shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

pull certificate from flash page

Browse Source
This commit is contained in:
Conor Patrick 2019-10-27 07:51:02 -04:00
parent b7d74cc99f
commit b4f59ec355
5 changed files with 35 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fido2/ctap.c
View File

@ -661,7 +661,7 @@ uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len)
ret = cbor_encoder_create_array(&stmtmap, &x5carr, 1); ret = cbor_encoder_create_array(&stmtmap, &x5carr, 1);
check_ret(ret); check_ret(ret);
{ {
ret = cbor_encode_byte_string(&x5carr, attestation_cert_der, attestation_cert_der_size); ret = cbor_encode_byte_string(&x5carr, attestation_cert_der, attestation_cert_der_get_size());
check_ret(ret); check_ret(ret);
ret = cbor_encoder_close_container(&stmtmap, &x5carr); ret = cbor_encoder_close_container(&stmtmap, &x5carr);
check_ret(ret); check_ret(ret);

2
fido2/u2f.c
View File

@ -306,7 +306,7 @@ static int16_t u2f_register(struct u2f_register_request * req)
uint8_t * sig = (uint8_t*)req; uint8_t * sig = (uint8_t*)req;
const uint16_t attest_size = attestation_cert_der_size; const uint16_t attest_size = attestation_cert_der_get_size();
if ( ! ctap_user_presence_test(750)) if ( ! ctap_user_presence_test(750))
{ {

23
targets/stm32l432/src/attestation.c
View File

@ -6,10 +6,10 @@
// copied, modified, or distributed except according to those terms. // copied, modified, or distributed except according to those terms.
#include <stdint.h> #include <stdint.h>
#include "crypto.h" #include "crypto.h"
#include "memory_layout.h"
#ifdef USE_SOLOKEYS_CERT
const uint8_t attestation_cert_der[] = const uint8_t attestation_solo_cert_der[] =
"\x30\x82\x02\xe1\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08" "\x30\x82\x02\xe1\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04\x06" "\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04\x06"
"\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c" "\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c"
@ -49,11 +49,8 @@ const uint8_t attestation_cert_der[] =
"\xf8\x84\xc3\x78\x35\x93\x63\x81\x2e\xbe\xa6\x12\x32\x6e\x29\x90\xc8\x91\x4b\x71" "\xf8\x84\xc3\x78\x35\x93\x63\x81\x2e\xbe\xa6\x12\x32\x6e\x29\x90\xc8\x91\x4b\x71"
"\x52" "\x52"
; ;
#else
// For testing/development only const uint8_t attestation_hacker_cert_der[] =
const uint8_t attestation_cert_der[] =
"\x30\x82\x02\xe9\x30\x82\x02\x8e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08" "\x30\x82\x02\xe9\x30\x82\x02\x8e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
"\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06" "\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06"
"\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c" "\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c"
@ -94,8 +91,16 @@ const uint8_t attestation_cert_der[] =
"\xf3\x87\x61\x82\xd8\xcd\x48\xfc\x57" "\xf3\x87\x61\x82\xd8\xcd\x48\xfc\x57"
; ;
#endif
const uint16_t attestation_cert_der_size = sizeof(attestation_cert_der)-1; const uint16_t attestation_solo_cert_der_size = sizeof(attestation_solo_cert_der)-1;
const uint16_t attestation_hacker_cert_der_size = sizeof(attestation_hacker_cert_der)-1;
const uint16_t attestation_key_size = 32; // const uint16_t attestation_key_size = 32;
const uint8_t * attestation_cert_der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
uint16_t attestation_cert_der_get_size(){
return ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size;
}
const uint

7
targets/stm32l432/src/crypto.c
View File

@ -194,9 +194,10 @@ void crypto_ecc256_init(void)
void crypto_ecc256_load_attestation_key(void) void crypto_ecc256_load_attestation_key(void)
{ {
static uint8_t _key [32]; // static uint8_t _key [32];
memmove(_key, (uint8_t*)ATTESTATION_KEY_ADDR, 32); flash_attestation_page * page =(flash_attestation_page *)ATTESTATION_PAGE_ADDR;
_signing_key = _key; // memmove(_key, (uint8_t *)ATTESTATION_KEY_ADDR, 32);
_signing_key = page->attestation_key;
_key_len = 32; _key_len = 32;
} }

18
targets/stm32l432/src/memory_layout.h
View File

@ -32,8 +32,8 @@
#define APPLICATION_START_ADDR (0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE)) #define APPLICATION_START_ADDR (0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE))
// where attestation key is located // where attestation key is located
#define ATTESTATION_KEY_PAGE (PAGES - 15) #define ATTESTATION_PAGE (PAGES - 15)
#define ATTESTATION_KEY_ADDR (0x08000000 + ATTESTATION_KEY_PAGE*PAGE_SIZE) #define ATTESTATION_PAGE_ADDR (0x08000000 + ATTESTATION_PAGE*PAGE_SIZE)
// End of application code. Leave some extra room for future data storage. // End of application code. Leave some extra room for future data storage.
// NOT included in application // NOT included in application
@ -48,7 +48,6 @@
#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8) #define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8)
#define LAST_PAGE (APPLICATION_END_PAGE-1) #define LAST_PAGE (APPLICATION_END_PAGE-1)
struct flash_memory_st{ struct flash_memory_st{
uint8_t bootloader[APPLICATION_START_PAGE*2*1024]; uint8_t bootloader[APPLICATION_START_PAGE*2*1024];
uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-8]; uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-8];
@ -65,5 +64,18 @@ typedef struct flash_memory_st flash_memory_st;
#include <assert.h> #include <assert.h>
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size"); static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
#define ATTESTATION_FORMAT 0x5A01
struct flash_attestation_page{
uint8_t attestation_key[32];
uint16_t attestation_format;
uint16_t attestation_cert_size;
uint8_t attestation_cert[2048 - 32 - 2 - 2];
} __attribute__((packed));
typedef struct flash_attestation_page flash_attestation_page;
static_assert(sizeof(flash_attestation_page) == 2048, "Data structure doesn't match flash size");
#endif #endif