Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-01-01 10:56:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

fw: UDS not byte-readable

Browse Source 
Since UDS is not byte-readable we copy it by word to local_uds. Now
UDS lives for a short while in local_uds on the stack in FW_RAM and in
the internal buffer of the blake2s context (also in FW_RAM) but is
very soon overwritten.
This commit is contained in:
Michael Cardell Widerkrantz 2023-03-27 14:57:58 +02:00 committed by Daniel Lublin
parent fae2447344
commit c126199a41
No known key found for this signature in database
GPG Key ID: 75BD0FEB8D3E7830
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hw/application_fpga/fw/tk1/main.c
View File

@ -92,6 +92,7 @@ static uint32_t rnd_word()
static void compute_cdi(const uint8_t *digest, const uint8_t use_uss, static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
const uint8_t *uss) const uint8_t *uss)
{ {
uint32_t local_uds[8];
uint32_t local_cdi[8]; uint32_t local_cdi[8];
blake2s_ctx secure_ctx = {0}; blake2s_ctx secure_ctx = {0};
uint32_t rnd_sleep = 0; uint32_t rnd_sleep = 0;
@ -112,7 +113,9 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
// Update hash with UDS. This means UDS will live for a short // Update hash with UDS. This means UDS will live for a short
// while on the firmware stack which is in the special fw_ram. // while on the firmware stack which is in the special fw_ram.
blake2s_update(&secure_ctx, (const void *)uds, 32); wordcpy_s(local_uds, 8, (void *)uds, 8);
blake2s_update(&secure_ctx, (const void *)local_uds, 32);
memset(local_uds, 0, 32);
// Update with TKey program digest // Update with TKey program digest
blake2s_update(&secure_ctx, digest, 32); blake2s_update(&secure_ctx, digest, 32);