Merge pull request #97 from LedgerHQ/cev/clean_supported_algo

Handle supported algorithms and curves
This commit is contained in:
Charles-Edouard de la Vergne 2024-03-01 11:05:49 +01:00 committed by GitHub
commit aa8c7201f1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
35 changed files with 223 additions and 96 deletions

View File

@ -29,8 +29,8 @@ APPNAME = OpenPGP
# Application version
APPVERSION_M = 2
APPVERSION_N = 0
APPVERSION_P = 1
APPVERSION_N = 1
APPVERSION_P = 0
APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
SPECVERSION:="3.3.1"
@ -122,6 +122,8 @@ DISABLE_STANDARD_WEBUSB = 1
DEFINES += CUSTOM_IO_APDU_BUFFER_SIZE=\(255+5+64\)
DEFINES += HAVE_USB_CLASS_CCID
DEFINES += HAVE_RSA
# Watchdog issue causing the device reset with long prime number computation
# DEFINES += WITH_SUPPORT_RSA4096
ifeq ($(TARGET_NAME),TARGET_NANOS)
DEFINES += HAVE_UX_LEGACY

View File

@ -11,7 +11,7 @@ This specification is available in *doc* directory and at <https://g10code.com/p
The application supports:
- RSA with key up to 4096 bits
- RSA with key up to 3072 bits
- ECDSA with secp256k1
- EDDSA with Ed25519 curve
- ECDH with secp256k1 and curve25519 curves
@ -321,3 +321,11 @@ It outputs 3 artifacts:
- `compiled_app_binaries` within binary files of the build process for each device
- `code-coverage` within HTML details of code coverage
## Known limitations
Today, the current App has some known limitations.
- RSA4096 is disabled, because of an issue with the watchdog, resetting the device
during long prime number operation.
- Using Ed25519 template, the decrypt doesn't output a correct result.

View File

@ -50,10 +50,10 @@ This specification is available in doc directory at [G10CODE]_.
The application supports:
- RSA with key up to 4096 bits
- ECDSA with secp256k1, secp256r1, brainpool 256r1 and brainpool 256t1 curves
- RSA with key up to 3072 bits
- ECDSA with secp256R1
- EDDSA with Ed25519 curve
- ECDH with secp256k1, secp256r1, brainpool 256r1, brainpool 256t1 and curve25519 curves
- ECDH with secp256R1 and curve25519 curves
This release has known missing parts (see also [GPGADD]_):
@ -154,8 +154,7 @@ The full menu layout is:
| Choose Type...
| RSA 2048
| RSA 3072
| RSA 4096
| NIST P256
| SECP 256R1
| ED25519
| Set Template
| Seed mode *ON/OFF*
@ -1100,7 +1099,7 @@ The *usage* field tells you each key purpose:
The *card-no* field provides you with the serial number of the card on which the key are stored.
You should have 3 or less keys with the same serial. These are the keys we want to restore.
For each key you also have the key template (*rsa2048*, *rsa3072*, *rsa4096*, *ed2559*, *cv25519*) followed by the
For each key you also have the key template (*rsa2048*, *rsa3072*, *ed2559*, *cv25519*) followed by the
short fingerprint, e.g. ``ed25519/8451AAF7D43D1095``
Please note the serial and the 3 key template names: ``FD6C11BE`` , ``ed25519:cv25519:ed25519``.
@ -1465,7 +1464,7 @@ Its usage is:
| ``--set-templates SIG:DEC:AUT``
| ``Set template identifier for selected 'key-type'``
| ``If 'key-type' is not specified, set for all keys (SIG:DEC:AUT)``
| ``Valid values are rsa2048, rsa3072, rsa4096, nistp256, ed25519, cv25519``
| ``Valid values are rsa2048, rsa3072, nistp256, ed25519, cv25519``
| ``--seed-key Regenerate all keys, based on seed mode``
| ``--file FILE Public Key export file (default is 'pubkey')``

View File

@ -10,6 +10,7 @@ dirName=$(dirname "${exeName}")
gnupg_home_dir="$(realpath "${dirName}/gnupg")"
VERBOSE=false
EXPERT=false
#===============================================================================
#
@ -23,7 +24,8 @@ help() {
echo
echo "Options:"
echo
echo " -c <init|card|encrypt|decryptsign|verify> : Requested command"
echo " -c <init|reset|card|encrypt|decryptsign|verify> : Requested command"
echo " -e : Expert mode mode"
echo " -v : Verbose mode"
echo " -h : Displays this help"
echo
@ -32,10 +34,10 @@ help() {
#===============================================================================
#
# kill_process - Kill running process, ensure clear next operation
# reset - Kill running process, ensure clear next operation
#
#===============================================================================
kill_process() {
reset() {
# Kill running process
killall scdaemon gpg-agent 2>/dev/null
}
@ -46,7 +48,7 @@ kill_process() {
#
#===============================================================================
init() {
kill_process
reset
# Cleanup old gnupg home directory
dir=$(basename "${gnupg_home_dir}")
@ -68,8 +70,11 @@ init() {
#
#===============================================================================
card() {
local expert_mode=""
gpg --homedir "${gnupg_home_dir}" --card-edit
[[ ${EXPERT} == true ]] && expert_mode="--expert"
gpg --homedir "${gnupg_home_dir}" ${expert_mode} --card-edit
}
#===============================================================================
@ -79,7 +84,8 @@ card() {
#===============================================================================
encrypt() {
local recipient=""
kill_process
local verbose_mode=""
reset
rm -fr foo*
echo CLEAR > foo.txt
@ -98,8 +104,9 @@ encrypt() {
#
#===============================================================================
decrypt() {
local verbose_mode=""
kill_process
reset
[[ ${VERBOSE} == true ]] && verbose_mode="--verbose"
@ -121,8 +128,9 @@ decrypt() {
#
#===============================================================================
sign() {
local verbose_mode=""
kill_process
reset
rm -fr foo*
echo CLEAR > foo.txt
@ -137,8 +145,9 @@ sign() {
#
#===============================================================================
verify() {
local verbose_mode=""
kill_process
reset
[[ ${VERBOSE} == true ]] && verbose_mode="--verbose"
@ -156,12 +165,12 @@ if (($# < 1)); then
help
fi
while getopts ":c:vh" opt; do
while getopts ":c:evh" opt; do
case $opt in
c)
case ${OPTARG} in
init|card|encrypt|decrypt|sign|verify)
init|reset|card|encrypt|decrypt|sign|verify)
CMD=${OPTARG}
;;
*)
@ -171,6 +180,7 @@ while getopts ":c:vh" opt; do
esac
;;
e) EXPERT=true ;;
v) VERBOSE=true ;;
h) help ;;

View File

@ -22,7 +22,7 @@ from enum import Enum, IntEnum
KEY_TEMPLATES = {
"rsa2048" : "010800002001",
"rsa3072" : "010C00002001",
"rsa4096" : "011000002001",
# "rsa4096" : "011000002001", not supported yet
"nistp256": "132A8648CE3D030107",
"ed25519" : "162B06010401DA470F01",
"cv25519" : "122B060104019755010501"

View File

@ -231,6 +231,8 @@ int gpg_apdu_put_data(unsigned int ref) {
void *pkey = NULL;
cx_aes_key_t aes_key = {0};
cx_err_t error = CX_INTERNAL_ERROR;
unsigned int pkey_size = 0;
unsigned int ksz, curve;
G_gpg_vstate.DO_current = ref;
@ -326,7 +328,7 @@ int gpg_apdu_put_data(unsigned int ref) {
/* ----------------- Extended Header list -----------------*/
case 0x3FFF: {
unsigned int len_e, len_p, len_q;
unsigned int endof, ksz, reset_cnt;
unsigned int endof, reset_cnt;
gpg_key_t *keygpg = NULL;
// fecth 4D
gpg_io_fetch_tl(&t, &l);
@ -395,13 +397,11 @@ int gpg_apdu_put_data(unsigned int ref) {
break;
}
// --- RSA KEY ---
if (keygpg->attributes.value[0] == KEY_ID_RSA) {
unsigned int e = 0;
unsigned char *p, *q, *pq;
cx_rsa_public_key_t *rsa_pub;
cx_rsa_private_key_t *rsa_priv;
unsigned int pkey_size = 0;
// check length
ksz = U2BE(keygpg->attributes.value, 1) >> 3;
rsa_pub = (cx_rsa_public_key_t *) &G_gpg_vstate.work.rsa.public;
@ -415,10 +415,12 @@ int gpg_apdu_put_data(unsigned int ref) {
pkey_size = sizeof(cx_rsa_3072_private_key_t);
pq = G_gpg_vstate.work.rsa.public3072.n;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
pkey_size = sizeof(cx_rsa_4096_private_key_t);
pq = G_gpg_vstate.work.rsa.public4096.n;
break;
#endif
default:
break;
}
@ -475,15 +477,11 @@ int gpg_apdu_put_data(unsigned int ref) {
nvm_write(&G_gpg_vstate.kslot->sig_count, &reset_cnt, sizeof(unsigned int));
}
sw = SW_OK;
}
// --- ECC KEY ---
else if ((keygpg->attributes.value[0] == KEY_ID_ECDH) ||
(keygpg->attributes.value[0] == KEY_ID_ECDSA) ||
(keygpg->attributes.value[0] == KEY_ID_EDDSA)) {
unsigned int curve;
} else if ((keygpg->attributes.value[0] == KEY_ID_ECDH) ||
(keygpg->attributes.value[0] == KEY_ID_ECDSA) ||
(keygpg->attributes.value[0] == KEY_ID_EDDSA)) {
curve = gpg_oid2curve(&keygpg->attributes.value[1], keygpg->attributes.length - 1);
if (curve == 0) {
if (curve == CX_CURVE_NONE) {
sw = SW_WRONG_DATA;
break;
}
@ -637,9 +635,35 @@ int gpg_apdu_put_data(unsigned int ref) {
sw = SW_WRONG_LENGTH;
break;
}
nvm_write(ptr_v, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length);
nvm_write(ptr_l, &G_gpg_vstate.io_length, sizeof(unsigned int));
sw = SW_OK;
switch (G_gpg_vstate.work.io_buffer[0]) {
case KEY_ID_RSA:
ksz = U2BE(G_gpg_vstate.work.io_buffer, 1);
if ((ksz != 2048) && (ksz != 3072)) {
sw = SW_WRONG_DATA;
} else {
sw = SW_OK;
}
break;
case KEY_ID_ECDH:
case KEY_ID_ECDSA:
case KEY_ID_EDDSA:
curve =
gpg_oid2curve(G_gpg_vstate.work.io_buffer + 1, G_gpg_vstate.io_length - 1);
if (curve == CX_CURVE_NONE) {
sw = SW_WRONG_DATA;
} else {
sw = SW_OK;
}
break;
default:
sw = SW_WRONG_DATA;
break;
}
if (sw == SW_OK) {
nvm_write(ptr_v, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length);
nvm_write(ptr_l, &G_gpg_vstate.io_length, sizeof(unsigned int));
}
break;
/* ----------------- PWS status ----------------- */
@ -801,11 +825,13 @@ end:
// cmd
// resp TID API COMPAT len_pub len_priv priv
int gpg_apdu_get_key_data(unsigned int ref) {
cx_aes_key_t keyenc;
gpg_key_t *keygpg;
cx_aes_key_t keyenc = {0};
gpg_key_t *keygpg = NULL;
cx_rsa_private_key_t *key = NULL;
unsigned int len = 0;
cx_err_t error = CX_INTERNAL_ERROR;
int sw = SW_UNKNOWN;
unsigned int ksz = 0;
sw = gpg_init_keyenc(&keyenc);
if (sw != SW_OK) {
@ -832,18 +858,39 @@ int gpg_apdu_get_key_data(unsigned int ref) {
// encrypted part
switch (keygpg->attributes.value[0]) {
case KEY_ID_RSA: // RSA
case KEY_ID_RSA:
ksz = U2BE(G_gpg_vstate.mse_dec->attributes.value, 1) >> 3;
switch (ksz) {
case 2048 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa2048;
len = sizeof(cx_rsa_2048_private_key_t);
break;
case 3072 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa3072;
len = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa4096;
len = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
}
if ((key == NULL) || (key->size != ksz)) {
return SW_CONDITIONS_NOT_SATISFIED;
}
// insert pubkey
gpg_io_insert_u32(4);
gpg_io_insert(keygpg->pub_key.rsa, 4);
// insert privkey
gpg_io_mark();
len = GPG_IO_BUFFER_LENGTH - G_gpg_vstate.io_offset;
CX_CHECK(cx_aes_no_throw(&keyenc,
CX_ENCRYPT | CX_CHAIN_CBC | CX_PAD_ISO9797M2 | CX_LAST,
(unsigned char *) &keygpg->priv_key.rsa4096,
sizeof(cx_rsa_4096_private_key_t),
(unsigned char *) key,
len,
G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset,
&len));
gpg_io_inserted(len);
@ -853,7 +900,7 @@ int gpg_apdu_get_key_data(unsigned int ref) {
sw = SW_OK;
break;
case KEY_ID_ECDH: // ECC
case KEY_ID_ECDH:
case KEY_ID_ECDSA:
case KEY_ID_EDDSA:
// insert pubkey
@ -889,12 +936,14 @@ end:
// cmd TID API COMPAT len_pub len_priv priv
// resp -
int gpg_apdu_put_key_data(unsigned int ref) {
cx_aes_key_t keyenc;
gpg_key_t *keygpg;
unsigned int len;
unsigned int offset;
cx_aes_key_t keyenc = {0};
gpg_key_t *keygpg = NULL;
unsigned int len = 0;
cx_rsa_private_key_t *key = NULL;
unsigned int offset = 0;
cx_err_t error = CX_INTERNAL_ERROR;
int sw = SW_UNKNOWN;
unsigned int ksz = 0;
sw = gpg_init_keyenc(&keyenc);
if (sw != SW_OK) {
@ -920,7 +969,6 @@ int gpg_apdu_put_key_data(unsigned int ref) {
gpg_io_fetch_u32();
switch (keygpg->attributes.value[0]) {
// RSA
case KEY_ID_RSA:
// insert pubkey
len = gpg_io_fetch_u32();
@ -937,26 +985,51 @@ int gpg_apdu_put_key_data(unsigned int ref) {
break;
}
offset = G_gpg_vstate.io_offset;
ksz = U2BE(G_gpg_vstate.mse_dec->attributes.value, 1) >> 3;
switch (ksz) {
case 2048 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa2048;
len = sizeof(cx_rsa_2048_private_key_t);
break;
case 3072 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa3072;
len = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa4096;
len = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
}
if ((key == NULL) || (key->size != ksz)) {
sw = SW_CONDITIONS_NOT_SATISFIED;
break;
}
if (len != GPG_IO_BUFFER_LENGTH) {
sw = SW_CONDITIONS_NOT_SATISFIED;
break;
}
PRINTF("[DATA] - put_key_data: key len: %d\n", len);
gpg_io_discard(0);
len = GPG_IO_BUFFER_LENGTH;
CX_CHECK(cx_aes_no_throw(&keyenc,
CX_DECRYPT | CX_CHAIN_CBC | CX_PAD_ISO9797M2 | CX_LAST,
G_gpg_vstate.work.io_buffer + offset,
len,
G_gpg_vstate.work.io_buffer,
&len));
if (len != sizeof(cx_rsa_4096_private_key_t)) {
&ksz));
if (len != ksz) {
PRINTF("[DATA] - put_key_data: Wrong aes output len: %d / %d\n", len, ksz);
sw = SW_WRONG_DATA;
break;
}
nvm_write((unsigned char *) &keygpg->priv_key.rsa4096,
G_gpg_vstate.work.io_buffer,
len);
nvm_write((unsigned char *) key, G_gpg_vstate.work.io_buffer, len);
sw = SW_OK;
break;
// ECC
case KEY_ID_ECDH: // ECC
case KEY_ID_ECDH:
case KEY_ID_ECDSA:
case KEY_ID_EDDSA:
// insert pubkey

View File

@ -93,9 +93,11 @@ static int gpg_gen_rsa_kyey(gpg_key_t *keygpg, uint8_t *name) {
case 3072 / 8:
pkey_size = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
pkey_size = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
default:
break;
}
@ -164,12 +166,16 @@ static int gpg_read_rsa_kyey(gpg_key_t *keygpg) {
}
gpg_io_insert_tlv(0x81, ksz, (unsigned char *) &keygpg->priv_key.rsa3072.n);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
if (keygpg->priv_key.rsa4096.size == 0) {
return SW_REFERENCED_DATA_NOT_FOUND;
}
gpg_io_insert_tlv(0x81, ksz, (unsigned char *) &keygpg->priv_key.rsa4096.n);
break;
#endif
default:
return SW_REFERENCED_DATA_NOT_FOUND;
}
gpg_io_insert_tlv(0x82, 4, keygpg->pub_key.rsa);
@ -224,7 +230,7 @@ static int gpg_read_ecc_kyey(gpg_key_t *keygpg) {
uint32_t i, len;
cx_err_t error = CX_INTERNAL_ERROR;
if (keygpg->pub_key.ecfp256.W_len == 0) {
if (keygpg->pub_key.ecfp.W_len == 0) {
return SW_REFERENCED_DATA_NOT_FOUND;
}
gpg_io_discard(1);
@ -232,23 +238,23 @@ static int gpg_read_ecc_kyey(gpg_key_t *keygpg) {
curve = gpg_oid2curve(keygpg->attributes.value + 1, keygpg->attributes.length - 1);
if (curve == CX_CURVE_Ed25519) {
memmove(G_gpg_vstate.work.io_buffer + 128,
keygpg->pub_key.ecfp256.W,
keygpg->pub_key.ecfp256.W_len);
keygpg->pub_key.ecfp.W,
keygpg->pub_key.ecfp.W_len);
CX_CHECK(cx_edwards_compress_point_no_throw(CX_CURVE_Ed25519,
G_gpg_vstate.work.io_buffer + 128,
65));
gpg_io_insert_tlv(0x86, 32,
G_gpg_vstate.work.io_buffer + 129); // 129: discard 02
} else if (curve == CX_CURVE_Curve25519) {
len = keygpg->pub_key.ecfp256.W_len - 1;
len = keygpg->pub_key.ecfp.W_len - 1;
for (i = 0; i <= len; i++) {
G_gpg_vstate.work.io_buffer[128 + i] = keygpg->pub_key.ecfp256.W[len - i];
G_gpg_vstate.work.io_buffer[128 + i] = keygpg->pub_key.ecfp.W[len - i];
}
gpg_io_insert_tlv(0x86, 32, G_gpg_vstate.work.io_buffer + 128);
} else {
gpg_io_insert_tlv(0x86,
keygpg->pub_key.ecfp256.W_len,
(unsigned char *) &keygpg->pub_key.ecfp256.W);
keygpg->pub_key.ecfp.W_len,
(unsigned char *) &keygpg->pub_key.ecfp.W);
}
return SW_OK;
@ -304,7 +310,6 @@ int gpg_apdu_gen() {
case GEN_ASYM_KEY_SEED:
if (keygpg->attributes.value[0] == KEY_ID_RSA) {
// RSA
sw = gpg_gen_rsa_kyey(keygpg, name);
if (sw != SW_OK) {
break;
@ -312,7 +317,6 @@ int gpg_apdu_gen() {
} else if ((keygpg->attributes.value[0] == KEY_ID_ECDH) ||
(keygpg->attributes.value[0] == KEY_ID_ECDSA) ||
(keygpg->attributes.value[0] == KEY_ID_EDDSA)) {
// ECC
sw = gpg_gen_ecc_kyey(keygpg, name);
if (sw != SW_OK) {
break;
@ -323,12 +327,10 @@ int gpg_apdu_gen() {
// --- read pubkey ---
case READ_ASYM_KEY:
if (keygpg->attributes.value[0] == KEY_ID_RSA) {
// read RSA
sw = gpg_read_rsa_kyey(keygpg);
} else if ((keygpg->attributes.value[0] == KEY_ID_ECDH) ||
(keygpg->attributes.value[0] == KEY_ID_ECDSA) ||
(keygpg->attributes.value[0] == KEY_ID_EDDSA)) {
// read ECC
sw = gpg_read_ecc_kyey(keygpg);
}
l = G_gpg_vstate.io_length;

View File

@ -56,7 +56,7 @@ const unsigned char C_OID_BRAINPOOL256T1[9] = {
const unsigned char C_OID_BRAINPOOL256R1[9] = {
0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x08
};
//brainpool 284r1: 1.3.36.3.3.2.8.1.1.11
//brainpool 384r1: 1.3.36.3.3.2.8.1.1.11
const unsigned char C_OID_BRAINPOOL384R1[9] = {
0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B
};
@ -66,7 +66,7 @@ const unsigned char C_OID_BRAINPOOL512R1[9] = {
};
*/
// Ed25519/curve25519: 1.3.6.1.4.1.11591.15.1
// "twisted" curve25519 for Ed25519: 1.3.6.1.4.1.11591.15.1
const unsigned char C_OID_Ed25519[9] = {
0x2B,
0x06,
@ -79,7 +79,7 @@ const unsigned char C_OID_Ed25519[9] = {
0x01,
};
// Ed25519/curve25519: 1.3.6.1.4.1.11591.15.1
// "Montgomery" curve25519 for X25519: 1.3.6.1.4.1.11591.1.5.1
const unsigned char C_OID_cv25519[10] = {
0x2B,
0x06,

View File

@ -65,7 +65,6 @@ static void gpg_pso_reset_PW1() {
}
static int gpg_sign(gpg_key_t *sigkey) {
// --- RSA
cx_err_t error = CX_INTERNAL_ERROR;
if (sigkey->attributes.value[0] == KEY_ID_RSA) {
cx_rsa_private_key_t *key = NULL;
@ -78,9 +77,11 @@ static int gpg_sign(gpg_key_t *sigkey) {
case 3072 / 8:
key = (cx_rsa_private_key_t *) &sigkey->priv_key.rsa3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &sigkey->priv_key.rsa4096;
break;
#endif
default:
break;
}
@ -113,7 +114,6 @@ static int gpg_sign(gpg_key_t *sigkey) {
gpg_pso_reset_PW1();
return SW_OK;
}
// --- ECDSA/EdDSA
if ((sigkey->attributes.value[0] == KEY_ID_ECDSA) ||
(sigkey->attributes.value[0] == KEY_ID_EDDSA)) {
cx_ecfp_private_key_t *key;
@ -223,7 +223,7 @@ int gpg_apdu_pso() {
// --- PSO:ENC ---
case PSO_ENC: {
unsigned int msg_len;
cx_aes_key_t *key;
cx_aes_key_t *key = NULL;
key = &G_gpg_vstate.kslot->AES_dec;
if (!(key->size != 16)) {
return SW_CONDITIONS_NOT_SATISFIED;
@ -252,7 +252,7 @@ int gpg_apdu_pso() {
switch (pad_byte) {
// --- PSO:DEC:RSA
case 0x00: {
cx_rsa_private_key_t *key;
cx_rsa_private_key_t *key = NULL;
if (G_gpg_vstate.mse_dec->attributes.value[0] != KEY_ID_RSA) {
return SW_CONDITIONS_NOT_SATISFIED;
}
@ -265,9 +265,11 @@ int gpg_apdu_pso() {
case 3072 / 8:
key = (cx_rsa_private_key_t *) &G_gpg_vstate.mse_dec->priv_key.rsa3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &G_gpg_vstate.mse_dec->priv_key.rsa4096;
break;
#endif
}
if ((key == NULL) || (key->size != ksz)) {

View File

@ -84,8 +84,9 @@ typedef struct gpg_key_s {
cx_rsa_private_key_t rsa;
cx_rsa_2048_private_key_t rsa2048;
cx_rsa_3072_private_key_t rsa3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_private_key_t rsa4096;
#endif
cx_ecfp_private_key_t ecfp;
cx_ecfp_256_private_key_t ecfp256;
cx_ecfp_384_private_key_t ecfp384;
@ -215,13 +216,17 @@ struct gpg_v_state_s {
cx_rsa_public_key_t public;
cx_rsa_2048_public_key_t public2048;
cx_rsa_3072_public_key_t public3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_public_key_t public4096;
#endif
};
union {
cx_rsa_private_key_t private;
cx_rsa_2048_private_key_t private2048;
cx_rsa_3072_private_key_t private3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_private_key_t private4096;
#endif
};
} rsa;

View File

@ -29,8 +29,7 @@
#define LABEL_RSA2048 "RSA 2048"
#define LABEL_RSA3072 "RSA 3072"
#define LABEL_RSA4096 "RSA 4096"
#define LABEL_NISTP256 "NIST P256"
#define LABEL_SECP256K1 "SECP 256K1"
#define LABEL_SECP256R1 "SECP 256R1"
#define LABEL_Ed25519 "Ed25519"
void ui_CCID_reset(void);

View File

@ -536,8 +536,10 @@ const ux_menu_entry_t ui_menu_tmpl_key[] = {
const ux_menu_entry_t ui_menu_tmpl_type[] = {
{NULL, ui_menu_tmpl_type_action, 2048, NULL, LABEL_RSA2048, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, 3072, NULL, LABEL_RSA3072, NULL, 0, 0},
#ifdef WITH_SUPPORT_RSA4096
{NULL, ui_menu_tmpl_type_action, 4096, NULL, LABEL_RSA4096, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, CX_CURVE_SECP256R1, NULL, LABEL_NISTP256, NULL, 0, 0},
#endif
{NULL, ui_menu_tmpl_type_action, CX_CURVE_SECP256R1, NULL, LABEL_SECP256R1, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, CX_CURVE_Ed25519, NULL, LABEL_Ed25519, NULL, 0, 0},
{ui_menu_template, NULL, 0, &C_icon_back, "Back", NULL, 61, 40},
UX_MENU_END};
@ -570,12 +572,13 @@ const bagl_element_t *ui_menu_template_predisplay(const ux_menu_entry_t *entry,
case 3072:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_RSA3072);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_RSA4096);
break;
#endif
case CX_CURVE_SECP256R1:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_NISTP256);
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_SECP256R1);
break;
case CX_CURVE_Ed25519:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_Ed25519);
@ -605,7 +608,9 @@ void ui_menu_tmpl_set_action(unsigned int value) {
switch (G_gpg_vstate.ux_type) {
case 2048:
case 3072:
#ifdef WITH_SUPPORT_RSA4096
case 4096:
#endif
attributes.value[0] = KEY_ID_RSA;
U2BE_ENCODE(attributes.value, 1, G_gpg_vstate.ux_type);
attributes.value[3] = 0x00;
@ -621,7 +626,7 @@ void ui_menu_tmpl_set_action(unsigned int value) {
attributes.value[0] = KEY_ID_ECDSA;
}
oid = gpg_curve2oid(G_gpg_vstate.ux_type, &oid_len);
memmove(attributes.value + 1, oid, sizeof(oid_len));
memmove(attributes.value + 1, oid, oid_len);
attributes.length = 1 + oid_len;
break;

View File

@ -474,13 +474,17 @@ void tmpl_key_selector(unsigned int idx) {
const char *const tmpl_type_getter_values[] = {LABEL_RSA2048,
LABEL_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
LABEL_RSA4096,
LABEL_SECP256K1,
#endif
LABEL_SECP256R1,
LABEL_Ed25519};
const unsigned int tmpl_type_getter_values_map[] = {2048,
3072,
#ifdef WITH_SUPPORT_RSA4096
4096,
#endif
CX_CURVE_SECP256R1,
CX_CURVE_Ed25519};
@ -567,11 +571,13 @@ void ui_menu_template_predisplay() {
case 3072:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_RSA3072);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_RSA4096);
break;
#endif
case CX_CURVE_SECP256R1:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_SECP256K1);
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_SECP256R1);
break;
case CX_CURVE_Ed25519:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_Ed25519);
@ -590,14 +596,16 @@ void ui_menu_tmpl_set_action(unsigned int value) {
UNUSED(value);
LV(attributes, GPG_KEY_ATTRIBUTES_LENGTH);
gpg_key_t *dest = NULL;
const unsigned char *oid;
const unsigned char *oid = NULL;
unsigned int oid_len;
memset(&attributes, 0, sizeof(attributes));
switch (G_gpg_vstate.ux_type) {
case 2048:
case 3072:
#ifdef WITH_SUPPORT_RSA4096
case 4096:
#endif
attributes.value[0] = KEY_ID_RSA;
U2BE_ENCODE(attributes.value, 1, G_gpg_vstate.ux_type);
attributes.value[3] = 0x00;
@ -607,13 +615,16 @@ void ui_menu_tmpl_set_action(unsigned int value) {
break;
case CX_CURVE_SECP256R1:
oid = gpg_curve2oid(G_gpg_vstate.ux_type, &oid_len);
if (oid == NULL) {
break;
}
if (G_gpg_vstate.ux_key == 2) {
attributes.value[0] = KEY_ID_ECDH;
} else {
attributes.value[0] = KEY_ID_ECDSA;
}
oid = gpg_curve2oid(G_gpg_vstate.ux_type, &oid_len);
memmove(attributes.value + 1, oid, sizeof(oid_len));
memmove(attributes.value + 1, oid, oid_len);
attributes.length = 1 + oid_len;
break;

View File

@ -204,16 +204,20 @@ static const char* const keyNameTexts[] = {LABEL_SIG, LABEL_DEC, LABEL_AUT};
enum {
TOKEN_TYPE_RSA2048 = FIRST_USER_TOKEN,
TOKEN_TYPE_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
TOKEN_TYPE_RSA4096,
TOKEN_TYPE_SECP256K1,
#endif
TOKEN_TYPE_SECP256R1,
TOKEN_TYPE_Ed25519,
TOKEN_TYPE_BACK
};
static const char* const keyTypeTexts[] = {LABEL_RSA2048,
LABEL_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
LABEL_RSA4096,
LABEL_SECP256K1,
#endif
LABEL_SECP256R1,
LABEL_Ed25519};
static uint32_t _getKeyType(const uint8_t key) {
@ -237,7 +241,6 @@ static uint32_t _getKeyType(const uint8_t key) {
}
switch (attributes[0]) {
case KEY_ID_RSA:
// RSA
tag = U2BE(attributes, 1);
switch (tag) {
case 2048:
@ -246,16 +249,18 @@ static uint32_t _getKeyType(const uint8_t key) {
case 3072:
token = TOKEN_TYPE_RSA3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096:
token = TOKEN_TYPE_RSA4096;
break;
#endif
}
break;
case KEY_ID_ECDH:
tag = attributes[1];
switch (tag) {
case 0x2A:
token = TOKEN_TYPE_SECP256K1;
token = TOKEN_TYPE_SECP256R1;
break;
case 0x2B:
token = TOKEN_TYPE_Ed25519;
@ -263,7 +268,7 @@ static uint32_t _getKeyType(const uint8_t key) {
}
break;
case KEY_ID_ECDSA:
token = TOKEN_TYPE_SECP256K1;
token = TOKEN_TYPE_SECP256R1;
break;
case KEY_ID_EDDSA:
token = TOKEN_TYPE_Ed25519;
@ -285,7 +290,9 @@ static void template_key_cb(int token, uint8_t index) {
switch (key_type) {
case TOKEN_TYPE_RSA2048:
case TOKEN_TYPE_RSA3072:
#ifdef WITH_SUPPORT_RSA4096
case TOKEN_TYPE_RSA4096:
#endif
switch (key_type) {
case TOKEN_TYPE_RSA2048:
size = 2048;
@ -293,9 +300,11 @@ static void template_key_cb(int token, uint8_t index) {
case TOKEN_TYPE_RSA3072:
size = 3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case TOKEN_TYPE_RSA4096:
size = 4096;
break;
#endif
}
attributes.value[0] = KEY_ID_RSA;
U2BE_ENCODE(attributes.value, 1, size);
@ -306,7 +315,7 @@ static void template_key_cb(int token, uint8_t index) {
oid_len = 6;
break;
case TOKEN_TYPE_SECP256K1:
case TOKEN_TYPE_SECP256R1:
if (G_gpg_vstate.ux_key == TOKEN_TEMPLATE_DEC) {
attributes.value[0] = KEY_ID_ECDH;
} else {
@ -395,11 +404,13 @@ static void ui_settings_template(void) {
case TOKEN_TYPE_RSA3072:
bar.subText = PIC(LABEL_RSA3072);
break;
#ifdef WITH_SUPPORT_RSA4096
case TOKEN_TYPE_RSA4096:
bar.subText = PIC(LABEL_RSA4096);
break;
case TOKEN_TYPE_SECP256K1:
bar.subText = PIC(LABEL_SECP256K1);
#endif
case TOKEN_TYPE_SECP256R1:
bar.subText = PIC(LABEL_SECP256R1);
break;
case TOKEN_TYPE_Ed25519:
bar.subText = PIC(LABEL_Ed25519);

Binary file not shown.

Before

Width:  |  Height:  |  Size: 400 B

After

Width:  |  Height:  |  Size: 401 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 421 B

After

Width:  |  Height:  |  Size: 417 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 405 B

After

Width:  |  Height:  |  Size: 321 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 426 B

After

Width:  |  Height:  |  Size: 415 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 426 B

After

Width:  |  Height:  |  Size: 415 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 465 B

After

Width:  |  Height:  |  Size: 475 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 588 B

After

Width:  |  Height:  |  Size: 604 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 666 B

After

Width:  |  Height:  |  Size: 601 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 613 B

After

Width:  |  Height:  |  Size: 484 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 418 B

After

Width:  |  Height:  |  Size: 376 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 418 B

After

Width:  |  Height:  |  Size: 376 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 465 B

After

Width:  |  Height:  |  Size: 475 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 588 B

After

Width:  |  Height:  |  Size: 604 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 666 B

After

Width:  |  Height:  |  Size: 601 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 613 B

After

Width:  |  Height:  |  Size: 484 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 418 B

After

Width:  |  Height:  |  Size: 376 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 418 B

After

Width:  |  Height:  |  Size: 376 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 9.4 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 11 KiB

View File

@ -44,7 +44,7 @@ def _gen_key(client: CommandSender, template: str):
[
"rsa2048",
pytest.param("rsa3072", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),
pytest.param("rsa4096", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),
# pytest.param("rsa4096", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),
"nistp256", # ECDSA
"ed25519", # EdDSA
# "cv25519", # ECDH, SDK returns CX_EC_INVALID_CURVE

View File

@ -22,7 +22,7 @@ ROOT_SCREENSHOT_PATH = Path(__file__).parent.resolve()
KEY_TEMPLATES = {
"rsa2048" : "010800002001",
"rsa3072" : "010C00002001",
"rsa4096" : "011000002001",
# "rsa4096" : "011000002001", Not supported yet
"nistp256": "132A8648CE3D030107",
"ed25519" : "162B06010401DA470F01",
"cv25519" : "122B060104019755010501"