dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Moving to mbedtls_platform_zeroize() for better zeroization.

Browse Source 
Also added more zeroization when a private/secret key is loaded in memory.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-08-12 01:52:37 +02:00
parent 2666573050
commit 300e19b612
2 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/hsm/dkek.c
View File

@@ -82,7 +82,7 @@ int load_dkek(uint8_t id, uint8_t *dkek) {
}
void release_mkek(uint8_t *mkek) {
memset(mkek, 0, MKEK_SIZE);
mbedtls_platform_zeroize(mkek, MKEK_SIZE);
}
int store_mkek(const uint8_t *mkek) {
@@ -162,7 +162,7 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
if (r != CCID_OK)
return r;
hash256(dkek, DKEK_KEY_SIZE, hsh);
memset(dkek, 0, sizeof(dkek));
mbedtls_platform_zeroize(dkek, sizeof(dkek));
memcpy(kcv, hsh, 8);
return CCID_OK;
}
@@ -175,7 +175,7 @@ int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
return r;
memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
hash256(dkek, sizeof(dkek), kenc);
memset(dkek, 0, sizeof(dkek));
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
}
@@ -187,7 +187,7 @@ int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
return r;
memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
hash256(dkek, DKEK_KEY_SIZE+4, kmac);
memset(dkek, 0, sizeof(dkek));
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
}

26
src/hsm/sc_hsm.c
View File

@@ -1351,26 +1351,32 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
return CCID_EXEC_ERROR;
}
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size/2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
}
if (mbedtls_mpi_read_binary(&ctx->Q, kdata+key_size/2, key_size/2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
}
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_EXEC_ERROR;
}
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
}
if (mbedtls_rsa_complete(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
}
if (mbedtls_rsa_check_privkey(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
}
@@ -1390,9 +1396,11 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
mbedtls_ecp_group_id gid = kdata[0];
int r = mbedtls_ecp_read_key(gid, ctx, kdata+1, key_size-1);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(ctx);
return CCID_EXEC_ERROR;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return CCID_OK;
}
@@ -1675,6 +1683,7 @@ static int cmd_key_wrap() {
else if (key_size == 16)
aes_type = HSM_KEY_AES_128;
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
}
if (r != CCID_OK)
return SW_EXEC_ERROR();
@@ -1807,6 +1816,7 @@ static int cmd_decrypt_asym() {
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
mbedtls_platform_zeroize(kdata, key_size);
free(kdata);
return SW_EXEC_ERROR();
}
@@ -1815,17 +1825,18 @@ static int cmd_decrypt_asym() {
int r = 0;
r = mbedtls_ecdh_setup(&ctx, gid);
if (r != 0) {
mbedtls_platform_zeroize(kdata, key_size);
mbedtls_ecdh_free(&ctx);
free(kdata);
return SW_DATA_INVALID();
}
r = mbedtls_mpi_read_binary(&ctx.ctx.mbed_ecdh.d, kdata+1, key_size-1);
mbedtls_platform_zeroize(kdata, key_size);
free(kdata);
if (r != 0) {
mbedtls_ecdh_free(&ctx);
free(kdata);
return SW_DATA_INVALID();
}
free(kdata);
r = -1;
if (p2 == ALGO_EC_DH)
r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
@@ -1889,10 +1900,12 @@ static int cmd_cipher_sym() {
if (algo == ALGO_AES_CBC_ENCRYPT) {
int r = mbedtls_aes_setkey_enc(&aes, kdata, key_size*8);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_aes_free(&aes);
return SW_EXEC_ERROR();
}
r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
mbedtls_aes_free(&aes);
return SW_EXEC_ERROR();
@@ -1901,10 +1914,12 @@ static int cmd_cipher_sym() {
else if (algo == ALGO_AES_CBC_DECRYPT) {
int r = mbedtls_aes_setkey_dec(&aes, kdata, key_size*8);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_aes_free(&aes);
return SW_EXEC_ERROR();
}
r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
mbedtls_aes_free(&aes);
return SW_EXEC_ERROR();
@@ -1921,20 +1936,25 @@ static int cmd_cipher_sym() {
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_192_ECB);
else if (key_size == 32)
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB);
else
else {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_DATA();
}
int r = mbedtls_cipher_cmac(cipher_info, kdata, key_size*8, apdu.data, apdu.nc, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0)
return SW_EXEC_ERROR();
res_APDU_size = 16;
}
else if (algo == ALGO_AES_DERIVE) {
int r = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, file_get_data(ef), key_size, apdu.data, apdu.nc, res_APDU, apdu.nc);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0)
return SW_EXEC_ERROR();
res_APDU_size = apdu.nc;
}
else {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_P1P2();
}
return SW_OK();