installing). 43 | 44 | Then neuter the launch agent: 45 | 46 | launchctl unload -w ~/Library/LaunchAgents/com.github.SoftU2F.plist 47 | 48 | You can now run `CCIDU2F`. 49 | 50 | ## Running ## 51 | 52 | Run it from Xcode. I said this was a hack, right? 53 | 54 | ## Usage ## 55 | 56 | Once `CCIDU2F` is running in the background it is totally 57 | plug-and-play. When prompted to insert your U2F token, insert it or 58 | bring it toward the reader. It should "Just Work", no matter 59 | what browser you are using. 60 | 61 | Note that 25% of registration requests will fail. This is a known bug 62 | in Apple's FIDO2 implementation. See [this article](https://medium.com/@darconeous/thoughts-on-apples-fido2-support-44a2aadcf093) 63 | for more info. 64 | 65 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 GitHub, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/README.md: -------------------------------------------------------------------------------- 1 | This code came from . 2 | 3 | It was modified slightly to work in the context of this project. 4 | 5 | Releaed under the [MIT license](LICENSE.md). 6 | 7 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/U2FHID.swift: -------------------------------------------------------------------------------- 1 | // 2 | // HIDU2F.swift 3 | // SoftU2F 4 | // 5 | // Created by Benjamin P Toews on 1/25/17. 6 | // 7 | 8 | import Foundation 9 | 10 | @objc 11 | class U2FHID: NSObject { 12 | @objc 13 | enum MessageType: UInt8 { 14 | case Ping = 0x81 // Echo data through local processor only 15 | case Msg = 0x83 // Send U2F message frame 16 | case Lock = 0x84 // Send lock channel command 17 | case Init = 0x86 // Channel initialization 18 | case Wink = 0x88 // Send device identification wink 19 | case Sync = 0xBC // Protocol resync command 20 | case Error = 0xBF // Error response 21 | } 22 | 23 | typealias HIDMessageHandler = (_ msg: softu2f_hid_message) -> Bool 24 | typealias CHIDMessageHandler = (_ ctx: OpaquePointer?, _ msg: UnsafeMutablePointer?) -> Bool 25 | 26 | static var shared: U2FHID? = nil 27 | private static var hasShared = false 28 | 29 | let ctx: OpaquePointer? 30 | private var handlers = [UInt8: HIDMessageHandler]() 31 | private var runThread: Thread? 32 | 33 | override init() { 34 | // Only allow the one singleton instance. 35 | if U2FHID.hasShared { 36 | abort() 37 | } 38 | 39 | ctx = softu2f_init(SOFTU2F_DEBUG) 40 | 41 | if ctx == nil { 42 | abort() 43 | } 44 | 45 | U2FHID.hasShared = true 46 | super.init() 47 | U2FHID.shared = self 48 | } 49 | 50 | @objc 51 | deinit { 52 | if ctx != nil { 53 | softu2f_deinit(ctx) 54 | U2FHID.hasShared = false 55 | } 56 | } 57 | 58 | // Send a U2F level message to the client with the given CID. 59 | @objc 60 | func sendMsg(cid: UInt32, data: Data) -> Bool { 61 | var msg = softu2f_hid_message() 62 | 63 | msg.cmd = MessageType.Msg.rawValue 64 | msg.bcnt = UInt16(data.count) 65 | msg.cid = cid 66 | 67 | let cfd = data as CFData 68 | msg.data = Unmanaged.passUnretained(cfd) 69 | 70 | return withUnsafeMutablePointer(to: &msg) { msgPtr in 71 | return softu2f_hid_msg_send(ctx, msgPtr) 72 | } 73 | } 74 | 75 | // Register a handler for the given type of U2F HID message. 76 | @objc 77 | func handle(_ type: MessageType, with handler: @escaping HIDMessageHandler) { 78 | handlers[type.rawValue] = handler 79 | 80 | softu2f_hid_msg_handler_register(ctx, type.rawValue) { (_ ctx: OpaquePointer?, _ msgPtr: UnsafeMutablePointer?) -> Bool in 81 | if let cmd = msgPtr?.pointee.cmd { 82 | if let handler: HIDMessageHandler = U2FHID.shared?.handlers[cmd] { 83 | return handler(msgPtr!.pointee) 84 | } 85 | } 86 | 87 | return false 88 | } 89 | } 90 | 91 | // Start running softu2f device in a background thread. 92 | @objc 93 | func run() -> Bool { 94 | if runThread != nil { 95 | return false 96 | } 97 | 98 | print("Starting U2FHID thread") 99 | runThread = Thread() { 100 | print("U2FHID thread started") 101 | softu2f_run(self.ctx) 102 | self.runThread = nil 103 | print("U2FHID thread stopped") 104 | } 105 | 106 | runThread?.start() 107 | U2FHID.shared = self 108 | 109 | return true 110 | } 111 | 112 | // Stop running the softu2f device. 113 | @objc 114 | func stop() -> Bool { 115 | guard let thread = runThread else { return false } 116 | 117 | print("Stopping U2FHID thread") 118 | softu2f_shutdown(ctx) 119 | 120 | U2FHID.shared = nil 121 | 122 | for _ in 0..<3 { 123 | if thread.isFinished { 124 | return true 125 | } else { 126 | sleep(1) 127 | } 128 | } 129 | 130 | return false 131 | } 132 | } 133 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/UserKernelShared.h: -------------------------------------------------------------------------------- 1 | // 2 | // UserKernelShared.h 3 | // SoftU2F 4 | // 5 | // Created by Benjamin P Toews on 1/12/17. 6 | // 7 | 8 | #ifndef UserKernelShared_h 9 | #define UserKernelShared_h 10 | 11 | #define kSoftU2FDriverClassName "SoftU2FDriver" 12 | 13 | // User client method dispatch selectors. 14 | enum { 15 | kSoftU2FUserClientSendFrame, 16 | kSoftU2FUserClientNotifyFrame, 17 | kNumberOfMethods // Must be last 18 | }; 19 | 20 | #endif /* UserKernelShared_h */ 21 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/internal.h: -------------------------------------------------------------------------------- 1 | // 2 | // internal.h 3 | // SoftU2F 4 | // 5 | // Created by Benjamin P Toews on 1/25/17. 6 | // 7 | 8 | #ifndef internal_h 9 | #define internal_h 10 | 11 | #include "UserKernelShared.h" 12 | #include "u2f_hid.h" 13 | #include 14 | #include 15 | 16 | // Context includes cid counter, connection. 17 | struct softu2f_ctx { 18 | io_connect_t con; 19 | uint32_t next_cid; 20 | pthread_mutex_t mutex; 21 | CFRunLoopRef run_loop; 22 | 23 | // Incomming messages. 24 | softu2f_hid_message *msg_list; 25 | 26 | // Verbose logging. 27 | bool debug; 28 | 29 | // Handlers registered for HID msg types. 30 | softu2f_hid_message_handler ping_handler; 31 | softu2f_hid_message_handler msg_handler; 32 | softu2f_hid_message_handler init_handler; 33 | softu2f_hid_message_handler wink_handler; 34 | softu2f_hid_message_handler sync_handler; 35 | }; 36 | 37 | struct timespec softu2f_poll_interval = {0, 1000000L}; // 1ms. Spec says 5ms... 38 | 39 | // Read an individual HID frame from the device into a HID message. 40 | void softu2f_hid_frame_read(softu2f_ctx *ctx, U2FHID_FRAME *frame); 41 | 42 | // Handle complete messages. Abort messages that timed out. 43 | void softu2f_hid_handle_messages(softu2f_ctx *ctx); 44 | 45 | // Find a message handler for a message. 46 | softu2f_hid_message_handler softu2f_hid_msg_handler(softu2f_ctx *ctx, softu2f_hid_message *msg); 47 | 48 | // Send an INIT response for a given request. 49 | bool softu2f_hid_msg_handle_init(softu2f_ctx *ctx, softu2f_hid_message *req); 50 | 51 | // Send a PING response for a given request. 52 | bool softu2f_hid_msg_handle_ping(softu2f_ctx *ctx, softu2f_hid_message *req); 53 | 54 | // Send a WINK response for a given request. 55 | bool softu2f_hid_msg_handle_wink(softu2f_ctx *ctx, softu2f_hid_message *req); 56 | 57 | // Send a SYNC response for a given request. 58 | bool softu2f_hid_msg_handle_sync(softu2f_ctx *ctx, softu2f_hid_message *req); 59 | 60 | // Create a new message and add it to the list. 61 | softu2f_hid_message *softu2f_hid_msg_list_create(softu2f_ctx *ctx); 62 | 63 | // Find a message with the given cid. 64 | softu2f_hid_message *softu2f_hid_msg_list_find(softu2f_ctx *ctx, uint32_t cid); 65 | 66 | // Get size of message list. 67 | unsigned int softu2f_hid_msg_list_count(softu2f_ctx *ctx); 68 | 69 | // Remove a message from the list and free it. 70 | void softu2f_hid_msg_list_remove(softu2f_ctx *ctx, softu2f_hid_message *msg); 71 | 72 | // Allocate memory for a new message. 73 | softu2f_hid_message *softu2f_hid_msg_alloc(softu2f_ctx *ctx); 74 | 75 | // Check if the message has timed out. 76 | bool softu2f_hid_msg_is_timed_out(softu2f_ctx *ctx, softu2f_hid_message *msg); 77 | 78 | // Check if we've read the whole message. 79 | bool softu2f_hid_msg_is_complete(softu2f_ctx *ctx, softu2f_hid_message *msg); 80 | 81 | // Initialize the message's data with the contents of its read buffer. 82 | void softu2f_hid_msg_finalize(softu2f_ctx *ctx, softu2f_hid_message *msg); 83 | 84 | // Free a HID message and associated data. 85 | void softu2f_hid_msg_free(softu2f_hid_message *msg); 86 | 87 | // Log a message if logging is enabled. 88 | void softu2f_log(softu2f_ctx *ctx, char *fmt, ...); 89 | 90 | // Log a U2FHID_FRAME if logging is enabled. 91 | void softu2f_debug_frame(softu2f_ctx *ctx, U2FHID_FRAME *frame, bool recv); 92 | 93 | // Called by the kernel when setReport is called on our device. 94 | void softu2f_async_callback(void *refcon, IOReturn result, io_user_reference_t* args, uint32_t numArgs); 95 | 96 | // Called periodically in our runloop. 97 | void softu2f_async_timer_callback(CFRunLoopTimerRef timer, void* info); 98 | 99 | #endif /* internal_h */ 100 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/softu2f.c: -------------------------------------------------------------------------------- 1 | // 2 | // SoftU2FClientInterface.c 3 | // SoftU2F 4 | // 5 | // Created by Benjamin P Toews on 1/12/17. 6 | // 7 | 8 | #include "softu2f.h" 9 | #include "internal.h" 10 | #include 11 | 12 | // Initialize libSoftU2F before usage. 13 | softu2f_ctx *softu2f_init(softu2f_init_flags flags) { 14 | softu2f_ctx *ctx = NULL; 15 | io_service_t service = IO_OBJECT_NULL; 16 | kern_return_t ret; 17 | int err; 18 | 19 | // Allocate a new context. 20 | ctx = (softu2f_ctx *)calloc(1, sizeof(softu2f_ctx)); 21 | if (!ctx) 22 | return NULL; 23 | 24 | // Apply init flags. 25 | ctx->debug = (flags & SOFTU2F_DEBUG) == 1; 26 | 27 | err = pthread_mutex_init(&ctx->mutex, NULL); 28 | if (err) { 29 | softu2f_log(ctx, "Error creating mutex.\n"); 30 | goto fail; 31 | } 32 | 33 | // Find driver. 34 | service = IOServiceGetMatchingService(kIOMasterPortDefault, IOServiceMatching(kSoftU2FDriverClassName)); 35 | if (!service) { 36 | softu2f_log(ctx, "SoftU2F.kext not loaded.\n"); 37 | goto fail; 38 | } 39 | 40 | // Open connection to user client. 41 | ret = IOServiceOpen(service, mach_task_self(), 0, &ctx->con); 42 | if (ret != KERN_SUCCESS) { 43 | softu2f_log(ctx, "Error connecting to SoftU2F.kext: %d\n", ret); 44 | goto fail; 45 | } 46 | IOObjectRelease(service); 47 | service = IO_OBJECT_NULL; 48 | 49 | return ctx; 50 | 51 | fail: 52 | if (service) 53 | IOObjectRelease(service); 54 | if (ctx) 55 | softu2f_deinit(ctx); 56 | return NULL; 57 | } 58 | 59 | // Cleanup after using libSoftU2F. 60 | void softu2f_deinit(softu2f_ctx *ctx) { 61 | kern_return_t ret; 62 | 63 | // Close user client connection. 64 | if (ctx->con) { 65 | ret = IOServiceClose(ctx->con); 66 | if (ret != KERN_SUCCESS) 67 | softu2f_log(ctx, "Error closing connection to SoftU2F.kext: %d.\n", ret); 68 | } 69 | 70 | pthread_mutex_destroy(&ctx->mutex); 71 | 72 | // Cleanup 73 | free(ctx); 74 | } 75 | 76 | // Read HID messages from device in loop. 77 | void softu2f_run(softu2f_ctx *ctx) { 78 | IONotificationPortRef notification_port; 79 | mach_port_t mnotification_port; 80 | CFRunLoopSourceRef run_loop_source; 81 | CFRunLoopTimerRef run_loop_timer; 82 | CFRunLoopTimerContext timer_ctx; 83 | io_async_ref64_t async_ref; 84 | kern_return_t ret; 85 | 86 | if (ctx->run_loop) { 87 | softu2f_log(ctx, "Can't start softu2f run loop. Already running.\n"); 88 | return; 89 | } 90 | 91 | // Create port to listen for kernel notifications on. 92 | notification_port = IONotificationPortCreate(kIOMasterPortDefault); 93 | if (!notification_port) { 94 | softu2f_log(ctx, "Error getting notification port.\n"); 95 | return; 96 | } 97 | 98 | // Get lower level mach port from notification port. 99 | mnotification_port = IONotificationPortGetMachPort(notification_port); 100 | if (!mnotification_port) { 101 | softu2f_log(ctx, "Error getting mach notification port.\n"); 102 | return; 103 | } 104 | 105 | // Create a run loop source from our notification port so we can add the port to our run loop. 106 | run_loop_source = IONotificationPortGetRunLoopSource(notification_port); 107 | if (run_loop_source == NULL) { 108 | softu2f_log(ctx, "Error getting run loop source.\n"); 109 | return; 110 | } 111 | 112 | // Create a timer to run periodically. 113 | memset(&timer_ctx, 0, sizeof(CFRunLoopTimerContext)); 114 | timer_ctx.info = ctx; 115 | run_loop_timer = CFRunLoopTimerCreate(NULL, 0, 0.2, 0, 0, softu2f_async_timer_callback, &timer_ctx); 116 | if (run_loop_source == NULL) { 117 | softu2f_log(ctx, "Error creating timer.\n"); 118 | return; 119 | } 120 | 121 | // Add the notification port and timer to the run loop. 122 | CFRunLoopAddSource(CFRunLoopGetCurrent(), run_loop_source, kCFRunLoopDefaultMode); 123 | CFRunLoopAddTimer(CFRunLoopGetCurrent(), run_loop_timer, kCFRunLoopDefaultMode); 124 | 125 | // Params to pass to the kernel. 126 | async_ref[kIOAsyncCalloutFuncIndex] = (uint64_t)softu2f_async_callback; 127 | async_ref[kIOAsyncCalloutRefconIndex] = (uint64_t)ctx; 128 | 129 | // Tell the kernel how to notify us. 130 | ret = IOConnectCallAsyncScalarMethod(ctx->con, kSoftU2FUserClientNotifyFrame, mnotification_port, async_ref, kIOAsyncCalloutCount, NULL, 0, NULL, 0); 131 | if (ret != kIOReturnSuccess) { 132 | softu2f_log(ctx, "Error registering for setFrame notifications.\n"); 133 | return; 134 | } 135 | 136 | // Blocks until the run loop is stopped in our callback. 137 | softu2f_log(ctx, "Starting softu2f async run loop.\n"); 138 | ctx->run_loop = CFRunLoopGetCurrent(); 139 | CFRunLoopRun(); 140 | ctx->run_loop = NULL; 141 | 142 | // Clean up. 143 | IONotificationPortDestroy(notification_port); 144 | } 145 | 146 | // Shutdown the run loop. 147 | void softu2f_shutdown(softu2f_ctx *ctx) { 148 | if (ctx->run_loop) { 149 | softu2f_log(ctx, "Shutting down softu2f run loop.\n"); 150 | CFRunLoopStop(ctx->run_loop); 151 | } else { 152 | softu2f_log(ctx, "Error shutting down softu2f run loop.\n"); 153 | } 154 | } 155 | 156 | // Send a HID message to the device. 157 | bool softu2f_hid_msg_send(softu2f_ctx *ctx, softu2f_hid_message *msg) { 158 | uint8_t *src; 159 | uint8_t *src_end; 160 | uint8_t *dst; 161 | uint8_t *dst_end; 162 | uint8_t seq = 0x00; 163 | U2FHID_FRAME frame; 164 | kern_return_t ret; 165 | 166 | memset(&frame, 0, HID_RPT_SIZE); 167 | 168 | // Init frame. 169 | frame.cid = msg->cid; 170 | frame.type |= TYPE_INIT; 171 | frame.init.cmd |= msg->cmd; 172 | frame.init.bcnth = CFDataGetLength(msg->data) >> 8; 173 | frame.init.bcntl = CFDataGetLength(msg->data) & 0xff; 174 | 175 | src = (uint8_t *)CFDataGetBytePtr(msg->data); 176 | src_end = src + CFDataGetLength(msg->data); 177 | dst = frame.init.data; 178 | dst_end = dst + sizeof(frame.init.data); 179 | 180 | while (1) { 181 | if (src_end - src > dst_end - dst) { 182 | memcpy(dst, src, dst_end - dst); 183 | src += dst_end - dst; 184 | } else { 185 | memcpy(dst, src, src_end - src); 186 | src += src_end - src; 187 | } 188 | 189 | // Send frame. 190 | softu2f_debug_frame(ctx, &frame, false); 191 | ret = IOConnectCallStructMethod(ctx->con, kSoftU2FUserClientSendFrame, &frame, HID_RPT_SIZE, NULL, NULL); 192 | if (ret != kIOReturnSuccess) { 193 | softu2f_log(ctx, "Error calling kSoftU2FUserClientSendFrame: 0x%08x\n", ret); 194 | return false; 195 | } 196 | 197 | // No more frames. 198 | if (src >= src_end) 199 | break; 200 | 201 | // Sleep for a bit. 202 | nanosleep(&softu2f_poll_interval, NULL); 203 | 204 | // Cont frame. 205 | dst = frame.cont.data; 206 | dst_end = dst + sizeof(frame.cont.data); 207 | frame.cont.seq = seq++; 208 | memset(frame.cont.data, 0, sizeof(frame.cont.data)); 209 | } 210 | 211 | return true; 212 | } 213 | 214 | // Send a HID error to the device. 215 | bool softu2f_hid_err_send(softu2f_ctx *ctx, uint32_t cid, uint8_t code) { 216 | softu2f_hid_message msg; 217 | 218 | msg.cmd = U2FHID_ERROR; 219 | msg.cid = cid; 220 | msg.bcnt = 1; 221 | msg.data = CFDataCreateWithBytesNoCopy(NULL, &code, 1, NULL); 222 | 223 | return softu2f_hid_msg_send(ctx, &msg); 224 | } 225 | 226 | // Read an individual HID frame from the device into a HID message. 227 | void softu2f_hid_frame_read(softu2f_ctx *ctx, U2FHID_FRAME *frame) { 228 | uint8_t *data; 229 | unsigned int ndata; 230 | softu2f_hid_message *msg; 231 | 232 | // See if there's already a message in progress for this channel. 233 | msg = softu2f_hid_msg_list_find(ctx, frame->cid); 234 | 235 | if (frame->cid == 0x00000000) { 236 | softu2f_log(ctx, "Frame with CID 0.\n"); 237 | softu2f_hid_err_send(ctx, frame->cid, ERR_INVALID_CID); 238 | return; 239 | } 240 | 241 | switch (FRAME_TYPE(*frame)) { 242 | case TYPE_INIT: 243 | if (msg) { 244 | if (frame->init.cmd == U2FHID_INIT) { 245 | softu2f_log(ctx, "U2FHID_INIT while waiting for CONT. Resetting.\n"); 246 | softu2f_hid_msg_list_remove(ctx, msg); 247 | } else { 248 | softu2f_log(ctx, "INIT frame out of order. Bailing.\n"); 249 | softu2f_hid_err_send(ctx, frame->cid, ERR_INVALID_SEQ); 250 | softu2f_hid_msg_list_remove(ctx, msg); 251 | return; 252 | } 253 | } else if (frame->init.cmd == U2FHID_SYNC) { 254 | softu2f_log(ctx, "SYNC frame out of order. Bailing.\n"); 255 | softu2f_hid_err_send(ctx, frame->cid, ERR_INVALID_CMD); 256 | return; 257 | } else if (frame->init.cmd != U2FHID_INIT && softu2f_hid_msg_list_count(ctx) > 0) { 258 | softu2f_log(ctx, "INIT frame while waiting for CONT on other CID.\n"); 259 | softu2f_hid_err_send(ctx, frame->cid, ERR_CHANNEL_BUSY); 260 | return; 261 | } 262 | 263 | if (frame->cid == CID_BROADCAST && frame->init.cmd != U2FHID_INIT) { 264 | softu2f_log(ctx, "Non U2FHID_INIT message on broadcast CID.\n"); 265 | softu2f_hid_err_send(ctx, frame->cid, ERR_INVALID_CID); 266 | return; 267 | } 268 | 269 | msg = softu2f_hid_msg_list_create(ctx); 270 | if (!msg) 271 | return; 272 | 273 | msg->cmd = frame->init.cmd; 274 | msg->cid = frame->cid; 275 | msg->bcnt = MSG_LEN(*frame); 276 | 277 | // From the spec: With a packet size of 64 bytes (max for full-speed 278 | // devices), this means that the maximum message payload length is 279 | // 64 - 7 + 128 * (64 - 5) = 7609 bytes. 280 | if (msg->bcnt > 7609) { 281 | softu2f_log(ctx, "BCNT too large (%u). Bailing.\n", msg->bcnt); 282 | softu2f_hid_err_send(ctx, msg->cid, ERR_INVALID_LEN); 283 | softu2f_hid_msg_list_remove(ctx, msg); 284 | return; 285 | } 286 | 287 | msg->buf = CFDataCreateMutable(NULL, msg->bcnt); 288 | 289 | data = frame->init.data; 290 | 291 | if (msg->bcnt > sizeof(frame->init.data)) { 292 | ndata = sizeof(frame->init.data); 293 | } else { 294 | ndata = msg->bcnt; 295 | } 296 | 297 | break; 298 | case TYPE_CONT: 299 | if (!msg) { 300 | softu2f_log(ctx, "CONT frame out of order. Ignoring\n"); 301 | return; 302 | } 303 | 304 | if (FRAME_SEQ(*frame) != msg->lastSeq++) { 305 | softu2f_log(ctx, "Bad SEQ in CONT frame (%d). Bailing\n", FRAME_SEQ(*frame)); 306 | softu2f_hid_msg_list_remove(ctx, msg); 307 | softu2f_hid_err_send(ctx, frame->cid, ERR_INVALID_SEQ); 308 | return; 309 | } 310 | 311 | data = frame->cont.data; 312 | 313 | if (CFDataGetLength(msg->buf) + sizeof(frame->cont.data) > msg->bcnt) { 314 | ndata = msg->bcnt - (uint16_t)CFDataGetLength(msg->buf); 315 | } else { 316 | ndata = sizeof(frame->cont.data); 317 | } 318 | 319 | break; 320 | default: 321 | softu2f_log(ctx, "Unknown frame type: 0x%08x\n", FRAME_TYPE(*frame)); 322 | return; 323 | } 324 | 325 | CFDataAppendBytes(msg->buf, data, ndata); 326 | } 327 | 328 | // Handle complete messages. Abort messages that timed out. 329 | void softu2f_hid_handle_messages(softu2f_ctx *ctx) { 330 | softu2f_hid_message *msg = NULL; 331 | softu2f_hid_message *nextMsg = ctx->msg_list; 332 | softu2f_hid_message_handler handler = NULL; 333 | 334 | while (nextMsg) { 335 | msg = nextMsg; 336 | nextMsg = msg->next; 337 | 338 | if (softu2f_hid_msg_is_complete(ctx, msg)) { 339 | softu2f_hid_msg_finalize(ctx, msg); 340 | handler = softu2f_hid_msg_handler(ctx, msg); 341 | 342 | if (handler) { 343 | if (!handler(ctx, msg)) { 344 | softu2f_log(ctx, "Error handling HID message\n"); 345 | } 346 | } else { 347 | softu2f_log(ctx, "No handler for HID message\n"); 348 | softu2f_hid_err_send(ctx, msg->cid, ERR_INVALID_CMD); 349 | } 350 | 351 | softu2f_hid_msg_list_remove(ctx, msg); 352 | } else if (softu2f_hid_msg_is_timed_out(ctx, msg)) { 353 | softu2f_log(ctx, "Message timeout on CID: 0x%08x\n", msg->cid); 354 | softu2f_hid_err_send(ctx, msg->cid, ERR_MSG_TIMEOUT); 355 | softu2f_hid_msg_list_remove(ctx, msg); 356 | } 357 | 358 | handler = NULL; 359 | } 360 | } 361 | 362 | // Register a handler for a message type. 363 | void softu2f_hid_msg_handler_register(softu2f_ctx *ctx, uint8_t type, softu2f_hid_message_handler handler) { 364 | switch (type) { 365 | case U2FHID_PING: 366 | ctx->ping_handler = handler; 367 | break; 368 | case U2FHID_MSG: 369 | ctx->msg_handler = handler; 370 | break; 371 | case U2FHID_INIT: 372 | ctx->init_handler = handler; 373 | break; 374 | case U2FHID_WINK: 375 | ctx->wink_handler = handler; 376 | break; 377 | case U2FHID_SYNC: 378 | ctx->sync_handler = handler; 379 | break; 380 | } 381 | } 382 | 383 | // Find a message handler for a message. 384 | softu2f_hid_message_handler softu2f_hid_msg_handler(softu2f_ctx *ctx, softu2f_hid_message *msg) { 385 | switch (msg->cmd) { 386 | case U2FHID_PING: 387 | if (ctx->ping_handler) 388 | return ctx->ping_handler; 389 | break; 390 | case U2FHID_MSG: 391 | if (ctx->msg_handler) 392 | return ctx->msg_handler; 393 | break; 394 | case U2FHID_INIT: 395 | if (ctx->init_handler) 396 | return ctx->init_handler; 397 | break; 398 | case U2FHID_WINK: 399 | if (ctx->wink_handler) 400 | return ctx->wink_handler; 401 | break; 402 | case U2FHID_SYNC: 403 | if (ctx->sync_handler) 404 | return ctx->sync_handler; 405 | break; 406 | } 407 | 408 | return softu2f_hid_msg_handler_default(ctx, msg); 409 | } 410 | 411 | // Find the default message handler for a message. 412 | softu2f_hid_message_handler softu2f_hid_msg_handler_default(softu2f_ctx *ctx, softu2f_hid_message *msg) { 413 | switch (msg->cmd) { 414 | case U2FHID_PING: 415 | return softu2f_hid_msg_handle_ping; 416 | case U2FHID_MSG: 417 | return NULL; 418 | case U2FHID_INIT: 419 | return softu2f_hid_msg_handle_init; 420 | case U2FHID_WINK: 421 | return softu2f_hid_msg_handle_wink; 422 | case U2FHID_SYNC: 423 | return softu2f_hid_msg_handle_sync; 424 | default: 425 | return NULL; 426 | } 427 | } 428 | 429 | // Send an INIT response for a given request. 430 | bool softu2f_hid_msg_handle_init(softu2f_ctx *ctx, softu2f_hid_message *req) { 431 | softu2f_hid_message resp; 432 | U2FHID_INIT_RESP resp_data = {0}; 433 | U2FHID_INIT_REQ *req_data; 434 | 435 | req_data = (U2FHID_INIT_REQ *)CFDataGetBytePtr(req->data); 436 | 437 | resp.cmd = U2FHID_INIT; 438 | resp.bcnt = sizeof(U2FHID_INIT_RESP); 439 | resp.data = CFDataCreateWithBytesNoCopy(NULL, (uint8_t *)&resp_data, resp.bcnt, NULL); 440 | 441 | if (req->cid == CID_BROADCAST) { 442 | // Allocate a new CID for the client and tell them about it. 443 | resp.cid = CID_BROADCAST; 444 | resp_data.cid = ++ctx->next_cid; 445 | } else { 446 | // Use whatever CID they wanted. 447 | resp.cid = req->cid; 448 | resp_data.cid = req->cid; 449 | } 450 | 451 | memcpy(resp_data.nonce, req_data->nonce, INIT_NONCE_SIZE); 452 | resp_data.versionInterface = U2FHID_IF_VERSION; 453 | resp_data.versionMajor = 0; 454 | resp_data.versionMinor = 0; 455 | resp_data.versionBuild = 0; 456 | resp_data.capFlags |= CAPFLAG_WINK; 457 | 458 | return softu2f_hid_msg_send(ctx, &resp); 459 | } 460 | 461 | // Send a PING response for a given request. 462 | bool softu2f_hid_msg_handle_ping(softu2f_ctx *ctx, softu2f_hid_message *req) { 463 | softu2f_hid_message resp; 464 | 465 | resp.cid = req->cid; 466 | resp.cmd = U2FHID_PING; 467 | resp.bcnt = req->bcnt; 468 | resp.data = req->data; 469 | 470 | return softu2f_hid_msg_send(ctx, &resp); 471 | } 472 | 473 | // Send a WINK response for a given request. 474 | bool softu2f_hid_msg_handle_wink(softu2f_ctx *ctx, softu2f_hid_message *req) { 475 | softu2f_hid_message resp; 476 | 477 | resp.cid = req->cid; 478 | resp.cmd = U2FHID_WINK; 479 | resp.bcnt = req->bcnt; 480 | resp.data = req->data; 481 | 482 | return softu2f_hid_msg_send(ctx, &resp); 483 | } 484 | 485 | // Send a SYNC response for a given request. 486 | bool softu2f_hid_msg_handle_sync(softu2f_ctx *ctx, softu2f_hid_message *req) { 487 | softu2f_hid_message resp; 488 | 489 | resp.cid = req->cid; 490 | resp.cmd = U2FHID_SYNC; 491 | resp.bcnt = req->bcnt; 492 | resp.data = req->data; 493 | 494 | return softu2f_hid_msg_send(ctx, &resp); 495 | } 496 | 497 | // Create a new message and add it to the list. 498 | softu2f_hid_message *softu2f_hid_msg_list_create(softu2f_ctx *ctx) { 499 | softu2f_hid_message *msg; 500 | softu2f_hid_message *last_msg = NULL; 501 | 502 | msg = softu2f_hid_msg_alloc(ctx); 503 | if (!msg) 504 | return NULL; 505 | 506 | // No messages in list. Start a new list. 507 | if (!ctx->msg_list) { 508 | ctx->msg_list = msg; 509 | return msg; 510 | } 511 | 512 | // Add new message to end of list. 513 | last_msg = ctx->msg_list; 514 | while (last_msg->next) { 515 | last_msg = last_msg->next; 516 | } 517 | last_msg->next = msg; 518 | 519 | return msg; 520 | } 521 | 522 | // Find a message with the given cid. 523 | softu2f_hid_message *softu2f_hid_msg_list_find(softu2f_ctx *ctx, uint32_t cid) { 524 | softu2f_hid_message *msg = ctx->msg_list; 525 | 526 | while (msg) { 527 | if (msg->cid == cid) 528 | break; 529 | 530 | msg = msg->next; 531 | } 532 | 533 | return msg; 534 | } 535 | 536 | // Get size of message list. 537 | unsigned int softu2f_hid_msg_list_count(softu2f_ctx *ctx) { 538 | softu2f_hid_message *msg = ctx->msg_list; 539 | unsigned int count = 0; 540 | 541 | while (msg) { 542 | count++; 543 | msg = msg->next; 544 | } 545 | 546 | return count; 547 | } 548 | 549 | // Remove a message from the list and free it. 550 | void softu2f_hid_msg_list_remove(softu2f_ctx *ctx, softu2f_hid_message *msg) { 551 | softu2f_hid_message *previous; 552 | 553 | // msg is first. 554 | if (msg == ctx->msg_list) { 555 | ctx->msg_list = msg->next; 556 | softu2f_hid_msg_free(msg); 557 | return; 558 | } 559 | 560 | // find previous msg. 561 | previous = ctx->msg_list; 562 | while (previous && previous->next != msg) { 563 | previous = previous->next; 564 | } 565 | 566 | // msg not in list. 567 | if (!previous) 568 | return; 569 | 570 | // Remove msg from list. 571 | previous->next = msg->next; 572 | softu2f_hid_msg_free(msg); 573 | } 574 | 575 | // Allocate memory for a new message. 576 | softu2f_hid_message *softu2f_hid_msg_alloc(softu2f_ctx *ctx) { 577 | softu2f_hid_message *msg; 578 | 579 | msg = (softu2f_hid_message *)calloc(1, sizeof(softu2f_hid_message)); 580 | 581 | if (!msg) { 582 | softu2f_log(ctx, "No memory for new message.\n"); 583 | return NULL; 584 | } 585 | 586 | // Make note of when message was created. 587 | gettimeofday(&msg->start, NULL); 588 | 589 | return msg; 590 | } 591 | 592 | // Check if the message has timed out. 593 | bool softu2f_hid_msg_is_timed_out(softu2f_ctx *ctx, softu2f_hid_message *msg) { 594 | struct timeval now, delta; 595 | gettimeofday(&now, NULL); 596 | 597 | timersub(&now, &msg->start, &delta); 598 | 599 | // Spec says 3 seconds (U2FHID_TRANS_TIMEOUT) 600 | // Conformance test expects 0.5 seconds though. 601 | return delta.tv_usec > 500000L; 602 | } 603 | 604 | // Check if we've read the whole message. 605 | bool softu2f_hid_msg_is_complete(softu2f_ctx *ctx, softu2f_hid_message *msg) { 606 | if (msg && msg->buf) { 607 | if (CFDataGetLength(msg->buf) == msg->bcnt) { 608 | return true; 609 | } 610 | } 611 | 612 | return false; 613 | } 614 | 615 | // Initialize the message's data with the contents of its read buffer. 616 | void softu2f_hid_msg_finalize(softu2f_ctx *ctx, softu2f_hid_message *msg) { 617 | msg->data = CFDataCreateCopy(NULL, msg->buf); 618 | CFRelease(msg->buf); 619 | msg->buf = NULL; 620 | } 621 | 622 | // Free a HID message and associated data. 623 | void softu2f_hid_msg_free(softu2f_hid_message *msg) { 624 | if (msg) { 625 | if (msg->data) 626 | CFRelease(msg->data); 627 | if (msg->buf) 628 | CFRelease(msg->buf); 629 | free(msg); 630 | } 631 | } 632 | 633 | // Log a message if logging is enabled. 634 | void softu2f_log(softu2f_ctx *ctx, char *fmt, ...) { 635 | if (ctx->debug) { 636 | va_list argp; 637 | va_start(argp, fmt); 638 | vfprintf(stderr, fmt, argp); 639 | va_end(argp); 640 | } 641 | } 642 | 643 | // Log a U2FHID_FRAME if logging is enabled. 644 | void softu2f_debug_frame(softu2f_ctx *ctx, U2FHID_FRAME *frame, bool recv) { 645 | uint8_t *data = NULL; 646 | uint16_t dlen = 0; 647 | 648 | if (recv) { 649 | softu2f_log(ctx, "Received frame:\n"); 650 | } else { 651 | softu2f_log(ctx, "Sending frame:\n"); 652 | } 653 | 654 | softu2f_log(ctx, "\tCID: 0x%08x\n", frame->cid); 655 | 656 | switch (FRAME_TYPE(*frame)) { 657 | case TYPE_INIT: 658 | softu2f_log(ctx, "\tTYPE: INIT\n"); 659 | softu2f_log(ctx, "\tCMD: 0x%02x\n", frame->init.cmd & ~TYPE_MASK); 660 | softu2f_log(ctx, "\tBCNTH: 0x%02x\n", frame->init.bcnth); 661 | softu2f_log(ctx, "\tBCNTL: 0x%02x\n", frame->init.bcntl); 662 | data = frame->init.data; 663 | dlen = HID_RPT_SIZE - 7; 664 | 665 | break; 666 | 667 | case TYPE_CONT: 668 | softu2f_log(ctx, "\tTYPE: CONT\n"); 669 | softu2f_log(ctx, "\tSEQ: 0x%02x\n", frame->cont.seq); 670 | data = frame->cont.data; 671 | dlen = HID_RPT_SIZE - 5; 672 | 673 | break; 674 | } 675 | 676 | softu2f_log(ctx, "\tDATA:"); 677 | for (int i = 0; i < dlen; i++) { 678 | softu2f_log(ctx, " %02x", data[i]); 679 | } 680 | 681 | softu2f_log(ctx, "\n\n"); 682 | } 683 | 684 | // Called by the kernel when setReport is called on our device. 685 | void softu2f_async_callback(void *refcon, IOReturn result, io_user_reference_t* args, uint32_t numArgs) { 686 | softu2f_ctx *ctx = NULL; 687 | U2FHID_FRAME *frame; 688 | 689 | if (!refcon || result != kIOReturnSuccess) { 690 | printf("Unexpected call to softu2f_async_callback.\n"); 691 | goto stop; 692 | } 693 | 694 | ctx = (softu2f_ctx *)refcon; 695 | 696 | if (numArgs * sizeof(io_user_reference_t) != sizeof(U2FHID_FRAME)) { 697 | softu2f_log(ctx, "Unexpected argument count in softu2f_async_callback.\n"); 698 | goto stop; 699 | } 700 | 701 | frame = (U2FHID_FRAME *)args; 702 | softu2f_debug_frame(ctx, frame, true); 703 | 704 | pthread_mutex_lock(&ctx->mutex); 705 | 706 | // Read frame into a HID message. 707 | softu2f_hid_frame_read(ctx, frame); 708 | 709 | // Handle any completed messages. 710 | softu2f_hid_handle_messages(ctx); 711 | 712 | pthread_mutex_unlock(&ctx->mutex); 713 | 714 | return; 715 | 716 | stop: 717 | if (ctx) 718 | softu2f_log(ctx, "Shutting down softu2f async run loop because of error.\n"); 719 | 720 | CFRunLoopStop(CFRunLoopGetCurrent()); 721 | } 722 | 723 | // Called periodically in our runloop. 724 | void softu2f_async_timer_callback(CFRunLoopTimerRef timer, void* info) { 725 | softu2f_ctx *ctx = (softu2f_ctx *)info; 726 | 727 | if (!ctx) 728 | goto stop; 729 | 730 | pthread_mutex_lock(&ctx->mutex); 731 | 732 | // Handle any completed messages (checking for timeouts). 733 | softu2f_hid_handle_messages(ctx); 734 | 735 | pthread_mutex_unlock(&ctx->mutex); 736 | 737 | return; 738 | 739 | stop: 740 | if (ctx) 741 | softu2f_log(ctx, "Shutting down softu2f async run loop because of error.\n"); 742 | 743 | CFRunLoopStop(CFRunLoopGetCurrent()); 744 | } 745 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/softu2f.h: -------------------------------------------------------------------------------- 1 | // 2 | // libsoftu2f.h 3 | // SoftU2F 4 | // 5 | // Created by Benjamin P Toews on 1/12/17. 6 | // 7 | 8 | #ifndef SoftU2FClientInterface_h 9 | #define SoftU2FClientInterface_h 10 | 11 | #include 12 | 13 | typedef struct softu2f_ctx softu2f_ctx; 14 | typedef struct softu2f_hid_message softu2f_hid_message; 15 | 16 | // Handler function for HID message. 17 | typedef bool (*softu2f_hid_message_handler)(softu2f_ctx *ctx, softu2f_hid_message *req); 18 | 19 | // U2FHID message. 20 | struct softu2f_hid_message { 21 | uint8_t cmd; 22 | uint16_t bcnt; 23 | uint32_t cid; 24 | CFDataRef data; 25 | CFMutableDataRef buf; 26 | uint8_t lastSeq; 27 | struct timeval start; 28 | softu2f_hid_message *next; 29 | }; 30 | 31 | typedef enum softu2f_init_flags { 32 | SOFTU2F_DEBUG = 1 << 0 33 | } softu2f_init_flags; 34 | 35 | // Initialization 36 | softu2f_ctx *softu2f_init(softu2f_init_flags flags); 37 | 38 | // Deinitialization 39 | void softu2f_deinit(softu2f_ctx *ctx); 40 | 41 | // Read HID messages from the device. 42 | void softu2f_run(softu2f_ctx *ctx); 43 | 44 | // Shutdown the run loop. 45 | void softu2f_shutdown(softu2f_ctx *ctx); 46 | 47 | // Send a HID message to the device. 48 | bool softu2f_hid_msg_send(softu2f_ctx *ctx, softu2f_hid_message *msg); 49 | 50 | // Send a HID error to the device. 51 | bool softu2f_hid_err_send(softu2f_ctx *ctx, uint32_t cid, uint8_t code); 52 | 53 | // Register a handler for a message type. 54 | void softu2f_hid_msg_handler_register(softu2f_ctx *ctx, uint8_t type, softu2f_hid_message_handler handler); 55 | 56 | // Find a message handler for a message. 57 | softu2f_hid_message_handler softu2f_hid_msg_handler_default(softu2f_ctx *ctx, softu2f_hid_message *msg); 58 | 59 | #endif /* SoftU2FClientInterface_h */ 60 | -------------------------------------------------------------------------------- /ThirdParty/SoftU2FDriverLib/u2f_hid.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright FIDO Alliance, 2017 3 | * 4 | * Licensed under CC-BY: 5 | * https://creativecommons.org/licenses/by/4.0/legalcode 6 | * 7 | * Editor: Jakob Ehrensvard, Yubico, jakob@yubico.com 8 | */ 9 | 10 | #ifndef __U2FHID_H_INCLUDED__ 11 | #define __U2FHID_H_INCLUDED__ 12 | 13 | #ifdef _MSC_VER // Windows 14 | typedef unsigned char uint8_t; 15 | typedef unsigned short uint16_t; 16 | typedef unsigned int uint32_t; 17 | typedef unsigned long int uint64_t; 18 | #else 19 | #include 20 | #endif 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | // Size of HID reports 27 | 28 | #define HID_RPT_SIZE 64 // Default size of raw HID report 29 | 30 | // Frame layout - command- and continuation frames 31 | 32 | #define CID_BROADCAST 0xffffffff // Broadcast channel id 33 | 34 | #define TYPE_MASK 0x80 // Frame type mask 35 | #define TYPE_INIT 0x80 // Initial frame identifier 36 | #define TYPE_CONT 0x00 // Continuation frame identifier 37 | 38 | typedef struct __attribute__((packed)) { 39 | uint32_t cid; // Channel identifier 40 | union __attribute__((packed)) { 41 | uint8_t type; // Frame type - b7 defines type 42 | struct __attribute__((packed)) { 43 | uint8_t cmd; // Command - b7 set 44 | uint8_t bcnth; // Message byte count - high part 45 | uint8_t bcntl; // Message byte count - low part 46 | uint8_t data[HID_RPT_SIZE - 7]; // Data payload 47 | } init; 48 | struct __attribute__((packed)) { 49 | uint8_t seq; // Sequence number - b7 cleared 50 | uint8_t data[HID_RPT_SIZE - 5]; // Data payload 51 | } cont; 52 | }; 53 | } U2FHID_FRAME; 54 | 55 | #define FRAME_TYPE(f) ((f).type & TYPE_MASK) 56 | #define FRAME_CMD(f) ((f).init.cmd & ~TYPE_MASK) 57 | #define MSG_LEN(f) ((f).init.bcnth*256 + (f).init.bcntl) 58 | #define FRAME_SEQ(f) ((f).cont.seq & ~TYPE_MASK) 59 | 60 | // HID usage- and usage-page definitions 61 | 62 | #define FIDO_USAGE_PAGE 0xf1d0 // FIDO alliance HID usage page 63 | #define FIDO_USAGE_U2FHID 0x01 // U2FHID usage for top-level collection 64 | #define FIDO_USAGE_DATA_IN 0x20 // Raw IN data report 65 | #define FIDO_USAGE_DATA_OUT 0x21 // Raw OUT data report 66 | 67 | // General constants 68 | 69 | #define U2FHID_IF_VERSION 2 // Current interface implementation version 70 | #define U2FHID_TRANS_TIMEOUT 3000 // Default message timeout in ms 71 | 72 | // U2FHID native commands 73 | 74 | #define U2FHID_PING (TYPE_INIT | 0x01) // Echo data through local processor only 75 | #define U2FHID_MSG (TYPE_INIT | 0x03) // Send U2F message frame 76 | #define U2FHID_LOCK (TYPE_INIT | 0x04) // Send lock channel command 77 | #define U2FHID_INIT (TYPE_INIT | 0x06) // Channel initialization 78 | #define U2FHID_WINK (TYPE_INIT | 0x08) // Send device identification wink 79 | #define U2FHID_SYNC (TYPE_INIT | 0x3c) // Protocol resync command 80 | #define U2FHID_ERROR (TYPE_INIT | 0x3f) // Error response 81 | 82 | #define U2FHID_VENDOR_FIRST (TYPE_INIT | 0x40) // First vendor defined command 83 | #define U2FHID_VENDOR_LAST (TYPE_INIT | 0x7f) // Last vendor defined command 84 | 85 | // U2FHID_INIT command defines 86 | 87 | #define INIT_NONCE_SIZE 8 // Size of channel initialization challenge 88 | #define CAPFLAG_WINK 0x01 // Device supports WINK command 89 | #define CAPFLAG_LOCK 0x02 // Device supports LOCK command 90 | 91 | typedef struct __attribute__((packed)) { 92 | uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce 93 | } U2FHID_INIT_REQ; 94 | 95 | typedef struct __attribute__((packed)) { 96 | uint8_t nonce[INIT_NONCE_SIZE]; // Client application nonce 97 | uint32_t cid; // Channel identifier 98 | uint8_t versionInterface; // Interface version 99 | uint8_t versionMajor; // Major version number 100 | uint8_t versionMinor; // Minor version number 101 | uint8_t versionBuild; // Build version number 102 | uint8_t capFlags; // Capabilities flags 103 | } U2FHID_INIT_RESP; 104 | 105 | // U2FHID_SYNC command defines 106 | 107 | typedef struct __attribute__((packed)) { 108 | uint8_t nonce; // Client application nonce 109 | } U2FHID_SYNC_REQ; 110 | 111 | typedef struct __attribute__((packed)) { 112 | uint8_t nonce; // Client application nonce 113 | } U2FHID_SYNC_RESP; 114 | 115 | // Low-level error codes. Return as negatives. 116 | 117 | #define ERR_NONE 0x00 // No error 118 | #define ERR_INVALID_CMD 0x01 // Invalid command 119 | #define ERR_INVALID_PAR 0x02 // Invalid parameter 120 | #define ERR_INVALID_LEN 0x03 // Invalid message length 121 | #define ERR_INVALID_SEQ 0x04 // Invalid message sequencing 122 | #define ERR_MSG_TIMEOUT 0x05 // Message has timed out 123 | #define ERR_CHANNEL_BUSY 0x06 // Channel busy 124 | #define ERR_LOCK_REQUIRED 0x0a // Command requires channel lock 125 | #define ERR_INVALID_CID 0x0b // Message on CID 0 126 | #define ERR_OTHER 0x7f // Other unspecified error 127 | 128 | #ifdef __cplusplus 129 | } 130 | #endif 131 | 132 | #endif // __U2FHID_H_INCLUDED__ 133 | --------------------------------------------------------------------------------