Remove session pin.

It is intended for bio features, not supported by Pico HSM.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

CMakeLists.txt

@@ -74,7 +74,6 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
-    ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c

pico-keys-sdk

@@ -1 +1 @@
-Subproject commit 0df1914cdee0e31969a0127b0fcf20ab884384e6
+Subproject commit 5e9ae65046bf718295c87ee8a969354a1840effa

src/hsm/cmd_session_pin.c

@@ -1,35 +0,0 @@
-/*
- * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
- * Copyright (c) 2022 Pol Henarejos.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, version 3.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-#include "sc_hsm.h"
-#include "random.h"
-#include "eac.h"
-
-int cmd_session_pin(void) {
-    if (P1(apdu) == 0x01 && P2(apdu) == 0x81) {
-        memcpy(sm_session_pin, random_bytes_get(8), 8);
-        sm_session_pin_len = 8;
-
-        memcpy(res_APDU, sm_session_pin, sm_session_pin_len);
-        res_APDU_size = sm_session_pin_len;
-        apdu.ne = sm_session_pin_len;
-    }
-    else {
-        return SW_INCORRECT_P1P2();
-    }
-    return SW_OK();
-}

src/hsm/sc_hsm.c

@@ -235,7 +235,6 @@ void init_sc_hsm(void) {
 int sc_hsm_unload(void) {
     has_session_pin = has_session_sopin = false;
     isUserAuthenticated = false;
-    sm_session_pin_len = 0;
     return PICOKEY_OK;
 }
 
@@ -363,28 +362,17 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
         isUserAuthenticated = false;
     }
     has_session_pin = has_session_sopin = false;
-    if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
+    uint8_t dhash[32];
-        if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
+    double_hash_pin(data, len, dhash);
-            int retries;
+    if (sizeof(dhash) != file_get_size(pin) - 1) { // 1 byte for pin len
-            if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
+        return SW_CONDITIONS_NOT_SATISFIED();
-                return SW_PIN_BLOCKED();
-            }
-            return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
-        }
     }
-    else {
+    if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
-        uint8_t dhash[32];
+        int retries;
-        double_hash_pin(data, len, dhash);
+        if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
-        if (sizeof(dhash) != file_get_size(pin) - 1) { // 1 byte for pin len
+            return SW_PIN_BLOCKED();
-            return SW_CONDITIONS_NOT_SATISFIED();
-        }
-        if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
-            int retries;
-            if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
-                return SW_PIN_BLOCKED();
-            }
-            return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
         }
+        return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
     }
     int r = pin_reset_retries(pin, false);
     if (r == PICOKEY_ERR_BLOCKED) {
@@ -684,7 +672,6 @@ int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
 #define INS_KEY_DOMAIN              0x52
 #define INS_PUK_AUTH                0x54
 #define INS_LIST_KEYS               0x58
-#define INS_SESSION_PIN             0x5A
 #define INS_DECRYPT_ASYM            0x62
 #define INS_EXTRAS                  0x64
 #define INS_SIGNATURE               0x68
@@ -725,7 +712,6 @@ static const cmd_t cmds[] = {
     { INS_EXTRAS, cmd_extras },
     { INS_MSE, cmd_mse },
     { INS_GENERAL_AUTHENTICATE, cmd_general_authenticate },
-    { INS_SESSION_PIN, cmd_session_pin },
     { INS_PUK_AUTH, cmd_puk_auth },
     { INS_PSO, cmd_pso },
     { INS_EXTERNAL_AUTHENTICATE, cmd_external_authenticate },

src/hsm/sc_hsm.h

@@ -82,8 +82,6 @@ extern const uint8_t sc_hsm_aid[];
 
 #define HSM_OPT_RRC                 0x0001
 #define HSM_OPT_TRANSPORT_PIN       0x0002
-#define HSM_OPT_SESSION_PIN         0x0004
-#define HSM_OPT_SESSION_PIN_EXPL    0x000C
 #define HSM_OPT_REPLACE_PKA         0x0008
 #define HSM_OPT_COMBINED_AUTH       0x0010
 #define HSM_OPT_RRC_RESET_ONLY      0x0020
@@ -158,7 +156,6 @@ extern int cmd_cipher_sym(void);
 extern int cmd_derive_asym(void);
 extern int cmd_extras(void);
 extern int cmd_general_authenticate(void);
-extern int cmd_session_pin(void);
 extern int cmd_puk_auth(void);
 extern int cmd_pso(void);
 extern int cmd_bip_slip(void);