mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 01:18:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add EdDSA support as a conditional build.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2025-02-21 20:20:43 +01:00
commit 21b6a7782a
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
18 changed files with 176 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/codeql.yml vendored
View file

@ -13,10 +13,10 @@ name: "CodeQL"
on:
push:
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
schedule:
- cron: '23 5 * * 4'
workflow_dispatch:
@ -36,7 +36,7 @@ jobs:
language: [ 'cpp', 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
mode: [ 'pico', 'esp32', 'local' ]
mode: [ 'pico', 'local' ]
steps:
- name: Checkout repository

4
.github/workflows/test.yml vendored
View file

@ -13,10 +13,10 @@ name: "Emulation and test"
on:
push:
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
schedule:
- cron: '23 5 * * 4'
workflow_dispatch:

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit 6e6b524878e36649aeb547a9f705ff89457209ce
Subproject commit 0a4c7b098117e58ec4b3452578846d4a36ab3530

4
src/hsm/cmd_cipher_sym.c
View file

@ -655,7 +655,7 @@ int cmd_cipher_sym() {
secret[64] = { 0 };
mbedtls_aes_init(&ctx);
if (hd_keytype != 0x3) {
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
return SW_INCORRECT_PARAMS();
}
key_size = 32;
@ -689,7 +689,7 @@ int cmd_cipher_sym() {
return SW_EXEC_ERROR();
}
res_APDU_size = enc.len;
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
hd_keytype = 0;
}
else {

18
src/hsm/cmd_derive_asym.c
View file

@ -52,13 +52,13 @@ int cmd_derive_asym() {
return SW_WRONG_LENGTH();
}
if (apdu.data[0] == ALGO_EC_DERIVE) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
int r;
r = load_private_key_ecdsa(&ctx, fkey);
r = load_private_key_ec(&ctx, fkey);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
@ -69,7 +69,7 @@ int cmd_derive_asym() {
mbedtls_mpi_init(&nd);
r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
mbedtls_mpi_free(&a);
mbedtls_mpi_free(&nd);
return SW_DATA_INVALID();
@ -77,22 +77,22 @@ int cmd_derive_asym() {
r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a);
mbedtls_mpi_free(&a);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
mbedtls_mpi_free(&nd);
return SW_EXEC_ERROR();
}
r = mbedtls_mpi_copy(&ctx.d, &nd);
mbedtls_mpi_free(&nd);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else {
return SW_WRONG_DATA();

12
src/hsm/cmd_general_authenticate.c
View file

@ -44,11 +44,11 @@ int cmd_general_authenticate() {
if (!fkey) {
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_context ectx;
mbedtls_ecdsa_init(&ectx);
r = load_private_key_ecdsa(&ectx, fkey);
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
r = load_private_key_ecdh(&ectx, fkey);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
return SW_EXEC_ERROR();
}
mbedtls_ecdh_context ctx;
@ -56,12 +56,12 @@ int cmd_general_authenticate() {
mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
r = mbedtls_ecdh_setup(&ctx, gid);
if (r != 0) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
mbedtls_ecdh_free(&ctx);
return SW_DATA_INVALID();
}
r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d);
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
if (r != 0) {
mbedtls_ecdh_free(&ctx);
return SW_DATA_INVALID();

10
src/hsm/cmd_key_unwrap.c
View file

@ -67,21 +67,21 @@ int cmd_key_unwrap() {
}
}
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
do {
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}

10
src/hsm/cmd_key_wrap.c
View file

@ -71,18 +71,18 @@ int cmd_key_wrap() {
mbedtls_rsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_ECC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
r = load_private_key_ecdsa(&ctx, ef);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
r = load_private_key_ec(&ctx, ef);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata_aes[64]; //maximum AES key size

15
src/hsm/cmd_keypair_gen.c
View file

@ -78,6 +78,21 @@ int cmd_keypair_gen() {
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return SW_FUNC_NOT_SUPPORTED();
}
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) {
asn1_ctx_t g = { 0 };
if (asn1_find_tag(&ctxo, 0x83, &g) != true) {
return SW_WRONG_DATA();
}
#ifdef MBEDTLS_EDDSA_C
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) {
ec_id = MBEDTLS_ECP_DP_ED25519;
}
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) {
ec_id = MBEDTLS_ECP_DP_ED448;
}
#endif
}
printf("KEYPAIR ECC %d\r\n", ec_id);
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
uint8_t index = 0;

36
src/hsm/cmd_signature.c
View file

@ -20,6 +20,9 @@
#include "asn1.h"
#include "mbedtls/oid.h"
#include "random.h"
#ifdef MBEDTLS_EDDSA_C
#include "mbedtls/eddsa.h"
#endif
extern mbedtls_ecp_keypair hd_context;
extern uint8_t hd_keytype;
@ -228,8 +231,8 @@ int cmd_signature() {
mbedtls_rsa_free(&ctx);
}
else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
md = MBEDTLS_MD_SHA256;
if (p2 == ALGO_EC_RAW) {
if (apdu.nc == 32) {
@ -263,9 +266,9 @@ int cmd_signature() {
else if (p2 == ALGO_EC_SHA512) {
md = MBEDTLS_MD_SHA512;
}
int r = load_private_key_ecdsa(&ctx, fkey);
int r = load_private_key_ec(&ctx, fkey);
if (r != PICOKEY_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
@ -273,36 +276,45 @@ int cmd_signature() {
}
size_t olen = 0;
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
&olen, random_gen, NULL) != 0) {
mbedtls_ecdsa_free(&ctx);
#ifdef MBEDTLS_EDDSA_C
if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else
#endif
{
r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
&olen, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
memcpy(res_APDU, buf, olen);
res_APDU_size = (uint16_t)olen;
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else if (p2 == ALGO_HD) {
size_t olen = 0;
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
if (hd_context.grp.id == MBEDTLS_ECP_DP_NONE) {
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
return SW_CONDITIONS_NOT_SATISFIED();
}
if (hd_keytype != 0x1 && hd_keytype != 0x2) {
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
return SW_INCORRECT_PARAMS();
}
md = MBEDTLS_MD_SHA256;
if (mbedtls_ecdsa_write_signature(&hd_context, md, apdu.data, apdu.nc, buf,
MBEDTLS_ECDSA_MAX_LEN,
&olen, random_gen, NULL) != 0) {
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
return SW_EXEC_ERROR();
}
memcpy(res_APDU, buf, olen);
res_APDU_size = (uint16_t)olen;
mbedtls_ecdsa_free(&hd_context);
mbedtls_ecp_keypair_free(&hd_context);
hd_keytype = 0;
}
else {

54
src/hsm/cvc.c
View file

@ -26,6 +26,9 @@
#include "oid.h"
#include "mbedtls/md.h"
#include "files.h"
#ifdef MBEDTLS_EDDSA_C
#include "mbedtls/eddsa.h"
#endif
extern const uint8_t *dev_name;
extern uint16_t dev_name_len;
@ -71,7 +74,7 @@ const uint8_t *pointA[] = {
"\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
};
uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, uint16_t buf_len) {
uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uint16_t buf_len) {
uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
const uint8_t oid_ri[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
@ -88,7 +91,11 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
uint16_t tot_len = 0, tot_data_len = 0;
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY
#ifdef MBEDTLS_EDDSA_C
|| mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS
#endif
) {
tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
oid = oid_ri;
}
@ -109,7 +116,11 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
//oid
*p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
p += sizeof(oid_ecdsa);
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY
#ifdef MBEDTLS_EDDSA_C
|| mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS
#endif
) {
//p
*p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
p += p_size;
@ -293,11 +304,18 @@ uint16_t asn1_cvc_cert(void *rsa_ecdsa,
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
ret =
mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
#ifdef MBEDTLS_EDDSA_C
if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else
#endif
{
ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
}
if (ret == 0) {
mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
@ -326,10 +344,10 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
if (!fkey) {
return 0;
}
mbedtls_ecdsa_context ectx;
mbedtls_ecdsa_init(&ectx);
if (load_private_key_ecdsa(&ectx, fkey) != PICOKEY_OK) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
if (load_private_key_ec(&ectx, fkey) != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ectx);
return 0;
}
int ret = 0;
@ -349,15 +367,23 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
p += asn1_cvc_cert(rsa_ecdsa, key_type, p, cvcert_size, ext, ext_len, false);
//outcar
*p++ = 0x42; p += format_tlv_len(outcar_len, p); memcpy(p, outcar, outcar_len); p += outcar_len;
uint8_t hsh[32];
memcpy(p, "\x5f\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
hash256(body, cvcert_size + outcar_size, hsh);
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
mbedtls_ecdsa_free(&ectx);
#ifdef MBEDTLS_EDDSA_C
if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else
#endif
{
uint8_t hsh[32];
hash256(body, cvcert_size + outcar_size, hsh);
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
}
mbedtls_ecp_keypair_free(&ectx);
if (ret != 0) {
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);

21
src/hsm/kek.c
View file

@ -663,7 +663,16 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//G
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs);
#ifdef MBEDTLS_EDDSA_C
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
ec_id = MBEDTLS_ECP_DP_ED25519;
}
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
ec_id = MBEDTLS_ECP_DP_ED448;
}
#endif
ofs += len + 2;
//d
len = get_uint16_t_be(kb + ofs); ofs += 2;
@ -678,7 +687,15 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
if (r != 0) {
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
#ifdef MBEDTLS_EDDSA_C
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
}
else
#endif
{
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return PICOKEY_EXEC_ERROR;

19
src/hsm/sc_hsm.c
View file

@ -661,7 +661,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
return PICOKEY_OK;
}
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return PICOKEY_VERIFICATION_FAILED;
}
@ -676,17 +676,28 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(ctx);
mbedtls_ecp_keypair_free(ctx);
return PICOKEY_EXEC_ERROR;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
#ifdef MBEDTLS_EDDSA_C
if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
}
else
#endif
{
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecdsa_free(ctx);
mbedtls_ecp_keypair_free(ctx);
return PICOKEY_EXEC_ERROR;
}
return PICOKEY_OK;
}
int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
return load_private_key_ec(ctx, fkey);
}
#define INS_VERIFY 0x20
#define INS_MSE 0x22

3
src/hsm/sc_hsm.h
View file

@ -123,7 +123,8 @@ extern int delete_file(file_t *ef);
extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len);
extern bool key_has_purpose(file_t *ef, uint8_t purpose);
extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);
extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey);
extern bool wait_button_pressed();
extern int store_keys(void *key_ctx, int type, uint8_t key_id);
extern int find_and_store_meta_key(uint8_t key_id);

2
tests/pico-hsm/test_020_keypair_gen.py
View file

@ -24,7 +24,7 @@ def test_gen_initialize(device):
device.initialize()
@pytest.mark.parametrize(
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448']
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448']
)
def test_gen_ecc(device, curve):
keyid = device.key_generation(KeyType.ECC, curve)

13
tests/pico-hsm/test_021_key_import.py
View file

@ -21,7 +21,7 @@ import pytest
import hashlib
import os
from picohsm import DOPrefixes
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
from const import DEFAULT_DKEK
@ -70,6 +70,17 @@ def test_import_montgomery(device, curve):
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
@pytest.mark.parametrize(
"curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey]
)
def test_import_edwards(device, curve):
pkey = curve.generate()
keyid = device.import_key(pkey)
pubkey = device.public_key(keyid, param=curve)
assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
@pytest.mark.parametrize(
"size", [128, 192, 256]
)

9
tests/pico-hsm/test_030_signature.py
View file

@ -55,3 +55,12 @@ def test_signature_rsa(device, modulus, scheme):
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.verify(pubkey, data, signature, scheme)
@pytest.mark.parametrize(
"curve", ['ed25519', 'ed448']
)
def test_signature_edwards(device, curve):
keyid = device.key_generation(KeyType.ECC, curve)
pubkey = device.public_key(keyid=keyid)
signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data)
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.verify(pubkey, data, signature)

8
tools/pico-hsm-tool.py
View file

@ -141,6 +141,8 @@ def parse_args():
parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]', choices=[128, 192, 256], default=128, type=int)
parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.')
parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.')
parser_keygen_x25519 = subparser_keygen.add_parser('ed25519', help='Generates a private Ed25519 keypair.')
parser_keygen_x448 = subparser_keygen.add_parser('ed448', help='Generates a private Ed448 keypair.')
parser_otp = subparser.add_parser('otp', help='Read/write OTP values.')
parser_otp.add_argument('subcommand', choices=['read', 'write', 'secure_boot'], help='Read, write or enable Secure Boot', nargs='?')
@ -469,8 +471,10 @@ def cipher(picohsm, args):
def keygen(picohsm, args):
if (args.subcommand == 'aes'):
ret = picohsm.key_generation(KeyType.AES, param=args.size)
elif (args.subcommand in ['x25519', 'x448']):
curve = 'curve' + args.subcommand[1:]
elif (args.subcommand in ['x25519', 'x448', 'ed25519', 'ed448']):
curve = args.subcommand
if (args.subcommand in ['x25519', 'x448']):
curve = 'curve' + args.subcommand[1:]
ret = picohsm.key_generation(KeyType.ECC, curve)
print('Key generated successfully.')
print(f'Key ID: {ret}')