communication, but a stack overflow

seos_native_peripheral.c

@@ -2,6 +2,12 @@
 
 #define TAG "SeosNativePeripheral"
 
+static uint8_t standard_seos_aid[] = {0xa0, 0x00, 0x00, 0x04, 0x40, 0x00, 0x01, 0x01, 0x00, 0x01};
+static uint8_t cd02[] = {0xcd, 0x02};
+static uint8_t general_authenticate_1[] =
+    {0x00, 0x87, 0x00, 0x01, 0x04, 0x7c, 0x02, 0x81, 0x00, 0x00};
+static uint8_t ga1_response[] = {0x7c, 0x0a, 0x81, 0x08};
+
 static void seos_ble_connection_status_callback(BtStatus status, void* context) {
     furi_assert(context);
     SeosNativePeripheral* seos_native_peripheral = context;
@@ -9,17 +15,158 @@ static void seos_ble_connection_status_callback(BtStatus status, void* context)
     if(status == BtStatusConnected) {
         view_dispatcher_send_custom_event(
             seos_native_peripheral->seos->view_dispatcher, SeosCustomEventConnected);
-    } else if (status == BtStatusAdvertising) {
+    } else if(status == BtStatusAdvertising) {
         view_dispatcher_send_custom_event(
             seos_native_peripheral->seos->view_dispatcher, SeosCustomEventAdvertising);
     }
 }
 
 static uint16_t seos_svc_callback(SeosServiceEvent event, void* context) {
-    FURI_LOG_D(TAG, "seos_svc_callback");
     SeosNativePeripheral* seos_native_peripheral = context;
     UNUSED(seos_native_peripheral);
-    UNUSED(event);
+    BitBuffer* response = bit_buffer_alloc(128); // TODO: MTU
+
+    if(event.event == SeosServiceEventTypeDataReceived) {
+        uint8_t* data = event.data.buffer;
+        uint8_t* rx_data = data + 1; // Match name to nfc version for easier copying
+        seos_log_buffer(TAG, "seos_svc_callback", data, event.data.size);
+
+        if(data[0] != BLE_START && data[0] != 0xe1) {
+            FURI_LOG_W(TAG, "Unexpected start of BLE packet");
+        }
+
+        if(memcmp(data + 5, standard_seos_aid, sizeof(standard_seos_aid)) ==
+           0) { // response to select
+            FURI_LOG_I(TAG, "Select ADF");
+            uint8_t select_adf_header[] = {
+                0x80,
+                0xa5,
+                0x04,
+                0x00,
+                (uint8_t)SEOS_ADF_OID_LEN + 2,
+                0x06,
+                (uint8_t)SEOS_ADF_OID_LEN};
+
+            bit_buffer_append_bytes(response, select_adf_header, sizeof(select_adf_header));
+            bit_buffer_append_bytes(response, SEOS_ADF_OID, SEOS_ADF_OID_LEN);
+            seos_native_peripheral->phase = SELECT_ADF;
+
+        } else if(memcmp(data + 1, cd02, sizeof(cd02)) == 0) {
+            BitBuffer* attribute_value = bit_buffer_alloc(event.data.size);
+            bit_buffer_append_bytes(attribute_value, event.data.buffer, event.data.size);
+            if(seos_reader_select_adf_response(
+                   attribute_value,
+                   1,
+                   seos_native_peripheral->credential,
+                   &seos_native_peripheral->params)) {
+                // Craft response
+                general_authenticate_1[3] = seos_native_peripheral->params.key_no;
+                bit_buffer_append_bytes(
+                    response, general_authenticate_1, sizeof(general_authenticate_1));
+                seos_native_peripheral->phase = GENERAL_AUTHENTICATION_1;
+            }
+            bit_buffer_free(attribute_value);
+        } else if(memcmp(data + 1, ga1_response, sizeof(ga1_response)) == 0) {
+            memcpy(seos_native_peripheral->params.rndICC, data + 5, 8);
+
+            // Craft response
+            uint8_t cryptogram[32 + 8];
+            memset(cryptogram, 0, sizeof(cryptogram));
+            seos_reader_generate_cryptogram(
+                seos_native_peripheral->credential, &seos_native_peripheral->params, cryptogram);
+
+            uint8_t ga_header[] = {
+                0x00,
+                0x87,
+                0x00,
+                seos_native_peripheral->params.key_no,
+                sizeof(cryptogram) + 4,
+                0x7c,
+                sizeof(cryptogram) + 2,
+                0x82,
+                sizeof(cryptogram)};
+
+            bit_buffer_append_bytes(response, ga_header, sizeof(ga_header));
+            bit_buffer_append_bytes(response, cryptogram, sizeof(cryptogram));
+
+            seos_native_peripheral->phase = GENERAL_AUTHENTICATION_2;
+        } else if(rx_data[0] == 0x7C && rx_data[2] == 0x82) { // ga2 response
+            if(rx_data[3] == 40) {
+                if(!seos_reader_verify_cryptogram(&seos_native_peripheral->params, rx_data + 4)) {
+                    FURI_LOG_W(TAG, "Card cryptogram failed verification");
+                    return 0;
+                }
+                FURI_LOG_I(TAG, "Authenticated");
+                view_dispatcher_send_custom_event(
+                    seos_native_peripheral->seos->view_dispatcher, SeosCustomEventAuthenticated);
+            } else {
+                FURI_LOG_W(TAG, "Unhandled card cryptogram size %d", rx_data[3]);
+            }
+
+            seos_native_peripheral->secure_messaging =
+                secure_messaging_alloc(&seos_native_peripheral->params);
+
+            SecureMessaging* secure_messaging = seos_native_peripheral->secure_messaging;
+
+            uint8_t message[] = {0x5c, 0x02, 0xff, 0x00};
+            secure_messaging_wrap_apdu(secure_messaging, message, sizeof(message), response);
+            seos_native_peripheral->phase = REQUEST_SIO;
+            view_dispatcher_send_custom_event(
+                seos_native_peripheral->seos->view_dispatcher, SeosCustomEventSIORequested);
+        } else if(seos_native_peripheral->phase == REQUEST_SIO) {
+            SecureMessaging* secure_messaging = seos_native_peripheral->secure_messaging;
+
+            BitBuffer* rx_buffer = bit_buffer_alloc(event.data.size - 1);
+            bit_buffer_append_bytes(rx_buffer, rx_data, event.data.size - 1);
+            seos_log_bitbuffer(TAG, "BLE response(wrapped)", rx_buffer);
+            secure_messaging_unwrap_rapdu(secure_messaging, rx_buffer);
+            seos_log_bitbuffer(TAG, "BLE response(clear)", rx_buffer);
+
+            // Skip fileId
+            seos_native_peripheral->credential->sio_len = bit_buffer_get_byte(rx_buffer, 2);
+            if(seos_native_peripheral->credential->sio_len >
+               sizeof(seos_native_peripheral->credential->sio)) {
+                FURI_LOG_W(TAG, "SIO too long to save");
+                return 0;
+            }
+            memcpy(
+                seos_native_peripheral->credential->sio,
+                bit_buffer_get_data(rx_buffer) + 3,
+                seos_native_peripheral->credential->sio_len);
+            FURI_LOG_I(TAG, "SIO Captured, %d bytes", seos_native_peripheral->credential->sio_len);
+
+            Seos* seos = seos_native_peripheral->seos;
+            view_dispatcher_send_custom_event(seos->view_dispatcher, SeosCustomEventReaderSuccess);
+            bit_buffer_free(rx_buffer);
+
+            seos_native_peripheral->phase = SELECT_AID;
+
+        } else if(data[0] == 0xe1) {
+            //ignore
+        } else {
+            FURI_LOG_W(TAG, "No match for write request");
+        }
+
+    } else {
+        FURI_LOG_D(TAG, "seos_svc_callback: Unhandled event");
+    }
+
+    if(bit_buffer_get_size_bytes(response) > 0) {
+        BitBuffer* tx = bit_buffer_alloc(1 + 2 + 1 + bit_buffer_get_size_bytes(response));
+
+        bit_buffer_append_byte(tx, BLE_START);
+        bit_buffer_append_bytes(
+            tx, bit_buffer_get_data(response), bit_buffer_get_size_bytes(response));
+        ble_profile_seos_tx(
+            seos_native_peripheral->ble_profile,
+            (uint8_t*)bit_buffer_get_data(tx),
+            bit_buffer_get_size_bytes(tx));
+        bit_buffer_free(tx);
+    }
+
+    bit_buffer_free(response);
+
+    // NOTE: I'm not sure if I'm supposed to use ble_gatt_characteristic_update via ble_profile_seos_tx, or if I should be setting the seos_native_peripheral->event_buffer and returning a length.
     return 0;
 }
 
@@ -28,8 +175,18 @@ SeosNativePeripheral* seos_native_peripheral_alloc(Seos* seos) {
     memset(seos_native_peripheral, 0, sizeof(SeosNativePeripheral));
 
     seos_native_peripheral->seos = seos;
+    seos_native_peripheral->credential = &seos->credential;
     seos_native_peripheral->bt = furi_record_open(RECORD_BT);
 
+    seos_native_peripheral->phase = SELECT_AID;
+    seos_native_peripheral->secure_messaging = NULL;
+    seos_native_peripheral->params.key_no = 1;
+    memset(
+        seos_native_peripheral->params.cNonce,
+        0x0c,
+        sizeof(seos_native_peripheral->params.cNonce));
+    memset(seos_native_peripheral->params.UID, 0x0d, sizeof(seos_native_peripheral->params.UID));
+
     return seos_native_peripheral;
 }
 
@@ -53,7 +210,10 @@ void seos_native_peripheral_start(SeosNativePeripheral* seos_native_peripheral,
     bt_set_status_changed_callback(
         seos_native_peripheral->bt, seos_ble_connection_status_callback, seos_native_peripheral);
     ble_profile_seos_set_event_callback(
-        seos_native_peripheral->ble_profile, 32, seos_svc_callback, seos_native_peripheral);
+        seos_native_peripheral->ble_profile,
+        sizeof(seos_native_peripheral->event_buffer),
+        seos_svc_callback,
+        seos_native_peripheral);
     furi_hal_bt_start_advertising();
     view_dispatcher_send_custom_event(
         seos_native_peripheral->seos->view_dispatcher, SeosCustomEventAdvertising);

seos_native_peripheral.h

@@ -1,6 +1,7 @@
 #pragma once
 
 #include <bt/bt_service/bt.h>
+#include "seos_common.h"
 #include "seos_profile.h"
 
 typedef struct {
@@ -8,6 +9,14 @@ typedef struct {
 
     Bt* bt;
     FuriHalBleProfileBase* ble_profile;
+
+    uint8_t event_buffer[128];
+
+    SeosPhase phase;
+    AuthParameters params;
+    SecureMessaging* secure_messaging;
+    SeosCredential* credential;
+
 } SeosNativePeripheral;
 
 SeosNativePeripheral* seos_native_peripheral_alloc(Seos* seos);

seos_service.c

@@ -1,6 +1,5 @@
 #include "seos_service.h"
 #include "app_common.h"
-//#include <ble/ble.h>
 #include <furi_ble/event_dispatcher.h>
 #include <furi_ble/gatt.h>
 
@@ -242,12 +241,16 @@ void ble_svc_seos_stop(BleServiceSeos* seos_svc) {
 
 bool ble_svc_seos_update_tx(BleServiceSeos* seos_svc, uint8_t* data, uint16_t data_len) {
     FURI_LOG_D(TAG, "ble_svc_seos_update_tx");
-    UNUSED(seos_svc);
-    UNUSED(data);
     if(data_len > BLE_SVC_SEOS_DATA_LEN_MAX) {
         return false;
     }
 
+    SeosSvcDataWrapper report_data = {.data_ptr = data, .data_len = data_len};
+
+    ble_gatt_characteristic_update(
+        seos_svc->svc_handle, &seos_svc->chars[SeosSvcGattCharacteristicRxTx], &report_data);
+    /*
+
     for(uint16_t remained = data_len; remained > 0;) {
         uint8_t value_len = MIN(BLE_SVC_SEOS_CHAR_VALUE_LEN_MAX, remained);
         uint16_t value_offset = data_len - remained;
@@ -268,6 +271,7 @@ bool ble_svc_seos_update_tx(BleServiceSeos* seos_svc, uint8_t* data, uint16_t da
             return false;
         }
     }
+    */
 
     return true;
 }