stub pc build

take a lazy approach to key agreement generation to not hold up boot time for nfc
speed up public key derivation slightly for nfc
2019-08-20 21:31:02 +08:00 · 2019-08-20 21:27:52 +08:00 · 2019-08-20 21:06:37 +08:00 · 2019-08-20 20:28:38 +08:00 · 2019-08-20 20:23:18 +08:00
6 changed files with 32 additions and 12 deletions
--- a/fido2/crypto.c
+++ b/fido2/crypto.c
@ -262,6 +262,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
    memmove(y,pubkey+32,32);
 }

+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
+{
+    uECC_compute_public_key(privkey, pubkey, _es256_curve);
+}
+
 void crypto_load_external_key(uint8_t * key, int len)
 {
    _signing_key = key;
--- a/fido2/crypto.h
+++ b/fido2/crypto.h
@ -26,6 +26,7 @@ void crypto_sha512_final(uint8_t * hash);

 void crypto_ecc256_init();
 void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey);

 void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2);
 void crypto_ecc256_load_attestation_key();
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -256,7 +256,9 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
    switch(algtype)
    {
        case COSE_ALG_ES256:
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
            crypto_ecc256_derive_public_key(hmac_input, len, x, y);
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
            break;
        default:
            printf2(TAG_ERR,"Error, COSE alg %d not supported\n", algtype);
@ -1479,6 +1481,11 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)

            ret = cbor_encode_int(&map, RESP_keyAgreement);
            check_ret(ret);
+
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
+            crypto_ecc256_compute_public_key(KEY_AGREEMENT_PRIV, KEY_AGREEMENT_PUB);
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
+
            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256);
            check_retr(ret);

@ -1678,7 +1685,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        default:
            status = CTAP1_ERR_INVALID_COMMAND;
-            printf2(TAG_ERR,"error, invalid cmd\n");
+            printf2(TAG_ERR,"error, invalid cmd: %x\n", cmd);
    }

 done:
@ -1767,10 +1774,7 @@ void ctap_init()
        exit(1);
    }

-    if (device_is_nfc() != NFC_IS_ACTIVE)
-    {
-        ctap_reset_key_agreement();
-    }
+    ctap_reset_key_agreement();

 #ifdef BRIDGE_TO_WALLET
    wallet_init();
@ -1969,7 +1973,7 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key)

 static void ctap_reset_key_agreement()
 {
-    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+    ctap_generate_rng(KEY_AGREEMENT_PRIV, sizeof(KEY_AGREEMENT_PRIV));
 }

 void ctap_reset()
--- a/pc/device.c
+++ b/pc/device.c
@ -628,3 +628,8 @@ int device_is_nfc()
 {
    return 0;
 }
+
+void device_set_clock_rate(DEVICE_CLOCK_RATE param)
+{
+
+}
--- a/targets/stm32l432/src/crypto.c
+++ b/targets/stm32l432/src/crypto.c
@ -282,6 +282,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
    memmove(x,pubkey,32);
    memmove(y,pubkey+32,32);
 }
+void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
+{
+    uECC_compute_public_key(privkey, pubkey, _es256_curve);
+}
+

 void crypto_load_external_key(uint8_t * key, int len)
 {
--- a/targets/stm32l432/src/nfc.c
+++ b/targets/stm32l432/src/nfc.c
@ -490,9 +490,6 @@ void nfc_process_iblock(uint8_t * buf, int len)
    int status;
    uint16_t reslen;

-    printf1(TAG_NFC,"Iblock: ");
-	dump_hex1(TAG_NFC, buf, len);
-
    uint8_t block_offset = p14443_block_offset(buf[0]);

    APDU_STRUCT apdu;
@ -630,13 +627,13 @@ void nfc_process_iblock(uint8_t * buf, int len)

 			printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());

-			WTX_on(WTX_TIME_DEFAULT);
+			// WTX_on(WTX_TIME_DEFAULT);
            request_from_nfc(true);
            ctap_response_init(&ctap_resp);
            status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
            request_from_nfc(false);
-			if (!WTX_off())
-				return;
+			// if (!WTX_off())
+			// 	return;

 			printf1(TAG_NFC, "CTAP resp: 0x%02x  len: %d\r\n", status, ctap_resp.length);

@ -688,6 +685,9 @@ void nfc_process_iblock(uint8_t * buf, int len)
 			nfc_write_response(buf[0], SW_INS_INVALID);
        break;
    }
+    
+    printf1(TAG_NFC,"prev.Iblock: ");
+	dump_hex1(TAG_NFC, buf, len);
 }

 static uint8_t ibuf[1024];
Author	SHA1	Message	Date
Conor Patrick	525ff0c5d6	stub pc build	2019-08-20 21:31:02 +08:00
Conor Patrick	79d986197b	take a lazy approach to key agreement generation to not hold up boot time for nfc	2019-08-20 21:27:52 +08:00
Conor Patrick	9045c0ca3e	speed up public key derivation slightly for nfc	2019-08-20 21:06:37 +08:00
Conor Patrick	508f2e1e1c	remove WTX, move debug log	2019-08-20 20:28:38 +08:00
Conor Patrick	6dfdf36654	for now, always gen key agreement	2019-08-20 20:23:18 +08:00