mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 01:18:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Upgrade to v5.0

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2024-11-09 18:09:48 +01:00
commit d858a1e1d5
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
37 changed files with 646 additions and 596 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/codeql.yml vendored
View file

@ -36,7 +36,7 @@ jobs:
language: [ 'cpp', 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
mode: [ 'pico', 'local' ]
mode: [ 'pico', 'esp32', 'local' ]
steps:
- name: Checkout repository
@ -44,7 +44,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@ -71,4 +71,4 @@ jobs:
./workflows/autobuild.sh ${{ matrix.mode }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3

34
.github/workflows/nightly.yml vendored Normal file
View file

@ -0,0 +1,34 @@
name: "Nightly deploy"
on:
schedule:
- cron: '0 2 * * *'
workflow_dispatch:
jobs:
nightly:
name: Deploy nightly
strategy:
fail-fast: false
matrix:
refs: [master, development]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ matrix.refs }}
submodules: 'recursive'
- name : Build
env:
PICO_SDK_PATH: ../pico-sdk
run: |
./workflows/autobuild.sh pico
./build_pico_hsm.sh
- name: Update nightly release
uses: pyTooling/Actions/releaser@main
with:
tag: nightly-${{ matrix.refs }}
rm: true
token: ${{ secrets.GITHUB_TOKEN }}
files: release/*.*

4
.github/workflows/test.yml vendored
View file

@ -36,7 +36,7 @@ jobs:
mkdir -p artifacts
docker save pico-hsm-test:bullseye -o artifacts/docker-image.tar
- name: Temporarily save image
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: docker-artifact
path: artifacts
@ -54,7 +54,7 @@ jobs:
with:
submodules: recursive
- name: Retrieve saved image
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: docker-artifact
path: artifacts

10
CMakeLists.txt
View file

@ -21,8 +21,7 @@ if(ESP_PLATFORM)
set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
else()
if(ENABLE_EMULATION)
else()
if(NOT ENABLE_EMULATION)
include(pico_sdk_import.cmake)
endif()
@ -76,11 +75,13 @@ set(SOURCES ${SOURCES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
)
set(USB_ITF_CCID 1)
set(USB_ITF_WCID 1)
include(pico-keys-sdk/pico_keys_sdk_import.cmake)
SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h")
if(ESP_PLATFORM)
project(pico_hsm)
endif()
@ -124,8 +125,5 @@ if(ENABLE_EMULATION)
)
endif(APPLE)
target_link_libraries(pico_hsm PRIVATE pthread m)
else()
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id pico_aon_timer tinyusb_device tinyusb_board)
endif()
endif()

6
Dockerfile
View file

@ -18,7 +18,7 @@ WORKDIR /home/builduser
VOLUME /home/builduser/release
ARG VERSION_PICO_SDK 1.4.0
ARG VERSION_PICO_SDK 2.0.0
RUN mkdir -p /home/builduser/Devel/pico
RUN cd /home/builduser/Devel/pico \
@ -29,8 +29,8 @@ RUN cd /home/builduser/Devel/pico \
RUN pip install cryptography
ARG VERSION_MAJOR 2
ARG VERSION_MINOR 6
ARG VERSION_MAJOR 4
ARG VERSION_MINOR 2
RUN cd /home/builduser \
&& git clone https://github.com/polhenarejos/pico-hsm.git \

62
README.md
View file

@ -138,6 +138,21 @@ Uses an MKEK to securely store all keys, encrypted with an ephemeral key derived
### > Hierarchical Deterministic Key Generation
Supports BIP32 for asymmetric key derivation and SLIP10 for symmetric key derivation, enabling crypto wallet deployment with infinite key generation. Supports NIST 256 and Koblitz 256 curves for master key generation.[^4]
### > One Time Programming (OTP) Storage
The OTP securely stores the MKEK (Master Key Encryption Key) and Device Key permanently, making it inaccessible from external interfaces. This ensures that the key is protected against unauthorized access and tampering.
### > Secure Boot
Secure Boot ensures only authenticated firmware can run on the device, verifying each firmwares digital signature to block unauthorized code.
### > Secure Lock
Secure Lock restricts the device to the manufacturers firmware only, locking out debug access and preventing any further boot key installations.
### > Rescue Interface
A built-in rescue interface allows recovery of the device if it becomes unresponsive or undetectable. This feature provides a way to restore the device to operational status without compromising security.
### > LED Customization
The LED can be customized to reflect device status and user preferences, offering flexible color and brightness options for an enhanced user experience.
[^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
[^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
[^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and DKEK shares are available during the import process.
@ -147,33 +162,45 @@ Supports BIP32 for asymmetric key derivation and SLIP10 for symmetric key deriva
Pico HSM also supports ESP32-S3 boards, which add secure storage, flash encryption and secure boot.
### > Dynamic VID/PID
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` for specify VID/PID values and reboot the device.
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") for specify VID/PID values and reboot the device.
### > Rescue Pico HSM Tool
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS.
### > Rescue Pico HSM Tool and Commissioner
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS. It can be accessed through `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
## Security considerations
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory of the Raspberry Pico. The DKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are only held in RAM during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory. The MKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are held in RAM only during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
The DKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plain text, either in flash memory or in RAM. However, if no secure channel is used, the PIN is transmitted in plain text from the host to the HSM.
The MKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plaintext, neither in flash memory nor in RAM. However, if no secure channel is used, the PIN may be transmitted in plaintext from the host to the HSM.
DKEKs are used during the export and import of private/secret keys and are part of a Key Domain. A Key Domain is a set of secret/private keys that share the same DKEK. These are also shared by the custodians and are not specific to Pico HSM. Therefore, if a key does not belong to a Key Domain (and thus lacks a DKEK), it cannot be exported.
In the event that the Pico is stolen, the private and secret key contents cannot be accessed without the PIN, even if the flash memory is dumped.
### RP2350 and ESP32-S3
RP2350 and ESP32-S3 microcontrollers are equipped with advanced security features, including Secure Boot and Secure Lock, ensuring that firmware integrity and authenticity are tightly controlled. Both devices support the storage of the Master Key Encryption Key (MKEK) in an OTP (One-Time Programmable) memory region, making it permanently inaccessible for external access or tampering. This secure, non-volatile region guarantees that critical security keys are embedded into the hardware, preventing unauthorized access and supporting robust defenses against code injection or firmware modification. Together, Secure Boot and Secure Lock enforce firmware authentication, while the MKEK in OTP memory solidifies the foundation for secure operations.
### Secure Boot
Secure Boot is a security feature that ensures that only trusted firmware, verified through digital signatures, can be loaded onto the device during the boot process. Once enabled, Secure Boot checks every piece of firmware against a cryptographic signature before execution, rejecting any unauthorized or modified code. This prevents malicious firmware from compromising the devices operation and integrity. With Secure Boot activated, only firmware versions signed by a trusted authority, such as the device manufacturer, will be accepted, ensuring the device remains protected from unauthorized software modifications. **This is irreversible. Once enabled, it CANNOT be disabled.**
**IMPORTANT:** For users wishing to develop and compile custom firmware, a private-public key pair is essential. Activating Secure Boot requires users to generate and manage their own unique private-public key pair. The public key from this pair must be embedded into the device to validate all firmware. Firmware will not boot without a proper digital signature from this key pair. This means that users must sign all future firmware versions with their private key and embed the public key in the device to ensure compatibility.
### Secure Lock
Secure Lock builds on Secure Boot by imposing an even stricter security model. Once activated, Secure Lock prevents any further installation of new boot keys, effectively locking the device to only run firmware that is authorized by the device's primary vendor—in this case, Pico Keys. In addition to preventing additional keys, Secure Lock disables debugging interfaces and puts additional safeguards in place to resist tampering and intrusion attempts. This ensures that the device operates exclusively with the original vendors firmware and resists unauthorized access, making it highly secure against external threats. **This is irreversible. Once enabled, it CANNOT be disabled.**
**IMPORTANT:** Activating Secure Lock not only enables Secure Boot but also invalidates all keys except the official Pico Key. This means that only firmware signed by Pico Key will be recognized, and custom code will no longer be allowed. Once enabled, the Pico Key device will run solely on the official firmware available on the website, with no option for generating or compiling new code for the device.
## Download
**If you own an ESP32-S3 board, go to [ESP32 support](https://www.picokeys.com/esp32-support/) for further information.**
**If you own an ESP32-S3 board, go to [ESP32 Flasher](https://www.picokeys.com/esp32-flasher/) for flashing your Pico HSM.**
Please, go to the Release page and download the UF2 file for your board.
If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/), select your vendor and model and download the proper firmware; or go to [Release page](https://www.github.com/polhenarejos/pico-hsm/releases/) and download the UF2 file for your board.
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
Alternatively you can use the legacy VID/PID patcher as follows:
`./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2`
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended.
Note that the pure-browser option [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") is the most recommended.
## Build
## Build for Raspberry Pico
Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
```
@ -212,9 +239,9 @@ Independent from your Linux distribution or when using another OS that supports
```
sudo docker build \
--build-arg VERSION_PICO_SDK=1.5.0 \
--build-arg VERSION_MAJOR=3 \
--build-arg VERSION_MINOR=4 \
--build-arg VERSION_PICO_SDK=2.0.0 \
--build-arg VERSION_MAJOR=5 \
--build-arg VERSION_MINOR=0 \
--build-arg PICO_BOARD=waveshare_rp2040_zero \
--build-arg USB_VID=0xfeff \
--build-arg USB_PID=0xfcfd \
@ -321,8 +348,7 @@ For advanced usage scenarios, refer to the documentation and examples provided.
### Important
OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a pair of VID/PID of supported readers. In order to be detectable, you have several options:
- Use `pico-hsm-tool.py` to modify VID/PID on-the-fly.
- Use the online [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
- Patch the UF2 binary (if you just downloaded from the [Release section](https://github.com/polhenarejos/pico-hsm/releases "Release section"))
- Use the pure-browser online [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") that commissions the Pico Key on-the-fly without external tools.
- Build and configure the project with the proper VID/PID with `USB_VID` and `USB_PID` parameters in `CMake` (see [Build section](#build "Build section")). Note that you cannot distribute the patched/compiled binary if you do not own the VID/PID or have an explicit authorization.
## Credits

17
build_pico_hsm.sh
View file

@ -1,9 +1,15 @@
#!/bin/bash
VERSION_MAJOR="4"
VERSION_MINOR="2-eddsa1"
VERSION_MAJOR="5"
VERSION_MINOR="0-eddsa1"
SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
#if ! [[ -z "${GITHUB_SHA}" ]]; then
# SUFFIX="${SUFFIX}.${GITHUB_SHA}"
#fi
rm -rf release/*
mkdir -p build_release
mkdir -p release
cd build_release
for board in 0xcb_helios \
@ -96,8 +102,7 @@ for board in 0xcb_helios \
wiznet_w5100s_evb_pico
do
rm -rf *
PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake .. -DPICO_BOARD=$board
make -kj20
mv pico_hsm.uf2 ../release/pico_hsm_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board
make -j`nproc`
mv pico_hsm.uf2 ../release/pico_hsm_$board-$SUFFIX.uf2
done

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit 75ab3ec70e93387cc16e9da9fd28874e1932d0c3
Subproject commit 15cfa48ef96ca563b9200d4c2285b99e5d6d2ed2

24
pico_sdk_import.cmake
View file

@ -18,9 +18,20 @@ if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_P
message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')")
endif ()
if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG))
set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG})
message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')")
endif ()
if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG)
set(PICO_SDK_FETCH_FROM_GIT_TAG "master")
message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG")
endif()
set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK")
set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable")
set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK")
set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK")
if (NOT PICO_SDK_PATH)
if (PICO_SDK_FETCH_FROM_GIT)
@ -29,11 +40,22 @@ if (NOT PICO_SDK_PATH)
if (PICO_SDK_FETCH_FROM_GIT_PATH)
get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}")
endif ()
# GIT_SUBMODULES_RECURSE was added in 3.17
if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0")
FetchContent_Declare(
pico_sdk
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
GIT_TAG master
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
GIT_SUBMODULES_RECURSE FALSE
)
else ()
FetchContent_Declare(
pico_sdk
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
)
endif ()
if (NOT pico_sdk)
message("Downloading Raspberry Pi Pico SDK")
FetchContent_Populate(pico_sdk)

1
sdkconfig.defaults
View file

@ -9,6 +9,7 @@ CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_WL_SECTOR_SIZE_512=y
CONFIG_WL_SECTOR_MODE_PERF=y
COMPILER_OPTIMIZATION="Performance"
CONFIG_MBEDTLS_CMAC_C=y
CONFIG_MBEDTLS_CHACHA20_C=y

40
src/hsm/cmd_bip_slip.c
View file

@ -38,7 +38,7 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
mbedtls_mpi_init(&kchild);
if (i[0] >= 0x80) {
if (mbedtls_mpi_cmp_int(&parent->d, 0) == 0) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
data[0] = 0x00;
mbedtls_mpi_write_binary(&parent->d, data + 1, 32);
@ -72,19 +72,19 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
memcpy(cchild, iR, 32);
mbedtls_mpi_free(&il);
mbedtls_mpi_free(&kchild);
return CCID_OK;
return PICOKEY_OK;
}
int sha256_ripemd160(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160), output, 32, output);
return CCID_OK;
return PICOKEY_OK;
}
int sha256_sha256(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), output, 32, output);
return CCID_OK;
return PICOKEY_OK;
}
int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@ -98,7 +98,7 @@ int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
sizeof(buffer));
sha256_ripemd160(buffer, sizeof(buffer), buffer);
memcpy(fingerprint, buffer, 4);
return CCID_OK;
return PICOKEY_OK;
}
int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@ -106,7 +106,7 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
mbedtls_mpi_write_binary(&ctx->d, buffer, sizeof(buffer));
sha256_ripemd160(buffer, sizeof(buffer), buffer);
memcpy(fingerprint, buffer, 4);
return CCID_OK;
return PICOKEY_OK;
}
int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
@ -115,13 +115,13 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
mbedtls_ecp_keypair_init(ctx);
file_t *ef = search_file(EF_MASTER_SEED | mid);
if (!file_has_data(ef)) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(mkey, file_get_data(ef), sizeof(mkey));
int r = mkek_decrypt(mkey + 1,
sizeof(mkey) - 1);
if (r != CCID_OK) {
return CCID_EXEC_ERROR;
if (r != PICOKEY_OK) {
return PICOKEY_EXEC_ERROR;
}
if (mkey[0] == 0x1 || mkey[0] == 0x2) {
if (mkey[0] == 0x1) {
@ -131,7 +131,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);
}
else {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_mpi_read_binary(&ctx->d, mkey + 1, 32);
@ -143,7 +143,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
memcpy(chain, mkey + 1, 32);
}
key_type[0] = mkey[0];
return CCID_OK;
return PICOKEY_OK;
}
int node_derive_path(const uint8_t *path,
@ -166,16 +166,16 @@ int node_derive_path(const uint8_t *path,
for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
if (tag == 0x02) {
if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (node == 0) {
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != CCID_OK) {
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != PICOKEY_OK) {
return r;
}
}
else if (node > 0) {
node_fingerprint_bip(ctx, fingerprint);
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != CCID_OK) {
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != PICOKEY_OK) {
return r;
}
memcpy(last_node, tag_data, 4);
@ -183,7 +183,7 @@ int node_derive_path(const uint8_t *path,
}
else if (tag == 0x04) {
if (node == 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
else if (node > 0) {
node_fingerprint_slip(ctx, fingerprint);
@ -202,7 +202,7 @@ int node_derive_path(const uint8_t *path,
if (nodes) {
*nodes = node;
}
return CCID_OK;
return PICOKEY_OK;
}
int cmd_bip_slip() {
@ -253,11 +253,11 @@ int cmd_bip_slip() {
mkey[0] = p1;
file_t *ef = file_new(EF_MASTER_SEED | p2);
int r = mkek_encrypt(mkey + 1, sizeof(mkey) - 1);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
r = file_put_data(ef, mkey, sizeof(mkey));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@ -271,7 +271,7 @@ int cmd_bip_slip() {
size_t olen = 0;
int r =
node_derive_path(apdu.data, (uint16_t)apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
@ -317,7 +317,7 @@ int cmd_bip_slip() {
&nodes,
last_node,
&hd_keytype);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&hd_context);
return SW_EXEC_ERROR();
}

4
src/hsm/cmd_change_pin.c
View file

@ -42,7 +42,7 @@ int cmd_change_pin() {
}
uint8_t mkek[MKEK_SIZE];
r = load_mkek(mkek); //loads the MKEK with old pin
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
//encrypt MKEK with new pin
@ -57,7 +57,7 @@ int cmd_change_pin() {
}
r = store_mkek(mkek);
release_mkek(mkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
uint8_t dhash[33];

6
src/hsm/cmd_decrypt_asym.c
View file

@ -48,9 +48,9 @@ int cmd_decrypt_asym() {
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
}
int r = load_private_key_rsa(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@ -178,7 +178,7 @@ int cmd_decrypt_asym() {
if (file_get_size(tf) == kdom_uid.len &&
memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
file_new(EF_DKEK + n);
if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
if (store_dkek_key(n, res_APDU + 1) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
mbedtls_platform_zeroize(res_APDU, 32);

2
src/hsm/cmd_delete_file.c
View file

@ -38,7 +38,7 @@ int cmd_delete_file() {
if (!authenticate_action(ef, ACL_OP_DELETE_SELF)) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (delete_file(ef) != CCID_OK) {
if (delete_file(ef) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
return SW_OK();

6
src/hsm/cmd_derive_asym.c
View file

@ -57,9 +57,9 @@ int cmd_derive_asym() {
int r;
r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@ -88,7 +88,7 @@ int cmd_derive_asym() {
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}

125
src/hsm/cmd_extras.c
View file

@ -28,6 +28,19 @@
#include "kek.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/chachapoly.h"
#ifdef PICO_RP2350
#include "otp.h"
#endif
#define CMD_DATETIME 0xA
#define CMD_DYNOPS 0x6
#define CMD_SECURE_LOCK 0x3A
#define SECURE_LOCK_KEY_AGREEMENT 0x1
#define SECURE_LOCK_ENABLE 0x2
#define SECURE_LOCK_MASK 0x3
#define SECURE_LOCK_DISABLE 0x4
#define CMD_PHY 0x1B
#define CMD_OTP 0x4C
int cmd_extras() {
#ifndef ENABLE_EMULATION
@ -40,7 +53,7 @@ int cmd_extras() {
if (wait_button_pressed() == true) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
if (P1(apdu) == 0xA) { //datetime operations
if (P1(apdu) == CMD_DATETIME) { //datetime operations
if (P2(apdu) != 0x0) {
return SW_INCORRECT_P1P2();
}
@ -84,7 +97,7 @@ int cmd_extras() {
#endif
}
}
else if (P1(apdu) == 0x6) { //dynamic options
else if (P1(apdu) == CMD_DYNOPS) { //dynamic options
if (P2(apdu) != 0x0) {
return SW_INCORRECT_P1P2();
}
@ -103,11 +116,11 @@ int cmd_extras() {
low_flash_available();
}
}
else if (P1(apdu) == 0x3A) { // secure lock
else if (P1(apdu) == CMD_SECURE_LOCK) { // secure lock
if (apdu.nc == 0) {
return SW_WRONG_LENGTH();
}
if (P2(apdu) == 0x01) { // Key Agreement
if (P2(apdu) == SECURE_LOCK_KEY_AGREEMENT) { // Key Agreement
mbedtls_ecdh_context hkey;
mbedtls_ecdh_init(&hkey);
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
@ -143,7 +156,7 @@ int cmd_extras() {
mse.init = true;
res_APDU_size = (uint16_t)olen;
}
else if (P2(apdu) == 0x02 || P2(apdu) == 0x03 || P2(apdu) == 0x04) {
else if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_MASK || P2(apdu) == SECURE_LOCK_DISABLE) {
if (mse.init == false) {
return SW_COMMAND_NOT_ALLOWED();
}
@ -152,11 +165,11 @@ int cmd_extras() {
if (ret != 0) {
return SW_WRONG_DATA();
}
if (P2(apdu) == 0x02 || P2(apdu) == 0x04) { // Enable
if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable
uint16_t opts = get_device_options();
uint8_t newopts[] = { opts >> 8, (opts & 0xff) };
if ((P2(apdu) == 0x02 && !(opts & HSM_OPT_SECURE_LOCK)) ||
(P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) {
if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) ||
(P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) {
uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO };
for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) {
file_t *tf = search_file(tfids[t]);
@ -171,24 +184,24 @@ int cmd_extras() {
}
}
}
if (P2(apdu) == 0x02) {
if (P2(apdu) == SECURE_LOCK_ENABLE) {
newopts[0] |= HSM_OPT_SECURE_LOCK >> 8;
}
else if (P2(apdu) == 0x04) {
else if (P2(apdu) == SECURE_LOCK_DISABLE) {
newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8;
}
file_t *tf = search_file(EF_DEVOPS);
file_put_data(tf, newopts, sizeof(newopts));
low_flash_available();
}
else if (P2(apdu) == 0x03) {
else if (P2(apdu) == SECURE_LOCK_MASK) {
memcpy(mkek_mask, apdu.data, apdu.nc);
has_mkek_mask = true;
}
}
}
#ifndef ENABLE_EMULATION
else if (P1(apdu) == 0x1B) { // Set PHY
else if (P1(apdu) == CMD_PHY) { // Set PHY
if (apdu.nc == 0) {
if (file_has_data(ef_phy)) {
res_APDU_size = file_get_size(ef_phy);
@ -196,50 +209,84 @@ int cmd_extras() {
}
}
else {
uint8_t tmp[PHY_MAX_SIZE];
memset(tmp, 0, sizeof(tmp));
uint16_t opts = 0;
if (file_has_data(ef_phy)) {
memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy)));
if (file_get_size(ef_phy) >= 8) {
opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1];
}
}
if (P2(apdu) == PHY_VID) { // VIDPID
if (P2(apdu) == PHY_VIDPID) { // VIDPID
if (apdu.nc != 4) {
return SW_WRONG_LENGTH();
}
memcpy(tmp + PHY_VID, apdu.data, 4);
opts |= PHY_OPT_VPID;
phy_data.vid = (apdu.data[0] << 8) | apdu.data[1];
phy_data.pid = (apdu.data[2] << 8) | apdu.data[3];
phy_data.vidpid_present = true;
}
else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_MODE) {
if (apdu.nc != 1) {
return SW_WRONG_LENGTH();
}
tmp[P2(apdu)] = apdu.data[0];
if (P2(apdu) == PHY_LED_GPIO) {
opts |= PHY_OPT_GPIO;
}
else if (P2(apdu) == PHY_LED_MODE) {
opts |= PHY_OPT_LED;
else if (P2(apdu) == PHY_LED_GPIO) {
phy_data.led_gpio = apdu.data[0];
phy_data.led_gpio_present = true;
}
else if (P2(apdu) == PHY_LED_BTNESS) {
phy_data.led_brightness = apdu.data[0];
phy_data.led_brightness_present = true;
}
else if (P2(apdu) == PHY_OPTS) {
if (apdu.nc != 2) {
return SW_WRONG_LENGTH();
}
uint16_t opt = (apdu.data[0] << 8) | apdu.data[1];
opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK);
phy_data.opts = (apdu.data[0] << 8) | apdu.data[1];
}
else {
return SW_INCORRECT_P1P2();
}
tmp[PHY_OPTS] = opts >> 8;
tmp[PHY_OPTS + 1] = opts & 0xff;
file_put_data(ef_phy, tmp, sizeof(tmp));
uint8_t tmp[PHY_MAX_SIZE];
uint16_t tmp_len = 0;
memset(tmp, 0, sizeof(tmp));
if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_put_data(ef_phy, tmp, tmp_len);
low_flash_available();
}
}
#endif
#if PICO_RP2350
else if (P1(apdu) == CMD_OTP) {
if (apdu.nc < 2) {
return SW_WRONG_LENGTH();
}
uint16_t row = (apdu.data[0] << 8) | apdu.data[1];
bool israw = P2(apdu) == 0x1;
if (apdu.nc == 2) {
if (row > 0xbf && row < 0xf48) {
return SW_WRONG_DATA();
}
if (israw) {
memcpy(res_APDU, otp_buffer_raw(row), apdu.ne);
}
else {
memcpy(res_APDU, otp_buffer(row), apdu.ne);
}
res_APDU_size = apdu.ne;
}
else {
apdu.nc -= 2;
apdu.data += 2;
if (apdu.nc > 1024) {
return SW_WRONG_LENGTH();
}
if (apdu.nc % (israw ? 4 : 2)) {
return SW_WRONG_DATA();
}
uint8_t adata[1024] __attribute__((aligned(4)));
memcpy(adata, apdu.data, apdu.nc);
int ret = 0;
if (israw) {
ret = otp_write_data_raw(row, adata, apdu.nc);
}
else {
ret = otp_write_data(row, adata, apdu.nc);
}
if (ret != 0) {
return SW_EXEC_ERROR();
}
}
}
#endif
else {
return SW_INCORRECT_P1P2();

4
src/hsm/cmd_general_authenticate.c
View file

@ -47,7 +47,7 @@ int cmd_general_authenticate() {
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
r = load_private_key_ecdh(&ectx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ectx);
return SW_EXEC_ERROR();
}
@ -106,7 +106,7 @@ int cmd_general_authenticate() {
r = sm_sign(t, pubkey_len + 16, res_APDU + res_APDU_size);
free(t);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
res_APDU_size += 8;

51
src/hsm/cmd_initialize.c
View file

@ -23,6 +23,7 @@
#include "version.h"
#include "asn1.h"
#include "cvc.h"
#include "otp.h"
extern void scan_all();
@ -132,10 +133,10 @@ int cmd_initialize() {
release_mkek(mkek);
return SW_EXEC_ERROR();
}
if (ret_mkek != CCID_OK) {
if (ret_mkek != PICOKEY_OK) {
ret_mkek = load_mkek(mkek); //Try again with new PIN/SO-PIN just in case some is the same
}
if (store_mkek(ret_mkek == CCID_OK ? mkek : NULL) != CCID_OK) {
if (store_mkek(ret_mkek == PICOKEY_OK ? mkek : NULL) != PICOKEY_OK) {
release_mkek(mkek);
return SW_EXEC_ERROR();
}
@ -143,31 +144,31 @@ int cmd_initialize() {
if (dkeks) {
if (*dkeks > 0) {
uint16_t d = *dkeks;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
else {
int r = save_dkek_key(0, random_bytes_get(32));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
uint16_t d = 0x0101;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
}
else {
uint16_t d = 0x0000;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
if (kds) {
uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS);
memset(t, 0xff, 2 * k);
if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) {
if (file_put_data(tf_kd, t, 2 * k) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@ -179,59 +180,55 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
int ret = 0;
if (ret_mkek != CCID_OK || !file_has_data(fdkey)) {
if (ret_mkek != PICOKEY_OK || !file_has_data(fdkey)) {
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
uint8_t index = 0, key_id = 0;
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
uint8_t key_id = 0;
if (otp_key_2) {
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecdsa, otp_key_2, 32);
}
else {
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
}
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t cvc_len = 0;
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
uint16_t ee_len = 0, term_len = 0;
if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
file_t *fpk = search_file(EF_EE_DEV);
ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len);
ret = file_put_data(fpk, res_APDU, ee_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, 4096 - ee_len, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
memcpy(res_APDU + cvc_len, res_APDU, cvc_len);
mbedtls_ecdsa_free(&ecdsa);
fpk = search_file(EF_TERMCA);
ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len));
ret = file_put_data(fpk, res_APDU, ee_len + term_len);
if (ret != 0) {
return SW_EXEC_ERROR();
}
const uint8_t *keyid =
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESPICOHSMTR";
uint16_t prkd_len = asn1_build_prkd_ecc(label,
(uint16_t)strlen((const char *) label),
keyid,
20,
256,
res_APDU,
4096);
uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096);
fpk = search_file(EF_PRKD_DEV);
ret = file_put_data(fpk, res_APDU, prkd_len);
}
if (ret != 0) {
return SW_EXEC_ERROR();

12
src/hsm/cmd_key_domain.c
View file

@ -72,8 +72,8 @@ int cmd_key_domain() {
import_dkek_share(p2, apdu.data);
if (++current_dkeks >= dkeks) {
int r = save_dkek_key(p2, NULL);
if (r != CCID_OK) {
if (r == CCID_NO_LOGIN) {
if (r != PICOKEY_OK) {
if (r == PICOKEY_NO_LOGIN) {
pending_save_dkek = p2;
}
else {
@ -86,7 +86,7 @@ int cmd_key_domain() {
uint8_t t[MAX_KEY_DOMAINS * 2];
memcpy(t, kdata, tf_kd_size);
t[2 * p2 + 1] = current_dkeks;
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@ -129,17 +129,17 @@ int cmd_key_domain() {
else if (p1 == 0x4) {
t[2 * p2 + 1] = current_dkeks = 0;
}
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_t *tf = NULL;
if ((tf = search_file(EF_DKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
if (delete_file(tf) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
if (delete_file(tf) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}

4
src/hsm/cmd_key_gen.c
View file

@ -56,10 +56,10 @@ int cmd_key_gen() {
aes_type = PICO_KEYS_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
if (find_and_store_meta_key(key_id) != CCID_OK) {
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();

20
src/hsm/cmd_key_unwrap.c
View file

@ -51,8 +51,8 @@ int cmd_key_unwrap() {
mbedtls_rsa_init(&ctx);
do {
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
@ -62,7 +62,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
mbedtls_rsa_free(&ctx);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@ -71,8 +71,8 @@ int cmd_key_unwrap() {
mbedtls_ecp_keypair_init(&ctx);
do {
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
@ -82,7 +82,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
mbedtls_ecp_keypair_free(&ctx);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@ -97,8 +97,8 @@ int cmd_key_unwrap() {
&key_size,
&allowed,
&allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
@ -117,7 +117,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@ -136,7 +136,7 @@ int cmd_key_unwrap() {
}
r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len);
free(meta);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
}

10
src/hsm/cmd_key_wrap.c
View file

@ -60,9 +60,9 @@ int cmd_key_wrap() {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
r = load_private_key_rsa(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@ -74,9 +74,9 @@ int cmd_key_wrap() {
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
r = load_private_key_ec(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@ -110,7 +110,7 @@ int cmd_key_wrap() {
r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes));
}
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
res_APDU_size = wrap_len;

6
src/hsm/cmd_keypair_gen.c
View file

@ -63,7 +63,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR();
}
@ -144,7 +144,7 @@ int cmd_keypair_gen() {
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@ -154,7 +154,7 @@ int cmd_keypair_gen() {
else {
return SW_WRONG_DATA();
}
if (find_and_store_meta_key(key_id) != CCID_OK) {
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);

2
src/hsm/cmd_mse.c
View file

@ -51,7 +51,7 @@ int cmd_mse() {
}
else {
if (p2 == 0xB6) {
if (puk_store_select_chr(tag_data) == CCID_OK) {
if (puk_store_select_chr(tag_data) == PICOKEY_OK) {
return SW_OK();
}
}

8
src/hsm/cmd_pso.c
View file

@ -40,11 +40,11 @@ int cmd_pso() {
apdu.nc += tlv_len;
}
int r = cvc_verify(apdu.data, (uint16_t)apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
if (r != CCID_OK) {
if (r == CCID_WRONG_DATA) {
if (r != PICOKEY_OK) {
if (r == PICOKEY_WRONG_DATA) {
return SW_DATA_INVALID();
}
else if (r == CCID_WRONG_SIGNATURE) {
else if (r == PICOKEY_WRONG_SIGNATURE) {
return SW_CONDITIONS_NOT_SATISFIED();
}
return SW_EXEC_ERROR();
@ -56,7 +56,7 @@ int cmd_pso() {
ca_ef = file_new(fid);
file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc);
if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef),
false) != CCID_OK) {
false) != PICOKEY_OK) {
return SW_FILE_FULL();
}

8
src/hsm/cmd_reset_retry.c
View file

@ -59,19 +59,19 @@ int cmd_reset_retry() {
dhash[0] = newpin_len;
double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
file_put_data(file_pin1, dhash, sizeof(dhash));
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
uint8_t mkek[MKEK_SIZE];
int r = load_mkek(mkek); //loads the MKEK with SO pin
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pin);
has_session_pin = true;
r = store_mkek(mkek);
release_mkek(mkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@ -99,7 +99,7 @@ int cmd_reset_retry() {
return SW_WRONG_LENGTH();
}
}
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
return SW_OK();

18
src/hsm/cmd_signature.c
View file

@ -83,17 +83,17 @@ int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm,
*algorithm = digest_info_prefix[i].algorithm;
}
if (out_dat == NULL) {
return CCID_OK;
return PICOKEY_OK;
}
if (*out_len < hash_len) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
memmove(out_dat, in_dat + hdr_len, hash_len);
*out_len = hash_len;
return CCID_OK;
return PICOKEY_OK;
}
}
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
//-----
@ -143,9 +143,9 @@ int cmd_signature() {
mbedtls_rsa_init(&ctx);
int r = load_private_key_rsa(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@ -154,7 +154,7 @@ int cmd_signature() {
if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
uint16_t nc = (uint16_t)apdu.nc;
if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
&nc) != CCID_OK) { //gets the MD algo id and strips it off
&nc) != PICOKEY_OK) { //gets the MD algo id and strips it off
return SW_EXEC_ERROR();
}
apdu.nc = nc;
@ -265,9 +265,9 @@ int cmd_signature() {
md = MBEDTLS_MD_SHA512;
}
int r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();

4
src/hsm/cmd_update_ef.c
View file

@ -78,7 +78,7 @@ int cmd_update_ef() {
}
if (offset == 0) {
int r = file_put_data(ef, data, data_len);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
}
@ -92,7 +92,7 @@ int cmd_update_ef() {
memcpy(data_merge + offset, data, data_len);
int r = file_put_data(ef, data_merge, offset + data_len);
free(data_merge);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
}

56
src/hsm/cvc.c
View file

@ -333,7 +333,7 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
}
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
if (load_private_key_ec(&ectx, fkey) != CCID_OK) {
if (load_private_key_ec(&ectx, fkey) != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ectx);
return 0;
}
@ -702,12 +702,12 @@ int puk_verify(const uint8_t *sig,
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t oid_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
if (!oid) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
uint16_t t81_len = 0, t82_len = 0;
@ -716,7 +716,7 @@ int puk_verify(const uint8_t *sig,
&t81_len,
0x82);
if (!t81 || !t82) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_rsa_context rsa;
mbedtls_rsa_init(&rsa);
@ -744,32 +744,32 @@ int puk_verify(const uint8_t *sig,
}
if (md == MBEDTLS_MD_NONE) {
mbedtls_rsa_free(&rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
int r = mbedtls_mpi_read_binary(&rsa.N, t81, t81_len);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_mpi_read_binary(&rsa.E, t82, t82_len);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_complete(&rsa);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_check_pubkey(&rsa);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig);
mbedtls_rsa_free(&rsa);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
}
else if (memcmp(oid, OID_ID_TA_ECDSA, 9) == 0) { //ECC
@ -790,34 +790,34 @@ int puk_verify(const uint8_t *sig,
md = MBEDTLS_MD_SHA512;
}
if (md == MBEDTLS_MD_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
if (!t86) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(ca, ca_len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
int ret = mbedtls_ecp_group_load(&ecdsa.grp, ec_id);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
ret = mbedtls_ecp_point_read_binary(&ecdsa.grp, &ecdsa.Q, t86, t86_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_ecp_check_pubkey(&ecdsa.grp, &ecdsa.Q);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
@ -827,44 +827,44 @@ int puk_verify(const uint8_t *sig,
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_mpi_read_binary(&s, sig + sig_len / 2, sig_len / 2);
if (ret != 0) {
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_ecdsa_verify(&ecdsa.grp, hash, hash_len, &ecdsa.Q, &r, &s);
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
if (ret != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
}
return CCID_OK;
return PICOKEY_OK;
}
int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) {
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len);
const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len);
if (!sig) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (!cv_body) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (!oid) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_md_type_t md = MBEDTLS_MD_NONE;
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
@ -905,18 +905,18 @@ int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16
}
}
if (md == MBEDTLS_MD_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
uint8_t hash[64], hash_len = mbedtls_md_get_size(md_info);
uint8_t tlv_body = 2 + format_tlv_len(cv_body_len, NULL);
int r = mbedtls_md(md_info, cv_body - tlv_body, cv_body_len + tlv_body, hash);
if (r != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = puk_verify(sig, sig_len, hash, hash_len, ca, ca_len);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
return CCID_OK;
return PICOKEY_OK;
}

198
src/hsm/kek.c
View file

@ -29,6 +29,7 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/chachapoly.h"
#include "files.h"
#include "otp.h"
extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32];
@ -51,7 +52,7 @@ uint32_t crc32c(const uint8_t *buf, size_t len) {
int load_mkek(uint8_t *mkek) {
if (has_session_pin == false && has_session_sopin == false) {
return CCID_NO_LOGIN;
return PICOKEY_NO_LOGIN;
}
const uint8_t *pin = NULL;
if (pin == NULL && has_session_pin == true) {
@ -69,23 +70,23 @@ int load_mkek(uint8_t *mkek) {
}
}
if (pin == NULL) { //Should never happen
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (has_mkek_mask) {
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mkek_mask[i];
}
}
int ret =
aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
if (ret != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
return CCID_WRONG_DKEK;
return PICOKEY_WRONG_DKEK;
}
return CCID_OK;
if (has_mkek_mask || otp_key_1) {
const uint8_t *mask = otp_key_1 ? otp_key_1 : mkek_mask;
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mask[i];
}
}
return PICOKEY_OK;
}
mse_t mse = { .init = false };
@ -94,14 +95,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
mbedtls_chachapoly_context chatx;
mbedtls_chachapoly_init(&chatx);
mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx,
len - 16,
mse.key_enc,
mse.Qpt,
65,
data + len - 16,
data,
data);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data);
mbedtls_chachapoly_free(&chatx);
return ret;
}
@ -109,7 +103,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
int load_dkek(uint8_t id, uint8_t *dkek) {
file_t *tf = search_file(EF_DKEK + id);
if (!file_has_data(tf)) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
return mkek_decrypt(dkek, DKEK_KEY_SIZE);
@ -121,7 +115,7 @@ void release_mkek(uint8_t *mkek) {
int store_mkek(const uint8_t *mkek) {
if (has_session_pin == false && has_session_sopin == false) {
return CCID_NO_LOGIN;
return PICOKEY_NO_LOGIN;
}
uint8_t tmp_mkek[MKEK_SIZE];
if (mkek == NULL) {
@ -139,12 +133,9 @@ int store_mkek(const uint8_t *mkek) {
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_pin);
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
aes_encrypt_cfb_256(session_pin,
MKEK_IV(tmp_mkek_pin),
MKEK_KEY(tmp_mkek_pin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
aes_encrypt_cfb_256(session_pin, MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
release_mkek(tmp_mkek_pin);
}
@ -155,32 +146,29 @@ int store_mkek(const uint8_t *mkek) {
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_sopin);
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
aes_encrypt_cfb_256(session_sopin,
MKEK_IV(tmp_mkek_sopin),
MKEK_KEY(tmp_mkek_sopin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
aes_encrypt_cfb_256(session_sopin, MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
release_mkek(tmp_mkek_sopin);
}
low_flash_available();
release_mkek(tmp_mkek);
return CCID_OK;
return PICOKEY_OK;
}
int store_dkek_key(uint8_t id, uint8_t *dkek) {
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
int r = mkek_encrypt(dkek, DKEK_KEY_SIZE);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
file_put_data(tf, dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int save_dkek_key(uint8_t id, const uint8_t *key) {
@ -188,7 +176,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) {
if (!key) {
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
}
@ -202,7 +190,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
uint8_t tmp_dkek[DKEK_KEY_SIZE];
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memset(tmp_dkek, 0, sizeof(tmp_dkek));
if (file_get_size(tf) == DKEK_KEY_SIZE) {
@ -213,7 +201,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
}
file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
@ -221,45 +209,45 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
memset(kcv, 0, 8);
memset(hsh, 0, sizeof(hsh));
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
hash256(dkek, DKEK_KEY_SIZE, hsh);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
memcpy(kcv, hsh, 8);
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
uint8_t dkek[DKEK_KEY_SIZE + 4];
memset(kenc, 0, 32);
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
hash256(dkek, sizeof(dkek), kenc);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
uint8_t dkek[DKEK_KEY_SIZE + 4];
memset(kmac, 0, 32);
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
hash256(dkek, DKEK_KEY_SIZE + 4, kmac);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
return PICOKEY_OK;
}
int mkek_encrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
return r;
}
r = aes_encrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@ -270,7 +258,7 @@ int mkek_encrypt(uint8_t *data, uint16_t len) {
int mkek_decrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
return r;
}
r = aes_decrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@ -278,15 +266,9 @@ int mkek_decrypt(uint8_t *data, uint16_t len) {
return r;
}
int dkek_encode_key(uint8_t id,
void *key_ctx,
int key_type,
uint8_t *out,
uint16_t *out_len,
const uint8_t *allowed,
uint16_t allowed_len) {
int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint16_t *out_len, const uint8_t *allowed, uint16_t allowed_len) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
@ -298,21 +280,21 @@ int dkek_encode_key(uint8_t id,
uint8_t kenc[32];
memset(kenc, 0, sizeof(kenc));
r = dkek_kenc(id, kenc);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kcv[8];
memset(kcv, 0, sizeof(kcv));
r = dkek_kcv(id, kcv);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kmac[32];
memset(kmac, 0, sizeof(kmac));
r = dkek_kmac(id, kmac);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
@ -331,10 +313,10 @@ int dkek_encode_key(uint8_t id,
}
if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
put_uint16_t(kb_len, kb + 8);
@ -346,7 +328,7 @@ int dkek_encode_key(uint8_t id,
}
else if (key_type & PICO_KEYS_KEY_RSA) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
kb_len = 0;
@ -367,7 +349,7 @@ int dkek_encode_key(uint8_t id,
}
else if (key_type & PICO_KEYS_KEY_EC) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
kb_len = 0;
@ -386,12 +368,7 @@ int dkek_encode_key(uint8_t id,
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp,
&ecdsa->grp.G,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
@ -399,12 +376,7 @@ int dkek_encode_key(uint8_t id,
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp,
&ecdsa->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
@ -458,25 +430,20 @@ int dkek_encode_key(uint8_t id,
kb[kb_len] = 0x80;
}
r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(out + *out_len, kb, kb_len_pad);
*out_len += kb_len_pad;
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
kmac,
256,
out,
*out_len,
out + *out_len);
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, out, *out_len, out + *out_len);
*out_len += 16;
if (r != 0) {
return r;
}
return CCID_OK;
return PICOKEY_OK;
}
int dkek_type_key(const uint8_t *in) {
@ -492,70 +459,59 @@ int dkek_type_key(const uint8_t *in) {
return 0x0;
}
int dkek_decode_key(uint8_t id,
void *key_ctx,
const uint8_t *in,
uint16_t in_len,
int *key_size_out,
uint8_t **allowed,
uint16_t *allowed_len) {
int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_len, int *key_size_out, uint8_t **allowed, uint16_t *allowed_len) {
uint8_t kcv[8];
int r = 0;
memset(kcv, 0, sizeof(kcv));
r = dkek_kcv(id, kcv);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kmac[32];
memset(kmac, 0, sizeof(kmac));
r = dkek_kmac(id, kmac);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kenc[32];
memset(kenc, 0, sizeof(kenc));
r = dkek_kenc(id, kenc);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
if (memcmp(kcv, in, 8) != 0) {
return CCID_WRONG_DKEK;
return PICOKEY_WRONG_DKEK;
}
uint8_t signature[16];
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
kmac,
256,
in,
in_len - 16,
signature);
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, in, in_len - 16, signature);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
if (memcmp(signature, in + in_len - 16, 16) != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
int key_type = in[8];
if (key_type != 5 && key_type != 6 && key_type != 12 && key_type != 15) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if ((key_type == 5 || key_type == 6) &&
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02", 12) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 12 &&
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03", 12) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 15 && memcmp(in + 9, "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01", 10) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t ofs = 9;
@ -579,13 +535,13 @@ int dkek_decode_key(uint8_t id,
ofs += len + 2;
if ((in_len - 16 - ofs) % 16 != 0) {
return CCID_WRONG_PADDING;
return PICOKEY_WRONG_PADDING;
}
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
memset(kb, 0, sizeof(kb));
memcpy(kb, in + ofs, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
@ -602,14 +558,14 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
}
else if (key_type == 6) {
@ -623,7 +579,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
//PQ
@ -633,7 +589,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
//N
len = get_uint16_t(kb, ofs); ofs += len + 2;
@ -643,33 +599,33 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 5) {
r = mbedtls_rsa_import(rsa, &rsa->N, NULL, NULL, &rsa->D, &rsa->E);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 6) {
r = mbedtls_rsa_import(rsa, NULL, &rsa->P, &rsa->Q, NULL, &rsa->E);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
r = mbedtls_rsa_complete(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_check_privkey(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 12) {
@ -687,7 +643,7 @@ int dkek_decode_key(uint8_t id,
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
mbedtls_ecdsa_free(ecdsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
ofs += len;
@ -709,7 +665,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ofs += len;
@ -725,17 +681,17 @@ int dkek_decode_key(uint8_t id,
}
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
r = mbedtls_ecp_check_pub_priv(ecdsa, ecdsa, random_gen, NULL);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 15) {
memcpy(key_ctx, kb + ofs, key_size);
}
return CCID_OK;
return PICOKEY_OK;
}

84
src/hsm/sc_hsm.c
View file

@ -43,6 +43,8 @@ bool has_session_pin = false, has_session_sopin = false;
const uint8_t *dev_name = NULL;
uint16_t dev_name_len = 0;
uint8_t PICO_PRODUCT = 1;
static int sc_hsm_process_apdu();
static void init_sc_hsm();
@ -85,7 +87,7 @@ int sc_hsm_select_aid(app_t *a, uint8_t force) {
a->process_apdu = sc_hsm_process_apdu;
a->unload = sc_hsm_unload;
init_sc_hsm();
return CCID_OK;
return PICOKEY_OK;
}
INITIALIZER( sc_hsm_ctor ) {
@ -178,10 +180,10 @@ uint8_t puk_status[MAX_PUK];
int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
if (data == NULL || data_len == 0) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
if (puk_store_entries == MAX_PUK_STORE_ENTRIES) {
return CCID_ERR_MEMORY_FATAL;
return PICOKEY_ERR_MEMORY_FATAL;
}
puk_store[puk_store_entries].copied = copy;
@ -205,17 +207,17 @@ int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
&puk_store[puk_store_entries].puk_len);
puk_store_entries++;
return CCID_OK;
return PICOKEY_OK;
}
int puk_store_select_chr(const uint8_t *chr) {
for (int i = 0; i < puk_store_entries; i++) {
if (memcmp(puk_store[i].chr, chr, puk_store[i].chr_len) == 0) {
current_puk = &puk_store[i];
return CCID_OK;
return PICOKEY_OK;
}
}
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
void reset_puk_store() {
@ -261,7 +263,7 @@ int sc_hsm_unload() {
has_session_pin = has_session_sopin = false;
isUserAuthenticated = false;
sm_session_pin_len = 0;
return CCID_OK;
return PICOKEY_OK;
}
uint16_t get_device_options() {
@ -334,16 +336,16 @@ int parse_ef_dir(const file_t *f, int mode) {
int pin_reset_retries(const file_t *pin, bool force) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
const file_t *max = search_file(pin->fid + 1);
const file_t *act = search_file(pin->fid + 2);
if (!max || !act) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(act);
if (retries == 0 && force == false) { // blocked
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
retries = file_read_uint8(max);
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
@ -353,26 +355,26 @@ int pin_reset_retries(const file_t *pin, bool force) {
int pin_wrong_retry(const file_t *pin) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
const file_t *act = search_file(pin->fid + 2);
if (!act) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(act);
if (retries > 0) {
retries -= 1;
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
low_flash_available();
if (retries == 0) {
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
return retries;
}
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
bool pka_enabled() {
@ -391,7 +393,7 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
int retries;
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
@ -405,17 +407,17 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
}
if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
int retries;
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
}
}
int r = pin_reset_retries(pin, false);
if (r == CCID_ERR_BLOCKED) {
if (r == PICOKEY_ERR_BLOCKED) {
return SW_PIN_BLOCKED();
}
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
if (pka_enabled() == false) {
@ -552,18 +554,18 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
memcpy(kdata, key_ctx, key_size);
}
else {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
if (!fpk) {
return CCID_ERR_MEMORY_FATAL;
return PICOKEY_ERR_MEMORY_FATAL;
}
r = mkek_encrypt(kdata, key_size);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
r = file_put_data(fpk, kdata, (uint16_t)key_size);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
char key_id_str[4] = {0};
@ -580,7 +582,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
}
}
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int find_and_store_meta_key(uint8_t key_id) {
@ -614,73 +616,73 @@ int find_and_store_meta_key(uint8_t key_id) {
int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size);
free(meta);
if (r != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return CCID_VERIFICATION_FAILED;
return PICOKEY_VERIFICATION_FAILED;
}
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[4096 / 8];
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size / 2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_mpi_read_binary(&ctx->Q, kdata + key_size / 2, key_size / 2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_rsa_complete(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_rsa_check_privkey(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return CCID_VERIFICATION_FAILED;
return PICOKEY_VERIFICATION_FAILED;
}
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[67]; // Worst case, 521 bit + 1byte
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_ecp_group_id gid = kdata[0];
int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
@ -691,9 +693,9 @@ int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
}
if (r != 0) {
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
return load_private_key_ec(ctx, fkey);
@ -762,7 +764,7 @@ static const cmd_t cmds[] = {
int sc_hsm_process_apdu() {
int r = sm_unwrap();
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_DATA_INVALID();
}
for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {

2
src/hsm/version.h
View file

@ -18,7 +18,7 @@
#ifndef __VERSION_H_
#define __VERSION_H_
#define HSM_VERSION 0x0402
#define HSM_VERSION 0x0500
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)

2
tests/scripts/func.sh
View file

@ -37,7 +37,7 @@ gen_and_delete() {
test $? -eq 0 && echo -n "." || exit $?
}
reset() {
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent > /dev/null 2>&1
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent --no-dev-cert > /dev/null 2>&1
test $? -eq 0 || exit $?
}

2
tests/scripts/sc_hsm_test.sh
View file

@ -14,7 +14,7 @@ test $? -eq 0 && echo -n "." || {
echo -e "\t${FAIL}"
exit 1
}
grep -q "338 tests performed" <<< $e && echo -n "." || {
grep -q "334 tests performed" <<< $e && echo -n "." || {
echo -e "\t${FAIL}"
exit 1
}

94
tools/pico-hsm-patch-vidpid.sh
View file

@ -1,94 +0,0 @@
#!/bin/bash
#
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
VERSION_MAJOR="6" #Version of Pico Keys SDK
VERSION_MINOR="0"
echo "----------------------------"
echo "VID/PID patcher for Pico HSM"
echo "----------------------------"
echo ""
if [ "$#" -le 0 ]; then
echo "Usage: $0 VID:PID [input_uf2_file] [output_uf2_file]"
exit 1
fi
IFS=':' read -r -a ARR <<< "$1"
if [ ${#ARR[@]} -ne 2 ]; then
echo "ERROR: Specify vendor and product ids as VID:PID (e.g., $0 CAFE:1234)"
exit 1
fi
VID=${ARR[0]}
PID=${ARR[1]}
if [ ${#VID} -ne 4 ]; then
echo "ERROR: VID length must be 4 hexadecimal characters"
exit 1
fi
if [ ${#PID} -ne 4 ]; then
echo "ERROR: PID length must be 4 hexadecimal characters"
exit 1
fi
if ! [[ $VID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
echo "ERROR: VID must contain hexadecimal characters"
exit 1
fi
if ! [[ $PID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
echo "ERROR: PID must contain hexadecimal characters"
exit 1
fi
UF2_FILE_IF="hsm2040.uf2"
UF2_FILE_OF="$UF2_FILE_IF"
if [ "$#" -ge 2 ]; then
UF2_FILE_IF="$2"
UF2_FILE_OF="$UF2_FILE_IF"
fi
if [ "$#" -ge 3 ]; then
UF2_FILE_OF="$3"
fi
echo -n "Patching ${UF2_FILE_IF}... "
if [[ ! -f "$UF2_FILE_IF" ]]; then
echo "ERROR: UF2 file ${UF2_FILE_IF} does not exist"
exit 1
fi
if [ "$UF2_FILE_IF" != "$UF2_FILE_OF" ]; then
cp -R $UF2_FILE_IF $UF2_FILE_OF
fi
LITTLE_VID="\x${VID:2:2}\x${VID:0:2}"
LITTLE_PID="\x${PID:2:2}\x${PID:0:2}"
perl -pi -e "s/\xff\xfe\xfd\xfc\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/$LITTLE_VID$LITTLE_PID\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/" $UF2_FILE_OF
echo "Done!"
echo ""
echo "Patched file was saved in ${UF2_FILE_OF}"

44
tools/pico-hsm-tool.py
View file

@ -57,6 +57,8 @@ from argparse import RawTextHelpFormatter
pin = None
BOOTKEY = [225, 209, 107, 167, 100, 171, 215, 18, 212, 239, 110, 62, 221, 116, 78, 213, 99, 140, 38, 11, 119, 28, 249, 129, 81, 17, 11, 175, 172, 155, 200, 113]
def hexy(a):
return [hex(i) for i in a]
@ -67,6 +69,7 @@ def parse_args():
parser.add_argument('--pin', help='PIN number')
parser_init.add_argument('--so-pin', help='SO-PIN number')
parser_init.add_argument('--silent', help='Confirms initialization silently.', action='store_true')
parser_init.add_argument('--no-dev-cert', help='Do not request a device certificate (it will use a self-signed certificate). Do not use if attestation is needed.', action='store_true', default=False)
parser_attestate = subparser.add_parser('attestate', help='Generates an attestation report for a private key and verifies the private key was generated in the devices or outside.')
parser_attestate.add_argument('-k', '--key', help='The private key index', metavar='KEY_ID')
@ -94,11 +97,15 @@ def parse_args():
parser_phy = subparser.add_parser('phy', help='Set PHY options.')
subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True)
parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)')
parser_phy_ledn = subparser_phy.add_parser('led', help='Sets LED GPIO number.')
parser_phy_ledn = subparser_phy.add_parser('led_gpio', help='Sets LED GPIO number.')
parser_phy_optwcid = subparser_phy.add_parser('wcid', help='Enable/Disable Web CCID interface.')
parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
parser_phy_ledn.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
parser_phy_optwcid.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable Web CCID interface.', nargs='?')
parser_phy_ledbtness = subparser_phy.add_parser('led_brightness', help='Sets LED max. brightness.')
parser_phy_ledbtness.add_argument('value', help='Value of the max. brightness.', metavar='VAL', nargs='?')
parser_phy_optdimm = subparser_phy.add_parser('led_dimmable', help='Enable/Disable LED dimming.')
parser_phy_optdimm.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable LED dimming.', nargs='?')
parser_secure = subparser.add_parser('secure', help='Manages security of Pico HSM.')
subparser_secure = parser_secure.add_subparsers(title='commands', dest='subcommand', required=True)
@ -137,6 +144,13 @@ def parse_args():
parser_keygen_x25519 = subparser_keygen.add_parser('ed25519', help='Generates a private Ed25519 keypair.')
parser_keygen_x448 = subparser_keygen.add_parser('ed448', help='Generates a private Ed448 keypair.')
parser_otp = subparser.add_parser('otp', help='Read/write OTP values.')
parser_otp.add_argument('subcommand', choices=['read', 'write', 'secure_boot'], help='Read, write or enable Secure Boot', nargs='?')
parser_otp.add_argument('--row', help='OTP row (in HEX)', required='write' in sys.argv or 'read' in sys.argv)
parser_otp.add_argument('-d', '--data', help='Data to write (in HEX) [e.g. 0011223344556677889900AABBCCDDEEFF]', required='write' in sys.argv)
parser_otp.add_argument('--lock', help='Lock & protect (no other firmwares can be loaded)', action='store_true')
parser_otp.add_argument('--index', help='Bootkey index [0-3]', type=int, default=0, choices=[0, 1, 2, 3])
args = parser.parse_args()
return args
@ -206,6 +220,7 @@ def initialize(picohsm, args):
so_pin = '57621880'
picohsm.initialize(pin=pin, sopin=so_pin)
if (not args.no_dev_cert):
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
cert = bytearray(response)
@ -464,10 +479,15 @@ def phy(picohsm, args):
sp = val.split(':')
if (len(sp) != 2):
print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)')
return
val = int(sp[0],16).to_bytes(2, 'big') + int(sp[1],16).to_bytes(2, 'big')
elif (args.subcommand == 'led'):
elif (args.subcommand in ['led_gpio', 'led_brightness']):
if (args.subcommand == 'led_brightness'):
if (int(val) > 15 or int(val) < 0):
print('ERROR: LED brightness must be between 0 and 15.')
return
val = [int(val)]
elif (args.subcommand == 'wcid'):
elif (args.subcommand in ['wcid', 'led_dimmable']):
val = val == 'enable'
ret = picohsm.phy(args.subcommand, val)
if (ret):
@ -475,8 +495,21 @@ def phy(picohsm, args):
else:
print('Command executed successfully. Please, restart your Pico Key.')
def otp(picohsm, args):
if (args.subcommand == 'read'):
row = int(args.row, 16)
ret = picohsm.otp(row=row)
print(f'OTP row {args.row}: {hexlify(ret).decode()}')
elif (args.subcommand == 'write'):
row = int(args.row, 16)
data = unhexlify(args.data)
picohsm.otp(row=row, data=data)
print(f'OTP row {args.row} written successfully.')
elif (args.subcommand == 'secure_boot'):
picohsm.secure_boot(BOOTKEY, bootkey_index=args.index, lock=args.lock)
def main(args):
sys.stderr.buffer.write(b'Pico HSM Tool v1.16\n')
sys.stderr.buffer.write(b'Pico HSM Tool v2.0\n')
sys.stderr.buffer.write(b'Author: Pol Henarejos\n')
sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n')
sys.stderr.buffer.write(b'\n\n')
@ -503,7 +536,8 @@ def main(args):
keygen(picohsm, args)
elif (args.command == 'phy'):
phy(picohsm, args)
elif (args.command == 'otp'):
otp(picohsm, args)
def run():
args = parse_args()

30
workflows/autobuild.sh
View file

@ -2,16 +2,38 @@
git submodule update --init --recursive
sudo apt update
if [[ $1 == "pico" ]]; then
sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib
git clone https://github.com/raspberrypi/pico-sdk
cd pico-sdk
git submodule update --init
cd ..
git clone https://github.com/raspberrypi/picotool
cd picotool
git submodule update --init
mkdir build
cd build
if [[ $1 == "pico" ]]; then
cmake -DPICO_SDK_PATH=../../pico-sdk ..
make -j`nproc`
sudo make install
cd ../..
mkdir build_pico
cd build_pico
cmake -DPICO_SDK_PATH=../pico-sdk ..
else
cmake -DENABLE_EMULATION=1 ..
fi
make
elif [[ $1 == "esp32" ]]; then
sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
git clone --recursive https://github.com/espressif/esp-idf.git
cd esp-idf
./install.sh esp32s3
. ./export.sh
cd ..
idf.py set-target esp32s3
idf.py all
else
mkdir build
cd build
cmake -DENABLE_EMULATION=1 ..
make
fi