solo1 icon indicating copy to clipboard operation
solo1 copied to clipboard

Published 20 hours ago verified publisher icon solokeys

Poorly documented TODO AES in generate_private_key()

Open tista3 opened this issue 3 years ago • 1 comments

There is comment // TODO AES in private key derivation function, but it is not clear, what is meant to be aes encrypted and what have to be used as akey for the encryption.

I presume the developer was concerned about digesting master_secret raw, so digesting aes(master_secret) would be better idea.

Can you specify how aes should be used in this case and what data to use as an aes key?

https://github.com/solokeys/solo/blob/master/fido2/crypto.c#L269

void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey)
{
    crypto_sha256_hmac_init(CRYPTO_MASTER_KEY, 0, privkey);
    crypto_sha256_update(data, len);
    crypto_sha256_update(data2, len2);
    crypto_sha256_update(master_secret, 32);    // TODO AES
    crypto_sha256_hmac_final(CRYPTO_MASTER_KEY, 0, privkey);

    crypto_aes256_init(master_secret + 32, NULL);
    crypto_aes256_encrypt(privkey, 32);
}

tista3 avatar Jul 30 '21 04:07 tista3

I think it's related to FIDO2 key generation

https://docs.solokeys.dev/fido2-impl/

harunkocacaliskan avatar Sep 03 '21 15:09 harunkocacaliskan