From 4837d5d5e95791af3bbaea76d0e867b95f070140 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sat, 2 Jun 2018 22:47:04 -0400 Subject: [PATCH] attempt with nrf crypto lib --- nrf52840/Makefile | 91 ++++++++++- old-crypto.c | 377 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 466 insertions(+), 2 deletions(-) create mode 100644 old-crypto.c diff --git a/nrf52840/Makefile b/nrf52840/Makefile index 0548251..47e894e 100644 --- a/nrf52840/Makefile +++ b/nrf52840/Makefile @@ -75,6 +75,52 @@ SRC_FILES += \ $(SDK_ROOT)/modules/nrfx/drivers/src/prs/nrfx_prs.c \ $(SDK_ROOT)/components/libraries/bsp/bsp.c \ $(SDK_ROOT)/components/libraries/bsp/bsp_cli.c \ + \ + $(SDK_ROOT)/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_init.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/blockwise.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/cifra_cmac.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/cifra_eax_aes.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/eax.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/gf128.c \ + $(SDK_ROOT)/components/libraries/mem_manager/mem_manager.c \ + $(SDK_ROOT)/external/cifra_AES128-EAX/modes.c \ + $(SDK_ROOT)/external/fprintf/nrf_fprintf.c \ + $(SDK_ROOT)/external/fprintf/nrf_fprintf_format.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c \ + $(SDK_ROOT)/integration/nrfx/legacy/nrf_drv_rng.c \ + $(SDK_ROOT)/modules/nrfx/drivers/src/prs/nrfx_prs.c \ + $(SDK_ROOT)/modules/nrfx/drivers/src/nrfx_rng.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_aead.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_aes.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_aes_shared.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_ecc.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_ecdh.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_ecdsa.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_error.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_hash.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_hkdf.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_hmac.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_init.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_rng.c \ + $(SDK_ROOT)/components/libraries/crypto/nrf_crypto_shared.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_aes.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_ecc.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_hash.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_hmac.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_init.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_mutex.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_rng.c \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310/cc310_backend_shared.c \ + # Include folders common to all targets @@ -122,7 +168,6 @@ INC_FOLDERS += \ $(SDK_ROOT)/components/drivers_nrf/usbd \ $(SDK_ROOT)/components/libraries/usbd/class/hid \ $(SDK_ROOT)/components/libraries/hardfault/nrf52 \ - $(SDK_ROOT)/components/libraries/cli/uart \ $(SDK_ROOT)/components/libraries/hardfault \ $(SDK_ROOT)/components/libraries/uart \ $(SDK_ROOT)/external/fnmatch \ @@ -147,8 +192,49 @@ INC_FOLDERS += \ $(SDK_ROOT)/modules/nrfx/drivers/include \ $(SDK_ROOT)/modules/nrfx/hal \ $(SDK_ROOT)/external/fprintf \ + \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310 \ + $(SDK_ROOT)/components/libraries/crypto/backend/cifra \ + $(SDK_ROOT)/external/fprintf \ + $(PROJ_DIR) \ + $(SDK_ROOT)/components/libraries/experimental_section_vars \ + $(SDK_ROOT)/components/libraries/experimental_log \ + $(SDK_ROOT)/components/libraries/experimental_memobj \ + $(SDK_ROOT)/components/libraries/stack_info \ + $(SDK_ROOT)/components/libraries/delay \ + $(SDK_ROOT)/external/nrf_oberon/include \ + $(SDK_ROOT)/components/libraries/crypto \ + $(SDK_ROOT)/components/toolchain/cmsis/include \ + $(SDK_ROOT)/components/libraries/balloc \ + $(SDK_ROOT)/components/libraries/mem_manager \ + $(SDK_ROOT)/external/nrf_oberon \ + $(SDK_ROOT)/components/libraries/atomic \ + $(SDK_ROOT)/components/libraries/crypto/backend/nrf_sw \ + $(SDK_ROOT)/components/libraries/strerror \ + $(SDK_ROOT)/integration/nrfx \ + $(SDK_ROOT)/modules/nrfx/drivers/include \ + $(SDK_ROOT)/external/mbedtls/include \ + $(SDK_ROOT)/components/libraries/experimental_log/src \ + $(SDK_ROOT)/components/libraries/util \ + $(SDK_ROOT)/modules/nrfx \ + $(SDK_ROOT)/components/drivers_nrf/nrf_soc_nosd \ + $(SDK_ROOT)/external/micro-ecc/micro-ecc \ + $(SDK_ROOT)/external/segger_rtt \ + $(SDK_ROOT)/modules/nrfx/mdk \ + $(SDK_ROOT)/modules/nrfx/hal \ + $(SDK_ROOT)/components/libraries/mutex \ + $(SDK_ROOT)/components/libraries/crypto/backend/micro_ecc \ + $(SDK_ROOT)/components/libraries/crypto/backend/mbedtls \ + $(SDK_ROOT)/components/libraries/queue \ + $(SDK_ROOT)/components/libraries/crypto/backend/nrf_hw \ + $(SDK_ROOT)/integration/nrfx/legacy \ + $(SDK_ROOT)/external/cifra_AES128-EAX \ + $(SDK_ROOT)/external/nrf_tls/mbedtls/nrf_crypto/config \ + $(SDK_ROOT)/components/boards \ $(SDK_ROOT)/external/nrf_cc310/include \ - $(SDK_ROOT)/external/nrf_cc310/common \ + $(SDK_ROOT)/components/libraries/crypto/backend/cc310_bl \ + $(SDK_ROOT)/components/libraries/crypto/backend/oberon \ + # Libraries common to all targets LIB_FILES += $(SDK_ROOT)/external/nrf_cc310/lib/libnrf_cc310_0.9.9.a \ @@ -178,6 +264,7 @@ CFLAGS += -mfloat-abi=hard -mfpu=fpv4-sp-d16 # keep every function in a separate section, this allows linker to discard unused ones CFLAGS += -ffunction-sections -fdata-sections -fno-strict-aliasing CFLAGS += -fno-builtin -fshort-enums +CFLAGS += -DNRF_CRYPTO_MAX_INSTANCE_COUNT=1 # C++ flags common to all targets CXXFLAGS += $(OPT) diff --git a/old-crypto.c b/old-crypto.c new file mode 100644 index 0000000..9fa66cc --- /dev/null +++ b/old-crypto.c @@ -0,0 +1,377 @@ +/* + * Wrapper for crypto implementation on device + * + * */ +#include +#include +#include + +#include "sdk_common.h" +#include "nrf_assert.h" +#include "nrf_log.h" +#include "nrf_log_ctrl.h" +#include "nrf_log_default_backends.h" +#include "nrf_crypto.h" +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_ecdsa.h" +#include "mem_manager.h" + + +#include "util.h" +#include "crypto.h" +#include "sha256.h" +#include "uECC.h" +#include "aes.h" +#include "ctap.h" + + +const uint8_t attestation_cert_der[]; +const uint16_t attestation_cert_der_size; +const uint8_t attestation_key[]; +const uint16_t attestation_key_size; + + + +static SHA256_CTX sha256_ctx; + + +static const uint8_t * _signing_key = NULL; + +// Secrets for testing only +static uint8_t master_secret[32] = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff" + "\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x77\x66\x55\x44\x33\x22\x11\x00"; + +static uint8_t transport_secret[32] = "\x10\x01\x22\x33\x44\x55\x66\x77\x87\x90\x0a\xbb\x3c\xd8\xee\xff" + "\xff\xee\x8d\x1c\x3b\xfa\x99\x88\x77\x86\x55\x44\xd3\xff\x33\x00"; + + + +void crypto_sha256_init() +{ + sha256_init(&sha256_ctx); +} + +void crypto_reset_master_secret() +{ + ctap_generate_rng(master_secret, 32); +} + + +void crypto_sha256_update(uint8_t * data, size_t len) +{ + sha256_update(&sha256_ctx, data, len); +} + +void crypto_sha256_update_secret() +{ + sha256_update(&sha256_ctx, master_secret, 32); +} + +void crypto_sha256_final(uint8_t * hash) +{ + sha256_final(&sha256_ctx, hash); +} + +void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac) +{ + uint8_t buf[64]; + int i; + memset(buf, 0, sizeof(buf)); + + if (key == CRYPTO_MASTER_KEY) + { + key = master_secret; + klen = sizeof(master_secret); + } + + if(klen > 64) + { + printf("Error, key size must be <= 64\n"); + exit(1); + } + + memmove(buf, key, klen); + + for (i = 0; i < sizeof(buf); i++) + { + buf[i] = buf[i] ^ 0x36; + } + + crypto_sha256_init(); + crypto_sha256_update(buf, 64); +} + +void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac) +{ + uint8_t buf[64]; + int i; + crypto_sha256_final(hmac); + memset(buf, 0, sizeof(buf)); + if (key == CRYPTO_MASTER_KEY) + { + key = master_secret; + klen = sizeof(master_secret); + } + + + if(klen > 64) + { + printf("Error, key size must be <= 64\n"); + exit(1); + } + memmove(buf, key, klen); + + for (i = 0; i < sizeof(buf); i++) + { + buf[i] = buf[i] ^ 0x5c; + } + + crypto_sha256_init(); + crypto_sha256_update(buf, 64); + crypto_sha256_update(hmac, 32); + crypto_sha256_final(hmac); +} + + +void crypto_ecc256_init() +{ + int ret; + ret = nrf_mem_init(); + if (ret != NRF_SUCCESS) + { + printf("nrf_mem_init fail %d\n", ret); + exit(1); + } + + ret = nrf_crypto_init(); + if (ret != NRF_SUCCESS) + { + printf("nrf_crypto_init fail 0x%02x\n", ret); + printf("nrf_crypto_init fail %s\n", nrf_strerror_get(ret)); + printf("nrf_crypto_init fail %s\n", nrf_strerror_get(ret)); + printf("nrf_crypto_init fail %s\n", nrf_strerror_get(ret)); + exit(1); + } + + uECC_set_rng((uECC_RNG_Function)ctap_generate_rng); +} + + +void crypto_ecc256_load_attestation_key() +{ + _signing_key = attestation_key; +} + +void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig) +{ + nrf_crypto_ecc_private_key_t privkey; + nrf_crypto_ecdsa_sign_context_t context; + ret_code_t ret = NRF_SUCCESS; + size_t sigsz; + + /*dump_hex(_signing_key,32);*/ + memset(&privkey, 0, sizeof(nrf_crypto_ecc_private_key_t)); + memset(&context, 0, sizeof(nrf_crypto_ecdsa_sign_context_t)); + + ret = nrf_crypto_ecc_private_key_from_raw(&g_nrf_crypto_ecc_secp256r1_curve_info, + &privkey, + _signing_key, + (size_t)32); + if (ret != NRF_SUCCESS) + { + printf("private_key_from_raw failed\n"); + exit(1); + } + + sigsz = 64; + ret = nrf_crypto_ecdsa_sign(&context, + &privkey, + data, + (size_t)len, + sig, + &sigsz); + if (ret != NRF_SUCCESS) + { + printf("crypto_ecdsa failed\n"); + exit(1); + } + + if (sigsz != 64) + { + printf("sig wrong size %d\n", sigsz); + exit(1); + } + + ret = nrf_crypto_ecc_private_key_free(&privkey); + + if (ret != NRF_SUCCESS) + { + printf("crypto free failed\n"); + exit(1); + } + +} + + +/*int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve);*/ +void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y) +{ + nrf_crypto_ecc_private_key_t nrfprivkey; + nrf_crypto_ecc_public_key_calculate_context_t context; + nrf_crypto_ecc_public_key_t nrfpubkey; + uint8_t privkey[32]; + uint8_t pubkey[64]; + size_t sz; + ret_code_t ret = NRF_SUCCESS; + memset(&nrfprivkey, 0, sizeof(nrf_crypto_ecc_private_key_t)); + memset(&context, 0, sizeof(nrf_crypto_ecc_public_key_calculate_context_t)); + + generate_private_key(data,len,NULL,0,privkey); + + + ret = nrf_crypto_ecc_private_key_from_raw(&g_nrf_crypto_ecc_secp256r1_curve_info, + &nrfprivkey, + privkey, + (size_t)32); + if (ret != NRF_SUCCESS) + { + printf("private_key_from_raw failed\n"); + exit(1); + } + + ret = nrf_crypto_ecc_public_key_calculate(&context, &nrfprivkey, &nrfpubkey); + + if (ret != NRF_SUCCESS) + { + printf("public key compute failed: %s\n", nrf_strerror_get(ret)); + exit(1); + } + + sz = sizeof(pubkey); + nrf_crypto_ecc_public_key_to_raw(&nrfpubkey, pubkey, &sz); + + memmove(x,pubkey,32); + memmove(y,pubkey+32,32); + + nrf_crypto_ecc_public_key_free(&nrfpubkey); + nrf_crypto_ecc_private_key_free(&nrfprivkey); + +} + +void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2) +{ + static uint8_t privkey[32]; + generate_private_key(data,len,data2,len2,privkey); + _signing_key = privkey; +} + +void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey) +{ + if (uECC_make_key(pubkey, privkey, uECC_secp256r1()) != 1) + { + printf("Error, uECC_make_key failed\n"); + exit(1); + } +} + +void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret) +{ + if (uECC_shared_secret(pubkey, privkey, shared_secret, uECC_secp256r1()) != 1) + { + printf("Error, uECC_shared_secret failed\n"); + exit(1); + } + +} + +void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey) +{ + crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey); + crypto_sha256_update(data, len); + crypto_sha256_update(data2, len2); + crypto_sha256_update(master_secret, 32); + crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey); +} + +struct AES_ctx aes_ctx; +void crypto_aes256_init(uint8_t * key, uint8_t * nonce) +{ + if (key == CRYPTO_TRANSPORT_KEY) + { + AES_init_ctx(&aes_ctx, transport_secret); + } + else + { + AES_init_ctx(&aes_ctx, key); + } + if (nonce == NULL) + { + memset(aes_ctx.Iv, 0, 16); + } + else + { + memmove(aes_ctx.Iv, nonce, 16); + } +} + +// prevent round key recomputation +void crypto_aes256_reset_iv(uint8_t * nonce) +{ + if (nonce == NULL) + { + memset(aes_ctx.Iv, 0, 16); + } + else + { + memmove(aes_ctx.Iv, nonce, 16); + } +} + +void crypto_aes256_decrypt(uint8_t * buf, int length) +{ + AES_CBC_decrypt_buffer(&aes_ctx, buf, length); +} + +void crypto_aes256_encrypt(uint8_t * buf, int length) +{ + AES_CBC_encrypt_buffer(&aes_ctx, buf, length); +} + + +const uint8_t attestation_cert_der[] = +"\x30\x82\x01\xfb\x30\x82\x01\xa1\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0a\x06\x08" +"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13" +"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e" +"\x06\x03\x55\x04\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x30\x20\x17\x0d\x31\x38" +"\x30\x35\x31\x30\x30\x33\x30\x36\x32\x30\x5a\x18\x0f\x32\x30\x36\x38\x30\x34\x32" +"\x37\x30\x33\x30\x36\x32\x30\x5a\x30\x7c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13" +"\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x0f\x30\x0d" +"\x06\x03\x55\x04\x07\x0c\x06\x4c\x61\x75\x72\x65\x6c\x31\x15\x30\x13\x06\x03\x55" +"\x04\x0a\x0c\x0c\x54\x45\x53\x54\x20\x43\x4f\x4d\x50\x41\x4e\x59\x31\x22\x30\x20" +"\x06\x03\x55\x04\x0b\x0c\x19\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72" +"\x20\x41\x74\x74\x65\x73\x74\x61\x74\x69\x6f\x6e\x31\x14\x30\x12\x06\x03\x55\x04" +"\x03\x0c\x0b\x63\x6f\x6e\x6f\x72\x70\x70\x2e\x63\x6f\x6d\x30\x59\x30\x13\x06\x07" +"\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00" +"\x04\x45\xa9\x02\xc1\x2e\x9c\x0a\x33\xfa\x3e\x84\x50\x4a\xb8\x02\xdc\x4d\xb9\xaf" +"\x15\xb1\xb6\x3a\xea\x8d\x3f\x03\x03\x55\x65\x7d\x70\x3f\xb4\x02\xa4\x97\xf4\x83" +"\xb8\xa6\xf9\x3c\xd0\x18\xad\x92\x0c\xb7\x8a\x5a\x3e\x14\x48\x92\xef\x08\xf8\xca" +"\xea\xfb\x32\xab\x20\xa3\x62\x30\x60\x30\x46\x06\x03\x55\x1d\x23\x04\x3f\x30\x3d" +"\xa1\x30\xa4\x2e\x30\x2c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31" +"\x0b\x30\x09\x06\x03\x55\x04\x08\x0c\x02\x4d\x44\x31\x10\x30\x0e\x06\x03\x55\x04" +"\x0a\x0c\x07\x54\x45\x53\x54\x20\x43\x41\x82\x09\x00\xf7\xc9\xec\x89\xf2\x63\x94" +"\xd9\x30\x09\x06\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04" +"\x04\x03\x02\x04\xf0\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x02\x03\x48\x00" +"\x30\x45\x02\x20\x18\x38\xb0\x45\x03\x69\xaa\xa7\xb7\x38\x62\x01\xaf\x24\x97\x5e" +"\x7e\x74\x64\x1b\xa3\x7b\xf7\xe6\xd3\xaf\x79\x28\xdb\xdc\xa5\x88\x02\x21\x00\xcd" +"\x06\xf1\xe3\xab\x16\x21\x8e\xd8\xc0\x14\xaf\x09\x4f\x5b\x73\xef\x5e\x9e\x4b\xe7" +"\x35\xeb\xdd\x9b\x6d\x8f\x7d\xf3\xc4\x3a\xd7"; + + +const uint16_t attestation_cert_der_size = sizeof(attestation_cert_der)-1; + + +const uint8_t attestation_key[] = "\xcd\x67\xaa\x31\x0d\x09\x1e\xd1\x6e\x7e\x98\x92\xaa\x07\x0e\x19\x94\xfc\xd7\x14\xae\x7c\x40\x8f\xb9\x46\xb7\x2e\x5f\xe7\x5d\x30"; +const uint16_t attestation_key_size = sizeof(attestation_key)-1; + +