port SDK 1.4.2.1

Makefile

@@ -15,6 +15,12 @@
 #  limitations under the License.
 #*******************************************************************************
 
+BOLOS_SDK=/home/cme/Projects/Git/ledger/nanos-secure-sdk-cslashm
+
+
+CLANGPATH=/home/cme/Projects/Git/ledger/compilers/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10/bin/
+GCCPATH=/home/cme/Projects/Git/ledger/compilers/gcc-arm-none-eabi-5_3-2016q1/bin/
+
 
 ifeq ($(BOLOS_SDK),)
 $(error Environment variable BOLOS_SDK is not set)

doc/user/blue-app-openpgp-card.rst

@@ -1,5 +1,5 @@
 ..
-   Copyright 2017 Cedric Mesnil <cslashm@gmail.com>, Ledger SAS
+   Copyright 2018 Cedric Mesnil <cslashm@gmail.com>, Ledger SAS
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

src/gpg_challenge.c

@@ -44,16 +44,16 @@ int gpg_apdu_get_challenge() {
     chain[0] = 'r'; chain[1]='n'; chain[2] = 'd';
 
     cx_sha256_init(&G_gpg_vstate.work.md.sha256);    
-    cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, Sr, 32, NULL);
-    cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, chain, 3, NULL);
+    cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, Sr, 32, NULL, 0);
+    cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 0, chain, 3, NULL, 0);
     hlen=cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha256, 
                  CX_LAST, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, 
-                 G_gpg_vstate.work.io_buffer);
+                 G_gpg_vstate.work.io_buffer, 32);
     
     cx_sha3_xof_init(&G_gpg_vstate.work.md.sha3, 256, olen);
     cx_hash((cx_hash_t *)&G_gpg_vstate.work.md.sha3, 
             CX_LAST, G_gpg_vstate.work.io_buffer, hlen, 
-            G_gpg_vstate.work.io_buffer);
+            G_gpg_vstate.work.io_buffer,olen);
   } else {
     cx_rng(G_gpg_vstate.work.io_buffer, olen);
   }

src/gpg_data.c

@@ -67,7 +67,7 @@ int gpg_apdu_get_data(unsigned int ref)  {
     break;
     /* ----------------- Config RSA exponent ----------------- */
   case 0x01F8:
-    gpg_io_insert_u32(N_gpg_pstate->default_RSA_exponent);
+    gpg_io_insert(N_gpg_pstate->default_RSA_exponent,4);
     break;
 
    /* ----------------- Application ----------------- */
@@ -433,7 +433,12 @@ int gpg_apdu_put_data(unsigned int ref) {
       os_memset(pq+ksz, 0, ksz-len_q);
       
       //regenerate RSA private key
-      cx_rsa_generate_pair(ksz<<1, rsa_pub, rsa_priv, e, pq);
+      unsigned char _e[4];
+      _e[0] = e>>24;
+      _e[1] = e>>16;
+      _e[2] = e>>8;
+      _e[3] = e>>0;
+      cx_rsa_generate_pair(ksz<<1, rsa_pub, rsa_priv, _e, 4, pq);
 
       //write keys
       nvm_write(&keygpg->pub_key.rsa, rsa_pub->e, 4);

src/gpg_gen.c

@@ -46,12 +46,12 @@ static void gpg_pso_derive_key_seed(unsigned char *Sn, unsigned char* key_name,
   h[1] = idx;
 
   cx_sha256_init(&G_gpg_vstate.work.md.sha256);
-  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0,       Sn,      32, NULL);
-  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0,       (unsigned char *)key_name, 4, NULL);
-  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, CX_LAST, h   , 2, h);
+  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0,       Sn,      32, NULL, 0);
+  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, 0,       (unsigned char *)key_name, 4, NULL, 0);
+  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha256, CX_LAST, h   , 2, h,32);
 
   cx_sha3_xof_init(&G_gpg_vstate.work.md.sha3, 256, Ski_len);
-  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha3, CX_LAST, h, 32, Ski);
+  cx_hash((cx_hash_t*)&G_gpg_vstate.work.md.sha3, CX_LAST, h, 32, Ski, Ski_len);
 }
 
 
@@ -153,8 +153,7 @@ int gpg_apdu_gen() {
         cx_math_next_prime(pq+size,size);
       }
 
-
-      cx_rsa_generate_pair(ksz, rsa_pub, rsa_priv, N_gpg_pstate->default_RSA_exponent, pq);
+      cx_rsa_generate_pair(ksz, rsa_pub, rsa_priv, N_gpg_pstate->default_RSA_exponent, 4, pq);
 
       nvm_write(pkey, rsa_priv, pkey_size);
       nvm_write(&keygpg->pub_key.rsa[0], rsa_pub->e, 4);
@@ -262,7 +261,7 @@ int gpg_apdu_gen() {
       curve = gpg_oid2curve(keygpg->attributes.value+1, keygpg->attributes.length-1);
       if (curve == CX_CURVE_Ed25519) {
         os_memmove(G_gpg_vstate.work.io_buffer+128, keygpg->pub_key.ecfp256.W,keygpg->pub_key.ecfp256.W_len);
-        cx_edward_compress_point(CX_CURVE_Ed25519, G_gpg_vstate.work.io_buffer+128);
+        cx_edward_compress_point(CX_CURVE_Ed25519, G_gpg_vstate.work.io_buffer+128, 65);
         gpg_io_insert_tlv(0x86, 32, G_gpg_vstate.work.io_buffer+129); //129: discard 02
       } else if (curve == CX_CURVE_Curve25519) {
         unsigned int i,len;

src/gpg_init.c

@@ -283,8 +283,12 @@ int gpg_install(unsigned char app_state) {
     gpg_nvm_write(&N_gpg_pstate->config_slot, G_gpg_vstate.work.io_buffer, 3);
     
     //config rsa pub
-    l = GPG_RSA_DEFAULT_PUB;
-    nvm_write(&N_gpg_pstate->default_RSA_exponent, &l, sizeof(unsigned int));
+    #define GPG_RSA_DEFAULT_PUB 0x00010001
+    G_gpg_vstate.work.io_buffer[0] = (GPG_RSA_DEFAULT_PUB>>24)&0xFF;
+    G_gpg_vstate.work.io_buffer[1] = (GPG_RSA_DEFAULT_PUB>>16)&0xFF;
+    G_gpg_vstate.work.io_buffer[2] = (GPG_RSA_DEFAULT_PUB>>8)&0xFF; 
+    G_gpg_vstate.work.io_buffer[3] = (GPG_RSA_DEFAULT_PUB>>0)&0xFF;
+    nvm_write(&N_gpg_pstate->default_RSA_exponent, G_gpg_vstate.work.io_buffer, 4);
     
     //config pin
     #if 1
@@ -300,7 +304,7 @@ int gpg_install(unsigned char app_state) {
     //default key template: RSA 2048)
     
     for (int s = 0; s< GPG_KEYS_SLOTS; s++) {
-#if 1
+#if 0
       l = sizeof(C_default_AlgoAttrRSA);
       gpg_nvm_write(&N_gpg_pstate->keys[s].sig.attributes.value, (void*)C_default_AlgoAttrRSA, l);
       gpg_nvm_write(&N_gpg_pstate->keys[s].sig.attributes.length, &l, sizeof(unsigned int));

src/gpg_pin.c

@@ -63,7 +63,7 @@ static int gpg_pin_check_internal(gpg_pin_t *pin,  unsigned char *pin_val, int p
   counter = pin->counter-1;
   gpg_nvm_write(&(pin->counter), &counter, sizeof(int));
   cx_sha256_init(&sha256);
-  cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, NULL);
+  cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, NULL, 0);
   if (os_memcmp(sha256.acc, pin->value, 32)) {
     return SW_SECURITY_STATUS_NOT_SATISFIED;
   }
@@ -103,7 +103,7 @@ void gpg_pin_set(gpg_pin_t *pin, unsigned char *pin_val, unsigned int pin_len) {
   gpg_pin_t newpin;
 
   cx_sha256_init(&sha256);
-  cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, newpin.value);
+  cx_hash((cx_hash_t*)&sha256, CX_LAST, pin_val, pin_len, newpin.value, 32);
   newpin.length = pin_len;
   newpin.counter = 3;
 

src/gpg_pso.c

@@ -93,11 +93,12 @@ static int gpg_sign(gpg_key_t *sigkey) {
       }
       //sign
       if (sigkey->attributes.value[0] == 19) {
+
         sz = cx_ecdsa_sign(key,
                            CX_RND_TRNG,
                            CX_NONE,
-                           G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length,
-                           G_gpg_vstate.work.io_buffer,
+                           G_gpg_vstate.work.io_buffer, 32/*G_gpg_vstate.io_length*/,
+                           G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH,
                            NULL);
         //reencode r,s in MPI format
         gpg_io_discard(0);
@@ -121,7 +122,7 @@ static int gpg_sign(gpg_key_t *sigkey) {
                            CX_NONE,
                            CX_SHA512, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length,
                            NULL, 0,
-                           G_gpg_vstate.work.io_buffer+128,
+                           G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128,
                            NULL);
         gpg_io_discard(0);
         gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz);
@@ -162,7 +163,7 @@ int gpg_apdu_pso(unsigned int pso) {
     sz = cx_aes(key,
                 CX_ENCRYPT|CX_CHAIN_CBC|CX_LAST,
                 G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, msg_len,
-                G_gpg_vstate.work.io_buffer+1);
+                G_gpg_vstate.work.io_buffer+1, GPG_IO_BUFFER_LENGTH-1);
     //send
     gpg_io_discard(0);
     G_gpg_vstate.work.io_buffer[0] = 0x02;
@@ -232,7 +233,7 @@ int gpg_apdu_pso(unsigned int pso) {
       sz = cx_aes(key,
                   CX_DECRYPT|CX_CHAIN_CBC|CX_LAST,
                   G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, msg_len,
-                  G_gpg_vstate.work.io_buffer);
+                  G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH);
       //send
       gpg_io_discard(0);
       gpg_io_inserted(sz);
@@ -275,8 +276,8 @@ int gpg_apdu_pso(unsigned int pso) {
         G_gpg_vstate.work.io_buffer[511] = 0x02;
         sz = cx_ecdh(key,
                     CX_ECDH_X,
-                    G_gpg_vstate.work.io_buffer+511,
-                    G_gpg_vstate.work.io_buffer+256);
+                    G_gpg_vstate.work.io_buffer+511, 65, 
+                    G_gpg_vstate.work.io_buffer+256, 160);
         for (i = 0; i <=31; i++) { 
           G_gpg_vstate.work.io_buffer[128+i] = G_gpg_vstate.work.io_buffer[287-i];
         }
@@ -284,8 +285,8 @@ int gpg_apdu_pso(unsigned int pso) {
       } else {
         sz = cx_ecdh(key,
                     CX_ECDH_X,
-                    G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset,
-                    G_gpg_vstate.work.io_buffer+128);
+                    G_gpg_vstate.work.io_buffer+G_gpg_vstate.io_offset, 65,
+                    G_gpg_vstate.work.io_buffer+128, 160);
       }
       //send
       gpg_io_discard(0);

src/gpg_types.h

@@ -116,7 +116,7 @@ struct gpg_nv_state_s {
   /* 01F1 (01F2 is volatile)*/
   unsigned char config_slot[3];
   /* RSA exponent */
-  unsigned int default_RSA_exponent;
+  unsigned char default_RSA_exponent[4];
 
   /*  0101 0102 0103 0104 */
   LV(private_DO1, GPG_EXT_PRIVATE_DO_LENGTH);

src/lib_stusb_impl/usbd_impl.c

@@ -322,7 +322,7 @@ static __ALIGN_BEGIN const uint8_t const N_USBD_CfgDesc[] __ALIGN_END =
 #ifdef HAVE_IO_U2F
   /* HID FIDO ################################################################################################ */
 
-  /************** Descriptor of KBD HID interface ****************/
+  /************** Descriptor of HID FIDO interface ****************/
   0x09,         /*bLength: Interface Descriptor size*/
   USB_DESC_TYPE_INTERFACE,/*bDescriptorType: Interface descriptor type*/
   U2F_INTF,         /*bInterfaceNumber: Number of Interface*/