Remove unused MKEK system.

Since previous releases, DKEK is double-encrypted with AAD, with OTP and PIN derivation, making not necessary an additional MKEK.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

CMakeLists.txt

@@ -97,7 +97,6 @@ endif()
 list(APPEND SOURCES
     ${CMAKE_CURRENT_LIST_DIR}/src/fido/fido.c
     ${CMAKE_CURRENT_LIST_DIR}/src/fido/files.c
-    ${CMAKE_CURRENT_LIST_DIR}/src/fido/kek.c
     ${CMAKE_CURRENT_LIST_DIR}/src/fido/cmd_register.c
     ${CMAKE_CURRENT_LIST_DIR}/src/fido/cmd_authenticate.c
     ${CMAKE_CURRENT_LIST_DIR}/src/fido/cmd_version.c

src/fido/cbor_client_pin.c

@@ -37,7 +37,6 @@
 #include "random.h"
 #include "crypto_utils.h"
 #include "apdu.h"
-#include "kek.h"
 
 uint32_t usage_timer = 0, initial_usage_time_limit = 0;
 uint32_t max_usage_time_period  = 600 * 1000;

src/fido/fido.c

@@ -17,7 +17,6 @@
 
 #include "pico_keys.h"
 #include "fido.h"
-#include "kek.h"
 #include "apdu.h"
 #include "ctap.h"
 #include "files.h"
@@ -226,9 +225,6 @@ int load_keydev(uint8_t key[32]) {
         uint16_t fid_size = file_get_size(ef_keydev);
         if (fid_size == 32) {
             memcpy(key, file_get_data(ef_keydev), 32);
-            if (mkek_decrypt(key, 32) != PICOKEY_OK) {
-                return PICOKEY_EXEC_ERROR;
-            }
             if (otp_key_1 && aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != PICOKEY_OK) {
                 return PICOKEY_EXEC_ERROR;
             }
@@ -372,7 +368,6 @@ int encrypt_keydev_f1(const uint8_t keydev[32]) {
 int scan_files_fido(void) {
     ef_keydev = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
     ef_keydev_enc = search_by_fid(EF_KEY_DEV_ENC, NULL, SPECIFY_EF);
-    ef_mkek = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
     if (ef_keydev) {
         if (!file_has_data(ef_keydev) && !file_has_data(ef_keydev_enc)) {
             printf("KEY DEVICE is empty. Generating SECP256R1 curve...");

src/fido/files.c

@@ -21,7 +21,6 @@ file_t file_entries[] = {
     { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = { 0 } }, // MF
     { .fid = EF_KEY_DEV, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // Device Key
     { .fid = EF_KEY_DEV_ENC, .parent = 0, .name = NULL,.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // Device Key Enc
-    { .fid = EF_MKEK, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // MKEK
     { .fid = EF_EE_DEV,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // End Entity Certificate Device
     { .fid = EF_EE_DEV_EA,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // End Entity Enterprise Attestation Certificate
     { .fid = EF_COUNTER,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, // Global counter
@@ -46,4 +45,3 @@ file_t *ef_pin_admin = NULL;
 file_t *ef_authtoken = NULL;
 file_t *ef_keydev_enc = NULL;
 file_t *ef_largeblob = NULL;
-file_t *ef_mkek = NULL;

src/fido/files.h

@@ -22,7 +22,6 @@
 
 #define EF_KEY_DEV      0xCC00
 #define EF_KEY_DEV_ENC  0xCC01
-#define EF_MKEK         0xCC0F
 #define EF_EE_DEV       0xCE00
 #define EF_EE_DEV_EA    0xCE01
 #define EF_COUNTER      0xC000
@@ -53,6 +52,5 @@ extern file_t *ef_pin_admin;
 extern file_t *ef_authtoken;
 extern file_t *ef_keydev_enc;
 extern file_t *ef_largeblob;
-extern file_t *ef_mkek;
 
 #endif //_FILES_H_

src/fido/kek.c

@@ -1,85 +0,0 @@
-/*
- * This file is part of the Pico Fido distribution (https://github.com/polhenarejos/pico-fido).
- * Copyright (c) 2022 Pol Henarejos.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, version 3.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-#include "pico_keys.h"
-#include "fido.h"
-#include "stdlib.h"
-#if defined(PICO_PLATFORM)
-#include "pico/stdlib.h"
-#endif
-#include "kek.h"
-#include "crypto_utils.h"
-#include "random.h"
-#include "mbedtls/md.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/chachapoly.h"
-#include "files.h"
-#include "otp.h"
-
-uint8_t mkek_mask[MKEK_KEY_SIZE];
-bool has_mkek_mask = false;
-
-static void mkek_masked(uint8_t *mkek, const uint8_t *mask) {
-    if (mask) {
-        for (int i = 0; i < MKEK_KEY_SIZE; i++) {
-            MKEK_KEY(mkek)[i] ^= mask[i];
-        }
-    }
-}
-
-int load_mkek(uint8_t *mkek) {
-    file_t *tf = search_file(EF_MKEK);
-    if (file_has_data(tf)) {
-        memcpy(mkek, file_get_data(tf), MKEK_SIZE);
-    }
-
-    if (has_mkek_mask) {
-        mkek_masked(mkek, mkek_mask);
-    }
-    if (file_get_size(tf) == MKEK_SIZE) {
-        int ret = aes_decrypt_cfb_256(session_pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
-        if (ret != 0) {
-            return PICOKEY_EXEC_ERROR;
-        }
-        uint32_t mkek_checksum = 0;
-        memcpy(&mkek_checksum, MKEK_CHECKSUM(mkek), sizeof(mkek_checksum));
-        if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != mkek_checksum) {
-            return PICOKEY_WRONG_DKEK;
-        }
-        if (otp_key_1) {
-            mkek_masked(mkek, otp_key_1);
-        }
-    }
-    return PICOKEY_OK;
-}
-
-void release_mkek(uint8_t *mkek) {
-    mbedtls_platform_zeroize(mkek, MKEK_SIZE);
-}
-
-int mkek_decrypt(uint8_t *data, uint16_t len) {
-    int r;
-    uint8_t mkek[MKEK_SIZE + 4];
-    if ((r = load_mkek(mkek)) != PICOKEY_OK) {
-        return r;
-    }
-    r = aes_decrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
-    release_mkek(mkek);
-    return r;
-}

src/fido/kek.h

@@ -1,46 +0,0 @@
-/*
- * This file is part of the Pico Fido distribution (https://github.com/polhenarejos/pico-fido).
- * Copyright (c) 2022 Pol Henarejos.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, version 3.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-#ifndef _KEK_H_
-#define _KEK_H_
-
-#include "crypto_utils.h"
-#if defined(ENABLE_EMULATION) || defined(ESP_PLATFORM)
-#include <stdbool.h>
-#endif
-
-
-extern int load_mkek(uint8_t *);
-extern int store_mkek(const uint8_t *);
-extern void init_mkek(void);
-extern void release_mkek(uint8_t *);
-extern int mkek_encrypt(uint8_t *data, uint16_t len);
-extern int mkek_decrypt(uint8_t *data, uint16_t len);
-
-#define MKEK_IV_SIZE     (IV_SIZE)
-#define MKEK_KEY_SIZE    (32)
-#define MKEK_KEY_CS_SIZE (4)
-#define MKEK_SIZE        (MKEK_IV_SIZE + MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE)
-#define MKEK_IV(p)       (p)
-#define MKEK_KEY(p)      (MKEK_IV(p) + MKEK_IV_SIZE)
-#define MKEK_CHECKSUM(p) (MKEK_KEY(p) + MKEK_KEY_SIZE)
-#define DKEK_KEY_SIZE    (32)
-
-extern uint8_t mkek_mask[MKEK_KEY_SIZE];
-extern bool has_mkek_mask;
-
-#endif