mirror of
https://github.com/polhenarejos/pico-hsm.git
synced 2026-02-07 11:08:24 +00:00
dba614ed36
and add the Enterprise / Commercial licensing option.
Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
* Community Edition: AGPLv3 (strong copyleft, including network use).
* Enterprise / Commercial Edition: proprietary license for production /
multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
ENTERPRISE.md and clarifying how companies can obtain a commercial license.
Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
alternative proprietary license that allows internal, large-scale, or OEM
use (bulk provisioning, policy enforcement, inventory / revocation,
custom attestation, signed builds) without AGPL disclosure obligations.
This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
67 lines
2.2 KiB
C
67 lines
2.2 KiB
C
/*
|
|
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
|
* Copyright (c) 2022 Pol Henarejos.
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, version 3.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "crypto_utils.h"
|
|
#include "sc_hsm.h"
|
|
#include "cvc.h"
|
|
#include "files.h"
|
|
|
|
extern file_t *ef_puk_aut;
|
|
extern uint8_t challenge[256];
|
|
extern uint8_t challenge_len;
|
|
|
|
int cmd_external_authenticate() {
|
|
if (P1(apdu) != 0x0 || P2(apdu) != 0x0) {
|
|
return SW_INCORRECT_P1P2();
|
|
}
|
|
if (ef_puk_aut == NULL) {
|
|
return SW_REFERENCE_NOT_FOUND();
|
|
}
|
|
if (apdu.nc == 0) {
|
|
return SW_WRONG_LENGTH();
|
|
}
|
|
file_t *ef_puk = search_file(EF_PUKAUT);
|
|
if (!file_has_data(ef_puk)) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
puk_status[ef_puk_aut->fid & (MAX_PUK - 1)] = 0;
|
|
uint8_t *puk_data = file_get_data(ef_puk);
|
|
uint8_t *input = (uint8_t *) calloc(dev_name_len + challenge_len, sizeof(uint8_t)), hash[32];
|
|
memcpy(input, dev_name, dev_name_len);
|
|
memcpy(input + dev_name_len, challenge, challenge_len);
|
|
hash256(input, dev_name_len + challenge_len, hash);
|
|
int r =
|
|
puk_verify(apdu.data,
|
|
(uint16_t)apdu.nc,
|
|
hash,
|
|
32,
|
|
file_get_data(ef_puk_aut),
|
|
file_get_size(ef_puk_aut));
|
|
free(input);
|
|
if (r != 0) {
|
|
return SW_CONDITIONS_NOT_SATISFIED();
|
|
}
|
|
puk_status[ef_puk_aut->fid & (MAX_PUK - 1)] = 1;
|
|
uint8_t auts = 0;
|
|
for (int i = 0; i < puk_data[0]; i++) {
|
|
auts += puk_status[i];
|
|
}
|
|
if (auts >= puk_data[2]) {
|
|
isUserAuthenticated = true;
|
|
}
|
|
return SW_OK();
|
|
}
|