Protect keydev if available (only for RP2350).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-09-20 03:10:10 +00:00 · 2024-09-12 19:01:04 +02:00 · 2024-09-12 19:01:04 +02:00 · c43006f8c2
commit c43006f8c2
parent 95cae29206
5 changed files with 27 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9f65a2cfa024b721a6b7c16863e00558ac1a6f88
+Subproject commit 108cfec47c8b72472acbf6d3f8cc50260bfb09bd
--- a/src/fido/cbor.c
+++ b/src/fido/cbor.c
@ -15,6 +15,7 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

+#include "pico_keys.h"
 #if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #endif
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@ -440,7 +440,12 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) {
        mbedtls_ecdsa_free(&ekey);
        mbedtls_ecdsa_init(&ekey);
-        ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32);
+        uint8_t key[32] = {0};
+        if (load_keydev(key) != 0) {
+            CBOR_ERROR(CTAP1_ERR_OTHER);
+        }
+        ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, key, 32);
+        mbedtls_platform_zeroize(key, sizeof(key));
        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
        self_attestation = false;
    }
--- a/src/fido/cmd_register.c
+++ b/src/fido/cmd_register.c
@ -100,7 +100,13 @@ int cmd_register() {
        return SW_EXEC_ERROR();
    }
    mbedtls_ecdsa_init(&key);
-    ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), 32);
+    uint8_t key_dev[32] = {0};
+    ret = load_keydev(key_dev);
+    if (ret != CCID_OK) {
+        return SW_EXEC_ERROR();
+    }
+    ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, key_dev, 32);
+    mbedtls_platform_zeroize(key_dev, sizeof(key_dev));
    if (ret != CCID_OK) {
        mbedtls_ecdsa_free(&key);
        return SW_EXEC_ERROR();
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@ -34,6 +34,8 @@
 #include "management.h"
 #include "hid/ctap_hid.h"
 #include "version.h"
+#include "crypto_utils.h"
+#include "otp.h"

 int fido_process_apdu();
 int fido_unload();
@ -178,12 +180,19 @@ int load_keydev(uint8_t *key) {
    if (has_keydev_dec == false && !file_has_data(ef_keydev)) {
        return CCID_ERR_MEMORY_FATAL;
    }
+
    if (has_keydev_dec == true) {
        memcpy(key, keydev_dec, sizeof(keydev_dec));
    }
    else {
        memcpy(key, file_get_data(ef_keydev), file_get_size(ef_keydev));
+#ifdef PICO_RP2350
+        if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != CCID_OK) {
+            return CCID_EXEC_ERROR;
        }
+#endif
+    }
+
    //return mkek_decrypt(key, file_get_size(ef_keydev));
    return CCID_OK;
 }
@ -292,6 +301,9 @@ int scan_files() {
            if (ret != CCID_OK) {
                return ret;
            }
+#ifdef PICO_RP2350
+            ret = aes_encrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, kdata, 32);
+#endif
            ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size);
            mbedtls_platform_zeroize(kdata, sizeof(kdata));
            mbedtls_ecdsa_free(&ecdsa);