From 0685be5f1ea913b7ed294c0d9cf677ffc967e139 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 13 Feb 2023 23:53:41 +0100 Subject: [PATCH] EE_CERTIFICATE is added when importing key. Signed-off-by: Pol Henarejos --- src/hsm/cmd_key_unwrap.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index c541f2e..a6712ed 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -18,6 +18,7 @@ #include "crypto_utils.h" #include "sc_hsm.h" #include "kek.h" +#include "cvc.h" int cmd_key_unwrap() { int key_id = P1(apdu), r = 0; @@ -35,12 +36,16 @@ int cmd_key_unwrap() { mbedtls_rsa_init(&ctx); do { r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len); - } while((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS); + } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS); if (r != CCID_OK) { mbedtls_rsa_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, HSM_KEY_RSA, key_id); + if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { + mbedtls_rsa_free(&ctx); + return SW_EXEC_ERROR(); + } mbedtls_rsa_free(&ctx); if (r != CCID_OK) { return SW_EXEC_ERROR(); @@ -57,6 +62,10 @@ int cmd_key_unwrap() { return SW_EXEC_ERROR(); } r = store_keys(&ctx, HSM_KEY_EC, key_id); + if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { + mbedtls_ecdsa_free(&ctx); + return SW_EXEC_ERROR(); + } mbedtls_ecdsa_free(&ctx); if (r != CCID_OK) { return SW_EXEC_ERROR(); @@ -102,5 +111,13 @@ int cmd_key_unwrap() { if (r != CCID_OK) return r; } + if (res_APDU_size > 0) { + file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id); + r = flash_write_data_to_file(fpk, res_APDU, res_APDU_size); + if (r != 0) + return SW_EXEC_ERROR(); + low_flash_available(); + res_APDU_size = 0; + } return SW_OK(); }