mirror of
https://github.com/polhenarejos/pico-keys-sdk
synced 2026-05-26 16:15:11 +02:00
Rename random functions.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -97,7 +97,7 @@ int encrypt_with_aad(const uint8_t key[32], const uint8_t *in_buf, size_t in_len
|
|||||||
uint8_t *ct = out_buf + 12;
|
uint8_t *ct = out_buf + 12;
|
||||||
uint8_t *tag = out_buf + 12 + in_len;
|
uint8_t *tag = out_buf + 12 + in_len;
|
||||||
|
|
||||||
random_gen(NULL, nonce, 12);
|
random_fill_buffer(nonce, 12);
|
||||||
|
|
||||||
mbedtls_gcm_context gcm;
|
mbedtls_gcm_context gcm;
|
||||||
mbedtls_gcm_init(&gcm);
|
mbedtls_gcm_init(&gcm);
|
||||||
|
|||||||
@@ -530,7 +530,7 @@ void init_otp_files(void) {
|
|||||||
uint16_t write_otp[2] = {0xFFFF, 0xFFFF};
|
uint16_t write_otp[2] = {0xFFFF, 0xFFFF};
|
||||||
if (OTP_EMTPY(OTP_KEY_1, 32)) {
|
if (OTP_EMTPY(OTP_KEY_1, 32)) {
|
||||||
uint8_t mkek[32] = {0};
|
uint8_t mkek[32] = {0};
|
||||||
random_gen(NULL, mkek, sizeof(mkek));
|
random_fill_buffer(mkek, sizeof(mkek));
|
||||||
ret = OTP_WRITE(OTP_KEY_1, mkek, sizeof(mkek));
|
ret = OTP_WRITE(OTP_KEY_1, mkek, sizeof(mkek));
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
printf("Error writing OTP key 1 [%d]\n", ret);
|
printf("Error writing OTP key 1 [%d]\n", ret);
|
||||||
@@ -549,7 +549,7 @@ void init_otp_files(void) {
|
|||||||
while (olen != 32) {
|
while (olen != 32) {
|
||||||
mbedtls_ecdsa_init(&ecdsa);
|
mbedtls_ecdsa_init(&ecdsa);
|
||||||
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256K1;
|
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256K1;
|
||||||
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
|
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_fill_iterator, NULL);
|
||||||
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
|
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
|
||||||
mbedtls_ecdsa_free(&ecdsa);
|
mbedtls_ecdsa_free(&ecdsa);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ static int load_internal_keydev(mbedtls_ecp_keypair *ecp, mbedtls_ecp_group_id e
|
|||||||
// Generate new key
|
// Generate new key
|
||||||
uint8_t pkey[MBEDTLS_ECP_MAX_BYTES] = {0};
|
uint8_t pkey[MBEDTLS_ECP_MAX_BYTES] = {0};
|
||||||
size_t olen = 0;
|
size_t olen = 0;
|
||||||
mbedtls_ecp_gen_key(ec_id, ecp, random_gen, NULL);
|
mbedtls_ecp_gen_key(ec_id, ecp, random_fill_iterator, NULL);
|
||||||
mbedtls_ecp_write_key_ext(ecp, &olen, pkey, sizeof(pkey));
|
mbedtls_ecp_write_key_ext(ecp, &olen, pkey, sizeof(pkey));
|
||||||
|
|
||||||
aes_encrypt(kbase, pico_serial_hash, 32 * 8, PICO_KEYS_AES_MODE_CBC, pkey, 32);
|
aes_encrypt(kbase, pico_serial_hash, 32 * 8, PICO_KEYS_AES_MODE_CBC, pkey, 32);
|
||||||
@@ -153,7 +153,7 @@ static int cmd_keydev_sign(void) {
|
|||||||
mbedtls_mpi_init(&r);
|
mbedtls_mpi_init(&r);
|
||||||
mbedtls_mpi_init(&s);
|
mbedtls_mpi_init(&s);
|
||||||
|
|
||||||
int ret = mbedtls_ecdsa_sign(&ecp.MBEDTLS_PRIVATE(grp), &r, &s, &ecp.MBEDTLS_PRIVATE(d), apdu.data, apdu.nc, random_gen, NULL);
|
int ret = mbedtls_ecdsa_sign(&ecp.MBEDTLS_PRIVATE(grp), &r, &s, &ecp.MBEDTLS_PRIVATE(d), apdu.data, apdu.nc, random_fill_iterator, NULL);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_ecp_keypair_free(&ecp);
|
mbedtls_ecp_keypair_free(&ecp);
|
||||||
mbedtls_mpi_free(&r);
|
mbedtls_mpi_free(&r);
|
||||||
@@ -189,7 +189,7 @@ static int cmd_keydev_sign(void) {
|
|||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
int ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_gen, NULL);
|
int ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_fill_iterator, NULL);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_ecp_keypair_free(&ecp);
|
mbedtls_ecp_keypair_free(&ecp);
|
||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ void random_init(void) {
|
|||||||
/*
|
/*
|
||||||
* Free pointer to random 32-byte
|
* Free pointer to random 32-byte
|
||||||
*/
|
*/
|
||||||
void random_bytes_free(const uint8_t *p) {
|
static void random_bytes_free(const uint8_t *p) {
|
||||||
(void) p;
|
(void) p;
|
||||||
memset(random_word, 0, RANDOM_BYTES_LENGTH);
|
memset(random_word, 0, RANDOM_BYTES_LENGTH);
|
||||||
hwrng_flush();
|
hwrng_flush();
|
||||||
@@ -66,7 +66,7 @@ const uint8_t *random_bytes_get(size_t len) {
|
|||||||
/*
|
/*
|
||||||
* Random byte iterator
|
* Random byte iterator
|
||||||
*/
|
*/
|
||||||
int random_gen(void *arg, unsigned char *out, size_t out_len) {
|
int random_fill_iterator(void *arg, unsigned char *out, size_t out_len) {
|
||||||
uint8_t *index_p = (uint8_t *) arg;
|
uint8_t *index_p = (uint8_t *) arg;
|
||||||
uint8_t index = index_p ? *index_p : 0;
|
uint8_t index = index_p ? *index_p : 0;
|
||||||
uint8_t n;
|
uint8_t n;
|
||||||
@@ -97,8 +97,6 @@ int random_gen(void *arg, unsigned char *out, size_t out_len) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_PQC
|
int random_fill_buffer(uint8_t *buf, size_t n) {
|
||||||
void randombytes(uint8_t *buf, size_t n) {
|
return random_fill_iterator(NULL, buf, n);
|
||||||
random_gen(NULL, buf, n);
|
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|||||||
@@ -22,16 +22,10 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
void random_init(void);
|
extern void random_init(void);
|
||||||
|
|
||||||
/* 32-byte random bytes */
|
extern const uint8_t *random_bytes_get(size_t);
|
||||||
const uint8_t *random_bytes_get(size_t);
|
extern int random_fill_iterator(void *arg, unsigned char *output, size_t output_len);
|
||||||
void random_bytes_free(const uint8_t *p);
|
extern int random_fill_buffer(uint8_t *buf, size_t n);
|
||||||
|
|
||||||
/* iterator returning a byta at a time */
|
|
||||||
extern int random_gen(void *arg, unsigned char *output, size_t output_len);
|
|
||||||
#ifdef ENABLE_PQC
|
|
||||||
extern void randombytes(uint8_t *buf, size_t n);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -527,7 +527,7 @@ void rest_check_and_load_credentials(void) {
|
|||||||
while (olen != 32) {
|
while (olen != 32) {
|
||||||
mbedtls_ecdsa_init(&ecdsa);
|
mbedtls_ecdsa_init(&ecdsa);
|
||||||
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
|
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
|
||||||
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
|
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_fill_iterator, NULL);
|
||||||
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
|
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
|
||||||
mbedtls_ecdsa_free(&ecdsa);
|
mbedtls_ecdsa_free(&ecdsa);
|
||||||
}
|
}
|
||||||
@@ -555,9 +555,7 @@ void rest_check_and_load_credentials(void) {
|
|||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), file, file_len);
|
mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), file, file_len);
|
||||||
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->d);
|
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->d);
|
||||||
mbedtls_ecp_mul(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q,
|
mbedtls_ecp_mul(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q, &mbedtls_pk_ec(key)->d, &mbedtls_pk_ec(key)->grp.G, random_fill_iterator, NULL);
|
||||||
&mbedtls_pk_ec(key)->d, &mbedtls_pk_ec(key)->grp.G,
|
|
||||||
random_gen, NULL);
|
|
||||||
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q);
|
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q);
|
||||||
|
|
||||||
mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256);
|
mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256);
|
||||||
@@ -571,7 +569,7 @@ void rest_check_and_load_credentials(void) {
|
|||||||
ret = mbedtls_x509write_crt_set_issuer_name(&crt, "CN=pico-novus");
|
ret = mbedtls_x509write_crt_set_issuer_name(&crt, "CN=pico-novus");
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
uint8_t serial[16];
|
uint8_t serial[16];
|
||||||
random_gen(NULL, serial, sizeof(serial));
|
random_fill_buffer(serial, sizeof(serial));
|
||||||
mbedtls_x509write_crt_set_serial_raw(&crt, serial, sizeof(serial));
|
mbedtls_x509write_crt_set_serial_raw(&crt, serial, sizeof(serial));
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
ret = mbedtls_x509write_crt_set_validity(&crt, "20260101000000", "20360101000000");
|
ret = mbedtls_x509write_crt_set_validity(&crt, "20260101000000", "20360101000000");
|
||||||
@@ -581,7 +579,7 @@ void rest_check_and_load_credentials(void) {
|
|||||||
ret = mbedtls_x509write_crt_set_key_usage(&crt, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN | MBEDTLS_X509_KU_KEY_ENCIPHERMENT);
|
ret = mbedtls_x509write_crt_set_key_usage(&crt, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN | MBEDTLS_X509_KU_KEY_ENCIPHERMENT);
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_pem(&crt, cert_pem, sizeof(cert_pem), random_gen, NULL);
|
ret = mbedtls_x509write_crt_pem(&crt, cert_pem, sizeof(cert_pem), random_fill_iterator, NULL);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
file_put_data(ef, cert_pem, strlen((char *)cert_pem) + 1);
|
file_put_data(ef, cert_pem, strlen((char *)cert_pem) + 1);
|
||||||
printf("TLS certificate generated and stored, length: %u bytes\n", (unsigned)strlen((char *)cert_pem));
|
printf("TLS certificate generated and stored, length: %u bytes\n", (unsigned)strlen((char *)cert_pem));
|
||||||
|
|||||||
@@ -64,16 +64,14 @@ int tls_init_tls_context(const tls_credentials_t *tls_credentials) {
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->d);
|
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->d);
|
||||||
mbedtls_ecp_mul(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q,
|
mbedtls_ecp_mul(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q, &mbedtls_pk_ec(tls_key)->d, &mbedtls_pk_ec(tls_key)->grp.G, random_fill_iterator, NULL);
|
||||||
&mbedtls_pk_ec(tls_key)->d, &mbedtls_pk_ec(tls_key)->grp.G,
|
|
||||||
random_gen, NULL);
|
|
||||||
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q);
|
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q);
|
||||||
ret = mbedtls_ssl_config_defaults(&tls_conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
|
ret = mbedtls_ssl_config_defaults(&tls_conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_ssl_conf_rng(&tls_conf, random_gen, NULL);
|
mbedtls_ssl_conf_rng(&tls_conf, random_fill_iterator, NULL);
|
||||||
mbedtls_ssl_conf_min_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
mbedtls_ssl_conf_min_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
||||||
mbedtls_ssl_conf_max_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
mbedtls_ssl_conf_max_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
||||||
mbedtls_ssl_conf_ciphersuites(&tls_conf, tls_ciphersuites);
|
mbedtls_ssl_conf_ciphersuites(&tls_conf, tls_ciphersuites);
|
||||||
|
|||||||
Reference in New Issue
Block a user