mirrors/pico-hsm

mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-02-07 19:18:23 +00:00

Author	SHA1	Message	Date
Pol Henarejos	0cb2e8ec2e	Added PBES2 key derivation with encryption and decryption support. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-14 13:07:49 +01:00
Pol Henarejos	0e96753ccb	Added support for PBKDF2. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-14 12:01:27 +01:00
Pol Henarejos	2b2df22d75	Added support for configurable HKDF. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-14 10:14:54 +01:00
Pol Henarejos	8fe2677a56	Fix cofactor return with cvc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-11 17:08:36 +01:00
Pol Henarejos	d09a7cf9c8	If self-signature fails, puts all-0. When generating a keypair and returns a self-signed CVREQ, the signature might fail for Curve25519 and Curve448. Instead of returning null, it puts zeros in order to return what is expected to return. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-11 17:04:17 +01:00
Pol Henarejos	6bf72e5a59	Added support for HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-08 17:26:32 +01:00
Pol Henarejos	a7682d2639	Adding Extended Cipher feature. With this new subcommand, Pico HSM will support newer cipher algorithms. ChaCha20-Poly1305 is the first. It will be based on a custom P2 subcommand to support an arbitrary structure with multiple parameters (AAD, IV, etc.) pico-hsm-tool.py shall be used. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-11-07 21:37:11 +01:00
Pol Henarejos	00279da8d5	Adding Secure Lock to lock the device with a random 256 bit key. This is an extra layer of security to avoid brute force attacks if PIN is too weak. At every hard reset (on device plug), the device must be unlocked prior any other command. Once unlocked, the device can be used as usual. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-31 15:09:54 +01:00
Pol Henarejos	eda8b53949	Memory cleanup on ECDH. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-31 12:54:44 +01:00
Pol Henarejos	cfc0cc8f6e	Some optimizations. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-31 00:38:30 +01:00
Pol Henarejos	ab61b2a2d5	Fix returning public key of koblitz curve secp_k1. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-31 00:38:21 +01:00
Pol Henarejos	f79a6ed30a	Do not override Ne. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-30 23:42:12 +01:00
Pol Henarejos	4313722b06	Fix memory free on keygen ecc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-30 23:15:22 +01:00
Pol Henarejos	eec4612a6f	Fix when secure message cannot be correctly processed. It is discarded. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-30 21:11:06 +01:00
Pol Henarejos	b2ac893efc	Fix general authentication with AES. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-30 21:09:41 +01:00
Pol Henarejos	a089cc279b	Adding support for changing SO-PIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-10 00:37:56 +02:00
Pol Henarejos	84f646dbad	Fix storing SO-PIN session when checking PIN with SO-PIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-10 00:37:33 +02:00
Pol Henarejos	b9ec473aaa	Fix critical bug saving SO-PIN securely. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-10 00:27:46 +02:00
Pol Henarejos	b7eb0dff02	Upgrade to Version 3.0. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-09 22:27:11 +02:00
Pol Henarejos	f593060007	Moving delete_file() outside. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-09 22:07:21 +02:00
Pol Henarejos	62c72c48a5	Moving to new pico-hsm-sdk.	2022-08-30 17:55:42 +02:00
Pol Henarejos	e8cc6a169e	Try to recover MKEK twice: with previous PIN/SO-PIN or after setting the new PIN/SO-PIN just in case some is the same as previous. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	7d7b6b88ba	Trying to recover MKEK to preserver device private key. If not, all are generated again. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	b3bcad9ce6	Making MKEK persistent. It must be persistent as it encrypts device private key and therefore it must survive across reinitializations. However, if no PIN is provided to unlock it, it will be lost, as with device private key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	38b9c06138	Reformat oids. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 14:52:44 +02:00
Pol Henarejos	2bc40771ca	Fix generating CVC REQ. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 00:50:06 +02:00
Pol Henarejos	c5f980fc98	Fix curve for ECDH key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-22 01:13:08 +02:00
Pol Henarejos	aebb68724a	Removing trailing spaces. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 01:44:27 +02:00
Pol Henarejos	1f2ccd8c1c	Not used. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 01:40:13 +02:00
Pol Henarejos	c9c60575c7	Removed 3DES as it is unsecure. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:55:21 +02:00
Pol Henarejos	82f61ff1d4	When initialized, the device key (EF_KEY_DEV) is only generated if not found. To generate a new device key, it must be wiped. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 20:08:54 +02:00
Pol Henarejos	64052f4f70	Marked EF_DEV files as persistent to remain permanent. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 20:08:11 +02:00
Pol Henarejos	cb492728ec	Device key now uses SECP256R1 curve. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	fec02ca733	Removing cvcerts.h dependency. A python script gets the public key of the device (EF_EE_DEV) and requests to our PKI for a CVC. Once got, it is updated to EF_TERMCA (0x2f02). termca_pk is now on EF_KEY_DEV and termca is on EF_TERMCA (concat with DICA). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	4e01a78286	Fix OID names. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	538b39386b	List keys returns the DEV key if exists. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	977aced343	Fix OID names. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	83b5753bb5	Fix saving DEV key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	c3568e1211	Create the terminal private key with id = 0. This is the terminal private key, which will be signed by our PKI. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:20:54 +02:00
Pol Henarejos	6a16d4d55c	Fix returning store_keys(); Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:17:06 +02:00
Pol Henarejos	ab2e71cc40	By default, all CVC are self-generated (chr=car). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:16:53 +02:00
Pol Henarejos	f79fe9f7d0	Fix when no DKEK is present. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:16:33 +02:00
Pol Henarejos	6956587106	Add newline at the end of file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 23:31:09 +02:00
Pol Henarejos	349df56b09	Missing header. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 15:00:05 +02:00
Pol Henarejos	e6f082d512	Splitting cmd_xxx() functions in separate files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 14:59:27 +02:00
Pol Henarejos	87feed1222	Renaming KEK files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 13:47:43 +02:00
Pol Henarejos	55c8a66613	Fix wrap/unwrap keys with specific allowed algorithms. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 02:58:36 +02:00
Pol Henarejos	2e88422c86	Fix deleting KEK when a key is present in the key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:50:22 +02:00
Pol Henarejos	da841b82d4	Fix deleting KEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:48:05 +02:00
Pol Henarejos	9256a72c3e	Added XKEK derivation to save the KEK from XKEK key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:43:55 +02:00

1 2 3 4 5 ...

278 commits