mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-29 14:49:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
285 commits 2 branches 32 tags 2.9 MiB
Commit graph

285 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pol Henarejos
239e01c3f8
Update extra_command.md 
Using new extra INS, from 0x88 to 0x54
 2022-04-07 18:34:14 +02:00
Pol Henarejos
4a57698173
Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:32:31 +02:00
Pol Henarejos
468051288c
Upgrading to version 1.12. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
565ea12d88
Added dynamic option to enable/disable press to confirm. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
1c7ef50568
Added custom INS (named EXTRAS) to support different extra commands. At this moment: 
- 0xA: gets/sets the datetime.
- 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
878eae9787
Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
24b1d6807b
Added support for reading binary data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
6bc081a1e1
Added support to write arbitrary data EF. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
afb16fff65
Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
cf81a82645
Added a new custom APDU (88h) for setting and retrieving datetime. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
dc820a60ae
Fixed class with USB-ICC specs, for legacy reasons. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
c57cc139f6
Update README.md 2022-04-07 00:10:09 +02:00
Pol Henarejos
79426f35cd
Update extra_command.md 
Added dynamic options and press-to-confirm enabling/disabling.
 2022-04-07 00:06:44 +02:00
Pol Henarejos
502a7ba81c
Create store_data.md 2022-04-06 23:56:29 +02:00
Pol Henarejos
deef209687
Update README.md 
Added press-to-confirm description.
Added links to storage binary data.
Added links to extra command to enable/disable button.
Added links to setting/getting datetime.
 2022-04-06 19:52:10 +02:00
Pol Henarejos
bb09f212d2
Create extra_command.md 
Add get/set datetime explanation.
 2022-04-06 19:51:05 +02:00
Pol Henarejos
cfd86df45e
Update README.md 
Added led blink meaning.
 2022-04-06 17:25:07 +02:00
Pol Henarejos
d16c9b2324
Update README.md 
Adding operation time for RSA (signature and decrypt). It is relevant for RSA 3K and 4K.
 2022-04-04 22:27:33 +02:00
Pol Henarejos
f1630023c7
Update README.md 
Added keygen time for 3k and 4k.
 2022-04-04 21:56:40 +02:00
Pol Henarejos
d41a488eda
Adding support for Transport PIN. 
Adding support for initialize options.
 2022-04-04 10:07:23 +02:00
Pol Henarejos
375a18ebac
Update README.md 
Fix RSA 4096 doc link.
 2022-04-04 10:04:47 +02:00
Pol Henarejos
20216ac4ba
Update README.md 2022-04-04 10:01:16 +02:00
Pol Henarejos
d27d8b0c5b
Upgrading to version 1.10 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-04 09:57:19 +02:00
Pol Henarejos
a619527482
Adding P1=0x2 and P1=0x3 for reset retry counter. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:59:50 +02:00
Pol Henarejos
85ff92c4de
Adding check for device options whether it can reset retry counter with PIN or without. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:40:16 +02:00
Pol Henarejos
b1121718db
Adding capability to reset retry counter without new PIN 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:37:16 +02:00
Pol Henarejos
2905dcc8c0
Adding custom command to set datetime. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 19:57:56 +02:00
Pol Henarejos
c9855f7214
Fix displaying device options. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:43:33 +02:00
Pol Henarejos
853b8f29a2
Fix returning kcv when pin is not provided. It always return 0x0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:56 +02:00
Pol Henarejos
d5378ffa41
If has_session_pin is true, it returns sw_ok 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:22 +02:00
Pol Henarejos
4400eba974
Fix returning kcv 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:02 +02:00
Pol Henarejos
0cc656c6c0
Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:12:56 +02:00
Pol Henarejos
c9b32ab5d0
Fix return pin blocked sw code. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:59:54 +02:00
Pol Henarejos
f9ffd39661
Adding EF_DEVOPS to store the device options during the initialization. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:56:42 +02:00
Pol Henarejos
bfc12d6856
Renaming files 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:27:00 +02:00
Pol Henarejos
11874b52de
Merge branch 'master' into eac 2022-03-31 14:46:28 +02:00
Pol Henarejos
b4e928588e
Updating tools to 1.8 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 14:32:57 +02:00
Pol Henarejos
33a2222cd8
Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." 
This reverts commit 86e38419ac.
 2022-03-31 14:30:50 +02:00
Pol Henarejos
923e05a36c
Revert "Also for SOPIN." 
This reverts commit ad66170379.
 2022-03-31 14:30:50 +02:00
Pol Henarejos
b5cc4d6fd7
Update README.md 2022-03-31 13:32:18 +02:00
Pol Henarejos
25291f978f
Create rsa_4096.md 2022-03-31 13:23:02 +02:00
Pol Henarejos
ad66170379
Also for SOPIN. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 13:18:56 +02:00
Pol Henarejos
86e38419ac
PIN remaining tries only returned when user is not logged in. If so, it returns always OK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 13:17:16 +02:00
Pol Henarejos
1a5e6a7edc
Merge branch 'eac'. Support for PKCS#12 imports with SCS3. 2022-03-31 11:37:50 +02:00
Pol Henarejos
7cf166d615
Upgrading to version 1.8 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 11:18:52 +02:00
Pol Henarejos
413c3e0208
Fix update ef when offset is required. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 01:08:39 +02:00
Pol Henarejos
7410498df1
Fix with RSA CRT import mode (keytype 6). 
In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 00:24:50 +02:00
Pol Henarejos
7aee18110e
Fix kmac and kenc computation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 23:59:06 +02:00
Pol Henarejos
7aca7b323a
Fix loading kcv, kenc and kmac. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 23:21:23 +02:00
Pol Henarejos
4651a0e224
Adding AES wrapping/unwrapping 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 01:33:54 +02:00