From a72f0ede05ceb04d722156c23bf34dfa5e96869d Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Tue, 20 Aug 2019 21:27:52 +0800
Subject: [PATCH] take a lazy approach to key agreement generation to not hold
 up boot time for nfc

---
 fido2/crypto.c                 |  5 +++++
 fido2/crypto.h                 |  1 +
 fido2/ctap.c                   | 14 +++++++-------
 targets/stm32l432/src/crypto.c |  5 +++++
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/fido2/crypto.c b/fido2/crypto.c
index 63520c1..6aea29f 100644
--- a/fido2/crypto.c
+++ b/fido2/crypto.c
@@ -262,6 +262,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
     memmove(y,pubkey+32,32);
 }
 
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
+{
+    uECC_compute_public_key(privkey, pubkey, _es256_curve);
+}
+
 void crypto_load_external_key(uint8_t * key, int len)
 {
     _signing_key = key;
diff --git a/fido2/crypto.h b/fido2/crypto.h
index e9e4433..6b67b02 100644
--- a/fido2/crypto.h
+++ b/fido2/crypto.h
@@ -26,6 +26,7 @@ void crypto_sha512_final(uint8_t * hash);
 
 void crypto_ecc256_init();
 void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey);
 
 void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2);
 void crypto_ecc256_load_attestation_key();
diff --git a/fido2/ctap.c b/fido2/ctap.c
index 9302e1d..8edf591 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -1481,6 +1481,11 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
 
             ret = cbor_encode_int(&map, RESP_keyAgreement);
             check_ret(ret);
+
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
+            crypto_ecc256_compute_public_key(KEY_AGREEMENT_PRIV, KEY_AGREEMENT_PUB);
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
+
             ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256);
             check_retr(ret);
 
@@ -1769,10 +1774,7 @@ void ctap_init()
         exit(1);
     }
 
-    // if (device_is_nfc() != NFC_IS_ACTIVE)
-    {
-        ctap_reset_key_agreement();
-    }
+    ctap_reset_key_agreement();
 
 #ifdef BRIDGE_TO_WALLET
     wallet_init();
@@ -1971,9 +1973,7 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key)
 
 static void ctap_reset_key_agreement()
 {
-    if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
-    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
-    if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
+    ctap_generate_rng(KEY_AGREEMENT_PRIV, sizeof(KEY_AGREEMENT_PRIV));
 }
 
 void ctap_reset()
diff --git a/targets/stm32l432/src/crypto.c b/targets/stm32l432/src/crypto.c
index 33fef68..1dde2f3 100644
--- a/targets/stm32l432/src/crypto.c
+++ b/targets/stm32l432/src/crypto.c
@@ -282,6 +282,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
     memmove(x,pubkey,32);
     memmove(y,pubkey+32,32);
 }
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
+{
+    uECC_compute_public_key(privkey, pubkey, _es256_curve);
+}
+
 
 void crypto_load_external_key(uint8_t * key, int len)
 {