shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

initial on-device key generation

Browse Source
This commit is contained in:
Conor Patrick 2018-10-26 00:52:32 -04:00
parent 27a2e13039
commit b9e51f6125
3 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fido2/crypto.h
View File

@ -49,7 +49,6 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey); void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret); void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret);
// Key must be 32 bytes
#define CRYPTO_TRANSPORT_KEY NULL #define CRYPTO_TRANSPORT_KEY NULL
#define CRYPTO_MASTER_KEY NULL #define CRYPTO_MASTER_KEY NULL
@ -61,6 +60,7 @@ void crypto_aes256_decrypt(uint8_t * buf, int lenth);
void crypto_aes256_encrypt(uint8_t * buf, int lenth); void crypto_aes256_encrypt(uint8_t * buf, int lenth);
void crypto_reset_master_secret(); void crypto_reset_master_secret();
void crypto_load_master_secret(uint8_t * key);
extern const uint8_t attestation_cert_der[]; extern const uint8_t attestation_cert_der[];

7
fido2/ctap.c
View File

@ -1253,6 +1253,9 @@ static void ctap_state_init()
{ {
// Set to 0xff instead of 0x00 to be easier on flash // Set to 0xff instead of 0x00 to be easier on flash
memset(&STATE, 0xff, sizeof(AuthenticatorState)); memset(&STATE, 0xff, sizeof(AuthenticatorState));
// Fresh RNG for key
ctap_generate_rng(STATE.key_space, KEY_SPACE_BYTES);
STATE.is_initialized = INITIALIZED_MARKER; STATE.is_initialized = INITIALIZED_MARKER;
STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS; STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
STATE.is_pin_set = 0; STATE.is_pin_set = 0;
@ -1286,6 +1289,8 @@ void ctap_init()
} }
} }
crypto_load_master_secret(STATE.key_space);
if (ctap_is_pin_set()) if (ctap_is_pin_set())
{ {
printf1(TAG_STOR,"pin code: \"%s\"\n", STATE.pin_code); printf1(TAG_STOR,"pin code: \"%s\"\n", STATE.pin_code);
@ -1303,7 +1308,6 @@ void ctap_init()
printf1(TAG_ERR, "DEVICE LOCKED!\n"); printf1(TAG_ERR, "DEVICE LOCKED!\n");
} }
if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1) if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1)
{ {
printf2(TAG_ERR,"Error, rng failed\n"); printf2(TAG_ERR,"Error, rng failed\n");
@ -1513,4 +1517,3 @@ void ctap_reset()
crypto_reset_master_secret(); // Not sure what the significance of this is?? crypto_reset_master_secret(); // Not sure what the significance of this is??
} }

27
targets/stm32l442/src/crypto.c
View File

@ -53,12 +53,8 @@ static const uint8_t * _signing_key = NULL;
static int _key_len = 0; static int _key_len = 0;
// Secrets for testing only // Secrets for testing only
static uint8_t master_secret[32] = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff" static uint8_t master_secret[64];
"\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x77\x66\x55\x44\x33\x22\x11\x00"; static uint8_t transport_secret[32];
static uint8_t transport_secret[32] = "\x10\x01\x22\x33\x44\x55\x66\x77\x87\x90\x0a\xbb\x3c\xd8\xee\xff"
"\xff\xee\x8d\x1c\x3b\xfa\x99\x88\x77\x86\x55\x44\xd3\xff\x33\x00";
void crypto_sha256_init() void crypto_sha256_init()
@ -66,9 +62,20 @@ void crypto_sha256_init()
sha256_init(&sha256_ctx); sha256_init(&sha256_ctx);
} }
void crypto_load_master_secret(uint8_t * key)
{
#if KEY_SPACE_BYTES < 96
#error "need more key bytes"
#endif
memmove(master_secret, key, 64);
memmove(transport_secret, key+64, 32);
}
void crypto_reset_master_secret() void crypto_reset_master_secret()
{ {
ctap_generate_rng(master_secret, 32); memset(master_secret, 0, 64);
ctap_generate_rng(master_secret, 64);
} }
@ -96,7 +103,7 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
if (key == CRYPTO_MASTER_KEY) if (key == CRYPTO_MASTER_KEY)
{ {
key = master_secret; key = master_secret;
klen = sizeof(master_secret); klen = sizeof(master_secret)/2;
} }
if(klen > 64) if(klen > 64)
@ -125,7 +132,7 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
if (key == CRYPTO_MASTER_KEY) if (key == CRYPTO_MASTER_KEY)
{ {
key = master_secret; key = master_secret;
klen = sizeof(master_secret); klen = sizeof(master_secret)/2;
} }
@ -224,7 +231,7 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey); crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey);
crypto_sha256_update(data, len); crypto_sha256_update(data, len);
crypto_sha256_update(data2, len2); crypto_sha256_update(data2, len2);
crypto_sha256_update(master_secret, 32); crypto_sha256_update(master_secret, 32); // TODO AES
crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey); crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey);
} }