Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCP R-MAC/ENC support #72

Open
easydaniel opened this issue Jun 6, 2024 · 1 comment
Open

SCP R-MAC/ENC support #72

easydaniel opened this issue Jun 6, 2024 · 1 comment

Comments

@easydaniel
Copy link

I'm recently working on a project that requires attestation of generated keypair public key. Would like to know what is the reason not having R-MAC/ENC supported. Though I do see in documentation said it's not enforced, I wonder if this is simply reusing existing GP libraries. Which would be something looking like:

// STEP 1 - Generate the key pair
  PIVKeyObjectPKI keyPair = (PIVKeyObjectPKI) key;
  short length = keyPair.generate(scratch, ZERO);

// Added wrapping
  SecureChannel sc = GPSystem.getSecureChannel();
  byte mask = SecureChannel.AUTHENTICATED | SecureChannel.R_ENCRYPTION | SecureChannel.R_MAC;
  if ((sc.getSecurityLevel() & mask) == mask) {
    length = sc.wrap(scratch, ZERO, length);
  }

I tried this customizing code snippet but the R-MAC value is not correct when receiving the response from the applet. Any suggestion making this work? I can help sending out MRs to get this supported.

Also though PIV spec doesn't specify the authenticity of the key generated, is there a recommended security scheme that how we can generate an signature from the applet as an option when generating keypair? Thanks
@makinako
Copy link
Owner

Hi @easydaniel, apologies on the delay for this. The reasons for not implementing R_ENC/R_MAC were more about dealing with the implementation of command/response handling in the applet and less to do with sound arguments of security. Since administrative commands were traditionally sent over plaintext with the 9B key, it was seen as sufficient to improve this by ensuring the command payload was protected, especially for key injection.

The responses are largely just acknowedgements, with the notable exception of GEN ASYM KEYPAIR which is just returning public modulus. Having said this, attestation is a great case for protecting the response integrity, and also given the use of SCP03 for network-based updates, protecting even just acknowledgements is a good idea.

It's been a while since I looked at implementing R_ENC/R_MAC, but I'll have a closer look in the next couple of weeks and in the meantime if you find a workable solution, make a PR for sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@easydaniel @makinako