From e613f1b9a2e8006527aec57adebd28f01a6b2390 Mon Sep 17 00:00:00 2001 From: jaseg Date: Fri, 16 Nov 2018 16:16:30 +0900 Subject: Key scrubber works but is untested on race conditions due to unexpected reset --- src/demo.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------- src/noise.c | 2 ++ src/noise.h | 3 +++ 3 files changed, 75 insertions(+), 8 deletions(-) diff --git a/src/demo.c b/src/demo.c index 05875b8..8329c62 100644 --- a/src/demo.c +++ b/src/demo.c @@ -32,6 +32,8 @@ #include "words.h" #include "tracing.h" +#include "crypto/noise-c/src/protocol/internal.h" + #include #include #include @@ -55,11 +57,25 @@ #define MAX_FAILED_HANDSHAKES 5 #endif - static struct NoiseState noise_state; -static uint8_t remote_key_reference[BLAKE2S_HASH_SIZE] __attribute__((section(".backup_sram"))); -static uint8_t local_key[CURVE25519_KEY_LEN] __attribute__((section(".backup_sram"))); -static uint8_t identity_key_valid __attribute__((section(".backup_sram"))) = 0; +static struct { + union { + struct { + uint8_t local_key[CURVE25519_KEY_LEN]; + uint8_t remote_key_reference[BLAKE2S_HASH_SIZE]; + }; + uint32_t all_keys[0]; + } keys; + struct { + uint8_t identity_key_valid; + uint8_t scrub_backup; + uint8_t scrubber_armed; + uint32_t old_scrub_pattern; + uint32_t new_scrub_pattern; + int scrub_idx_read; + int scrub_idx_done; + } mgmt __attribute__((aligned(4))); +} keystore __attribute__((section(".backup_sram"))) = {0}; void _fini(void); @@ -90,15 +106,60 @@ static void clock_setup(void) { rcc_periph_clock_enable(RCC_RNG); } +void arm_key_scrubber() { + keystore.mgmt.scrubber_armed = 1; +} + +static void finish_scrub(int start_index, uint32_t pattern); +static void finish_interrupted_scrub(void); + +void disarm_key_scrubber() { + keystore.mgmt.scrubber_armed = 0; + keystore.mgmt.old_scrub_pattern = keystore.mgmt.new_scrub_pattern; + keystore.mgmt.new_scrub_pattern = 0x00000000; + finish_scrub(0, keystore.mgmt.old_scrub_pattern); +} + +static void finish_scrub(int start_index, uint32_t pattern) { + for (size_t i=start_index; itx_cipher); noise_cipherstate_free(st->rx_cipher); st->tx_cipher = NULL; @@ -98,6 +99,7 @@ void uninit_handshake(struct NoiseState *st, enum handshake_state new_state) { noise_handshakestate_free(st->handshake); st->handshake_state = new_state; st->handshake = NULL; + arm_key_scrubber(); } int try_continue_noise_handshake(struct NoiseState *st, uint8_t *buf, size_t len) { diff --git a/src/noise.h b/src/noise.h index 92acdcf..0df397a 100644 --- a/src/noise.h +++ b/src/noise.h @@ -47,4 +47,7 @@ int generate_identity_key(struct NoiseState *st); int try_continue_noise_handshake(struct NoiseState *st, uint8_t *buf, size_t len); int send_encrypted_message(struct NoiseState *st, uint8_t *msg, size_t len); +void arm_key_scrubber(void); +void disarm_key_scrubber(void); + #endif -- cgit