Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-04-26 18:09:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
tillitis-key/hw/application_fpga/fw/tk1/auth_app.c
Michael Cardell Widerkrantz 20b008d20e
Add filesystem code and storage syscalls 
Adds syscalls:

- ALLOCATE_AREA
- DEALLOCATE_AREA
- WRITE_DATA
- READ_DATA

and code to access the filesystem and the flash over SPI.

Based on original work by Daniel Jobson <jobson@tillitis.see> for
these files:

- auth_app.[ch]
- flash.[ch]
- spi.[ch]
- partition_table.[ch]
- rng.[ch]
- storage.[ch]

which are used with small changes to integrate with the new syscall
method.

Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
2025-04-08 11:00:59 +02:00

69 lines
1.6 KiB
C
Raw Blame History

// Copyright (C) 2024 - Tillitis AB
// SPDX-License-Identifier: GPL-2.0-only
#include <stdbool.h>
#include <stdint.h>
#include <tkey/lib.h>
#include <tkey/tk1_mem.h>
#include "auth_app.h"
#include "blake2s/blake2s.h"
#include "partition_table.h"
#include "rng.h"
static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
/* Calculates the authentication digest based on a supplied nonce and the CDI.
* Requires that the CDI is already calculated and stored */
static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
{
/* TODO: Check so the CDI is non-zero? */
blake2s_ctx ctx = {0};
// Generate a 16 byte authentication digest
blake2s_init(&ctx, 16, NULL, 0);
blake2s_update(&ctx, (const void *)cdi, 32);
blake2s_update(&ctx, nonce, 16);
blake2s_final(&ctx, auth_digest);
}
/* Generates a 16 byte nonce */
static void generate_nonce(uint32_t *nonce)
{
for (uint8_t i = 0; i < 4; i++) {
nonce[i] = rng_get_word();
}
return;
}
/* Returns the authentication digest and random nonce. Requires that the CDI is
* already calculated and stored */
void auth_app_create(struct auth_metadata *auth_table)
{
uint8_t nonce[16];
uint8_t auth_digest[16];
generate_nonce((uint32_t *)nonce);
calculate_auth_digest(nonce, auth_digest);
memcpy_s(auth_table->authentication_digest, 16, auth_digest, 16);
memcpy_s(auth_table->nonce, 16, nonce, 16);
return;
}
bool auth_app_authenticate(struct auth_metadata *auth_table)
{
uint8_t auth_digest[16];
calculate_auth_digest(auth_table->nonce, auth_digest);
if (memeq(auth_digest, auth_table->authentication_digest, 16)) {
return true;
}
return false;
}
Reference in New Issue View Git Blame Copy Permalink