diff --git a/CMakeLists.txt b/CMakeLists.txt
index ee5157b..1e926f6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,15 @@
cmake_minimum_required(VERSION 3.13)
+if(ESP_PLATFORM)
+set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+set(USB_VID 0x20a0)
+set(USB_PID 0x4230)
+set(DEBUG_APDU 1)
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
+else()
if(ENABLE_EMULATION)
else()
include(pico_sdk_import.cmake)
@@ -27,8 +36,7 @@ project(pico_hsm C CXX ASM)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
-if(ENABLE_EMULATION)
-else()
+if(NOT ENABLE_EMULATION)
pico_sdk_init()
endif()
@@ -40,7 +48,7 @@ if (__FOR_CI)
endif()
add_executable(pico_hsm)
-
+endif()
set(SOURCES ${SOURCES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
@@ -77,11 +85,14 @@ set(SOURCES ${SOURCES}
)
set(USB_ITF_CCID 1)
include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+if(ESP_PLATFORM)
+ project(pico_hsm)
+endif()
set(INCLUDES ${INCLUDES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm
)
-
+if(NOT ESP_PLATFORM)
target_sources(pico_hsm PUBLIC ${SOURCES})
target_include_directories(pico_hsm PUBLIC ${INCLUDES})
@@ -120,3 +131,4 @@ else()
pico_add_extra_outputs(pico_hsm)
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
endif()
+endif()
diff --git a/sdkconfig.defaults b/sdkconfig.defaults
new file mode 100755
index 0000000..f8a8d9f
--- /dev/null
+++ b/sdkconfig.defaults
@@ -0,0 +1,53 @@
+# This file was generated using idf.py save-defconfig. It can be edited manually.
+# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
+#
+IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
+
+CONFIG_TINYUSB=y
+
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
+CONFIG_WL_SECTOR_SIZE_512=y
+CONFIG_WL_SECTOR_MODE_PERF=y
+
+CONFIG_MBEDTLS_CMAC_C=y
+CONFIG_MBEDTLS_CHACHA20_C=y
+CONFIG_MBEDTLS_POLY1305_C=y
+CONFIG_MBEDTLS_CHACHAPOLY_C=y
+CONFIG_MBEDTLS_HKDF_C=y
+CONFIG_MBEDTLS_HARDWARE_ECC=y
+CONFIG_MBEDTLS_HARDWARE_GCM=y
+# CONFIG_MBEDTLS_HARDWARE_MPI is not set
+CONFIG_MBEDTLS_HARDWARE_SHA=y
+CONFIG_MBEDTLS_HARDWARE_AES=y
+# CONFIG_MBEDTLS_ROM_MD5 is not set
+CONFIG_MBEDTLS_SHA512_C=y
+CONFIG_MBEDTLS_TLS_DISABLED=y
+# CONFIG_MBEDTLS_TLS_ENABLED is not set
+# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set
+# CONFIG_ESP_WIFI_ENABLED is not set
+# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
+# CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set
+# CONFIG_WPA_MBEDTLS_CRYPTO is not set
+# CONFIG_MBEDTLS_PSK_MODES is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA is not set
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set
+# CONFIG_MBEDTLS_SSL_ALPN is not set
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
+
+CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y
diff --git a/src/hsm/CMakeLists.txt b/src/hsm/CMakeLists.txt
new file mode 100644
index 0000000..31d66c9
--- /dev/null
+++ b/src/hsm/CMakeLists.txt
@@ -0,0 +1,6 @@
+idf_component_register(
+ SRCS ${SOURCES}
+ INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb
+ REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
+)
+idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)
diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c
index a99d465..1c85c92 100644
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -15,16 +15,15 @@
* along with this program. If not, see .
*/
-#include "common.h"
+#include "sc_hsm.h"
#include "mbedtls/aes.h"
#include "mbedtls/cmac.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/gcm.h"
-#include "md_wrap.h"
+//#include "mbedtls/md_wrap.h"
#include "mbedtls/md.h"
#include "crypto_utils.h"
-#include "sc_hsm.h"
#include "kek.h"
#include "asn1.h"
#include "oid.h"
@@ -134,7 +133,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
}
// keydatalen equals output_len
- hashlen = md_info->size;
+ hashlen = mbedtls_md_get_size(md_info);
if (output_len >= hashlen * ((1ULL << 32) - 1)) {
return exit_code;
}
@@ -349,7 +348,7 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
- res_APDU_size = md_info->size;
+ res_APDU_size = mbedtls_md_get_size(md_info);
}
else if (memcmp(oid.data, OID_HKDF_SHA256,
oid.len) == 0 ||
diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c
index fc9777e..e893a23 100644
--- a/src/hsm/cmd_decrypt_asym.c
+++ b/src/hsm/cmd_decrypt_asym.c
@@ -15,10 +15,9 @@
* along with this program. If not, see .
*/
-#include "common.h"
+#include "sc_hsm.h"
#include "mbedtls/ecdh.h"
#include "crypto_utils.h"
-#include "sc_hsm.h"
#include "kek.h"
#include "files.h"
#include "asn1.h"
diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c
index 47e26ed..3d564ee 100644
--- a/src/hsm/cmd_derive_asym.c
+++ b/src/hsm/cmd_derive_asym.c
@@ -15,10 +15,9 @@
* along with this program. If not, see .
*/
-#include "common.h"
+#include "sc_hsm.h"
#include "mbedtls/ecdsa.h"
#include "crypto_utils.h"
-#include "sc_hsm.h"
#include "cvc.h"
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c
index cbbde54..c9f2792 100644
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -15,11 +15,12 @@
* along with this program. If not, see .
*/
-#include "common.h"
-#include "mbedtls/ecdh.h"
#include "sc_hsm.h"
-#ifndef ENABLE_EMULATION
+#include "mbedtls/ecdh.h"
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "hardware/rtc.h"
+#else
+#include
#endif
#include "files.h"
#include "random.h"
@@ -39,7 +40,7 @@ int cmd_extras() {
return SW_INCORRECT_P1P2();
}
if (apdu.nc == 0) {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
datetime_t dt;
if (!rtc_get_datetime(&dt)) {
return SW_EXEC_ERROR();
@@ -52,13 +53,26 @@ int cmd_extras() {
res_APDU[res_APDU_size++] = dt.hour;
res_APDU[res_APDU_size++] = dt.min;
res_APDU[res_APDU_size++] = dt.sec;
+#else
+ struct timeval tv;
+ struct tm *tm;
+ gettimeofday(&tv, NULL);
+ tm = localtime(&tv.tv_sec);
+ res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
+ res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
+ res_APDU[res_APDU_size++] = tm->tm_mon;
+ res_APDU[res_APDU_size++] = tm->tm_mday;
+ res_APDU[res_APDU_size++] = tm->tm_wday;
+ res_APDU[res_APDU_size++] = tm->tm_hour;
+ res_APDU[res_APDU_size++] = tm->tm_min;
+ res_APDU[res_APDU_size++] = tm->tm_sec;
#endif
}
else {
if (apdu.nc != 8) {
return SW_WRONG_LENGTH();
}
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
datetime_t dt;
dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
dt.month = apdu.data[2];
@@ -70,6 +84,18 @@ int cmd_extras() {
if (!rtc_set_datetime(&dt)) {
return SW_WRONG_DATA();
}
+#else
+ struct tm tm;
+ struct timeval tv;
+ tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
+ tm.tm_mon = apdu.data[2];
+ tm.tm_mday = apdu.data[3];
+ tm.tm_wday = apdu.data[4];
+ tm.tm_hour = apdu.data[5];
+ tm.tm_min = apdu.data[6];
+ tm.tm_sec = apdu.data[7];
+ tv.tv_sec = mktime(&tm);
+ settimeofday(&tv, NULL);
#endif
}
}
diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c
index a7ca816..eb2b339 100644
--- a/src/hsm/cmd_general_authenticate.c
+++ b/src/hsm/cmd_general_authenticate.c
@@ -15,10 +15,9 @@
* along with this program. If not, see .
*/
-#include "common.h"
+#include "sc_hsm.h"
#include "mbedtls/ecdh.h"
#include "asn1.h"
-#include "sc_hsm.h"
#include "random.h"
#include "oid.h"
#include "eac.h"
diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c
index 6906481..e7f833c 100644
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -28,7 +28,7 @@ extern void scan_all();
extern char __StackLimit;
int heapLeft() {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
char *p = malloc(256); // try to avoid undue fragmentation
int left = &__StackLimit - p;
free(p);
diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c
index 83205ac..c2905c8 100644
--- a/src/hsm/cmd_key_unwrap.c
+++ b/src/hsm/cmd_key_unwrap.c
@@ -15,9 +15,8 @@
* along with this program. If not, see .
*/
-#include "common.h"
-#include "crypto_utils.h"
#include "sc_hsm.h"
+#include "crypto_utils.h"
#include "kek.h"
#include "cvc.h"
diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c
index 1f9b8f0..30a88a4 100644
--- a/src/hsm/cvc.c
+++ b/src/hsm/cvc.c
@@ -15,9 +15,8 @@
* along with this program. If not, see .
*/
-#include "common.h"
-#include "cvc.h"
#include "sc_hsm.h"
+#include "cvc.h"
#include "mbedtls/rsa.h"
#include "mbedtls/ecdsa.h"
#include
diff --git a/src/hsm/cvc.h b/src/hsm/cvc.h
index 1eb217a..a0b878a 100644
--- a/src/hsm/cvc.h
+++ b/src/hsm/cvc.h
@@ -19,7 +19,7 @@
#define _CVC_H_
#include
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#else
#include
diff --git a/src/hsm/kek.c b/src/hsm/kek.c
index 688fdbb..b1bab61 100644
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@@ -15,16 +15,14 @@
* along with this program. If not, see .
*/
-#include
-#include "common.h"
+#include "sc_hsm.h"
#include "stdlib.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "kek.h"
#include "crypto_utils.h"
#include "random.h"
-#include "sc_hsm.h"
#include "mbedtls/md.h"
#include "mbedtls/cmac.h"
#include "mbedtls/rsa.h"
diff --git a/src/hsm/kek.h b/src/hsm/kek.h
index aa095cc..f0aca86 100644
--- a/src/hsm/kek.h
+++ b/src/hsm/kek.h
@@ -19,10 +19,11 @@
#define _DKEK_H_
#include "crypto_utils.h"
-#ifdef ENABLE_EMULATION
+#if defined(ENABLE_EMULATION) || defined(ESP_PLATFORM)
#include
#endif
+
extern int load_mkek(uint8_t *);
extern int store_mkek(const uint8_t *);
extern int save_dkek_key(uint8_t, const uint8_t *key);
diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index b0498e1..5b76499 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -17,7 +17,6 @@
#include "sc_hsm.h"
#include "files.h"
-#include "common.h"
#include "version.h"
#include "crypto_utils.h"
#include "kek.h"
@@ -89,6 +88,7 @@ int sc_hsm_select_aid(app_t *a) {
}
INITIALIZER( sc_hsm_ctor ) {
+ printf("INITIALIZER\n");
ccid_atr = atr_sc_hsm;
register_app(sc_hsm_select_aid, sc_hsm_aid);
}
diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h
index fa8d3ff..e187d26 100644
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@@ -19,10 +19,14 @@
#define _SC_HSM_H_
#include
+#ifndef ESP_PLATFORM
#include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
#include "mbedtls/rsa.h"
#include "mbedtls/ecdsa.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "file.h"