feat(core): Save wallet nonce while creation

Cypherock · Nov 25, 2023 · f249df3 · f249df3
1 parent 54ad7ba
commit f249df3
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 11 deletions.
diff --git a/common/Firewall/sec_flash.c b/common/Firewall/sec_flash.c
@@ -73,7 +73,7 @@
 #include "utils.h"
 
 #define SEC_FLASH_STRUCT_TLV_SIZE                                              \
-  (6 + 3 + (MAX_WALLETS_ALLOWED * (9 + sizeof(Wallet_Share_Data))) + 3 +       \
+  (6 + 3 + (MAX_WALLETS_ALLOWED * (12 + sizeof(Wallet_Share_Data))) + 3 +      \
    (MAX_KEYSTORE_ENTRY * ((4 * 3) + sizeof(Card_Keystore))))
 
 #define FLASH_WRITE_PERM_STRUCTURE_SIZE sizeof(Flash_Perm_Struct) / 4
@@ -85,6 +85,7 @@ typedef enum Sec_Flash_tlv_tags {
   TAG_SEC_FLASH_WALLET_SHARE_STRUCT = 0x11,
   TAG_SEC_FLASH_WALLET_ID = 0x12,
   TAG_SEC_FLASH_WALLET_SHARE = 0x13,
+  TAG_SEC_FLASH_WALLET_NONCE = 0x14,
 
   TAG_SEC_FLASH_KEYSTORE = 0x30,
   TAG_SEC_FLASH_KEYSTORE_USED = 0x31,
@@ -551,6 +552,11 @@ static void serialize_sec_fs_wallet(uint8_t *array,
                    TAG_SEC_FLASH_WALLET_SHARE,
                    BLOCK_SIZE,
                    sec_fs->wallet_share_data[wallet_index].wallet_share);
+    fill_flash_tlv(array,
+                   starting_index,
+                   TAG_SEC_FLASH_WALLET_NONCE,
+                   NONCE_SIZE,
+                   sec_fs->wallet_share_data[wallet_index].wallet_nonce);
 
     array[len_index] = (*starting_index) - len_index - 2;
     array[len_index + 1] = ((*starting_index) - len_index - 2) >> 8;
@@ -710,6 +716,11 @@ static void deserialize_sec_fs_wallet(Wallet_Share_Data *wallet_share_data,
         break;
       }
 
+      case TAG_SEC_FLASH_WALLET_NONCE: {
+        memcpy(wallet_share_data->wallet_nonce, tlv + index + 2, size);
+        break;
+      }
+
       case TAG_SEC_FLASH_WALLET_ID: {
         memcpy(wallet_share_data->wallet_id, tlv + index + 2, size);
         break;

diff --git a/common/Firewall/sec_flash.h b/common/Firewall/sec_flash.h
@@ -66,6 +66,8 @@ typedef struct Wallet_share {
   uint8_t wallet_id[WALLET_ID_SIZE];    ///< Wallet ID derived from seed
   uint8_t
       wallet_share[BLOCK_SIZE];    ///< Device's (5th) share derived from seed
+  uint8_t wallet_nonce[NONCE_SIZE];    ///< Wallet's nonce including IV and
+                                       ///< version data
 } Wallet_Share_Data;
 #pragma pack(pop)
 

diff --git a/common/interfaces/flash_interface/flash_api.c b/common/interfaces/flash_interface/flash_api.c
@@ -160,7 +160,8 @@ int add_wallet_to_flash(const Flash_Wallet *fwallet, uint32_t *index_OUT) {
 
 int add_wallet_share_to_sec_flash(const Flash_Wallet *fwallet,
                                   uint32_t *index_OUT,
-                                  const uint8_t *wallet_share) {
+                                  const uint8_t *wallet_share,
+                                  const uint8_t *wallet_nonce) {
   get_flash_ram_instance();    // to load
   get_sec_flash_ram_instance();
   if (flash_ram_instance.wallet_count == MAX_WALLETS_ALLOWED)
@@ -190,6 +191,9 @@ int add_wallet_share_to_sec_flash(const Flash_Wallet *fwallet,
   memcpy(sec_flash_instance.wallet_share_data[*index_OUT].wallet_share,
          wallet_share,
          BLOCK_SIZE);
+  memcpy(sec_flash_instance.wallet_share_data[*index_OUT].wallet_nonce,
+         wallet_nonce,
+         NONCE_SIZE);
   sec_flash_struct_save();
   return SUCCESS_;
 }
@@ -230,7 +234,8 @@ int put_wallet_flash(const uint8_t index, const Flash_Wallet *wallet) {
 }
 
 int put_wallet_share_sec_flash(const uint8_t index,
-                               const uint8_t *wallet_share) {
+                               const uint8_t *wallet_share,
+                               const uint8_t *wallet_nonce) {
   get_flash_ram_instance();    // to load
   get_sec_flash_ram_instance();
   if (index >= MAX_WALLETS_ALLOWED)
@@ -246,6 +251,9 @@ int put_wallet_share_sec_flash(const uint8_t index,
   memcpy(sec_flash_instance.wallet_share_data[index].wallet_share,
          wallet_share,
          BLOCK_SIZE);
+  memcpy(sec_flash_instance.wallet_share_data[index].wallet_nonce,
+         wallet_nonce,
+         NONCE_SIZE);
   sec_flash_struct_save();
   flash_ram_instance.wallets[index].state = VALID_WALLET;
   flash_struct_save();
@@ -531,6 +539,42 @@ int get_flash_wallet_share_by_name(const char *name, uint8_t *wallet_share) {
   return DOESNT_EXIST;
 }
 
+int get_flash_wallet_nonce_by_name(const char *name, uint8_t *wallet_nonce) {
+  ASSERT(name != NULL);
+  ASSERT(wallet_nonce != NULL);
+
+  get_flash_ram_instance();    // to load
+  get_sec_flash_ram_instance();
+  size_t name_len = strnlen(name, NAME_SIZE);
+  if (name_len == 0 || name_len >= NAME_SIZE)
+    return INVALID_ARGUMENT;
+  uint8_t walletIndex = 0;
+  for (; walletIndex < MAX_WALLETS_ALLOWED; walletIndex++) {
+    if (!_wallet_is_filled(walletIndex))
+      continue;
+    if (!strcmp(
+            (const char *)flash_ram_instance.wallets[walletIndex].wallet_name,
+            name)) {
+      if (is_wallet_share_not_present(walletIndex))
+        return DOESNT_EXIST;
+      for (int i = 0; i < WALLET_ID_SIZE; i++) {
+        if (flash_ram_instance.wallets[walletIndex].wallet_id[i] !=
+            sec_flash_instance.wallet_share_data[walletIndex].wallet_id[i]) {
+          flash_ram_instance.wallets[walletIndex].state =
+              VALID_WALLET_WITHOUT_DEVICE_SHARE;
+          flash_struct_save();
+          return DOESNT_EXIST;
+        }
+      }
+      memcpy(wallet_nonce,
+             sec_flash_instance.wallet_share_data[walletIndex].wallet_nonce,
+             BLOCK_SIZE);
+      return SUCCESS_;
+    }
+  }
+  return DOESNT_EXIST;
+}
+
 /**
  * @brief Tells if wallet is in partial state
  *

diff --git a/common/interfaces/flash_interface/flash_api.h b/common/interfaces/flash_interface/flash_api.h
@@ -64,6 +64,8 @@ int add_wallet_to_flash(const Flash_Wallet *wallet, uint32_t *index_OUT);
  *
  * @param[in] fwallet a constant reference to an object of type Flash_Wallet
  * @param[out] index_OUT index at which share entry is made
+ * @param[in] wallet_share The 5th share of wallet to be written on device
+ * @param[in] wallet_nonce Wallet nonce common for all shares
  * @return SUCCESS,	MEMORY_OVERFLOW, INVALID_ARGUMENT, ALREADY_EXISTS
  * @retval SUCCESS Wallet share written to firewall region
  * @retval MEMORY_OVERFLOW in case of no empty slots
@@ -72,8 +74,8 @@ int add_wallet_to_flash(const Flash_Wallet *wallet, uint32_t *index_OUT);
  */
 int add_wallet_share_to_sec_flash(const Flash_Wallet *fwallet,
                                   uint32_t *index_OUT,
-                                  const uint8_t *wallet_share);
-
+                                  const uint8_t *wallet_share,
+                                  const uint8_t *wallet_nonce);
 /**
  * @brief Deletes a wallet from flash
  *
@@ -172,7 +174,9 @@ int put_wallet_flash(uint8_t index, const Flash_Wallet *wallet);
  * @retval INVALID_ARGUMENT non-existent wallet reference or wallet_index >=
  * MAX_WALLETS_ALLOWED
  */
-int put_wallet_share_sec_flash(uint8_t index, const uint8_t *wallet_share);
+int put_wallet_share_sec_flash(uint8_t index,
+                               const uint8_t *wallet_share,
+                               const uint8_t *wallet_nonce);
 
 /**
  * @brief Outputs the index of the wallet with given name
@@ -261,6 +265,21 @@ int get_flash_wallet_by_name(const char *name, Flash_Wallet **flash_wallet_OUT);
  */
 int get_flash_wallet_share_by_name(const char *name, uint8_t *wallet_share);
 
+/**
+ * Retrieves the wallet nonce associated with a given name from flash memory.
+ *
+ * @param name A pointer to a character array representing the name of the
+ * wallet.
+ * @param wallet_nonce A pointer to a uint8_t array where the wallet nonce will
+ * be stored.
+ *
+ * @return SUCCESS, INVALID_ARGUMENT, DOESNT_EXIST
+ * @retval SUCCESS Wallet found & wallet share returned
+ * @retval INVALID_ARGUMENT Passed name is invalid
+ * @retval DOESNT_EXIST Wallet does not exist with given name
+ */
+int get_flash_wallet_nonce_by_name(const char *name, uint8_t *wallet_nonce);
+
 /**
  * @brief Update the card states for the wallet at specified index (on deletion
  * of the wallet from the given card number)

diff --git a/src/wallet/create_new_wallet_flow.c b/src/wallet/create_new_wallet_flow.c
@@ -326,8 +326,18 @@ new_wallet_state_e new_wallet_state_handler(new_wallet_state_e current_state) {
                         wallet.total_number_of_shares,
                         wallet.minimum_number_of_shares,
                         wallet_shamir_data.mnemonic_shares);
-      if (WALLET_IS_PIN_SET(wallet.wallet_info))
+
+      uint8_t wallet_nonce[NONCE_SIZE] = {0};
+      random_generate(wallet_nonce, 12);
+
+      for (int i = 0; i < TOTAL_NUMBER_OF_SHARES; i++) {
+        memcpy(wallet_shamir_data.share_encryption_data[i], wallet_nonce, 12);
+        wallet_shamir_data.share_encryption_data[i][15] = 0x01;
+      }
+
+      if (WALLET_IS_PIN_SET(wallet.wallet_info)) {
         encrypt_shares();
+      }
       derive_beneficiary_key(
           wallet.beneficiary_key, wallet.iv_for_beneficiary_key, mnemo);
       derive_wallet_key(wallet.key, mnemo);
@@ -343,7 +353,10 @@ new_wallet_state_e new_wallet_state_handler(new_wallet_state_e current_state) {
       uint32_t index;
       wallet_for_flash.state = DEFAULT_VALUE_IN_FLASH;
       add_wallet_share_to_sec_flash(
-          &wallet_for_flash, &index, wallet_shamir_data.mnemonic_shares[4]);
+          &wallet_for_flash,
+          &index,
+          wallet_shamir_data.mnemonic_shares[4],
+          wallet_shamir_data.share_encryption_data[4]);
       next_state = TAP_CARD_FLOW;
       break;
     }

diff --git a/src/wallet/restore_seed_phrase_flow.c b/src/wallet/restore_seed_phrase_flow.c
@@ -427,8 +427,18 @@ restore_wallet_state_e restore_wallet_state_handler(
                         wallet.minimum_number_of_shares,
                         wallet_shamir_data.mnemonic_shares);
       memzero(secret, sizeof(secret));
-      if (WALLET_IS_PIN_SET(wallet.wallet_info))
+
+      uint8_t wallet_nonce[NONCE_SIZE] = {0};
+      random_generate(wallet_nonce, 12);
+
+      for (int i = 0; i < TOTAL_NUMBER_OF_SHARES; i++) {
+        memcpy(wallet_shamir_data.share_encryption_data[i], wallet_nonce, 12);
+        wallet_shamir_data.share_encryption_data[i][15] = 0x01;
+      }
+
+      if (WALLET_IS_PIN_SET(wallet.wallet_info)) {
         encrypt_shares();
+      }
       derive_beneficiary_key(wallet.beneficiary_key,
                              wallet.iv_for_beneficiary_key,
                              single_line_mnemonics);
@@ -458,7 +468,10 @@ restore_wallet_state_e restore_wallet_state_handler(
       uint32_t index;
       wallet_for_flash.state = DEFAULT_VALUE_IN_FLASH;
       add_wallet_share_to_sec_flash(
-          &wallet_for_flash, &index, wallet_shamir_data.mnemonic_shares[4]);
+          &wallet_for_flash,
+          &index,
+          wallet_shamir_data.mnemonic_shares[4],
+          wallet_shamir_data.share_encryption_data[4]);
       next_state = TAP_CARD_FLOW;
       break;
     }

diff --git a/src/wallet/sync_wallets_flow.c b/src/wallet/sync_wallets_flow.c
@@ -199,7 +199,8 @@ static sync_state_e sync_wallet_handler(sync_state_e state) {
       get_flash_wallet_by_name((const char *)wallet.wallet_name, &flash_wallet);
       memcpy(&wallet_for_flash, flash_wallet, sizeof(Flash_Wallet));
       put_wallet_share_sec_flash(wallet_index,
-                                 wallet_shamir_data.mnemonic_shares[4]);
+                                 wallet_shamir_data.mnemonic_shares[4],
+                                 wallet_shamir_data.share_encryption_data[0]);
 
       next_state = SYNC_COMPLETED;
       break;