mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 17:28:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
371 commits 2 branches 31 tags 2.8 MiB
Commit graph

147 commits

Author SHA1 Message Date
Pol Henarejos
541d5b3c19
Fix CVC signature length. 
Since it is variable, it needs to be recomputed every time.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 20:38:30 +02:00
Pol Henarejos
d0098015fe
Removing OpenSC dependency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 19:26:00 +02:00
Pol Henarejos
3660a35c2c
Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
9132dd16f0
Fix decoding asn1 integer. 
It caused overflow.
 2022-05-31 01:14:09 +02:00
Pol Henarejos
652551269e
Using own asn1 int decoder. 2022-05-31 00:40:29 +02:00
Pol Henarejos
81730f37a9
Removing sc_pkcs1_strip_digest(). 
It is hard coded here (taken from OpenSC).
 2022-05-31 00:25:54 +02:00
Pol Henarejos
4b86e96660
Removing card_context from store_keys(). 
It does not generate PRKD, as it will be stored by the client.
 2022-05-31 00:14:30 +02:00
Pol Henarejos
271240f11c
Fix initializing device. 2022-05-31 00:09:21 +02:00
Pol Henarejos
00e8596a0e
Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
39ab429c88
Adding key domain to key generation, wrap, unwrap, export and import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:51 +02:00
Pol Henarejos
4fa8d4ba64
Fix warnings 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 20:58:45 +02:00
Pol Henarejos
1ac4402f99
res_APDU SHALL NOT BE moved, only memcpied or memmoved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:58:35 +02:00
Pol Henarejos
8554262aaf
Migrating away from tinyUSB. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:36:33 +02:00
Pol Henarejos
d2766b2225 Using printf instead of TU 2022-05-26 14:16:32 +02:00
Pol Henarejos
f124ee52ce
Do not add FMD in FCI. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:31:46 +02:00
Pol Henarejos
2167d28514
Add meta files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 22:57:59 +02:00
Pol Henarejos
80792dc555
Private/secret keys can be selected. 
It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 13:06:00 +02:00
Pol Henarejos
080337f847
Added key domain setup 
It accepts different dkek shares for each key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 11:08:29 +02:00
Pol Henarejos
5e20c830fd
Return key domain not found only when they are prepared. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:48:22 +02:00
Pol Henarejos
b754fdb449
Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613
Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00
Pol Henarejos
c80b723112
Using dynamic dkek number and current shares, for each key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:18:35 +02:00
Pol Henarejos
a062b92dad
Replacing low level data access to high level routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:30:42 +02:00
Pol Henarejos
89d40b7c94
Extending DKEK and key storage to key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:29:19 +02:00
Pol Henarejos
7b5cb48dcc
Added key domains for device initialization and dkek import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 20:06:06 +02:00
Pol Henarejos
7de0121db5
Introducing MANAGE KEY DOMAIN (INS 52) 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:26:36 +02:00
Pol Henarejos
cb338af8fb
Return SW 6600 when button timeouts. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:30:07 +02:00
Pol Henarejos
fffe2fb451
Now press-to-confirm button has a timeout of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:28 +02:00
Pol Henarejos
5f0b15b5e9
Fix returning wrong pin retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-22 19:21:41 +02:00
Pol Henarejos
86298f3421
Upgrading to version 2.0. 2022-04-19 19:24:10 +02:00
Pol Henarejos
302f287967
Moving EAC and crypto to core. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:16:29 +02:00
Pol Henarejos
522860f736
Splitting the core onto another repo, which can be reused by other smart applications. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 18:39:52 +02:00
Pol Henarejos
e2f424d4ab
No more in the repo 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:06:50 +02:00
Pol Henarejos
69e869852e
Rewritten keypair_gen response (more friendly). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 19:03:33 +02:00
Pol Henarejos
618966b742
Sanity check for keypair gen. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 18:49:13 +02:00
Pol Henarejos
b68920ff45
Added walker function for TLV parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 16:55:34 +02:00
Pol Henarejos
9dfe0ee7b3
Clear session pin on unload and new session. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:25:44 +02:00
Pol Henarejos
da6c578973
Fix tag_len computation for all TLV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:14:06 +02:00
Pol Henarejos
49d9ec7cf9
Session pin is randomized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:12:14 +02:00
Pol Henarejos
af07f1d549
Added INS for session pin generation (needs randomization). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 19:47:43 +02:00
Pol Henarejos
db5f5fd435
When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:11:42 +02:00
Pol Henarejos
7232625bab
Merge branch 'master' into eac 2022-04-11 15:09:33 +02:00
Pol Henarejos
1557a4a039
Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:09:20 +02:00
Pol Henarejos
b61575bbc3
Adding some mutex to improve concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:08:10 +02:00
Pol Henarejos
3781777138
Adding some kind of permanent flash memory that does not wipe out when initializing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 11:37:41 +02:00
Pol Henarejos
2f1f8e0c90
Fix parsing TLV in signatures. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:44:18 +02:00
Pol Henarejos
c4c2bf86ba
Fix response APDU in secure channel. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:38:15 +02:00
Pol Henarejos
f26668b81d
Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:16:20 +02:00
Pol Henarejos
964af6a064
Adding wrap() to encrypt and sign response APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:58:54 +02:00
Pol Henarejos
c3a93a46ba
Adding unwrap(), to decrypt and verify secure APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:23:36 +02:00