WIP auth app

2025-04-17 14:03:11 -04:00 · 2024-09-03 21:05:59 +02:00 · 2024-09-03 21:05:59 +02:00 · 9a1c9635f4
commit 9a1c9635f4
parent d859ca0357
3 changed files with 88 additions and 3 deletions
--- a/hw/application_fpga/Makefile
+++ b/hw/application_fpga/Makefile
@ -114,7 +114,8 @@ FIRMWARE_DEPS = \
 	$(P)/fw/tk1/spi.h \
 	$(P)/fw/tk1/flash.h \
 	$(P)/fw/tk1/partition_table.h \
-	$(P)/fw/tk1/preload_app.h
+	$(P)/fw/tk1/preload_app.h \
+	$(P)/fw/tk1/auth_app.h

 FIRMWARE_OBJS = \
 	$(P)/fw/tk1/main.o \
@ -127,7 +128,8 @@ FIRMWARE_OBJS = \
 	$(P)/fw/tk1/spi.o \
 	$(P)/fw/tk1/flash.o \
 	$(P)/fw/tk1/partition_table.o \
-	$(P)/fw/tk1/preload_app.o
+	$(P)/fw/tk1/preload_app.o \
+	$(P)/fw/tk1/auth_app.o

 FIRMWARE_SOURCES = \
 	$(P)/fw/tk1/main.c \
@ -139,7 +141,8 @@ FIRMWARE_SOURCES = \
 	$(P)/fw/tk1/spi.c \
 	$(P)/fw/tk1/flash.c \
 	$(P)/fw/tk1/partition_table.c \
-	$(P)/fw/tk1/preload_app.c
+	$(P)/fw/tk1/preload_app.c \
+	$(P)/fw/tk1/auth_app.c

 TESTFW_OBJS = \
 	$(P)/fw/testfw/main.o \
--- a/hw/application_fpga/fw/tk1/auth_app.c
+++ b/hw/application_fpga/fw/tk1/auth_app.c
@ -0,0 +1,68 @@
+// Copyright (C) 2024 - Tillitis AB
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include "auth_app.h"
+#include "../tk1_mem.h"
+#include "blake2s/blake2s.h"
+#include "lib.h"
+#include "partition_table.h"
+#include "rng.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
+
+/* Calculates the authentication digest based on a supplied nonce and the CDI.
+ * Requires that the CDI is already calculated and stored */
+static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
+{
+	/* TODO: Check so the CDI is non-zero? */
+
+	blake2s_ctx ctx = {0};
+
+	// Generate a 16 byte authentication digest
+	blake2s_init(&ctx, 16, NULL, 0);
+	blake2s_update(&ctx, (const void *)cdi, 32);
+	blake2s_update(&ctx, nonce, 16);
+	blake2s_final(&ctx, auth_digest);
+}
+
+/* Generates a 16 byte nonce */
+static void generate_nonce(uint32_t *nonce)
+{
+
+	for (uint8_t i = 0; i < 4; i++) {
+		nonce[i] = rng_get_word();
+	}
+	return;
+}
+/* Returns the authentication digest and random nonce. Requires that the CDI is
+ * already calculated and stored */
+void auth_app_create(auth_metadata_t *auth_table)
+{
+	uint8_t nonce[16];
+	uint8_t auth_digest[16];
+
+	generate_nonce((uint32_t *)nonce);
+
+	calculate_auth_digest(nonce, auth_digest);
+
+	memcpy_s(auth_table->authentication_digest, 16, auth_digest, 16);
+	memcpy_s(auth_table->nonce, 16, nonce, 16);
+
+	return;
+}
+
+bool auth_app_authenticate(auth_metadata_t *auth_table)
+{
+	uint8_t auth_digest[16];
+
+	calculate_auth_digest(auth_table->nonce, auth_digest);
+
+	if (memeq(auth_digest, auth_table->authentication_digest, 16)) {
+		return true;
+	}
+
+	return false;
+}
--- a/hw/application_fpga/fw/tk1/auth_app.h
+++ b/hw/application_fpga/fw/tk1/auth_app.h
@ -0,0 +1,14 @@
+// Copyright (C) 2024 - Tillitis AB
+// SPDX-License-Identifier: GPL-2.0-only
+
+#ifndef AUTH_APP_H
+#define AUTH_APP_H
+
+#include "partition_table.h"
+
+#include <stdbool.h>
+
+void auth_app_create(auth_metadata_t *auth_table);
+bool auth_app_authenticate(auth_metadata_t *auth_table);
+
+#endif