CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
GpgStorage.cpp File Reference
#include "mod_gpg/GpgStorage.h"
#include "cdc_hal/ISecureElement.h"
#include "cdc_core/Crypto.h"
#include "cdc_log.h"
#include <mbedtls/sha256.h>
#include <mbedtls/hkdf.h>
#include <mbedtls/md.h>
#include <mbedtls/platform_util.h>
#include <esp_random.h>
#include <string.h>

Go to the source code of this file.

Classes

struct  cdc::mod_gpg::DecKeyStorage
struct  cdc::mod_gpg::AesKeyStorage

Namespaces

namespace  cdc
namespace  cdc::mod_gpg

Functions

static cdc::hal::ISecureElementget_se ()
static bool pin_to_hash (const char *pin, uint8_t *hash_out)
 Computes SHA-256 over a PIN string.
static bool derive_storage_key (uint16_t slot_id, const uint8_t *pin_hash, uint8_t *key_out)
 Derives a 32-byte storage key for a specific slot.
static void build_aad (uint16_t slot_id, const uint8_t magic[MAGIC_SIZE], uint8_t aad_out[6])
 Builds the 6-byte AAD for a slot: slot_id (BE) || magic (4).
static uint16_t resolve_slot (uint16_t rel_index)
 Resolves an absolute R-Memory slot index relative to the module range.
void gpg_storage_set_slot_range (uint16_t eccStart, uint16_t eccEnd)
void gpg_storage_set_rmem_range (uint16_t rmemStart, uint16_t rmemEnd)
bool gpg_storage_ready (void)
uint8_t gpg_storage_sig_slot (void)
uint8_t gpg_storage_dec_slot (void)
uint8_t gpg_storage_aut_slot (void)
static bool save_slot_encrypted (uint16_t slot_id, const uint8_t magic[MAGIC_SIZE], const uint8_t *payload, size_t payload_len, uint8_t *record_buf, size_t record_buf_len, const char *pin)
 Encrypts and writes an arbitrary payload to a slot.
static bool load_slot_decrypted (uint16_t slot_id, const uint8_t magic[MAGIC_SIZE], uint8_t *payload_out, size_t payload_len, const char *pin)
 Reads and decrypts a payload from a slot.
bool gpg_storage_save_dec_privkey (const uint8_t *privkey, const char *pin)
 Saves a DEC private key into R-Memory using PIN-bound AES-GCM.
bool gpg_storage_load_dec_privkey (uint8_t *privkey_out, const char *pin)
 Loads and decrypts the DEC private key from R-Memory.
bool gpg_storage_has_dec_privkey (void)
 Returns true if encrypted DEC private key record exists.
bool gpg_storage_delete_dec_privkey (void)
 Deletes DEC private key record.
bool gpg_storage_save_aes_key (const uint8_t *key, size_t key_len, const char *pin)
 Saves the symmetric AES key for PSO:DECIPHER (DO 0xD5).
bool gpg_storage_load_aes_key (uint8_t *key_out, size_t *key_len_out, const char *pin)
 Loads the symmetric AES key from R-Memory.
bool gpg_storage_has_aes_key (void)
 Returns true if a symmetric AES key record exists.
bool gpg_storage_delete_aes_key (void)
 Deletes the symmetric AES key record.
void gpg_storage_set_session_pin (const char *pin)
 Stores session PIN-derived key after successful PIN verification.
bool gpg_storage_get_session_key (uint8_t *key_out)
 Returns current session key if session is active.
void gpg_storage_clear_session (void)
 Clears the cached session key.

Variables

static const char * TAG = "GPGStorage"
 Encrypted persistent storage for OpenPGP secret material.
static constexpr uint16_t RMEM_SLOT_DEC_KEY = 1
 R-Memory slot offset for the DEC private key payload (= ECC slot 2).
static constexpr uint16_t RMEM_SLOT_AES_KEY = 2
 R-Memory slot offset for the symmetric AES key payload (= ECC slot 3).
static constexpr uint8_t DEC_KEY_MAGIC [4] = {'E', 'C', 'D', 'H'}
 Magic marker for encrypted DEC private key records.
static constexpr uint8_t AES_KEY_MAGIC [4] = {'A', 'E', 'S', '1'}
 Magic marker for symmetric AES key records (DO 0xD5).
static constexpr size_t MAGIC_SIZE = 4
static constexpr size_t NONCE_SIZE = 12
static constexpr size_t TAG_SIZE = 16
static constexpr size_t PRIVKEY_SIZE = 32
static constexpr size_t AES_MAX_KEY_SIZE = 32
static constexpr size_t DEC_TOTAL_SIZE = MAGIC_SIZE + NONCE_SIZE + PRIVKEY_SIZE + TAG_SIZE
static constexpr size_t AES_RECORD_PAYLOAD = 1 + AES_MAX_KEY_SIZE
static constexpr size_t AES_TOTAL_SIZE = MAGIC_SIZE + NONCE_SIZE + AES_RECORD_PAYLOAD + TAG_SIZE
static constexpr char HKDF_INFO [] = "GPG-STORAGE-V2"
 HKDF info string for storage key derivation.
static struct { ... }  s_storage

Function Documentation

◆ build_aad()

void build_aad ( uint16_t slot_id,
const uint8_t magic[MAGIC_SIZE],
uint8_t aad_out[6] )
static

Builds the 6-byte AAD for a slot: slot_id (BE) || magic (4).

Parameters
slot_idAbsolute R-Memory slot identifier.
magic4-byte magic marker.
aad_out6-byte output buffer.

Definition at line 171 of file GpgStorage.cpp.

References MAGIC_SIZE.

Referenced by load_slot_decrypted(), and save_slot_encrypted().

◆ derive_storage_key()

bool derive_storage_key ( uint16_t slot_id,
const uint8_t * pin_hash,
uint8_t * key_out )
static

Derives a 32-byte storage key for a specific slot.

Parameters
slot_idAbsolute R-Memory slot identifier (used in HKDF salt).
pin_hashOptional 32-byte PIN hash; nullptr falls back to chip-bound key.
key_out32-byte output buffer.
Returns
true on success.

Definition at line 129 of file GpgStorage.cpp.

References get_se(), and HKDF_INFO.

Referenced by load_slot_decrypted(), and save_slot_encrypted().

◆ get_se()

cdc::hal::ISecureElement * get_se ( )
static

Definition at line 105 of file GpgStorage.cpp.

References cdc::hal::getSecureElementInstance().

Referenced by derive_storage_key(), gpg_storage_delete_aes_key(), gpg_storage_delete_dec_privkey(), gpg_storage_has_aes_key(), gpg_storage_has_dec_privkey(), load_slot_decrypted(), and save_slot_encrypted().

◆ gpg_storage_aut_slot()

uint8_t gpg_storage_aut_slot ( void )

Definition at line 209 of file GpgStorage.cpp.

References s_storage.

Referenced by cmd_get_data(), cmd_internal_authenticate(), get_ecc_slot_for_key_ref(), gpg_generate_key(), openpgp_factory_reset(), and put_data_algo_attr().

◆ gpg_storage_clear_session()

void gpg_storage_clear_session ( void )

Clears the cached session key.

Definition at line 467 of file GpgStorage.cpp.

References s_storage.

Referenced by cmd_select(), gpg_storage_set_session_pin(), and openpgp_factory_reset().

◆ gpg_storage_dec_slot()

uint8_t gpg_storage_dec_slot ( void )

Definition at line 208 of file GpgStorage.cpp.

References s_storage.

Referenced by cmd_get_data(), get_ecc_slot_for_key_ref(), and gpg_generate_key().

◆ gpg_storage_delete_aes_key()

bool gpg_storage_delete_aes_key ( void )

Deletes the symmetric AES key record.

Definition at line 439 of file GpgStorage.cpp.

References get_se(), cdc::hal::OK, resolve_slot(), and RMEM_SLOT_AES_KEY.

◆ gpg_storage_delete_dec_privkey()

bool gpg_storage_delete_dec_privkey ( void )

Deletes DEC private key record.

Definition at line 378 of file GpgStorage.cpp.

References get_se(), cdc::hal::OK, resolve_slot(), and RMEM_SLOT_DEC_KEY.

Referenced by openpgp_factory_reset().

◆ gpg_storage_get_session_key()

bool gpg_storage_get_session_key ( uint8_t * key_out)

Returns current session key if session is active.

Parameters
key_out32-byte output buffer.
Returns
true if session key is available.

Definition at line 459 of file GpgStorage.cpp.

References s_storage.

◆ gpg_storage_has_aes_key()

bool gpg_storage_has_aes_key ( void )

Returns true if a symmetric AES key record exists.

Definition at line 427 of file GpgStorage.cpp.

References AES_KEY_MAGIC, get_se(), MAGIC_SIZE, cdc::hal::OK, resolve_slot(), and RMEM_SLOT_AES_KEY.

Referenced by cmd_pso_decipher_aes().

◆ gpg_storage_has_dec_privkey()

bool gpg_storage_has_dec_privkey ( void )

Returns true if encrypted DEC private key record exists.

Definition at line 366 of file GpgStorage.cpp.

References DEC_KEY_MAGIC, DEC_TOTAL_SIZE, get_se(), MAGIC_SIZE, cdc::hal::OK, resolve_slot(), and RMEM_SLOT_DEC_KEY.

Referenced by cmd_pso_decipher(), and read_public_key().

◆ gpg_storage_load_aes_key()

bool gpg_storage_load_aes_key ( uint8_t * key_out,
size_t * key_len_out,
const char * pin )

Loads the symmetric AES key from R-Memory.

Parameters
key_outOutput buffer (must hold at least 32 bytes).
key_len_outReceives the stored key length (16 or 32).
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 408 of file GpgStorage.cpp.

References AES_KEY_MAGIC, AES_RECORD_PAYLOAD, load_slot_decrypted(), resolve_slot(), and RMEM_SLOT_AES_KEY.

Referenced by cmd_pso_decipher_aes().

◆ gpg_storage_load_dec_privkey()

bool gpg_storage_load_dec_privkey ( uint8_t * privkey_out,
const char * pin )

Loads and decrypts the DEC private key from R-Memory.

Parameters
privkey_out32-byte output buffer.
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 360 of file GpgStorage.cpp.

References DEC_KEY_MAGIC, load_slot_decrypted(), PRIVKEY_SIZE, resolve_slot(), and RMEM_SLOT_DEC_KEY.

Referenced by cmd_pso_decipher(), and read_public_key().

◆ gpg_storage_ready()

bool gpg_storage_ready ( void )

Definition at line 206 of file GpgStorage.cpp.

References s_storage.

Referenced by gpg_export_pubkey_pem(), gpg_generate_key(), gpg_init(), gpg_reset(), and cdc::mod_gpg::GpgModule::init().

◆ gpg_storage_save_aes_key()

bool gpg_storage_save_aes_key ( const uint8_t * key,
size_t key_len,
const char * pin )

Saves the symmetric AES key for PSO:DECIPHER (DO 0xD5).

Parameters
keyAES key bytes (16 or 32).
key_lenKey length (16 or 32).
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 385 of file GpgStorage.cpp.

References AES_KEY_MAGIC, AES_MAX_KEY_SIZE, AES_RECORD_PAYLOAD, AES_TOTAL_SIZE, LOG_I, resolve_slot(), RMEM_SLOT_AES_KEY, save_slot_encrypted(), and TAG.

Referenced by cmd_put_data().

◆ gpg_storage_save_dec_privkey()

bool gpg_storage_save_dec_privkey ( const uint8_t * privkey,
const char * pin )

Saves a DEC private key into R-Memory using PIN-bound AES-GCM.

Parameters
privkey32-byte P-256 private key scalar.
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 347 of file GpgStorage.cpp.

References DEC_KEY_MAGIC, DEC_TOTAL_SIZE, LOG_I, PRIVKEY_SIZE, resolve_slot(), RMEM_SLOT_DEC_KEY, save_slot_encrypted(), and TAG.

Referenced by cmd_put_data_odd(), generate_dec_key(), and gpg_generate_key().

◆ gpg_storage_set_rmem_range()

void gpg_storage_set_rmem_range ( uint16_t rmemStart,
uint16_t rmemEnd )

Definition at line 201 of file GpgStorage.cpp.

References s_storage.

Referenced by cdc::mod_gpg::GpgModule::init().

◆ gpg_storage_set_session_pin()

void gpg_storage_set_session_pin ( const char * pin)

Stores session PIN-derived key after successful PIN verification.

Parameters
pinVerified PIN string.

Definition at line 446 of file GpgStorage.cpp.

References gpg_storage_clear_session(), pin_to_hash(), and s_storage.

Referenced by cmd_verify().

◆ gpg_storage_set_slot_range()

void gpg_storage_set_slot_range ( uint16_t eccStart,
uint16_t eccEnd )

Definition at line 186 of file GpgStorage.cpp.

References s_storage.

Referenced by cdc::mod_gpg::GpgModule::init().

◆ gpg_storage_sig_slot()

uint8_t gpg_storage_sig_slot ( void )

Definition at line 207 of file GpgStorage.cpp.

References s_storage.

Referenced by cmd_get_data(), cmd_pso_cds(), get_ecc_slot_for_key_ref(), gpg_alchemy_fingerprint(), gpg_export_pubkey_pem(), gpg_generate_key(), cdc::mod_gpg::gpgCrossSign(), openpgp_factory_reset(), and put_data_algo_attr().

◆ load_slot_decrypted()

bool load_slot_decrypted ( uint16_t slot_id,
const uint8_t magic[MAGIC_SIZE],
uint8_t * payload_out,
size_t payload_len,
const char * pin )
static

Reads and decrypts a payload from a slot.

Parameters
slot_idAbsolute R-Memory slot.
magic4-byte magic marker.
payload_outOutput buffer.
payload_lenExpected plaintext length.
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 290 of file GpgStorage.cpp.

References cdc::core::aesGcm256Open(), build_aad(), derive_storage_key(), get_se(), MAGIC_SIZE, NONCE_SIZE, cdc::hal::OK, pin_to_hash(), and TAG_SIZE.

Referenced by gpg_storage_load_aes_key(), and gpg_storage_load_dec_privkey().

◆ pin_to_hash()

bool pin_to_hash ( const char * pin,
uint8_t * hash_out )
static

Computes SHA-256 over a PIN string.

Parameters
pinPIN string; may be empty/nullptr.
hash_out32-byte output buffer.
Returns
true on success.

Definition at line 115 of file GpgStorage.cpp.

Referenced by gpg_storage_set_session_pin(), load_slot_decrypted(), and save_slot_encrypted().

◆ resolve_slot()

uint16_t resolve_slot ( uint16_t rel_index)
static

Resolves an absolute R-Memory slot index relative to the module range.

Parameters
rel_indexOffset within the module range.
Returns
Absolute slot index.

Definition at line 182 of file GpgStorage.cpp.

References s_storage.

Referenced by gpg_storage_delete_aes_key(), gpg_storage_delete_dec_privkey(), gpg_storage_has_aes_key(), gpg_storage_has_dec_privkey(), gpg_storage_load_aes_key(), gpg_storage_load_dec_privkey(), gpg_storage_save_aes_key(), and gpg_storage_save_dec_privkey().

◆ save_slot_encrypted()

bool save_slot_encrypted ( uint16_t slot_id,
const uint8_t magic[MAGIC_SIZE],
const uint8_t * payload,
size_t payload_len,
uint8_t * record_buf,
size_t record_buf_len,
const char * pin )
static

Encrypts and writes an arbitrary payload to a slot.

Parameters
slot_idAbsolute R-Memory slot.
magic4-byte magic marker.
payloadPlaintext bytes.
payload_lenPlaintext length.
record_bufScratch buffer; must hold MAGIC + NONCE + payload_len + TAG.
record_buf_lenLength of record_buf.
pinSession PIN; nullptr falls back to chip-bound key.
Returns
true on success.

Definition at line 222 of file GpgStorage.cpp.

References cdc::core::aesGcm256Seal(), build_aad(), derive_storage_key(), get_se(), LOG_E, MAGIC_SIZE, NONCE_SIZE, cdc::hal::OK, pin_to_hash(), TAG, and TAG_SIZE.

Referenced by gpg_storage_save_aes_key(), and gpg_storage_save_dec_privkey().

Variable Documentation

◆ AES_KEY_MAGIC

uint8_t AES_KEY_MAGIC[4] = {'A', 'E', 'S', '1'}
staticconstexpr

Magic marker for symmetric AES key records (DO 0xD5).

Definition at line 36 of file GpgStorage.cpp.

Referenced by gpg_storage_has_aes_key(), gpg_storage_load_aes_key(), and gpg_storage_save_aes_key().

◆ AES_MAX_KEY_SIZE

size_t AES_MAX_KEY_SIZE = 32
staticconstexpr

Definition at line 42 of file GpgStorage.cpp.

Referenced by gpg_storage_save_aes_key().

◆ AES_RECORD_PAYLOAD

size_t AES_RECORD_PAYLOAD = 1 + AES_MAX_KEY_SIZE
staticconstexpr

Definition at line 44 of file GpgStorage.cpp.

Referenced by gpg_storage_load_aes_key(), and gpg_storage_save_aes_key().

◆ AES_TOTAL_SIZE

size_t AES_TOTAL_SIZE = MAGIC_SIZE + NONCE_SIZE + AES_RECORD_PAYLOAD + TAG_SIZE
staticconstexpr

Definition at line 45 of file GpgStorage.cpp.

Referenced by gpg_storage_save_aes_key().

◆ DEC_KEY_MAGIC

uint8_t DEC_KEY_MAGIC[4] = {'E', 'C', 'D', 'H'}
staticconstexpr

Magic marker for encrypted DEC private key records.

Definition at line 33 of file GpgStorage.cpp.

Referenced by gpg_storage_has_dec_privkey(), gpg_storage_load_dec_privkey(), and gpg_storage_save_dec_privkey().

◆ DEC_TOTAL_SIZE

size_t DEC_TOTAL_SIZE = MAGIC_SIZE + NONCE_SIZE + PRIVKEY_SIZE + TAG_SIZE
staticconstexpr

Definition at line 43 of file GpgStorage.cpp.

Referenced by gpg_storage_has_dec_privkey(), and gpg_storage_save_dec_privkey().

◆ HKDF_INFO

char HKDF_INFO[] = "GPG-STORAGE-V2"
staticconstexpr

HKDF info string for storage key derivation.

Definition at line 48 of file GpgStorage.cpp.

Referenced by derive_storage_key().

◆ MAGIC_SIZE

size_t MAGIC_SIZE = 4
staticconstexpr

Definition at line 38 of file GpgStorage.cpp.

Referenced by build_aad(), gpg_storage_has_aes_key(), gpg_storage_has_dec_privkey(), load_slot_decrypted(), and save_slot_encrypted().

◆ NONCE_SIZE

size_t NONCE_SIZE = 12
staticconstexpr

Definition at line 39 of file GpgStorage.cpp.

Referenced by load_slot_decrypted(), and save_slot_encrypted().

◆ PRIVKEY_SIZE

size_t PRIVKEY_SIZE = 32
staticconstexpr

Definition at line 41 of file GpgStorage.cpp.

Referenced by gpg_storage_load_dec_privkey(), and gpg_storage_save_dec_privkey().

◆ RMEM_SLOT_AES_KEY

uint16_t RMEM_SLOT_AES_KEY = 2
staticconstexpr

R-Memory slot offset for the symmetric AES key payload (= ECC slot 3).

Definition at line 30 of file GpgStorage.cpp.

Referenced by gpg_storage_delete_aes_key(), gpg_storage_has_aes_key(), gpg_storage_load_aes_key(), and gpg_storage_save_aes_key().

◆ RMEM_SLOT_DEC_KEY

uint16_t RMEM_SLOT_DEC_KEY = 1
staticconstexpr

R-Memory slot offset for the DEC private key payload (= ECC slot 2).

Definition at line 27 of file GpgStorage.cpp.

Referenced by gpg_storage_delete_dec_privkey(), gpg_storage_has_dec_privkey(), gpg_storage_load_dec_privkey(), and gpg_storage_save_dec_privkey().

◆ []

struct { ... } s_storage

Referenced by gpg_storage_aut_slot(), gpg_storage_clear_session(), gpg_storage_dec_slot(), gpg_storage_get_session_key(), gpg_storage_ready(), gpg_storage_set_rmem_range(), gpg_storage_set_session_pin(), gpg_storage_set_slot_range(), gpg_storage_sig_slot(), and resolve_slot().

◆ TAG

const char* TAG = "GPGStorage"
static

Encrypted persistent storage for OpenPGP secret material.

Encrypts payloads with AES-256-GCM. The wrapping key is derived via HKDF over (chip_id || pin_hash) with the slot index appended; AAD binds the record to (slot_id, magic) to defeat slot-shuffle attacks.

Definition at line 20 of file GpgStorage.cpp.

◆ TAG_SIZE

size_t TAG_SIZE = 16
staticconstexpr

Definition at line 40 of file GpgStorage.cpp.

Referenced by load_slot_decrypted(), and save_slot_encrypted().