mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-04-17 13:48:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix ACL for static files.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2026-03-18 14:26:43 +01:00
parent db9d6ef2f5
commit bbbf28cb42
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
2 changed files with 225 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit 39c3339b38b4adce642ba9a0013e4f3eba0919ee
Subproject commit 0df1914cdee0e31969a0127b0fcf20ab884384e6

306
src/hsm/files.c
View file

@ -22,88 +22,230 @@ extern int parse_token_info(const file_t *f, int mode);
extern int parse_ef_dir(const file_t *f, int mode);
file_t file_entries[] = {
/* 0 */ { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL,
.ef_structure = 0, .acl = { 0 } }, // MF
/* 1 */ { .fid = 0x2f00, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_ef_dir,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.DIR
/* 2 */ { .fid = 0x2f01, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.ATR
/* 3 */ { .fid = EF_TERMCA, .parent = 0, .name = NULL,
.type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.GDO
/* 4 */ { .fid = 0x2f03, .parent = 5, .name = NULL,
.type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_token_info,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.TokenInfo
/* 5 */ { .fid = 0x5015, .parent = 0, .name = NULL, .type = FILE_TYPE_DF, .data = NULL,
.ef_structure = 0, .acl = { 0 } }, //DF.PKCS15
/* 6 */ { .fid = 0x5031, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.ODF
/* 7 */ { .fid = 0x5032, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.TokenInfo
/* 8 */ { .fid = 0x5033, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.UnusedSpace
/* 9 */ { .fid = EF_PIN1, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (PIN1)
/* 10 */ { .fid = EF_PIN1_MAX_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (PIN1)
/* 11 */ { .fid = EF_PIN1_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (PIN1)
/* 12 */ { .fid = EF_SOPIN, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (SOPIN)
/* 13 */ { .fid = EF_SOPIN_MAX_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (SOPIN)
/* 14 */ { .fid = EF_SOPIN_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (SOPIN)
/* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //Device options
/* 16 */ { .fid = EF_PRKDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.PrKDFs
/* 17 */ { .fid = EF_PUKDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.PuKDFs
/* 18 */ { .fid = EF_CDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.CDFs
/* 19 */ { .fid = EF_AODFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.AODFs
/* 20 */ { .fid = EF_DODFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.DODFs
/* 21 */ { .fid = EF_SKDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.SKDFs
/* 22 */ { .fid = EF_KEY_DOMAIN, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //Key domain options
/* 23 */ { .fid = EF_META, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //EF.CDFs
/* 24 */ { .fid = EF_PUKAUT, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //Public Key Authentication
/* 25 */ { .fid = EF_KEY_DEV, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //Device Key
/* 26 */ { .fid = EF_PRKD_DEV, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PrKD Device
/* 27 */ { .fid = EF_EE_DEV, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //End Entity Certificate Device
/* 28 */ { .fid = EF_MKEK, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //MKEK
/* 29 */ { .fid = EF_MKEK_SO, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //MKEK with SO-PIN
///* 30 */ { .fid = 0x0000, .parent = 0, .name = openpgpcard_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} },
/* 31 */ { .fid = 0x0000, .parent = 5, .name = sc_hsm_aid, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } },
/* 32 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL,
.ef_structure = 0, .acl = { 0 } } //end
/* 0 */ { .fid = 0x3f00, // MF
.parent = 0xff,
.name = NULL,
.type = FILE_TYPE_DF,
.data = NULL,
.ef_structure = 0,
.acl = ACL_ALL },
/* 1 */ { .fid = 0x2f00, //EF.DIR
.parent = 0,
.name = NULL,
.type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC,
.data = (uint8_t *) parse_ef_dir,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 2 */ { .fid = 0x2f01, // EF.ATR
.parent = 0,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 3 */ { .fid = EF_TERMCA, // EF.GDO
.parent = 0,
.name = NULL,
.type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 4 */ { .fid = 0x2f03, // EF.TokenInfo
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC,
.data = (uint8_t *) parse_token_info,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 5 */ { .fid = 0x5015, // DF.PKCS15
.parent = 0,
.name = NULL,
.type = FILE_TYPE_DF,
.data = NULL,
.ef_structure = 0,
.acl = ACL_ALL },
/* 6 */ { .fid = 0x5031, // EF.ODF
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 7 */ { .fid = 0x5032, // EF.TokenInfo
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 8 */ { .fid = 0x5033, // EF.UnusedSpace
.parent = 0,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 9 */ { .fid = EF_PIN1, // PIN (PIN1)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 10 */ { .fid = EF_PIN1_MAX_RETRIES, // max retries PIN (PIN1)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 11 */ { .fid = EF_PIN1_RETRIES, // retries PIN (PIN1)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 12 */ { .fid = EF_SOPIN, // PIN (SOPIN)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 13 */ { .fid = EF_SOPIN_MAX_RETRIES, // max retries PIN (SOPIN)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 14 */ { .fid = EF_SOPIN_RETRIES, // retries PIN (SOPIN)
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 15 */ { .fid = EF_DEVOPS, // Device options
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 16 */ { .fid = EF_PRKDFS, // EF.PrKDFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 17 */ { .fid = EF_PUKDFS, // EF.PuKDFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 18 */ { .fid = EF_CDFS, // EF.CDFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 19 */ { .fid = EF_AODFS, // EF.AODFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 20 */ { .fid = EF_DODFS, // EF.DODFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 21 */ { .fid = EF_SKDFS, // EF.SKDFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 22 */ { .fid = EF_KEY_DOMAIN, // Key domain options
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 23 */ { .fid = EF_META, // EF.CDFs
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 24 */ { .fid = EF_PUKAUT, // Public Key Authentication
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 25 */ { .fid = EF_KEY_DEV, // Device Key
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 26 */ { .fid = EF_PRKD_DEV, // PrKD Device
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 27 */ { .fid = EF_EE_DEV, // End Entity Certificate Device
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 28 */ { .fid = EF_MKEK, // MKEK
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 29 */ { .fid = EF_MKEK_SO, // MKEK with SO-PIN
.parent = 5,
.name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_NONE },
/* 30 */ { .fid = 0x0000,
.parent = 5,
.name = sc_hsm_aid,
.type = FILE_TYPE_WORKING_EF,
.data = NULL,
.ef_structure = FILE_EF_TRANSPARENT,
.acl = ACL_ALL },
/* 31 */ { .fid = 0x0000, // end
.parent = 0xff,
.name = NULL,
.type = FILE_TYPE_NOT_KNOWN,
.data = NULL,
.ef_structure = 0,
.acl = { 0 } }
};
const file_t *MF = &file_entries[0];