mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Moving to new pico-hsm-sdk.

Browse source
This commit is contained in:
Pol Henarejos 2022-08-30 17:55:42 +02:00
parent 3944c8437a
commit 62c72c48a5
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
8 changed files with 59 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
CMakeLists.txt
View file

@ -43,20 +43,22 @@ add_definitions(-DDEBUG_APDU=${DEBUG_APDU})
find_package( PythonInterp 3.7 REQUIRED ) find_package( PythonInterp 3.7 REQUIRED )
configure_file(${CMAKE_CURRENT_LIST_DIR}/pico-ccid/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/include/mbedtls COPYONLY) configure_file(${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/include/mbedtls COPYONLY)
target_sources(pico_hsm PUBLIC target_sources(pico_hsm PUBLIC
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb/usb.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/usb/usb.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb/usb_descriptors.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/usb/ccid/usb_descriptors.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/ccid2040.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/usb/ccid/ccid.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/asn1.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/asn1.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/file.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/fs/file.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/flash.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/fs/flash.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/low_flash.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/fs/low_flash.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/random.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/rng/random.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/neug.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/rng/hwrng.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/crypto_utils.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/crypto_utils.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/eac.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/eac.c
${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/apdu.c
${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/main.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c
@ -89,38 +91,39 @@ target_sources(pico_hsm PUBLIC
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/oid.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/oid.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/aes.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/aes.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/asn1write.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/asn1write.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/bignum.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/bignum.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cmac.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/cmac.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/cipher.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher_wrap.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/cipher_wrap.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/constant_time.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/constant_time.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdsa.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/ecdsa.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdh.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/ecdh.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/ecp.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp_curves.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/ecp_curves.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/hkdf.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/hkdf.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/md.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md5.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/md5.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/oid.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/oid.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/platform_util.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/platform_util.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ripemd160.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/ripemd160.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/rsa.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa_alt_helpers.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/rsa_alt_helpers.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha1.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/sha1.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha256.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/sha256.c
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha512.c ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library/sha512.c
) )
target_include_directories(pico_hsm PUBLIC target_include_directories(pico_hsm PUBLIC
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/fs
${CMAKE_CURRENT_LIST_DIR}/src/hsm ${CMAKE_CURRENT_LIST_DIR}/src/hsm
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/rng
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/usb
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/include ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/src/usb/ccid
${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library ${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/include
${CMAKE_CURRENT_LIST_DIR}/pico-hsm-sdk/mbedtls/library
) )
target_compile_options(pico_hsm PUBLIC target_compile_options(pico_hsm PUBLIC

2
pico-hsm-sdk

@ -1 +1 @@
Subproject commit b75e5a6619dbad5f541081904b9191e98602d81d Subproject commit 2f565f23e02639c5ee941b8e4f0cf488560d5d15

2
src/hsm/cmd_cipher_sym.c
View file

@ -36,7 +36,7 @@ int cmd_cipher_sym() {
if ((apdu.nc % 16) != 0) { if ((apdu.nc % 16) != 0) {
return SW_WRONG_LENGTH(); return SW_WRONG_LENGTH();
} }
if (wait_button() == true) //timeout if (wait_button_pressed() == true) // timeout
return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_get_size(ef); int key_size = file_get_size(ef);
uint8_t kdata[32]; //maximum AES key size uint8_t kdata[32]; //maximum AES key size

2
src/hsm/cmd_decrypt_asym.c
View file

@ -72,7 +72,7 @@ int cmd_decrypt_asym() {
} }
else if (p2 == ALGO_EC_DH || p2 == ALGO_EC_DH_XKEK) { else if (p2 == ALGO_EC_DH || p2 == ALGO_EC_DH_XKEK) {
mbedtls_ecdh_context ctx; mbedtls_ecdh_context ctx;
if (wait_button() == true) //timeout if (wait_button_pressed() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_get_size(ef); int key_size = file_get_size(ef);
uint8_t *kdata = (uint8_t *)calloc(1,key_size); uint8_t *kdata = (uint8_t *)calloc(1,key_size);

2
src/hsm/cmd_key_wrap.c
View file

@ -69,7 +69,7 @@ int cmd_key_wrap() {
} }
else if (*dprkd == P15_KEYTYPE_AES) { else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[32]; //maximum AES key size uint8_t kdata[32]; //maximum AES key size
if (wait_button() == true) //timeout if (wait_button_pressed() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_get_size(ef), aes_type = HSM_KEY_AES; int key_size = file_get_size(ef), aes_type = HSM_KEY_AES;

1
src/hsm/cvc.c
View file

@ -22,7 +22,6 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#include <string.h> #include <string.h>
#include "asn1.h" #include "asn1.h"
#include "ccid2040.h"
#include "crypto_utils.h" #include "crypto_utils.h"
#include "random.h" #include "random.h"
#include "oid.h" #include "oid.h"

14
src/hsm/sc_hsm.c
View file

@ -24,6 +24,8 @@
#include "eac.h" #include "eac.h"
#include "cvc.h" #include "cvc.h"
#include "asn1.h" #include "asn1.h"
#include "ccid.h"
#include "usb.h"
const uint8_t sc_hsm_aid[] = { const uint8_t sc_hsm_aid[] = {
11, 11,
@ -245,13 +247,13 @@ uint16_t get_device_options() {
extern uint32_t board_button_read(void); extern uint32_t board_button_read(void);
bool wait_button() { bool wait_button_pressed() {
uint16_t opts = get_device_options(); uint16_t opts = get_device_options();
uint32_t val = EV_PRESS_BUTTON; uint32_t val = EV_PRESS_BUTTON;
if (opts & HSM_OPT_BOOTSEL_BUTTON) { if (opts & HSM_OPT_BOOTSEL_BUTTON) {
queue_try_add(&card_to_ccid_q, &val); queue_try_add(&card_to_usb_q, &val);
do { do {
queue_remove_blocking(&ccid_to_card_q, &val); queue_remove_blocking(&usb_to_card_q, &val);
} }
while (val != EV_BUTTON_PRESSED && val != EV_BUTTON_TIMEOUT); while (val != EV_BUTTON_PRESSED && val != EV_BUTTON_TIMEOUT);
} }
@ -259,7 +261,7 @@ bool wait_button() {
} }
int parse_token_info(const file_t *f, int mode) { int parse_token_info(const file_t *f, int mode) {
char *label = "Pico-HSM"; char *label = "SmartCard-HSM";
char *manu = "Pol Henarejos"; char *manu = "Pol Henarejos";
if (mode == 1) { if (mode == 1) {
uint8_t *p = res_APDU; uint8_t *p = res_APDU;
@ -523,7 +525,7 @@ int find_and_store_meta_key(uint8_t key_id) {
} }
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
if (wait_button() == true) //timeout if (wait_button_pressed() == true) //timeout
return CCID_VERIFICATION_FAILED; return CCID_VERIFICATION_FAILED;
int key_size = file_get_size(fkey); int key_size = file_get_size(fkey);
@ -566,7 +568,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
} }
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
if (wait_button() == true) //timeout if (wait_button_pressed() == true) //timeout
return CCID_VERIFICATION_FAILED; return CCID_VERIFICATION_FAILED;
int key_size = file_get_size(fkey); int key_size = file_get_size(fkey);

6
src/hsm/sc_hsm.h
View file

@ -23,7 +23,9 @@
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#include "pico/stdlib.h" #include "pico/stdlib.h"
#include "ccid2040.h" #include "file.h"
#include "apdu.h"
#include "hsm.h"
extern const uint8_t sc_hsm_aid[]; extern const uint8_t sc_hsm_aid[];
@ -111,7 +113,7 @@ extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_le
extern bool key_has_purpose(file_t *ef, uint8_t purpose); extern bool key_has_purpose(file_t *ef, uint8_t purpose);
extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey); extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey); extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
extern bool wait_button(); extern bool wait_button_pressed();
extern int store_keys(void *key_ctx, int type, uint8_t key_id); extern int store_keys(void *key_ctx, int type, uint8_t key_id);
extern int find_and_store_meta_key(uint8_t key_id); extern int find_and_store_meta_key(uint8_t key_id);
extern uint32_t get_key_counter(file_t *fkey); extern uint32_t get_key_counter(file_t *fkey);