diff --git a/firmware/inc/atecc508a.h b/firmware/inc/atecc508a.h index 587c9e9..66a57f8 100644 --- a/firmware/inc/atecc508a.h +++ b/firmware/inc/atecc508a.h @@ -156,6 +156,15 @@ struct atecc_key_config uint8_t x509id : 2; }; +extern uint8_t SHA_FLAGS; +extern uint8_t SHA_HMAC_KEY; +extern struct atecc_response res_digest; + +extern void u2f_sha256_start (); +extern void u2f_sha256_update (uint8_t * buf, uint8_t len); +extern void u2f_sha256_finish (); +extern void compute_key_hash (uint8_t * key, uint8_t * mask, int slot); + void atecc_idle(); void atecc_wake(); void atecc_sleep(); diff --git a/firmware/src/atecc508a.c b/firmware/src/atecc508a.c index 661de8f..46ca638 100644 --- a/firmware/src/atecc508a.c +++ b/firmware/src/atecc508a.c @@ -37,6 +37,12 @@ #include "bsp.h" +uint8_t shabuf[70]; +uint8_t shaoffset = 0; +uint8_t SHA_FLAGS = 0; +uint8_t SHA_HMAC_KEY = 0; +struct atecc_response res_digest; + int8_t atecc_send(uint8_t cmd, uint8_t p1, uint16_t p2, uint8_t * buf, uint8_t len) @@ -176,46 +182,6 @@ int8_t atecc_send_recv(uint8_t cmd, uint8_t p1, uint16_t p2, } -#ifdef ATECC_SETUP_DEVICE - -int8_t atecc_write_eeprom(uint8_t base, uint8_t offset, uint8_t* srcbuf, uint8_t len) -{ - uint8_t buf[7]; - struct atecc_response res; - - uint8_t * dstbuf = srcbuf; - if (offset + len > 4) - return -1; - if (len < 4) - { - atecc_send_recv(ATECC_CMD_READ, - ATECC_RW_CONFIG, base, NULL, 0, - buf, sizeof(buf), &res); - - dstbuf = res.buf; - memmove(res.buf + offset, srcbuf, len); - } - - atecc_send_recv(ATECC_CMD_WRITE, - ATECC_RW_CONFIG, base, dstbuf, 4, - buf, sizeof(buf), &res); - - if (res.buf[0]) - { - set_app_error(-res.buf[0]); - return -1; - } - return 0; -} - - - -static uint8_t shabuf[70]; -static uint8_t shaoffset = 0; -uint8_t SHA_FLAGS = 0; -uint8_t SHA_HMAC_KEY = 0; -static struct atecc_response res_digest; - void u2f_sha256_start() { shaoffset = 0; @@ -253,6 +219,65 @@ void u2f_sha256_finish() SHA_FLAGS = 0; } +void compute_key_hash(uint8_t * key, uint8_t * mask, int slot) +{ + // key must start with 4 zeros + memset(appdata.tmp,0,28); + memmove(appdata.tmp + 28, key, 36); + + u2f_sha256_start(); + + u2f_sha256_update(mask,32); + + + appdata.tmp[0] = ATECC_CMD_PRIVWRITE; + appdata.tmp[1] = ATECC_PRIVWRITE_ENC; + appdata.tmp[2] = slot; + appdata.tmp[3] = 0; + appdata.tmp[4] = 0xee; + appdata.tmp[5] = 0x01; + appdata.tmp[6] = 0x23; + + u2f_sha256_update(appdata.tmp,28 + 36); + u2f_sha256_finish(); +} + + +#ifdef ATECC_SETUP_DEVICE + +int8_t atecc_write_eeprom(uint8_t base, uint8_t offset, uint8_t* srcbuf, uint8_t len) +{ + uint8_t buf[7]; + struct atecc_response res; + + uint8_t * dstbuf = srcbuf; + if (offset + len > 4) + return -1; + if (len < 4) + { + atecc_send_recv(ATECC_CMD_READ, + ATECC_RW_CONFIG, base, NULL, 0, + buf, sizeof(buf), &res); + + dstbuf = res.buf; + memmove(res.buf + offset, srcbuf, len); + } + + atecc_send_recv(ATECC_CMD_WRITE, + ATECC_RW_CONFIG, base, dstbuf, 4, + buf, sizeof(buf), &res); + + if (res.buf[0]) + { + set_app_error(-res.buf[0]); + return -1; + } + return 0; +} + + + + static uint8_t get_signature_length(uint8_t * sig) { return 0x46 + ((sig[32] & 0x80) == 0x80) + ((sig[0] & 0x80) == 0x80); @@ -489,28 +514,7 @@ int atecc_privwrite(uint16_t keyslot, uint8_t * key, uint8_t * mask, uint8_t * d return 0; } -static void compute_key_hash(uint8_t * key, uint8_t * mask, int slot) -{ - // key must start with 4 zeros - memset(appdata.tmp,0,28); - memmove(appdata.tmp + 28, key, 36); - - u2f_sha256_start(); - u2f_sha256_update(mask,32); - - - appdata.tmp[0] = ATECC_CMD_PRIVWRITE; - appdata.tmp[1] = ATECC_PRIVWRITE_ENC; - appdata.tmp[2] = slot; - appdata.tmp[3] = 0; - appdata.tmp[4] = 0xee; - appdata.tmp[5] = 0x01; - appdata.tmp[6] = 0x23; - - u2f_sha256_update(appdata.tmp,28 + 36); - u2f_sha256_finish(); -} void atecc_setup_init(uint8_t * buf) { diff --git a/firmware/src/u2f_atecc.c b/firmware/src/u2f_atecc.c index 9f90e17..163ecba 100644 --- a/firmware/src/u2f_atecc.c +++ b/firmware/src/u2f_atecc.c @@ -98,55 +98,6 @@ int8_t u2f_get_user_feedback() return 0; } -#ifdef ATECC_SETUP_DEVICE -#define STATIC_IN_SETUP static -#else -#define STATIC_IN_SETUP -#endif - - -static uint8_t shabuf[70]; -static uint8_t shaoffset = 0; -STATIC_IN_SETUP uint8_t SHA_FLAGS = 0; -STATIC_IN_SETUP uint8_t SHA_HMAC_KEY = 0; -static struct atecc_response res_digest; - -STATIC_IN_SETUP void u2f_sha256_start() -{ - shaoffset = 0; - atecc_send_recv(ATECC_CMD_SHA, - SHA_FLAGS, SHA_HMAC_KEY,NULL,0, - shabuf, sizeof(shabuf), NULL); - SHA_HMAC_KEY = 0; -} - - -STATIC_IN_SETUP void u2f_sha256_update(uint8_t * buf, uint8_t len) -{ - uint8_t i = 0; - watchdog(); - while(len--) - { - shabuf[shaoffset++] = *buf++; - if (shaoffset == 64) - { - atecc_send_recv(ATECC_CMD_SHA, - ATECC_SHA_UPDATE, 64,shabuf,64, - shabuf, sizeof(shabuf), NULL); - shaoffset = 0; - } - } -} - - -STATIC_IN_SETUP void u2f_sha256_finish() -{ - if (SHA_FLAGS == ATECC_SHA_START) SHA_FLAGS = ATECC_SHA_END; - atecc_send_recv(ATECC_CMD_SHA, - SHA_FLAGS, shaoffset,shabuf,shaoffset, - shabuf, sizeof(shabuf), &res_digest); - SHA_FLAGS = ATECC_SHA_START; -} static int atecc_prep_encryption() { @@ -170,28 +121,6 @@ static int atecc_prep_encryption() return 0; } -static void compute_key_hash(uint8_t * key, uint8_t * mask) -{ - // key must start with 4 zeros - memset(appdata.tmp,0,28); - memmove(appdata.tmp + 28, key, 36); - - u2f_sha256_start(); - - u2f_sha256_update(mask,32); - - - appdata.tmp[0] = ATECC_CMD_PRIVWRITE; - appdata.tmp[1] = ATECC_PRIVWRITE_ENC; - appdata.tmp[2] = 2; - appdata.tmp[3] = 0; - appdata.tmp[4] = 0xee; - appdata.tmp[5] = 0x01; - appdata.tmp[6] = 0x23; - - u2f_sha256_update(appdata.tmp,28 + 36); - u2f_sha256_finish(); -} static int atecc_privwrite(int keyslot, uint8_t * key, uint8_t * mask, uint8_t * digest) { @@ -272,7 +201,7 @@ int8_t u2f_new_keypair(uint8_t * handle, uint8_t * appid, uint8_t * pubkey) private_key[i] ^= RMASK[i]; } watchdog(); - compute_key_hash(private_key, WMASK); + compute_key_hash(private_key, WMASK, U2F_TEMP_KEY_SLOT); memmove(handle+4, res_digest.buf, 32); // size of key handle must be 36+8