Add double interface, modify Trusted Input format to avoid using a cryptographic export

2018-03-16 17:21:22 +01:00 · 2018-03-16 17:21:22 +01:00 · 9120c2c071
parent 905238f1de
commit 9120c2c071
5 changed files with 25 additions and 26 deletions
--- a/6
+++ b/6
@ -28,7 +28,7 @@ APP_LOAD_PARAMS= --curve secp256k1 $(COMMON_LOAD_PARAMS)

 APPVERSION_M=1
 APPVERSION_N=2
-APPVERSION_P=3
+APPVERSION_P=4
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)

 # simplify for tests
@ -193,8 +193,8 @@ SDK_SOURCE_PATH  += lib_stusb qrcode
 SDK_SOURCE_PATH  += lib_u2f lib_stusb_impl

 DEFINES   += USB_SEGMENT_SIZE=64 
-#DEFINES   += U2F_PROXY_MAGIC=\"BTC\"
-#DEFINES   += HAVE_IO_U2F HAVE_U2F 
+DEFINES   += U2F_PROXY_MAGIC=\"BTC\"
+DEFINES   += HAVE_IO_U2F HAVE_U2F 
 #DEFINES   += BLE_SEGMENT_SIZE=20
 #DEFINES   += HAVE_USB_CLASS_CCID

--- a/include/btchip_filesystem.h
+++ b/include/btchip_filesystem.h
@ -47,19 +47,17 @@ struct btchip_config_s {
    // /** Current Coin ID */
    // unsigned char coinId[MAX_COIN_ID];
    // /** Current short Coin ID */
-    // unsigned char shortCoinId[MAX_SHORT_COIN_ID];    
+    // unsigned char shortCoinId[MAX_SHORT_COIN_ID];
    // /** Current Coin ID length */
-    // unsigned char coinIdLength;        
+    // unsigned char coinIdLength;
    // /** Current short Coin ID length */
-    // unsigned char shortCoinIdLength;        
+    // unsigned char shortCoinIdLength;
 };
 typedef struct btchip_config_s btchip_config_t;

 typedef struct btchip_backup_area_s {
    btchip_config_t config;
-    // TODO : replace by AES key, review signature policy
-    cx_des_key_t trustedinput_key;
-
+    uint8_t trustedinput_key[32];
 } btchip_backup_area_t;

 typedef struct btchip_storage_s {
@ -75,7 +73,7 @@ typedef struct btchip_storage_s {
 // the global nvram memory variable
 extern WIDE btchip_storage_t N_btchip_real;

-#define N_btchip (*(WIDE btchip_storage_t*) PIC(&N_btchip_real))
+#define N_btchip (*(WIDE btchip_storage_t *)PIC(&N_btchip_real))

 void btchip_set_operation_mode(unsigned char operationMode);

--- a/src/btchip_apdu_get_trusted_input.c
+++ b/src/btchip_apdu_get_trusted_input.c
@ -26,6 +26,7 @@
 unsigned short btchip_apdu_get_trusted_input() {
    unsigned char apduLength;
    unsigned char dataOffset = 0;
+    unsigned char trustedInputSignature[32];
    cx_sha256_t hash;
    apduLength = G_io_apdu_buffer[ISO_OFFSET_LC];

@ -91,9 +92,11 @@ unsigned short btchip_apdu_get_trusted_input() {
        os_memmove(G_io_apdu_buffer + 4 + 32 + 4,
                   btchip_context_D.transactionContext.transactionAmount, 8);

-        cx_des((cx_des_key_t *)&N_btchip.bkp.trustedinput_key,
-               CX_LAST | CX_PAD_NONE | CX_SIGN | CX_CHAIN_CBC, G_io_apdu_buffer,
-               TRUSTEDINPUT_SIZE, G_io_apdu_buffer + TRUSTEDINPUT_SIZE);
+        cx_hmac_sha256(N_btchip.bkp.trustedinput_key,
+                       sizeof(N_btchip.bkp.trustedinput_key), G_io_apdu_buffer,
+                       TRUSTEDINPUT_SIZE, trustedInputSignature);
+        os_memmove(G_io_apdu_buffer + TRUSTEDINPUT_SIZE, trustedInputSignature,
+                   8);

        btchip_context_D.outLength = 0x38;
    }
--- a/src/btchip_apdu_setup.c
+++ b/src/btchip_apdu_setup.c
@ -26,8 +26,7 @@ unsigned short btchip_apdu_setup() {
 void btchip_autosetup() {
    btchip_config_t config;
    unsigned char i;
-    cx_des_key_t desKey;
-    unsigned char tmp[16];
+    unsigned char tmp[32];
    os_memset(&config, 0, sizeof(btchip_config_t));
    config.options |= BTCHIP_OPTION_DETERMINISTIC_SIGNATURE;
    config.options |= BTCHIP_OPTION_SKIP_2FA_P2SH; // TODO : remove when
@ -45,8 +44,7 @@ void btchip_autosetup() {
    // config.shortCoinIdLength);
    nvm_write((void *)&N_btchip.bkp.config, &config, sizeof(config));
    cx_rng(tmp, sizeof(tmp));
-    cx_des_init_key(tmp, sizeof(tmp), &desKey);
-    nvm_write((void *)&N_btchip.bkp.trustedinput_key, &desKey, sizeof(desKey));
+    nvm_write((void *)&N_btchip.bkp.trustedinput_key, tmp, sizeof(tmp));
    i = 1;
    nvm_write((void *)&N_btchip.config_valid, &i, 1);
 }
--- a/src/btchip_transaction.c
+++ b/src/btchip_transaction.c
@ -382,16 +382,16 @@ void transaction_parse(unsigned char parseMode) {
                            }

                            check_transaction_available(2 + trustedInputLength);
-                            if (!cx_des(
-                                    (cx_des_key_t *)&N_btchip.bkp
-                                        .trustedinput_key,
-                                    CX_LAST | CX_PAD_NONE | CX_VERIFY |
-                                        CX_CHAIN_CBC,
+                            cx_hmac_sha256(
+                                N_btchip.bkp.trustedinput_key,
+                                sizeof(N_btchip.bkp.trustedinput_key),
+                                btchip_context_D.transactionBufferPointer + 2,
+                                trustedInputLength - 8, trustedInput);
+                            if (btchip_secure_memcmp(
+                                    trustedInput,
                                    btchip_context_D.transactionBufferPointer +
-                                        2,
-                                    trustedInputLength - 8,
-                                    btchip_context_D.transactionBufferPointer +
-                                        2 + trustedInputLength - 8)) {
+                                        2 + trustedInputLength - 8,
+                                    8) != 0) {
                                L_DEBUG_APP(("Invalid signature\n"));
                                goto fail;
                            }