From 363ad1c9e2aa4d6ea16e9182f2d12486c4f1eabd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 24 Dec 2022 01:38:38 +0100 Subject: [PATCH] No need to call distinguished functions on core0/core1. Signed-off-by: Pol Henarejos --- src/fido/cbor_reset.c | 2 +- src/fido/fido.c | 28 ++++++++++++---------------- src/fido/fido.h | 4 ++-- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/src/fido/cbor_reset.c b/src/fido/cbor_reset.c index ca14b87..8835ada 100644 --- a/src/fido/cbor_reset.c +++ b/src/fido/cbor_reset.c @@ -33,6 +33,6 @@ int cbor_reset() { if (wait_button_pressed() == true) return CTAP2_ERR_USER_ACTION_TIMEOUT; initialize_flash(true); - init_fido(true); + init_fido(); return 0; } diff --git a/src/fido/fido.c b/src/fido/fido.c index 3216ab1..ec47a82 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -34,7 +34,6 @@ #include #include -void init_fido(bool); int fido_process_apdu(); int fido_unload(); @@ -100,7 +99,7 @@ int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecdsa_context *key) return derive_key(NULL, false, key_path, mbedtls_curve, key); } -int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffer_size, bool core1) { +int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffer_size) { mbedtls_x509write_cert ctx; mbedtls_x509write_crt_init(&ctx); mbedtls_x509write_crt_set_version(&ctx, MBEDTLS_X509_CRT_VERSION_3); @@ -109,7 +108,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe mbedtls_x509write_crt_set_subject_name(&ctx, "C=ES,O=Pico HSM,CN=Pico FIDO"); mbedtls_mpi serial; mbedtls_mpi_init(&serial); - mbedtls_mpi_fill_random(&serial, 32, core1 ? random_gen : random_gen_core0, NULL); + mbedtls_mpi_fill_random(&serial, 32, random_gen, NULL); mbedtls_x509write_crt_set_serial(&ctx, &serial); mbedtls_pk_context key; mbedtls_pk_init(&key); @@ -122,7 +121,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe mbedtls_x509write_crt_set_subject_key_identifier(&ctx); mbedtls_x509write_crt_set_authority_key_identifier(&ctx); mbedtls_x509write_crt_set_key_usage(&ctx, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN); - int ret = mbedtls_x509write_crt_der(&ctx, buffer, buffer_size, core1 ? random_gen : random_gen_core0, NULL); + int ret = mbedtls_x509write_crt_der(&ctx, buffer, buffer_size, random_gen, NULL); /* pk cannot be freed, as it is freed later */ //mbedtls_pk_free(&key); return ret; @@ -214,7 +213,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur return r; } -int scan_files(bool core1) { +int scan_files() { ef_keydev = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); ef_keydev_enc = search_by_fid(EF_KEY_DEV_ENC, NULL, SPECIFY_EF); if (ef_keydev) { @@ -223,7 +222,7 @@ int scan_files(bool core1) { mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init(&ecdsa); uint8_t index = 0; - int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, core1 ? random_gen : random_gen_core0, &index); + int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, random_gen, &index); if (ret != 0) { mbedtls_ecdsa_free(&ecdsa); return ret; @@ -254,12 +253,12 @@ int scan_files(bool core1) { mbedtls_ecdsa_free(&key); return ret; } - ret = mbedtls_ecp_mul(&key.grp, &key.Q, &key.d, &key.grp.G, core1 ? random_gen : random_gen_core0, NULL); + ret = mbedtls_ecp_mul(&key.grp, &key.Q, &key.d, &key.grp.G, random_gen, NULL); if (ret != 0) { mbedtls_ecdsa_free(&key); return ret; } - ret = x509_create_cert(&key, cert, sizeof(cert), core1); + ret = x509_create_cert(&key, cert, sizeof(cert)); mbedtls_ecdsa_free(&key); if (ret <= 0) return ret; @@ -284,10 +283,7 @@ int scan_files(bool core1) { if (ef_authtoken) { if (!file_has_data(ef_authtoken)) { uint8_t t[32]; - if (core1) - random_gen(NULL, t, sizeof(t)); - else - random_gen_core0(NULL, t, sizeof(t)); + random_gen(NULL, t, sizeof(t)); flash_write_data_to_file(ef_authtoken, t, sizeof(t)); } paut.data = file_get_data(ef_authtoken); @@ -304,13 +300,13 @@ int scan_files(bool core1) { return CCID_OK; } -void scan_all(bool core1) { +void scan_all() { scan_flash(); - scan_files(core1); + scan_files(); } -void init_fido(bool core1) { - scan_all(core1); +void init_fido() { + scan_all(); } bool wait_button_pressed() { diff --git a/src/fido/fido.h b/src/fido/fido.h index 0e0445b..b3d2316 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -30,12 +30,12 @@ #define SHA256_DIGEST_LENGTH (32) #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH) -extern int scan_files(bool); +extern int scan_files(); extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, mbedtls_ecdsa_context *key); extern int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_context *); extern bool wait_button_pressed(); extern CTAPHID_FRAME *ctap_req, *ctap_resp; -extern void init_fido(bool); +extern void init_fido(); extern mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve); extern int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecdsa_context *key); extern int load_keydev(uint8_t *key);