diff --git a/pico-keys-sdk b/pico-keys-sdk index ade730f..9a60770 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ade730ffb5e38b37afaab21247a2c9ac6db2ac1b +Subproject commit 9a607707f07da0e481a8cf71e2b6965c05e3e0f4 diff --git a/src/hsm/cmd_bip_slip.c b/src/hsm/cmd_bip_slip.c index 41d27d6..20f271c 100644 --- a/src/hsm/cmd_bip_slip.c +++ b/src/hsm/cmd_bip_slip.c @@ -113,7 +113,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32], uint8_t key_type[1]) { uint8_t mkey[65]; mbedtls_ecp_keypair_init(ctx); - file_t *ef = search_dynamic_file(EF_MASTER_SEED | mid); + file_t *ef = search_file(EF_MASTER_SEED | mid); if (!file_has_data(ef)) { return CCID_ERR_FILE_NOT_FOUND; } @@ -256,7 +256,7 @@ int cmd_bip_slip() { if (r != CCID_OK) { return SW_EXEC_ERROR(); } - r = flash_write_data_to_file(ef, mkey, sizeof(mkey)); + r = file_put_data(ef, mkey, sizeof(mkey)); if (r != CCID_OK) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_change_pin.c b/src/hsm/cmd_change_pin.c index 7a2ba98..3af69e0 100644 --- a/src/hsm/cmd_change_pin.c +++ b/src/hsm/cmd_change_pin.c @@ -35,7 +35,7 @@ int cmd_change_pin() { if (!file_has_data(file_pin)) { return SW_REFERENCE_NOT_FOUND(); } - uint8_t pin_len = file_read_uint8(file_get_data(file_pin)); + uint8_t pin_len = file_read_uint8(file_pin); int r = check_pin(file_pin, apdu.data, pin_len); if (r != 0x9000) { return r; @@ -63,7 +63,7 @@ int cmd_change_pin() { uint8_t dhash[33]; dhash[0] = (uint8_t)apdu.nc - pin_len; double_hash_pin(apdu.data + pin_len, (uint16_t)(apdu.nc - pin_len), dhash + 1); - flash_write_data_to_file(file_pin, dhash, sizeof(dhash)); + file_put_data(file_pin, dhash, sizeof(dhash)); low_flash_available(); return SW_OK(); } diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index 0014d14..1c85c92 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -169,7 +169,7 @@ int cmd_cipher_sym() { if (wait_button_pressed() == true) { // timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (hd_keytype == 0) { if (!ef) { return SW_FILE_NOT_FOUND(); diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c index fc9c904..e893a23 100644 --- a/src/hsm/cmd_decrypt_asym.c +++ b/src/hsm/cmd_decrypt_asym.c @@ -31,7 +31,7 @@ int cmd_decrypt_asym() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (!ef) { return SW_FILE_NOT_FOUND(); } @@ -173,7 +173,7 @@ int cmd_decrypt_asym() { return SW_WRONG_DATA(); } for (uint8_t n = 0; n < MAX_KEY_DOMAINS; n++) { - file_t *tf = search_dynamic_file(EF_XKEK + n); + file_t *tf = search_file(EF_XKEK + n); if (tf) { if (file_get_size(tf) == kdom_uid.len && memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) { diff --git a/src/hsm/cmd_delete_file.c b/src/hsm/cmd_delete_file.c index 90a9616..0919293 100644 --- a/src/hsm/cmd_delete_file.c +++ b/src/hsm/cmd_delete_file.c @@ -25,13 +25,13 @@ int cmd_delete_file() { if (apdu.nc == 0) { ef = currentEF; - if (!(ef = search_dynamic_file(ef->fid))) { + if (!(ef = search_file(ef->fid))) { return SW_FILE_NOT_FOUND(); } } else { uint16_t fid = (apdu.data[0] << 8) | apdu.data[1]; - if (!(ef = search_dynamic_file(fid))) { + if (!(ef = search_file(fid))) { return SW_FILE_NOT_FOUND(); } } diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c index 03ded64..3d564ee 100644 --- a/src/hsm/cmd_derive_asym.c +++ b/src/hsm/cmd_derive_asym.c @@ -42,7 +42,7 @@ int cmd_derive_asym() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { + if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { return SW_FILE_NOT_FOUND(); } if (key_has_purpose(fkey, ALGO_EC_DERIVE) == false) { diff --git a/src/hsm/cmd_external_authenticate.c b/src/hsm/cmd_external_authenticate.c index 8d5ae4d..a40dc96 100644 --- a/src/hsm/cmd_external_authenticate.c +++ b/src/hsm/cmd_external_authenticate.c @@ -34,7 +34,7 @@ int cmd_external_authenticate() { if (apdu.nc == 0) { return SW_WRONG_LENGTH(); } - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!file_has_data(ef_puk)) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index 5aefd81..05ed4e2 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -29,6 +29,12 @@ #include "mbedtls/chachapoly.h" int cmd_extras() { +#ifndef ENABLE_EMULATION + // Only allow change PHY without PIN + if (!isUserAuthenticated && P1(apdu) != 0x1B) { + return SW_SECURITY_STATUS_NOT_SATISFIED(); + } +#endif if (P1(apdu) == 0xA) { //datetime operations if (P2(apdu) != 0x0) { return SW_INCORRECT_P1P2(); @@ -107,8 +113,8 @@ int cmd_extras() { } else { uint8_t newopts[] = { apdu.data[0], (opts & 0xff) }; - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, newopts, sizeof(newopts)); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, newopts, sizeof(newopts)); low_flash_available(); } } @@ -193,14 +199,14 @@ int cmd_extras() { (P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) { uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO }; for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) { - file_t *tf = search_by_fid(tfids[t], NULL, SPECIFY_EF); + file_t *tf = search_file(tfids[t]); if (tf) { uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(tf)); memcpy(tmp, file_get_data(tf), file_get_size(tf)); for (int i = 0; i < MKEK_KEY_SIZE; i++) { MKEK_KEY(tmp)[i] ^= apdu.data[i]; } - flash_write_data_to_file(tf, tmp, file_get_size(tf)); + file_put_data(tf, tmp, file_get_size(tf)); free(tmp); } } @@ -211,8 +217,8 @@ int cmd_extras() { else if (P2(apdu) == 0x04) { newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8; } - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, newopts, sizeof(newopts)); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, newopts, sizeof(newopts)); low_flash_available(); } else if (P2(apdu) == 0x03) { @@ -250,7 +256,7 @@ int cmd_extras() { else { return SW_INCORRECT_P1P2(); } - flash_write_data_to_file(ef_phy, tmp, sizeof(tmp)); + file_put_data(ef_phy, tmp, sizeof(tmp)); low_flash_available(); } } diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c index 47aabc3..eb2b339 100644 --- a/src/hsm/cmd_general_authenticate.c +++ b/src/hsm/cmd_general_authenticate.c @@ -40,7 +40,7 @@ int cmd_general_authenticate() { pubkey_len = tag_len + 1; } } - file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fkey = search_file(EF_KEY_DEV); if (!fkey) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index 8a5ebb4..e7f833c 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -53,15 +53,15 @@ int cmd_initialize() { asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { //options - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, tag_data, tag_len); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, tag_data, tag_len); } else if (tag == 0x81) { //user pin if (file_pin1 && file_pin1->data) { uint8_t dhash[33]; dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); - flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); + file_put_data(file_pin1, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_pin); has_session_pin = true; } @@ -71,18 +71,18 @@ int cmd_initialize() { uint8_t dhash[33]; dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); - flash_write_data_to_file(file_sopin, dhash, sizeof(dhash)); + file_put_data(file_sopin, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_sopin); has_session_sopin = true; } } else if (tag == 0x91) { //retries user pin - file_t *tf = search_by_fid(0x1082, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_PIN1_MAX_RETRIES); if (tf && tf->data) { - flash_write_data_to_file(tf, tag_data, tag_len); + file_put_data(tf, tag_data, tag_len); } if (file_retries_pin1 && file_retries_pin1->data) { - flash_write_data_to_file(file_retries_pin1, tag_data, tag_len); + file_put_data(file_retries_pin1, tag_data, tag_len); } } else if (tag == 0x92) { @@ -92,10 +92,10 @@ int cmd_initialize() { release_mkek(mkek); return SW_MEMORY_FAILURE(); } - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } else if (tag == 0x93) { - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!ef_puk) { release_mkek(mkek); return SW_MEMORY_FAILURE(); @@ -105,14 +105,14 @@ int cmd_initialize() { pk_status[0] = puks; pk_status[1] = puks; pk_status[2] = tag_data[1]; - flash_write_data_to_file(ef_puk, pk_status, sizeof(pk_status)); + file_put_data(ef_puk, pk_status, sizeof(pk_status)); for (uint8_t i = 0; i < puks; i++) { file_t *tf = file_new(EF_PUK + i); if (!tf) { release_mkek(mkek); return SW_MEMORY_FAILURE(); } - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } } else if (tag == 0x97) { @@ -122,12 +122,12 @@ int cmd_initialize() { file_t *tf = file_new(EF_DKEK+i); if (!tf) return SW_MEMORY_FAILURE(); - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } */ } } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); if (!tf_kd) { release_mkek(mkek); return SW_EXEC_ERROR(); @@ -143,7 +143,7 @@ int cmd_initialize() { if (dkeks) { if (*dkeks > 0) { uint16_t d = *dkeks; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } @@ -153,28 +153,28 @@ int cmd_initialize() { return SW_EXEC_ERROR(); } uint16_t d = 0x0101; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } } else { uint16_t d = 0x0000; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } if (kds) { uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS); memset(t, 0xff, 2 * k); - if (flash_write_data_to_file(tf_kd, t, 2 * k) != CCID_OK) { + if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) { return SW_EXEC_ERROR(); } } /* When initialized, it has all credentials */ isUserAuthenticated = true; /* Create terminal private key */ - file_t *fdkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fdkey = search_file(EF_KEY_DEV); if (!fdkey) { return SW_EXEC_ERROR(); } @@ -200,8 +200,8 @@ int cmd_initialize() { return SW_EXEC_ERROR(); } - file_t *fpk = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)cvc_len); + file_t *fpk = search_file(EF_EE_DEV); + ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len); if (ret != 0) { mbedtls_ecdsa_free(&ecdsa); return SW_EXEC_ERROR(); @@ -213,8 +213,8 @@ int cmd_initialize() { } memcpy(res_APDU + cvc_len, res_APDU, cvc_len); mbedtls_ecdsa_free(&ecdsa); - fpk = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)(2 * cvc_len)); + fpk = search_file(EF_TERMCA); + ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len)); if (ret != 0) { return SW_EXEC_ERROR(); } @@ -229,8 +229,8 @@ int cmd_initialize() { 256, res_APDU, 4096); - fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, prkd_len); + fpk = search_file(EF_PRKD_DEV); + ret = file_put_data(fpk, res_APDU, prkd_len); } if (ret != 0) { diff --git a/src/hsm/cmd_key_domain.c b/src/hsm/cmd_key_domain.c index 487a7c5..43c9a54 100644 --- a/src/hsm/cmd_key_domain.c +++ b/src/hsm/cmd_key_domain.c @@ -44,7 +44,7 @@ int cmd_key_domain() { if (p2 >= MAX_KEY_DOMAINS) { return SW_WRONG_P1P2(); } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); if (!tf_kd) { return SW_EXEC_ERROR(); } @@ -83,17 +83,17 @@ int cmd_key_domain() { uint8_t t[MAX_KEY_DOMAINS * 2]; memcpy(t, kdata, tf_kd_size); t[2 * p2 + 1] = current_dkeks; - if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) { + if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) { return SW_EXEC_ERROR(); } low_flash_available(); } else { - file_t *tf = search_dynamic_file(EF_XKEK + p2); + file_t *tf = search_file(EF_XKEK + p2); if (2 * p2 >= tf_kd_size) { return SW_INCORRECT_P1P2(); } - if (current_dkeks == 0xff && !tf) { //XKEK have always 0xff + if (current_dkeks == 0xff && !file_has_data(tf)) { //XKEK have always 0xff return SW_REFERENCE_NOT_FOUND(); } } @@ -104,7 +104,7 @@ int cmd_key_domain() { } if (p1 == 0x3) { //if key domain is not empty, command is denied for (uint16_t i = 1; i < 256; i++) { - file_t *fkey = search_dynamic_file(KEY_PREFIX << 8 | (uint8_t)i); + file_t *fkey = search_file(KEY_PREFIX << 8 | (uint8_t)i); if (get_key_domain(fkey) == p2) { return SW_FILE_EXISTS(); } @@ -129,16 +129,16 @@ int cmd_key_domain() { else if (p1 == 0x4) { t[2 * p2 + 1] = current_dkeks = 0; } - if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) { + if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) { return SW_EXEC_ERROR(); } file_t *tf = NULL; - if ((tf = search_dynamic_file(EF_DKEK + p2))) { + if ((tf = search_file(EF_DKEK + p2))) { if (delete_file(tf) != CCID_OK) { return SW_EXEC_ERROR(); } } - if (p1 == 0x3 && (tf = search_dynamic_file(EF_XKEK + p2))) { + if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) { if (delete_file(tf) != CCID_OK) { return SW_EXEC_ERROR(); } @@ -151,7 +151,7 @@ int cmd_key_domain() { else if (p1 == 0x2) { //XKEK Key Domain creation if (apdu.nc > 0) { uint16_t pub_len = 0; - file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); + file_t *fterm = search_file(EF_TERMCA); if (!fterm) { return SW_EXEC_ERROR(); } @@ -189,7 +189,7 @@ int cmd_key_domain() { t86_len = 0; t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); if (t86) { - flash_write_data_to_file(tf, t86 + 1, (uint16_t)t86_len - 1); + file_put_data(tf, t86 + 1, (uint16_t)t86_len - 1); low_flash_available(); } } @@ -203,8 +203,8 @@ int cmd_key_domain() { res_APDU[1] = dkeks > current_dkeks ? dkeks - current_dkeks : 0; dkek_kcv(p2, res_APDU + 2); res_APDU_size = 2 + 8; - file_t *tf = search_dynamic_file(EF_XKEK + p2); - if (tf) { + file_t *tf = search_file(EF_XKEK + p2); + if (file_has_data(tf)) { memcpy(res_APDU + 10, file_get_data(tf), file_get_size(tf)); res_APDU_size += file_get_size(tf); } diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index 85b8288..c2905c8 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -132,7 +132,7 @@ int cmd_key_unwrap() { } if (res_APDU_size > 0) { file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id); - r = flash_write_data_to_file(fpk, res_APDU, res_APDU_size); + r = file_put_data(fpk, res_APDU, res_APDU_size); if (r != 0) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index d303ddc..1244ed9 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -32,7 +32,7 @@ int cmd_key_wrap() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (!ef) { return SW_FILE_NOT_FOUND(); } @@ -40,7 +40,7 @@ int cmd_key_wrap() { if (kdom == 0xff) { return SW_REFERENCE_NOT_FOUND(); } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * kdom] : 0, current_dkeks = kdata ? kdata[2 * kdom + 1] : 0; if (dkeks != current_dkeks || dkeks == 0 || dkeks == 0xff) { @@ -49,7 +49,7 @@ int cmd_key_wrap() { if (key_has_purpose(ef, ALGO_WRAP) == false) { return SW_CONDITIONS_NOT_SATISFIED(); } - file_t *prkd = search_dynamic_file((PRKD_PREFIX << 8) | key_id); + file_t *prkd = search_file((PRKD_PREFIX << 8) | key_id); if (!prkd) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 22c1e05..c0639c4 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -98,7 +98,7 @@ int cmd_keypair_gen() { if (a92.data[0] > MAX_KEY_DOMAINS) { return SW_WRONG_DATA(); } - file_t *tf_xkek = search_dynamic_file(EF_XKEK + a92.data[0]); + file_t *tf_xkek = search_file(EF_XKEK + a92.data[0]); if (!tf_xkek) { return SW_WRONG_DATA(); } @@ -145,7 +145,7 @@ int cmd_keypair_gen() { return SW_EXEC_ERROR(); } file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id); - ret = flash_write_data_to_file(fpk, res_APDU, res_APDU_size); + ret = file_put_data(fpk, res_APDU, res_APDU_size); if (ret != 0) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_list_keys.c b/src/hsm/cmd_list_keys.c index ef92c6f..a7c9fce 100644 --- a/src/hsm/cmd_list_keys.c +++ b/src/hsm/cmd_list_keys.c @@ -21,11 +21,11 @@ int cmd_list_keys() { /* First we send DEV private key */ /* Both below conditions should be always TRUE */ - if (search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF)) { + if (search_file(EF_PRKD_DEV)) { res_APDU[res_APDU_size++] = EF_PRKD_DEV >> 8; res_APDU[res_APDU_size++] = EF_PRKD_DEV & 0xff; } - if (search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF)) { + if (search_file(EF_KEY_DEV)) { res_APDU[res_APDU_size++] = EF_KEY_DEV >> 8; res_APDU[res_APDU_size++] = EF_KEY_DEV & 0xff; } diff --git a/src/hsm/cmd_mse.c b/src/hsm/cmd_mse.c index f930494..1e6a5a4 100644 --- a/src/hsm/cmd_mse.c +++ b/src/hsm/cmd_mse.c @@ -57,7 +57,7 @@ int cmd_mse() { } else if (p2 == 0xA4) { /* Aut */ for (uint8_t i = 0; i < MAX_PUK; i++) { - file_t *ef = search_dynamic_file(EF_PUK + i); + file_t *ef = search_file(EF_PUK + i); if (!ef) { break; } diff --git a/src/hsm/cmd_pso.c b/src/hsm/cmd_pso.c index f2ee8e7..cbaec4d 100644 --- a/src/hsm/cmd_pso.c +++ b/src/hsm/cmd_pso.c @@ -51,10 +51,10 @@ int cmd_pso() { } for (uint8_t i = 0; i < 0xfe; i++) { uint16_t fid = (CA_CERTIFICATE_PREFIX << 8) | i; - file_t *ca_ef = search_dynamic_file(fid); + file_t *ca_ef = search_file(fid); if (!ca_ef) { ca_ef = file_new(fid); - flash_write_data_to_file(ca_ef, apdu.data, (uint16_t)apdu.nc); + file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc); if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef), false) != CCID_OK) { return SW_FILE_FULL(); @@ -144,7 +144,7 @@ int cmd_pso() { fid, buf, cd_len); - flash_write_data_to_file(cd_ef, buf, cd_len); + file_put_data(cd_ef, buf, cd_len); free(buf); if (r == 0) { return SW_EXEC_ERROR(); diff --git a/src/hsm/cmd_puk_auth.c b/src/hsm/cmd_puk_auth.c index a6ff158..aaf835d 100644 --- a/src/hsm/cmd_puk_auth.c +++ b/src/hsm/cmd_puk_auth.c @@ -21,7 +21,7 @@ int cmd_puk_auth() { uint8_t p1 = P1(apdu), p2 = P2(apdu); - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!file_has_data(ef_puk)) { if (apdu.nc > 0) { return SW_FILE_NOT_FOUND(); @@ -37,7 +37,7 @@ int cmd_puk_auth() { return SW_INCORRECT_P1P2(); } for (uint8_t i = 0; i < puk_data[0]; i++) { - ef = search_dynamic_file(EF_PUK + i); + ef = search_file(EF_PUK + i); if (!ef) { /* Never should not happen */ return SW_MEMORY_FAILURE(); } @@ -48,7 +48,7 @@ int cmd_puk_auth() { uint8_t *tmp = (uint8_t *) calloc(file_get_size(ef_puk), sizeof(uint8_t)); memcpy(tmp, puk_data, file_get_size(ef_puk)); tmp[1] = puk_data[1] - 1; - flash_write_data_to_file(ef_puk, tmp, file_get_size(ef_puk)); + file_put_data(ef_puk, tmp, file_get_size(ef_puk)); puk_data = file_get_data(ef_puk); free(tmp); } @@ -56,12 +56,12 @@ int cmd_puk_auth() { if (p2 >= puk_data[0]) { return SW_INCORRECT_P1P2(); } - ef = search_dynamic_file(EF_PUK + p2); + ef = search_file(EF_PUK + p2); if (!ef) { /* Never should not happen */ return SW_MEMORY_FAILURE(); } } - flash_write_data_to_file(ef, apdu.data, (uint16_t)apdu.nc); + file_put_data(ef, apdu.data, (uint16_t)apdu.nc); low_flash_available(); } else { @@ -72,7 +72,7 @@ int cmd_puk_auth() { if (p2 >= puk_data[0]) { return SW_INCORRECT_P1P2(); } - file_t *ef = search_dynamic_file(EF_PUK + p2); + file_t *ef = search_file(EF_PUK + p2); if (!ef) { return SW_INCORRECT_P1P2(); } diff --git a/src/hsm/cmd_read_binary.c b/src/hsm/cmd_read_binary.c index 7c4a6df..ee8d636 100644 --- a/src/hsm/cmd_read_binary.c +++ b/src/hsm/cmd_read_binary.c @@ -25,7 +25,7 @@ int cmd_read_binary() { if ((ins & 0x1) == 0) { if ((p1 & 0x80) != 0) { - if (!(ef = search_by_fid(p1 & 0x1f, NULL, SPECIFY_EF))) { + if (!(ef = search_file(p1 & 0x1f))) { return SW_FILE_NOT_FOUND(); } offset = p2; @@ -37,7 +37,7 @@ int cmd_read_binary() { } else { if (p1 == 0 && (p2 & 0xE0) == 0 && (p2 & 0x1f) != 0 && (p2 & 0x1f) != 0x1f) { - if (!(ef = search_by_fid(p2 & 0x1f, NULL, SPECIFY_EF))) { + if (!(ef = search_file(p2 & 0x1f))) { return SW_FILE_NOT_FOUND(); } } @@ -46,9 +46,7 @@ int cmd_read_binary() { if (file_id == 0x0) { ef = currentEF; } - else if (!(ef = - search_by_fid(file_id, NULL, - SPECIFY_EF)) && !(ef = search_dynamic_file(file_id))) { + else if (!(ef = search_file(file_id))) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_reset_retry.c b/src/hsm/cmd_reset_retry.c index f4567d5..d17dc57 100644 --- a/src/hsm/cmd_reset_retry.c +++ b/src/hsm/cmd_reset_retry.c @@ -36,7 +36,7 @@ int cmd_reset_retry() { if (P1(apdu) == 0x0 || P1(apdu) == 0x2) { uint8_t newpin_len = 0; if (P1(apdu) == 0x0) { - uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin)); + uint8_t so_pin_len = file_read_uint8(file_sopin); if ((uint16_t)apdu.nc <= so_pin_len + 1) { return SW_WRONG_LENGTH(); } @@ -58,7 +58,7 @@ int cmd_reset_retry() { uint8_t dhash[33]; dhash[0] = newpin_len; double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1); - flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); + file_put_data(file_pin1, dhash, sizeof(dhash)); if (pin_reset_retries(file_pin1, true) != CCID_OK) { return SW_MEMORY_FAILURE(); } @@ -82,7 +82,7 @@ int cmd_reset_retry() { return SW_COMMAND_NOT_ALLOWED(); } if (P1(apdu) == 0x1) { - uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin)); + uint8_t so_pin_len = file_read_uint8(file_sopin); if (apdu.nc != so_pin_len) { return SW_WRONG_LENGTH(); } diff --git a/src/hsm/cmd_select.c b/src/hsm/cmd_select.c index 3c8da6d..1ecf491 100644 --- a/src/hsm/cmd_select.c +++ b/src/hsm/cmd_select.c @@ -63,8 +63,7 @@ int cmd_select() { pfx == DCOD_PREFIX || pfx == DATA_PREFIX || pfx == PROT_DATA_PREFIX) {*/ - if (fid != 0x0 && !(pe = search_dynamic_file(fid)) && - !(pe = search_by_fid(fid, NULL, SPECIFY_EF))) { + if (fid != 0x0 && !(pe = search_file(fid))) { return SW_FILE_NOT_FOUND(); } /*}*/ diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c index b75eedb..0ba2dc7 100644 --- a/src/hsm/cmd_signature.c +++ b/src/hsm/cmd_signature.c @@ -104,10 +104,7 @@ int cmd_signature() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if ((!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) && - !(fkey = - search_by_fid((KEY_PREFIX << 8) | key_id, NULL, - SPECIFY_EF))) || !file_has_data(fkey)) { + if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { return SW_FILE_NOT_FOUND(); } if (get_key_counter(fkey) == 0) { diff --git a/src/hsm/cmd_update_ef.c b/src/hsm/cmd_update_ef.c index 4b6ec18..7eba19a 100644 --- a/src/hsm/cmd_update_ef.c +++ b/src/hsm/cmd_update_ef.c @@ -72,15 +72,12 @@ int cmd_update_ef() { if (fid == 0x0 && !ef) { return SW_FILE_NOT_FOUND(); } - else if (fid != 0x0 && - !(ef = - search_by_fid(fid, NULL, - SPECIFY_EF)) && !(ef = search_dynamic_file(fid))) { //if does not exist, create it + else if (fid != 0x0 && !(ef = search_file(fid))) { //if does not exist, create it //return SW_FILE_NOT_FOUND(); ef = file_new(fid); } if (offset == 0) { - int r = flash_write_data_to_file(ef, data, data_len); + int r = file_put_data(ef, data, data_len); if (r != CCID_OK) { return SW_MEMORY_FAILURE(); } @@ -93,7 +90,7 @@ int cmd_update_ef() { uint8_t *data_merge = (uint8_t *) calloc(1, offset + data_len); memcpy(data_merge, file_get_data(ef), offset); memcpy(data_merge + offset, data, data_len); - int r = flash_write_data_to_file(ef, data_merge, offset + data_len); + int r = file_put_data(ef, data_merge, offset + data_len); free(data_merge); if (r != CCID_OK) { return SW_MEMORY_FAILURE(); diff --git a/src/hsm/cmd_verify.c b/src/hsm/cmd_verify.c index 66a725a..829cb11 100644 --- a/src/hsm/cmd_verify.c +++ b/src/hsm/cmd_verify.c @@ -39,25 +39,25 @@ int cmd_verify() { if (apdu.nc > 0) { return check_pin(file_pin1, apdu.data, (uint16_t)apdu.nc); } - if (file_read_uint8(file_get_data(file_retries_pin1)) == 0) { + if (file_read_uint8(file_retries_pin1) == 0) { return SW_PIN_BLOCKED(); } - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_pin1))); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_pin1)); } else if (p2 == 0x88) { //SOPin - if (file_read_uint8(file_get_data(file_sopin)) == 0) { //not initialized + if (file_read_uint8(file_sopin) == 0) { //not initialized return SW_REFERENCE_NOT_FOUND(); } if (apdu.nc > 0) { return check_pin(file_sopin, apdu.data, (uint16_t)apdu.nc); } - if (file_read_uint8(file_get_data(file_retries_sopin)) == 0) { + if (file_read_uint8(file_retries_sopin) == 0) { return SW_PIN_BLOCKED(); } if (has_session_sopin) { return SW_OK(); } - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_sopin))); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_sopin)); } else if (p2 == 0x85) { return SW_OK(); diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index c2df5dc..30a88a4 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -322,7 +322,7 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa, uint16_t outcar_len = dev_name_len; const uint8_t *outcar = dev_name; uint16_t outcar_size = asn1_len_tag(0x42, outcar_len); - file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fkey = search_file(EF_KEY_DEV); if (!fkey) { return 0; } diff --git a/src/hsm/files.c b/src/hsm/files.c index 8a5fb4b..dba2367 100644 --- a/src/hsm/files.c +++ b/src/hsm/files.c @@ -41,22 +41,22 @@ file_t file_entries[] = { .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.TokenInfo /* 8 */ { .fid = 0x5033, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.UnusedSpace - /* 9 */ { .fid = 0x1081, .parent = 5, .name = NULL, + /* 9 */ { .fid = EF_PIN1, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (PIN1) - /* 10 */ { .fid = 0x1082, .parent = 5, .name = NULL, + /* 10 */ { .fid = EF_PIN1_MAX_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (PIN1) - /* 11 */ { .fid = 0x1083, .parent = 5, .name = NULL, + /* 11 */ { .fid = EF_PIN1_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (PIN1) - /* 12 */ { .fid = 0x1088, .parent = 5, .name = NULL, + /* 12 */ { .fid = EF_SOPIN, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (SOPIN) - /* 13 */ { .fid = 0x1089, .parent = 5, .name = NULL, + /* 13 */ { .fid = EF_SOPIN_MAX_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (SOPIN) - /* 14 */ { .fid = 0x108A, .parent = 5, .name = NULL, + /* 14 */ { .fid = EF_SOPIN_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (SOPIN) /* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL, diff --git a/src/hsm/files.h b/src/hsm/files.h index 8637fc8..e436c92 100644 --- a/src/hsm/files.h +++ b/src/hsm/files.h @@ -24,7 +24,13 @@ #define EF_DEVOPS 0x100E #define EF_MKEK 0x100A #define EF_MKEK_SO 0x100B -#define EF_XKEK 0x1080 +#define EF_XKEK 0x1070 +#define EF_PIN1 0x1081 +#define EF_PIN1_MAX_RETRIES 0x1082 +#define EF_PIN1_RETRIES 0x1083 +#define EF_SOPIN 0x1088 +#define EF_SOPIN_MAX_RETRIES 0x1089 +#define EF_SOPIN_RETRIES 0x108A #define EF_DKEK 0x1090 #define EF_KEY_DOMAIN 0x10A0 #define EF_PUKAUT 0x10C0 diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 66c0710..b1bab61 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -55,14 +55,14 @@ int load_mkek(uint8_t *mkek) { } const uint8_t *pin = NULL; if (pin == NULL && has_session_pin == true) { - file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK); if (file_has_data(tf)) { memcpy(mkek, file_get_data(tf), MKEK_SIZE); pin = session_pin; } } if (pin == NULL && has_session_sopin == true) { - file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK_SO); if (file_has_data(tf)) { memcpy(mkek, file_get_data(tf), MKEK_SIZE); pin = session_sopin; @@ -107,8 +107,8 @@ int mse_decrypt_ct(uint8_t *data, size_t len) { } int load_dkek(uint8_t id, uint8_t *dkek) { - file_t *tf = search_dynamic_file(EF_DKEK + id); - if (!tf) { + file_t *tf = search_file(EF_DKEK + id); + if (!file_has_data(tf)) { return CCID_ERR_FILE_NOT_FOUND; } memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE); @@ -135,7 +135,7 @@ int store_mkek(const uint8_t *mkek) { if (has_session_pin) { uint8_t tmp_mkek_pin[MKEK_SIZE]; memcpy(tmp_mkek_pin, tmp_mkek, MKEK_SIZE); - file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK); if (!tf) { release_mkek(tmp_mkek); release_mkek(tmp_mkek_pin); @@ -145,13 +145,13 @@ int store_mkek(const uint8_t *mkek) { MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE); - flash_write_data_to_file(tf, tmp_mkek_pin, MKEK_SIZE); + file_put_data(tf, tmp_mkek_pin, MKEK_SIZE); release_mkek(tmp_mkek_pin); } if (has_session_sopin) { uint8_t tmp_mkek_sopin[MKEK_SIZE]; memcpy(tmp_mkek_sopin, tmp_mkek, MKEK_SIZE); - file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK_SO); if (!tf) { release_mkek(tmp_mkek); release_mkek(tmp_mkek_sopin); @@ -161,7 +161,7 @@ int store_mkek(const uint8_t *mkek) { MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE); - flash_write_data_to_file(tf, tmp_mkek_sopin, MKEK_SIZE); + file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE); release_mkek(tmp_mkek_sopin); } low_flash_available(); @@ -170,7 +170,7 @@ int store_mkek(const uint8_t *mkek) { } int store_dkek_key(uint8_t id, uint8_t *dkek) { - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -178,7 +178,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) { if (r != CCID_OK) { return r; } - flash_write_data_to_file(tf, dkek, DKEK_KEY_SIZE); + file_put_data(tf, dkek, DKEK_KEY_SIZE); low_flash_available(); return CCID_OK; } @@ -186,7 +186,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) { int save_dkek_key(uint8_t id, const uint8_t *key) { uint8_t dkek[DKEK_KEY_SIZE]; if (!key) { - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -200,7 +200,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) { int import_dkek_share(uint8_t id, const uint8_t *share) { uint8_t tmp_dkek[DKEK_KEY_SIZE]; - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -211,7 +211,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) { for (int i = 0; i < DKEK_KEY_SIZE; i++) { tmp_dkek[i] ^= share[i]; } - flash_write_data_to_file(tf, tmp_dkek, DKEK_KEY_SIZE); + file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE); low_flash_available(); return CCID_OK; } diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 82a2334..5b76499 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -94,45 +94,45 @@ INITIALIZER( sc_hsm_ctor ) { } void scan_files() { - file_pin1 = search_by_fid(0x1081, NULL, SPECIFY_EF); + file_pin1 = search_file(EF_PIN1); if (file_pin1) { if (!file_pin1->data) { printf("PIN1 is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; - flash_write_data_to_file(file_pin1, empty, sizeof(empty)); + file_put_data(file_pin1, empty, sizeof(empty)); } } else { printf("FATAL ERROR: PIN1 not found in memory!\n"); } - file_sopin = search_by_fid(0x1088, NULL, SPECIFY_EF); + file_sopin = search_file(EF_SOPIN); if (file_sopin) { if (!file_sopin->data) { printf("SOPIN is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; - flash_write_data_to_file(file_sopin, empty, sizeof(empty)); + file_put_data(file_sopin, empty, sizeof(empty)); } } else { printf("FATAL ERROR: SOPIN not found in memory!\n"); } - file_retries_pin1 = search_by_fid(0x1083, NULL, SPECIFY_EF); + file_retries_pin1 = search_file(EF_PIN1_RETRIES); if (file_retries_pin1) { if (!file_retries_pin1->data) { printf("Retries PIN1 is empty. Initializing with default retriesr\n"); const uint8_t retries = 3; - flash_write_data_to_file(file_retries_pin1, &retries, sizeof(uint8_t)); + file_put_data(file_retries_pin1, &retries, sizeof(uint8_t)); } } else { printf("FATAL ERROR: Retries PIN1 not found in memory!\n"); } - file_retries_sopin = search_by_fid(0x108A, NULL, SPECIFY_EF); + file_retries_sopin = search_file(EF_SOPIN_RETRIES); if (file_retries_sopin) { if (!file_retries_sopin->data) { printf("Retries SOPIN is empty. Initializing with default retries\n"); const uint8_t retries = 15; - flash_write_data_to_file(file_retries_sopin, &retries, sizeof(uint8_t)); + file_put_data(file_retries_sopin, &retries, sizeof(uint8_t)); } } else { @@ -140,23 +140,23 @@ void scan_files() { } file_t *tf = NULL; - tf = search_by_fid(0x1082, NULL, SPECIFY_EF); + tf = search_file(EF_PIN1_MAX_RETRIES); if (tf) { if (!tf->data) { printf("Max retries PIN1 is empty. Initializing with default max retriesr\n"); const uint8_t retries = 3; - flash_write_data_to_file(tf, &retries, sizeof(uint8_t)); + file_put_data(tf, &retries, sizeof(uint8_t)); } } else { printf("FATAL ERROR: Max Retries PIN1 not found in memory!\n"); } - tf = search_by_fid(0x1089, NULL, SPECIFY_EF); + tf = search_file(EF_SOPIN_MAX_RETRIES); if (tf) { if (!tf->data) { printf("Max Retries SOPIN is empty. Initializing with default max retries\n"); const uint8_t retries = 15; - flash_write_data_to_file(tf, &retries, sizeof(uint8_t)); + file_put_data(tf, &retries, sizeof(uint8_t)); } } else { @@ -227,7 +227,7 @@ void reset_puk_store() { } memset(puk_store, 0, sizeof(puk_store)); puk_store_entries = 0; - file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); + file_t *fterm = search_file(EF_TERMCA); if (fterm) { uint8_t *p = NULL, *fterm_data = file_get_data(fterm), *pq = fterm_data; uint16_t fterm_data_len = file_get_size(fterm); @@ -239,7 +239,7 @@ void reset_puk_store() { } } for (int i = 0; i < 0xfe; i++) { - file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i); + file_t *ef = search_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i); if (ef && file_get_size(ef) > 0) { add_cert_puk_store(file_get_data(ef), file_get_size(ef), false); } @@ -264,9 +264,9 @@ int sc_hsm_unload() { } uint16_t get_device_options() { - file_t *ef = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); + file_t *ef = search_file(EF_DEVOPS); if (file_has_data(ef)) { - return (file_read_uint8(file_get_data(ef)) << 8) | file_read_uint8(file_get_data(ef) + 1); + return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1); } return 0x0; } @@ -318,17 +318,17 @@ int pin_reset_retries(const file_t *pin, bool force) { if (!pin) { return CCID_ERR_NULL_PARAM; } - const file_t *max = search_by_fid(pin->fid + 1, NULL, SPECIFY_EF); - const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF); + const file_t *max = search_file(pin->fid + 1); + const file_t *act = search_file(pin->fid + 2); if (!max || !act) { return CCID_ERR_FILE_NOT_FOUND; } - uint8_t retries = file_read_uint8(file_get_data(act)); + uint8_t retries = file_read_uint8(act); if (retries == 0 && force == false) { // blocked return CCID_ERR_BLOCKED; } - retries = file_read_uint8(file_get_data(max)); - int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries)); + retries = file_read_uint8(max); + int r = file_put_data((file_t *) act, &retries, sizeof(retries)); low_flash_available(); return r; } @@ -337,14 +337,14 @@ int pin_wrong_retry(const file_t *pin) { if (!pin) { return CCID_ERR_NULL_PARAM; } - const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF); + const file_t *act = search_file(pin->fid + 2); if (!act) { return CCID_ERR_FILE_NOT_FOUND; } - uint8_t retries = file_read_uint8(file_get_data(act)); + uint8_t retries = file_read_uint8(act); if (retries > 0) { retries -= 1; - int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries)); + int r = file_put_data((file_t *) act, &retries, sizeof(retries)); if (r != CCID_OK) { return r; } @@ -358,8 +358,8 @@ int pin_wrong_retry(const file_t *pin) { } bool pka_enabled() { - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); - return file_has_data(ef_puk) && file_read_uint8(file_get_data(ef_puk)) > 0; + file_t *ef_puk = search_file(EF_PUKAUT); + return file_has_data(ef_puk) && file_read_uint8(ef_puk) > 0; } uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) { @@ -544,7 +544,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { if (r != CCID_OK) { return r; } - r = flash_write_data_to_file(fpk, kdata, (uint16_t)key_size); + r = file_put_data(fpk, kdata, (uint16_t)key_size); if (r != CCID_OK) { return r; } @@ -556,7 +556,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { uint16_t prkd_len = asn1_build_prkd_generic(NULL, 0, (uint8_t *)key_id_str, (uint16_t)strlen(key_id_str), key_size * 8, type, kdata, sizeof(kdata)); if (prkd_len > 0) { fpk = file_new((PRKD_PREFIX << 8) | key_id); - r = flash_write_data_to_file(fpk, kdata, prkd_len); + r = file_put_data(fpk, kdata, prkd_len); if (r != 0) { return SW_EXEC_ERROR(); } diff --git a/tools/pico-hsm-patch-vidpid.sh b/tools/pico-hsm-patch-vidpid.sh index c2881db..6eacdc4 100755 --- a/tools/pico-hsm-patch-vidpid.sh +++ b/tools/pico-hsm-patch-vidpid.sh @@ -17,7 +17,7 @@ # along with this program. If not, see . # -VERSION_MAJOR="4" #Version of Pico CCID Core +VERSION_MAJOR="5" #Version of Pico Keys SDK VERSION_MINOR="0" echo "----------------------------" diff --git a/tools/pico-hsm-tool.py b/tools/pico-hsm-tool.py index 7d7813f..91840be 100644 --- a/tools/pico-hsm-tool.py +++ b/tools/pico-hsm-tool.py @@ -464,6 +464,8 @@ def phy(picohsm, args): ret = picohsm.phy(args.subcommand, val) if (ret): print(f'Current value: {hexlify(ret)}') + else: + print('Command executed successfully. Please, restart your Pico Key.') def main(args): sys.stderr.buffer.write(b'Pico HSM Tool v1.12\n')