securechip: replace sign interface function with native Rust impl #1334
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Did you run |
Yes, why? |
you bumped core/alloc |
NickeZ
reviewed
Dec 3, 2024
The securechip unsafe sign key slot in the ATECC608 was only used as an alternative to adding firmware code for signing using hte NIST P-256 curve. The Optiga Trust M does not support the same functionality - one can't write a private key to this chip and extract the corresponding pubkey. Since we want one interface for both chips, we remove the unsafe sign functionality and replace it with the Rust p256 crate. It is only used in U2F. As an alternative, one could use the native MCU PUKCC/PUKCL feature to derive a pubkey and sign using this curve (see pukcc.c), but I could not get it to work. Using the Rust crate is much easier to implement / use. This adds 10592 bytes of binary space. If we need it back, we should try again to use PUKCC instead and offload these operations to the MCU.
The programmer needs to make sure the ptr/len point to a valid memory area.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The securechip unsafe sign key slot in the ATECC608 was only used as an alternative to adding firmware code for signing using hte NIST P-256 curve.
The Optiga Trust M does not support the same functionality - one can't write a private key to this chip and extract the corresponding pubkey.
Since we want one interface for both chips, we remove the unsafe sign functionality and replace it with the Rust p256 crate.
It is only used in U2F.
As an alternative, one could use the native MCU PUKCC/PUKCL feature to derive a pubkey and sign using this curve (see pukcc.c), but I could not get it to work. Using the Rust crate is much easier to implement / use.
This adds 10592 bytes of binary space. If we need it back, we should try again to use PUKCC instead and offload these operations to the MCU.
Useful site to test U2f registration & authentication: https://demo.yubico.com/webauthn-technical