coelner/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido.git synced 2024-09-20 03:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication key_path.

Browse Source 
Also adding key parameter for key derivation as optional.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-09-06 16:53:39 +02:00
parent 6e56874d3e
commit 694ab2cf87
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/fido/fido.c
View File

@ -93,14 +93,13 @@ int load_keydev(uint8_t *key) {
} }
int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key) { int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key) {
const int entries = KEY_PATH_LEN / sizeof(uint32_t);
uint8_t outk[64] = {0}; uint8_t outk[64] = {0};
int r = 0; int r = 0;
memset(outk, 0, sizeof(outk)); memset(outk, 0, sizeof(outk));
if ((r = load_keydev(outk)) != CCID_OK) if ((r = load_keydev(outk)) != CCID_OK)
return r; return r;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
for (int i = 0; i < entries; i++) for (int i = 0; i < KEY_PATH_ENTRIES; i++)
{ {
if (new_key == true) { if (new_key == true) {
uint32_t val = 0x80000000 | *((uint32_t *)random_bytes_get(sizeof(uint32_t))); uint32_t val = 0x80000000 | *((uint32_t *)random_bytes_get(sizeof(uint32_t)));
@ -112,17 +111,21 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
return r; return r;
} }
} }
if ((r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, app_id, 32, key_handle + 32)) != 0) if (new_key == true && (r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, app_id, 32, key_handle + 32)) != 0)
{ {
mbedtls_platform_zeroize(outk, sizeof(outk)); mbedtls_platform_zeroize(outk, sizeof(outk));
return r; return r;
} }
if (key != NULL) {
mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1); mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1);
r = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, key, outk, 32); r = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, key, outk, 32);
mbedtls_platform_zeroize(outk, sizeof(outk)); mbedtls_platform_zeroize(outk, sizeof(outk));
if (r != 0) if (r != 0)
return r; return r;
return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL ); return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL );
}
mbedtls_platform_zeroize(outk, sizeof(outk));
return r;
} }
int scan_files() { int scan_files() {

1
src/fido/fido.h
View File

@ -25,6 +25,7 @@
#define U2F_PUBKEY_LEN (65) #define U2F_PUBKEY_LEN (65)
#define KEY_PATH_LEN (32) #define KEY_PATH_LEN (32)
#define KEY_PATH_ENTRIES (KEY_PATH_LEN / sizeof(uint32_t))
#define SHA256_DIGEST_LENGTH (32) #define SHA256_DIGEST_LENGTH (32)
#define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH) #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH)