mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2024-10-01 05:45:38 +00:00
Merge branch 'main' of github.com:tillitis/tillitis-key1
This commit is contained in:
commit
20647fc486
@ -334,16 +334,15 @@ void blake2s_final(blake2s_ctx *ctx, void *out)
|
|||||||
//------------------------------------------------------------------
|
//------------------------------------------------------------------
|
||||||
int blake2s(void *out, size_t outlen,
|
int blake2s(void *out, size_t outlen,
|
||||||
const void *key, size_t keylen,
|
const void *key, size_t keylen,
|
||||||
const void *in, size_t inlen)
|
const void *in, size_t inlen,
|
||||||
|
blake2s_ctx *ctx)
|
||||||
{
|
{
|
||||||
blake2s_ctx ctx;
|
if (blake2s_init(ctx, outlen, key, keylen))
|
||||||
|
|
||||||
if (blake2s_init(&ctx, outlen, key, keylen))
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
blake2s_update(&ctx, in, inlen);
|
blake2s_update(ctx, in, inlen);
|
||||||
|
|
||||||
blake2s_final(&ctx, out);
|
blake2s_final(ctx, out);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -32,7 +32,8 @@ void blake2s_final(blake2s_ctx *ctx, void *out);
|
|||||||
// All-in-one convenience function.
|
// All-in-one convenience function.
|
||||||
int blake2s(void *out, size_t outlen, // return buffer for digest
|
int blake2s(void *out, size_t outlen, // return buffer for digest
|
||||||
const void *key, size_t keylen, // optional secret key
|
const void *key, size_t keylen, // optional secret key
|
||||||
const void *in, size_t inlen); // data to be hashed
|
const void *in, size_t inlen, // data to be hashed
|
||||||
|
blake2s_ctx *ctx);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -22,6 +22,7 @@ static volatile uint32_t *ver = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_
|
|||||||
static volatile uint32_t *cdi = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_CDI_FIRST;
|
static volatile uint32_t *cdi = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_CDI_FIRST;
|
||||||
static volatile uint32_t *app_addr = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_APP_ADDR;
|
static volatile uint32_t *app_addr = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_APP_ADDR;
|
||||||
static volatile uint32_t *app_size = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_APP_SIZE;
|
static volatile uint32_t *app_size = (volatile uint32_t *)MTA1_MKDF_MMIO_MTA1_APP_SIZE;
|
||||||
|
static volatile uint8_t *fw_ram = (volatile uint8_t *)MTA1_MKDF_MMIO_FW_RAM_BASE;
|
||||||
|
|
||||||
#define LED_RED (1 << MTA1_MKDF_MMIO_MTA1_LED_R_BIT)
|
#define LED_RED (1 << MTA1_MKDF_MMIO_MTA1_LED_R_BIT)
|
||||||
#define LED_GREEN (1 << MTA1_MKDF_MMIO_MTA1_LED_G_BIT)
|
#define LED_GREEN (1 << MTA1_MKDF_MMIO_MTA1_LED_G_BIT)
|
||||||
@ -61,6 +62,31 @@ static void print_digest(uint8_t *md)
|
|||||||
lf();
|
lf();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CDI = blake2s(uds, blake2s(app), uss)
|
||||||
|
static void compute_cdi(uint8_t digest[32], uint8_t uss[32])
|
||||||
|
{
|
||||||
|
uint32_t local_cdi[8];
|
||||||
|
|
||||||
|
// To protect UDS we use a special firmware-only RAM for both
|
||||||
|
// the in parameter to blake2s and the blake2s context.
|
||||||
|
|
||||||
|
// Only word aligned access to UDS
|
||||||
|
wordcpy((void *)fw_ram, (void *)uds, 8);
|
||||||
|
memcpy((void *)fw_ram + 32, digest, 32);
|
||||||
|
memcpy((void *)fw_ram + 64, uss, 32);
|
||||||
|
|
||||||
|
blake2s_ctx *secure_ctx = (blake2s_ctx *)(fw_ram + 96);
|
||||||
|
|
||||||
|
blake2s((void *)local_cdi, 32, NULL, 0,
|
||||||
|
(const void *)fw_ram, 96, secure_ctx);
|
||||||
|
|
||||||
|
// Write over the firmware-only RAM
|
||||||
|
memset((void *)fw_ram, 0, MTA1_MKDF_MMIO_FW_RAM_SIZE);
|
||||||
|
|
||||||
|
// Only word aligned access to CDI
|
||||||
|
wordcpy((void *)cdi, (void *)local_cdi, 8);
|
||||||
|
}
|
||||||
|
|
||||||
int main()
|
int main()
|
||||||
{
|
{
|
||||||
uint32_t local_name0 = *name0;
|
uint32_t local_name0 = *name0;
|
||||||
@ -194,8 +220,6 @@ int main()
|
|||||||
left -= nbytes;
|
left -= nbytes;
|
||||||
|
|
||||||
if (left == 0) {
|
if (left == 0) {
|
||||||
uint8_t scratch[96];
|
|
||||||
|
|
||||||
puts("Fully loaded ");
|
puts("Fully loaded ");
|
||||||
putinthex(*app_size);
|
putinthex(*app_size);
|
||||||
lf();
|
lf();
|
||||||
@ -203,21 +227,14 @@ int main()
|
|||||||
*app_addr = APP_RAM_ADDR;
|
*app_addr = APP_RAM_ADDR;
|
||||||
// Get the Blake2S digest of the app - store it
|
// Get the Blake2S digest of the app - store it
|
||||||
// for later queries
|
// for later queries
|
||||||
|
blake2s_ctx ctx;
|
||||||
|
|
||||||
blake2s(digest, 32, NULL, 0,
|
blake2s(digest, 32, NULL, 0,
|
||||||
(const void *)*app_addr, *app_size);
|
(const void *)*app_addr, *app_size, &ctx);
|
||||||
print_digest(digest);
|
print_digest(digest);
|
||||||
|
|
||||||
// CDI = hash(uds, hash(app), uss)
|
// CDI = hash(uds, hash(app), uss)
|
||||||
uint32_t local_cdi[8];
|
compute_cdi(digest, uss);
|
||||||
|
|
||||||
// Only word aligned access to UDS
|
|
||||||
wordcpy(scratch, (void *)uds, 8);
|
|
||||||
memcpy(scratch + 32, digest, 32);
|
|
||||||
memcpy(scratch + 64, uss, 32);
|
|
||||||
blake2s((void *)local_cdi, 32, NULL, 0,
|
|
||||||
(const void *)scratch, 96);
|
|
||||||
// Only word aligned access to CDI
|
|
||||||
wordcpy((void *)cdi, (void *)local_cdi, 8);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
rsp[0] = STATUS_OK;
|
rsp[0] = STATUS_OK;
|
||||||
|
Loading…
Reference in New Issue
Block a user