mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

More uint funcs.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2024-12-23 21:41:40 +01:00
parent 6d516b1b78
commit 991f5fc960
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
9 changed files with 60 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit d78e97792682d2bfc73fade50fce74683680571e
Subproject commit f8cb36c2cf5de7f0e8b7cd4a497160e86de50107

2
src/hsm/cmd_delete_file.c
View file

@ -30,7 +30,7 @@ int cmd_delete_file() {
}
}
else {
uint16_t fid = (apdu.data[0] << 8) | apdu.data[1];
uint16_t fid = get_uint16_t_be(apdu.data);
if (!(ef = search_file(fid))) {
return SW_FILE_NOT_FOUND();
}

31
src/hsm/cmd_extras.c
View file

@ -70,8 +70,7 @@ int cmd_extras() {
gettimeofday(&tv, NULL);
#endif
struct tm *tm = localtime(&tv.tv_sec);
put_uint16_t_be(tm->tm_year + 1900, res_APDU);
res_APDU_size += 2;
res_APDU_size += put_uint16_t_be(tm->tm_year + 1900, res_APDU);
res_APDU[res_APDU_size++] = tm->tm_mon;
res_APDU[res_APDU_size++] = tm->tm_mday;
res_APDU[res_APDU_size++] = tm->tm_wday;
@ -84,7 +83,7 @@ int cmd_extras() {
return SW_WRONG_LENGTH();
}
struct tm tm;
tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
tm.tm_year = get_uint16_t_be(apdu.data) - 1900;
tm.tm_mon = apdu.data[2];
tm.tm_mday = apdu.data[3];
tm.tm_wday = apdu.data[4];
@ -110,8 +109,7 @@ int cmd_extras() {
}
uint16_t opts = get_device_options();
if (apdu.nc == 0) {
put_uint16_t_be(opts, res_APDU);
res_APDU_size += 2;
res_APDU_size += put_uint16_t_be(opts, res_APDU);
}
else {
uint8_t newopts[] = { apdu.data[0], (opts & 0xff) };
@ -216,8 +214,8 @@ int cmd_extras() {
if (apdu.nc != 4) {
return SW_WRONG_LENGTH();
}
phy_data.vid = (apdu.data[0] << 8) | apdu.data[1];
phy_data.pid = (apdu.data[2] << 8) | apdu.data[3];
phy_data.vid = get_uint16_t_be(apdu.data);
phy_data.pid = get_uint16_t_be(apdu.data + 2);
phy_data.vidpid_present = true;
}
else if (P2(apdu) == PHY_LED_GPIO) {
@ -232,7 +230,7 @@ int cmd_extras() {
if (apdu.nc != 2) {
return SW_WRONG_LENGTH();
}
phy_data.opts = (apdu.data[0] << 8) | apdu.data[1];
phy_data.opts = get_uint16_t_be(apdu.data);
}
else {
return SW_INCORRECT_P1P2();
@ -253,7 +251,7 @@ int cmd_extras() {
if (apdu.nc < 2) {
return SW_WRONG_LENGTH();
}
uint16_t row = (apdu.data[0] << 8) | apdu.data[1];
uint16_t row = get_uint16_t_be(apdu.data);
bool israw = P2(apdu) == 0x1;
if (apdu.nc == 2) {
if (row > 0xbf && row < 0xf48) {
@ -302,16 +300,11 @@ int cmd_extras() {
else if (cmd == CMD_MEMORY) {
res_APDU_size = 0;
uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size();
put_uint32_t_be(free, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(used, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(total, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
res_APDU_size += 4;
put_uint32_t_be(size, res_APDU + res_APDU_size);
res_APDU_size += 4;
res_APDU_size += put_uint32_t_be(free, res_APDU + res_APDU_size);
res_APDU_size += put_uint32_t_be(used, res_APDU + res_APDU_size);
res_APDU_size += put_uint32_t_be(total, res_APDU + res_APDU_size);
res_APDU_size += put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
res_APDU_size += put_uint32_t_be(size, res_APDU + res_APDU_size);
}
else {
return SW_INCORRECT_P1P2();

3
src/hsm/cmd_initialize.c
View file

@ -247,8 +247,7 @@ int cmd_initialize() {
}
else { //free memory bytes request
int heap_left = heapLeft();
put_uint32_t_be(heap_left, res_APDU);
res_APDU_size = 4;
res_APDU_size += put_uint32_t_be(heap_left, res_APDU);
res_APDU[4] = 0;
res_APDU[5] = HSM_VERSION_MAJOR;
res_APDU[6] = HSM_VERSION_MINOR;

6
src/hsm/cmd_list_keys.c
View file

@ -22,12 +22,10 @@ int cmd_list_keys() {
/* First we send DEV private key */
/* Both below conditions should be always TRUE */
if (search_file(EF_PRKD_DEV)) {
put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size);
res_APDU_size += 2;
res_APDU_size += put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size);
}
if (search_file(EF_KEY_DEV)) {
put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size);
res_APDU_size += 2;
res_APDU_size += put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size);
}
//first CC
for (int i = 0; i < dynamic_files; i++) {

5
src/hsm/cmd_select.c
View file

@ -48,7 +48,7 @@ int cmd_select() {
//}
if (apdu.nc == 2) {
fid = get_uint16_t_be(apdu.data, 0);
fid = get_uint16_t_be(apdu.data);
}
//if ((fid & 0xff00) == (KEY_PREFIX << 8))
@ -119,8 +119,7 @@ int cmd_select() {
res_APDU[res_APDU_size++] = 0x85;
res_APDU[res_APDU_size++] = 5;
uint16_t opts = get_device_options();
put_uint16_t_be(opts, res_APDU + res_APDU_size);
res_APDU_size += 2;
res_APDU_size += put_uint16_t_be(opts, res_APDU + res_APDU_size);
res_APDU[res_APDU_size++] = 0xFF;
res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR;
res_APDU[res_APDU_size++] = HSM_VERSION_MINOR;

6
src/hsm/cvc.c
View file

@ -497,8 +497,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
p += format_tlv_len(asn1_len_tag(0x2, 2), p);
*p++ = 0x2;
p += format_tlv_len(2, p);
put_uint16_t_be(keysize, p);
p += 2;
p += put_uint16_t_be(keysize, p);
}
//Seq 4
@ -517,8 +516,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
*p++ = 0x2;
p += format_tlv_len(2, p);
put_uint16_t_be(keysize, p);
p += 2;
p += put_uint16_t_be(keysize, p);
}
return (uint16_t)(p - buf);
}

72
src/hsm/kek.c
View file

@ -341,15 +341,15 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
kb_len = 0;
put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E));
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E);
@ -362,32 +362,32 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
kb_len = 0;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len);
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P);
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += (uint16_t)olen;
put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len);
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
kb_len += (uint16_t)olen;
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
algo_len = 12;
@ -418,7 +418,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
}
if (allowed && allowed_len > 0) {
put_uint16_t_be(allowed_len, out + *out_len); *out_len += 2;
*out_len += put_uint16_t_be(allowed_len, out + *out_len);
memcpy(out + *out_len, allowed, allowed_len);
*out_len += allowed_len;
}
@ -526,21 +526,21 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
uint16_t ofs = 9;
//OID
uint16_t len = get_uint16_t_be(in, ofs);
uint16_t len = get_uint16_t_be(in + ofs);
ofs += len + 2;
//Allowed algorithms
len = get_uint16_t_be(in, ofs);
len = get_uint16_t_be(in + ofs);
*allowed = (uint8_t *) (in + ofs + 2);
*allowed_len = len;
ofs += len + 2;
//Access conditions
len = get_uint16_t_be(in, ofs);
len = get_uint16_t_be(in + ofs);
ofs += len + 2;
//Key OID
len = get_uint16_t_be(in, ofs);
len = get_uint16_t_be(in + ofs);
ofs += len + 2;
if ((in_len - 16 - ofs) % 16 != 0) {
@ -554,7 +554,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
return r;
}
int key_size = get_uint16_t_be(kb, 8);
int key_size = get_uint16_t_be(kb + 8);
if (key_size_out) {
*key_size_out = key_size;
}
@ -563,14 +563,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
mbedtls_rsa_init(rsa);
if (key_type == 5) {
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return PICOKEY_WRONG_DATA;
}
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -579,12 +579,12 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
}
else if (key_type == 6) {
//DP-1
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//DQ-1
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -592,19 +592,19 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
}
//PQ
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return PICOKEY_WRONG_DATA;
}
//N
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
}
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
@ -642,13 +642,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
mbedtls_ecdsa_init(ecdsa);
//A
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//B
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//P
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
mbedtls_ecdsa_free(ecdsa);
@ -657,13 +657,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
ofs += len;
//N
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//G
len = get_uint16_t_be(kb, ofs); ofs += len + 2;
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
//d
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
@ -672,7 +672,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
ofs += len;
//Q
len = get_uint16_t_be(kb, ofs); ofs += 2;
len = get_uint16_t_be(kb + ofs); ofs += 2;
r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
if (r != 0) {
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);

7
src/hsm/sc_hsm.c
View file

@ -269,7 +269,7 @@ int sc_hsm_unload() {
uint16_t get_device_options() {
file_t *ef = search_file(EF_DEVOPS);
if (file_has_data(ef)) {
return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1);
return get_uint16_t_be(file_get_data(ef));
}
return 0x0;
}
@ -462,7 +462,7 @@ uint32_t get_key_counter(file_t *fkey) {
uint16_t tag_len = 0;
const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len);
if (meta_tag) {
return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3];
return get_uint32_t_be(meta_tag);
}
return 0xffffffff;
}
@ -498,8 +498,7 @@ uint32_t decrement_key_counter(file_t *fkey) {
asn1_ctx_init(meta_data, meta_size, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x90) { // ofset tag
uint32_t val =
(tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3];
uint32_t val = get_uint32_t_be(tag_data);
val--;
put_uint32_t_be(val, tag_data);
int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);