mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-02-03 09:09:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add LE/BE functions for uint16, 32 and 64.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2024-12-23 20:39:03 +01:00
parent d56b540324
commit 73232b6de4
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
8 changed files with 53 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit ffaf20da5d65a2dfc6c92026014f818ec9382f21
Subproject commit 3f541f13d536aee190bd61f1603f11044535d2ff

5
src/hsm/cmd_cipher_sym.c
View file

@ -143,10 +143,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
mbedtls_md_update(&md_ctx, input, input_len);
//TODO: be careful with architecture little vs. big
counter_buf[0] = (uint8_t) ((counter >> 24) & 0xff);
counter_buf[1] = (uint8_t) ((counter >> 16) & 0xff);
counter_buf[2] = (uint8_t) ((counter >> 8) & 0xff);
counter_buf[3] = (uint8_t) ((counter >> 0) & 0xff);
put_uint32_t_be(counter, counter_buf);
mbedtls_md_update(&md_ctx, counter_buf, 4);

30
src/hsm/cmd_extras.c
View file

@ -302,26 +302,16 @@ int cmd_extras() {
else if (cmd == CMD_MEMORY) {
res_APDU_size = 0;
uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size();
res_APDU[res_APDU_size++] = free >> 24;
res_APDU[res_APDU_size++] = free >> 16;
res_APDU[res_APDU_size++] = free >> 8;
res_APDU[res_APDU_size++] = free;
res_APDU[res_APDU_size++] = used >> 24;
res_APDU[res_APDU_size++] = used >> 16;
res_APDU[res_APDU_size++] = used >> 8;
res_APDU[res_APDU_size++] = used;
res_APDU[res_APDU_size++] = total >> 24;
res_APDU[res_APDU_size++] = total >> 16;
res_APDU[res_APDU_size++] = total >> 8;
res_APDU[res_APDU_size++] = total;
res_APDU[res_APDU_size++] = nfiles >> 24;
res_APDU[res_APDU_size++] = nfiles >> 16;
res_APDU[res_APDU_size++] = nfiles >> 8;
res_APDU[res_APDU_size++] = nfiles;
res_APDU[res_APDU_size++] = size >> 24;
res_APDU[res_APDU_size++] = size >> 16;
res_APDU[res_APDU_size++] = size >> 8;
res_APDU[res_APDU_size++] = size;
put_uint32_t_be(free, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(used, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(total, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(size, res_APDU + res_APDU_size);
res_APDU_size += 4;
}
else {
return SW_INCORRECT_P1P2();

6
src/hsm/cmd_initialize.c
View file

@ -247,10 +247,8 @@ int cmd_initialize() {
}
else { //free memory bytes request
int heap_left = heapLeft();
res_APDU[0] = ((heap_left >> 24) & 0xff);
res_APDU[1] = ((heap_left >> 16) & 0xff);
res_APDU[2] = ((heap_left >> 8) & 0xff);
res_APDU[3] = ((heap_left >> 0) & 0xff);
put_uint32_t_be(heap_left, res_APDU);
res_APDU_size = 4;
res_APDU[4] = 0;
res_APDU[5] = HSM_VERSION_MAJOR;
res_APDU[6] = HSM_VERSION_MINOR;

4
src/hsm/cmd_read_binary.c
View file

@ -30,7 +30,7 @@ int cmd_read_binary() {
offset = p2;
}
else {
offset = make_uint16_t(p1, p2) & 0x7fff;
offset = make_uint16_t_be(p1, p2) & 0x7fff;
ef = currentEF;
}
}
@ -41,7 +41,7 @@ int cmd_read_binary() {
}
}
else {
uint16_t file_id = make_uint16_t(p1, p2); // & 0x7fff;
uint16_t file_id = make_uint16_t_be(p1, p2); // & 0x7fff;
if (file_id == 0x0) {
ef = currentEF;
}

2
src/hsm/cmd_select.c
View file

@ -48,7 +48,7 @@ int cmd_select() {
//}
if (apdu.nc == 2) {
fid = get_uint16_t(apdu.data, 0);
fid = get_uint16_t_be(apdu.data, 0);
}
//if ((fid & 0xff00) == (KEY_PREFIX << 8))

70
src/hsm/kek.c
View file

@ -328,7 +328,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
return PICOKEY_WRONG_LENGTH;
}
put_uint16_t(kb_len, kb + 8);
put_uint16_t_be(kb_len, kb + 8);
memcpy(kb + 10, key_ctx, kb_len);
kb_len += 2;
@ -341,15 +341,15 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
kb_len = 0;
put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D);
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N);
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E);
@ -362,31 +362,31 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
kb_len = 0;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
@ -418,7 +418,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
if (allowed && allowed_len > 0) {
put_uint16_t(allowed_len, out + *out_len); *out_len += 2;
put_uint16_t_be(allowed_len, out + *out_len); *out_len += 2;
memcpy(out + *out_len, allowed, allowed_len);
*out_len += allowed_len;
}
@ -526,21 +526,21 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
uint16_t ofs = 9;
//OID
uint16_t len = get_uint16_t(in, ofs);
uint16_t len = get_uint16_t_be(in, ofs);
ofs += len + 2;
//Allowed algorithms
len = get_uint16_t(in, ofs);
len = get_uint16_t_be(in, ofs);
*allowed = (uint8_t *) (in + ofs + 2);
*allowed_len = len;
ofs += len + 2;
//Access conditions
len = get_uint16_t(in, ofs);
len = get_uint16_t_be(in, ofs);
ofs += len + 2;
//Key OID
len = get_uint16_t(in, ofs);
len = get_uint16_t_be(in, ofs);
ofs += len + 2;
if ((in_len - 16 - ofs) % 16 != 0) {
@ -554,7 +554,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
return r;
}
int key_size = get_uint16_t(kb, 8);
int key_size = get_uint16_t_be(kb, 8);
if (key_size_out) {
*key_size_out = key_size;
}
@ -563,14 +563,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
mbedtls_rsa_init(rsa);
if (key_type == 5) {
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return PICOKEY_WRONG_DATA;
}
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -579,12 +579,12 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
}
else if (key_type == 6) {
//DP-1
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
//DQ-1
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -592,19 +592,19 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
}
//PQ
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return PICOKEY_WRONG_DATA;
}
//N
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
}
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -642,13 +642,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
mbedtls_ecdsa_init(ecdsa);
//A
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
//B
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
//P
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
mbedtls_ecdsa_free(ecdsa);
@ -657,13 +657,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
ofs += len;
//N
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
//G
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
//d
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
@ -672,7 +672,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
ofs += len;
//Q
len = get_uint16_t(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
if (r != 0) {
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);

6
src/hsm/sc_hsm.c
View file

@ -501,11 +501,7 @@ uint32_t decrement_key_counter(file_t *fkey) {
uint32_t val =
(tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3];
val--;
tag_data[0] = (val >> 24) & 0xff;
tag_data[1] = (val >> 16) & 0xff;
tag_data[2] = (val >> 8) & 0xff;
tag_data[3] = val & 0xff;
put_uint32_t_be(val, tag_data);
int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);
free(cmeta);
if (r != 0) {