mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-30 15:19:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
339 commits 2 branches 32 tags 2.9 MiB
Commit graph

339 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pol Henarejos
fffe2fb451
Now press-to-confirm button has a timeout of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:28 +02:00
Pol Henarejos
373a3ce491
Fix patch_vid version, which now uses ccid version. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:04 +02:00
Pol Henarejos
0a798b9f9a
Upgrading pico-ccid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:10:35 +02:00
Pol Henarejos
5f0b15b5e9
Fix returning wrong pin retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-22 19:21:41 +02:00
Pol Henarejos
9a93c8afe0
Adding new features of 2.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:41:44 +02:00
Pol Henarejos
fe990100d9
I am not sure why is being modified. 2022-04-19 19:41:09 +02:00
Pol Henarejos
df15a27ceb
Removing mbedtls submodule 2022-04-19 19:38:42 +02:00
Pol Henarejos
5f4aafed37
Introducing version 2.0 with the following enhancements: 
- Added Secure Messaging.
- Added Session PIN.
- Added tool to burn CVCerts onto the firmware, like a PKI.
 2022-04-19 19:26:34 +02:00
Pol Henarejos
86298f3421
Upgrading to version 2.0. 2022-04-19 19:24:10 +02:00
Pol Henarejos
77971ac7e6
Using MBEDTLS from pico ccid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:19:16 +02:00
Pol Henarejos
302f287967
Moving EAC and crypto to core. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:16:29 +02:00
Pol Henarejos
b9c08d72c4
Update .gitmodules 
Updating module for pico-ccid
 2022-04-19 18:42:48 +02:00
Pol Henarejos
522860f736
Splitting the core onto another repo, which can be reused by other smart applications. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 18:39:52 +02:00
Pol Henarejos
b09fc75913
CVCert is burn only if it does not exist. This check is only executed for first configuration. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 18:31:39 +02:00
Pol Henarejos
1b010c8a68
Specifying POST method 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 17:11:51 +02:00
Pol Henarejos
e2f424d4ab
No more in the repo 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:06:50 +02:00
Pol Henarejos
b9fb224d62
Adding a tool to burn device CVC. It generates a new keypair and sends the public key to Pico HSM CA, which signs the request. The certificate, CA and private key are burned onto the firmware. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:03:03 +02:00
Pol Henarejos
69e869852e
Rewritten keypair_gen response (more friendly). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 19:03:33 +02:00
Pol Henarejos
618966b742
Sanity check for keypair gen. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 18:49:13 +02:00
Pol Henarejos
b68920ff45
Added walker function for TLV parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 16:55:34 +02:00
Pol Henarejos
9dfe0ee7b3
Clear session pin on unload and new session. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:25:44 +02:00
Pol Henarejos
da6c578973
Fix tag_len computation for all TLV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:14:06 +02:00
Pol Henarejos
49d9ec7cf9
Session pin is randomized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:12:14 +02:00
Pol Henarejos
af07f1d549
Added INS for session pin generation (needs randomization). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 19:47:43 +02:00
Pol Henarejos
db5f5fd435
When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:11:42 +02:00
Pol Henarejos
7232625bab
Merge branch 'master' into eac 2022-04-11 15:09:33 +02:00
Pol Henarejos
1557a4a039
Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:09:20 +02:00
Pol Henarejos
b61575bbc3
Adding some mutex to improve concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:08:10 +02:00
Pol Henarejos
3781777138
Adding some kind of permanent flash memory that does not wipe out when initializing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 11:37:41 +02:00
Pol Henarejos
2f1f8e0c90
Fix parsing TLV in signatures. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:44:18 +02:00
Pol Henarejos
c4c2bf86ba
Fix response APDU in secure channel. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:38:15 +02:00
Pol Henarejos
f26668b81d
Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:16:20 +02:00
Pol Henarejos
964af6a064
Adding wrap() to encrypt and sign response APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:58:54 +02:00
Pol Henarejos
c3a93a46ba
Adding unwrap(), to decrypt and verify secure APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:23:36 +02:00
Pol Henarejos
57d593561a
Moving all SM stuff to EAC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 19:00:52 +02:00
Pol Henarejos
c098d80524
Adding private key of termca. It is the worst thing I can do, but first I need to develop the secure channel, which uses the private key of device. Later, I will figure out how to generate the private key and certificate during initialization, but it will be difficult, as it needs to be signed by the CA. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 01:55:57 +02:00
Pol Henarejos
6c892af9f1
Adding authentication command. Not finished. Needs lot of work. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 23:44:45 +02:00
Pol Henarejos
b545a1618b
Added Manage Security Environment command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:50:00 +02:00
Pol Henarejos
dec3d54ddd
Adding more SW codes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:29:13 +02:00
Pol Henarejos
ce4d0bf102
INS 54h is also occupied too... let's try with 64h. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:38:03 +02:00
Pol Henarejos
4e6bada892
Fix first AID load. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:29:15 +02:00
Pol Henarejos
98ad2e3d55
Fix returning card data when selected AID. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 23:32:56 +02:00
Pol Henarejos
e686b42934
Merge branch 'master' into eac 2022-04-07 18:34:40 +02:00
Pol Henarejos
239e01c3f8
Update extra_command.md 
Using new extra INS, from 0x88 to 0x54
 2022-04-07 18:34:14 +02:00
Pol Henarejos
0d839c3136
Merge branch 'master' into eac 2022-04-07 18:32:49 +02:00
Pol Henarejos
4a57698173
Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:32:31 +02:00
Pol Henarejos
cc3bfad00a
Merge branch 'master' into eac 2022-04-07 18:18:50 +02:00
Pol Henarejos
468051288c
Upgrading to version 1.12. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
565ea12d88
Added dynamic option to enable/disable press to confirm. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
1c7ef50568
Added custom INS (named EXTRAS) to support different extra commands. At this moment: 
- 0xA: gets/sets the datetime.
- 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00