diff --git a/src/hsm/files.c b/src/hsm/files.c index 7f65045..3879526 100644 --- a/src/hsm/files.c +++ b/src/hsm/files.c @@ -44,6 +44,7 @@ file_t file_entries[] = { /* 19 */ { .fid = EF_AODFS , .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.AODFs /* 20 */ { .fid = EF_DODFS , .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.DODFs /* 21 */ { .fid = EF_SKDFS , .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.SKDFs + /* 15 */ { .fid = EF_KEY_DOMAIN, .parent = 5, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff} }, //Key domain options ///* 22 */ { .fid = 0x0000, .parent = 0, .name = openpgpcard_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, /* 23 */ { .fid = 0x0000, .parent = 5, .name = sc_hsm_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, /* 24 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = {0} } //end diff --git a/src/hsm/files.h b/src/hsm/files.h index 4474cfa..e52b4af 100644 --- a/src/hsm/files.h +++ b/src/hsm/files.h @@ -21,14 +21,15 @@ #include "file.h" -#define EF_DEVOPS 0x100E -#define EF_DKEK 0x1090 -#define EF_PRKDFS 0x6040 -#define EF_PUKDFS 0x6041 -#define EF_CDFS 0x6042 -#define EF_AODFS 0x6043 -#define EF_DODFS 0x6044 -#define EF_SKDFS 0x6045 +#define EF_DEVOPS 0x100E +#define EF_DKEK 0x1090 +#define EF_KEY_DOMAIN 0x10A0 +#define EF_PRKDFS 0x6040 +#define EF_PUKDFS 0x6041 +#define EF_CDFS 0x6042 +#define EF_AODFS 0x6043 +#define EF_DODFS 0x6044 +#define EF_SKDFS 0x6045 extern file_t *file_pin1; extern file_t *file_retries_pin1; diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 8d691f3..e8df9db 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -47,7 +47,6 @@ char atr_sc_hsm[] = { uint8_t session_pin[32], session_sopin[32]; bool has_session_pin = false, has_session_sopin = false; -static uint8_t dkeks = 0, current_dkeks = 0; static int sc_hsm_process_apdu(); @@ -681,8 +680,7 @@ static int cmd_initialize() { if (apdu.cmd_apdu_data_len > 0) { initialize_flash(true); scan_all(); - dkeks = current_dkeks = 0; - uint8_t tag = 0x0, *tag_data = NULL, *p = NULL, kds = 1; + uint8_t tag = 0x0, *tag_data = NULL, *p = NULL, kds = 1, dkeks = 0; size_t tag_len = 0; while (walk_tlv(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { //options @@ -737,6 +735,19 @@ static int cmd_initialize() { low_flash_available(); } } + if (kds < 1) + return SW_WRONG_DATA(); + uint8_t t[MAX_KEY_DOMAINS*2]; + memset(t, 0, 2*kds); + file_t *tf = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + if (!tf) + return SW_EXEC_ERROR(); + if (dkeks > 0) + t[0] = dkeks; + else + memset(t, 1, 2*kds); + if (flash_write_data_to_file(tf, t, 2*kds) != CCID_OK) + return SW_EXEC_ERROR(); if (dkeks == 0) { //At least, the first DKEK shall exist file_t *tf = search_dynamic_file(EF_DKEK); @@ -749,11 +760,11 @@ static int cmd_initialize() { } for (int kd = 0; kd < kds; kd++) { int r = save_dkek_key(kd, random_bytes_get(32)); - printf("r %d\r\n",r); if (r != CCID_OK) return SW_EXEC_ERROR(); } } + low_flash_available(); } else { //free memory bytes request int heap_left = heapLeft(); @@ -778,6 +789,10 @@ static int cmd_key_domain() { if (p1 == 0x0) { //dkek import if (p2 > MAX_KEY_DOMAINS) return SW_WRONG_P1P2(); + file_t *tf = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF); + if (!tf) + return SW_EXEC_ERROR(); + uint8_t *kdata = file_get_data(tf), dkeks = *(kdata+2*p2), current_dkeks = *(kdata+2*p2+1); if (apdu.cmd_apdu_data_len > 0) { file_t *tf = file_new(EF_DKEK+p2); if (!tf)