From 4dce2d15ef9bd68dab308bebad04d014b9278b52 Mon Sep 17 00:00:00 2001 From: Nicolas Roggeman Date: Wed, 11 Dec 2024 12:59:34 +0100 Subject: [PATCH] Remove support of AEM PIN feature (never activated in OS) --- include/appflags.h | 9 -- include/os_pin.h | 218 --------------------------------------------- include/os_ux.h | 3 - include/syscalls.h | 18 ---- src/syscalls.c | 121 ------------------------- 5 files changed, 369 deletions(-) diff --git a/include/appflags.h b/include/appflags.h index d7313efee..b980d1423 100644 --- a/include/appflags.h +++ b/include/appflags.h @@ -85,15 +85,6 @@ */ #define APPLICATION_FLAG_NOT_REVIEWED 0x20000 -/** - * Custom AEM flag to test AEM capabilities without standard UX permissions - */ -#if defined(BOLOS_DEBUG_UX_PERMISSION_FLAG) -#define APPLICATION_FLAG_AEM_PIN APPLICATION_FLAG_GLOBAL_PIN -#else -#define APPLICATION_FLAG_AEM_PIN APPLICATION_FLAG_BOLOS_UX -#endif // BOLOS_DEBUG_UX_PERMISSION_FLAG - #define APPLICATION_FLAGS_MASK (0x00000000FFFFFFFFULL) #define APPLICATION_FLAG_NEG_MASK (0xFFFFFFFF00000000ULL) #define APPLICATION_FLAGS_SHIFT (32) diff --git a/include/os_pin.h b/include/os_pin.h index c1bc42a00..7eb078366 100644 --- a/include/os_pin.h +++ b/include/os_pin.h @@ -45,221 +45,3 @@ unsigned int os_global_pin_retries(void); */ SYSCALL bolos_bool_t os_perso_is_pin_set(void); - -#if defined(HAVE_AEM_PIN) -/* ----------------------------------------------------------------------- */ -/* - ANTI EVIL MAID (AEM) PIN FEATURE - */ -/* ----------------------------------------------------------------------- */ - -/** - * This feature involves two data elements: - * - The AEM PIN, - * - The AEM response. - */ - -/** - * The minimum length of an AEM PIN, in bytes. - */ -#define AEM_MIN_PIN_LENGTH 0x04 - -/** - * The maximum length of a AEM PIN associated response, in bytes, including - * the trailing end-of-string character (which is automatically added by - * the OS at the end of an APDU buffer). - */ -#define AEM_RESPONSE_MAX_LENGTH 0x80 - -/** - * The different supported formats for the AEM response, and the value of the - * last one. - */ -#define AEM_RESPONSE_FORMAT_TEXT 0x01 -#define AEM_RESPONSE_FORMAT_BMP_14x14 0x02 -#define AEM_RESPONSE_FORMAT_LAST AEM_RESPONSE_FORMAT_BMP_14x14 - -/** - * This function allows one to set a value to the AEM PIN, and activate the - * associated feature. - * The associated feature is activated when both the AEM PIN and the boot - * PIN response have been set and are active. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @param aem_pin The AEM PIN to be stored in persistent memory. - * @param aem_pin_length The length of the to-be-set AEM PIN. - * @throw INVALID_PARAMETER, when the submitted length is less than the - * minimum accepted length for a PIN, - * @throw SWO_PAR_LEN_13 if aem_pin_length < AEM_MIN_PIN_LENGTH, - * @throw SWO_SEC_PIN_0D when either the device is not onboarded or the - * user PIN has not been checked beforehand. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_set_pin(unsigned char *aem_pin - PLENGTH(aem_pin_length), - unsigned int aem_pin_length); - -/** - * This function allows one to unset the AEM PIN value (in such a case, it - * is erased), and deactivate the associated feature. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @throw SWO_SEC_PIN_0E, when either the device is not onboarded or the - * user PIN has not been checked beforehand. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_unset_pin(void); - -/** - * This function allows one to know whether the AEM PIN has been set. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @return BOLOS_TRUE if the AEM PIN has been set, any other value otherwise - * (depending on the failed internal check). - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) -bolos_bool_t os_aem_is_pin_set(void); - -/** - * This function allows one to set a value to the AEM response. - * The associated feature is activated when both the AEM PIN and the boot - * PIN response have been set and are active. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * It needs to be followed by a call to 'os_aem_pin_activate_response' in - * order to be used afterwards. - * @param aem_response The response to be stored in persistent memory. - * @param aem_response_length The length of the to-be-set response. - * @param aem_response_format The format of the to-be-set response. - * @throw SWO_PAR_LEN_14, when the submitted length is more than the - * maximum accepted length (AEM_RESPONSE_MAX_LENGTH bytes), or when the - * submitted format is not valid, - * @throw SWO_SEC_PIN_0F, when either the device is not onboarded or the - * user PIN has not been checked beforehand. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_set_response( - unsigned char *aem_response PLENGTH(aem_response_length), - unsigned int aem_response_length, - unsigned char aem_response_format); - -/** - * This function allows one to activate the AEM response. - * This function can only be properly processed if the device is onboarded, - * the classic PIN has been checked beforehand and the length of the response - * is not zero. - * @throw SWO_SEC_PIN_10, when either the device is not onboarded, the - * user PIN has not been checked beforehand or the length of the response is - * zero. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_activate_response(void); - -/** - * This function allows one to deactivate the AEM response, and - * deactivate the associated feature. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @throw SWO_SEC_PIN_11, when either the device is not onboarded or the - * user PIN has not been checked beforehand. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_deactivate_response(void); - -/** - * This function allows one to know whether the AEM response - * has been set and active. - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @return BOLOS_TRUE if the response has been set and activated, any other - * value otherwise (depending on the failed internal check). - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) -bolos_bool_t os_aem_is_response_active(void); - -/** - * This function allows one to know whether the AEM PIN feature is active - * (i.e. if the AEM PIN is set, and the response has been set and activated). - * This function can only be properly processed if the device is onboarded - * and the classic PIN has been checked beforehand. - * @return BOLOS_TRUE if the feature is active, any other value otherwise - * (depending on the failed internal check). - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) -bolos_bool_t os_aem_is_feature_active(void); - -/** - * This function allows one to retrieve the length of the response. - * It is used to know the maximum length which can be retrieved with the - * 'os_aem_get_response' function. - * @return The length of the currently stored response. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) -unsigned char os_aem_get_response_length(void); - -/** - * This function allows one to retrieve the format of the response. - * @return The format of the currently stored response. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) -unsigned char os_aem_get_response_format(void); - -/** - * This function allows one to retrieve the response. - * One can retrieve at most the whole response, but the first bytes can also - * be retrieved, by specifying the number of bytes to retrieve. - * The 'os_aem_get_response' function must be used before calling this - * function to know the maximum retrievable length. - * The caller is responsible for owning a RAM buffer large enough to store - * the requested amount of bytes. - * @param output_response_buffer The buffer in which the required response - * bytes will be copied, - * @param input_required_length The required amount of response bytes. - * @throw SWO_PAR_LEN_15 if the required length is greater than the response - * length. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_BOLOS_UX) void os_aem_get_response( - char *output_response_buffer PLENGTH(input_required_length), - unsigned char input_required_length); - -/** - * This function allows one to check a presented PIN against the internally - * stored AEM PIN. - * This function can only be properly processed if the device is onboarded - * and if the AEM PIN has been set beforehand. - * If the submitted PIN equals the AEM PIN, then the AEM PIN is flagged as - * validated. - * @param aem_pin_buffer The presented PIN to check against the AEM PIN, - * @param aem_pin_length The presented PIN length. - * @return BOLOS_TRUE if the submitted PIN equls the AEM PIN, any other - * value otherwise (depending on the failed internal check). - * @throw SWO_SEC_STA_0A when eiher the device is not onboarded or the - * AEM PIN is not set. - * @throw SWO_SEC_CHK_18 when the PIN verification detects an error in - * the processing. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_GLOBAL_PIN) -bolos_bool_t os_aem_check_pin(unsigned char *aem_pin_buffer PLENGTH(aem_pin_length), - unsigned char aem_pin_length); - -/** - * This function allows one to invalidate the AEM PIN, regardless of its - * validation state. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_GLOBAL_PIN) void os_aem_invalidate_pin(void); - -/** - * This function allows one to retrieve the remaining attempts at verifying - * a PIN against the AEM PIN. - * This function can only be properly processed if the device is onboarded - * and if the AEM PIN has been set beforehand. - * @return The AEM PIN try counter. - * @throw SWO_SEC_PIN_12 when eiher the device is not onboarded or the - * AEM PIN is not set. - */ -SYSCALL PERMISSION(APPLICATION_FLAG_GLOBAL_PIN) -unsigned int os_aem_get_ptc(void); - -/** - * This function allows one to check whether the AEM PIN is currently - * considered validated. - * @return BOLOS_TRUE if the AEM PIN has been activated and is validated, - * any other value otherwise (depending on the internal failed check). - */ -SYSCALL -bolos_bool_t os_aem_is_pin_validated(void); - -#endif // HAVE_AEM_PIN diff --git a/include/os_ux.h b/include/os_ux.h index f05112ad8..d4517ecc9 100644 --- a/include/os_ux.h +++ b/include/os_ux.h @@ -4,9 +4,6 @@ #include "os_math.h" #include "os_types.h" #include "os_utils.h" -#ifdef HAVE_AEM_PIN -#include "os_pin.h" -#endif /* ----------------------------------------------------------------------- */ /* - UX DEFINITIONS - */ diff --git a/include/syscalls.h b/include/syscalls.h index bab67e650..c22a0a83f 100644 --- a/include/syscalls.h +++ b/include/syscalls.h @@ -207,24 +207,6 @@ #define SYSCALL_os_bolos_endorsement_revoke_ID 0x010001ED -#ifdef HAVE_AEM_PIN -#define SYSCALL_os_aem_set_pin_ID 0x02000139 -#define SYSCALL_os_aem_unset_pin_ID 0x0000013a -#define SYSCALL_os_aem_is_pin_set_ID 0x0000013b -#define SYSCALL_os_aem_set_response_ID 0x0300013c -#define SYSCALL_os_aem_activate_response_ID 0x0000013d -#define SYSCALL_os_aem_deactivate_response_ID 0x0000013e -#define SYSCALL_os_aem_is_response_active_ID 0x0000013f -#define SYSCALL_os_aem_is_feature_active_ID 0x00000140 -#define SYSCALL_os_aem_get_response_length_ID 0x00000141 -#define SYSCALL_os_aem_get_response_format_ID 0x00000142 -#define SYSCALL_os_aem_get_response_ID 0x02000143 -#define SYSCALL_os_aem_check_pin_ID 0x02000144 -#define SYSCALL_os_aem_invalidate_pin_ID 0x00000145 -#define SYSCALL_os_aem_get_ptc_ID 0x00000146 -#define SYSCALL_os_aem_is_pin_validated_ID 0x00000147 -#endif // HAVE_AEM_PIN - #define SYSCALL_os_endorsement_get_metadata_ID 0x02000138 #if defined(HAVE_VAULT_RECOVERY_ALGO) diff --git a/src/syscalls.c b/src/syscalls.c index 25d07f044..a5b386713 100644 --- a/src/syscalls.c +++ b/src/syscalls.c @@ -2048,127 +2048,6 @@ unsigned int io_button_read(void) } #endif // HAVE_SE_BUTTON -#ifdef HAVE_AEM_PIN -void os_aem_set_pin(unsigned char *aem_pin, unsigned int aem_pin_length) -{ - unsigned int parameters[2]; - parameters[0] = (unsigned int) aem_pin; - parameters[1] = (unsigned int) aem_pin_length; - SVC_Call(SYSCALL_os_aem_set_pin_ID, parameters); - return; -} - -void os_aem_unset_pin(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - SVC_Call(SYSCALL_os_aem_unset_pin_ID, parameters); - return; -} - -bolos_bool_t os_aem_is_pin_set(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (bolos_bool_t) SVC_Call(SYSCALL_os_aem_is_pin_set_ID, parameters); -} - -void os_aem_set_response(unsigned char *aem_response, - unsigned int aem_response_length, - unsigned char aem_response_format) -{ - unsigned int parameters[3]; - parameters[0] = (unsigned int) aem_response; - parameters[1] = (unsigned int) aem_response_length; - parameters[2] = (unsigned int) aem_response_format; - SVC_Call(SYSCALL_os_aem_set_response_ID, parameters); - return; -} - -void os_aem_activate_response(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - SVC_Call(SYSCALL_os_aem_activate_response_ID, parameters); - return; -} - -void os_aem_deactivate_response(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - SVC_Call(SYSCALL_os_aem_deactivate_response_ID, parameters); - return; -} - -bolos_bool_t os_aem_is_response_active(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (bolos_bool_t) SVC_Call(SYSCALL_os_aem_is_response_active_ID, parameters); -} - -bolos_bool_t os_aem_is_feature_active(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (bolos_bool_t) SVC_Call(SYSCALL_os_aem_is_feature_active_ID, parameters); -} - -unsigned char os_aem_get_response_length(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (unsigned char) SVC_Call(SYSCALL_os_aem_get_response_length_ID, parameters); -} - -unsigned char os_aem_get_response_format(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (unsigned char) SVC_Call(SYSCALL_os_aem_get_response_format_ID, parameters); -} - -void os_aem_get_response(char *output_response_buffer, unsigned char input_required_length) -{ - unsigned int parameters[2]; - parameters[0] = (unsigned int) output_response_buffer; - parameters[1] = (unsigned int) input_required_length; - SVC_Call(SYSCALL_os_aem_get_response_ID, parameters); - return; -} - -bolos_bool_t os_aem_check_pin(unsigned char *aem_pin_buffer, unsigned char aem_pin_length) -{ - unsigned int parameters[2]; - parameters[0] = (unsigned int) aem_pin_buffer; - parameters[1] = (unsigned int) aem_pin_length; - return (bolos_bool_t) SVC_Call(SYSCALL_os_aem_check_pin_ID, parameters); -} - -void os_aem_invalidate_pin(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - SVC_Call(SYSCALL_os_aem_invalidate_pin_ID, parameters); - return; -} - -unsigned int os_aem_get_ptc(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (unsigned int) SVC_Call(SYSCALL_os_aem_get_ptc_ID, parameters); -} - -bolos_bool_t os_aem_is_pin_validated(void) -{ - unsigned int parameters[2]; - parameters[1] = 0; - return (bolos_bool_t) SVC_Call(SYSCALL_os_aem_is_pin_validated_ID, parameters); -} -#endif // HAVE_AEM_PIN - unsigned int os_endorsement_get_metadata(unsigned char index, unsigned char *buffer) { unsigned int parameters[2];