From b71d2d02d7e1080e101e32856a679f9036974067 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric?= Date: Mon, 28 May 2018 10:38:04 +0200 Subject: [PATCH] port SDK 1.4.2.1 --- Makefile | 6 ++++++ doc/user/blue-app-openpgp-card.rst | 2 +- src/gpg_challenge.c | 8 ++++---- src/gpg_data.c | 9 +++++++-- src/gpg_gen.c | 13 ++++++------- src/gpg_init.c | 10 +++++++--- src/gpg_pin.c | 4 ++-- src/gpg_pso.c | 19 ++++++++++--------- src/gpg_types.h | 2 +- src/lib_stusb_impl/usbd_impl.c | 2 +- 10 files changed, 45 insertions(+), 30 deletions(-) diff --git a/Makefile b/Makefile index ddc0ed6..543444d 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,12 @@ # limitations under the License. #******************************************************************************* +BOLOS_SDK=/home/cme/Projects/Git/ledger/nanos-secure-sdk-cslashm + + +CLANGPATH=/home/cme/Projects/Git/ledger/compilers/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10/bin/ +GCCPATH=/home/cme/Projects/Git/ledger/compilers/gcc-arm-none-eabi-5_3-2016q1/bin/ + ifeq ($(BOLOS_SDK),) $(error Environment variable BOLOS_SDK is not set) diff --git a/doc/user/blue-app-openpgp-card.rst b/doc/user/blue-app-openpgp-card.rst index 291068a..52cf5b8 100644 --- a/doc/user/blue-app-openpgp-card.rst +++ b/doc/user/blue-app-openpgp-card.rst @@ -1,5 +1,5 @@ .. - Copyright 2017 Cedric Mesnil , Ledger SAS + Copyright 2018 Cedric Mesnil , Ledger SAS Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/src/gpg_challenge.c b/src/gpg_challenge.c index 1a655f7..7144574 100644 --- a/src/gpg_challenge.c +++ b/src/gpg_challenge.c @@ -44,16 +44,16 @@ int gpg_apdu_get_challenge() { chain[0] = 'r'; chain[1]='n'; chain[2] = 'd'; cx_sha256_init(&G_gpg_vstate.work.md.sha256); - cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, Sr, 32, NULL); - cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, chain, 3, NULL); + cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, Sr, 32, NULL, 0); + cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, chain, 3, NULL, 0); hlen=cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, CX_LAST, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, - G_gpg_vstate.work.io_buffer); + G_gpg_vstate.work.io_buffer, 32); cx_sha3_xof_init(&G_gpg_vstate.work.md.sha3, 256, olen); cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha3, CX_LAST, G_gpg_vstate.work.io_buffer, hlen, - G_gpg_vstate.work.io_buffer); + G_gpg_vstate.work.io_buffer,olen); } else { cx_rng(G_gpg_vstate.work.io_buffer, olen); } diff --git a/src/gpg_data.c b/src/gpg_data.c index 4ca86d1..65c7d1c 100644 --- a/src/gpg_data.c +++ b/src/gpg_data.c @@ -67,7 +67,7 @@ int gpg_apdu_get_data(unsigned int ref) { break; /* ----------------- Config RSA exponent ----------------- */ case 0x01F8: - gpg_io_insert_u32(N_gpg_pstate->default_RSA_exponent); + gpg_io_insert(N_gpg_pstate->default_RSA_exponent,4); break; /* ----------------- Application ----------------- */ @@ -433,7 +433,12 @@ int gpg_apdu_put_data(unsigned int ref) { os_memset(pq+ksz, 0, ksz-len_q); //regenerate RSA private key - cx_rsa_generate_pair(ksz<<1, rsa_pub, rsa_priv, e, pq); + unsigned char _e[4]; + _e[0] = e>>24; + _e[1] = e>>16; + _e[2] = e>>8; + _e[3] = e>>0; + cx_rsa_generate_pair(ksz<<1, rsa_pub, rsa_priv, _e, 4, pq); //write keys nvm_write(&keygpg->pub_key.rsa, rsa_pub->e, 4); diff --git a/src/gpg_gen.c b/src/gpg_gen.c index e7de95d..33ecf72 100644 --- a/src/gpg_gen.c +++ b/src/gpg_gen.c @@ -46,12 +46,12 @@ static void gpg_pso_derive_key_seed(unsigned char *Sn, unsigned char* key_name, h[1] = idx; cx_sha256_init(&G_gpg_vstate.work.md.sha256); - cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0, Sn, 32, NULL); - cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0, (unsigned char *)key_name, 4, NULL); - cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, CX_LAST, h , 2, h); + cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0, Sn, 32, NULL, 0); + cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0, (unsigned char *)key_name, 4, NULL, 0); + cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, CX_LAST, h , 2, h,32); cx_sha3_xof_init(&G_gpg_vstate.work.md.sha3, 256, Ski_len); - cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha3, CX_LAST, h, 32, Ski); + cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha3, CX_LAST, h, 32, Ski, Ski_len); } @@ -153,8 +153,7 @@ int gpg_apdu_gen() { cx_math_next_prime(pq+size,size); } - - cx_rsa_generate_pair(ksz, rsa_pub, rsa_priv, N_gpg_pstate->default_RSA_exponent, pq); + cx_rsa_generate_pair(ksz, rsa_pub, rsa_priv, N_gpg_pstate->default_RSA_exponent, 4, pq); nvm_write(pkey, rsa_priv, pkey_size); nvm_write(&keygpg->pub_key.rsa[0], rsa_pub->e, 4); @@ -262,7 +261,7 @@ int gpg_apdu_gen() { curve = gpg_oid2curve(keygpg->attributes.value+1, keygpg->attributes.length-1); if (curve == CX_CURVE_Ed25519) { os_memmove(G_gpg_vstate.work.io_buffer+128, keygpg->pub_key.ecfp256.W,keygpg->pub_key.ecfp256.W_len); - cx_edward_compress_point(CX_CURVE_Ed25519, G_gpg_vstate.work.io_buffer+128); + cx_edward_compress_point(CX_CURVE_Ed25519, G_gpg_vstate.work.io_buffer+128, 65); gpg_io_insert_tlv(0x86, 32, G_gpg_vstate.work.io_buffer+129); //129: discard 02 } else if (curve == CX_CURVE_Curve25519) { unsigned int i,len; diff --git a/src/gpg_init.c b/src/gpg_init.c index fa82e95..29c5f15 100644 --- a/src/gpg_init.c +++ b/src/gpg_init.c @@ -283,8 +283,12 @@ int gpg_install(unsigned char app_state) { gpg_nvm_write(&N_gpg_pstate->config_slot, G_gpg_vstate.work.io_buffer, 3); //config rsa pub - l = GPG_RSA_DEFAULT_PUB; - nvm_write(&N_gpg_pstate->default_RSA_exponent, &l, sizeof(unsigned int)); + #define GPG_RSA_DEFAULT_PUB 0x00010001 + G_gpg_vstate.work.io_buffer[0] = (GPG_RSA_DEFAULT_PUB>>24)&0xFF; + G_gpg_vstate.work.io_buffer[1] = (GPG_RSA_DEFAULT_PUB>>16)&0xFF; + G_gpg_vstate.work.io_buffer[2] = (GPG_RSA_DEFAULT_PUB>>8)&0xFF; + G_gpg_vstate.work.io_buffer[3] = (GPG_RSA_DEFAULT_PUB>>0)&0xFF; + nvm_write(&N_gpg_pstate->default_RSA_exponent, G_gpg_vstate.work.io_buffer, 4); //config pin #if 1 @@ -300,7 +304,7 @@ int gpg_install(unsigned char app_state) { //default key template: RSA 2048) for (int s = 0; s< GPG_KEYS_SLOTS; s++) { -#if 1 +#if 0 l = sizeof(C_default_AlgoAttrRSA); gpg_nvm_write(&N_gpg_pstate->keys[s].sig.attributes.value, (void*)C_default_AlgoAttrRSA, l); gpg_nvm_write(&N_gpg_pstate->keys[s].sig.attributes.length, &l, sizeof(unsigned int)); diff --git a/src/gpg_pin.c b/src/gpg_pin.c index 7def70f..4ed7aa2 100644 --- a/src/gpg_pin.c +++ b/src/gpg_pin.c @@ -63,7 +63,7 @@ static int gpg_pin_check_internal(gpg_pin_t *pin, unsigned char *pin_val, int p counter = pin->counter-1; gpg_nvm_write(&(pin->counter), &counter, sizeof(int)); cx_sha256_init(&sha256); - cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, NULL); + cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, NULL, 0); if (os_memcmp(sha256.acc, pin->value, 32)) { return SW_SECURITY_STATUS_NOT_SATISFIED; } @@ -103,7 +103,7 @@ void gpg_pin_set(gpg_pin_t *pin, unsigned char *pin_val, unsigned int pin_len) { gpg_pin_t newpin; cx_sha256_init(&sha256); - cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, newpin.value); + cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, newpin.value, 32); newpin.length = pin_len; newpin.counter = 3; diff --git a/src/gpg_pso.c b/src/gpg_pso.c index d0e5f31..e820d17 100644 --- a/src/gpg_pso.c +++ b/src/gpg_pso.c @@ -93,11 +93,12 @@ static int gpg_sign(gpg_key_t *sigkey) { } //sign if (sigkey->attributes.value[0] == 19) { + sz = cx_ecdsa_sign(key, CX_RND_TRNG, CX_NONE, - G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, - G_gpg_vstate.work.io_buffer, + G_gpg_vstate.work.io_buffer, 32/*G_gpg_vstate.io_length*/, + G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH, NULL); //reencode r,s in MPI format gpg_io_discard(0); @@ -121,7 +122,7 @@ static int gpg_sign(gpg_key_t *sigkey) { CX_NONE, CX_SHA512, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, NULL, 0, - G_gpg_vstate.work.io_buffer+128, + G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128, NULL); gpg_io_discard(0); gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz); @@ -162,7 +163,7 @@ int gpg_apdu_pso(unsigned int pso) { sz = cx_aes(key, CX_ENCRYPT|CX_CHAIN_CBC|CX_LAST, G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, msg_len, - G_gpg_vstate.work.io_buffer+1); + G_gpg_vstate.work.io_buffer+1, GPG_IO_BUFFER_LENGTH-1); //send gpg_io_discard(0); G_gpg_vstate.work.io_buffer[0] = 0x02; @@ -232,7 +233,7 @@ int gpg_apdu_pso(unsigned int pso) { sz = cx_aes(key, CX_DECRYPT|CX_CHAIN_CBC|CX_LAST, G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, msg_len, - G_gpg_vstate.work.io_buffer); + G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH); //send gpg_io_discard(0); gpg_io_inserted(sz); @@ -275,8 +276,8 @@ int gpg_apdu_pso(unsigned int pso) { G_gpg_vstate.work.io_buffer[511] = 0x02; sz = cx_ecdh(key, CX_ECDH_X, - G_gpg_vstate.work.io_buffer+511, - G_gpg_vstate.work.io_buffer+256); + G_gpg_vstate.work.io_buffer+511, 65, + G_gpg_vstate.work.io_buffer+256, 160); for (i = 0; i <=31; i++) { G_gpg_vstate.work.io_buffer[128+i] = G_gpg_vstate.work.io_buffer[287-i]; } @@ -284,8 +285,8 @@ int gpg_apdu_pso(unsigned int pso) { } else { sz = cx_ecdh(key, CX_ECDH_X, - G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, - G_gpg_vstate.work.io_buffer+128); + G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, 65, + G_gpg_vstate.work.io_buffer+128, 160); } //send gpg_io_discard(0); diff --git a/src/gpg_types.h b/src/gpg_types.h index 9b89fc8..5b99298 100644 --- a/src/gpg_types.h +++ b/src/gpg_types.h @@ -116,7 +116,7 @@ struct gpg_nv_state_s { /* 01F1 (01F2 is volatile)*/ unsigned char config_slot[3]; /* RSA exponent */ - unsigned int default_RSA_exponent; + unsigned char default_RSA_exponent[4]; /* 0101 0102 0103 0104 */ LV(private_DO1, GPG_EXT_PRIVATE_DO_LENGTH); diff --git a/src/lib_stusb_impl/usbd_impl.c b/src/lib_stusb_impl/usbd_impl.c index d511b08..212e3b8 100644 --- a/src/lib_stusb_impl/usbd_impl.c +++ b/src/lib_stusb_impl/usbd_impl.c @@ -322,7 +322,7 @@ static __ALIGN_BEGIN const uint8_t const N_USBD_CfgDesc[] __ALIGN_END = #ifdef HAVE_IO_U2F /* HID FIDO ################################################################################################ */ - /************** Descriptor of KBD HID interface ****************/ + /************** Descriptor of HID FIDO interface ****************/ 0x09, /*bLength: Interface Descriptor size*/ USB_DESC_TYPE_INTERFACE,/*bDescriptorType: Interface descriptor type*/ U2F_INTF, /*bInterfaceNumber: Number of Interface*/