diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 0ee3724..46a54d9 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -35,7 +35,7 @@ int cmd_authenticate() { mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); - int ret = derive_key(req->appId, false, req->keyHandle, &key); + int ret = derive_key(req->appId, false, req->keyHandle, MBEDTLS_ECP_DP_SECP256R1, &key); if (ret != CCID_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index ae04173..8a40760 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -36,7 +36,7 @@ int cmd_register() { return SW_CONDITIONS_NOT_SATISFIED(); mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); - int ret = derive_key(req->appId, true, resp->keyHandleCertSig, &key); + int ret = derive_key(req->appId, true, resp->keyHandleCertSig, MBEDTLS_ECP_DP_SECP256R1, &key); if (ret != CCID_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); diff --git a/src/fido/fido.c b/src/fido/fido.c index 11a835f..58df475 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -29,6 +29,7 @@ #include "mbedtls/hkdf.h" #include "pk_wrap.h" #include "crypto_utils.h" +#include #include void init_fido(); @@ -67,7 +68,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe mbedtls_x509write_crt_set_subject_name(&ctx, "C=ES,O=Pico HSM,CN=Pico FIDO"); mbedtls_mpi serial; mbedtls_mpi_init(&serial); - mbedtls_mpi_fill_random(&serial, 32, random_gen, NULL); + mbedtls_mpi_fill_random(&serial, 32, random_gen_core0, NULL); mbedtls_x509write_crt_set_serial(&ctx, &serial); mbedtls_pk_context key; mbedtls_pk_init(&key); @@ -92,7 +93,7 @@ int load_keydev(uint8_t *key) { return CCID_OK; } -int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key) { +int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int curve, mbedtls_ecdsa_context *key) { uint8_t outk[64] = {0}; int r = 0; memset(outk, 0, sizeof(outk)); @@ -105,7 +106,8 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls uint32_t val = 0x80000000 | *((uint32_t *)random_bytes_get(sizeof(uint32_t))); memcpy(&key_handle[i*sizeof(uint32_t)], &val, sizeof(uint32_t)); } - if ((r = mbedtls_hkdf(md_info, &key_handle[i], sizeof(uint32_t), outk, 32, outk + 32, 32, outk, sizeof(outk))) != 0) + r = mbedtls_hkdf(md_info, &key_handle[i * sizeof(uint32_t)], sizeof(uint32_t), outk, 32, outk + 32, 32, outk, sizeof(outk)); + if (r != 0) { mbedtls_platform_zeroize(outk, sizeof(outk)); return r; @@ -122,12 +124,15 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls } } if (key != NULL) { - mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1); - r = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, key, outk, 32); + mbedtls_ecp_group_load(&key->grp, curve); + const mbedtls_ecp_curve_info *cinfo = mbedtls_ecp_curve_info_from_grp_id(curve); + if (cinfo == NULL) + return 1; + r = mbedtls_ecp_read_key(curve, key, outk, ceil((float)cinfo->bit_size/8)); mbedtls_platform_zeroize(outk, sizeof(outk)); if (r != 0) return r; - return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL ); + return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen_core0, NULL); } mbedtls_platform_zeroize(outk, sizeof(outk)); return r; @@ -141,7 +146,7 @@ int scan_files() { mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init(&ecdsa); uint8_t index = 0; - int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, random_gen, &index); + int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, random_gen_core0, &index); if (ret != 0) { mbedtls_ecdsa_free(&ecdsa); return ret; @@ -168,12 +173,10 @@ int scan_files() { mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), 32); - printf("ret %d\n", ret); if (ret != 0) return ret; ret = x509_create_cert(&key, cert, sizeof(cert)); mbedtls_ecdsa_free(&key); - printf("ret %d\n", ret); if (ret <= 0) return ret; flash_write_data_to_file(ef_certdev, cert + sizeof(cert) - ret, ret); diff --git a/src/fido/fido.h b/src/fido/fido.h index f0f95bc..e085838 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -31,7 +31,7 @@ #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH) extern int scan_files(); -extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key); +extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, mbedtls_ecdsa_context *key); extern bool wait_button_pressed(); extern CTAPHID_FRAME *ctap_req, *ctap_resp; @@ -40,5 +40,27 @@ extern CTAPHID_FRAME *ctap_req, *ctap_resp; #define FIDO2_ALG_ES384 -35 //ECDSA-SHA384 P384 #define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 P521 +#define FIDO2_CURVE_P256 1 +#define FIDO2_CURVE_P384 2 +#define FIDO2_CURVE_P521 3 +#define FIDO2_CURVE_X25519 4 +#define FIDO2_CURVE_X448 5 +#define FIDO2_CURVE_ED25519 6 +#define FIDO2_CURVE_ED448 7 +#define FIDO2_CURVE_P256K1 8 + +#define FIDO2_AUT_FLAG_UP 0x1 +#define FIDO2_AUT_FLAG_UV 0x4 +#define FIDO2_AUT_FLAG_AT 0x40 +#define FIDO2_AUT_FLAG_ED 0x80 + +typedef struct known_app { + const uint8_t *rp_id_hash; + const char *label; + const bool *use_sign_count; + const bool *use_self_attestation; +} known_app_t; + +extern const known_app_t *find_app_by_rp_id_hash(const uint8_t *rp_id_hash); #endif //_FIDO_H