Skip to content

Commit

Permalink
Disable RSA4096 - watchdog issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedelavergne-ledger
cedelavergne-ledger committed Feb 29, 2024
1 parent 69532fd commit f60feb0
Show file tree
Hide file tree
Showing 13 changed files with 116 additions and 17 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ DISABLE_STANDARD_WEBUSB = 1
DEFINES += CUSTOM_IO_APDU_BUFFER_SIZE=\(255+5+64\)
DEFINES += HAVE_USB_CLASS_CCID
DEFINES += HAVE_RSA
# DEFINES += WITH_SUPPORT_RSA4096

ifeq ($(TARGET_NAME),TARGET_NANOS)
DEFINES += HAVE_UX_LEGACY
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ This specification is available in *doc* directory and at <https://g10code.com/p

The application supports:

- RSA with key up to 4096 bits
- RSA with key up to 3072 bits
- ECDSA with secp256k1
- EDDSA with Ed25519 curve
- ECDH with secp256k1 and curve25519 curves
Expand Down
7 changes: 3 additions & 4 deletions doc/user/app-openpgp.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ This specification is available in doc directory at [G10CODE]_.

The application supports:

- RSA with key up to 4096 bits
- RSA with key up to 3072 bits
- ECDSA with secp256k1, secp256r1, brainpool 256r1 and brainpool 256t1 curves
- EDDSA with Ed25519 curve
- ECDH with secp256k1, secp256r1, brainpool 256r1, brainpool 256t1 and curve25519 curves
Expand Down Expand Up @@ -154,7 +154,6 @@ The full menu layout is:
| Choose Type...
| RSA 2048
| RSA 3072
| RSA 4096
| NIST P256
| ED25519
| Set Template
Expand Down Expand Up @@ -1100,7 +1099,7 @@ The *usage* field tells you each key purpose:
The *card-no* field provides you with the serial number of the card on which the key are stored.
You should have 3 or less keys with the same serial. These are the keys we want to restore.

For each key you also have the key template (*rsa2048*, *rsa3072*, *rsa4096*, *ed2559*, *cv25519*) followed by the
For each key you also have the key template (*rsa2048*, *rsa3072*, *ed2559*, *cv25519*) followed by the
short fingerprint, e.g. ``ed25519/8451AAF7D43D1095``

Please note the serial and the 3 key template names: ``FD6C11BE`` , ``ed25519:cv25519:ed25519``.
Expand Down Expand Up @@ -1465,7 +1464,7 @@ Its usage is:
| ``--set-templates SIG:DEC:AUT``
| ``Set template identifier for selected 'key-type'``
| ``If 'key-type' is not specified, set for all keys (SIG:DEC:AUT)``
| ``Valid values are rsa2048, rsa3072, rsa4096, nistp256, ed25519, cv25519``
| ``Valid values are rsa2048, rsa3072, nistp256, ed25519, cv25519``
| ``--seed-key Regenerate all keys, based on seed mode``
| ``--file FILE Public Key export file (default is 'pubkey')``
Expand Down
2 changes: 1 addition & 1 deletion pytools/gpgapp/gpgcmd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
KEY_TEMPLATES = {
"rsa2048" : "010800002001",
"rsa3072" : "010C00002001",
"rsa4096" : "011000002001",
# "rsa4096" : "011000002001", not supported yet
"nistp256": "132A8648CE3D030107",
"ed25519" : "162B06010401DA470F01",
"cv25519" : "122B060104019755010501"
Expand Down
73 changes: 66 additions & 7 deletions src/gpg_data.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -414,10 +414,12 @@ int gpg_apdu_put_data(unsigned int ref) {
pkey_size = sizeof(cx_rsa_3072_private_key_t);
pq = G_gpg_vstate.work.rsa.public3072.n;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
pkey_size = sizeof(cx_rsa_4096_private_key_t);
pq = G_gpg_vstate.work.rsa.public4096.n;
break;
#endif
default:
break;
}
Expand Down Expand Up @@ -801,9 +803,11 @@ static int gpg_init_keyenc(cx_aes_key_t *keyenc) {
int gpg_apdu_get_key_data(unsigned int ref) {
cx_aes_key_t keyenc = {0};
gpg_key_t *keygpg = NULL;
cx_rsa_private_key_t *key = NULL;
unsigned int len = 0;
cx_err_t error = CX_INTERNAL_ERROR;
int sw = SW_UNKNOWN;
unsigned int ksz = 0;

sw = gpg_init_keyenc(&keyenc);
if (sw != SW_OK) {
Expand Down Expand Up @@ -831,17 +835,38 @@ int gpg_apdu_get_key_data(unsigned int ref) {
// encrypted part
switch (keygpg->attributes.value[0]) {
case KEY_ID_RSA:
ksz = U2BE(G_gpg_vstate.mse_dec->attributes.value, 1) >> 3;
switch (ksz) {
case 2048 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa2048;
len = sizeof(cx_rsa_2048_private_key_t);
break;
case 3072 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa3072;
len = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa4096;
len = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
}

if ((key == NULL) || (key->size != ksz)) {
return SW_CONDITIONS_NOT_SATISFIED;
}

// insert pubkey
gpg_io_insert_u32(4);
gpg_io_insert(keygpg->pub_key.rsa, 4);

// insert privkey
gpg_io_mark();
len = GPG_IO_BUFFER_LENGTH - G_gpg_vstate.io_offset;
CX_CHECK(cx_aes_no_throw(&keyenc,
CX_ENCRYPT | CX_CHAIN_CBC | CX_PAD_ISO9797M2 | CX_LAST,
(unsigned char *) &keygpg->priv_key.rsa4096,
sizeof(cx_rsa_4096_private_key_t),
(unsigned char *) key,
len,
G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset,
&len));
gpg_io_inserted(len);
Expand Down Expand Up @@ -890,8 +915,11 @@ int gpg_apdu_put_key_data(unsigned int ref) {
cx_aes_key_t keyenc = {0};
gpg_key_t *keygpg = NULL;
unsigned int len = 0;
cx_rsa_private_key_t *key = NULL;
unsigned int offset = 0;
cx_err_t error = CX_INTERNAL_ERROR;
int sw = SW_UNKNOWN;
unsigned int ksz = 0;

sw = gpg_init_keyenc(&keyenc);
if (sw != SW_OK) {
Expand Down Expand Up @@ -933,19 +961,50 @@ int gpg_apdu_put_key_data(unsigned int ref) {
break;
}
offset = G_gpg_vstate.io_offset;

ksz = U2BE(G_gpg_vstate.mse_dec->attributes.value, 1) >> 3;
switch (ksz) {
case 2048 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa2048;
len = sizeof(cx_rsa_2048_private_key_t);
break;
case 3072 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa3072;
len = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &keygpg->priv_key.rsa4096;
len = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
}

if ((key == NULL) || (key->size != ksz)) {
PRINTF("[DATA] - put_key_data: Wrong key len: %d / %d\n", ksz, key->size);
sw = SW_CONDITIONS_NOT_SATISFIED;
break;
}
if (len != GPG_IO_BUFFER_LENGTH) {
PRINTF("[DATA] - put_key_data: Wrong buffer len: %d / %d\n", len, GPG_IO_BUFFER_LENGTH);
sw = SW_CONDITIONS_NOT_SATISFIED;
break;
}

PRINTF("[DATA] - put_key_data: key len: %d\n", len);
gpg_io_discard(0);
len = GPG_IO_BUFFER_LENGTH;
CX_CHECK(cx_aes_no_throw(&keyenc,
CX_DECRYPT | CX_CHAIN_CBC | CX_PAD_ISO9797M2 | CX_LAST,
G_gpg_vstate.work.io_buffer + offset,
len,
G_gpg_vstate.work.io_buffer,
&len));
if (len != sizeof(cx_rsa_4096_private_key_t)) {
&ksz));
if (len != ksz) {
PRINTF("[DATA] - put_key_data: Wrong aes output len: %d / %d\n", len, ksz);
sw = SW_WRONG_DATA;
break;
}
nvm_write((unsigned char *) &keygpg->priv_key.rsa4096,
nvm_write((unsigned char *) key,
G_gpg_vstate.work.io_buffer,
len);
sw = SW_OK;
Expand Down
6 changes: 6 additions & 0 deletions src/gpg_gen.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,11 @@ static int gpg_gen_rsa_kyey(gpg_key_t *keygpg, uint8_t *name) {
case 3072 / 8:
pkey_size = sizeof(cx_rsa_3072_private_key_t);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
pkey_size = sizeof(cx_rsa_4096_private_key_t);
break;
#endif
default:
break;
}
Expand Down Expand Up @@ -164,12 +166,16 @@ static int gpg_read_rsa_kyey(gpg_key_t *keygpg) {
}
gpg_io_insert_tlv(0x81, ksz, (unsigned char *) &keygpg->priv_key.rsa3072.n);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
if (keygpg->priv_key.rsa4096.size == 0) {
return SW_REFERENCED_DATA_NOT_FOUND;
}
gpg_io_insert_tlv(0x81, ksz, (unsigned char *) &keygpg->priv_key.rsa4096.n);
break;
#endif
default:
return SW_REFERENCED_DATA_NOT_FOUND;
}
gpg_io_insert_tlv(0x82, 4, keygpg->pub_key.rsa);

Expand Down
4 changes: 4 additions & 0 deletions src/gpg_pso.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,11 @@ static int gpg_sign(gpg_key_t *sigkey) {
case 3072 / 8:
key = (cx_rsa_private_key_t *) &sigkey->priv_key.rsa3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &sigkey->priv_key.rsa4096;
break;
#endif
default:
break;
}
Expand Down Expand Up @@ -263,9 +265,11 @@ int gpg_apdu_pso() {
case 3072 / 8:
key = (cx_rsa_private_key_t *) &G_gpg_vstate.mse_dec->priv_key.rsa3072;
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096 / 8:
key = (cx_rsa_private_key_t *) &G_gpg_vstate.mse_dec->priv_key.rsa4096;
break;
#endif
}

if ((key == NULL) || (key->size != ksz)) {
Expand Down
7 changes: 6 additions & 1 deletion src/gpg_types.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,9 @@ typedef struct gpg_key_s {
cx_rsa_private_key_t rsa;
cx_rsa_2048_private_key_t rsa2048;
cx_rsa_3072_private_key_t rsa3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_private_key_t rsa4096;

#endif
cx_ecfp_private_key_t ecfp;
cx_ecfp_256_private_key_t ecfp256;
cx_ecfp_384_private_key_t ecfp384;
Expand Down Expand Up @@ -215,13 +216,17 @@ struct gpg_v_state_s {
cx_rsa_public_key_t public;
cx_rsa_2048_public_key_t public2048;
cx_rsa_3072_public_key_t public3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_public_key_t public4096;
#endif
};
union {
cx_rsa_private_key_t private;
cx_rsa_2048_private_key_t private2048;
cx_rsa_3072_private_key_t private3072;
#ifdef WITH_SUPPORT_RSA4096
cx_rsa_4096_private_key_t private4096;
#endif
};
} rsa;

Expand Down
7 changes: 6 additions & 1 deletion src/gpg_ux_nanos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,7 +536,9 @@ const ux_menu_entry_t ui_menu_tmpl_key[] = {
const ux_menu_entry_t ui_menu_tmpl_type[] = {
{NULL, ui_menu_tmpl_type_action, 2048, NULL, LABEL_RSA2048, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, 3072, NULL, LABEL_RSA3072, NULL, 0, 0},
#ifdef WITH_SUPPORT_RSA4096
{NULL, ui_menu_tmpl_type_action, 4096, NULL, LABEL_RSA4096, NULL, 0, 0},
#endif
{NULL, ui_menu_tmpl_type_action, CX_CURVE_SECP256R1, NULL, LABEL_NISTP256, NULL, 0, 0},
{NULL, ui_menu_tmpl_type_action, CX_CURVE_Ed25519, NULL, LABEL_Ed25519, NULL, 0, 0},
{ui_menu_template, NULL, 0, &C_icon_back, "Back", NULL, 61, 40},
Expand Down Expand Up @@ -570,10 +572,11 @@ const bagl_element_t *ui_menu_template_predisplay(const ux_menu_entry_t *entry,
case 3072:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_RSA3072);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_RSA4096);
break;

#endif
case CX_CURVE_SECP256R1:
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), " %s", LABEL_NISTP256);
break;
Expand Down Expand Up @@ -605,7 +608,9 @@ void ui_menu_tmpl_set_action(unsigned int value) {
switch (G_gpg_vstate.ux_type) {
case 2048:
case 3072:
#ifdef WITH_SUPPORT_RSA4096
case 4096:
#endif
attributes.value[0] = KEY_ID_RSA;
U2BE_ENCODE(attributes.value, 1, G_gpg_vstate.ux_type);
attributes.value[3] = 0x00;
Expand Down
8 changes: 8 additions & 0 deletions src/gpg_ux_nanox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -474,13 +474,17 @@ void tmpl_key_selector(unsigned int idx) {

const char *const tmpl_type_getter_values[] = {LABEL_RSA2048,
LABEL_RSA3072,
#ifdef WITH_SUPPORT_RSA4096
LABEL_RSA4096,
#endif
LABEL_SECP256K1,
LABEL_Ed25519};

const unsigned int tmpl_type_getter_values_map[] = {2048,
3072,
#ifdef WITH_SUPPORT_RSA4096
4096,
#endif
CX_CURVE_SECP256R1,
CX_CURVE_Ed25519};

Expand Down Expand Up @@ -567,9 +571,11 @@ void ui_menu_template_predisplay() {
case 3072:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_RSA3072);
break;
#ifdef WITH_SUPPORT_RSA4096
case 4096:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_RSA4096);
break;
#endif
case CX_CURVE_SECP256R1:
snprintf(KEY_TYPE, sizeof(KEY_TYPE), " %s", LABEL_SECP256K1);
break;
Expand Down Expand Up @@ -597,7 +603,9 @@ void ui_menu_tmpl_set_action(unsigned int value) {
switch (G_gpg_vstate.ux_type) {
case 2048:
case 3072:
#ifdef WITH_SUPPORT_RSA4096
case 4096:
#endif
attributes.value[0] = KEY_ID_RSA;
U2BE_ENCODE(attributes.value, 1, G_gpg_vstate.ux_type);
attributes.value[3] = 0x00;
Expand Down
Loading

0 comments on commit f60feb0

Please sign in to comment.