Rework ...

- Revise input data, protocol - Add timeout to touch - Enable execution monitoring - Change led color - Adapt to tkey-libs v0.0.2 - Various refactoring and adjustments - Rework the testx25519 program - Bump dependencies
quite · Dec 13, 2023 · 979e4ff · 979e4ff
1 parent 2a22770
commit 979e4ff
Show file tree

Hide file tree

Showing 10 changed files with 226 additions and 149 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -29,7 +29,7 @@ jobs:
  uses: actions/checkout@v3
  with:
  repository: tillitis/tkey-libs
- ref: main
+ ref: v0.0.2
  path: tkey-libs
 
  - name: fix

diff --git a/Makefile b/Makefile
@@ -7,26 +7,26 @@ CC = clang
 
 INCLUDE=$(LIBDIR)/include
 
-# If you want libcommon's qemu_puts() et cetera to output something on our QEMU
-# debug port, remove -DNODEBUG below. Do this also in $(LIBDIR)/Makefile
+# If you want the qemu_*() functions to print stuff on the QEMU debug port, add
+# -DQEMU_DEBUG to these flags. Do this also in $(LIBDIR)/Makefile before
+# building there.
 CFLAGS = -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany \
  -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf \
  -fno-builtin-putchar -nostdlib -mno-relax -flto -g \
  -Wall -Werror=implicit-function-declaration \
- -I $(INCLUDE) -I $(LIBDIR) \
- -DNODEBUG
+ -I $(INCLUDE) -I $(LIBDIR)
 
-LDFLAGS=-T $(LIBDIR)/app.lds -L $(LIBDIR)/libcommon/ -lcommon -L $(LIBDIR)/libcrt0/ -lcrt0
+LDFLAGS=-T $(LIBDIR)/app.lds -L $(LIBDIR) -lcrt0 -lcommon
 
 
 .PHONY: all
-all: x25519/app.bin check-x25519-hash testx25519
+all: x25519/app.bin check-x25519-hash
 
 show-%-hash: %/app.bin
  cd $$(dirname $^) && sha512sum app.bin
 
 check-x25519-hash: x25519/app.bin
- cd x25519 && sha512sum -c app.bin.sha512
+ @(cd x25519; echo "file:$$(pwd)/app.bin hash:$$(sha512sum app.bin | cut -c1-16)… expected:$$(cut -c1-16 <app.bin.sha512)…"; sha512sum -cw app.bin.sha512)
 
 x25519/app.bin: x25519/app.elf
  $(OBJCOPY) --input-target=elf32-littleriscv --output-target=binary $^ $@
@@ -45,7 +45,7 @@ testx25519: x25519/app.bin
 
 .PHONY: clean
 clean:
- rm -f x25519/app.{elf,bin} $(X25519OBJS) testx25519
+ rm -f x25519/app.bin x25519/app.elf $(X25519OBJS) testx25519
 
 # Uses ../.clang-format
 FMTFILES=x25519/*.[ch]
@@ -60,4 +60,8 @@ checkfmt:
 
 .PHONY: podman
 podman:
- podman run --rm --mount type=bind,source=$(CURDIR),target=/src --mount type=bind,source=$(LIBDIR),target=/tkey-libs -w /src -it ghcr.io/tillitis/tkey-builder:2 make -j
+ podman run --rm \
+ --mount type=bind,source=$(CURDIR),target=/src \
+ --mount type=bind,source=$(LIBDIR),target=/tkey-libs \
+ -w /src -it tkey-apps-builder \
+ make -j
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ dependency in a sibling directory, like this:
 
 ```
 git -C .. clone https://github.com/tillitis/tkey-libs
-git -C ../tkey-libs checkout v0.0.1
+git -C ../tkey-libs checkout v0.0.2
 make -C ../tkey-libs -j
 make -j
 ```

diff --git a/cmd/testx25519/main.go b/cmd/testx25519/main.go
@@ -1,4 +1,5 @@
 // Copyright (C) 2022, 2023 - Tillitis AB
+// Copyright (C) 2023 - Daniel Lublin
 // SPDX-License-Identifier: GPL-2.0-only
 
 package main
@@ -41,7 +42,10 @@ func main() {
  var devPath string
  var speed int
  var helpOnly bool
+ var requireTouch bool
+
  pflag.CommandLine.SortFlags = false
+ pflag.BoolVar(&requireTouch, "touch", true, "Require touch before computing shared secret (ECDH).")
  pflag.StringVar(&devPath, "port", "",
  "Set serial port device `PATH`. If this is not passed, auto-detection will be attempted.")
  pflag.IntVar(&speed, "speed", tkeyclient.SerialSpeed,
@@ -101,52 +105,64 @@ func main() {
  goX25519 := ecdh.X25519()
 
  hostPriv, err := goX25519.GenerateKey(rand.Reader)
- panicErr(err)
- hostPub := hostPriv.PublicKey()
- fmt.Printf("hostPub: %0x\n", hostPub.Bytes())
+ if err != nil {
+ le.Printf("host GenerateKey failed: %s\n", err)
+ exit(1)
+ }
 
- var domain [78]byte
- var userSecret [16]byte
- // TODO these
- copy(domain[:], []byte("age..."))
- _, err = rand.Read(userSecret[:])
- panicErr(err)
+ hostPub := hostPriv.PublicKey()
+ fmt.Printf("host pub: %0x\n", hostPub.Bytes())
 
- requireTouch := false
+ domain := "age..."
+ var userSecret [tkeyx25519.UserSecretSize]byte
+ if _, err = rand.Read(userSecret[:]); err != nil {
+ le.Printf("rand.Read failed: %s\n", err)
+ exit(1)
+ }
 
  start := time.Now()
  tkeyPubBytes, err := tkeyX25519.GetPubKey(domain, userSecret, requireTouch)
- panicErr(err)
- fmt.Printf("tkeyX25519.GetPubKey took %s\n", time.Since(start))
+ fmt.Printf("tkey GetPubKey took %s\n", time.Since(start))
+ if err != nil {
+ le.Printf("GetPubKey failed: %s\n", err)
+ exit(1)
+ }
+
  tkeyPub, err := goX25519.NewPublicKey(tkeyPubBytes)
- panicErr(err)
- fmt.Printf("tkeyPub: %0x\n", tkeyPub.Bytes())
+ if err != nil {
+ le.Printf("NewPublicKey failed: %s\n", err)
+ exit(1)
+ }
+ fmt.Printf("tkey pub: %0x\n", tkeyPub.Bytes())
 
  hostShared, err := hostPriv.ECDH(tkeyPub)
- panicErr(err)
- fmt.Printf("hostShared: %0x\n", hostShared)
+ if err != nil {
+ le.Printf("host ECDH failed: %s\n", err)
+ exit(1)
+ }
+ fmt.Printf("host shared: %0x\n", hostShared)
 
+ if requireTouch {
+ fmt.Printf("tkey will flash when touch is required ...\n")
+ }
  start = time.Now()
- tkeyShared, err := tkeyX25519.ComputeShared(domain, userSecret, requireTouch, [32]byte(hostPub.Bytes()))
- panicErr(err)
- fmt.Printf("tkeyX25519.ComputeShared took %s\n", time.Since(start))
- fmt.Printf("tkeyShared: %0x\n", tkeyShared)
+ tkeyShared, err := tkeyX25519.DoECDH(domain, userSecret, requireTouch, [32]byte(hostPub.Bytes()))
+ fmt.Printf("tkey DoECDH took %s\n", time.Since(start))
+ if err != nil {
+ le.Printf("DoECDH failed: %s\n", err)
+ exit(1)
+ }
+ fmt.Printf("tkey shared: %0x\n", tkeyShared)
 
  if !bytes.Equal(hostShared, tkeyShared) {
- fmt.Printf("👎\n")
+ fmt.Printf("Nope 👎\n")
  exit(1)
  }
 
- fmt.Printf("👍\n")
+ fmt.Printf("OK 👍\n")
  exit(0)
 }
 
-func panicErr(err error) {
- if err != nil {
- panic(err)
- }
-}
-
 func handleSignals(action func(), sig ...os.Signal) {
  ch := make(chan os.Signal, 1)
  signal.Notify(ch, sig...)

diff --git a/go.mod b/go.mod
@@ -3,14 +3,14 @@ module github.com/quite/tkey-device-x25519
 go 1.20
 
 require (
- github.com/quite/tkeyx25519 v0.0.0-20230608080843-3a10ed9df487
+ github.com/quite/tkeyx25519 v0.0.0-20231213224508-9ea7768b630e
  github.com/spf13/pflag v1.0.5
- github.com/tillitis/tkeyclient v0.0.0-20230607181239-48de67d61ab9
+ github.com/tillitis/tkeyclient v0.0.8
 )
 
 require (
  github.com/creack/goselect v0.1.2 // indirect
- go.bug.st/serial v1.5.0 // indirect
- golang.org/x/crypto v0.9.0 // indirect
- golang.org/x/sys v0.8.0 // indirect
+ go.bug.st/serial v1.6.1 // indirect
+ golang.org/x/crypto v0.16.0 // indirect
+ golang.org/x/sys v0.15.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -2,17 +2,17 @@ github.com/creack/goselect v0.1.2 h1:2DNy14+JPjRBgPzAd1thbQp4BSIihxcBf0IXhQXDRa0
 github.com/creack/goselect v0.1.2/go.mod h1:a/NhLweNvqIYMuxcMOuWY516Cimucms3DglDzQP3hKY=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/quite/tkeyx25519 v0.0.0-20230608080843-3a10ed9df487 h1:Etj26GEXi6lBzyQCsaVd8/OpechChmr+j7o/meca8ag=
-github.com/quite/tkeyx25519 v0.0.0-20230608080843-3a10ed9df487/go.mod h1:HowArfwhZbYLKRx3N/qQ/IYhy1rIr1cSUGW6XxhG/+E=
+github.com/quite/tkeyx25519 v0.0.0-20231213224508-9ea7768b630e h1:YWQ9wrTPmik9Y4dOX8mTDeANchqxZkqXfk/0YdUTvRI=
+github.com/quite/tkeyx25519 v0.0.0-20231213224508-9ea7768b630e/go.mod h1:dNIA8JvczoWZSSP/DbZGnW9dPKEa4ohYwkdUw3vRDTs=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/tillitis/tkeyclient v0.0.0-20230607181239-48de67d61ab9 h1:IE3xwhK/i9ysaCn+5F81DpH+OTGMoF9KSWCaaA2sQQI=
-github.com/tillitis/tkeyclient v0.0.0-20230607181239-48de67d61ab9/go.mod h1:LJF9olZ1FL4zIvDY4OoKSp/9YiQY0e8JoKLo0Wg1+Zc=
-go.bug.st/serial v1.5.0 h1:ThuUkHpOEmCVXxGEfpoExjQCS2WBVV4ZcUKVYInM9T4=
-go.bug.st/serial v1.5.0/go.mod h1:UABfsluHAiaNI+La2iESysd9Vetq7VRdpxvjx7CmmOE=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/tillitis/tkeyclient v0.0.8 h1:ZECNCkHmcxx5BlEdyhjMPeBX4/ZiuEov+nOAiMB3cOQ=
+github.com/tillitis/tkeyclient v0.0.8/go.mod h1:NPZaaOyroiprK4qNSADHY2pc7TAYDoZ3JKRIFhUMvHE=
+go.bug.st/serial v1.6.1 h1:VSSWmUxlj1T/YlRo2J104Zv3wJFrjHIl/T3NeruWAHY=
+go.bug.st/serial v1.6.1/go.mod h1:UABfsluHAiaNI+La2iESysd9Vetq7VRdpxvjx7CmmOE=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/x25519/app.bin.sha512 b/x25519/app.bin.sha512
@@ -1 +1 @@
-1975a0c1681b5a478ead3793b103e307c676ab944bee24b708ecb1aa098671bc10ffb16d02a7b83e395fb23453d88b94a44c217b665380702c9daac062d490d5 app.bin
+008be0514f3b9d80adeaa05faef5e1aa19166d080b4bb971d8a5ffc722ab86840229e65fb4d6a17abeb49aaf06bfdeff9ee221cbd06042048dfff4de5dcea14a app.bin
diff --git a/x25519/app_proto.c b/x25519/app_proto.c
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 
 #include "app_proto.h"
+#include <tkey/qemu_debug.h>
 
 // Send reply frame with response status Not OK (NOK==1), shortest length
 void appreply_nok(struct frame_header hdr)
@@ -14,35 +15,27 @@ void appreply_nok(struct frame_header hdr)
 // Send app reply with frame header, response code, and LEN_X-1 bytes from buf
 void appreply(struct frame_header hdr, enum appcmd rspcode, void *buf)
 {
- size_t nbytes;
- enum cmdlen len;
+ enum cmdlen len = 0;
+ size_t nbytes = 0;
 
  switch (rspcode) {
  case APP_RSP_GET_PUBKEY:
+ case APP_RSP_DO_ECDH:
  len = LEN_128;
  nbytes = 128;
  break;
-
- case APP_RSP_COMPUTE_SHARED:
- len = LEN_128;
- nbytes = 128;
- break;
-
  case APP_RSP_GET_NAMEVERSION:
  len = LEN_32;
  nbytes = 32;
  break;
-
  case APP_RSP_UNKNOWN_CMD:
  len = LEN_1;
  nbytes = 1;
  break;
-
  default:
  qemu_puts("appreply(): Unknown response code: ");
  qemu_puthex(rspcode);
  qemu_lf();
-
  return;
  }
 

diff --git a/x25519/app_proto.h b/x25519/app_proto.h
@@ -5,17 +5,17 @@
 #ifndef APP_PROTO_H
 #define APP_PROTO_H
 
-#include <lib.h>
-#include <proto.h>
+#include <tkey/lib.h>
+#include <tkey/proto.h>
 
 // clang-format off
 enum appcmd {
  APP_CMD_GET_NAMEVERSION = 0x01,
  APP_RSP_GET_NAMEVERSION = 0x02,
  APP_CMD_GET_PUBKEY = 0x03,
  APP_RSP_GET_PUBKEY = 0x04,
- APP_CMD_COMPUTE_SHARED = 0x05,
- APP_RSP_COMPUTE_SHARED = 0x06,
+ APP_CMD_DO_ECDH  = 0x05,
+ APP_RSP_DO_ECDH  = 0x06,
 
  APP_RSP_UNKNOWN_CMD = 0xff,
 };