Fix FIDO2 CBOR response, BLE exchange filter, temperature display

- Revert getInfo to 9 map entries (remove 0x0A algorithms) - fixes FIDO2
- Filter BLE scan results to only show CDC Badge devices with vCard UUID
- Add proper APP_STATE_VCARD_EXCHANGE with info screen
- Disable exchange mode on exit with N key
- Display temperature as integer on lock screen
- Update FIDO2 slot limits documentation (0-28, slot 29 reserved for GPG)

Author: krim404

README.md

@@ -25,12 +25,11 @@ Hardware security key firmware for the CDC Badge v1.0 featuring TROPIC01 secure
 | **WiFi + NTP** | Time synchronization over WiFi |
 | **E-Paper Display** | 2.9" low-power display with backlight |
 | **12-Button Keypad** | Phone-style T9 input |
-| **Multi-Language** | English and German UI |
-| **Error Log** | Captures WARNING/ERROR messages (max 50 entries) |
+| **Multi-Language** | English and German UI (expandable, translaters welcome) |
 
 > **Note:** WiFi and Bluetooth are currently **mutually exclusive** (enable one at a time).
 
-> **Warning:** WiFi is currently unstable and crashes easily. Need hardware to debug (help wanted).
+> **Warning:** WiFi is currently unstable and crashes easily. Need different hardware to debug (help wanted).
 
 ### Bluetooth Serial (BLE UART)
 
@@ -45,7 +44,7 @@ https://play.google.com/store/apps/details?id=de.kai_morich.serial_bluetooth_ter
 ### BLE vCard (Badge2Badge)
 
 What it does:
-- Broadcasts a short mini-card (name + slogan) via BLE advertising
+- Broadcasts a short mini-card (name + short info) via BLE advertising
 - Exchanges full vCard 4.0 **badge-to-badge only** (custom GATT)
 - Shows a QR code for interoperability with phones/computers (no app required)
 - Stores up to 100 received vCards in NVS (max 768 bytes each), sorted by last name
@@ -55,16 +54,14 @@ See [BLE vCard Protocol](docs/ble_vcard_protocol.md) for technical details.
 Notes:
 - BLE UART is disabled while the vCard feature is active
 - BLE and WiFi are mutually exclusive
-- **Exchange is currently untested**: Only one badge available for testing
+- **Exchange is currently untested** (Only one badge available for testing)
 
 ### Secure Serial
 
 Serial commands require PIN authentication when `FEATURE_SECURE_SERIAL` is enabled.
 
 - Use `AUTH <pin>` to authenticate
 - Use `LOGOUT` to end session
-- Anti-bruteforce: 3 attempts, then 5 minute lockout
-- Works on both USB and BLE serial
 
 ### GPG Key Management (v0.5 - Untested)
 

components/ble_badge/ble_badge.cpp

@@ -78,6 +78,7 @@ static bool g_gatts_connected = false;
 static uint16_t g_gatts_conn_id = 0;
 static uint16_t g_gatts_mtu_payload = BLE_BADGE_TX_PAYLOAD_DEFAULT;
 static esp_bd_addr_t g_gatts_bda = {0};
+static esp_bd_addr_t g_own_bda = {0};  // Own BLE address to filter self from scan
 
 static bool g_pairing_pending = false;
 static bool g_pairing_passkey_req = false;
@@ -571,6 +572,17 @@ static void handle_scan_result(const esp_ble_gap_cb_param_t *param) {
     auto *scan = &param->scan_rst;
     if (scan->rssi < g_rssi_threshold) return;
 
+    // Filter out own device from scan results
+    // Also filter if own_bda is all zeros (not yet initialized)
+    bool own_bda_valid = false;
+    for (int i = 0; i < 6; i++) {
+        if (g_own_bda[i] != 0) { own_bda_valid = true; break; }
+    }
+    if (own_bda_valid && memcmp(scan->bda, g_own_bda, sizeof(esp_bd_addr_t)) == 0) {
+        LOG_D(BLE_BADGE_TAG, "Filtered self from scan");
+        return;
+    }
+
     uint8_t name_len = 0;
     uint8_t *name = esp_ble_resolve_adv_data((uint8_t *)scan->ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &name_len);
     char name_buf[BLE_BADGE_NAME_MAX] = {0};
@@ -603,7 +615,11 @@ static void handle_scan_result(const esp_ble_gap_cb_param_t *param) {
                                                        vcard_service_uuid);
     g_peers_last_seen[idx] = millis();
 
-    if (!g_pending_nearby_set && blacklist_allows(scan->bda)) {
+    // Only trigger nearby alert for CDC Badge devices (with vCard service UUID)
+    if (!g_pending_nearby_set && g_peers[idx].exchange_ready && blacklist_allows(scan->bda)) {
+        LOG_I(BLE_BADGE_TAG, "Nearby CDC Badge: %s BDA=%02X:%02X:%02X:%02X:%02X:%02X RSSI=%d",
+              name_buf, scan->bda[0], scan->bda[1], scan->bda[2],
+              scan->bda[3], scan->bda[4], scan->bda[5], scan->rssi);
         g_pending_nearby = g_peers[idx];
         g_pending_nearby_set = true;
     }
@@ -1093,6 +1109,15 @@ bool ble_badge_init(void) {
 
     esp_ble_gatt_set_local_mtu(185);
 
+    // Get own BLE address to filter self from scan results
+    const uint8_t *own_addr = esp_bt_dev_get_address();
+    if (own_addr) {
+        memcpy(g_own_bda, own_addr, sizeof(esp_bd_addr_t));
+        LOG_I(BLE_BADGE_TAG, "Own BDA: %02X:%02X:%02X:%02X:%02X:%02X",
+              g_own_bda[0], g_own_bda[1], g_own_bda[2],
+              g_own_bda[3], g_own_bda[4], g_own_bda[5]);
+    }
+
     esp_ble_gap_set_scan_params(&scan_params);
     g_initialized = true;
     update_adv_data();

components/cdc_badge/feature_flags.h

@@ -84,7 +84,7 @@
 #define FEATURE_CA 1  // Certificate Authority
 #endif
 
-// PKCS#11 requires wolfPKCS11 evaluation - disabled until proven viable
+// PKCS#11 also on GPG - planned
 #ifndef FEATURE_CA_PKCS11
 #define FEATURE_CA_PKCS11 0
 #endif
@@ -102,7 +102,7 @@
 // GPG over USB CCID (SmartCard interface)
 // Requires FEATURE_GPG and FEATURE_USB
 #ifndef FEATURE_GPG_CCID
-#define FEATURE_GPG_CCID 0  // USB CCID SmartCard interface (disabled by default)
+#define FEATURE_GPG_CCID 0  // USB CCID SmartCard interface, not yet implemented
 #endif
 
 #if FEATURE_GPG_CCID && !FEATURE_GPG

components/cdc_badge/i18n.cpp

@@ -209,6 +209,7 @@ static const char* strings_en[] = {
     "TX Power",                     // STR_TX_POWER
     "Receive",                      // STR_VCARD_RECEIVE
     "Exchange",                     // STR_VCARD_EXCHANGE
+    "Scanning...\n[N] Back",        // STR_VCARD_EXCHANGE_MSG
     "Send",                         // STR_VCARD_SEND
     "Show QR",                      // STR_VCARD_SHOW_QR
     "Nearby: %s",                   // STR_VCARD_NEARBY
@@ -449,6 +450,7 @@ static const char* strings_de[] = {
     "Sendeleistung",                // STR_TX_POWER
     "Empfangen",                    // STR_VCARD_RECEIVE
     "Austausch",                    // STR_VCARD_EXCHANGE
+    "Suche...\n[N] Zurueck",        // STR_VCARD_EXCHANGE_MSG
     "Senden",                       // STR_VCARD_SEND
     "QR anzeigen",                  // STR_VCARD_SHOW_QR
     "In der Naehe: %s",             // STR_VCARD_NEARBY

components/cdc_badge/i18n.h

@@ -175,6 +175,7 @@ typedef enum {
     STR_TX_POWER,           // "TX Power"
     STR_VCARD_RECEIVE,      // "Receive"
     STR_VCARD_EXCHANGE,     // "Exchange"
+    STR_VCARD_EXCHANGE_MSG, // "Scanning for badges..."
     STR_VCARD_SEND,         // "Send"
     STR_VCARD_SHOW_QR,      // "Show QR"
     STR_VCARD_NEARBY,       // "Nearby: %s"

components/fido2/ctap2.cpp

@@ -375,8 +375,8 @@ uint8_t ctap2_get_info(uint8_t *response, uint16_t *response_len) {
     cbor_writer_t w;
     cbor_writer_init(&w, response + 1, *response_len - 1);
 
-    // Response is a map (10 items for FIDO 2.1 compliance with algorithms)
-    cbor_encode_map(&w, 10);
+    // Response is a map (9 items for FIDO 2.0 compliance)
+    cbor_encode_map(&w, 9);
 
     // 0x01: versions (FIDO_2_0, U2F_V2)
     cbor_encode_uint(&w, 0x01);
@@ -431,22 +431,6 @@ uint8_t ctap2_get_info(uint8_t *response, uint16_t *response_len) {
     cbor_encode_array(&w, 1);
     cbor_encode_text(&w, INFO_TRANSPORTS[0]);
 
-    // 0x0A: algorithms (FIDO 2.1) - supported public key credential algorithms
-    cbor_encode_uint(&w, 0x0A);
-    cbor_encode_array(&w, 2);
-    // ES256 (P-256/ECDSA)
-    cbor_encode_map(&w, 2);
-    cbor_encode_text(&w, "type");
-    cbor_encode_text(&w, "public-key");
-    cbor_encode_text(&w, "alg");
-    cbor_encode_int(&w, COSE_ALG_ES256);
-    // EdDSA (Ed25519)
-    cbor_encode_map(&w, 2);
-    cbor_encode_text(&w, "type");
-    cbor_encode_text(&w, "public-key");
-    cbor_encode_text(&w, "alg");
-    cbor_encode_int(&w, COSE_ALG_EDDSA);
-
     if (cbor_writer_error(&w)) {
         response[0] = CTAP2_ERR_OTHER;
         *response_len = 1;
@@ -789,11 +773,14 @@ uint8_t ctap2_make_credential(const uint8_t *params, uint16_t params_len,
         return CTAP2_ERR_OPERATION_DENIED;
     }
 
+    LOG_I("CTAP2", "User presence OK, creating credential (curve=%d)...", curve);
+
     // Create credential
     uint8_t slot;
     uint8_t cred_id[FIDO2_CRED_ID_LEN];
     uint8_t pubkey[64];  // P-256: X||Y, Ed25519: 32 bytes (only first half used)
 
+    LOG_I("CTAP2", "Calling fido2_storage_create_credential...");
     if (!fido2_storage_create_credential(
             rp_id, rp_id_hash, user_id, user_id_len, user_name,
             rk, cred_protect, curve, &slot, cred_id, pubkey)) {

components/fido2/fido2_storage.h

@@ -16,14 +16,14 @@ extern "C" {
 // ============================================================================
 // Storage Layout
 // ============================================================================
-// ECC Slots 0-29:    Private keys (P-256 or Ed25519 for WebAuthn/SSH)
-// R-Memory 0-29:     Credential metadata (rp_id, user_id, sign_count, curve, etc.)
+// ECC Slots 0-28:    Private keys (P-256 or Ed25519 for WebAuthn/SSH)
+// R-Memory 0-28:     Credential metadata (rp_id, user_id, sign_count, curve, etc.)
 // NVS "fido2":       Global auth counter, PIN hash
 
 #define FIDO2_ECC_SLOT_BASE     0
-#define FIDO2_ECC_SLOT_MAX      29
+#define FIDO2_ECC_SLOT_MAX      28
 #define FIDO2_RMEM_SLOT_BASE    0
-#define FIDO2_RMEM_SLOT_MAX     29
+#define FIDO2_RMEM_SLOT_MAX     28
 
 // ============================================================================
 // Initialization
@@ -74,7 +74,7 @@ bool fido2_storage_create_credential(
 /**
  * Get curve type for a credential.
  *
- * @param slot ECC slot index (0-29)
+ * @param slot ECC slot index (0-28)
  * @return CDC_CURVE_P256 or CDC_CURVE_ED25519, or 0xFF on error
  */
 uint8_t fido2_storage_get_curve(uint8_t slot);

main/app_input.cpp

@@ -2260,11 +2260,11 @@ void handle_key(char key) {
                         }
 #endif
                         ble_badge_init();
-                        ble_badge_set_exchange_enabled(!ble_badge_is_exchange_enabled());
-                        if (ble_badge_is_exchange_enabled()) {
-                            view_toast_show(i18n_str(STR_VCARD_EXCHANGE), 1000);
-                        }
-                        render_current_state(true);
+                        ble_badge_set_exchange_enabled(true);
+                        view_info_screen_init(&g_info_view, i18n_str(STR_VCARD_EXCHANGE),
+                                              i18n_str(STR_VCARD_EXCHANGE_MSG));
+                        g_app_state = APP_STATE_VCARD_EXCHANGE;
+                        render_current_state(false);
                         break;
                     case VCARD_SUB_IDX_LIST:
                         vcard_refresh_list();
@@ -2283,9 +2283,10 @@ void handle_key(char key) {
             }
             break;
 
-        // Exchange mode - currently just a placeholder
+        // Exchange mode - scanning for other badges and advertising own vCard
         case APP_STATE_VCARD_EXCHANGE:
             if (key == 'N') {
+                ble_badge_set_exchange_enabled(false);
                 go_to_vcard_submenu();
             }
             break;

main/app_render.cpp

@@ -72,7 +72,7 @@ void update_lock_screen_data(void) {
     } else {
         strncpy(g_lock_screen.clock, "--:--", sizeof(g_lock_screen.clock));
         if (temp_ok) {
-            snprintf(g_lock_screen.date, sizeof(g_lock_screen.date), "%.1fC", (double)temp_c);
+            snprintf(g_lock_screen.date, sizeof(g_lock_screen.date), "%dC", (int)temp_c);
         } else {
             g_lock_screen.date[0] = '\0';
         }

sdkconfig.cdc_badge_usb

@@ -1597,8 +1597,8 @@ CONFIG_ESP_WIFI_TX_BA_WIN=6
 CONFIG_ESP_WIFI_AMPDU_RX_ENABLED=y
 CONFIG_ESP_WIFI_RX_BA_WIN=6
 CONFIG_ESP_WIFI_NVS_ENABLED=y
-CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_0=y
-# CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_1 is not set
+# CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_0 is not set
+CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_1=y
 CONFIG_ESP_WIFI_SOFTAP_BEACON_MAX_LEN=752
 CONFIG_ESP_WIFI_MGMT_SBUF_NUM=32
 CONFIG_ESP_WIFI_IRAM_OPT=y
@@ -2633,8 +2633,8 @@ CONFIG_ESP32_WIFI_TX_BA_WIN=6
 CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y
 CONFIG_ESP32_WIFI_RX_BA_WIN=6
 CONFIG_ESP32_WIFI_NVS_ENABLED=y
-CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_0=y
-# CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_1 is not set
+# CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_0 is not set
+CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_1=y
 CONFIG_ESP32_WIFI_SOFTAP_BEACON_MAX_LEN=752
 CONFIG_ESP32_WIFI_MGMT_SBUF_NUM=32
 CONFIG_ESP32_WIFI_IRAM_OPT=y