From 3fa520494988f912d6c7add7a33bb92abefb0c2d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 28 Apr 2026 00:19:50 +0200 Subject: [PATCH] Fix request signature. Signed-off-by: Pol Henarejos --- src/usb/lwip/rest.c | 15 ++++++++++----- src/usb/lwip/rest.h | 3 ++- src/usb/lwip/rest_server.c | 5 ++--- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/usb/lwip/rest.c b/src/usb/lwip/rest.c index f7b99b2..2289e4d 100644 --- a/src/usb/lwip/rest.c +++ b/src/usb/lwip/rest.c @@ -320,7 +320,6 @@ static int x25519_hkdf_derive_key32(const uint8_t sk[32], const uint8_t pk[32], MBEDTLS_MPI_CHK(mbedtls_ecp_read_key(MBEDTLS_ECP_DP_CURVE25519, &ours, sk, 32)); - // Carrega pública remota (32 bytes) MBEDTLS_MPI_CHK(mbedtls_ecp_point_read_binary(&theirs.grp, &theirs.Q, pk, 32)); MBEDTLS_MPI_CHK(mbedtls_ecdh_setup(&ecdh, MBEDTLS_ECP_DP_CURVE25519)); @@ -344,13 +343,19 @@ cleanup: return ret; } -int rest_session_derive_key(const rest_session_t *session, uint8_t derived_key[32]) { - uint8_t kver[32], sk[32]; +int rest_session_derive_key(const rest_session_t *session, uint8_t sk[32]) { + uint8_t kver[32]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); derive_kver(session->id, sizeof(session->id), kver); - mbedtls_hkdf(md_info, pico_serial_hash, sizeof(pico_serial_hash), kver, 32, (const uint8_t *)"REST/SESSION", 12, derived_key, 32); + mbedtls_hkdf(md_info, pico_serial_hash, sizeof(pico_serial_hash), kver, 32, (const uint8_t *)"REST/SESSION", 12, sk, 32); mbedtls_platform_zeroize(kver, sizeof(kver)); - int ret = x25519_hkdf_derive_key32(sk, session->public_key, session->id, sizeof(session->id), (const uint8_t *)"REST/SESSION/DERIVE", 20, derived_key); + return PICOKEYS_OK; +} + +int rest_session_derive_shared(const rest_session_t *session, uint8_t derived_key[32]) { + uint8_t sk[32]; + rest_session_derive_key(session, sk); + int ret = x25519_hkdf_derive_key32(sk, session->public_key, session->id, sizeof(session->id), (const uint8_t *)"REST/SESSION/DERIVE", 19, derived_key); mbedtls_platform_zeroize(sk, sizeof(sk)); if (ret != 0) { return -1; diff --git a/src/usb/lwip/rest.h b/src/usb/lwip/rest.h index 6d1db4e..28dcfea 100644 --- a/src/usb/lwip/rest.h +++ b/src/usb/lwip/rest.h @@ -171,7 +171,8 @@ extern int rest_session_set_status(const uint8_t *id, size_t id_len, rest_sessio extern int rest_session_set_role(const uint8_t *id, size_t id_len, rest_session_role_t role); extern int rest_session_cleanup_expired(time_t expiration_time); extern void rest_session_clear_all(void); -extern int rest_session_derive_key(const rest_session_t *session, uint8_t derived_key[32]); +extern int rest_session_derive_key(const rest_session_t *session, uint8_t sk[32]); +extern int rest_session_derive_shared(const rest_session_t *session, uint8_t derived_key[32]); #ifdef DEBUG_APDU extern void rest_debug_dump_payload(const char *tag, const char *buffer, size_t len); diff --git a/src/usb/lwip/rest_server.c b/src/usb/lwip/rest_server.c index eb8c0b0..f7ebb7c 100644 --- a/src/usb/lwip/rest_server.c +++ b/src/usb/lwip/rest_server.c @@ -686,14 +686,13 @@ static int rest_verify_request_signature(const rest_request_t *request, const re const char *method_str = rest_method_to_string(request->method); size_t body_len = request->body_len > 0 ? request->body_len : strlen((const char *)body_empty); uint8_t derived_key[32]; - if (rest_session_derive_key(session, derived_key) != 0) { + if (rest_session_derive_shared(session, derived_key) != 0) { mbedtls_md_free(&ctx); return PICOKEYS_EXEC_ERROR; } - uint32_t seq = htonl(rest_request_get_seq(request)); if (mbedtls_md_hmac_starts(&ctx, (const unsigned char *)derived_key, sizeof(derived_key)) != 0 || - mbedtls_md_hmac_starts(&ctx, (const unsigned char *)session->id, sizeof(session->id)) != 0 || + mbedtls_md_hmac_update(&ctx, (const unsigned char *)session->id, sizeof(session->id)) != 0 || mbedtls_md_hmac_update(&ctx, (const unsigned char *)method_str, strlen(method_str)) != 0 || mbedtls_md_hmac_update(&ctx, (const unsigned char *)request->path, strlen(request->path)) != 0 || mbedtls_md_hmac_update(&ctx, (const unsigned char *)&seq, sizeof(uint32_t)) != 0 ||