mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Now press-to-confirm button has a timeout of 15 secs.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-05-05 20:56:28 +02:00
parent 373a3ce491
commit fffe2fb451
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
1 changed files with 24 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
src/hsm/sc_hsm.c
View file

@ -190,16 +190,17 @@ uint16_t get_device_options() {
extern uint32_t board_button_read(void);
static void wait_button() {
static bool wait_button() {
uint16_t opts = get_device_options();
uint32_t val = EV_PRESS_BUTTON;
if (opts & HSM_OPT_BOOTSEL_BUTTON) {
uint32_t val = EV_PRESS_BUTTON;
queue_try_add(ccid_comm, &val);
do {
queue_remove_blocking(card_comm, &val);
}
while (val != EV_BUTTON_PRESSED);
while (val != EV_BUTTON_PRESSED && val != EV_BUTTON_TIMEOUT);
}
return val == EV_BUTTON_TIMEOUT;
}
static int cmd_select() {
@ -1291,42 +1292,46 @@ static int cmd_key_gen() {
}
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
wait_button();
if (wait_button() == true) //timeout
return CCID_VERIFICATION_FAILED;
int key_size = file_read_uint16(fkey->data);
uint8_t kdata[4096/8];
memcpy(kdata, file_read(fkey->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
return CCID_EXEC_ERROR;
}
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size/2) != 0) {
mbedtls_rsa_free(ctx);
return SW_DATA_INVALID();
return CCID_WRONG_DATA;
}
if (mbedtls_mpi_read_binary(&ctx->Q, kdata+key_size/2, key_size/2) != 0) {
mbedtls_rsa_free(ctx);
return SW_DATA_INVALID();
return CCID_WRONG_DATA;
}
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
mbedtls_rsa_free(ctx);
return SW_EXEC_ERROR();
return CCID_EXEC_ERROR;
}
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
mbedtls_rsa_free(ctx);
return SW_DATA_INVALID();
return CCID_WRONG_DATA;
}
if (mbedtls_rsa_complete(ctx) != 0) {
mbedtls_rsa_free(ctx);
return SW_DATA_INVALID();
return CCID_WRONG_DATA;
}
if (mbedtls_rsa_check_privkey(ctx) != 0) {
mbedtls_rsa_free(ctx);
return SW_DATA_INVALID();
return CCID_WRONG_DATA;
}
return CCID_OK;
}
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
wait_button();
if (wait_button() == true) //timeout
return CCID_VERIFICATION_FAILED;
int key_size = file_read_uint16(fkey->data);
uint8_t kdata[67]; //Worst case, 521 bit + 1byte
memcpy(kdata, file_read(fkey->data+2), key_size);
@ -1519,7 +1524,9 @@ static int cmd_key_wrap() {
}
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[32]; //maximum AES key size
wait_button();
if (wait_button() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_read_uint16(ef->data), aes_type = HSM_KEY_AES;
memcpy(kdata, file_read(ef->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
@ -1629,7 +1636,8 @@ static int cmd_decrypt_asym() {
}
else if (P2(apdu) == ALGO_EC_DH) {
mbedtls_ecdh_context ctx;
wait_button();
if (wait_button() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_read_uint16(ef->data);
uint8_t *kdata = (uint8_t *)calloc(1,key_size);
memcpy(kdata, file_read(ef->data+2), key_size);
@ -1684,7 +1692,8 @@ static int cmd_cipher_sym() {
if ((apdu.cmd_apdu_data_len % 16) != 0) {
return SW_WRONG_LENGTH();
}
wait_button();
if (wait_button() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
int key_size = file_read_uint16(ef->data);
uint8_t kdata[32]; //maximum AES key size
memcpy(kdata, file_read(ef->data+2), key_size);