mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-04-17 21:58:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Adding support for generating more than 32 bytes at a time.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-03-04 10:46:10 +01:00
parent 41f0b53dd5
commit 59833d08eb
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
7 changed files with 28 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bn.c
View file

@ -418,7 +418,7 @@ bn256_random (bn256 *X)
for (i = 0; i < 256/256; i++) for (i = 0; i < 256/256; i++)
{ {
rand = random_bytes_get (); rand = random_bytes_get (32);
for (j = 0; j < BN256_WORDS; j++) for (j = 0; j < BN256_WORDS; j++)
X->word[i*BN256_WORDS+j] = ((uint32_t *)rand)[j]; X->word[i*BN256_WORDS+j] = ((uint32_t *)rand)[j];
random_bytes_free (rand); random_bytes_free (rand);

10
neug.c
View file

@ -62,7 +62,6 @@ static void ep_init (int mode)
/* Here, we assume a little endian architecture. */ /* Here, we assume a little endian architecture. */
static int ep_process (int mode) static int ep_process (int mode)
{ {
if (ep_round == 0) if (ep_round == 0)
{ {
ep_init(mode); ep_init(mode);
@ -259,13 +258,16 @@ uint32_t neug_get (int kick)
return v; return v;
} }
void neug_wait_full (void) void neug_wait_full (void) //should be called only on core1
{ {
struct rng_rb *rb = &the_ring_buffer; struct rng_rb *rb = &the_ring_buffer;
//chopstx_mutex_lock (&rb->m); //chopstx_mutex_lock (&rb->m);
while (!rb->full) while (!rb->full) {
neug_task(); //chopstx_cond_wait (&rb->data_available, &rb->m); printf("not full yet!\r\n");
//neug_task(); //chopstx_cond_wait (&rb->data_available, &rb->m);
sleep_ms(1);
}
//chopstx_mutex_unlock (&rb->m); //chopstx_mutex_unlock (&rb->m);
} }

16
openpgp-do.c
View file

@ -1472,7 +1472,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data,
compute_key_data_checksum (&kdi, prvkey_len, CKDC_CALC); compute_key_data_checksum (&kdi, prvkey_len, CKDC_CALC);
dek = random_bytes_get (); /* 32-byte random bytes */ dek = random_bytes_get (32); /* 32-byte random bytes */
iv = dek + DATA_ENCRYPTION_KEY_SIZE; iv = dek + DATA_ENCRYPTION_KEY_SIZE;
memcpy (pd->dek_encrypted_1, dek, DATA_ENCRYPTION_KEY_SIZE); memcpy (pd->dek_encrypted_1, dek, DATA_ENCRYPTION_KEY_SIZE);
memcpy (pd->dek_encrypted_2, dek, DATA_ENCRYPTION_KEY_SIZE); memcpy (pd->dek_encrypted_2, dek, DATA_ENCRYPTION_KEY_SIZE);
@ -2532,7 +2532,7 @@ gpg_do_keygen (uint8_t *buf)
{ {
if (rnd) if (rnd)
random_bytes_free (rnd); random_bytes_free (rnd);
rnd = random_bytes_get (); rnd = random_bytes_get (32);
r = ecc_check_secret_p256k1 (rnd, d1); r = ecc_check_secret_p256k1 (rnd, d1);
} }
while (r == 0); while (r == 0);
@ -2553,7 +2553,7 @@ gpg_do_keygen (uint8_t *buf)
} }
else if (attr == ALGO_CURVE25519) else if (attr == ALGO_CURVE25519)
{ {
rnd = random_bytes_get (); rnd = random_bytes_get (32);
memcpy (d, rnd, 32); memcpy (d, rnd, 32);
random_bytes_free (rnd); random_bytes_free (rnd);
d[0] &= 248; d[0] &= 248;
@ -2564,7 +2564,7 @@ gpg_do_keygen (uint8_t *buf)
} }
else if (attr == ALGO_ED25519) else if (attr == ALGO_ED25519)
{ {
rnd = random_bytes_get (); rnd = random_bytes_get (32);
mbedtls_sha512_context ctx; mbedtls_sha512_context ctx;
mbedtls_sha512_init(&ctx); mbedtls_sha512_init(&ctx);
@ -2584,11 +2584,11 @@ gpg_do_keygen (uint8_t *buf)
else if (attr == ALGO_ED448) else if (attr == ALGO_ED448)
{ {
shake_context ctx; shake_context ctx;
rnd = random_bytes_get (); rnd = random_bytes_get (32);
shake256_start (&ctx); shake256_start (&ctx);
shake256_update (&ctx, rnd, 32); shake256_update (&ctx, rnd, 32);
random_bytes_free (rnd); random_bytes_free (rnd);
rnd = random_bytes_get (); rnd = random_bytes_get (32);
shake256_update (&ctx, rnd, 25); shake256_update (&ctx, rnd, 25);
shake256_finish (&ctx, d, 2*57); shake256_finish (&ctx, d, 2*57);
random_bytes_free (rnd); random_bytes_free (rnd);
@ -2598,10 +2598,10 @@ gpg_do_keygen (uint8_t *buf)
} }
else if (attr == ALGO_X448) else if (attr == ALGO_X448)
{ {
rnd = random_bytes_get (); rnd = random_bytes_get (32);
memcpy (d, rnd, 32); memcpy (d, rnd, 32);
random_bytes_free (rnd); random_bytes_free (rnd);
rnd = random_bytes_get (); rnd = random_bytes_get (32);
memcpy (d+32, rnd, 24); memcpy (d+32, rnd, 24);
prv = d; prv = d;
ecdh_compute_public_x448 (pubkey, prv); ecdh_compute_public_x448 (pubkey, prv);

2
openpgp.c
View file

@ -1465,7 +1465,7 @@ cmd_get_challenge (queue_t *ccid_comm)
eventflag_signal (ccid_comm, EV_EXEC_ACK_REQUIRED); eventflag_signal (ccid_comm, EV_EXEC_ACK_REQUIRED);
#endif #endif
challenge = random_bytes_get (); challenge = random_bytes_get (32);
memcpy (res_APDU, challenge, len); memcpy (res_APDU, challenge, len);
res_APDU_size = len; res_APDU_size = len;
GPG_SUCCESS (); GPG_SUCCESS ();

8
random.c
View file

@ -50,12 +50,14 @@ void random_fini (void)
* Return pointer to random 32-byte * Return pointer to random 32-byte
*/ */
void random_bytes_free (const uint8_t *p); void random_bytes_free (const uint8_t *p);
const uint8_t * random_bytes_get (void) const uint8_t * random_bytes_get (size_t len)
{ {
static uint32_t return_word[RANDOM_BYTES_LENGTH/sizeof (uint32_t)]; static uint32_t return_word[512/sizeof(uint32_t)];
for (int ix = 0; ix < len; ix += RANDOM_BYTES_LENGTH) {
neug_wait_full (); neug_wait_full ();
memcpy(return_word, random_word, sizeof(return_word)); memcpy(return_word+ix/sizeof(uint32_t), random_word, RANDOM_BYTES_LENGTH);
random_bytes_free((const uint8_t *)random_word); random_bytes_free((const uint8_t *)random_word);
}
return (const uint8_t *)return_word; return (const uint8_t *)return_word;
} }

2
random.h
View file

@ -2,7 +2,7 @@ void random_init (void);
void random_fini (void); void random_fini (void);
/* 32-byte random bytes */ /* 32-byte random bytes */
const uint8_t *random_bytes_get (void); const uint8_t *random_bytes_get (size_t);
void random_bytes_free (const uint8_t *p); void random_bytes_free (const uint8_t *p);
/* 8-byte salt */ /* 8-byte salt */

8
sc_hsm.c
View file

@ -386,7 +386,7 @@ static int cmd_reset_retry() {
} }
static int cmd_challenge() { static int cmd_challenge() {
memcpy(res_APDU, random_bytes_get(), apdu.expected_res_size); memcpy(res_APDU, random_bytes_get(apdu.expected_res_size), apdu.expected_res_size);
res_APDU_size = apdu.expected_res_size; res_APDU_size = apdu.expected_res_size;
return SW_OK(); return SW_OK();
} }
@ -437,11 +437,11 @@ static int cmd_initialize() {
} }
p += tag_len; p += tag_len;
} }
p = random_bytes_get(); p = random_bytes_get(32);
memset(tmp_dkek, 0, sizeof(tmp_dkek)); memset(tmp_dkek, 0, sizeof(tmp_dkek));
memcpy(tmp_dkek, p, IV_SIZE); memcpy(tmp_dkek, p, IV_SIZE);
if (dkeks == 0) { if (dkeks == 0) {
p = random_bytes_get(); p = random_bytes_get(32);
memcpy(tmp_dkek, p, 32); memcpy(tmp_dkek, p, 32);
encrypt(session_sopin, tmp_dkek, tmp_dkek+IV_SIZE, 32); encrypt(session_sopin, tmp_dkek, tmp_dkek+IV_SIZE, 32);
file_t *tf = search_by_fid(EF_DKEK, NULL, SPECIFY_EF); file_t *tf = search_by_fid(EF_DKEK, NULL, SPECIFY_EF);
@ -1154,7 +1154,7 @@ static int cmd_key_gen() {
if (!isUserAuthenticated) if (!isUserAuthenticated)
return SW_SECURITY_STATUS_NOT_SATISFIED(); return SW_SECURITY_STATUS_NOT_SATISFIED();
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC) //at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
const uint8_t *aes_key = random_bytes_get(); const uint8_t *aes_key = random_bytes_get(32);
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id); file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
int r = flash_write_data_to_file(fpk, aes_key, key_size); int r = flash_write_data_to_file(fpk, aes_key, key_size);
if (r != HSM_OK) if (r != HSM_OK)