Adding MKEK generation on first scan.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-09-20 03:10:10 +00:00 · 2022-09-02 18:36:14 +02:00 · 2022-09-02 18:36:14 +02:00 · 65b14960ce
commit 65b14960ce
parent 6de753447e
5 changed files with 97 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -30,6 +30,7 @@ add_executable(pico_fido)

 target_sources(pico_fido PUBLIC
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/fido.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/fido/files.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/cmd_register.c
        )
 set(HSM_DRIVER "hid")
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@ -19,6 +19,9 @@
 #include "hsm.h"
 #include "apdu.h"
 #include "u2f.h"
+#include "files.h"
+#include "file.h"
+#include "random.h"
 #include <stdio.h>

 void init_fido();
@ -39,9 +42,6 @@ app_t *fido_select(app_t *a) {
    return a;
 }

-void init_fido() {
-}
-
 void __attribute__ ((constructor)) fido_ctor() {
    register_app(fido_select);
    fido_select(&apps[0]);
@ -51,6 +51,33 @@ int fido_unload() {
    return CCID_OK;
 }

+void scan_files() {
+    ef_mkek = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
+    if (ef_mkek) {
+        if (!ef_mkek->data) {
+            printf("MKEK is empty. Initializing with default password\r\n");
+             uint8_t tmp_mkek[MKEK_SIZE];
+            const uint8_t *rd = random_bytes_get(MKEK_IV_SIZE+MKEK_KEY_SIZE);
+            memcpy(tmp_mkek, rd, MKEK_IV_SIZE+MKEK_KEY_SIZE);
+            flash_write_data_to_file(ef_mkek, tmp_mkek, MKEK_SIZE);
+        }
+    }
+    else {
+        printf("FATAL ERROR: PIN1 not found in memory!\r\n");
+    }
+
+    low_flash_available();
+}
+
+void scan_all() {
+    scan_flash();
+    scan_files();
+}
+
+void init_fido() {
+    scan_all();
+}
+
 typedef struct cmd
 {
  uint8_t ins;
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@ -22,4 +22,8 @@
 #define KEY_PATH_LEN 32
 #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH)

+#define MKEK_IV_SIZE 16
+#define MKEK_KEY_SIZE 32
+#define MKEK_SIZE (MKEK_IV_SIZE+MKEK_KEY_SIZE)
+
 #endif //_FIDO_H
--- a/src/fido/files.c
+++ b/src/fido/files.c
@ -0,0 +1,31 @@
+/*
+ * This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "file.h"
+#include "files.h"
+
+file_t file_entries[] = {
+    {.fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = {0}},                                                                     // MF
+    {.fid = EF_KEY_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},  // Device Key
+    {.fid = EF_PRKD_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}}, // PrKD Device
+    {.fid = EF_EE_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // End Entity Certificate Device
+    {.fid = EF_MKEK, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},     // MKEK
+};
+
+const file_t *MF = &file_entries[0];
+const file_t *file_last = &file_entries[sizeof(file_entries)/sizeof(file_t)-1];
+file_t *ef_mkek = NULL;
--- a/src/fido/files.h
+++ b/src/fido/files.h
@ -0,0 +1,31 @@
+/*
+ * This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _FILES_H_
+#define _FILES_H_
+
+#include "file.h"
+
+#define EF_MKEK         0x100A
+
+#define EF_KEY_DEV      0xCC00
+#define EF_PRKD_DEV     0xC400
+#define EF_EE_DEV       0xCE00
+
+extern file_t *ef_mkek;
+
+#endif //_FILES_H_