google / OpenSK / 16369700748

97%

2.1: 97%

Build Type

push

github

Committed by web-flow

Commit Message

ECDSA private key wrapping responsibility into Env (#738)

* ECDSA private key wrapping responsibility into Env

This change is backwards incompatible. If you flash this firmware onto
an OpenSK with existing registrations, they will not work. This includes
all of resident keys, server-side keys and CTAP1 keys.

Before, we had a `key_wrap` function in `KeyStore` that, by default,
uses a symmetric key to encrypt ECDSA private keys for storage.

However, hardware cryptography users may not want to expose the private
key to OpenSK at all. Therefore, the ECDSA API has to change to not assume the
existance of `to_slice`, but merely a function to export and re-import
it, where we receive a wrapping of unknown length.

We also remove `wrap_key` in `KeyStore`, since this was the imperfect
in-library solution for the problem. Since the symmetric `wrap_key` was
stored in plaintext on flash, it didn't give the same security
guarantees as hardware can. Instead, if you want to secure plain text
storage of private key material, you have to implement your own measure.

This does not affect the security of private keys exported through any
CTAP API. This is only about local attackers with physical access to the
device.

* Fixes corupted attestation keys and credRandom

* Documents and tests determinism of export

Run Details

98 of 100 new or added lines in 11 files covered. (98.0%)

1 existing line in 1 file now uncovered.

11843 of 12205 relevant lines covered (97.03%)

11509.0 hits per line