dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added support for AES 512 bit key size.

Browse Source 
AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-19 20:22:40 +01:00
parent 86ce01cac2
commit 1c7bc18161
8 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/hsm/cmd_cipher_sym.c
View File

@@ -175,7 +175,7 @@ int cmd_cipher_sym() {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
int key_size = file_get_size(ef);
uint8_t kdata[32]; //maximum AES key size
uint8_t kdata[64]; //maximum AES key size
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();

10
src/hsm/cmd_key_gen.c
View File

@@ -27,7 +27,10 @@ int cmd_key_gen() {
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (p2 == 0xB2) {
if (p2 == 0xB3) {
key_size = 64;
}
else if (p2 == 0xB2) {
key_size = 32;
}
else if (p2 == 0xB1) {
@@ -37,7 +40,7 @@ int cmd_key_gen() {
key_size = 16;
}
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
uint8_t aes_key[32]; //maximum AES key size
uint8_t aes_key[64]; //maximum AES key size
memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0;
if (key_size == 16) {
@@ -49,6 +52,9 @@ int cmd_key_gen() {
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
}
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
return SW_MEMORY_FAILURE();

11
src/hsm/cmd_key_unwrap.c
View File

@@ -34,7 +34,7 @@ int cmd_key_unwrap() {
if (key_type == 0x0) {
return SW_DATA_INVALID();
}
if (key_type == HSM_KEY_RSA) {
if (key_type & HSM_KEY_RSA) {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
do {
@@ -54,7 +54,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
}
else if (key_type == HSM_KEY_EC) {
else if (key_type & HSM_KEY_EC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
do {
@@ -74,7 +74,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
}
else if (key_type == HSM_KEY_AES) {
else if (key_type & HSM_KEY_AES) {
uint8_t aes_key[32];
int key_size = 0, aes_type = 0;
do {
@@ -89,7 +89,10 @@ int cmd_key_unwrap() {
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
if (key_size == 32) {
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
}
else if (key_size == 24) {

7
src/hsm/cmd_key_wrap.c
View File

@@ -85,7 +85,7 @@ int cmd_key_wrap() {
mbedtls_ecdsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[32]; //maximum AES key size
uint8_t kdata[64]; //maximum AES key size
if (wait_button_pressed() == true) { //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
@@ -95,7 +95,10 @@ int cmd_key_wrap() {
if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 32) {
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
}
else if (key_size == 24) {

16
src/hsm/cvc.c
View File

@@ -170,10 +170,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
const uint8_t *ext,
size_t ext_len) {
size_t pubkey_size = 0;
if (key_type == HSM_KEY_RSA) {
if (key_type & HSM_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
}
else if (key_type == HSM_KEY_EC) {
else if (key_type & HSM_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
}
size_t cpi_size = 4;
@@ -213,10 +213,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
//pubkey
if (key_type == HSM_KEY_RSA) {
if (key_type & HSM_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
}
else if (key_type == HSM_KEY_EC) {
else if (key_type & HSM_KEY_EC) {
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
}
//chr
@@ -237,10 +237,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
const uint8_t *ext,
size_t ext_len) {
size_t key_size = 0;
if (key_type == HSM_KEY_RSA) {
if (key_type & HSM_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
}
else if (key_type == HSM_KEY_EC) {
else if (key_type & HSM_KEY_EC) {
key_size = 2 *
(int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)
->grp.id)->
@@ -264,14 +264,14 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
hash256(body, body_size, hsh);
memcpy(p, "\x5F\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
if (key_type == HSM_KEY_RSA) {
if (key_type & HSM_KEY_RSA) {
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32,
hsh, p) != 0) {
memset(p, 0, key_size);
}
p += key_size;
}
else if (key_type == HSM_KEY_EC) {
else if (key_type & HSM_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;

11
src/hsm/kek.c
View File

@@ -326,11 +326,14 @@ int dkek_encode_key(uint8_t id,
else if (key_type & HSM_KEY_AES_256) {
kb_len = 32;
}
else if (key_type & HSM_KEY_AES_512) {
kb_len = 64;
}
if (kb_len != 16 && kb_len != 24 && kb_len != 32) {
if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
return CCID_WRONG_DATA;
}
if (*out_len < 8 + 1 + 10 + 6 + 4 + (2 + 32 + 14) + 16) {
if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
return CCID_WRONG_LENGTH;
}
@@ -385,7 +388,7 @@ int dkek_encode_key(uint8_t id,
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t(olen, kb + 8 + kb_len);
kb_len += 2+olen;
kb_len += 2 + olen;
put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
@@ -393,7 +396,7 @@ int dkek_encode_key(uint8_t id,
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t(olen, kb + 8 + kb_len);
kb_len += 2+olen;
kb_len += 2 + olen;
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
algo_len = 12;

7
src/hsm/sc_hsm.c
View File

@@ -491,13 +491,13 @@ uint32_t decrement_key_counter(file_t *fkey) {
int store_keys(void *key_ctx, int type, uint8_t key_id) {
int r, key_size = 0;
uint8_t kdata[4096 / 8]; // worst case
if (type == HSM_KEY_RSA) {
if (type & HSM_KEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
}
else if (type == HSM_KEY_EC) {
else if (type & HSM_KEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d);
kdata[0] = ecdsa->grp.id & 0xff;
@@ -514,6 +514,9 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
else if (type == HSM_KEY_AES_256) {
key_size = 32;
}
else if (type == HSM_KEY_AES_512) {
key_size = 64;
}
memcpy(kdata, key_ctx, key_size);
}
else {