From 65b14960ce7ed936c4921656f40a3c7c4f36923d Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 2 Sep 2022 18:36:14 +0200
Subject: [PATCH] Adding MKEK generation on first scan.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 CMakeLists.txt   |  1 +
 src/fido/fido.c  | 33 ++++++++++++++++++++++++++++++---
 src/fido/fido.h  |  4 ++++
 src/fido/files.c | 31 +++++++++++++++++++++++++++++++
 src/fido/files.h | 31 +++++++++++++++++++++++++++++++
 5 files changed, 97 insertions(+), 3 deletions(-)
 create mode 100644 src/fido/files.c
 create mode 100644 src/fido/files.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a9c64ff..d4a6401 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -30,6 +30,7 @@ add_executable(pico_fido)
 
 target_sources(pico_fido PUBLIC
         ${CMAKE_CURRENT_LIST_DIR}/src/fido/fido.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/fido/files.c
         ${CMAKE_CURRENT_LIST_DIR}/src/fido/cmd_register.c
         )
 set(HSM_DRIVER "hid")
diff --git a/src/fido/fido.c b/src/fido/fido.c
index 7836e0d..fc916a1 100644
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@@ -19,6 +19,9 @@
 #include "hsm.h"
 #include "apdu.h"
 #include "u2f.h"
+#include "files.h"
+#include "file.h"
+#include "random.h"
 #include <stdio.h>
 
 void init_fido();
@@ -39,9 +42,6 @@ app_t *fido_select(app_t *a) {
     return a;
 }
 
-void init_fido() {
-}
-
 void __attribute__ ((constructor)) fido_ctor() {
     register_app(fido_select);
     fido_select(&apps[0]);
@@ -51,6 +51,33 @@ int fido_unload() {
     return CCID_OK;
 }
 
+void scan_files() {
+    ef_mkek = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
+    if (ef_mkek) {
+        if (!ef_mkek->data) {
+            printf("MKEK is empty. Initializing with default password\r\n");
+             uint8_t tmp_mkek[MKEK_SIZE];
+            const uint8_t *rd = random_bytes_get(MKEK_IV_SIZE+MKEK_KEY_SIZE);
+            memcpy(tmp_mkek, rd, MKEK_IV_SIZE+MKEK_KEY_SIZE);
+            flash_write_data_to_file(ef_mkek, tmp_mkek, MKEK_SIZE);
+        }
+    }
+    else {
+        printf("FATAL ERROR: PIN1 not found in memory!\r\n");
+    }
+
+    low_flash_available();
+}
+
+void scan_all() {
+    scan_flash();
+    scan_files();
+}
+
+void init_fido() {
+    scan_all();
+}
+
 typedef struct cmd
 {
   uint8_t ins;
diff --git a/src/fido/fido.h b/src/fido/fido.h
index cd484f2..35b0bdd 100644
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@@ -22,4 +22,8 @@
 #define KEY_PATH_LEN 32
 #define KEY_HANDLE_LEN (KEY_PATH_LEN + SHA256_DIGEST_LENGTH)
 
+#define MKEK_IV_SIZE 16
+#define MKEK_KEY_SIZE 32
+#define MKEK_SIZE (MKEK_IV_SIZE+MKEK_KEY_SIZE)
+
 #endif //_FIDO_H
diff --git a/src/fido/files.c b/src/fido/files.c
new file mode 100644
index 0000000..6162462
--- /dev/null
+++ b/src/fido/files.c
@@ -0,0 +1,31 @@
+/*
+ * This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "file.h"
+#include "files.h"
+
+file_t file_entries[] = {
+    {.fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = {0}},                                                                     // MF
+    {.fid = EF_KEY_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},  // Device Key
+    {.fid = EF_PRKD_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}}, // PrKD Device
+    {.fid = EF_EE_DEV, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // End Entity Certificate Device
+    {.fid = EF_MKEK, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},     // MKEK
+};
+
+const file_t *MF = &file_entries[0];
+const file_t *file_last = &file_entries[sizeof(file_entries)/sizeof(file_t)-1];
+file_t *ef_mkek = NULL;
diff --git a/src/fido/files.h b/src/fido/files.h
new file mode 100644
index 0000000..80202a5
--- /dev/null
+++ b/src/fido/files.h
@@ -0,0 +1,31 @@
+/*
+ * This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _FILES_H_
+#define _FILES_H_
+
+#include "file.h"
+
+#define EF_MKEK         0x100A
+
+#define EF_KEY_DEV      0xCC00
+#define EF_PRKD_DEV     0xC400
+#define EF_EE_DEV       0xCE00
+
+extern file_t *ef_mkek;
+
+#endif //_FILES_H_