Accepting curves for key_derivation as a parameter.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2025-12-20 03:52:21 +08:00 · 2022-09-16 00:49:59 +02:00
parent 9b49d39ccc
commit 5da2af2c34
4 changed files with 37 additions and 12 deletions
--- a/src/fido/cmd_authenticate.c
+++ b/src/fido/cmd_authenticate.c
@@ -35,7 +35,7 @@ int cmd_authenticate() {
    mbedtls_ecdsa_context key;
    mbedtls_ecdsa_init(&key);
-    int ret = derive_key(req->appId, false, req->keyHandle, &key);
+    int ret = derive_key(req->appId, false, req->keyHandle, MBEDTLS_ECP_DP_SECP256R1, &key);
    if (ret != CCID_OK) {
        mbedtls_ecdsa_free(&key);
        return SW_EXEC_ERROR();
--- a/src/fido/cmd_register.c
+++ b/src/fido/cmd_register.c
@@ -36,7 +36,7 @@ int cmd_register() {
        return SW_CONDITIONS_NOT_SATISFIED();
    mbedtls_ecdsa_context key;
    mbedtls_ecdsa_init(&key);
-    int ret = derive_key(req->appId, true, resp->keyHandleCertSig, &key);
+    int ret = derive_key(req->appId, true, resp->keyHandleCertSig, MBEDTLS_ECP_DP_SECP256R1, &key);
    if (ret != CCID_OK) {
        mbedtls_ecdsa_free(&key);
        return SW_EXEC_ERROR();
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@@ -29,6 +29,7 @@
 #include "mbedtls/hkdf.h"
 #include "pk_wrap.h"
 #include "crypto_utils.h"
 #include <math.h>
 #include <stdio.h>
 void init_fido();
@@ -67,7 +68,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe
    mbedtls_x509write_crt_set_subject_name(&ctx, "C=ES,O=Pico HSM,CN=Pico FIDO");
    mbedtls_mpi serial;
    mbedtls_mpi_init(&serial);
-    mbedtls_mpi_fill_random(&serial, 32, random_gen, NULL);
+    mbedtls_mpi_fill_random(&serial, 32, random_gen_core0, NULL);
    mbedtls_x509write_crt_set_serial(&ctx, &serial);
    mbedtls_pk_context key;
    mbedtls_pk_init(&key);
@@ -92,7 +93,7 @@ int load_keydev(uint8_t *key) {
    return CCID_OK;
 }
-int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key) {
+int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int curve, mbedtls_ecdsa_context *key) {
    uint8_t outk[64] = {0};
    int r = 0;
    memset(outk, 0, sizeof(outk));
@@ -105,7 +106,8 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
            uint32_t val = 0x80000000 | *((uint32_t *)random_bytes_get(sizeof(uint32_t)));
            memcpy(&key_handle[i*sizeof(uint32_t)], &val, sizeof(uint32_t));
        }
-        if ((r = mbedtls_hkdf(md_info, &key_handle[i], sizeof(uint32_t), outk, 32, outk + 32, 32, outk, sizeof(outk))) != 0)
+        r = mbedtls_hkdf(md_info, &key_handle[i * sizeof(uint32_t)], sizeof(uint32_t), outk, 32, outk + 32, 32, outk, sizeof(outk));
        if (r != 0)
        {
            mbedtls_platform_zeroize(outk, sizeof(outk));
            return r;
@@ -122,12 +124,15 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
        }
    }
    if (key != NULL) {
-        mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1);
+        mbedtls_ecp_group_load(&key->grp, curve);
-        r = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, key, outk, 32);
+        const mbedtls_ecp_curve_info *cinfo = mbedtls_ecp_curve_info_from_grp_id(curve);
        if (cinfo == NULL)
            return 1;
        r = mbedtls_ecp_read_key(curve, key, outk, ceil((float)cinfo->bit_size/8));
        mbedtls_platform_zeroize(outk, sizeof(outk));
        if (r != 0)
            return r;
-        return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL );
+        return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen_core0, NULL);
    }
    mbedtls_platform_zeroize(outk, sizeof(outk));
    return r;
@@ -141,7 +146,7 @@ int scan_files() {
            mbedtls_ecdsa_context ecdsa;
            mbedtls_ecdsa_init(&ecdsa);
            uint8_t index = 0;
-            int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, random_gen, &index);
+            int ret = mbedtls_ecdsa_genkey(&ecdsa, MBEDTLS_ECP_DP_SECP256R1, random_gen_core0, &index);
            if (ret != 0) {
                mbedtls_ecdsa_free(&ecdsa);
                return ret;
@@ -168,12 +173,10 @@ int scan_files() {
            mbedtls_ecdsa_context key;
            mbedtls_ecdsa_init(&key);
            int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), 32);
            printf("ret %d\n", ret);
            if (ret != 0)
                return ret;
            ret = x509_create_cert(&key, cert, sizeof(cert));
            mbedtls_ecdsa_free(&key);
            printf("ret %d\n", ret);
            if (ret <= 0)
                return ret;
            flash_write_data_to_file(ef_certdev, cert + sizeof(cert) - ret, ret);
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@@ -31,7 +31,7 @@
 #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH)
 extern int scan_files();
-extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls_ecdsa_context *key);
+extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, mbedtls_ecdsa_context *key);
 extern bool wait_button_pressed();
 extern CTAPHID_FRAME *ctap_req, *ctap_resp;
@@ -40,5 +40,27 @@ extern CTAPHID_FRAME *ctap_req, *ctap_resp;
 #define FIDO2_ALG_ES384     -35 //ECDSA-SHA384 P384
 #define FIDO2_ALG_ES512     -36 //ECDSA-SHA512 P521
 #define FIDO2_CURVE_P256        1
 #define FIDO2_CURVE_P384        2
 #define FIDO2_CURVE_P521        3
 #define FIDO2_CURVE_X25519      4
 #define FIDO2_CURVE_X448        5
 #define FIDO2_CURVE_ED25519     6
 #define FIDO2_CURVE_ED448       7
 #define FIDO2_CURVE_P256K1      8
 #define FIDO2_AUT_FLAG_UP       0x1
 #define FIDO2_AUT_FLAG_UV       0x4
 #define FIDO2_AUT_FLAG_AT       0x40
 #define FIDO2_AUT_FLAG_ED       0x80
 typedef struct known_app {
    const uint8_t *rp_id_hash;
    const char *label;
    const bool *use_sign_count;
    const bool *use_self_attestation;
 } known_app_t;
 extern const known_app_t *find_app_by_rp_id_hash(const uint8_t *rp_id_hash);
 #endif //_FIDO_H