Merge branch 'esp32' into development

2026-01-17 09:28:05 +00:00 · 2024-06-19 22:03:47 +02:00 · 2024-06-19 22:03:47 +02:00 · b4671c2ecb
commit b4671c2ecb
parent 50a29519bd 7cb0bbf982
16 changed files with 127 additions and 33 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -17,6 +17,15 @@

 cmake_minimum_required(VERSION 3.13)

+if(ESP_PLATFORM)
+set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+set(USB_VID 0x20a0)
+set(USB_PID 0x4230)
+set(DEBUG_APDU 1)
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
+else()
 if(ENABLE_EMULATION)
 else()
 include(pico_sdk_import.cmake)
@ -27,8 +36,7 @@ project(pico_hsm C CXX ASM)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)

-if(ENABLE_EMULATION)
-else()
+if(NOT ENABLE_EMULATION)
 pico_sdk_init()
 endif()

@ -40,7 +48,7 @@ if (__FOR_CI)
 endif()

 add_executable(pico_hsm)
-
+endif()
 set(SOURCES ${SOURCES}
        ${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
        ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
@ -77,11 +85,14 @@ set(SOURCES ${SOURCES}
        )
 set(USB_ITF_CCID 1)
 include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+if(ESP_PLATFORM)
+    project(pico_hsm)
+endif()

 set(INCLUDES ${INCLUDES}
        ${CMAKE_CURRENT_LIST_DIR}/src/hsm
        )
-
+if(NOT ESP_PLATFORM)
 target_sources(pico_hsm PUBLIC ${SOURCES})
 target_include_directories(pico_hsm PUBLIC ${INCLUDES})

@ -120,3 +131,4 @@ else()
 pico_add_extra_outputs(pico_hsm)
 target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
 endif()
+endif()
--- a/sdkconfig.defaults
+++ b/sdkconfig.defaults
@ -0,0 +1,53 @@
+# This file was generated using idf.py save-defconfig. It can be edited manually.
+# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
+#
+IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
+
+CONFIG_TINYUSB=y
+
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
+CONFIG_WL_SECTOR_SIZE_512=y
+CONFIG_WL_SECTOR_MODE_PERF=y
+
+CONFIG_MBEDTLS_CMAC_C=y
+CONFIG_MBEDTLS_CHACHA20_C=y
+CONFIG_MBEDTLS_POLY1305_C=y
+CONFIG_MBEDTLS_CHACHAPOLY_C=y
+CONFIG_MBEDTLS_HKDF_C=y
+CONFIG_MBEDTLS_HARDWARE_ECC=y
+CONFIG_MBEDTLS_HARDWARE_GCM=y
+# CONFIG_MBEDTLS_HARDWARE_MPI is not set
+CONFIG_MBEDTLS_HARDWARE_SHA=y
+CONFIG_MBEDTLS_HARDWARE_AES=y
+# CONFIG_MBEDTLS_ROM_MD5 is not set
+CONFIG_MBEDTLS_SHA512_C=y
+CONFIG_MBEDTLS_TLS_DISABLED=y
+# CONFIG_MBEDTLS_TLS_ENABLED is not set
+# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set
+# CONFIG_ESP_WIFI_ENABLED is not set
+# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
+# CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set
+# CONFIG_WPA_MBEDTLS_CRYPTO is not set
+# CONFIG_MBEDTLS_PSK_MODES is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA is not set
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set
+# CONFIG_MBEDTLS_SSL_ALPN is not set
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
+
+CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y
--- a/src/hsm/CMakeLists.txt
+++ b/src/hsm/CMakeLists.txt
@ -0,0 +1,6 @@
+idf_component_register(
+    SRCS ${SOURCES}
+    INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb
+    REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
+)
+idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@ -15,16 +15,15 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/hkdf.h"
 #include "mbedtls/chachapoly.h"
 #include "mbedtls/gcm.h"
-#include "md_wrap.h"
+//#include "mbedtls/md_wrap.h"
 #include "mbedtls/md.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "kek.h"
 #include "asn1.h"
 #include "oid.h"
@ -134,7 +133,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
    }

    // keydatalen equals output_len
-    hashlen = md_info->size;
+    hashlen = mbedtls_md_get_size(md_info);
    if (output_len >= hashlen * ((1ULL << 32) - 1)) {
        return exit_code;
    }
@ -349,7 +348,7 @@ int cmd_cipher_sym() {
            if (r != 0) {
                return SW_EXEC_ERROR();
            }
-            res_APDU_size = md_info->size;
+            res_APDU_size = mbedtls_md_get_size(md_info);
        }
        else if (memcmp(oid.data, OID_HKDF_SHA256,
                        oid.len) == 0 ||
--- a/src/hsm/cmd_decrypt_asym.c
+++ b/src/hsm/cmd_decrypt_asym.c
@ -15,10 +15,9 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdh.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "kek.h"
 #include "files.h"
 #include "asn1.h"
--- a/src/hsm/cmd_derive_asym.c
+++ b/src/hsm/cmd_derive_asym.c
@ -15,10 +15,9 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdsa.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "cvc.h"

 #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@ -15,11 +15,12 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
-#include "mbedtls/ecdh.h"
 #include "sc_hsm.h"
-#ifndef ENABLE_EMULATION
+#include "mbedtls/ecdh.h"
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "hardware/rtc.h"
+#else
+#include <sys/time.h>
 #endif
 #include "files.h"
 #include "random.h"
@ -39,7 +40,7 @@ int cmd_extras() {
            return SW_INCORRECT_P1P2();
        }
        if (apdu.nc == 0) {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
            datetime_t dt;
            if (!rtc_get_datetime(&dt)) {
                return SW_EXEC_ERROR();
@ -52,13 +53,26 @@ int cmd_extras() {
            res_APDU[res_APDU_size++] = dt.hour;
            res_APDU[res_APDU_size++] = dt.min;
            res_APDU[res_APDU_size++] = dt.sec;
+#else
+            struct timeval tv;
+            struct tm *tm;
+            gettimeofday(&tv, NULL);
+            tm = localtime(&tv.tv_sec);
+            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
+            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
+            res_APDU[res_APDU_size++] = tm->tm_mon;
+            res_APDU[res_APDU_size++] = tm->tm_mday;
+            res_APDU[res_APDU_size++] = tm->tm_wday;
+            res_APDU[res_APDU_size++] = tm->tm_hour;
+            res_APDU[res_APDU_size++] = tm->tm_min;
+            res_APDU[res_APDU_size++] = tm->tm_sec;
 #endif
        }
        else {
            if (apdu.nc != 8) {
                return SW_WRONG_LENGTH();
            }
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
            datetime_t dt;
            dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
            dt.month = apdu.data[2];
@ -70,6 +84,18 @@ int cmd_extras() {
            if (!rtc_set_datetime(&dt)) {
                return SW_WRONG_DATA();
            }
+#else
+            struct tm tm;
+            struct timeval tv;
+            tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
+            tm.tm_mon = apdu.data[2];
+            tm.tm_mday = apdu.data[3];
+            tm.tm_wday = apdu.data[4];
+            tm.tm_hour = apdu.data[5];
+            tm.tm_min = apdu.data[6];
+            tm.tm_sec = apdu.data[7];
+            tv.tv_sec = mktime(&tm);
+            settimeofday(&tv, NULL);
 #endif
        }
    }
--- a/src/hsm/cmd_general_authenticate.c
+++ b/src/hsm/cmd_general_authenticate.c
@ -15,10 +15,9 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdh.h"
 #include "asn1.h"
-#include "sc_hsm.h"
 #include "random.h"
 #include "oid.h"
 #include "eac.h"
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@ -28,7 +28,7 @@ extern void scan_all();

 extern char __StackLimit;
 int heapLeft() {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
    char *p = malloc(256);   // try to avoid undue fragmentation
    int left = &__StackLimit - p;
    free(p);
--- a/src/hsm/cmd_key_unwrap.c
+++ b/src/hsm/cmd_key_unwrap.c
@ -15,9 +15,8 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
-#include "crypto_utils.h"
 #include "sc_hsm.h"
+#include "crypto_utils.h"
 #include "kek.h"
 #include "cvc.h"

--- a/src/hsm/cvc.c
+++ b/src/hsm/cvc.c
@ -15,9 +15,8 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include "common.h"
-#include "cvc.h"
 #include "sc_hsm.h"
+#include "cvc.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
 #include <string.h>
--- a/src/hsm/cvc.h
+++ b/src/hsm/cvc.h
@ -19,7 +19,7 @@
 #define _CVC_H_

 #include <stdlib.h>
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #else
 #include <stdbool.h>
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@ -15,16 +15,14 @@
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

-#include <string.h>
-#include "common.h"
+#include "sc_hsm.h"
 #include "stdlib.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #endif
 #include "kek.h"
 #include "crypto_utils.h"
 #include "random.h"
-#include "sc_hsm.h"
 #include "mbedtls/md.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/rsa.h"
--- a/src/hsm/kek.h
+++ b/src/hsm/kek.h
@ -19,10 +19,11 @@
 #define _DKEK_H_

 #include "crypto_utils.h"
-#ifdef ENABLE_EMULATION
+#if defined(ENABLE_EMULATION) || defined(ESP_PLATFORM)
 #include <stdbool.h>
 #endif

+
 extern int load_mkek(uint8_t *);
 extern int store_mkek(const uint8_t *);
 extern int save_dkek_key(uint8_t, const uint8_t *key);
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@ -17,7 +17,6 @@

 #include "sc_hsm.h"
 #include "files.h"
-#include "common.h"
 #include "version.h"
 #include "crypto_utils.h"
 #include "kek.h"
@ -89,6 +88,7 @@ int sc_hsm_select_aid(app_t *a) {
 }

 INITIALIZER( sc_hsm_ctor ) {
+    printf("INITIALIZER\n");
    ccid_atr = atr_sc_hsm;
    register_app(sc_hsm_select_aid, sc_hsm_aid);
 }
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@ -19,10 +19,14 @@
 #define _SC_HSM_H_

 #include <stdlib.h>
+#ifndef ESP_PLATFORM
 #include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #endif
 #include "file.h"