diff --git a/pico-hsm-sdk b/pico-hsm-sdk index ec9eb7c..b12e66a 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit ec9eb7c436885b7d9455eece3181ec6c047a313d +Subproject commit b12e66a057b73f15634f5bccf6142d8a4c9490bf diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index 599f2d6..55066ce 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -175,7 +175,7 @@ int cmd_cipher_sym() { return SW_SECURE_MESSAGE_EXEC_ERROR(); } int key_size = file_get_size(ef); - uint8_t kdata[32]; //maximum AES key size + uint8_t kdata[64]; //maximum AES key size memcpy(kdata, file_get_data(ef), key_size); if (mkek_decrypt(kdata, key_size) != 0) { return SW_EXEC_ERROR(); diff --git a/src/hsm/cmd_key_gen.c b/src/hsm/cmd_key_gen.c index aa7c4a0..78846be 100644 --- a/src/hsm/cmd_key_gen.c +++ b/src/hsm/cmd_key_gen.c @@ -27,7 +27,10 @@ int cmd_key_gen() { if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (p2 == 0xB2) { + if (p2 == 0xB3) { + key_size = 64; + } + else if (p2 == 0xB2) { key_size = 32; } else if (p2 == 0xB1) { @@ -37,7 +40,7 @@ int cmd_key_gen() { key_size = 16; } //at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC) - uint8_t aes_key[32]; //maximum AES key size + uint8_t aes_key[64]; //maximum AES key size memcpy(aes_key, random_bytes_get(key_size), key_size); int aes_type = 0x0; if (key_size == 16) { @@ -49,6 +52,9 @@ int cmd_key_gen() { else if (key_size == 32) { aes_type = HSM_KEY_AES_256; } + else if (key_size == 64) { + aes_type = HSM_KEY_AES_512; + } r = store_keys(aes_key, aes_type, key_id); if (r != CCID_OK) { return SW_MEMORY_FAILURE(); diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index e67e36d..6d3983b 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -34,7 +34,7 @@ int cmd_key_unwrap() { if (key_type == 0x0) { return SW_DATA_INVALID(); } - if (key_type == HSM_KEY_RSA) { + if (key_type & HSM_KEY_RSA) { mbedtls_rsa_context ctx; mbedtls_rsa_init(&ctx); do { @@ -54,7 +54,7 @@ int cmd_key_unwrap() { return SW_EXEC_ERROR(); } } - else if (key_type == HSM_KEY_EC) { + else if (key_type & HSM_KEY_EC) { mbedtls_ecdsa_context ctx; mbedtls_ecdsa_init(&ctx); do { @@ -74,7 +74,7 @@ int cmd_key_unwrap() { return SW_EXEC_ERROR(); } } - else if (key_type == HSM_KEY_AES) { + else if (key_type & HSM_KEY_AES) { uint8_t aes_key[32]; int key_size = 0, aes_type = 0; do { @@ -89,7 +89,10 @@ int cmd_key_unwrap() { if (r != CCID_OK) { return SW_EXEC_ERROR(); } - if (key_size == 32) { + if (key_size == 64) { + aes_type = HSM_KEY_AES_512; + } + else if (key_size == 32) { aes_type = HSM_KEY_AES_256; } else if (key_size == 24) { diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index 43faec8..d9cbf8f 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -85,7 +85,7 @@ int cmd_key_wrap() { mbedtls_ecdsa_free(&ctx); } else if (*dprkd == P15_KEYTYPE_AES) { - uint8_t kdata[32]; //maximum AES key size + uint8_t kdata[64]; //maximum AES key size if (wait_button_pressed() == true) { //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); } @@ -95,7 +95,10 @@ int cmd_key_wrap() { if (mkek_decrypt(kdata, key_size) != 0) { return SW_EXEC_ERROR(); } - if (key_size == 32) { + if (key_size == 64) { + aes_type = HSM_KEY_AES_512; + } + else if (key_size == 32) { aes_type = HSM_KEY_AES_256; } else if (key_size == 24) { diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index 77621b5..75ba816 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -170,10 +170,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa, const uint8_t *ext, size_t ext_len) { size_t pubkey_size = 0; - if (key_type == HSM_KEY_RSA) { + if (key_type & HSM_KEY_RSA) { pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0); } - else if (key_type == HSM_KEY_EC) { + else if (key_type & HSM_KEY_EC) { pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0); } size_t cpi_size = 4; @@ -213,10 +213,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa, //car *p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar; //pubkey - if (key_type == HSM_KEY_RSA) { + if (key_type & HSM_KEY_RSA) { p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size); } - else if (key_type == HSM_KEY_EC) { + else if (key_type & HSM_KEY_EC) { p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size); } //chr @@ -237,10 +237,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa, const uint8_t *ext, size_t ext_len) { size_t key_size = 0; - if (key_type == HSM_KEY_RSA) { + if (key_type & HSM_KEY_RSA) { key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N); } - else if (key_type == HSM_KEY_EC) { + else if (key_type & HSM_KEY_EC) { key_size = 2 * (int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa) ->grp.id)-> @@ -264,14 +264,14 @@ size_t asn1_cvc_cert(void *rsa_ecdsa, hash256(body, body_size, hsh); memcpy(p, "\x5F\x37", 2); p += 2; p += format_tlv_len(key_size, p); - if (key_type == HSM_KEY_RSA) { + if (key_type & HSM_KEY_RSA) { if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32, hsh, p) != 0) { memset(p, 0, key_size); } p += key_size; } - else if (key_type == HSM_KEY_EC) { + else if (key_type & HSM_KEY_EC) { mbedtls_mpi r, s; int ret = 0; mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa; diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 2c0ef85..67e44dc 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -326,11 +326,14 @@ int dkek_encode_key(uint8_t id, else if (key_type & HSM_KEY_AES_256) { kb_len = 32; } + else if (key_type & HSM_KEY_AES_512) { + kb_len = 64; + } - if (kb_len != 16 && kb_len != 24 && kb_len != 32) { + if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) { return CCID_WRONG_DATA; } - if (*out_len < 8 + 1 + 10 + 6 + 4 + (2 + 32 + 14) + 16) { + if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding return CCID_WRONG_LENGTH; } @@ -385,7 +388,7 @@ int dkek_encode_key(uint8_t id, size_t olen = 0; mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); put_uint16_t(olen, kb + 8 + kb_len); - kb_len += 2+olen; + kb_len += 2 + olen; put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d)); @@ -393,7 +396,7 @@ int dkek_encode_key(uint8_t id, mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); put_uint16_t(olen, kb + 8 + kb_len); - kb_len += 2+olen; + kb_len += 2 + olen; algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03"; algo_len = 12; diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 071548d..0163282 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -491,13 +491,13 @@ uint32_t decrement_key_counter(file_t *fkey) { int store_keys(void *key_ctx, int type, uint8_t key_id) { int r, key_size = 0; uint8_t kdata[4096 / 8]; // worst case - if (type == HSM_KEY_RSA) { + if (type & HSM_KEY_RSA) { mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q); mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2); mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2); } - else if (type == HSM_KEY_EC) { + else if (type & HSM_KEY_EC) { mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; key_size = mbedtls_mpi_size(&ecdsa->d); kdata[0] = ecdsa->grp.id & 0xff; @@ -514,6 +514,9 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { else if (type == HSM_KEY_AES_256) { key_size = 32; } + else if (type == HSM_KEY_AES_512) { + key_size = 64; + } memcpy(kdata, key_ctx, key_size); } else {