From 4577e4430c09f6f805ce41334b3578aabdc8069e Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 30 Oct 2022 00:47:50 +0200
Subject: [PATCH] Moving AUT UNLOCK to Vendor command instead of using
 VendorConfig.

To do this a MSE command is added, to manage a secure environment. It performs a ephemeral ECDH exchange to derive a shared secret that will be used by vendor commands to convey ciphered data.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/cbor_config.c   | 183 ++++++---------------------------
 src/fido/cbor_get_info.c |   7 +-
 src/fido/cbor_vendor.c   | 148 ++++++++++++++++++++++++++-
 src/fido/ctap.h          |  18 +++-
 tools/pico-fido-tool.py  | 214 +++++++++++++++++----------------------
 5 files changed, 288 insertions(+), 282 deletions(-)

diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c
index e822887..5cda87c 100644
--- a/src/fido/cbor_config.c
+++ b/src/fido/cbor_config.c
@@ -29,9 +29,6 @@
 #include "mbedtls/chachapoly.h"
 #include "mbedtls/hkdf.h"
 
-
-static mbedtls_ecdh_context hkey;
-static bool hkey_init = false;
 extern uint8_t keydev_dec[32];
 extern bool has_keydev_dec;
 
@@ -40,10 +37,9 @@ int cbor_config(const uint8_t *data, size_t len) {
     CborValue map;
     CborError error = CborNoError;
     uint64_t subcommand = 0, pinUvAuthProtocol = 0, vendorCommandId = 0;
-    int64_t kty = 0, alg = 0, crv = 0;
-    CborByteString pinUvAuthParam = {0}, vendorAutCt = {0}, kax = {0}, kay = {0};
+    CborByteString pinUvAuthParam = {0}, vendorAutCt = {0};
     size_t resp_size = 0;
-    CborEncoder encoder, mapEncoder, mapEncoder2;
+    CborEncoder encoder, mapEncoder;
 
     CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
     uint64_t val_c = 1;
@@ -67,30 +63,6 @@ int cbor_config(const uint8_t *data, size_t len) {
                         CBOR_FIELD_GET_UINT(vendorCommandId, 2);
                     }
                     else if (subpara == 0x02) {
-                        int64_t key = 0;
-                        CBOR_PARSE_MAP_START(_f2, 3) {
-                            CBOR_FIELD_GET_INT(key, 3);
-                            if (key == 1) {
-                                CBOR_FIELD_GET_INT(kty, 3);
-                            }
-                            else if (key == 3) {
-                                CBOR_FIELD_GET_INT(alg, 3);
-                            }
-                            else if (key == -1) {
-                                CBOR_FIELD_GET_INT(crv, 3);
-                            }
-                            else if (key == -2) {
-                                CBOR_FIELD_GET_BYTES(kax, 3);
-                            }
-                            else if (key == -3) {
-                                CBOR_FIELD_GET_BYTES(kay, 3);
-                            }
-                            else
-                                CBOR_ADVANCE(3);
-                        }
-                        CBOR_PARSE_MAP_END(_f2, 3);
-                    }
-                    else if (subpara == 0x03) {
                         CBOR_FIELD_GET_BYTES(vendorAutCt, 2);
                     }
                 }
@@ -109,135 +81,48 @@ int cbor_config(const uint8_t *data, size_t len) {
     cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
 
     if (subcommand == 0xff) {
-        if (vendorCommandId == CTAP_CONFIG_KEY_AGREEMENT) {
-            if (hkey_init == true)
-                mbedtls_ecdh_free(&hkey);
+        if (vendorCommandId == CTAP_CONFIG_AUT_DISABLE) {
+            if (!file_has_data(ef_keydev_enc))
+                CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
+            if (has_keydev_dec == false)
+                CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
+            flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec));
+            mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec));
+            flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
+            low_flash_available();
+        }
+        else if (vendorCommandId == CTAP_CONFIG_AUT_ENABLE) {
+            if (!file_has_data(ef_keydev))
+                CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
+            if (mse.init == false)
+                CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
 
-            mbedtls_ecdh_init(&hkey);
-            mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
-            int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
-            mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
+            mbedtls_chachapoly_context chatx;
+            int ret = mse_decrypt_ct(vendorAutCt.data, vendorAutCt.len);
             if (ret != 0) {
                 CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
             }
-            hkey_init = true;
-            CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
 
-            CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2,  5));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3));
-            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ECDH_ES_HKDF_256));
-            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256));
-            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2));
-            uint8_t pkey[32];
-            mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.X, pkey, 32);
-            CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32));
-            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 3));
-            mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.Y, pkey, 32);
-            CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32));
-            CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
-        }
-        else if (vendorCommandId == CTAP_CONFIG_AUT || vendorCommandId == CTAP_CONFIG_UNLOCK) {
-            if (vendorCommandId == CTAP_CONFIG_AUT && (kax.present == false || kay.present == false || vendorAutCt.present == false || alg == 0)) { // Disable
-                if (!file_has_data(ef_keydev_enc))
-                    CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
-                if (has_keydev_dec == false)
-                    CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
-                flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec));
-                mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec));
-                flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes
-                low_flash_available();
+            uint8_t key_dev_enc[12+32+16];
+            random_gen(NULL, key_dev_enc, 12);
+            mbedtls_chachapoly_init(&chatx);
+            mbedtls_chachapoly_setkey(&chatx, vendorAutCt.data);
+            ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, file_get_size(ef_keydev), key_dev_enc, NULL, 0, file_get_data(ef_keydev), key_dev_enc + 12, key_dev_enc + 12 + file_get_size(ef_keydev));
+            mbedtls_chachapoly_free(&chatx);
+            if (ret != 0){
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
             }
-            else { // Enable
-                if (vendorCommandId == CTAP_CONFIG_AUT && !file_has_data(ef_keydev))
-                    CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
-                if (kax.present == false || kay.present == false || alg == 0)
-                    CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
 
-                if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) {
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-                if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.Y, kay.data, kay.len) != 0) {
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-
-                mbedtls_mpi z;
-                mbedtls_mpi_init(&z);
-                int ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, &hkey.ctx.mbed_ecdh.Qp, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
-                if (ret != 0) {
-                    mbedtls_mpi_free(&z);
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-                uint8_t buf[32], Qpt[65];
-                size_t olen = 0;
-                ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Qp, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, Qpt, sizeof(Qpt));
-                if (ret != 0) {
-                    mbedtls_mpi_free(&z);
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-                ret = mbedtls_mpi_write_binary(&z, buf, sizeof(buf));
-                mbedtls_mpi_free(&z);
-                if (ret != 0) {
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-                uint8_t key_enc[12+32];
-                ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, buf, sizeof(buf), Qpt, 65, key_enc, 12+32);
-                if (ret != 0){
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-
-                mbedtls_chachapoly_context chatx;
-                mbedtls_chachapoly_init(&chatx);
-                mbedtls_chachapoly_setkey(&chatx, key_enc + 12);
-                ret = mbedtls_chachapoly_auth_decrypt(&chatx, vendorAutCt.len - 16, key_enc, Qpt, 65, vendorAutCt.data + vendorAutCt.len - 16, vendorAutCt.data, vendorAutCt.data);
-                mbedtls_chachapoly_free(&chatx);
-                mbedtls_ecdh_free(&hkey);
-                hkey_init = false;
-                if (ret != 0) {
-                    CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                }
-
-                if (vendorCommandId == CTAP_CONFIG_AUT) {
-                    uint8_t key_dev_enc[12+32+16];
-                    random_gen(NULL, key_dev_enc, 12);
-                    mbedtls_chachapoly_init(&chatx);
-                    mbedtls_chachapoly_setkey(&chatx, vendorAutCt.data);
-                    ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, file_get_size(ef_keydev), key_dev_enc, NULL, 0, file_get_data(ef_keydev), key_dev_enc + 12, key_dev_enc + 12 + file_get_size(ef_keydev));
-                    mbedtls_chachapoly_free(&chatx);
-                    if (ret != 0){
-                        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                    }
-
-                    flash_write_data_to_file(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
-                    mbedtls_platform_zeroize(key_dev_enc, sizeof(key_dev_enc));
-                    flash_write_data_to_file(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
-                    flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
-                    low_flash_available();
-                }
-                else if (vendorCommandId == CTAP_CONFIG_UNLOCK) {
-                    if (!file_has_data(ef_keydev_enc))
-                        CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
-
-                    uint8_t *keyenc = file_get_data(ef_keydev_enc);
-                    size_t keyenc_len = file_get_size(ef_keydev_enc);
-                    mbedtls_chachapoly_init(&chatx);
-                    mbedtls_chachapoly_setkey(&chatx, vendorAutCt.data);
-                    ret = mbedtls_chachapoly_auth_decrypt(&chatx, sizeof(keydev_dec), keyenc, NULL, 0, keyenc + keyenc_len - 16, keyenc + 12, keydev_dec);
-                    mbedtls_chachapoly_free(&chatx);
-                    if (ret != 0){
-                        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-                    }
-                    has_keydev_dec = true;
-                }
-            }
-            goto err; //No return
+            flash_write_data_to_file(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc));
+            mbedtls_platform_zeroize(key_dev_enc, sizeof(key_dev_enc));
+            flash_write_data_to_file(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0
+            flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes
+            low_flash_available();
         }
         else {
             CBOR_ERROR(CTAP2_ERR_INVALID_SUBCOMMAND);
         }
+        goto err;
     }
     else
         CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
@@ -247,8 +132,6 @@ int cbor_config(const uint8_t *data, size_t len) {
     err:
     CBOR_FREE_BYTE_STRING(pinUvAuthParam);
     CBOR_FREE_BYTE_STRING(vendorAutCt);
-    CBOR_FREE_BYTE_STRING(kax);
-    CBOR_FREE_BYTE_STRING(kay);
 
     if (error != CborNoError) {
         if (error == CborErrorImproperValue)
diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c
index 842eba4..e83bcc1 100644
--- a/src/fido/cbor_get_info.c
+++ b/src/fido/cbor_get_info.c
@@ -80,10 +80,9 @@ int cbor_get_info() {
     CBOR_CHECK(cbor_encode_uint(&mapEncoder, PICO_FIDO_VERSION)); // firmwareVersion
 
     CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x15));
-    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 3));
-    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_AUT));
-    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_KEY_AGREEMENT));
-    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_UNLOCK));
+    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 2));
+    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_AUT_ENABLE));
+    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_AUT_DISABLE));
     CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
 
     CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c
index d22a9eb..784f889 100644
--- a/src/fido/cbor_vendor.c
+++ b/src/fido/cbor_vendor.c
@@ -15,23 +15,41 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "common.h"
 #include "ctap2_cbor.h"
 #include "fido.h"
 #include "ctap.h"
 #include "files.h"
 #include "apdu.h"
 #include "hsm.h"
+#include "random.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/hkdf.h"
 
+extern uint8_t keydev_dec[32];
 extern bool has_keydev_dec;
 
+mse_t mse = {.init = false};
+
+int mse_decrypt_ct(uint8_t *data, size_t len) {
+    mbedtls_chachapoly_context chatx;
+    mbedtls_chachapoly_init(&chatx);
+    mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12);
+    int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data);
+    mbedtls_chachapoly_free(&chatx);
+    return ret;
+}
+
 int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
     CborParser parser;
     CborValue map;
     CborError error = CborNoError;
-    CborByteString pinUvAuthParam = {0}, vendorParam = {0};
+    CborByteString pinUvAuthParam = {0}, vendorParam = {0}, kax = {0}, kay = {0};
     size_t resp_size = 0;
     uint64_t vendorCmd = 0, pinUvAuthProtocol = 0;
-    CborEncoder encoder, mapEncoder;
+    int64_t kty = 0, alg = 0, crv = 0;
+    CborEncoder encoder, mapEncoder, mapEncoder2;
 
     CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
     uint64_t val_c = 1;
@@ -53,6 +71,30 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
                 if (subpara == 0x01) {
                     CBOR_FIELD_GET_BYTES(vendorParam, 2);
                 }
+                else if (subpara == 0x02) {
+                    int64_t key = 0;
+                    CBOR_PARSE_MAP_START(_f2, 3) {
+                        CBOR_FIELD_GET_INT(key, 3);
+                        if (key == 1) {
+                            CBOR_FIELD_GET_INT(kty, 3);
+                        }
+                        else if (key == 3) {
+                            CBOR_FIELD_GET_INT(alg, 3);
+                        }
+                        else if (key == -1) {
+                            CBOR_FIELD_GET_INT(crv, 3);
+                        }
+                        else if (key == -2) {
+                            CBOR_FIELD_GET_BYTES(kax, 3);
+                        }
+                        else if (key == -3) {
+                            CBOR_FIELD_GET_BYTES(kay, 3);
+                        }
+                        else
+                            CBOR_ADVANCE(3);
+                    }
+                    CBOR_PARSE_MAP_END(_f2, 3);
+                }
                 else
                     CBOR_ADVANCE(2);
             }
@@ -94,6 +136,106 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
             CBOR_ERROR(CTAP2_ERR_INVALID_SUBCOMMAND);
         }
     }
+    else if (cmd == CTAP_VENDOR_MSE) {
+        if (vendorCmd == 0x01) { // KeyAgreement
+            if (kax.present == false || kay.present == false || alg == 0)
+                CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
+
+            mbedtls_ecdh_context hkey;
+            mbedtls_ecdh_init(&hkey);
+            mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
+            int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
+            mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
+            if (ret != 0) {
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.X, kax.data, kax.len) != 0) {
+                mbedtls_ecdh_free(&hkey);
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            if (mbedtls_mpi_read_binary(&hkey.ctx.mbed_ecdh.Qp.Y, kay.data, kay.len) != 0) {
+                mbedtls_ecdh_free(&hkey);
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+
+            mbedtls_mpi z;
+            mbedtls_mpi_init(&z);
+            ret = mbedtls_ecdh_compute_shared(&hkey.ctx.mbed_ecdh.grp, &z, &hkey.ctx.mbed_ecdh.Qp, &hkey.ctx.mbed_ecdh.d, random_gen, NULL);
+            if (ret != 0) {
+                mbedtls_mpi_free(&z);
+                mbedtls_ecdh_free(&hkey);
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            uint8_t buf[32];
+            size_t olen = 0;
+            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Qp, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, mse.Qpt, sizeof(mse.Qpt));
+            if (ret != 0) {
+                mbedtls_mpi_free(&z);
+                mbedtls_ecdh_free(&hkey);
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            ret = mbedtls_mpi_write_binary(&z, buf, sizeof(buf));
+            mbedtls_mpi_free(&z);
+            if (ret != 0) {
+                mbedtls_ecdh_free(&hkey);
+                mbedtls_platform_zeroize(buf, sizeof(buf));
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, buf, sizeof(buf), mse.Qpt, sizeof(mse.Qpt), mse.key_enc, sizeof(mse.key_enc));
+            if (ret != 0){
+                mbedtls_ecdh_free(&hkey);
+                mbedtls_platform_zeroize(buf, sizeof(buf));
+                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+            }
+            mbedtls_platform_zeroize(buf, sizeof(buf));
+            mse.init = true;
+
+            CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
+            CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
+
+            CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2,  5));
+            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 1));
+            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 2));
+            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, 3));
+            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ECDH_ES_HKDF_256));
+            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 1));
+            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, FIDO2_CURVE_P256));
+            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 2));
+            uint8_t pkey[32];
+            mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.X, pkey, 32);
+            CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32));
+            CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, 3));
+            mbedtls_mpi_write_binary(&hkey.ctx.mbed_ecdh.Q.Y, pkey, 32);
+            CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, pkey, 32));
+            CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
+            mbedtls_ecdh_free(&hkey);
+        }
+    }
+    else if (cmd == CTAP_VENDOR_UNLOCK) {
+        if (mse.init == false)
+            CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
+
+        mbedtls_chachapoly_context chatx;
+        int ret = mse_decrypt_ct(vendorParam.data, vendorParam.len);
+        if (ret != 0) {
+            CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+        }
+
+        if (!file_has_data(ef_keydev_enc))
+            CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
+
+        uint8_t *keyenc = file_get_data(ef_keydev_enc);
+        size_t keyenc_len = file_get_size(ef_keydev_enc);
+        mbedtls_chachapoly_init(&chatx);
+        mbedtls_chachapoly_setkey(&chatx, vendorParam.data);
+        ret = mbedtls_chachapoly_auth_decrypt(&chatx, sizeof(keydev_dec), keyenc, NULL, 0, keyenc + keyenc_len - 16, keyenc + 12, keydev_dec);
+        mbedtls_chachapoly_free(&chatx);
+        if (ret != 0){
+            CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+        }
+        has_keydev_dec = true;
+        goto err;
+    }
     else
         CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
     CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
@@ -115,7 +257,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
 int cbor_vendor(const uint8_t *data, size_t len) {
     if (len == 0)
         return CTAP1_ERR_INVALID_LEN;
-    if (data[0] == CTAP_VENDOR_BACKUP)
+    if (data[0] >= CTAP_VENDOR_BACKUP)
         return cbor_vendor_generic(data[0], data + 1, len - 1);
     return CTAP2_ERR_INVALID_CBOR;
 }
diff --git a/src/fido/ctap.h b/src/fido/ctap.h
index 10d5e79..57ed43f 100644
--- a/src/fido/ctap.h
+++ b/src/fido/ctap.h
@@ -116,13 +116,23 @@ typedef struct {
 #define CTAP_SELECTION           0x0B
 #define CTAP_CONFIG              0x0D
 
-#define CTAP_CONFIG_AUT             0x03e43f56b34285e2
-#define CTAP_CONFIG_KEY_AGREEMENT   0x1831a40f04a25ed9
-#define CTAP_CONFIG_UNLOCK          0x54365966c9a74770
+#define CTAP_CONFIG_AUT_ENABLE      0x03e43f56b34285e2
+#define CTAP_CONFIG_AUT_DISABLE     0x1831a40f04a25ed9
 
 #define CTAP_VENDOR_CBOR            (CTAPHID_VENDOR_FIRST + 1)
 
-#define CTAP_VENDOR_BACKUP      0x01
+#define CTAP_VENDOR_BACKUP              0x01
+#define CTAP_VENDOR_MSE                 0x02
+#define CTAP_VENDOR_UNLOCK              0x03
+
+typedef struct mse {
+    uint8_t Qpt[65];
+    uint8_t key_enc[12 + 32];
+    bool init;
+} mse_t;
+extern mse_t mse;
+
+extern int mse_decrypt_ct(uint8_t *, size_t);
 
 // Command status responses
 
diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py
index a16953b..8d5e559 100644
--- a/tools/pico-fido-tool.py
+++ b/tools/pico-fido-tool.py
@@ -69,133 +69,32 @@ class VendorConfig(Config):
 
     class PARAM(IntEnum):
         VENDOR_COMMAND_ID         = 0x01
-        VENDOR_AUT_KEY_AGREEMENT  = 0x02
-        VENDOR_AUT_CT             = 0x03
+        VENDOR_AUT_CT             = 0x02
 
     class CMD(IntEnum):
-        CONFIG_AUT           = 0x03e43f56b34285e2
-        CONFIG_KEY_AGREEMENT = 0x1831a40f04a25ed9
-        CONFIG_UNLOCK        = 0x54365966c9a74770
-        CONFIG_BACKUP        = 0x6b1ede62beff0d5e
+        CONFIG_AUT_ENABLE    = 0x03e43f56b34285e2
+        CONFIG_AUT_DISABLE   = 0x1831a40f04a25ed9
 
     class RESP(IntEnum):
         KEY_AGREEMENT = 0x01
-        BACKUP        = 0x01
 
     def __init__(self, ctap, pin_uv_protocol=None, pin_uv_token=None):
         super().__init__(ctap, pin_uv_protocol, pin_uv_token)
 
-    def _get_key_device(self):
-        return skey.get_secure_key()
-
-    def _get_shared_key(self):
-        ret = self._call(
-            Config.CMD.VENDOR_PROTOTYPE,
-            {
-                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_KEY_AGREEMENT,
-            },
-        )
-        peer_cose_key = ret[VendorConfig.RESP.KEY_AGREEMENT]
-
-        sk = ec.generate_private_key(ec.SECP256R1())
-        pn = sk.public_key().public_numbers()
-        pb = sk.public_key().public_bytes(Encoding.X962, PublicFormat.UncompressedPoint)
-        key_agreement = {
-            1: 2,
-            3: -25,  # Per the spec, "although this is NOT the algorithm actually used"
-            -1: 1,
-            -2: int2bytes(pn.x, 32),
-            -3: int2bytes(pn.y, 32),
-        }
-
-        x = bytes2int(peer_cose_key[-2])
-        y = bytes2int(peer_cose_key[-3])
-        pk = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256R1()).public_key()
-        shared_key = sk.exchange(ec.ECDH(), pk)
-
-        xkdf = HKDF(
-            algorithm=hashes.SHA256(),
-            length=12+32,
-            salt=None,
-            info=pb
-        )
-        kdf_out = xkdf.derive(shared_key)
-        key_enc = kdf_out[12:]
-        iv = kdf_out[:12]
-        return iv, key_enc, key_agreement, pb
-
-    def _send_command_key(self, cmd):
-        iv, key_enc, key_agreement, pb = self._get_shared_key()
-
-        chacha = ChaCha20Poly1305(key_enc)
-        ct = chacha.encrypt(iv, self._get_key_device(), pb)
+    def enable_device_aut(self, ct):
         self._call(
             Config.CMD.VENDOR_PROTOTYPE,
             {
-                VendorConfig.PARAM.VENDOR_COMMAND_ID: cmd,
-                VendorConfig.PARAM.VENDOR_AUT_KEY_AGREEMENT: key_agreement,
+                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_ENABLE,
                 VendorConfig.PARAM.VENDOR_AUT_CT: ct
             },
         )
 
-    def enable_device_aut(self):
-        self._send_command_key(VendorConfig.CMD.CONFIG_AUT)
-
-    def unlock_device(self):
-        self._send_command_key(VendorConfig.CMD.CONFIG_UNLOCK)
-
     def disable_device_aut(self):
         self._call(
             Config.CMD.VENDOR_PROTOTYPE,
             {
-                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT,
-            },
-        )
-
-    def backup_save(self, filename):
-        ret = self._call(
-            Config.CMD.VENDOR_PROTOTYPE,
-            {
-                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_BACKUP,
-            },
-        )
-        data = ret[VendorConfig.RESP.BACKUP]
-        d = int.from_bytes(skey.get_secure_key(), 'big')
-        with open(filename, 'wb') as fp:
-            fp.write(b'\x01')
-            fp.write(data)
-            pk = ec.derive_private_key(d, ec.SECP256R1())
-            signature = pk.sign(data, ec.ECDSA(hashes.SHA256()))
-            fp.write(signature)
-        print('Remember the following words in this order:')
-        for c in range(24):
-            coef = (d//(2048**c))%2048
-            print(f'{(c+1):02d} - {words[coef]}')
-
-    def backup_load(self, filename):
-        d = 0
-        if (d == 0):
-            for c in range(24):
-                word = input(f'Introduce word {(c+1):02d}: ')
-                while (word not in words):
-                    word = input(f'Word not found. Please, tntroduce the correct word {(c+1):02d}: ')
-                coef = words.index(word)
-                d = d+(2048**c)*coef
-
-        pk = ec.derive_private_key(d, ec.SECP256R1())
-        pb = pk.public_key()
-        with open(filename, 'rb') as fp:
-            format = fp.read(1)[0]
-            if (format == 0x1):
-                data = fp.read(60)
-                signature = fp.read()
-            pb.verify(signature, data, ec.ECDSA(hashes.SHA256()))
-        skey.set_secure_key(pk)
-        self._call(
-            Config.CMD.VENDOR_PROTOTYPE,
-            {
-                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_BACKUP,
-                VendorConfig.PARAM.VENDOR_AUT_CT: data,
+                VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_DISABLE
             },
         )
 
@@ -280,17 +179,22 @@ class Vendor:
     @unique
     class CMD(IntEnum):
         VENDOR_BACKUP    = 0x01
+        VENDOR_MSE       = 0x02
+        VENDOR_UNLOCK    = 0x03
 
     @unique
     class PARAM(IntEnum):
-        PARAM      = 0x01
+        PARAM           = 0x01
+        COSE_KEY        = 0x02
 
     class SUBCMD(IntEnum):
-        ENABLE      = 0x01
-        DISABLE     = 0x02
+        ENABLE              = 0x01
+        DISABLE             = 0x02
+        KEY_AGREEMENT       = 0x01
 
     class RESP(IntEnum):
         PARAM       = 0x01
+        COSE_KEY    = 0x02
 
     def __init__(
         self,
@@ -304,6 +208,10 @@ class Vendor:
             if pin_uv_protocol and pin_uv_token
             else None
         )
+        self.__key_enc = None
+        self.__iv = None
+
+        self.vcfg = VendorConfig(ctap)
 
     def _call(self, cmd, sub_cmd, params=None):
         if params:
@@ -369,6 +277,72 @@ class Vendor:
             },
         )
 
+    def mse(self):
+        sk = ec.generate_private_key(ec.SECP256R1())
+        pn = sk.public_key().public_numbers()
+        self.__pb = sk.public_key().public_bytes(Encoding.X962, PublicFormat.UncompressedPoint)
+        key_agreement = {
+            1: 2,
+            3: -25,  # Per the spec, "although this is NOT the algorithm actually used"
+            -1: 1,
+            -2: int2bytes(pn.x, 32),
+            -3: int2bytes(pn.y, 32),
+        }
+
+        ret = self._call(
+            Vendor.CMD.VENDOR_MSE,
+            Vendor.SUBCMD.KEY_AGREEMENT,
+            {
+                Vendor.PARAM.COSE_KEY: key_agreement,
+            },
+        )
+
+        peer_cose_key = ret[VendorConfig.RESP.KEY_AGREEMENT]
+
+        x = bytes2int(peer_cose_key[-2])
+        y = bytes2int(peer_cose_key[-3])
+        pk = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256R1()).public_key()
+        shared_key = sk.exchange(ec.ECDH(), pk)
+
+        xkdf = HKDF(
+            algorithm=hashes.SHA256(),
+            length=12+32,
+            salt=None,
+            info=self.__pb
+        )
+        kdf_out = xkdf.derive(shared_key)
+        self.__key_enc = kdf_out[12:]
+        self.__iv = kdf_out[:12]
+
+    def encrypt_chacha(self, data):
+        chacha = ChaCha20Poly1305(self.__key_enc)
+        ct = chacha.encrypt(self.__iv, data, self.__pb)
+        return ct
+
+    def unlock_device(self):
+        ct = self.get_skey()
+        self._call(
+            Vendor.CMD.VENDOR_UNLOCK,
+            Vendor.SUBCMD.ENABLE,
+            {
+                Vendor.PARAM.PARAM: ct
+            },
+        )
+
+    def _get_key_device(self):
+        return skey.get_secure_key()
+
+    def get_skey(self):
+        self.mse()
+        ct = self.encrypt_chacha(self._get_key_device())
+        return ct
+
+    def enable_device_aut(self):
+        ct = self.get_skey()
+        self.vcfg.enable_device_aut(ct)
+
+    def disable_device_aut(self):
+        self.vcfg.disable_device_aut()
 
 def parse_args():
     parser = argparse.ArgumentParser()
@@ -383,19 +357,15 @@ def parse_args():
     args = parser.parse_args()
     return args
 
-def secure(dev, args):
-    vcfg = VendorConfig(Ctap2(dev))
-
+def secure(vdr, args):
     if (args.subcommand == 'enable'):
-        vcfg.enable_device_aut()
+        vdr.enable_device_aut()
     elif (args.subcommand == 'unlock'):
-        vcfg.unlock_device()
+        vdr.unlock_device()
     elif (args.subcommand == 'disable'):
-        vcfg.disable_device_aut()
-
-def backup(dev, args):
-    vdr = Vendor(Ctap2Vendor(dev))
+        vdr.disable_device_aut()
 
+def backup(vdr, args):
     if (args.subcommand == 'save'):
         vdr.backup_save(args.filename)
     elif (args.subcommand == 'load'):
@@ -411,10 +381,12 @@ def main(args):
 
     dev = next(CtapHidDevice.list_devices(), None)
 
+    vdr = Vendor(Ctap2Vendor(dev))
+
     if (args.command == 'secure'):
-        secure(dev, args)
+        secure(vdr, args)
     elif (args.command == 'backup'):
-        backup(dev, args)
+        backup(vdr, args)
 
 def run():
     args = parse_args()