mirror of
https://github.com/polhenarejos/pico-hsm.git
synced 2026-04-17 13:48:27 +00:00
Remove session pin.
It is intended for bio features, not supported by Pico HSM. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
parent
1ced9f6267
commit
54cba3efdf
5 changed files with 10 additions and 63 deletions
|
|
@ -74,7 +74,6 @@ set(SOURCES ${SOURCES}
|
|||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 0df1914cdee0e31969a0127b0fcf20ab884384e6
|
||||
Subproject commit 5e9ae65046bf718295c87ee8a969354a1840effa
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
/*
|
||||
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
||||
* Copyright (c) 2022 Pol Henarejos.
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, version 3.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "sc_hsm.h"
|
||||
#include "random.h"
|
||||
#include "eac.h"
|
||||
|
||||
int cmd_session_pin(void) {
|
||||
if (P1(apdu) == 0x01 && P2(apdu) == 0x81) {
|
||||
memcpy(sm_session_pin, random_bytes_get(8), 8);
|
||||
sm_session_pin_len = 8;
|
||||
|
||||
memcpy(res_APDU, sm_session_pin, sm_session_pin_len);
|
||||
res_APDU_size = sm_session_pin_len;
|
||||
apdu.ne = sm_session_pin_len;
|
||||
}
|
||||
else {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
return SW_OK();
|
||||
}
|
||||
|
|
@ -235,7 +235,6 @@ void init_sc_hsm(void) {
|
|||
int sc_hsm_unload(void) {
|
||||
has_session_pin = has_session_sopin = false;
|
||||
isUserAuthenticated = false;
|
||||
sm_session_pin_len = 0;
|
||||
return PICOKEY_OK;
|
||||
}
|
||||
|
||||
|
|
@ -363,16 +362,6 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
|
|||
isUserAuthenticated = false;
|
||||
}
|
||||
has_session_pin = has_session_sopin = false;
|
||||
if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
|
||||
if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
|
||||
int retries;
|
||||
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
|
||||
return SW_PIN_BLOCKED();
|
||||
}
|
||||
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
|
||||
}
|
||||
}
|
||||
else {
|
||||
uint8_t dhash[32];
|
||||
double_hash_pin(data, len, dhash);
|
||||
if (sizeof(dhash) != file_get_size(pin) - 1) { // 1 byte for pin len
|
||||
|
|
@ -385,7 +374,6 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
|
|||
}
|
||||
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
|
||||
}
|
||||
}
|
||||
int r = pin_reset_retries(pin, false);
|
||||
if (r == PICOKEY_ERR_BLOCKED) {
|
||||
return SW_PIN_BLOCKED();
|
||||
|
|
@ -684,7 +672,6 @@ int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
|
|||
#define INS_KEY_DOMAIN 0x52
|
||||
#define INS_PUK_AUTH 0x54
|
||||
#define INS_LIST_KEYS 0x58
|
||||
#define INS_SESSION_PIN 0x5A
|
||||
#define INS_DECRYPT_ASYM 0x62
|
||||
#define INS_EXTRAS 0x64
|
||||
#define INS_SIGNATURE 0x68
|
||||
|
|
@ -725,7 +712,6 @@ static const cmd_t cmds[] = {
|
|||
{ INS_EXTRAS, cmd_extras },
|
||||
{ INS_MSE, cmd_mse },
|
||||
{ INS_GENERAL_AUTHENTICATE, cmd_general_authenticate },
|
||||
{ INS_SESSION_PIN, cmd_session_pin },
|
||||
{ INS_PUK_AUTH, cmd_puk_auth },
|
||||
{ INS_PSO, cmd_pso },
|
||||
{ INS_EXTERNAL_AUTHENTICATE, cmd_external_authenticate },
|
||||
|
|
|
|||
|
|
@ -82,8 +82,6 @@ extern const uint8_t sc_hsm_aid[];
|
|||
|
||||
#define HSM_OPT_RRC 0x0001
|
||||
#define HSM_OPT_TRANSPORT_PIN 0x0002
|
||||
#define HSM_OPT_SESSION_PIN 0x0004
|
||||
#define HSM_OPT_SESSION_PIN_EXPL 0x000C
|
||||
#define HSM_OPT_REPLACE_PKA 0x0008
|
||||
#define HSM_OPT_COMBINED_AUTH 0x0010
|
||||
#define HSM_OPT_RRC_RESET_ONLY 0x0020
|
||||
|
|
@ -158,7 +156,6 @@ extern int cmd_cipher_sym(void);
|
|||
extern int cmd_derive_asym(void);
|
||||
extern int cmd_extras(void);
|
||||
extern int cmd_general_authenticate(void);
|
||||
extern int cmd_session_pin(void);
|
||||
extern int cmd_puk_auth(void);
|
||||
extern int cmd_pso(void);
|
||||
extern int cmd_bip_slip(void);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue