coelner/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido.git synced 2024-09-20 03:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication key_path.

Browse Source 
Also adding key parameter for key derivation as optional.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-09-06 16:53:39 +02:00
parent 6e56874d3e
commit 694ab2cf87
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/fido/fido.c
View File

@ -93,14 +93,13 @@ int load_keydev(uint8_t *key) {
}
int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key) {
const int entries = KEY_PATH_LEN / sizeof(uint32_t);
uint8_t outk[64] = {0};
int r = 0;
memset(outk, 0, sizeof(outk));
if ((r = load_keydev(outk)) != CCID_OK)
return r;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
for (int i = 0; i < entries; i++)
for (int i = 0; i < KEY_PATH_ENTRIES; i++)
{
if (new_key == true) {
uint32_t val = 0x80000000 | *((uint32_t *)random_bytes_get(sizeof(uint32_t)));
@ -112,11 +111,12 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
return r;
}
}
if ((r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, app_id, 32, key_handle + 32)) != 0)
if (new_key == true && (r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, app_id, 32, key_handle + 32)) != 0)
{
mbedtls_platform_zeroize(outk, sizeof(outk));
return r;
}
if (key != NULL) {
mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1);
r = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, key, outk, 32);
mbedtls_platform_zeroize(outk, sizeof(outk));
@ -124,6 +124,9 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
return r;
return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL );
}
mbedtls_platform_zeroize(outk, sizeof(outk));
return r;
}
int scan_files() {
ef_keydev = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);

1
src/fido/fido.h
View File

@ -25,6 +25,7 @@
#define U2F_PUBKEY_LEN (65)
#define KEY_PATH_LEN (32)
#define KEY_PATH_ENTRIES (KEY_PATH_LEN / sizeof(uint32_t))
#define SHA256_DIGEST_LENGTH (32)
#define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH)