dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Moving to mbedtls_platform_zeroize() for better zeroization.

Browse Source 
Also added more zeroization when a private/secret key is loaded in memory.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-08-12 01:52:37 +02:00
parent 2666573050
commit 300e19b612
2 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/hsm/dkek.c
View File

@@ -82,7 +82,7 @@ int load_dkek(uint8_t id, uint8_t *dkek) {
} }
void release_mkek(uint8_t *mkek) { void release_mkek(uint8_t *mkek) {
memset(mkek, 0, MKEK_SIZE); mbedtls_platform_zeroize(mkek, MKEK_SIZE);
} }
int store_mkek(const uint8_t *mkek) { int store_mkek(const uint8_t *mkek) {
@@ -162,7 +162,7 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
if (r != CCID_OK) if (r != CCID_OK)
return r; return r;
hash256(dkek, DKEK_KEY_SIZE, hsh); hash256(dkek, DKEK_KEY_SIZE, hsh);
memset(dkek, 0, sizeof(dkek)); mbedtls_platform_zeroize(dkek, sizeof(dkek));
memcpy(kcv, hsh, 8); memcpy(kcv, hsh, 8);
return CCID_OK; return CCID_OK;
} }
@@ -175,7 +175,7 @@ int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
return r; return r;
memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4); memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
hash256(dkek, sizeof(dkek), kenc); hash256(dkek, sizeof(dkek), kenc);
memset(dkek, 0, sizeof(dkek)); mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK; return CCID_OK;
} }
@@ -187,7 +187,7 @@ int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
return r; return r;
memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4); memcpy(dkek+DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
hash256(dkek, DKEK_KEY_SIZE+4, kmac); hash256(dkek, DKEK_KEY_SIZE+4, kmac);
memset(dkek, 0, sizeof(dkek)); mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK; return CCID_OK;
} }

26
src/hsm/sc_hsm.c
View File

@@ -1351,26 +1351,32 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
return CCID_EXEC_ERROR; return CCID_EXEC_ERROR;
} }
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size/2) != 0) { if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size/2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
if (mbedtls_mpi_read_binary(&ctx->Q, kdata+key_size/2, key_size/2) != 0) { if (mbedtls_mpi_read_binary(&ctx->Q, kdata+key_size/2, key_size/2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) { if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_EXEC_ERROR; return CCID_EXEC_ERROR;
} }
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) { if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
if (mbedtls_rsa_complete(ctx) != 0) { if (mbedtls_rsa_complete(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
if (mbedtls_rsa_check_privkey(ctx) != 0) { if (mbedtls_rsa_check_privkey(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx); mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
@@ -1390,9 +1396,11 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
mbedtls_ecp_group_id gid = kdata[0]; mbedtls_ecp_group_id gid = kdata[0];
int r = mbedtls_ecp_read_key(gid, ctx, kdata+1, key_size-1); int r = mbedtls_ecp_read_key(gid, ctx, kdata+1, key_size-1);
if (r != 0) { if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(ctx); mbedtls_ecdsa_free(ctx);
return CCID_EXEC_ERROR; return CCID_EXEC_ERROR;
} }
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return CCID_OK; return CCID_OK;
} }
@@ -1675,6 +1683,7 @@ static int cmd_key_wrap() {
else if (key_size == 16) else if (key_size == 16)
aes_type = HSM_KEY_AES_128; aes_type = HSM_KEY_AES_128;
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len); r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
} }
if (r != CCID_OK) if (r != CCID_OK)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1807,6 +1816,7 @@ static int cmd_decrypt_asym() {
uint8_t *kdata = (uint8_t *)calloc(1,key_size); uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_get_data(ef), key_size); memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) { if (mkek_decrypt(kdata, key_size) != 0) {
mbedtls_platform_zeroize(kdata, key_size);
free(kdata); free(kdata);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
@@ -1815,17 +1825,18 @@ static int cmd_decrypt_asym() {
int r = 0; int r = 0;
r = mbedtls_ecdh_setup(&ctx, gid); r = mbedtls_ecdh_setup(&ctx, gid);
if (r != 0) { if (r != 0) {
mbedtls_platform_zeroize(kdata, key_size);
mbedtls_ecdh_free(&ctx); mbedtls_ecdh_free(&ctx);
free(kdata); free(kdata);
return SW_DATA_INVALID(); return SW_DATA_INVALID();
} }
r = mbedtls_mpi_read_binary(&ctx.ctx.mbed_ecdh.d, kdata+1, key_size-1); r = mbedtls_mpi_read_binary(&ctx.ctx.mbed_ecdh.d, kdata+1, key_size-1);
mbedtls_platform_zeroize(kdata, key_size);
free(kdata);
if (r != 0) { if (r != 0) {
mbedtls_ecdh_free(&ctx); mbedtls_ecdh_free(&ctx);
free(kdata);
return SW_DATA_INVALID(); return SW_DATA_INVALID();
} }
free(kdata);
r = -1; r = -1;
if (p2 == ALGO_EC_DH) if (p2 == ALGO_EC_DH)
r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1); r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
@@ -1889,10 +1900,12 @@ static int cmd_cipher_sym() {
if (algo == ALGO_AES_CBC_ENCRYPT) { if (algo == ALGO_AES_CBC_ENCRYPT) {
int r = mbedtls_aes_setkey_enc(&aes, kdata, key_size*8); int r = mbedtls_aes_setkey_enc(&aes, kdata, key_size*8);
if (r != 0) { if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_aes_free(&aes); mbedtls_aes_free(&aes);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU); r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) { if (r != 0) {
mbedtls_aes_free(&aes); mbedtls_aes_free(&aes);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1901,10 +1914,12 @@ static int cmd_cipher_sym() {
else if (algo == ALGO_AES_CBC_DECRYPT) { else if (algo == ALGO_AES_CBC_DECRYPT) {
int r = mbedtls_aes_setkey_dec(&aes, kdata, key_size*8); int r = mbedtls_aes_setkey_dec(&aes, kdata, key_size*8);
if (r != 0) { if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_aes_free(&aes); mbedtls_aes_free(&aes);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU); r = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, apdu.nc, tmp_iv, apdu.data, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) { if (r != 0) {
mbedtls_aes_free(&aes); mbedtls_aes_free(&aes);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1921,20 +1936,25 @@ static int cmd_cipher_sym() {
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_192_ECB); cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_192_ECB);
else if (key_size == 32) else if (key_size == 32)
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB); cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB);
else else {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_DATA(); return SW_WRONG_DATA();
}
int r = mbedtls_cipher_cmac(cipher_info, kdata, key_size*8, apdu.data, apdu.nc, res_APDU); int r = mbedtls_cipher_cmac(cipher_info, kdata, key_size*8, apdu.data, apdu.nc, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) if (r != 0)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
res_APDU_size = 16; res_APDU_size = 16;
} }
else if (algo == ALGO_AES_DERIVE) { else if (algo == ALGO_AES_DERIVE) {
int r = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, file_get_data(ef), key_size, apdu.data, apdu.nc, res_APDU, apdu.nc); int r = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, file_get_data(ef), key_size, apdu.data, apdu.nc, res_APDU, apdu.nc);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) if (r != 0)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
res_APDU_size = apdu.nc; res_APDU_size = apdu.nc;
} }
else { else {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_P1P2(); return SW_WRONG_P1P2();
} }
return SW_OK(); return SW_OK();