Archives
/
openpgp-card-app
mirror of https://github.com/LedgerHQ/openpgp-card-app
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Deactivate Decryption with cv25519 (gpg limitation)

Browse Source
pull/107/head
Charles-Edouard de la Vergne 4 months ago
parent d7f14769c3
commit ff33f9e1c0
No known key found for this signature in database
GPG Key ID: F12296941B7BB9C6
5 changed files with 126 additions and 11 deletions
Show Stats Download Patch File Download Diff File

2
Makefile
Unescape Escape View File

@ -124,6 +124,8 @@ DEFINES += HAVE_USB_CLASS_CCID
DEFINES += HAVE_RSA
# Watchdog issue causing the device reset with long prime number computation
# DEFINES += WITH_SUPPORT_RSA4096
# Limitation (maybe due to openpgp itself): no support of DEC operation with cv25519
DEFINES += NO_DECRYPT_cv25519
ifeq ($(TARGET_NAME),TARGET_NANOS)
DEFINES += HAVE_UX_LEGACY

12
src/gpg_data.c
Unescape Escape View File

@ -264,6 +264,9 @@ int gpg_apdu_put_data(unsigned int ref) {
cx_err_t error = CX_INTERNAL_ERROR;
unsigned int pkey_size = 0;
unsigned int ksz, curve;
#ifdef NO_DECRYPT_cv25519
bool decKey = false;
#endif
G_gpg_vstate.DO_current = ref;
@ -655,6 +658,9 @@ int gpg_apdu_put_data(unsigned int ref) {
case 0xC2:
ptr_l = &G_gpg_vstate.kslot->dec.attributes.length;
ptr_v = G_gpg_vstate.kslot->dec.attributes.value;
#ifdef NO_DECRYPT_cv25519
decKey = true;
#endif
goto WRITE_ATTRIBUTES;
case 0xC3:
ptr_l = &G_gpg_vstate.kslot->aut.attributes.length;
@ -679,6 +685,12 @@ int gpg_apdu_put_data(unsigned int ref) {
case KEY_ID_EDDSA:
curve =
gpg_oid2curve(G_gpg_vstate.work.io_buffer + 1, G_gpg_vstate.io_length - 1);
#ifdef NO_DECRYPT_cv25519
if ((decKey) && (curve == CX_CURVE_Curve25519)) {
sw = SW_WRONG_DATA;
break;
}
#endif
if (curve == CX_CURVE_NONE) {
sw = SW_WRONG_DATA;
} else {

43
src/gpg_ux_nanos.c
Unescape Escape View File

@ -592,13 +592,20 @@ unsigned int ui_pinentry_action_button(unsigned int button_mask, unsigned int bu
}
/* ------------------------------- template UX ------------------------------- */
#ifdef NO_DECRYPT_cv25519
void ui_menu_template_display_type(unsigned int value);
#endif
const ux_menu_entry_t ui_menu_tmpl_key[];
const ux_menu_entry_t ui_menu_tmpl_type[];
const ux_menu_entry_t ui_menu_template[] = {
{ui_menu_tmpl_key, NULL, -1, NULL, "Choose key...", NULL, 0, 0},
#ifdef NO_DECRYPT_cv25519
{NULL, ui_menu_template_display_type, -1, NULL, "Choose type...", NULL, 0, 0},
#else
{ui_menu_tmpl_type, NULL, -1, NULL, "Choose type...", NULL, 0, 0},
#endif
{NULL, ui_menu_tmpl_set_action, -1, NULL, "Set template", NULL, 0, 0},
{ui_menu_settings, NULL, 0, &C_icon_back, "Back", NULL, 61, 40},
UX_MENU_END};
@ -622,6 +629,19 @@ const ux_menu_entry_t ui_menu_tmpl_type[] = {
{ui_menu_template, NULL, 0, &C_icon_back, "Back", NULL, 61, 40},
UX_MENU_END};
#ifdef NO_DECRYPT_cv25519
const ux_menu_entry_t ui_menu_tmpl_Dectype[] = {
{NULL, ui_menu_tmpl_type_action, 2048, NULL, LABEL_RSA2048, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, 3072, NULL, LABEL_RSA3072, NULL, 0, 0},
#ifdef WITH_SUPPORT_RSA4096
{NULL, ui_menu_tmpl_type_action, 4096, NULL, LABEL_RSA4096, NULL, 0, 0},
#endif
{NULL, ui_menu_tmpl_type_action, CX_CURVE_SECP256K1, NULL, LABEL_SECP256K1, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, CX_CURVE_SECP256R1, NULL, LABEL_SECP256R1, NULL, 0, 0},
{ui_menu_template, NULL, 0, &C_icon_back, "Back", NULL, 61, 40},
UX_MENU_END};
#endif
/**
* Template page display preparation callback
*
@ -671,7 +691,17 @@ const bagl_element_t *ui_menu_template_predisplay(const ux_menu_entry_t *entry,
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_SECP256R1);
break;
case CX_CURVE_Ed25519:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_Ed25519);
#ifdef NO_DECRYPT_cv25519
if (G_gpg_vstate.ux_key == 2) {
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "Choose type...");
} else
#endif
{
snprintf(G_gpg_vstate.menu,
sizeof(G_gpg_vstate.menu),
" %s",
LABEL_Ed25519);
}
break;
default:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "Choose type...");
@ -692,7 +722,16 @@ const bagl_element_t *ui_menu_template_predisplay(const ux_menu_entry_t *entry,
void ui_menu_template_display(unsigned int value) {
UX_MENU_DISPLAY(value, ui_menu_template, ui_menu_template_predisplay);
}
#ifdef NO_DECRYPT_cv25519
void ui_menu_template_display_type(unsigned int value) {
UNUSED(value);
if (G_gpg_vstate.ux_key == 2) {
UX_MENU_DISPLAY(0, ui_menu_tmpl_Dectype, ui_menu_template_predisplay);
} else {
UX_MENU_DISPLAY(0, ui_menu_tmpl_type, ui_menu_template_predisplay);
}
}
#endif
/**
* Template Action callback
*

58
src/gpg_ux_nanox.c
Unescape Escape View File

@ -570,6 +570,23 @@ const unsigned int tmpl_type_getter_values_map[] = {2048,
CX_CURVE_SECP256K1,
CX_CURVE_SECP256R1,
CX_CURVE_Ed25519};
#ifdef NO_DECRYPT_cv25519
const char *const tmpl_type_getter_Decvalues[] = {LABEL_RSA2048,
LABEL_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
LABEL_RSA4096,
#endif
LABEL_SECP256K1,
LABEL_SECP256R1};
const unsigned int tmpl_type_getter_Decvalues_map[] = {2048,
3072,
#ifdef WITH_SUPPORT_RSA4096
4096,
#endif
CX_CURVE_SECP256K1,
CX_CURVE_SECP256R1};
#endif
/**
* Helper to get the key type
@ -580,8 +597,17 @@ const unsigned int tmpl_type_getter_values_map[] = {2048,
*
*/
static const char *tmpl_type_getter(unsigned int idx) {
if (idx < ARRAYLEN(tmpl_type_getter_values)) {
return tmpl_type_getter_values[idx];
#ifdef NO_DECRYPT_cv25519
if (G_gpg_vstate.ux_key == 2) {
if (idx < ARRAYLEN(tmpl_type_getter_Decvalues)) {
return tmpl_type_getter_Decvalues[idx];
}
} else
#endif
{
if (idx < ARRAYLEN(tmpl_type_getter_values)) {
return tmpl_type_getter_values[idx];
}
}
return NULL;
}
@ -593,10 +619,21 @@ static const char *tmpl_type_getter(unsigned int idx) {
*
*/
static void tmpl_type_selector(unsigned int idx) {
if (idx < ARRAYLEN(tmpl_type_getter_values)) {
idx = tmpl_type_getter_values_map[idx];
} else {
idx = 0;
#ifdef NO_DECRYPT_cv25519
if (G_gpg_vstate.ux_key == 2) {
if (idx < ARRAYLEN(tmpl_type_getter_Decvalues)) {
idx = tmpl_type_getter_Decvalues_map[idx];
} else {
idx = 0;
}
} else
#endif
{
if (idx < ARRAYLEN(tmpl_type_getter_values)) {
idx = tmpl_type_getter_values_map[idx];
} else {
idx = 0;
}
}
G_gpg_vstate.ux_type = idx;
ui_menu_template_display(1);
@ -684,7 +721,14 @@ void ui_menu_template_predisplay() {
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_SECP256R1);
break;
case CX_CURVE_Ed25519:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_Ed25519);
#ifdef NO_DECRYPT_cv25519
if (G_gpg_vstate.ux_key == 2) {
snprintf(KEY_TYPE, sizeof(KEY_TYPE), "Choose type...");
} else
#endif
{
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_Ed25519);
}
break;
default:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), "Choose type...");

22
src/gpg_ux_nbgl.c
Unescape Escape View File

@ -323,6 +323,16 @@ static const char* const keyTypeTexts[] = {LABEL_RSA2048,
LABEL_SECP256R1,
LABEL_Ed25519};
#ifdef NO_DECRYPT_cv25519
static const char* const keyTypeDecTexts[] = {LABEL_RSA2048,
LABEL_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
LABEL_RSA4096,
#endif
LABEL_SECP256K1,
LABEL_SECP256R1};
#endif
/**
* Determine the selected key type from its attributes
*
@ -523,8 +533,16 @@ static void template_cb(int token, uint8_t index) {
TOKEN_TYPE_BACK,
template_key_cb);
choices.names = (const char* const*) keyTypeTexts;
choices.nbChoices = ARRAYLEN(keyTypeTexts);
#ifdef NO_DECRYPT_cv25519
if (token == TOKEN_TEMPLATE_DEC) {
choices.names = (const char* const*) keyTypeDecTexts;
choices.nbChoices = ARRAYLEN(keyTypeDecTexts);
} else
#endif
{
choices.names = (const char* const*) keyTypeTexts;
choices.nbChoices = ARRAYLEN(keyTypeTexts);
}
choices.initChoice = _getKeyType(token) - FIRST_USER_TOKEN;
choices.token = token;
nbgl_layoutAddRadioChoice(layoutCtx, &choices);

Write Preview
Loading…
Cancel
Save