From a6744108268a7fe9024052f4276992f18f1e41b7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 11:46:34 +0200 Subject: [PATCH 01/13] Remove carriage return \r for better debug. Signed-off-by: Pol Henarejos --- src/hsm/cmd_keypair_gen.c | 4 ++-- src/hsm/sc_hsm.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 6a88b85..22c1e05 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -47,7 +47,7 @@ int cmd_keypair_gen() { if (asn1_find_tag(&ctxo, 0x2, &ks) && asn1_len(&ks) > 0) { key_size = asn1_get_uint(&ks); } - printf("KEYPAIR RSA %lu (%lx)\r\n", + printf("KEYPAIR RSA %lu (%lx)\n", (unsigned long) key_size, (unsigned long) exponent); mbedtls_rsa_context rsa; @@ -75,7 +75,7 @@ int cmd_keypair_gen() { return SW_WRONG_DATA(); } mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime.data, prime.len); - printf("KEYPAIR ECC %d\r\n", ec_id); + printf("KEYPAIR ECC %d\n", ec_id); if (ec_id == MBEDTLS_ECP_DP_NONE) { return SW_FUNC_NOT_SUPPORTED(); } diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 70f7534..a9e894b 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -97,24 +97,24 @@ void scan_files() { file_pin1 = search_by_fid(0x1081, NULL, SPECIFY_EF); if (file_pin1) { if (!file_pin1->data) { - printf("PIN1 is empty. Initializing with default password\r\n"); + printf("PIN1 is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; flash_write_data_to_file(file_pin1, empty, sizeof(empty)); } } else { - printf("FATAL ERROR: PIN1 not found in memory!\r\n"); + printf("FATAL ERROR: PIN1 not found in memory!\n"); } file_sopin = search_by_fid(0x1088, NULL, SPECIFY_EF); if (file_sopin) { if (!file_sopin->data) { - printf("SOPIN is empty. Initializing with default password\r\n"); + printf("SOPIN is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; flash_write_data_to_file(file_sopin, empty, sizeof(empty)); } } else { - printf("FATAL ERROR: SOPIN not found in memory!\r\n"); + printf("FATAL ERROR: SOPIN not found in memory!\n"); } file_retries_pin1 = search_by_fid(0x1083, NULL, SPECIFY_EF); if (file_retries_pin1) { @@ -125,18 +125,18 @@ void scan_files() { } } else { - printf("FATAL ERROR: Retries PIN1 not found in memory!\r\n"); + printf("FATAL ERROR: Retries PIN1 not found in memory!\n"); } file_retries_sopin = search_by_fid(0x108A, NULL, SPECIFY_EF); if (file_retries_sopin) { if (!file_retries_sopin->data) { - printf("Retries SOPIN is empty. Initializing with default retries\r\n"); + printf("Retries SOPIN is empty. Initializing with default retries\n"); const uint8_t retries = 15; flash_write_data_to_file(file_retries_sopin, &retries, sizeof(uint8_t)); } } else { - printf("FATAL ERROR: Retries SOPIN not found in memory!\r\n"); + printf("FATAL ERROR: Retries SOPIN not found in memory!\n"); } file_t *tf = NULL; @@ -149,18 +149,18 @@ void scan_files() { } } else { - printf("FATAL ERROR: Max Retries PIN1 not found in memory!\r\n"); + printf("FATAL ERROR: Max Retries PIN1 not found in memory!\n"); } tf = search_by_fid(0x1089, NULL, SPECIFY_EF); if (tf) { if (!tf->data) { - printf("Max Retries SOPIN is empty. Initializing with default max retries\r\n"); + printf("Max Retries SOPIN is empty. Initializing with default max retries\n"); const uint8_t retries = 15; flash_write_data_to_file(tf, &retries, sizeof(uint8_t)); } } else { - printf("FATAL ERROR: Retries SOPIN not found in memory!\r\n"); + printf("FATAL ERROR: Retries SOPIN not found in memory!\n"); } low_flash_available(); } From 5d0dc210da42609824698cc2455581c2542dd630 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 11:48:23 +0200 Subject: [PATCH 02/13] Use external unique ID. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/hsm/sc_hsm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 151ae5f..6f2721a 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 151ae5fae4c5815042fce5d5cbcc06d76561dc9c +Subproject commit 6f2721aba343adab1aa0a336e4b15e41fbb77569 diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index a9e894b..03252ba 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -301,7 +301,7 @@ int parse_token_info(const file_t *f, int mode) { *p++ = 0; //set later *p++ = 0x2; *p++ = 1; *p++ = HSM_VERSION_MAJOR; #ifndef ENABLE_EMULATION - *p++ = 0x4; *p++ = 8; pico_get_unique_board_id((pico_unique_board_id_t *) p); p += 8; + *p++ = 0x4; *p++ = 8; memcpy(p, pico_serial.id, 8); p += 8; #else *p++ = 0x4; *p++ = 8; memset(p, 0, 8); p += 8; #endif From fdc41e5856db9ee691d3418ac31cfe86ee185a90 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 11:50:44 +0200 Subject: [PATCH 03/13] Add support for PHY command to store and change VIDPID and LED no. dynamically on reboot. Signed-off-by: Pol Henarejos --- src/hsm/cmd_extras.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index a5c4499..aea3fca 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -195,6 +195,40 @@ int cmd_extras() { } } } +#ifndef ENABLE_EMULATION + else if (P1(apdu) == 0x1B) { // Set PHY + if (apdu.nc == 0) { + if (file_has_data(ef_phy)) { + res_APDU_size = file_get_size(ef_phy); + memcpy(res_APDU, file_get_data(ef_phy), res_APDU_size); + } + } + else { + uint8_t tmp[PHY_MAX_SIZE]; + memset(tmp, 0, sizeof(tmp)); + if (file_has_data(ef_phy)) { + memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy))); + } + if (P2(apdu) == PHY_VID) { // VIDPID + if (apdu.nc != 4) { + return SW_WRONG_LENGTH(); + } + memcpy(tmp + PHY_VID, apdu.data, 4); + } + else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_MODE) { + if (apdu.nc != 1) { + return SW_WRONG_LENGTH(); + } + tmp[P2(apdu)] = apdu.data[0]; + } + else { + return SW_INCORRECT_P1P2(); + } + flash_write_data_to_file(ef_phy, tmp, sizeof(tmp)); + low_flash_available(); + } + } +#endif else { return SW_INCORRECT_P1P2(); } From 623cf10dbad2607962253d9c713e3d4c2baac515 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 11:51:25 +0200 Subject: [PATCH 04/13] Add phy command to pico-hsm-tool to change VIDPID dynamically. Signed-off-by: Pol Henarejos --- tools/pico-hsm-tool.py | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tools/pico-hsm-tool.py b/tools/pico-hsm-tool.py index 00d9ee6..7d7813f 100644 --- a/tools/pico-hsm-tool.py +++ b/tools/pico-hsm-tool.py @@ -87,10 +87,17 @@ def parse_args(): parser_opts = subparser.add_parser('options', help='Manage extra options.', formatter_class=RawTextHelpFormatter) subparser_opts = parser_opts.add_subparsers(title='commands', dest='subcommand', required=True) parser_opts_set = subparser_opts.add_parser('set', help='Sets option OPT.') - parser_opts_get = subparser_opts.add_parser('get', help='Gets optiont OPT.') + parser_opts_get = subparser_opts.add_parser('get', help='Gets option OPT.') parser_opts.add_argument('opt', choices=['button', 'counter'], help='button: press-to-confirm button.\ncounter: every generated key has an internal counter.', metavar='OPT') parser_opts_set.add_argument('onoff', choices=['on', 'off'], help='Toggles state ON or OFF', metavar='ON/OFF', nargs='?') + parser_phy = subparser.add_parser('phy', help='Set PHY options.') + subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True) + parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)') + parser_phy_ledn = subparser_phy.add_parser('led', help='Sets LED GPIO number.') + parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?') + parser_phy_ledn.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?') + parser_secure = subparser.add_parser('secure', help='Manages security of Pico HSM.') subparser_secure = parser_secure.add_subparsers(title='commands', dest='subcommand', required=True) parser_opts_enable = subparser_secure.add_parser('enable', help='Enables secure lock.') @@ -444,8 +451,22 @@ def keygen(picohsm, args): print('Key generated successfully.') print(f'Key ID: {ret}') +def phy(picohsm, args): + val = args.value if 'value' in args else None + if (val): + if (args.subcommand == 'vidpid'): + sp = val.split(':') + if (len(sp) != 2): + print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)') + val = int(sp[0],16).to_bytes(2, 'big') + int(sp[1],16).to_bytes(2, 'big') + elif (args.subcommand == 'led'): + val = [int(val)] + ret = picohsm.phy(args.subcommand, val) + if (ret): + print(f'Current value: {hexlify(ret)}') + def main(args): - sys.stderr.buffer.write(b'Pico HSM Tool v1.10\n') + sys.stderr.buffer.write(b'Pico HSM Tool v1.12\n') sys.stderr.buffer.write(b'Author: Pol Henarejos\n') sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n') sys.stderr.buffer.write(b'\n\n') @@ -470,6 +491,8 @@ def main(args): cipher(picohsm, args) elif (args.command == 'keygen'): keygen(picohsm, args) + elif (args.command == 'phy'): + phy(picohsm, args) def run(): From b0343031931175f9720b621c2a8dcbcdf8142720 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 16:36:34 +0200 Subject: [PATCH 05/13] Use new methods search_file() and file_put_data(). Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/hsm/cmd_bip_slip.c | 2 +- src/hsm/cmd_change_pin.c | 4 +-- src/hsm/cmd_external_authenticate.c | 2 +- src/hsm/cmd_extras.c | 14 ++++---- src/hsm/cmd_general_authenticate.c | 2 +- src/hsm/cmd_initialize.c | 48 ++++++++++++------------- src/hsm/cmd_key_domain.c | 10 +++--- src/hsm/cmd_key_unwrap.c | 2 +- src/hsm/cmd_key_wrap.c | 2 +- src/hsm/cmd_keypair_gen.c | 2 +- src/hsm/cmd_list_keys.c | 4 +-- src/hsm/cmd_pso.c | 4 +-- src/hsm/cmd_puk_auth.c | 6 ++-- src/hsm/cmd_read_binary.c | 8 ++--- src/hsm/cmd_reset_retry.c | 6 ++-- src/hsm/cmd_select.c | 3 +- src/hsm/cmd_signature.c | 5 +-- src/hsm/cmd_update_ef.c | 9 ++--- src/hsm/cmd_verify.c | 10 +++--- src/hsm/cvc.c | 2 +- src/hsm/kek.c | 16 ++++----- src/hsm/sc_hsm.c | 56 ++++++++++++++--------------- 23 files changed, 105 insertions(+), 114 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 6f2721a..ef196bf 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 6f2721aba343adab1aa0a336e4b15e41fbb77569 +Subproject commit ef196bf10ba29410df712b54beef8a2c4876300a diff --git a/src/hsm/cmd_bip_slip.c b/src/hsm/cmd_bip_slip.c index 41d27d6..15cce9b 100644 --- a/src/hsm/cmd_bip_slip.c +++ b/src/hsm/cmd_bip_slip.c @@ -256,7 +256,7 @@ int cmd_bip_slip() { if (r != CCID_OK) { return SW_EXEC_ERROR(); } - r = flash_write_data_to_file(ef, mkey, sizeof(mkey)); + r = file_put_data(ef, mkey, sizeof(mkey)); if (r != CCID_OK) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_change_pin.c b/src/hsm/cmd_change_pin.c index 7a2ba98..3af69e0 100644 --- a/src/hsm/cmd_change_pin.c +++ b/src/hsm/cmd_change_pin.c @@ -35,7 +35,7 @@ int cmd_change_pin() { if (!file_has_data(file_pin)) { return SW_REFERENCE_NOT_FOUND(); } - uint8_t pin_len = file_read_uint8(file_get_data(file_pin)); + uint8_t pin_len = file_read_uint8(file_pin); int r = check_pin(file_pin, apdu.data, pin_len); if (r != 0x9000) { return r; @@ -63,7 +63,7 @@ int cmd_change_pin() { uint8_t dhash[33]; dhash[0] = (uint8_t)apdu.nc - pin_len; double_hash_pin(apdu.data + pin_len, (uint16_t)(apdu.nc - pin_len), dhash + 1); - flash_write_data_to_file(file_pin, dhash, sizeof(dhash)); + file_put_data(file_pin, dhash, sizeof(dhash)); low_flash_available(); return SW_OK(); } diff --git a/src/hsm/cmd_external_authenticate.c b/src/hsm/cmd_external_authenticate.c index 8d5ae4d..a40dc96 100644 --- a/src/hsm/cmd_external_authenticate.c +++ b/src/hsm/cmd_external_authenticate.c @@ -34,7 +34,7 @@ int cmd_external_authenticate() { if (apdu.nc == 0) { return SW_WRONG_LENGTH(); } - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!file_has_data(ef_puk)) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index aea3fca..f801852 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -81,8 +81,8 @@ int cmd_extras() { } else { uint8_t newopts[] = { apdu.data[0], (opts & 0xff) }; - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, newopts, sizeof(newopts)); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, newopts, sizeof(newopts)); low_flash_available(); } } @@ -167,14 +167,14 @@ int cmd_extras() { (P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) { uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO }; for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) { - file_t *tf = search_by_fid(tfids[t], NULL, SPECIFY_EF); + file_t *tf = search_file(tfids[t]); if (tf) { uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(tf)); memcpy(tmp, file_get_data(tf), file_get_size(tf)); for (int i = 0; i < MKEK_KEY_SIZE; i++) { MKEK_KEY(tmp)[i] ^= apdu.data[i]; } - flash_write_data_to_file(tf, tmp, file_get_size(tf)); + file_put_data(tf, tmp, file_get_size(tf)); free(tmp); } } @@ -185,8 +185,8 @@ int cmd_extras() { else if (P2(apdu) == 0x04) { newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8; } - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, newopts, sizeof(newopts)); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, newopts, sizeof(newopts)); low_flash_available(); } else if (P2(apdu) == 0x03) { @@ -224,7 +224,7 @@ int cmd_extras() { else { return SW_INCORRECT_P1P2(); } - flash_write_data_to_file(ef_phy, tmp, sizeof(tmp)); + file_put_data(ef_phy, tmp, sizeof(tmp)); low_flash_available(); } } diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c index 64c5860..a7ca816 100644 --- a/src/hsm/cmd_general_authenticate.c +++ b/src/hsm/cmd_general_authenticate.c @@ -41,7 +41,7 @@ int cmd_general_authenticate() { pubkey_len = tag_len + 1; } } - file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fkey = search_file(EF_KEY_DEV); if (!fkey) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index cf19cb3..083d60a 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -53,15 +53,15 @@ int cmd_initialize() { asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { //options - file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); - flash_write_data_to_file(tf, tag_data, tag_len); + file_t *tf = search_file(EF_DEVOPS); + file_put_data(tf, tag_data, tag_len); } else if (tag == 0x81) { //user pin if (file_pin1 && file_pin1->data) { uint8_t dhash[33]; dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); - flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); + file_put_data(file_pin1, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_pin); has_session_pin = true; } @@ -71,18 +71,18 @@ int cmd_initialize() { uint8_t dhash[33]; dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); - flash_write_data_to_file(file_sopin, dhash, sizeof(dhash)); + file_put_data(file_sopin, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_sopin); has_session_sopin = true; } } else if (tag == 0x91) { //retries user pin - file_t *tf = search_by_fid(0x1082, NULL, SPECIFY_EF); + file_t *tf = search_file(0x1082); if (tf && tf->data) { - flash_write_data_to_file(tf, tag_data, tag_len); + file_put_data(tf, tag_data, tag_len); } if (file_retries_pin1 && file_retries_pin1->data) { - flash_write_data_to_file(file_retries_pin1, tag_data, tag_len); + file_put_data(file_retries_pin1, tag_data, tag_len); } } else if (tag == 0x92) { @@ -92,10 +92,10 @@ int cmd_initialize() { release_mkek(mkek); return SW_MEMORY_FAILURE(); } - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } else if (tag == 0x93) { - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!ef_puk) { release_mkek(mkek); return SW_MEMORY_FAILURE(); @@ -105,14 +105,14 @@ int cmd_initialize() { pk_status[0] = puks; pk_status[1] = puks; pk_status[2] = tag_data[1]; - flash_write_data_to_file(ef_puk, pk_status, sizeof(pk_status)); + file_put_data(ef_puk, pk_status, sizeof(pk_status)); for (uint8_t i = 0; i < puks; i++) { file_t *tf = file_new(EF_PUK + i); if (!tf) { release_mkek(mkek); return SW_MEMORY_FAILURE(); } - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } } else if (tag == 0x97) { @@ -122,12 +122,12 @@ int cmd_initialize() { file_t *tf = file_new(EF_DKEK+i); if (!tf) return SW_MEMORY_FAILURE(); - flash_write_data_to_file(tf, NULL, 0); + file_put_data(tf, NULL, 0); } */ } } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); if (!tf_kd) { release_mkek(mkek); return SW_EXEC_ERROR(); @@ -143,7 +143,7 @@ int cmd_initialize() { if (dkeks) { if (*dkeks > 0) { uint16_t d = *dkeks; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } @@ -153,28 +153,28 @@ int cmd_initialize() { return SW_EXEC_ERROR(); } uint16_t d = 0x0101; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } } else { uint16_t d = 0x0000; - if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { + if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) { return SW_EXEC_ERROR(); } } if (kds) { uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS); memset(t, 0xff, 2 * k); - if (flash_write_data_to_file(tf_kd, t, 2 * k) != CCID_OK) { + if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) { return SW_EXEC_ERROR(); } } /* When initialized, it has all credentials */ isUserAuthenticated = true; /* Create terminal private key */ - file_t *fdkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fdkey = search_file(EF_KEY_DEV); if (!fdkey) { return SW_EXEC_ERROR(); } @@ -200,8 +200,8 @@ int cmd_initialize() { return SW_EXEC_ERROR(); } - file_t *fpk = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)cvc_len); + file_t *fpk = search_file(EF_EE_DEV); + ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len); if (ret != 0) { mbedtls_ecdsa_free(&ecdsa); return SW_EXEC_ERROR(); @@ -213,8 +213,8 @@ int cmd_initialize() { } memcpy(res_APDU + cvc_len, res_APDU, cvc_len); mbedtls_ecdsa_free(&ecdsa); - fpk = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)(2 * cvc_len)); + fpk = search_file(EF_TERMCA); + ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len)); if (ret != 0) { return SW_EXEC_ERROR(); } @@ -229,8 +229,8 @@ int cmd_initialize() { 256, res_APDU, 4096); - fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, prkd_len); + fpk = search_file(EF_PRKD_DEV); + ret = file_put_data(fpk, res_APDU, prkd_len); } if (ret != 0) { diff --git a/src/hsm/cmd_key_domain.c b/src/hsm/cmd_key_domain.c index 487a7c5..a73cf47 100644 --- a/src/hsm/cmd_key_domain.c +++ b/src/hsm/cmd_key_domain.c @@ -44,7 +44,7 @@ int cmd_key_domain() { if (p2 >= MAX_KEY_DOMAINS) { return SW_WRONG_P1P2(); } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); if (!tf_kd) { return SW_EXEC_ERROR(); } @@ -83,7 +83,7 @@ int cmd_key_domain() { uint8_t t[MAX_KEY_DOMAINS * 2]; memcpy(t, kdata, tf_kd_size); t[2 * p2 + 1] = current_dkeks; - if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) { + if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) { return SW_EXEC_ERROR(); } low_flash_available(); @@ -129,7 +129,7 @@ int cmd_key_domain() { else if (p1 == 0x4) { t[2 * p2 + 1] = current_dkeks = 0; } - if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) { + if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) { return SW_EXEC_ERROR(); } file_t *tf = NULL; @@ -151,7 +151,7 @@ int cmd_key_domain() { else if (p1 == 0x2) { //XKEK Key Domain creation if (apdu.nc > 0) { uint16_t pub_len = 0; - file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); + file_t *fterm = search_file(EF_TERMCA); if (!fterm) { return SW_EXEC_ERROR(); } @@ -189,7 +189,7 @@ int cmd_key_domain() { t86_len = 0; t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); if (t86) { - flash_write_data_to_file(tf, t86 + 1, (uint16_t)t86_len - 1); + file_put_data(tf, t86 + 1, (uint16_t)t86_len - 1); low_flash_available(); } } diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index 1eb0ecb..83205ac 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -133,7 +133,7 @@ int cmd_key_unwrap() { } if (res_APDU_size > 0) { file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id); - r = flash_write_data_to_file(fpk, res_APDU, res_APDU_size); + r = file_put_data(fpk, res_APDU, res_APDU_size); if (r != 0) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index d303ddc..75529e1 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -40,7 +40,7 @@ int cmd_key_wrap() { if (kdom == 0xff) { return SW_REFERENCE_NOT_FOUND(); } - file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + file_t *tf_kd = search_file(EF_KEY_DOMAIN); uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * kdom] : 0, current_dkeks = kdata ? kdata[2 * kdom + 1] : 0; if (dkeks != current_dkeks || dkeks == 0 || dkeks == 0xff) { diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 22c1e05..fe266ba 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -145,7 +145,7 @@ int cmd_keypair_gen() { return SW_EXEC_ERROR(); } file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id); - ret = flash_write_data_to_file(fpk, res_APDU, res_APDU_size); + ret = file_put_data(fpk, res_APDU, res_APDU_size); if (ret != 0) { return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_list_keys.c b/src/hsm/cmd_list_keys.c index ef92c6f..a7c9fce 100644 --- a/src/hsm/cmd_list_keys.c +++ b/src/hsm/cmd_list_keys.c @@ -21,11 +21,11 @@ int cmd_list_keys() { /* First we send DEV private key */ /* Both below conditions should be always TRUE */ - if (search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF)) { + if (search_file(EF_PRKD_DEV)) { res_APDU[res_APDU_size++] = EF_PRKD_DEV >> 8; res_APDU[res_APDU_size++] = EF_PRKD_DEV & 0xff; } - if (search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF)) { + if (search_file(EF_KEY_DEV)) { res_APDU[res_APDU_size++] = EF_KEY_DEV >> 8; res_APDU[res_APDU_size++] = EF_KEY_DEV & 0xff; } diff --git a/src/hsm/cmd_pso.c b/src/hsm/cmd_pso.c index f2ee8e7..70757a1 100644 --- a/src/hsm/cmd_pso.c +++ b/src/hsm/cmd_pso.c @@ -54,7 +54,7 @@ int cmd_pso() { file_t *ca_ef = search_dynamic_file(fid); if (!ca_ef) { ca_ef = file_new(fid); - flash_write_data_to_file(ca_ef, apdu.data, (uint16_t)apdu.nc); + file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc); if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef), false) != CCID_OK) { return SW_FILE_FULL(); @@ -144,7 +144,7 @@ int cmd_pso() { fid, buf, cd_len); - flash_write_data_to_file(cd_ef, buf, cd_len); + file_put_data(cd_ef, buf, cd_len); free(buf); if (r == 0) { return SW_EXEC_ERROR(); diff --git a/src/hsm/cmd_puk_auth.c b/src/hsm/cmd_puk_auth.c index a6ff158..ac4b102 100644 --- a/src/hsm/cmd_puk_auth.c +++ b/src/hsm/cmd_puk_auth.c @@ -21,7 +21,7 @@ int cmd_puk_auth() { uint8_t p1 = P1(apdu), p2 = P2(apdu); - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); + file_t *ef_puk = search_file(EF_PUKAUT); if (!file_has_data(ef_puk)) { if (apdu.nc > 0) { return SW_FILE_NOT_FOUND(); @@ -48,7 +48,7 @@ int cmd_puk_auth() { uint8_t *tmp = (uint8_t *) calloc(file_get_size(ef_puk), sizeof(uint8_t)); memcpy(tmp, puk_data, file_get_size(ef_puk)); tmp[1] = puk_data[1] - 1; - flash_write_data_to_file(ef_puk, tmp, file_get_size(ef_puk)); + file_put_data(ef_puk, tmp, file_get_size(ef_puk)); puk_data = file_get_data(ef_puk); free(tmp); } @@ -61,7 +61,7 @@ int cmd_puk_auth() { return SW_MEMORY_FAILURE(); } } - flash_write_data_to_file(ef, apdu.data, (uint16_t)apdu.nc); + file_put_data(ef, apdu.data, (uint16_t)apdu.nc); low_flash_available(); } else { diff --git a/src/hsm/cmd_read_binary.c b/src/hsm/cmd_read_binary.c index 7c4a6df..ee8d636 100644 --- a/src/hsm/cmd_read_binary.c +++ b/src/hsm/cmd_read_binary.c @@ -25,7 +25,7 @@ int cmd_read_binary() { if ((ins & 0x1) == 0) { if ((p1 & 0x80) != 0) { - if (!(ef = search_by_fid(p1 & 0x1f, NULL, SPECIFY_EF))) { + if (!(ef = search_file(p1 & 0x1f))) { return SW_FILE_NOT_FOUND(); } offset = p2; @@ -37,7 +37,7 @@ int cmd_read_binary() { } else { if (p1 == 0 && (p2 & 0xE0) == 0 && (p2 & 0x1f) != 0 && (p2 & 0x1f) != 0x1f) { - if (!(ef = search_by_fid(p2 & 0x1f, NULL, SPECIFY_EF))) { + if (!(ef = search_file(p2 & 0x1f))) { return SW_FILE_NOT_FOUND(); } } @@ -46,9 +46,7 @@ int cmd_read_binary() { if (file_id == 0x0) { ef = currentEF; } - else if (!(ef = - search_by_fid(file_id, NULL, - SPECIFY_EF)) && !(ef = search_dynamic_file(file_id))) { + else if (!(ef = search_file(file_id))) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_reset_retry.c b/src/hsm/cmd_reset_retry.c index f4567d5..d17dc57 100644 --- a/src/hsm/cmd_reset_retry.c +++ b/src/hsm/cmd_reset_retry.c @@ -36,7 +36,7 @@ int cmd_reset_retry() { if (P1(apdu) == 0x0 || P1(apdu) == 0x2) { uint8_t newpin_len = 0; if (P1(apdu) == 0x0) { - uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin)); + uint8_t so_pin_len = file_read_uint8(file_sopin); if ((uint16_t)apdu.nc <= so_pin_len + 1) { return SW_WRONG_LENGTH(); } @@ -58,7 +58,7 @@ int cmd_reset_retry() { uint8_t dhash[33]; dhash[0] = newpin_len; double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1); - flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); + file_put_data(file_pin1, dhash, sizeof(dhash)); if (pin_reset_retries(file_pin1, true) != CCID_OK) { return SW_MEMORY_FAILURE(); } @@ -82,7 +82,7 @@ int cmd_reset_retry() { return SW_COMMAND_NOT_ALLOWED(); } if (P1(apdu) == 0x1) { - uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin)); + uint8_t so_pin_len = file_read_uint8(file_sopin); if (apdu.nc != so_pin_len) { return SW_WRONG_LENGTH(); } diff --git a/src/hsm/cmd_select.c b/src/hsm/cmd_select.c index 3c8da6d..1ecf491 100644 --- a/src/hsm/cmd_select.c +++ b/src/hsm/cmd_select.c @@ -63,8 +63,7 @@ int cmd_select() { pfx == DCOD_PREFIX || pfx == DATA_PREFIX || pfx == PROT_DATA_PREFIX) {*/ - if (fid != 0x0 && !(pe = search_dynamic_file(fid)) && - !(pe = search_by_fid(fid, NULL, SPECIFY_EF))) { + if (fid != 0x0 && !(pe = search_file(fid))) { return SW_FILE_NOT_FOUND(); } /*}*/ diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c index b75eedb..0ba2dc7 100644 --- a/src/hsm/cmd_signature.c +++ b/src/hsm/cmd_signature.c @@ -104,10 +104,7 @@ int cmd_signature() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if ((!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) && - !(fkey = - search_by_fid((KEY_PREFIX << 8) | key_id, NULL, - SPECIFY_EF))) || !file_has_data(fkey)) { + if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { return SW_FILE_NOT_FOUND(); } if (get_key_counter(fkey) == 0) { diff --git a/src/hsm/cmd_update_ef.c b/src/hsm/cmd_update_ef.c index 4b6ec18..7eba19a 100644 --- a/src/hsm/cmd_update_ef.c +++ b/src/hsm/cmd_update_ef.c @@ -72,15 +72,12 @@ int cmd_update_ef() { if (fid == 0x0 && !ef) { return SW_FILE_NOT_FOUND(); } - else if (fid != 0x0 && - !(ef = - search_by_fid(fid, NULL, - SPECIFY_EF)) && !(ef = search_dynamic_file(fid))) { //if does not exist, create it + else if (fid != 0x0 && !(ef = search_file(fid))) { //if does not exist, create it //return SW_FILE_NOT_FOUND(); ef = file_new(fid); } if (offset == 0) { - int r = flash_write_data_to_file(ef, data, data_len); + int r = file_put_data(ef, data, data_len); if (r != CCID_OK) { return SW_MEMORY_FAILURE(); } @@ -93,7 +90,7 @@ int cmd_update_ef() { uint8_t *data_merge = (uint8_t *) calloc(1, offset + data_len); memcpy(data_merge, file_get_data(ef), offset); memcpy(data_merge + offset, data, data_len); - int r = flash_write_data_to_file(ef, data_merge, offset + data_len); + int r = file_put_data(ef, data_merge, offset + data_len); free(data_merge); if (r != CCID_OK) { return SW_MEMORY_FAILURE(); diff --git a/src/hsm/cmd_verify.c b/src/hsm/cmd_verify.c index 66a725a..829cb11 100644 --- a/src/hsm/cmd_verify.c +++ b/src/hsm/cmd_verify.c @@ -39,25 +39,25 @@ int cmd_verify() { if (apdu.nc > 0) { return check_pin(file_pin1, apdu.data, (uint16_t)apdu.nc); } - if (file_read_uint8(file_get_data(file_retries_pin1)) == 0) { + if (file_read_uint8(file_retries_pin1) == 0) { return SW_PIN_BLOCKED(); } - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_pin1))); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_pin1)); } else if (p2 == 0x88) { //SOPin - if (file_read_uint8(file_get_data(file_sopin)) == 0) { //not initialized + if (file_read_uint8(file_sopin) == 0) { //not initialized return SW_REFERENCE_NOT_FOUND(); } if (apdu.nc > 0) { return check_pin(file_sopin, apdu.data, (uint16_t)apdu.nc); } - if (file_read_uint8(file_get_data(file_retries_sopin)) == 0) { + if (file_read_uint8(file_retries_sopin) == 0) { return SW_PIN_BLOCKED(); } if (has_session_sopin) { return SW_OK(); } - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_sopin))); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_sopin)); } else if (p2 == 0x85) { return SW_OK(); diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index fcc722c..1f9b8f0 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -323,7 +323,7 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa, uint16_t outcar_len = dev_name_len; const uint8_t *outcar = dev_name; uint16_t outcar_size = asn1_len_tag(0x42, outcar_len); - file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); + file_t *fkey = search_file(EF_KEY_DEV); if (!fkey) { return 0; } diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 4d317b8..e6c023e 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -57,14 +57,14 @@ int load_mkek(uint8_t *mkek) { } const uint8_t *pin = NULL; if (pin == NULL && has_session_pin == true) { - file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK); if (file_has_data(tf)) { memcpy(mkek, file_get_data(tf), MKEK_SIZE); pin = session_pin; } } if (pin == NULL && has_session_sopin == true) { - file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK_SO); if (file_has_data(tf)) { memcpy(mkek, file_get_data(tf), MKEK_SIZE); pin = session_sopin; @@ -137,7 +137,7 @@ int store_mkek(const uint8_t *mkek) { if (has_session_pin) { uint8_t tmp_mkek_pin[MKEK_SIZE]; memcpy(tmp_mkek_pin, tmp_mkek, MKEK_SIZE); - file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK); if (!tf) { release_mkek(tmp_mkek); release_mkek(tmp_mkek_pin); @@ -147,13 +147,13 @@ int store_mkek(const uint8_t *mkek) { MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE); - flash_write_data_to_file(tf, tmp_mkek_pin, MKEK_SIZE); + file_put_data(tf, tmp_mkek_pin, MKEK_SIZE); release_mkek(tmp_mkek_pin); } if (has_session_sopin) { uint8_t tmp_mkek_sopin[MKEK_SIZE]; memcpy(tmp_mkek_sopin, tmp_mkek, MKEK_SIZE); - file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF); + file_t *tf = search_file(EF_MKEK_SO); if (!tf) { release_mkek(tmp_mkek); release_mkek(tmp_mkek_sopin); @@ -163,7 +163,7 @@ int store_mkek(const uint8_t *mkek) { MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE); - flash_write_data_to_file(tf, tmp_mkek_sopin, MKEK_SIZE); + file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE); release_mkek(tmp_mkek_sopin); } low_flash_available(); @@ -180,7 +180,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) { if (r != CCID_OK) { return r; } - flash_write_data_to_file(tf, dkek, DKEK_KEY_SIZE); + file_put_data(tf, dkek, DKEK_KEY_SIZE); low_flash_available(); return CCID_OK; } @@ -213,7 +213,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) { for (int i = 0; i < DKEK_KEY_SIZE; i++) { tmp_dkek[i] ^= share[i]; } - flash_write_data_to_file(tf, tmp_dkek, DKEK_KEY_SIZE); + file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE); low_flash_available(); return CCID_OK; } diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 03252ba..8a426dd 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -94,45 +94,45 @@ INITIALIZER( sc_hsm_ctor ) { } void scan_files() { - file_pin1 = search_by_fid(0x1081, NULL, SPECIFY_EF); + file_pin1 = search_file(0x1081); if (file_pin1) { if (!file_pin1->data) { printf("PIN1 is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; - flash_write_data_to_file(file_pin1, empty, sizeof(empty)); + file_put_data(file_pin1, empty, sizeof(empty)); } } else { printf("FATAL ERROR: PIN1 not found in memory!\n"); } - file_sopin = search_by_fid(0x1088, NULL, SPECIFY_EF); + file_sopin = search_file(0x1088); if (file_sopin) { if (!file_sopin->data) { printf("SOPIN is empty. Initializing with default password\n"); const uint8_t empty[33] = { 0 }; - flash_write_data_to_file(file_sopin, empty, sizeof(empty)); + file_put_data(file_sopin, empty, sizeof(empty)); } } else { printf("FATAL ERROR: SOPIN not found in memory!\n"); } - file_retries_pin1 = search_by_fid(0x1083, NULL, SPECIFY_EF); + file_retries_pin1 = search_file(0x1083); if (file_retries_pin1) { if (!file_retries_pin1->data) { printf("Retries PIN1 is empty. Initializing with default retriesr\n"); const uint8_t retries = 3; - flash_write_data_to_file(file_retries_pin1, &retries, sizeof(uint8_t)); + file_put_data(file_retries_pin1, &retries, sizeof(uint8_t)); } } else { printf("FATAL ERROR: Retries PIN1 not found in memory!\n"); } - file_retries_sopin = search_by_fid(0x108A, NULL, SPECIFY_EF); + file_retries_sopin = search_file(0x108A); if (file_retries_sopin) { if (!file_retries_sopin->data) { printf("Retries SOPIN is empty. Initializing with default retries\n"); const uint8_t retries = 15; - flash_write_data_to_file(file_retries_sopin, &retries, sizeof(uint8_t)); + file_put_data(file_retries_sopin, &retries, sizeof(uint8_t)); } } else { @@ -140,23 +140,23 @@ void scan_files() { } file_t *tf = NULL; - tf = search_by_fid(0x1082, NULL, SPECIFY_EF); + tf = search_file(0x1082); if (tf) { if (!tf->data) { printf("Max retries PIN1 is empty. Initializing with default max retriesr\n"); const uint8_t retries = 3; - flash_write_data_to_file(tf, &retries, sizeof(uint8_t)); + file_put_data(tf, &retries, sizeof(uint8_t)); } } else { printf("FATAL ERROR: Max Retries PIN1 not found in memory!\n"); } - tf = search_by_fid(0x1089, NULL, SPECIFY_EF); + tf = search_file(0x1089); if (tf) { if (!tf->data) { printf("Max Retries SOPIN is empty. Initializing with default max retries\n"); const uint8_t retries = 15; - flash_write_data_to_file(tf, &retries, sizeof(uint8_t)); + file_put_data(tf, &retries, sizeof(uint8_t)); } } else { @@ -227,7 +227,7 @@ void reset_puk_store() { } memset(puk_store, 0, sizeof(puk_store)); puk_store_entries = 0; - file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); + file_t *fterm = search_file(EF_TERMCA); if (fterm) { uint8_t *p = NULL, *fterm_data = file_get_data(fterm), *pq = fterm_data; uint16_t fterm_data_len = file_get_size(fterm); @@ -239,7 +239,7 @@ void reset_puk_store() { } } for (int i = 0; i < 0xfe; i++) { - file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i); + file_t *ef = search_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i); if (ef && file_get_size(ef) > 0) { add_cert_puk_store(file_get_data(ef), file_get_size(ef), false); } @@ -264,9 +264,9 @@ int sc_hsm_unload() { } uint16_t get_device_options() { - file_t *ef = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); + file_t *ef = search_file(EF_DEVOPS); if (file_has_data(ef)) { - return (file_read_uint8(file_get_data(ef)) << 8) | file_read_uint8(file_get_data(ef) + 1); + return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1); } return 0x0; } @@ -318,17 +318,17 @@ int pin_reset_retries(const file_t *pin, bool force) { if (!pin) { return CCID_ERR_NULL_PARAM; } - const file_t *max = search_by_fid(pin->fid + 1, NULL, SPECIFY_EF); - const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF); + const file_t *max = search_file(pin->fid + 1); + const file_t *act = search_file(pin->fid + 2); if (!max || !act) { return CCID_ERR_FILE_NOT_FOUND; } - uint8_t retries = file_read_uint8(file_get_data(act)); + uint8_t retries = file_read_uint8(act); if (retries == 0 && force == false) { // blocked return CCID_ERR_BLOCKED; } - retries = file_read_uint8(file_get_data(max)); - int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries)); + retries = file_read_uint8(max); + int r = file_put_data((file_t *) act, &retries, sizeof(retries)); low_flash_available(); return r; } @@ -337,14 +337,14 @@ int pin_wrong_retry(const file_t *pin) { if (!pin) { return CCID_ERR_NULL_PARAM; } - const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF); + const file_t *act = search_file(pin->fid + 2); if (!act) { return CCID_ERR_FILE_NOT_FOUND; } - uint8_t retries = file_read_uint8(file_get_data(act)); + uint8_t retries = file_read_uint8(act); if (retries > 0) { retries -= 1; - int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries)); + int r = file_put_data((file_t *) act, &retries, sizeof(retries)); if (r != CCID_OK) { return r; } @@ -358,8 +358,8 @@ int pin_wrong_retry(const file_t *pin) { } bool pka_enabled() { - file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF); - return file_has_data(ef_puk) && file_read_uint8(file_get_data(ef_puk)) > 0; + file_t *ef_puk = search_file(EF_PUKAUT); + return file_has_data(ef_puk) && file_read_uint8(ef_puk) > 0; } uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) { @@ -544,7 +544,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { if (r != CCID_OK) { return r; } - r = flash_write_data_to_file(fpk, kdata, (uint16_t)key_size); + r = file_put_data(fpk, kdata, (uint16_t)key_size); if (r != CCID_OK) { return r; } @@ -556,7 +556,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { uint16_t prkd_len = asn1_build_prkd_generic(NULL, 0, (uint8_t *)key_id_str, (uint16_t)strlen(key_id_str), key_size * 8, type, kdata, sizeof(kdata)); if (prkd_len > 0) { fpk = file_new((PRKD_PREFIX << 8) | key_id); - r = flash_write_data_to_file(fpk, kdata, prkd_len); + r = file_put_data(fpk, kdata, prkd_len); if (r != 0) { return SW_EXEC_ERROR(); } From 35d5d5e94ee9091a665d742cba71d95a96dbf743 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 19:19:45 +0200 Subject: [PATCH 06/13] Use search_file() method. Signed-off-by: Pol Henarejos --- src/hsm/cmd_bip_slip.c | 2 +- src/hsm/cmd_cipher_sym.c | 2 +- src/hsm/cmd_decrypt_asym.c | 4 ++-- src/hsm/cmd_delete_file.c | 4 ++-- src/hsm/cmd_derive_asym.c | 2 +- src/hsm/cmd_key_domain.c | 10 +++++----- src/hsm/cmd_key_wrap.c | 4 ++-- src/hsm/cmd_keypair_gen.c | 2 +- src/hsm/cmd_mse.c | 2 +- src/hsm/cmd_pso.c | 2 +- src/hsm/cmd_puk_auth.c | 6 +++--- src/hsm/kek.c | 8 ++++---- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/hsm/cmd_bip_slip.c b/src/hsm/cmd_bip_slip.c index 15cce9b..20f271c 100644 --- a/src/hsm/cmd_bip_slip.c +++ b/src/hsm/cmd_bip_slip.c @@ -113,7 +113,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32], uint8_t key_type[1]) { uint8_t mkey[65]; mbedtls_ecp_keypair_init(ctx); - file_t *ef = search_dynamic_file(EF_MASTER_SEED | mid); + file_t *ef = search_file(EF_MASTER_SEED | mid); if (!file_has_data(ef)) { return CCID_ERR_FILE_NOT_FOUND; } diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index 6de1409..a99d465 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -170,7 +170,7 @@ int cmd_cipher_sym() { if (wait_button_pressed() == true) { // timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (hd_keytype == 0) { if (!ef) { return SW_FILE_NOT_FOUND(); diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c index e68853e..fc9777e 100644 --- a/src/hsm/cmd_decrypt_asym.c +++ b/src/hsm/cmd_decrypt_asym.c @@ -32,7 +32,7 @@ int cmd_decrypt_asym() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (!ef) { return SW_FILE_NOT_FOUND(); } @@ -174,7 +174,7 @@ int cmd_decrypt_asym() { return SW_WRONG_DATA(); } for (uint8_t n = 0; n < MAX_KEY_DOMAINS; n++) { - file_t *tf = search_dynamic_file(EF_XKEK + n); + file_t *tf = search_file(EF_XKEK + n); if (tf) { if (file_get_size(tf) == kdom_uid.len && memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) { diff --git a/src/hsm/cmd_delete_file.c b/src/hsm/cmd_delete_file.c index 90a9616..0919293 100644 --- a/src/hsm/cmd_delete_file.c +++ b/src/hsm/cmd_delete_file.c @@ -25,13 +25,13 @@ int cmd_delete_file() { if (apdu.nc == 0) { ef = currentEF; - if (!(ef = search_dynamic_file(ef->fid))) { + if (!(ef = search_file(ef->fid))) { return SW_FILE_NOT_FOUND(); } } else { uint16_t fid = (apdu.data[0] << 8) | apdu.data[1]; - if (!(ef = search_dynamic_file(fid))) { + if (!(ef = search_file(fid))) { return SW_FILE_NOT_FOUND(); } } diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c index ff59009..47e26ed 100644 --- a/src/hsm/cmd_derive_asym.c +++ b/src/hsm/cmd_derive_asym.c @@ -43,7 +43,7 @@ int cmd_derive_asym() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { + if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) { return SW_FILE_NOT_FOUND(); } if (key_has_purpose(fkey, ALGO_EC_DERIVE) == false) { diff --git a/src/hsm/cmd_key_domain.c b/src/hsm/cmd_key_domain.c index a73cf47..6566996 100644 --- a/src/hsm/cmd_key_domain.c +++ b/src/hsm/cmd_key_domain.c @@ -89,7 +89,7 @@ int cmd_key_domain() { low_flash_available(); } else { - file_t *tf = search_dynamic_file(EF_XKEK + p2); + file_t *tf = search_file(EF_XKEK + p2); if (2 * p2 >= tf_kd_size) { return SW_INCORRECT_P1P2(); } @@ -104,7 +104,7 @@ int cmd_key_domain() { } if (p1 == 0x3) { //if key domain is not empty, command is denied for (uint16_t i = 1; i < 256; i++) { - file_t *fkey = search_dynamic_file(KEY_PREFIX << 8 | (uint8_t)i); + file_t *fkey = search_file(KEY_PREFIX << 8 | (uint8_t)i); if (get_key_domain(fkey) == p2) { return SW_FILE_EXISTS(); } @@ -133,12 +133,12 @@ int cmd_key_domain() { return SW_EXEC_ERROR(); } file_t *tf = NULL; - if ((tf = search_dynamic_file(EF_DKEK + p2))) { + if ((tf = search_file(EF_DKEK + p2))) { if (delete_file(tf) != CCID_OK) { return SW_EXEC_ERROR(); } } - if (p1 == 0x3 && (tf = search_dynamic_file(EF_XKEK + p2))) { + if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) { if (delete_file(tf) != CCID_OK) { return SW_EXEC_ERROR(); } @@ -203,7 +203,7 @@ int cmd_key_domain() { res_APDU[1] = dkeks > current_dkeks ? dkeks - current_dkeks : 0; dkek_kcv(p2, res_APDU + 2); res_APDU_size = 2 + 8; - file_t *tf = search_dynamic_file(EF_XKEK + p2); + file_t *tf = search_file(EF_XKEK + p2); if (tf) { memcpy(res_APDU + 10, file_get_data(tf), file_get_size(tf)); res_APDU_size += file_get_size(tf); diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index 75529e1..1244ed9 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -32,7 +32,7 @@ int cmd_key_wrap() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); + file_t *ef = search_file((KEY_PREFIX << 8) | key_id); if (!ef) { return SW_FILE_NOT_FOUND(); } @@ -49,7 +49,7 @@ int cmd_key_wrap() { if (key_has_purpose(ef, ALGO_WRAP) == false) { return SW_CONDITIONS_NOT_SATISFIED(); } - file_t *prkd = search_dynamic_file((PRKD_PREFIX << 8) | key_id); + file_t *prkd = search_file((PRKD_PREFIX << 8) | key_id); if (!prkd) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index fe266ba..c0639c4 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -98,7 +98,7 @@ int cmd_keypair_gen() { if (a92.data[0] > MAX_KEY_DOMAINS) { return SW_WRONG_DATA(); } - file_t *tf_xkek = search_dynamic_file(EF_XKEK + a92.data[0]); + file_t *tf_xkek = search_file(EF_XKEK + a92.data[0]); if (!tf_xkek) { return SW_WRONG_DATA(); } diff --git a/src/hsm/cmd_mse.c b/src/hsm/cmd_mse.c index f930494..1e6a5a4 100644 --- a/src/hsm/cmd_mse.c +++ b/src/hsm/cmd_mse.c @@ -57,7 +57,7 @@ int cmd_mse() { } else if (p2 == 0xA4) { /* Aut */ for (uint8_t i = 0; i < MAX_PUK; i++) { - file_t *ef = search_dynamic_file(EF_PUK + i); + file_t *ef = search_file(EF_PUK + i); if (!ef) { break; } diff --git a/src/hsm/cmd_pso.c b/src/hsm/cmd_pso.c index 70757a1..cbaec4d 100644 --- a/src/hsm/cmd_pso.c +++ b/src/hsm/cmd_pso.c @@ -51,7 +51,7 @@ int cmd_pso() { } for (uint8_t i = 0; i < 0xfe; i++) { uint16_t fid = (CA_CERTIFICATE_PREFIX << 8) | i; - file_t *ca_ef = search_dynamic_file(fid); + file_t *ca_ef = search_file(fid); if (!ca_ef) { ca_ef = file_new(fid); file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc); diff --git a/src/hsm/cmd_puk_auth.c b/src/hsm/cmd_puk_auth.c index ac4b102..aaf835d 100644 --- a/src/hsm/cmd_puk_auth.c +++ b/src/hsm/cmd_puk_auth.c @@ -37,7 +37,7 @@ int cmd_puk_auth() { return SW_INCORRECT_P1P2(); } for (uint8_t i = 0; i < puk_data[0]; i++) { - ef = search_dynamic_file(EF_PUK + i); + ef = search_file(EF_PUK + i); if (!ef) { /* Never should not happen */ return SW_MEMORY_FAILURE(); } @@ -56,7 +56,7 @@ int cmd_puk_auth() { if (p2 >= puk_data[0]) { return SW_INCORRECT_P1P2(); } - ef = search_dynamic_file(EF_PUK + p2); + ef = search_file(EF_PUK + p2); if (!ef) { /* Never should not happen */ return SW_MEMORY_FAILURE(); } @@ -72,7 +72,7 @@ int cmd_puk_auth() { if (p2 >= puk_data[0]) { return SW_INCORRECT_P1P2(); } - file_t *ef = search_dynamic_file(EF_PUK + p2); + file_t *ef = search_file(EF_PUK + p2); if (!ef) { return SW_INCORRECT_P1P2(); } diff --git a/src/hsm/kek.c b/src/hsm/kek.c index e6c023e..945341e 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -109,7 +109,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) { } int load_dkek(uint8_t id, uint8_t *dkek) { - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -172,7 +172,7 @@ int store_mkek(const uint8_t *mkek) { } int store_dkek_key(uint8_t id, uint8_t *dkek) { - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -188,7 +188,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) { int save_dkek_key(uint8_t id, const uint8_t *key) { uint8_t dkek[DKEK_KEY_SIZE]; if (!key) { - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } @@ -202,7 +202,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) { int import_dkek_share(uint8_t id, const uint8_t *share) { uint8_t tmp_dkek[DKEK_KEY_SIZE]; - file_t *tf = search_dynamic_file(EF_DKEK + id); + file_t *tf = search_file(EF_DKEK + id); if (!tf) { return CCID_ERR_FILE_NOT_FOUND; } From 001d076fdf96987710c4e544c09fa12bd6ac6394 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 19:42:23 +0200 Subject: [PATCH 07/13] Better check for XKEK content. Signed-off-by: Pol Henarejos --- src/hsm/cmd_key_domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/hsm/cmd_key_domain.c b/src/hsm/cmd_key_domain.c index 6566996..43c9a54 100644 --- a/src/hsm/cmd_key_domain.c +++ b/src/hsm/cmd_key_domain.c @@ -93,7 +93,7 @@ int cmd_key_domain() { if (2 * p2 >= tf_kd_size) { return SW_INCORRECT_P1P2(); } - if (current_dkeks == 0xff && !tf) { //XKEK have always 0xff + if (current_dkeks == 0xff && !file_has_data(tf)) { //XKEK have always 0xff return SW_REFERENCE_NOT_FOUND(); } } @@ -204,7 +204,7 @@ int cmd_key_domain() { dkek_kcv(p2, res_APDU + 2); res_APDU_size = 2 + 8; file_t *tf = search_file(EF_XKEK + p2); - if (tf) { + if (file_has_data(tf)) { memcpy(res_APDU + 10, file_get_data(tf), file_get_size(tf)); res_APDU_size += file_get_size(tf); } From 25c93c279fcf871c4a345044509f1f6364a4e24c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 19:42:47 +0200 Subject: [PATCH 08/13] Fix potential crash on loading dkek. Signed-off-by: Pol Henarejos --- src/hsm/kek.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 945341e..688fdbb 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -110,7 +110,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) { int load_dkek(uint8_t id, uint8_t *dkek) { file_t *tf = search_file(EF_DKEK + id); - if (!tf) { + if (!file_has_data(tf)) { return CCID_ERR_FILE_NOT_FOUND; } memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE); From 8e8192362c2c583976fafaa9d28e5d71064ccaf3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 17 Apr 2024 19:43:10 +0200 Subject: [PATCH 09/13] Use macros for referring system fids. Signed-off-by: Pol Henarejos --- src/hsm/cmd_initialize.c | 2 +- src/hsm/files.c | 12 ++++++------ src/hsm/files.h | 8 +++++++- src/hsm/sc_hsm.c | 12 ++++++------ 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index 083d60a..6906481 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -77,7 +77,7 @@ int cmd_initialize() { } } else if (tag == 0x91) { //retries user pin - file_t *tf = search_file(0x1082); + file_t *tf = search_file(EF_PIN1_MAX_RETRIES); if (tf && tf->data) { file_put_data(tf, tag_data, tag_len); } diff --git a/src/hsm/files.c b/src/hsm/files.c index 8a5fb4b..dba2367 100644 --- a/src/hsm/files.c +++ b/src/hsm/files.c @@ -41,22 +41,22 @@ file_t file_entries[] = { .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.TokenInfo /* 8 */ { .fid = 0x5033, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.UnusedSpace - /* 9 */ { .fid = 0x1081, .parent = 5, .name = NULL, + /* 9 */ { .fid = EF_PIN1, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (PIN1) - /* 10 */ { .fid = 0x1082, .parent = 5, .name = NULL, + /* 10 */ { .fid = EF_PIN1_MAX_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (PIN1) - /* 11 */ { .fid = 0x1083, .parent = 5, .name = NULL, + /* 11 */ { .fid = EF_PIN1_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (PIN1) - /* 12 */ { .fid = 0x1088, .parent = 5, .name = NULL, + /* 12 */ { .fid = EF_SOPIN, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (SOPIN) - /* 13 */ { .fid = 0x1089, .parent = 5, .name = NULL, + /* 13 */ { .fid = EF_SOPIN_MAX_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (SOPIN) - /* 14 */ { .fid = 0x108A, .parent = 5, .name = NULL, + /* 14 */ { .fid = EF_SOPIN_RETRIES, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (SOPIN) /* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL, diff --git a/src/hsm/files.h b/src/hsm/files.h index 8637fc8..e436c92 100644 --- a/src/hsm/files.h +++ b/src/hsm/files.h @@ -24,7 +24,13 @@ #define EF_DEVOPS 0x100E #define EF_MKEK 0x100A #define EF_MKEK_SO 0x100B -#define EF_XKEK 0x1080 +#define EF_XKEK 0x1070 +#define EF_PIN1 0x1081 +#define EF_PIN1_MAX_RETRIES 0x1082 +#define EF_PIN1_RETRIES 0x1083 +#define EF_SOPIN 0x1088 +#define EF_SOPIN_MAX_RETRIES 0x1089 +#define EF_SOPIN_RETRIES 0x108A #define EF_DKEK 0x1090 #define EF_KEY_DOMAIN 0x10A0 #define EF_PUKAUT 0x10C0 diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 8a426dd..b0498e1 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -94,7 +94,7 @@ INITIALIZER( sc_hsm_ctor ) { } void scan_files() { - file_pin1 = search_file(0x1081); + file_pin1 = search_file(EF_PIN1); if (file_pin1) { if (!file_pin1->data) { printf("PIN1 is empty. Initializing with default password\n"); @@ -105,7 +105,7 @@ void scan_files() { else { printf("FATAL ERROR: PIN1 not found in memory!\n"); } - file_sopin = search_file(0x1088); + file_sopin = search_file(EF_SOPIN); if (file_sopin) { if (!file_sopin->data) { printf("SOPIN is empty. Initializing with default password\n"); @@ -116,7 +116,7 @@ void scan_files() { else { printf("FATAL ERROR: SOPIN not found in memory!\n"); } - file_retries_pin1 = search_file(0x1083); + file_retries_pin1 = search_file(EF_PIN1_RETRIES); if (file_retries_pin1) { if (!file_retries_pin1->data) { printf("Retries PIN1 is empty. Initializing with default retriesr\n"); @@ -127,7 +127,7 @@ void scan_files() { else { printf("FATAL ERROR: Retries PIN1 not found in memory!\n"); } - file_retries_sopin = search_file(0x108A); + file_retries_sopin = search_file(EF_SOPIN_RETRIES); if (file_retries_sopin) { if (!file_retries_sopin->data) { printf("Retries SOPIN is empty. Initializing with default retries\n"); @@ -140,7 +140,7 @@ void scan_files() { } file_t *tf = NULL; - tf = search_file(0x1082); + tf = search_file(EF_PIN1_MAX_RETRIES); if (tf) { if (!tf->data) { printf("Max retries PIN1 is empty. Initializing with default max retriesr\n"); @@ -151,7 +151,7 @@ void scan_files() { else { printf("FATAL ERROR: Max Retries PIN1 not found in memory!\n"); } - tf = search_file(0x1089); + tf = search_file(EF_SOPIN_MAX_RETRIES); if (tf) { if (!tf->data) { printf("Max Retries SOPIN is empty. Initializing with default max retries\n"); From de89d61359c865751ea098d182959fab4849387d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 22 Apr 2024 23:44:00 +0200 Subject: [PATCH 10/13] Use new file methods. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index ef196bf..a5f19a1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ef196bf10ba29410df712b54beef8a2c4876300a +Subproject commit a5f19a135673d5bd4edb9f10cea65758a3e7e7d5 From 218660e6946b06dcbea37215356f71bc4dce4b61 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 22 Apr 2024 23:47:08 +0200 Subject: [PATCH 11/13] Only allow change PHY without PIN. PIN is required for other extra options. Signed-off-by: Pol Henarejos --- src/hsm/cmd_extras.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index f801852..02736ee 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -28,6 +28,12 @@ #include "mbedtls/chachapoly.h" int cmd_extras() { +#ifndef ENABLE_EMULATION + // Only allow change PHY without PIN + if (!isUserAuthenticated && P1(apdu) != 0x1B) { + return SW_SECURITY_STATUS_NOT_SATISFIED(); + } +#endif if (P1(apdu) == 0xA) { //datetime operations if (P2(apdu) != 0x0) { return SW_INCORRECT_P1P2(); From 294ca81d7d26356ecfe6f9a2dd66f4216ce6e35b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 30 May 2024 19:18:37 +0200 Subject: [PATCH 12/13] Upgrade patch_vidpid with newer Pico Keys SDK. Signed-off-by: Pol Henarejos --- tools/pico-hsm-patch-vidpid.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/pico-hsm-patch-vidpid.sh b/tools/pico-hsm-patch-vidpid.sh index c2881db..6eacdc4 100755 --- a/tools/pico-hsm-patch-vidpid.sh +++ b/tools/pico-hsm-patch-vidpid.sh @@ -17,7 +17,7 @@ # along with this program. If not, see . # -VERSION_MAJOR="4" #Version of Pico CCID Core +VERSION_MAJOR="5" #Version of Pico Keys SDK VERSION_MINOR="0" echo "----------------------------" From 07079b6ba1de4ea095f0c15d21f636e4e9e5cc30 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 30 May 2024 19:19:02 +0200 Subject: [PATCH 13/13] Add descriptive message. Signed-off-by: Pol Henarejos --- tools/pico-hsm-tool.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/pico-hsm-tool.py b/tools/pico-hsm-tool.py index 7d7813f..91840be 100644 --- a/tools/pico-hsm-tool.py +++ b/tools/pico-hsm-tool.py @@ -464,6 +464,8 @@ def phy(picohsm, args): ret = picohsm.phy(args.subcommand, val) if (ret): print(f'Current value: {hexlify(ret)}') + else: + print('Command executed successfully. Please, restart your Pico Key.') def main(args): sys.stderr.buffer.write(b'Pico HSM Tool v1.12\n')