mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use new Pico Keys SDK.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2023-11-06 14:25:42 +01:00
parent cc19f8f061
commit ed2925cfb6
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
11 changed files with 76 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CMakeLists.txt
View file

@ -77,7 +77,7 @@ set(SOURCES ${SOURCES}
)
set(USB_ITF_CCID 1)
include(pico-hsm-sdk/pico_hsm_sdk_import.cmake)
include(pico-keys-sdk/pico_keys_sdk_import.cmake)
set(INCLUDES ${INCLUDES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm
@ -109,5 +109,5 @@ endif (APPLE)
else()
pico_add_extra_outputs(pico_hsm)
target_link_libraries(pico_hsm PRIVATE pico_hsm_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
endif()

2
src/hsm/cmd_derive_asym.c
View file

@ -88,7 +88,7 @@ int cmd_derive_asym() {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, dest_id);
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();

6
src/hsm/cmd_initialize.c
View file

@ -187,13 +187,13 @@ int cmd_initialize() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
if (ret != CCID_OK) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t cvc_len = 0;
if ((cvc_len = asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
@ -205,7 +205,7 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
if ((cvc_len = asn1_cvc_cert(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}

8
src/hsm/cmd_key_gen.c
View file

@ -44,16 +44,16 @@ int cmd_key_gen() {
memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0;
if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {

22
src/hsm/cmd_key_unwrap.c
View file

@ -35,7 +35,7 @@ int cmd_key_unwrap() {
if (key_type == 0x0) {
return SW_DATA_INVALID();
}
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
do {
@ -45,8 +45,8 @@ int cmd_key_unwrap() {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
@ -57,7 +57,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
do {
@ -67,8 +67,8 @@ int cmd_key_unwrap() {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
@ -79,7 +79,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
uint8_t aes_key[64];
int key_size = 0, aes_type = 0;
do {
@ -95,16 +95,16 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else {
return SW_EXEC_ERROR();

14
src/hsm/cmd_key_wrap.c
View file

@ -67,7 +67,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_rsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_ECC) {
@ -81,7 +81,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_ecdsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
@ -90,22 +90,22 @@ int cmd_key_wrap() {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
int key_size = file_get_size(ef), aes_type = HSM_KEY_AES;
int key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES;
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));

8
src/hsm/cmd_keypair_gen.c
View file

@ -69,10 +69,10 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
if ((res_APDU_size =
asn1_cvc_aut(&rsa, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, HSM_KEY_RSA, key_id);
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
if (ret != CCID_OK) {
mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR();
@ -133,7 +133,7 @@ int cmd_keypair_gen() {
}
}
if ((res_APDU_size =
asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
if (ext) {
free(ext);
}
@ -143,7 +143,7 @@ int cmd_keypair_gen() {
if (ext) {
free(ext);
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
return SW_EXEC_ERROR();

38
src/hsm/cvc.c
View file

@ -165,10 +165,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t pubkey_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
}
size_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0;
@ -221,10 +221,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
//pubkey
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
}
//chr
@ -265,10 +265,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t key_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)->grp.id)->bit_size + 7) / 8);
}
size_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size);
@ -288,13 +288,13 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
hash256(body, body_size, hsh);
memcpy(p, "\x5F\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32, hsh, p) != 0) {
memset(p, 0, key_size);
}
p += key_size;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
@ -440,17 +440,17 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq_len = 0;
const uint8_t *seq = NULL;
uint8_t first_tag = 0x0;
if (key_type & HSM_KEY_EC) {
if (key_type & PICO_KEYS_KEY_EC) {
seq = (const uint8_t *)"\x07\x20\x80";
seq_len = 3;
first_tag = 0xA0;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
seq = (const uint8_t *)"\x02\x74";
seq_len = 2;
first_tag = 0x30;
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq = (const uint8_t *)"\x07\xC0\x10";
seq_len = 3;
first_tag = 0xA8;
@ -459,10 +459,10 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq2_size =
asn1_len_tag(0x30, asn1_len_tag(0x4, keyid_len) + asn1_len_tag(0x3, seq_len));
size_t seq3_size = 0, seq4_size = 0;
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)) + asn1_len_tag(0x2, 2)));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq3_size = asn1_len_tag(0xA0, asn1_len_tag(0x30, asn1_len_tag(0x2, 2)));
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0))));
}
@ -494,7 +494,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
memcpy(p, seq, seq_len); p += seq_len;
//Seq 3
if (key_type & HSM_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES) {
*p++ = 0xA0;
p += format_tlv_len(asn1_len_tag(0x30, asn1_len_tag(0x2, 2)), p);
*p++ = 0x30;
@ -508,7 +508,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
//Seq 4
*p++ = 0xA1;
size_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0));
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
inseq4_len += asn1_len_tag(0x2, 2);
}
p += format_tlv_len(asn1_len_tag(0x30, inseq4_len), p);
@ -518,7 +518,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
p += format_tlv_len(asn1_len_tag(0x4, 0), p);
*p++ = 0x4;
p += format_tlv_len(0, p);
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
*p++ = 0x2;
p += format_tlv_len(2, p);
*p++ = (keysize >> 8) & 0xff;
@ -539,7 +539,7 @@ size_t asn1_build_prkd_ecc(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_EC,
PICO_KEYS_KEY_EC,
buf,
buf_len);
}
@ -556,7 +556,7 @@ size_t asn1_build_prkd_rsa(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_RSA,
PICO_KEYS_KEY_RSA,
buf,
buf_len);
}
@ -573,7 +573,7 @@ size_t asn1_build_prkd_aes(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_AES,
PICO_KEYS_KEY_AES,
buf,
buf_len);
}

32
src/hsm/kek.c
View file

@ -287,7 +287,7 @@ int dkek_encode_key(uint8_t id,
size_t *out_len,
const uint8_t *allowed,
size_t allowed_len) {
if (!(key_type & HSM_KEY_RSA) && !(key_type & HSM_KEY_EC) && !(key_type & HSM_KEY_AES)) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA;
}
@ -317,17 +317,17 @@ int dkek_encode_key(uint8_t id,
return r;
}
if (key_type & HSM_KEY_AES) {
if (key_type & HSM_KEY_AES_128) {
if (key_type & PICO_KEYS_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES_128) {
kb_len = 16;
}
else if (key_type & HSM_KEY_AES_192) {
else if (key_type & PICO_KEYS_KEY_AES_192) {
kb_len = 24;
}
else if (key_type & HSM_KEY_AES_256) {
else if (key_type & PICO_KEYS_KEY_AES_256) {
kb_len = 32;
}
else if (key_type & HSM_KEY_AES_512) {
else if (key_type & PICO_KEYS_KEY_AES_512) {
kb_len = 64;
}
@ -345,7 +345,7 @@ int dkek_encode_key(uint8_t id,
algo = (uint8_t *) "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01"; //2.16.840.1.101.3.4.1 (2+8)
algo_len = 10;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
return CCID_WRONG_LENGTH;
}
@ -366,7 +366,7 @@ int dkek_encode_key(uint8_t id,
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02";
algo_len = 12;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
return CCID_WRONG_LENGTH;
}
@ -418,13 +418,13 @@ int dkek_encode_key(uint8_t id,
memcpy(out + *out_len, kcv, 8);
*out_len += 8;
if (key_type & HSM_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES) {
out[*out_len] = 15;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
out[*out_len] = 5;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
out[*out_len] = 12;
}
*out_len += 1;
@ -458,7 +458,7 @@ int dkek_encode_key(uint8_t id,
if (kb_len < kb_len_pad) {
kb[kb_len] = 0x80;
}
r = aes_encrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, kb_len_pad);
r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
if (r != CCID_OK) {
return r;
}
@ -482,13 +482,13 @@ int dkek_encode_key(uint8_t id,
int dkek_type_key(const uint8_t *in) {
if (in[8] == 5 || in[8] == 6) {
return HSM_KEY_RSA;
return PICO_KEYS_KEY_RSA;
}
else if (in[8] == 12) {
return HSM_KEY_EC;
return PICO_KEYS_KEY_EC;
}
else if (in[8] == 15) {
return HSM_KEY_AES;
return PICO_KEYS_KEY_AES;
}
return 0x0;
}
@ -585,7 +585,7 @@ int dkek_decode_key(uint8_t id,
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
memset(kb, 0, sizeof(kb));
memcpy(kb, in + ofs, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
if (r != CCID_OK) {
return r;
}

16
src/hsm/sc_hsm.c
View file

@ -24,7 +24,7 @@
#include "eac.h"
#include "cvc.h"
#include "asn1.h"
#include "hsm.h"
#include "pico_keys.h"
#include "usb.h"
#include "random.h"
@ -496,30 +496,30 @@ uint32_t decrement_key_counter(file_t *fkey) {
int store_keys(void *key_ctx, int type, uint8_t key_id) {
int r, key_size = 0;
uint8_t kdata[4096 / 8]; // worst case
if (type & HSM_KEY_RSA) {
if (type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
}
else if (type & HSM_KEY_EC) {
else if (type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d);
kdata[0] = ecdsa->grp.id & 0xff;
mbedtls_ecp_write_key(ecdsa, kdata + 1, key_size);
key_size++;
}
else if (type & HSM_KEY_AES) {
if (type == HSM_KEY_AES_128) {
else if (type & PICO_KEYS_KEY_AES) {
if (type == PICO_KEYS_KEY_AES_128) {
key_size = 16;
}
else if (type == HSM_KEY_AES_192) {
else if (type == PICO_KEYS_KEY_AES_192) {
key_size = 24;
}
else if (type == HSM_KEY_AES_256) {
else if (type == PICO_KEYS_KEY_AES_256) {
key_size = 32;
}
else if (type == HSM_KEY_AES_512) {
else if (type == PICO_KEYS_KEY_AES_512) {
key_size = 64;
}
memcpy(kdata, key_ctx, key_size);

2
src/hsm/sc_hsm.h
View file

@ -27,7 +27,7 @@
#endif
#include "file.h"
#include "apdu.h"
#include "hsm.h"
#include "pico_keys.h"
extern const uint8_t sc_hsm_aid[];