shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

crypto is sorted out for nrf52

Browse Source
This commit is contained in:
Conor Patrick 2018-06-03 00:50:46 -04:00
parent 4837d5d5e9
commit e69865384f
8 changed files with 289 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
ctap_test.py
View File

@ -369,17 +369,65 @@ class Tester():
exclude_list.append({'id': fake_id1, 'type': 'public-key'}) exclude_list.append({'id': fake_id1, 'type': 'public-key'})
exclude_list.append({'id': fake_id2, 'type': 'public-key'}) exclude_list.append({'id': fake_id2, 'type': 'public-key'})
t1 = time.time() * 1000
attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = []) attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
t2 = time.time() * 1000
attest.verify(data.hash) attest.verify(data.hash)
print('Register valid (%d ms)' % (t2-t1))
cred = attest.auth_data.credential_data cred = attest.auth_data.credential_data
creds.append(cred) creds.append(cred)
allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}] allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}]
t1 = time.time() * 1000
assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN) assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN)
t2 = time.time() * 1000
assertions[0].verify(client_data.hash, creds[0].public_key) assertions[0].verify(client_data.hash, creds[0].public_key)
print('PASS') print('Assertion valid (%d ms)' % (t2-t1))
def test_fido2_brute_force(self):
creds = []
exclude_list = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'}
PIN = None
abc = 'abcdefghijklnmopqrstuvwxyz'
abc += abc.upper()
self.ctap.reset()
for i in range(0,2048):
creds = []
print(i)
challenge = ''.join([abc[randint(0,len(abc)-1)] for x in range(0,32)])
fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring()
fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring()
exclude_list.append({'id': fake_id1, 'type': 'public-key'})
exclude_list.append({'id': fake_id2, 'type': 'public-key'})
t1 = time.time() * 1000
attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
t2 = time.time() * 1000
attest.verify(data.hash)
print('Register valid (%d ms)' % (t2-t1))
sys.stdout.flush()
cred = attest.auth_data.credential_data
creds.append(cred)
allow_list = [{'id':creds[0].credential_id, 'type': 'public-key'}]
t1 = time.time() * 1000
assertions, client_data = self.client.get_assertion(rp['id'], challenge, allow_list, pin = PIN)
t2 = time.time() * 1000
assertions[0].verify(client_data.hash, creds[0].public_key)
print('Assertion valid (%d ms)' % (t2-t1))
sys.stdout.flush()
def test_fido2(self): def test_fido2(self):
@ -504,7 +552,8 @@ if __name__ == '__main__':
t.find_device() t.find_device()
#t.test_hid() #t.test_hid()
#t.test_fido2() #t.test_fido2()
t.test_fido2_simple() #t.test_fido2_simple()
t.test_fido2_brute_force()

61
ctaphid.c
View File

@ -8,6 +8,7 @@
#include "u2f.h" #include "u2f.h"
#include "time.h" #include "time.h"
#include "util.h" #include "util.h"
#include "log.h"
typedef enum typedef enum
{ {
@ -336,7 +337,7 @@ void ctaphid_check_timeouts()
{ {
if (CIDS[i].busy && ((millis() - CIDS[i].last_used) >= 750)) if (CIDS[i].busy && ((millis() - CIDS[i].last_used) >= 750))
{ {
printf("TIMEOUT CID: %08x\n", CIDS[i].cid); printf1(TAG_HID, "TIMEOUT CID: %08x\n", CIDS[i].cid);
ctaphid_send_error(CIDS[i].cid, CTAP1_ERR_TIMEOUT); ctaphid_send_error(CIDS[i].cid, CTAP1_ERR_TIMEOUT);
memset(CIDS + i, 0, sizeof(struct CID)); memset(CIDS + i, 0, sizeof(struct CID));
} }
@ -349,10 +350,10 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
{ {
CTAPHID_PACKET * pkt = (CTAPHID_PACKET *)(pkt_raw); CTAPHID_PACKET * pkt = (CTAPHID_PACKET *)(pkt_raw);
printf("Recv packet\n"); printf1(TAG_HID, "Recv packet\n");
printf(" CID: %08x \n", pkt->cid); printf1(TAG_HID, " CID: %08x \n", pkt->cid);
printf(" cmd: %02x\n", pkt->pkt.init.cmd); printf1(TAG_HID, " cmd: %02x\n", pkt->pkt.init.cmd);
if (!is_cont_pkt(pkt)) printf(" length: %d\n", ctaphid_packet_len(pkt)); if (!is_cont_pkt(pkt)) printf1(TAG_HID, " length: %d\n", ctaphid_packet_len(pkt));
int ret; int ret;
uint8_t status; uint8_t status;
@ -368,13 +369,13 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
{ {
if (ctaphid_packet_len(pkt) != 8) if (ctaphid_packet_len(pkt) != 8)
{ {
printf("Error,invalid length field for init packet\n"); printf2(TAG_ERR, "Error,invalid length field for init packet\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH);
return; return;
} }
if (pkt->cid == 0) if (pkt->cid == 0)
{ {
printf("Error, invalid cid 0\n"); printf2(TAG_ERR,"Error, invalid cid 0\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_CHANNEL); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_CHANNEL);
return; return;
} }
@ -383,7 +384,7 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
if (is_broadcast(pkt)) if (is_broadcast(pkt))
{ {
// Check if any existing cids are busy first ? // Check if any existing cids are busy first ?
printf("adding a new cid\n"); printf1(TAG_HID,"adding a new cid\n");
oldcid = CTAPHID_BROADCAST_CID; oldcid = CTAPHID_BROADCAST_CID;
newcid = get_new_cid(); newcid = get_new_cid();
ret = add_cid(newcid); ret = add_cid(newcid);
@ -391,7 +392,7 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
} }
else else
{ {
printf("synchronizing to cid\n"); printf1(TAG_HID, "synchronizing to cid\n");
oldcid = pkt->cid; oldcid = pkt->cid;
newcid = pkt->cid; newcid = pkt->cid;
if (cid_exists(newcid)) if (cid_exists(newcid))
@ -401,7 +402,7 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
} }
if (ret == -1) if (ret == -1)
{ {
printf("Error, not enough memory for new CID. return BUSY.\n"); printf2(TAG_ERR, "Error, not enough memory for new CID. return BUSY.\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY); ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY);
return; return;
} }
@ -424,14 +425,14 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
{ {
if (pkt->cid == buffer_cid() && ! is_cont_pkt(pkt)) if (pkt->cid == buffer_cid() && ! is_cont_pkt(pkt))
{ {
printf("INVALID_SEQ\n"); printf2(TAG_ERR,"INVALID_SEQ\n");
printf("Have %d/%d bytes\n", ctap_buffer_offset, ctap_buffer_bcnt); printf2(TAG_ERR,"Have %d/%d bytes\n", ctap_buffer_offset, ctap_buffer_bcnt);
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_SEQ); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_SEQ);
return; return;
} }
else if (pkt->cid != buffer_cid()) else if (pkt->cid != buffer_cid())
{ {
printf("BUSY with %08x\n", buffer_cid()); printf2(TAG_ERR,"BUSY with %08x\n", buffer_cid());
ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY); ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY);
return; return;
} }
@ -449,33 +450,33 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
{ {
if (buffer_status() == EMPTY || pkt->cid != buffer_cid()) if (buffer_status() == EMPTY || pkt->cid != buffer_cid())
{ {
printf("ignoring random cont packet\n"); printf2(TAG_ERR,"ignoring random cont packet\n");
return; return;
} }
} }
if (buffer_packet(pkt) == SEQUENCE_ERROR) if (buffer_packet(pkt) == SEQUENCE_ERROR)
{ {
printf("Buffering sequence error\n"); printf2(TAG_ERR,"Buffering sequence error\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_SEQ); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_SEQ);
return; return;
} }
ret = cid_refresh(pkt->cid); ret = cid_refresh(pkt->cid);
if (ret != 0) if (ret != 0)
{ {
printf("Error, refresh cid failed\n"); printf2(TAG_ERR,"Error, refresh cid failed\n");
exit(1); exit(1);
} }
active_cid = pkt->cid; active_cid = pkt->cid;
} }
else if (is_cont_pkt(pkt)) else if (is_cont_pkt(pkt))
{ {
printf("ignoring unwarranted cont packet\n"); printf2(TAG_ERR,"ignoring unwarranted cont packet\n");
// Ignore // Ignore
return; return;
} }
else else
{ {
printf("BUSY\n"); printf2(TAG_ERR,"BUSY\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY); ctaphid_send_error(pkt->cid, CTAP1_ERR_CHANNEL_BUSY);
return; return;
} }
@ -486,21 +487,21 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
switch(buffer_status()) switch(buffer_status())
{ {
case BUFFERING: case BUFFERING:
printf("BUFFERING\n"); printf1(TAG_HID,"BUFFERING\n");
active_cid_timestamp = millis(); active_cid_timestamp = millis();
break; break;
case EMPTY: case EMPTY:
printf("empty buffer!\n"); printf1(TAG_HID,"empty buffer!\n");
case BUFFERED: case BUFFERED:
switch(buffer_cmd()) switch(buffer_cmd())
{ {
case CTAPHID_INIT: case CTAPHID_INIT:
printf("CTAPHID_INIT, error this should already be handled\n"); printf2(TAG_ERR,"CTAPHID_INIT, error this should already be handled\n");
exit(1); exit(1);
break; break;
case CTAPHID_PING: case CTAPHID_PING:
printf("CTAPHID_PING\n"); printf1(TAG_HID,"CTAPHID_PING\n");
ctaphid_write_buffer_init(&wb); ctaphid_write_buffer_init(&wb);
wb.cid = active_cid; wb.cid = active_cid;
@ -513,7 +514,7 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
case CTAPHID_WINK: case CTAPHID_WINK:
printf("CTAPHID_WINK\n"); printf1(TAG_HID,"CTAPHID_WINK\n");
ctaphid_write_buffer_init(&wb); ctaphid_write_buffer_init(&wb);
@ -525,10 +526,10 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
case CTAPHID_CBOR: case CTAPHID_CBOR:
printf("CTAPHID_CBOR\n"); printf1(TAG_HID,"CTAPHID_CBOR\n");
if (buffer_len() == 0) if (buffer_len() == 0)
{ {
printf("Error,invalid 0 length field for cbor packet\n"); printf2(TAG_ERR,"Error,invalid 0 length field for cbor packet\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH);
return; return;
} }
@ -547,10 +548,10 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
case CTAPHID_MSG: case CTAPHID_MSG:
printf("CTAPHID_MSG\n"); printf1(TAG_HID,"CTAPHID_MSG\n");
if (buffer_len() == 0) if (buffer_len() == 0)
{ {
printf("Error,invalid 0 length field for MSG/U2F packet\n"); printf2(TAG_ERR,"Error,invalid 0 length field for MSG/U2F packet\n");
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_LENGTH);
return; return;
} }
@ -568,7 +569,7 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
default: default:
printf("error, unimplemented HID cmd: %02x\r\n", buffer_cmd()); printf2(TAG_ERR,"error, unimplemented HID cmd: %02x\r\n", buffer_cmd());
ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_COMMAND); ctaphid_send_error(pkt->cid, CTAP1_ERR_INVALID_COMMAND);
break; break;
} }
@ -577,12 +578,12 @@ void ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
default: default:
printf("invalid buffer state; abort\n"); printf2(TAG_ERR,"invalid buffer state; abort\n");
exit(1); exit(1);
break; break;
} }
printf("\n"); printf1(TAG_HID,"\n");
} }

1
log.c
View File

@ -25,6 +25,7 @@ struct logtag tagtable[] = {
{TAG_CTAP,"CTAP"}, {TAG_CTAP,"CTAP"},
{TAG_U2F,"U2F"}, {TAG_U2F,"U2F"},
{TAG_DUMP,"DUMP"}, {TAG_DUMP,"DUMP"},
{TAG_HID,"HID"},
{TAG_GREEN,"\x1b[32mDEBUG\x1b[0m"}, {TAG_GREEN,"\x1b[32mDEBUG\x1b[0m"},
{TAG_RED,"\x1b[31mDEBUG\x1b[0m"}, {TAG_RED,"\x1b[31mDEBUG\x1b[0m"},
{TAG_TIME,"\x1b[33mTIME\x1b[0m"}, {TAG_TIME,"\x1b[33mTIME\x1b[0m"},

1
log.h
View File

@ -22,6 +22,7 @@ typedef enum
TAG_GREEN = (1 << 8), TAG_GREEN = (1 << 8),
TAG_RED= (1 << 9), TAG_RED= (1 << 9),
TAG_TIME= (1 << 10), TAG_TIME= (1 << 10),
TAG_HID = (1 << 11),
TAG_FILENO = (1<<31) TAG_FILENO = (1<<31)
} LOG_TAG; } LOG_TAG;

14
main.c
View File

@ -16,20 +16,22 @@ int main(int argc, char * argv[])
{ {
int count = 0; int count = 0;
uint64_t t1 = 0; uint64_t t1 = 0;
uint64_t t2 = 0;
uint64_t accum = 0;
uint8_t hidmsg[64]; uint8_t hidmsg[64];
set_logging_mask( set_logging_mask(
/*TAG_MC |*/ /*TAG_MC |*/
/*TAG_GA |*/ /*TAG_GA |*/
/*TAG_CP |*/ /*TAG_CP |*/
TAG_CTAP| /*TAG_CTAP|*/
/*TAG_U2F|*/ /*TAG_U2F|*/
/*TAG_PARSE |*/ /*TAG_PARSE |*/
TAG_TIME /*TAG_TIME|*/
/*TAG_DUMP|*/ /*TAG_DUMP|*/
/*TAG_GREEN|*/ /*TAG_GREEN|*/
/*TAG_RED|*/ /*TAG_RED|*/
/*TAG_ERR*/ TAG_ERR
); );
printf("init device\n"); printf("init device\n");
@ -57,13 +59,15 @@ int main(int argc, char * argv[])
if (usbhid_recv(hidmsg) > 0) if (usbhid_recv(hidmsg) > 0)
{ {
printf1(TAG_DUMP,"%d>> ",count++); dump_hex1(TAG_DUMP, hidmsg,sizeof(hidmsg)); printf1(TAG_DUMP,"%d>> ",count++); dump_hex1(TAG_DUMP, hidmsg,sizeof(hidmsg));
t2 = millis();
ctaphid_handle_packet(hidmsg); ctaphid_handle_packet(hidmsg);
accum += millis() - t2;
printf1(TAG_TIME,"accum: %lu\n", (uint32_t)accum);
memset(hidmsg, 0, sizeof(hidmsg)); memset(hidmsg, 0, sizeof(hidmsg));
} }
else else
{ {
main_loop_delay(); /*main_loop_delay();*/
} }
ctaphid_check_timeouts(); ctaphid_check_timeouts();
} }

208
nrf52840/crypto.c
View File

@ -33,7 +33,10 @@ const uint16_t attestation_key_size;
static SHA256_CTX sha256_ctx; /*static SHA256_CTX sha256_ctx;*/
struct CRYS_HASHUserContext_t sha256_ctx;
const CRYS_ECPKI_Domain_t* _es256_curve; const CRYS_ECPKI_Domain_t* _es256_curve;
CRYS_RND_State_t rndState_ptr; CRYS_RND_State_t rndState_ptr;
CRYS_RND_WorkBuff_t rndWorkBuff_ptr; CRYS_RND_WorkBuff_t rndWorkBuff_ptr;
@ -54,7 +57,13 @@ static uint8_t transport_secret[32] = "\x10\x01\x22\x33\x44\x55\x66\x77\x87\x90\
void crypto_sha256_init() void crypto_sha256_init()
{ {
sha256_init(&sha256_ctx); /*sha256_init(&sha256_ctx);*/
int ret = CRYS_HASH_Init(&sha256_ctx, CRYS_HASH_SHA256_mode);
if (ret != CRYS_OK )
{
printf("sha init fail\n");
exit(1);
}
} }
void crypto_reset_master_secret() void crypto_reset_master_secret()
@ -65,19 +74,41 @@ void crypto_reset_master_secret()
void crypto_sha256_update(uint8_t * data, size_t len) void crypto_sha256_update(uint8_t * data, size_t len)
{ {
sha256_update(&sha256_ctx, data, len); /*sha256_update(&sha256_ctx, data, len);*/
int ret = CRYS_HASH_Update(&sha256_ctx, data, len);
if (ret != CRYS_OK )
{
printf("sha update fail\n");
exit(1);
}
} }
void crypto_sha256_update_secret() void crypto_sha256_update_secret()
{ {
sha256_update(&sha256_ctx, master_secret, 32); /*sha256_update(&sha256_ctx, master_secret, 32);*/
int ret = CRYS_HASH_Update(&sha256_ctx, master_secret, 32);
if (ret != CRYS_OK )
{
printf("sha update secret fail\n");
exit(1);
}
} }
void crypto_sha256_final(uint8_t * hash) void crypto_sha256_final(uint8_t * hash)
{ {
sha256_final(&sha256_ctx, hash); /*sha256_final(&sha256_ctx, hash);*/
int ret = CRYS_HASH_Finish(&sha256_ctx, (uint32_t*)hash);
if (ret != CRYS_OK )
{
printf("sha finish fail\n");
exit(1);
}
} }
void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac) void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
{ {
uint8_t buf[64]; uint8_t buf[64];
@ -148,40 +179,40 @@ void crypto_ecc256_init()
ret = SaSi_LibInit(); ret = SaSi_LibInit();
if (ret != SA_SILIB_RET_OK) { if (ret != SA_SILIB_RET_OK) {
printf("Failed SaSi_LibInit - ret = 0x%x\n", ret); printf("Failed SaSi_LibInit - ret = 0x%x\n", ret);
switch(ret) /*switch(ret)*/
{ /*{*/
case SA_SILIB_RET_OK: /*case SA_SILIB_RET_OK:*/
printf("SA_SILIB_RET_OK\n"); /*printf("SA_SILIB_RET_OK\n");*/
break; /*break;*/
case SA_SILIB_RET_EINVAL_CTX_PTR: /*case SA_SILIB_RET_EINVAL_CTX_PTR:*/
printf("SA_SILIB_RET_EINVAL_CTX_PTR\n"); /*printf("SA_SILIB_RET_EINVAL_CTX_PTR\n");*/
break; /*break;*/
case SA_SILIB_RET_EINVAL_WORK_BUF_PTR: /*case SA_SILIB_RET_EINVAL_WORK_BUF_PTR:*/
printf("SA_SILIB_RET_EINVAL_WORK_BUF_PTR\n"); /*printf("SA_SILIB_RET_EINVAL_WORK_BUF_PTR\n");*/
break; /*break;*/
case SA_SILIB_RET_HAL: /*case SA_SILIB_RET_HAL:*/
printf("SA_SILIB_RET_HAL\n"); /*printf("SA_SILIB_RET_HAL\n");*/
break; /*break;*/
case SA_SILIB_RET_PAL: /*case SA_SILIB_RET_PAL:*/
printf("SA_SILIB_RET_PAL\n"); /*printf("SA_SILIB_RET_PAL\n");*/
break; /*break;*/
case SA_SILIB_RET_EINVAL_HW_VERSION : /*case SA_SILIB_RET_EINVAL_HW_VERSION :*/
printf("SA_SILIB_RET_EINVAL_HW_VERSION \n"); /*printf("SA_SILIB_RET_EINVAL_HW_VERSION \n");*/
break; /*break;*/
case SA_SILIB_RET_EINVAL_HW_SIGNATURE: /*case SA_SILIB_RET_EINVAL_HW_SIGNATURE:*/
printf("SA_SILIB_RET_EINVAL_HW_SIGNATURE\n"); /*printf("SA_SILIB_RET_EINVAL_HW_SIGNATURE\n");*/
break; /*break;*/
case SA_SILIB_RESERVE32B: /*case SA_SILIB_RESERVE32B:*/
printf("SA_SILIB_RESERVE32B\n"); /*printf("SA_SILIB_RESERVE32B\n");*/
break; /*break;*/
} /*}*/
exit(1); exit(1);
} }
@ -242,19 +273,21 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
/*int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve);*/ /*int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve);*/
void derive_private_key_pair(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey, uint8_t * pubkey);
void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y) void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y)
{ {
uint8_t privkey[32]; uint8_t privkey[32];
uint8_t pubkey[64]; uint8_t pubkey[64];
generate_private_key(data,len,NULL,0,privkey); derive_private_key_pair(data,len,NULL,0,privkey,pubkey);
memset(pubkey,0,sizeof(pubkey)); /*memset(pubkey,0,sizeof(pubkey));*/
uECC_compute_public_key(privkey, pubkey, uECC_secp256r1()); /*uECC_compute_public_key(privkey, pubkey, uECC_secp256r1());*/
memmove(x,pubkey,32); memmove(x,pubkey,32);
memmove(y,pubkey+32,32); memmove(y,pubkey+32,32);
} }
void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2) void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2)
{ {
static uint8_t privkey[32]; static uint8_t privkey[32];
@ -264,11 +297,29 @@ void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2)
void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey) void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{ {
if (uECC_make_key(pubkey, privkey, uECC_secp256r1()) != 1) CRYS_ECPKI_UserPrivKey_t nrfpriv;
{ CRYS_ECPKI_UserPublKey_t nrfpub;
printf("Error, uECC_make_key failed\n"); CRYS_ECPKI_KG_TempData_t tmp;
uint8_t pubkey1[65];
int ret;
uint32_t sz;
ret = CRYS_ECPKI_GenKeyPair(&rndState_ptr,
CRYS_RND_GenerateVector,
_es256_curve,
&nrfpriv, &nrfpub, &tmp, NULL);
if (ret != SA_SILIB_RET_OK){
printf(" gen key failed with 0x%x \n",ret);
exit(1); exit(1);
} }
sz = 32;
CRYS_ECPKI_ExportPrivKey(&nrfpriv, privkey, &sz);
sz = 65;
CRYS_ECPKI_ExportPublKey(&nrfpub,CRYS_EC_PointUncompressed, pubkey1, &sz);
memmove(pubkey, pubkey1+1, 64);
} }
void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret) void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret)
@ -281,13 +332,92 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey
} }
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey) uint8_t fixed_vector_hmac[32];
int fixed_vector_iter = 31;
uint32_t fixed_vector(void * rng, uint16_t sz, uint8_t * out)
{ {
while(sz--)
{
*out++ = fixed_vector_hmac[fixed_vector_iter--];
if (fixed_vector_iter == -1)
{
fixed_vector_iter = 31;
}
}
return 0;
}
void derive_private_key_pair(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey, uint8_t * pubkey)
{
CRYS_ECPKI_UserPrivKey_t nrfpriv;
CRYS_ECPKI_UserPublKey_t nrfpub;
CRYS_ECPKI_KG_TempData_t tmp;
uint32_t ret;
uint32_t sz;
int i;
uint8_t pubkey1[65];
crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey); crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey);
crypto_sha256_update(data, len); crypto_sha256_update(data, len);
crypto_sha256_update(data2, len2); crypto_sha256_update(data2, len2);
crypto_sha256_update(master_secret, 32); crypto_sha256_update(master_secret, 32);
crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey); crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey);
memmove(fixed_vector_hmac, privkey, 32);
fixed_vector_iter=31;
/*privkey[31] += 1;*/
for (i = 31; i > -1; i++)
{
privkey[i] += 1;
if (privkey[i] != 0)
break;
}
// There isn't a CC310 function for calculating a public key from a private
// so to get around it, we can "fix" the RNG input to GenKeyPair
if(pubkey != NULL)
{
ret = CRYS_ECPKI_GenKeyPair(&rndState_ptr,
fixed_vector,
/*CRYS_RND_GenerateVector,*/
_es256_curve,
&nrfpriv, &nrfpub, &tmp, NULL);
if (ret != SA_SILIB_RET_OK){
printf(" gen key failed with 0x%x \n",ret);
exit(1);
}
/*sz = 32;*/
/*ret = CRYS_ECPKI_ExportPrivKey(&nrfpriv, privkey, &sz);*/
/*if (ret != 0)*/
/*{*/
/*printf("privkey export fail\n");*/
/*exit(1);*/
/*}*/
sz = 65;
ret = CRYS_ECPKI_ExportPublKey(&nrfpub,CRYS_EC_PointUncompressed , pubkey1, &sz);
if (ret != 0 || sz != 65)
{
printf("pubkey export fail 0x%04x\n",ret);
exit(1);
}
if (pubkey1[0] != 0x04)
{
printf("pubkey uncompressed export fail 0x%02x\n",(int)pubkey1[0]);
exit(1);
}
memmove(pubkey, pubkey1+1 , 64);
}
}
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey)
{
derive_private_key_pair(data,len,data2,len2,privkey,NULL);
} }
struct AES_ctx aes_ctx; struct AES_ctx aes_ctx;

2
nrf52840/device.c
View File

@ -1,7 +1,7 @@
/* /*
* Device specific functionality here * Device specific functionality here
* */ * */
#define DEBUG
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>

28
nrf52840/sdk_config.h
View File

@ -510,6 +510,30 @@
#define NRF_CRYPTO_ALLOCATOR 0 #define NRF_CRYPTO_ALLOCATOR 0
#endif #endif
// <h> nrf_crypto_rng - RNG Configuration
//==========================================================
// <q> NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED - Use static memory buffers for context and temporary init buffer.
// <i> Always recommended when using the nRF HW RNG as the context and temporary buffers are small. Consider disabling if using the CC310 RNG in a RAM constrained application. In this case, memory must be provided to nrf_crypto_rng_init, or it can be allocated internally provided that NRF_CRYPTO_ALLOCATOR does not allocate memory on the stack.
#ifndef NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED
#define NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED 1
#endif
// <q> NRF_CRYPTO_RNG_AUTO_INIT_ENABLED - Initialize the RNG module automatically when nrf_crypto is initialized.
// <i> Automatic initialization is only supported with static or internally allocated context and temporary memory.
#ifndef NRF_CRYPTO_RNG_AUTO_INIT_ENABLED
#define NRF_CRYPTO_RNG_AUTO_INIT_ENABLED 1
#endif
// </h>
//==========================================================
// <e> NRF_CRYPTO_BACKEND_CC310_BL_ENABLED - Enable the ARM Cryptocell CC310 reduced backend. // <e> NRF_CRYPTO_BACKEND_CC310_BL_ENABLED - Enable the ARM Cryptocell CC310 reduced backend.
// <i> The CC310 hardware-accelerated cryptography backend with reduced functionality and footprint (only available on nRF52840). // <i> The CC310 hardware-accelerated cryptography backend with reduced functionality and footprint (only available on nRF52840).
@ -581,7 +605,7 @@
// <i> The CC310 hardware-accelerated cryptography backend (only available on nRF52840). // <i> The CC310 hardware-accelerated cryptography backend (only available on nRF52840).
//========================================================== //==========================================================
#ifndef NRF_CRYPTO_BACKEND_CC310_ENABLED #ifndef NRF_CRYPTO_BACKEND_CC310_ENABLED
#define NRF_CRYPTO_BACKEND_CC310_ENABLED 0 #define NRF_CRYPTO_BACKEND_CC310_ENABLED 1
#endif #endif
// <q> NRF_CRYPTO_BACKEND_CC310_AES_CBC_ENABLED - Enable the AES CBC mode using CC310. // <q> NRF_CRYPTO_BACKEND_CC310_AES_CBC_ENABLED - Enable the AES CBC mode using CC310.
@ -6350,7 +6374,7 @@
// <e> MEM_MANAGER_ENABLED - mem_manager - Dynamic memory allocator // <e> MEM_MANAGER_ENABLED - mem_manager - Dynamic memory allocator
//========================================================== //==========================================================
#ifndef MEM_MANAGER_ENABLED #ifndef MEM_MANAGER_ENABLED
#define MEM_MANAGER_ENABLED 0 #define MEM_MANAGER_ENABLED 1
#endif #endif
// <o> MEMORY_MANAGER_SMALL_BLOCK_COUNT - Size of each memory blocks identified as 'small' block. <0-255> // <o> MEMORY_MANAGER_SMALL_BLOCK_COUNT - Size of each memory blocks identified as 'small' block. <0-255>