Fix request signature.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

src/usb/lwip/rest.c

@@ -320,7 +320,6 @@ static int x25519_hkdf_derive_key32(const uint8_t sk[32], const uint8_t pk[32],
 
     MBEDTLS_MPI_CHK(mbedtls_ecp_read_key(MBEDTLS_ECP_DP_CURVE25519, &ours, sk, 32));
 
-    // Carrega pública remota (32 bytes)
     MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&theirs.grp, &theirs.Q, pk, 32));
 
     MBEDTLS_MPI_CHK(mbedtls_ecdh_setup(&ecdh, MBEDTLS_ECP_DP_CURVE25519));
@@ -344,13 +343,19 @@ cleanup:
     return ret;
 }
 
-int rest_session_derive_key(const rest_session_t *session, uint8_t derived_key[32]) {
-    uint8_t kver[32], sk[32];
+int rest_session_derive_key(const rest_session_t *session, uint8_t sk[32]) {
+    uint8_t kver[32];
     const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
     derive_kver(session->id, sizeof(session->id), kver);
-    mbedtls_hkdf(md_info, pico_serial_hash, sizeof(pico_serial_hash), kver, 32, (const uint8_t *)"REST/SESSION", 12, derived_key, 32);
+    mbedtls_hkdf(md_info, pico_serial_hash, sizeof(pico_serial_hash), kver, 32, (const uint8_t *)"REST/SESSION", 12, sk, 32);
     mbedtls_platform_zeroize(kver, sizeof(kver));
-    int ret = x25519_hkdf_derive_key32(sk, session->public_key, session->id, sizeof(session->id), (const uint8_t *)"REST/SESSION/DERIVE", 20, derived_key);
+    return PICOKEYS_OK;
+}
+
+int rest_session_derive_shared(const rest_session_t *session, uint8_t derived_key[32]) {
+    uint8_t sk[32];
+    rest_session_derive_key(session, sk);
+    int ret = x25519_hkdf_derive_key32(sk, session->public_key, session->id, sizeof(session->id), (const uint8_t *)"REST/SESSION/DERIVE", 19, derived_key);
     mbedtls_platform_zeroize(sk, sizeof(sk));
     if (ret != 0) {
         return -1;

src/usb/lwip/rest.h

@@ -171,7 +171,8 @@ extern int rest_session_set_status(const uint8_t *id, size_t id_len, rest_sessio
 extern int rest_session_set_role(const uint8_t *id, size_t id_len, rest_session_role_t role);
 extern int rest_session_cleanup_expired(time_t expiration_time);
 extern void rest_session_clear_all(void);
-extern int rest_session_derive_key(const rest_session_t *session, uint8_t derived_key[32]);
+extern int rest_session_derive_key(const rest_session_t *session, uint8_t sk[32]);
+extern int rest_session_derive_shared(const rest_session_t *session, uint8_t derived_key[32]);
 
 #ifdef DEBUG_APDU
 extern void rest_debug_dump_payload(const char *tag, const char *buffer, size_t len);

src/usb/lwip/rest_server.c

@@ -686,14 +686,13 @@ static int rest_verify_request_signature(const rest_request_t *request, const re
     const char *method_str = rest_method_to_string(request->method);
     size_t body_len = request->body_len > 0 ? request->body_len : strlen((const char *)body_empty);
     uint8_t derived_key[32];
-    if (rest_session_derive_key(session, derived_key) != 0) {
+    if (rest_session_derive_shared(session, derived_key) != 0) {
         mbedtls_md_free(&ctx);
         return PICOKEYS_EXEC_ERROR;
     }
-
     uint32_t seq = htonl(rest_request_get_seq(request));
     if (mbedtls_md_hmac_starts(&ctx, (const unsigned char *)derived_key, sizeof(derived_key)) != 0 ||
-        mbedtls_md_hmac_starts(&ctx, (const unsigned char *)session->id, sizeof(session->id)) != 0 ||
+        mbedtls_md_hmac_update(&ctx, (const unsigned char *)session->id, sizeof(session->id)) != 0 ||
         mbedtls_md_hmac_update(&ctx, (const unsigned char *)method_str, strlen(method_str)) != 0 ||
         mbedtls_md_hmac_update(&ctx, (const unsigned char *)request->path, strlen(request->path)) != 0 ||
         mbedtls_md_hmac_update(&ctx, (const unsigned char *)&seq, sizeof(uint32_t)) != 0 ||