mirrors/unleashed-firmware
1
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware.git synced 2025-12-12 12:42:30 +04:00
Code Issues Activity

Expose additional functions of the crypto engine to user (#2923)

Browse Source 
* Allow loading user supplied keys and add CTR mode
* Add GCM mode to furi_hal_crypto
* Split up CTR and GCM code, add flag for adv crypto
* Add convenience functions for GCM crypto
* Run fbt format
* Update GCM to support additional auth data
* Update APIs
* FuriHal: update crypto documentation, method names and usage
* Clean up code for key (un)loading, GCM and CTR
  - get rid of goto
  - do not use furi_hal_bt_is_alive() when not using secure enclave
  - give defines a type and wrap in ()
* Add unit test for CTR and GCM crypto
* FuriHal: const in crypto unit tests, cortex timer for crypto operations timeouts
* FuriHal: update crypto docs

Co-authored-by: twisted_pear <twstd@posteo.net>
Co-authored-by: hedger <hedger@users.noreply.github.com>
Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
twisted-pear
2023-08-10 10:44:46 +02:00
committed by GitHub
parent fb63e53d9a
commit c976ff11bf
10 changed files with 1301 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
applications/main/u2f/u2f_data.c
View File

@@ -14,7 +14,7 @@
#define U2F_CNT_FILE U2F_DATA_FOLDER "cnt.u2f"
#define U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_FACTORY 2
#define U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE 11
#define U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE FURI_HAL_CRYPTO_ENCLAVE_UNIQUE_KEY_SLOT
#define U2F_CERT_STOCK 0 // Stock certificate, private key is encrypted with factory key
#define U2F_CERT_USER 1 // User certificate, private key is encrypted with unique key
@@ -136,7 +136,7 @@ static bool u2f_data_cert_key_encrypt(uint8_t* cert_key) {
// Generate random IV
furi_hal_random_fill_buf(iv, 16);
if(!furi_hal_crypto_store_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
if(!furi_hal_crypto_enclave_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
return false;
}
@@ -145,7 +145,7 @@ static bool u2f_data_cert_key_encrypt(uint8_t* cert_key) {
FURI_LOG_E(TAG, "Encryption failed");
return false;
}
furi_hal_crypto_store_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
furi_hal_crypto_enclave_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* flipper_format = flipper_format_file_alloc(storage);
@@ -179,7 +179,7 @@ bool u2f_data_cert_key_load(uint8_t* cert_key) {
uint32_t version = 0;
// Check if unique key exists in secure eclave and generate it if missing
if(!furi_hal_crypto_verify_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE)) return false;
if(!furi_hal_crypto_enclave_ensure_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE)) return false;
FuriString* filetype;
filetype = furi_string_alloc();
@@ -226,7 +226,7 @@ bool u2f_data_cert_key_load(uint8_t* cert_key) {
break;
}
if(!furi_hal_crypto_store_load_key(key_slot, iv)) {
if(!furi_hal_crypto_enclave_load_key(key_slot, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
break;
}
@@ -237,7 +237,7 @@ bool u2f_data_cert_key_load(uint8_t* cert_key) {
FURI_LOG_E(TAG, "Decryption failed");
break;
}
furi_hal_crypto_store_unload_key(key_slot);
furi_hal_crypto_enclave_unload_key(key_slot);
} else {
if(!flipper_format_read_hex(flipper_format, "Data", cert_key, 32)) {
FURI_LOG_E(TAG, "Missing data");
@@ -292,7 +292,7 @@ bool u2f_data_key_load(uint8_t* device_key) {
FURI_LOG_E(TAG, "Missing data");
break;
}
if(!furi_hal_crypto_store_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
if(!furi_hal_crypto_enclave_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
break;
}
@@ -302,7 +302,7 @@ bool u2f_data_key_load(uint8_t* device_key) {
FURI_LOG_E(TAG, "Decryption failed");
break;
}
furi_hal_crypto_store_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
furi_hal_crypto_enclave_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
state = true;
} while(0);
}
@@ -324,7 +324,7 @@ bool u2f_data_key_generate(uint8_t* device_key) {
furi_hal_random_fill_buf(iv, 16);
furi_hal_random_fill_buf(key, 32);
if(!furi_hal_crypto_store_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
if(!furi_hal_crypto_enclave_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
return false;
}
@@ -333,7 +333,7 @@ bool u2f_data_key_generate(uint8_t* device_key) {
FURI_LOG_E(TAG, "Encryption failed");
return false;
}
furi_hal_crypto_store_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
furi_hal_crypto_enclave_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* flipper_format = flipper_format_file_alloc(storage);
@@ -398,7 +398,7 @@ bool u2f_data_cnt_read(uint32_t* cnt_val) {
FURI_LOG_E(TAG, "Missing data");
break;
}
if(!furi_hal_crypto_store_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
if(!furi_hal_crypto_enclave_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
break;
}
@@ -408,7 +408,7 @@ bool u2f_data_cnt_read(uint32_t* cnt_val) {
FURI_LOG_E(TAG, "Decryption failed");
break;
}
furi_hal_crypto_store_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
furi_hal_crypto_enclave_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
if(cnt.control == U2F_COUNTER_CONTROL_VAL) {
*cnt_val = cnt.counter;
state = true;
@@ -440,7 +440,7 @@ bool u2f_data_cnt_write(uint32_t cnt_val) {
cnt.control = U2F_COUNTER_CONTROL_VAL;
cnt.counter = cnt_val;
if(!furi_hal_crypto_store_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
if(!furi_hal_crypto_enclave_load_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE, iv)) {
FURI_LOG_E(TAG, "Unable to load encryption key");
return false;
}
@@ -449,7 +449,7 @@ bool u2f_data_cnt_write(uint32_t cnt_val) {
FURI_LOG_E(TAG, "Encryption failed");
return false;
}
furi_hal_crypto_store_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
furi_hal_crypto_enclave_unload_key(U2F_DATA_FILE_ENCRYPTION_KEY_SLOT_UNIQUE);
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* flipper_format = flipper_format_file_alloc(storage);